Papers, Please – Page 8 – Papers, Please!

Jan 07 2019

Amtrak thinks it’s OK to spy on passengers because it makes the trains run on time

Buried in the final 500-page PDF file of redacted and munged e-mail messages released by Amtrak in December 2018 in response to a FOIA request we made in 2014, we got the first hint at an answer to one of the questions that originally prompted our request:

What did Amtrak think was its legal basis for requiring passengers to show ID and provide other information, and for handing this data over to DHS components and other police agencies for general law enforcement purposes?

When US Customs and Border Protection (CBP) asked Amtrak to start transmitting passenger data electronically, it described this as a request for “voluntary” cooperation, noting that while the law requires airlines to collect and transmit this data to CBP, “these mandates do not currently extend to land modes of transportation” (as they still don’t today).

Despite this statement from CBP, someone at Amtrak came up with a way to describe the changes to Amtrak’s systems and procedures to require ID information in reservations for all international trains, and to transmit this data to CBP, as “required by the U.S. Department of Homeland Security (DHS)” and as “being mandated by the US Border Inspection Agencies [sic].”

In 2004, an Amtrak technology manager was asked, “Do you know if such a [Federal] mandate [to collect information about passengers] exists, or is Amtrak not obliged to participate in this program?”

The unnamed Amtrak IT manager’s response was that:

By statute, the federal government … in cooperation with Amtrak “shall maintain, consistent with the effective enforcement of immigration and customs laws, en route customs inspections and immigration procedures for international intercity rail passenger transportation that will (1) be convenient for passenger; and (2) result in the quickest possible international rail passenger transportation.” 49 USC 24709.

In other words,someone at Amtrak thinks it’s not merely permitted but required by this provision of Federal law to implement whatever level of intrusiveness of data collection and data sharing will make international trains run more quickly.

It’s arguable, to say the least, whether Congress intended this law as a mandate for ID credentials or data collection, whether collection of passenger data prior to ticketing actually expedites international trains (compared to, as used to happen, conducting customs and immigration inspections onboard while trains are in motion), or whether demands for ID and passenger information are consistent with the clause of this section requiring that measures taken be “convenient for passengers”. But someone at Amtrak seems to have interpreted this statute as such a mandate, and represented it as such to other Amtrak staff and contractors.

Are there any limits to what information or actions Amtrak would think is required of passengers on international trains, if that would keep US and Canadian border guards from stopping or delaying trains at the border for customs inspection?

Questions about whether Advance Passenger Information (APIS) was required had been asked not only within Amtrak but by Amtrak-appointed travel agencies, as was relayed to Amtrak by a product manager for the “Worldspan by Travelport” reservation system:

There’s no indication in the documents we received as to whether this Worldspan subscriber, or any other travel agency, was given any answer to this question.

Notably, no legal basis whatsoever for requiring ID from passengers on domestic trains was mentioned anywhere in the records we’ve received from Amtrak. Nor were any records released that related to Amtrak’s privacy policy, or the legal basis for it, although such records were covered by our request. We’re still following up with Amtrak on this and other issues, and will file administrative appeals if necessary.

As part of Amtrak’s response to a separate FOIA request, however, we’ve received a redacted copy of Amtrak’s internal directive to staff regarding passenger ID requirements. According to this document, Amtrak stopped requiring passengers to show ID in order to buy tickets as of October 25, 2017. But no records related to this change, or the reasons for it, were released in response to our request.

Amtrak train crews are supposed to check ID of a randomly selected 10% or 20% of passengers. In our experience, however, Amtrak staff rarely require any passengers to show ID.

Although Amtrak is a Federal government entity, Amtrak’s of list of acceptable ID is much more inclusive than the list of ID that comply with the REAL-ID Act. Amtrak’s list of ID acceptable for train travel includes, among other acceptable credentials, any ID issued by a public or private middle school, high school, college, or university, and drivers’ licensed issued by US states and territories to otherwise undocumented residents.

Amtrak even accepts a “California state issued medical marijuana card“, which doesn’t have the cardholder’s name, only their photo. We’ll leave it as an exercise to our readers to figure out what relationship Amtrak thinks there is between being eligible for medical cannabis and being eligible for Amtrak train travel.

