Papers, Please – Page 35 – Papers, Please!

Oct 02 2008

Congress Passes Continuing Resolution, Includes $100M for REAL ID

Over the weekend, Congress passed H.R. 2638, a Fiscal Year 2009 Continuing Resolution that includes funding for federal agencies though March. President Bush signed the bill into law earlier this week. H.R. 2638 includes a provision granting $100 million for state implementation of REAL ID. (These funds are in addition to the $79 million in grants DHS gave to states for REAL ID implementation earlier this year.)

H.R. 2638 reads:

SEC. 547. For grants to States pursuant to section 204(a) of the REAL ID Act of 2005 (division B of Public Law 109-13), $50,000,000, to remain available until expended. In addition, for developing an information sharing and verification capability with States to support implementation of the REAL ID Act, $50,000,000, to remain available until expended: Provided, That none of the funds provided in this section for development of the information sharing and verification system shall be available to create any new system of records from the data accessible by such information technology system, or to create any means of access by Federal agencies to such information technology system other than to fulfill responsibilities pursuant to the REAL ID Act of 2005.

“Verification hub” is just the latest euphemism for the national identification system DHS seeks to create by linking the motor vehicle databases of all 56 states and territories. This massive national database could contain data on all 240 million driver’s license and cardholders nationwide, if all the states and territories agree to implement the national ID system. Read More →

Sep 29 2008

New York Begins Issuing RFID-Enabled “Enhanced” Driver’s Licenses

The state of New York has begun issuing (pdf) so-called “enhanced” driver’s licenses (or EDLs). These licenses contain RFID tags and include the individual’s citizenship status on the face of the cards. They are issued under the Department of Homeland Security’s “Western Hemisphere Travel Initiative” and will be used as alternatives to passports for crossing the US border.

According to DHS, the “long-range” RFID tag would include a unique number that Customs and Border Protection would “read” as you drove up to the checkpoint and use that unique number to link to your individual name and file. (Such long-range tags can be read from a distance of 70 feet or more.) There are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Some EDL critics would surprise you: the RFID industry, the Government Accountability Office, and the DHS’s own Data Privacy and Integrity Advisory Committee.

The DHS Data Privacy and Integrity Advisory Committee urged (pdf) that long-range RFID only be used in ID documents if RFID is the “least intrusive means,” because there are significant privacy and security drawbacks.

The Government Accountability Office also has urged (pdf) against the use of RFID to track people, testifying that: Read More →

Sep 23 2008

How to Circumvent the Watch Lists: Change Your Name

The CBC has an interesting story that exemplifies a significant problem with the watch lists: It is very easy to get around the lists.

Mario Labbé, an executive with a Montreal-based record company, says his Canadian passport triggers a red alert on the computers of U.S. customs agents every time he tries to board a flight to the U.S. —
which is about once a month for the past seven years. […]

Although Labbé wrote letters to the U.S. department, his efforts were in vain, prompting him to legally change his name.

“So now, my official name is François Mario Labbé,” he said.

“Then you have to change everything: driver’s license, social insurance, medicare, credit card — everything.”

Although it’s not a big change from Mario Labbé, he said it’s been enough to foil the U.S. customs computers.

In the US, there have been other examples of innocent people trying to work around the terrorist watch lists. For example, eight-year-old James Robinson has had numerous problems because he is continuing mismatch to the watch lists. His family has had to make changes in order to get eight-year-old James on to flights.

According to CNN, “Denise Robinson says she tells the skycaps her son is on the list, tips heavily and is given boarding passes. And booking her son as “J. Pierce Robinson” also has let the family bypass the watch list hassle.

The ease with which someone can circumvent the watch lists illustrates the utter futility of identity-based security programs as a whole. Rather than waste time and money, and needlessly sacrifice liberty in the process of conducting this security theater, TSA should concentrate more on its job of preventing weapons and explosives from getting on planes.

Sep 15 2008

Government Claims Secure Flight Will Save Us From Watchlist Horrors

Once launched, passenger prescreening program Secure Flight will solve the problems of mismatching innocent individuals to the terrorist watchlists, according to government witnesses at a hearing of the House Homeland Security Committee’s Subcommittee on Transportation Security and Infrastructure Protection.

Officials from the Department of Homeland Security said that Secretary Chertoff has approved Secure Flight. DHS is awaiting approval from the Government Accountability Office before it can implement the passenger prescreening program. The GAO’s review will not be completed until December 10, according to the GAO’s Cathleen Berrick. Currently, the GAO is awaiting DHS estimates for costs and timelines of implementation.

“According to TSA officials, the “initial cutover” or assumption of the watch-list matching function from one or more air carriers for domestic flights is scheduled to begin in January 2009. However, as of July 2008, TSA had not developed detailed plans or time frames for assuming watch-list matching from all air carriers for domestic flights,” Berrick said (pdf).

