In a Notice of Proposed Rulemaking (NPRM) in the Federal Register on June 9, 2008 (73 Federal Register 32440-32453), the Department of Homeland Security has proposed a new system for foreign citizens intending to visit the U.S without visas, and to enter the U.S. by air or sea, to apply for and receive an additional form of advance permission to travel to the U.S.

Effective August 8, 2008, a person “intending to travel to the United States by air or sea under the VWP [Visa Waiver Program]” will be permitted to apply in advance for an electronic “travel authorization”(ETA) from the DHS Bureau of Customs and Border Protection (CBP). The ETA application will contain “such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I–94W Nonimmigrant Alien Arrival/Departure Form (I–94W).”

Effective as of a date the CBP intends to specify in another Federal Register notice in early November 2008, at least 60 days after the publication of that follow-up notice but no later than January 12, 2009, each person with such intent will be required to (1) provide certain specified personal information, in specified form, to the CBP in an ETA application and (2) “receive a travel authorization [from the CBP] prior to embarking on a carrier for travel to the United States.”

While the proposed regulations would require travellers to apply for and obtain ETA’s, nothing in the NPRM would require the CBP to respond to or act on such applications at all, much less to do so with any specified timeliness. No standards or criteria for approval, denial, or inaction on an ETA application are specified; no particular decision-making entity within CBP is specified; no administrative appeal is provided for; and no court would have jurisdiction to review an ETA decision (although courts could, of course, review the legality of the program as a whole). Read More →

The massive U.S. terror watchlists will soon add their one millionth name and the ACLU will mark the day with an event on July 14th at the National Press Club involving innocent individuals who have been wrongly matched to the terrorist watchlists. The ACLU gets the one millionth number from a Department of Justice Inspector general report that said the watchlists included 700,000 names in April 2007 and the lists were growing by 20,000 names per month.

The Transportation Security Administration recently stated on its blog, “While the exact number of ‘no-flys’ is secret, there are many, many less than 500, 000.” The agency did not point to any documentation, merely asking the public to believe its numbers. The agency also did not estimate the number of individuals on the “selectee” list.

The Terrorist Screening Center maintains two terrorist watchlists, the “no fly” and “selectee” lists. Individuals on the “no fly” lists are deemed too dangerous to fly by the U.S. government. Individuals on the “selectee” lists must endure more invasive security screening before they are allowed to fly by the U.S. government. How individual names are added to the list is unknown. The government claims there is a redress process for individuals who are “mistakenly matched” to the watchlists, but it is cumbersome and opaque.

A number of innocent individuals including a nun, Senator Ted Kennedy, and former presidential candidate John Anderson have all been wrongly deemed suspects. Have you been caught in the watchlist web? Tell us your story. E-mail jph AT papersplease DOT org

The New York Times has obtained a report showing that US and European negotiators are nearing an agreement on international sharing of private data.

The United States and the European Union are nearing completion of an agreement allowing law enforcement and security agencies to obtain private information — like credit card transactions, travel histories and Internet browsing habits — about people on the other side of the Atlantic Ocean. […]

Negotiators, who have been meeting since February 2007, have largely agreed on draft language for 12 major issues central to a “binding international agreement,” the report said. The pact would make clear that it is lawful for European governments and companies to transfer personal information to the United States, and vice versa.

The negotiators remain at odds on some issues, such as “what rights European citizens will have if the United States government violates data privacy rules or takes an adverse action against them — like denying them entry into the country or placing them on a no-fly list — based on incorrect personal information.”

It is unclear what standards both sides believe would adequately protect individuals’ civil liberties, including free speech and the right to travel.

David Sobel, a senior counsel with the Electronic Frontier Foundation, a nonprofit organization dedicated to data-privacy rights, said the administration’s depiction of the process of correcting mishandled data through agency procedures sounds “very rosy,” but the reality is that it is often impossible, even for American citizens, to win such a fight.

The story refers to transfers of data directly from entities in the the EU to the US government, and that’s where most of the attention has focused in recent EU/US disputes.  But in many cases, data is first transferred from the EU to commercial entities in the US (for example, from airline and travel agency offices in the EU to computerized reservation systems in the US) and only later, if at all, accessed by the US government from those US commercial entities.  Those commercial transfers violate EU data protection law, regardless of whether the US government also accesses the data.  It’s unclear form the Times story if the draft agreement would purport to immunize commerical entities engaging in such transfers.

It’s also unclear if the draft “agreement” would take the form of a treaty — ratified by the U.S. Senate, and enforceable in U.S. courts — or whether it would be another nonbinding DHS “undertaking” without legal effect.

The full New York Times story is here.

The Senate Judiciary Subcommittee on Constitution held a hearing on “Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel.” Individuals innocent of any wrongdoing have increasingly been reporting that their laptops, smartphones and other electronic devices have been searched and seized by US Customs and Border Protection. The Washington Post reported in February:

The seizure of electronics at U.S. borders has prompted protests from travelers who say they now weigh the risk of traveling with sensitive or personal information on their laptops, cameras or cellphones. In some cases, companies have altered their policies to require employees to safeguard corporate secrets by clearing laptop hard drives before international travel.

At the Senate hearing, Subcommittee Chairman Sen. Russ Feingold summed up the situation succinctly: “Customs agents must have the ability to conduct even highly intrusive searches when there is reason to suspect criminal or terrorist activity, but suspicion-less searches of Americans’ laptops and similar devices go too far. Congress should not allow this gross violation of privacy.”

Various witnesses, including Susan Gurley, Executive Director of the Association of Corporate Travel Executives; Lee Tien, Senior Staff Attorney at the Electronic Frontier Foundation; and Peter P. Swire, Senior Fellow at the Center for American Progress, detailed the many privacy and civil liberty issues raised by suspicionless searches and seizures of electronic devices and data at the border.

Tien said that EFF agreed “the Fourth Amendment works differently at the border. But, ‘differently’ does not mean ‘not at all.’” EFF and the Asian Law Caucus have filed suit against the Department of Homeland Security (which oversees Customs and Border Protection) for denying access to public records on the questioning and searches of travelers and seizures of their property at U.S. borders. Read More →