The most reasonable inference is that someone at Amtrak has decided that Amtrak should make a show of requiring ID, but that others at Amtrak don’t really want to turn away travelers without ID. Perhaps they recognize that travellers who don’t have or don’t want to show ID are a valuable Amtrak customer demographic.

Dec 17 2018

Do you need ID to get OFF a plane?

We’ve reported on several legal challenges to demands for ID as a condition of boarding airline flights.

But what about demands for ID after such a flight, as a condition of disembarking or leaving the airport at your destination? Is such a demand legal? Must you comply?

The first court case we are aware of to raise this issue began when DHS law enforcement officers from US Customs and Border Protection (CBP) blocked the only exit from a Delta Airlines plane when it arrived at its gate at JFK Airport in February 2017 after a flight from San Francisco, and required passengers to show ID before they were allowed to leave the plane.

Several passengers, represented by the ACLU, sued the DHS, the CBP and the responsible officials, supervisors, and front-officers in Federal court for the Eastern District of New York, which covers Brooklyn, Queens (where JFK Airport is located) and Long Island.

The plaintiffs in the lawsuit, originally Amadei v. Duke and now Amadei v. Neilsen, complain that the demand for ID violated their 4th Amendment right to be free from unreasonable searches and seizures. They also complain that the DHS policy or practice of demanding ID from some passengers disembarking from domestic airline flights was adopted without complying with the due process requirements of the Administrative Procedure Act (APA).

The first significant — although far from final — ruling in the case came on December 13, 2018. The District Court rejected government motions to dismiss the complaint. Judge Nicholas Garaufis found that the passengers had raised sufficiently credible allegations of violations of the 4th Amendment and the APA to entitle them to their day in court.

Nov 14 2018

OIG confirms State Dept. broke its own rules when it seized US citizens’ passports

A report released earlier this month by the State Department’s Office of Inspector General confirms that, as we and others began reporting in 2013 and 2014, State Department staff “failed to comply with relevant procedures intended to safeguard the rights of U.S. citizens” when they summarily seized or retained the passports of US citizens who sought consular assistance at the US Embassy in Sana’a, Yemen.

Because of incomplete and inconsistent record-keeping and shifting stories told to OIG investigators by State Department staff, the OIG was unable to determine how many US citizens were improperly deprived of their passports, or for how long.

The consequences for these Yemeni-American US citizens were especially dire because many of them were seeking to leave Yemen to escape the escalating civil war and foreign military interventions in Yemen (some of which were backed by the US and its allies).

Without passports, these US citizens were unable to travel legally from Yemen to other countries, or to return to the US. They were forced either to remain in increasingly war-torn and dangerous Yemen, or use dangerous illegal means of transport to escape.

The de facto policy of the US Department of State as early as 2013 — even before the inclusion of Yemen in the 2017 Muslim ban executive orders — appears to have been to define anyone with Yemeni ancestry, regardless of citizenship, as an enemy of the US, and to use all available legal or illegal methods to deny them US passports. Typical tactics included putting applications by Yemeni-Americans for new or renewal passports into indefinite limbo, and indefinitely retaining US passports presented to consular officials at the US Embassy in Sana’a.

Typically, no formal decision that would be readily subject to judicial review was made. Even when a passport was revoked or an application for a passport was denied, the affected citizen often wasn’t notified until months or years later.

Several lawsuits were brought challenging the denials and delays in issuing, renewing, or returning passports. At least one case led to a court order for the return of a US passport seized in Sana’a. But the government was able to evade judicial review of most of its passport denials and seizures by reversing its decisions and dropping charges or issuing delayed passports once its victims lawyered up and made it to US courts.

Despite the fairly scathing report by the OIG, there’s no indication that any of the responsible State Department officials — either at the embassy in Yemen or making policy and directing practices from the US — have lost their jobs, much less been prosecuted, for conspiring to deprive US citizens of their fundamental rights, in circumstances where the ability to exercise those rights could be a matter of life and death.