TSA’s Kip Hawley said Secure Flight will cost the government about $1 billion to implement over 10 years, but he did not have an estimate for how much it will cost the airline industry. However, Berrick said that these numbers were not applicable for the latest iteration of Secure Flight.

In a statement (pdf) submitted for the hearing record, The Identity Project urged the Committee “to scrutinize closely the watchlists, their uses, and the processes of and reasons for the addition of names.” The Identity Project detailed the many problems associated with the watchlists. For example, “a nun, Senator Ted Kennedy, and former presidential candidate John Anderson have all been wrongly deemed suspects. Several innocent individuals have filed lawsuits in order try to stop the harassment they received when they attempt to fly commercially, including a licensed commercial pilot.” Read More →

Aug 20 2008

Person on No-Fly List to have her case heard by a District Court

The 9th Circuit ruled yesterday that individuals who finds themselves on a government no-fly or watch list can have their case against the Terrorist Screening Center (TSC), the governmental agency responsible for putting them on the list, heard by a federal District Court. While the Transportation Security Agency (TSA) compels airlines to match their flight manifests against the list in their search for “bad people,” it is the TSC (a joint venture among the FBI, CIA, and departments of State and Homeland Security) that actually compiles the lists. This is the first time any court will hear such a case.

Monday’s ruling involves Rahinah Ibrahim, a Stanford doctoral student in architecture who was stopped at a United Airlines counter in San Francisco in January 2005 when an employee spotted her name on the no-fly list. A phone call was fielded by a private contractor who instructed that she be arrested. She was handcuffed in front of her 14-year-old daughter, held in custody for two hours and then released by orders of the FBI.

Ibrahim’s lawsuit against the TSA, claiming violations of her constitutional rights, is in the D.C. Circuit Court of Appeals due to jurisdictional and venue rules applicable for challenges to TSA orders. Her lawsuit against the TSC for putting her on the list, the government contractor for ordering her arrest, and the SFPD for arresting her, now can go forward in the District Court in San Francisco.

Click here for more information on earlier proceedings in the Ibrahim case.

Aug 14 2008

TSA threatens airlines who tell people they’re on watchlists

Let’s see. You’re hassled mercilessly by airline employees, who won’t let you check luggage, won’t let you print a boarding pass, won’t let you check in, and bring cops and airport security people to confront you when you appear to resolve the situation. But under a new plan by TSA, the airline risks a $25,000 fine if they tell you WHY they are hassling you.

USA Today reports that TSA’s upset when airlines explain the hassle by telling people they’re on a TSA watch list. TSA will not tell people when they are on such a list. TSA won’t tell people when they ARE NOT on such a list. They want the airlines to do the same — keep mum, but keep harassing the public.

TSA and the DoJ counterterrorism center twice barred a Malaysian woman from flying, ordered her arrested, kept her in custody for hours, and eventually allowed her to fly out of the US only long enough for them to permanently cancel her US visa without notice, so she could not return to Stanford to finish her PhD. The victim, Rahinah Ibrahim, sued them. Even in court, TSA refuses to confirm or deny whether she was on the watch list. Idiots!

TSA’s lists are secret, just as in all good government institutions. TSA’s regulations are secret, just as in all good government institutions. Let’s hope TSA doesn’t propose new regulations next month with $25,000 fines against web sites or the press if they tell people that secret watch lists exist and that you’re being hassled at the airport because TSA suspects you of being a terrorist without a shred of evidence.

(Of course, airlines have been known to screw up, and they love to blame government regulations when it’s their own damn fault. But despite the airlines’ eagerness to check IDs so that their customers can’t resell unused tickets, it was the government that imposed the current system of harassment, and put 400,000 to 1,000,000 alleged communists — oops, wrong bogeyman, it’s not the 50’s any more — I meant “terrorists” — on these secret blacklists.)

Aug 14 2008

TSA stops building database of ID-less travelers

USA Today reports that Lack of ID put fliers on TSA list. 16,500 people were in this database since TSA changed the secret rules for travelers in June. After being called by USA Today to comment for the story, TSA head Kip Hawley changed the rule “effective today” and pledged to remove the 16,500 names from its database of “suspicious people”.

We applaud Mr. Hawley for ceasing to keep permanent records on the id-less 1% of the population. It remains for him to stop trying to bar citizens from domestic travel based on blacklists, and to stop demanding that people submit to illegitimate government demands to “identify themselves” before moving from place to place in their own country.

Aug 08 2008

New U.S. “exit permit” scheme for visitors goes into effect

The Identity Project filed comments today with the DHS Bureau of Customs and Border Protection CBP) in opposition to the new Electronic System for Travel Authorization (ESTA) which went into effect this week. According to our comments:

The essence of the ESTA rule is to require certain foreign citizens to obtain an exit permit from the United States government before they may leave their own country, or leave other countries.