Oct 15 2018

TSA announces “biometrics vision for all commercial aviation travelers”

Today the US Transportation Security Administration released a detailed TSA Biometric Roadmap for Aviation Security & the Passenger Experience, making explicit the goal of requiring mug shots (to be used for automated facial recognition and image-based surveillance and control) as a condition of all domestic or international air travel.

This makes explicit the goal that has been apparent, but only implicit, in the activities and statements of both government agencies and airline and airport trade associations.

It’s a terrifyingly totalitarian vision of pervasive surveillance of air travelers at, quite literally and deliberately, every step of their journey, enabled by automated facial recognition and by the seamless collaboration of airlines and airport operators that will help the government surveil their customers in exchange for free use of facial images for their own business purposes and profits.

The closest contemporary counterpart to what the TSA envisions for the USA is the pervasive surveillance and control of travelers in China through automated facial recognition by the Public Security Bureau.

Oct 10 2018

What AAMVA doesn’t want you to know about the national REAL-ID database

Another “deadline” for enforcement of the REAL-ID Act of 2005 passed uneventfully today.

The US Department of Homeland Security had advertised that DHS extensions of time for voluntary compliance with the REAL-ID Act by many states would expire today.

The DHS threatened that starting today it would “enforce” the REAL-ID Act through harassment or denial of the right to travel of airline passengers without ID or with ID issued by states or territories that the DHS, in its standardless administrative discretion, deemed insufficiently compliant with Federal wishes.

Today’s supposed “deadline” was fixed neither by law nor by regulation. Not surprisingly, the DHS blinked in the final days before its self-imposed ultimatum, as it has done again and again.

Every US state and territory subject to the REAL-ID Act was either certified by the DHS as sufficiently compliant to satisfy the DHS (at least for now), or was given a further extension of time to comply without penalty until at least January 10, 2019.

Yesterday, the day before the “deadline”, the DHS quietly posted notices on its website that it had granted further extensions until January 2019 to the last two states, California and New Jersey.

Perhaps the DHS is still unwilling to provoke riots at airports by stopping people without ID, or with ID from disfavored states and territories, from flying. Perhaps it isn’t yet prepared to face, and likely lose, the inevitable lawsuits from would-be flyers.

Even American Samoa, which — because the second-class status of American Samoans as US subjects but not US citizens would make it harder for them to challenge DHS restrictions of their rights — had been the first trial by the DHS of enforcement of the REAL-ID Act, was given an extension until October 10, 2019.

So far as we can tell, REAL-ID Act “enforcement” meant only modestly enhanced harassment of American Samoans at airports. Our FOIA request for records of how many people tried to fly with American Samoa IDs, and what happened to them, remains pending with no response after more than five months.

American Samao isn’t the limit of REAL-ID Act expansion beyond US borders and overseas. H.R. 3398, a bill to extend eligibility for REAL-ID Act compliant drivers licenses and IDs to citizens of several nominally independent de facto US dependencies, has passed the House and is pending in the Senate.

Meanwhile, the real movement toward state compliance with the REAL-ID Act is behind the scenes — as the DHS, its collaborators among state driver licensing agencies, and AAMVA, the operator of the outsourced and pseudo-privatized national ID database, want it to be.

Since we last reported on the status of REAL-ID Act compliance six months ago, agencies in three more states — Pennsylvania, New Mexico, and most recently Washington in September 2018 — have uploaded information about all licensed drivers and holders of state-issued IDs to the SPEXS national database. That brings to 19 the number of states whose residents’ personal information is included in the aggregated database.

But even as the database grows to include information about more and more US residents, the DHS persists in denying its existence. According to the DHS public FAQ about the REAL-ID Act:

A: Is DHS trying to build a national database with all of our information?

No…. REAL ID does not create a federal database of driver license information.

To the extent that there is any truth at all in this statement, it’s that the SPEXS national database isn’t under direct Federal or state control, but has been handed over to AAMVA and AAMVA’s contractors. (The database is apparently actually hosted by Microsoft.)

For obvious reasons, nobody is more eager than AAMVA to have you pay no attention to the national ID database behind the REAL-ID Act curtain.