In this rulemaking, the Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security (DHS) is promulgating an interim final rule imposing a new requirement that “each nonimmigrant alien intending to travel by air or sea to the United States under the Visa Waiver Program (VWP) must … prior to embarking on a carrier for travel to the United States”, (a) provide specified data elements, in specified form and manner, to the CBP, and (b) “receive a travel authorization, which is a positive determination of eligibility to travel to the United States under the VWP, via the Electronic System for Travel Authorization (ESTA), from CBP.”

Under the interim final rule, “[a]n authorization under ESTA is not a determination that the alien is admissible to the United States” and is “not a determination of visa eligibility.” It would be granted, or not granted, by the CBP, in its sole, standardless, secret, and non-reviewable “discretion.” It would be required as a pre-condition for foreign citizens to “embark” from foreign countries if the CBP believes that they intend to apply (at some later time ) for admission to the U.S. under the VWP.

The Identity Project submits these comments because this CBP regulatory requirement that foreign citizens obtain permission from the U.S. in order to leave their own country, or a third country, (1) exceeds the statutory authority of the CBP; (2) exceeds the jurisdiction of the CBP; (3) is contrary to the obligations of the U.S. under the International Covenant on Civil and Political Rights and other international human rights, maritime, and aviation treaties; (4) has been promulgated without complying with the procedural requirements of Executive Order 13107 regarding Implementation of Human Rights Treaties, the Airline Deregulation Act, the Regulatory Flexibility Act, and the Administrative Procedure Act; (5) fails to consider or grossly underestimates many of the major costs of the rule, including its impact on small entities, business travelers, and other travelers; (6) is impermissibly vague, and (7) would be so impractical and unenforceable as to deprive it of any of the benefits claimed by the CBP.

The Identity Project urges the CBP to withdraw the interim final rule, in its entirety. If it does not withdraw the ESTA rule entirely, the CBP must complete the actions directed by Executive Order 13107, prepare the statutorily required analyses, publish them in a full Notice of Proposed Rulemaking (NPRM) , and provide a new opportunity for public comment, before finalizing any ESTA rule.

In their comments, airlines and travel agencies have objected that the CBP is “wrong” to implement the ESTA on an emergency basis, without the public notice and opportunity for public comment normally required for new Federal regulations. But the CBP began accepting “voluntary” applications for travel authorizations, through a (still buggy) Web interface. The CBP says they plan to issue an order later this year to make the ESTA system mandatory starting sometime in January 2009.

Countries that participate in the VWP, mainly in Western Europe, are still considering whether it amounts to a de facto visa requirement for their citixzens to visit the U.S. This could prompt them to reciprocate by ending visa-free entry to their countries for U.S. visitors, and requiring U.S. visitors to apply for permission before embarking for Europe.

Aug 05 2008

“Trusted Traveler” Identification Program Loses Unencrypted Laptop and TSA’s Trust

A provider of the Transportation Security Administration’s Registered Traveler (RT) program has been suspended from enrolling new applicants after TSA learned “an unencrypted [Verified Identity Pass] laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.”

Verified Identity Pass operated Registered Traveler under the name “Clear.” The program is supposed to improve air travel security by creating “trusted” individuals who could go through security more quickly because their identities would have been confirmed as “clean” through the program. However, experts have explained that this just creates incentive for criminals to figure out a way to get into the “trusted” group – whether by creating fake identities that can withstand the program’s check or by using individuals who have no previously found connection to terrorists or other criminals.

According to a Washington Post report, “The laptop had the names, addresses and driver’s license or passport numbers of mostly online applicants to the Registered Travel program.” However, Clear records can contain more than that, such as: credit card data, biometric data (fingerprints and iris scans), and previous home addresses for the past five years. Read More →

Jul 28 2008

DHS Ignores OMB Government Approval Process on TSA’s Questionnaire Form for Travelers Without ID

Since June 21st, TSA has required all air travelers in the United States to present identification when entering a secure area at airports. Prior to then, a person could simply say they had lost their ID or didn’t want to show it, and they would be subjected to a secondary screening to enter the area. Now you can only get through security if you can convince TSA and their behavioral detection specialists that you lost or forgot your ID and are “cooperative” with their efforts to identify you by means of commercial data. Part of that process involves filling out their Certification of Identity form.

It appears that DHS has ignored the process of procuring an OMB (Office of Management and Budget) number for their new form. The OMB process requires publication of a notice in the Federal Register and the opportunity for public comment whenever the government gathers information from the public. The law clearly states that someone can’t be punished for failing to answer questions on a government form unless the questioning agency has an OMB number associated it. Despite this, TSA’s new Certification of Identity form states that failing to answer the questions may result in your inability to fly. Further, false statements made by travelers when using the form may be punishable by up to five years in prison. DHS is again showing that it doesn’t believe the rule of law applies to them. Read More →