In June 2018, we were honored to receive an urgent letter by Fedex from the President & CEO of AAMVA, demanding that we immediately remove from our website the specifications for the SPEXS database, which we had obtained in 2016 from AAMVA’s own public website. After AAMVA made that whole section of its site “members-only”, we posted a copy of the SPEXS specification to help readers understand the details of the system, and as one of the key sources for our analysis of SPEXS.

SPEXS already includes personal information obtained from government records of drivers licenses and state IDs, including dates of birth and the last five digits of Social Security Numbers, for more than 50 million US residents. We think the people whose data is included in this system are entitled to know what information is being kept about them, who has access to it, and how it is used.

According to the SPEXS specifications, development of SPEXS was funded by grants from components of the DHS and the Department of Transportation. (We’re waiting for responses to our FOIA requests for those agencies’ records about SPEXS.) If SPEXS were being operated directly by a Federal agency, the Privacy Act would require it to provide notice of the types of records in the system, how they are used, and with whom they are shared, as well as procedures for individuals to see the records about themselves and to obtain an “accounting of disclosures” to third parties of information about themselves.

But because the SPEXS database has been outsourced to a nominally private contractor, AAMVA, both Federal and state agencies can disclaim any responsibility for it. That leaves the SPEXS specifications as the best available evidence of what the system is and does.

In a later message to our Web hosting provider, a lawyer for AAMVA claimed that, “The information contained in this work is sensitive and its unauthorized publication could jeopardize the security of the governmental program to which this document relates.” This is nonsense. AAMVA waived any claim of sensitivity by making the specifications public.

When it was still struggling to sell the first states on buying into SPEXS, AAMVA posted the SPEXS specification on its website for anyone to download. More than two years after we called attention to what this document reveals, AAMVA is trying to suppress it. Not because it contains any secrets — it’s been publicly available for years — but because it conclusively disproves the DHS big lie that there is no national REAL-ID database, and shows the essential role that AAMVA itself is playing in this surveillance system.

We encourage you to pay close attention to the AAMVA man behind the REAL-ID Act curtain. And if you have questions about SPEXS or the SPEXS specifications, feel free to contact us.

Sep 18 2018

Globalization and policy laundering of travel control

An interview with the head of US Customs and Border Protection (CBP) published this month by the U.S. Military Academy as part of a “View From The Foxhole” series provides an unusually revealing, and disturbing, picture of the expansion and globalization of surveillance and control of travelers. It also highlights the ways that policy is being “laundered” through the rationale of “compliance with international standards” to avoid any domestic political debate in the US or other collaborating countries.

CBP Commissioner Kevin K. McAleenan begins his overview of the role of the CBP by referring to “people who are… seeking that permission to travel to the United States”.

But US citizens don’t need “permission” from CBP or any other government agency to travel to the US. McAleenan’s comment makes clear the extent to which the US government has arrogated to itself, and now takes for granted, the illegitimate authority to condition the exercise of the right to freedom of movement on government permission.

CBP Commissioner McAleenan doubles down by asserting that “we have the responsibility to interview and inspect all travelers and make decisions on whether they present a risk.”

But that’s not true either. CBP’s authority to inspect travelers is limited to determining whether there is probable cause to charge them with violations of the law. We have a system of criminal law, not a pre-crime system of “risk-based” predictive denial of rights.

Aug 05 2018

New lies from a Federal official about ID requirements

In a speech this week in Florida, President Trump falsely claimed that, “You know, if you go out and you want to buy groceries, you need a picture on a card, you need ID. You go out and you want to buy anything, you need ID and you need your picture.”

Some commentators have expressed surprise that a high Federal official would make a claim about an ID requirement for an everyday activity, when (1) that claim is false, and known to be false by all of the people who engage in that activity without having ID, (2) that claim is not based on any law or regulations, and (3) any such law or regulation would exceed the government’s authority and likely be subject to legal challenge.

Whether Pres. Trump is so out of touch with the reality of ID requirements that he made this claim in sincere ignorance, or whether he knew it was false, it comes as no surprise to us.

Rather, Pres. Trump’s false claim that you need ID to buy groceries is perfectly consistent with the pattern of lies about ID requirements by high Federal and state officials, especially the big lie that you need ID to fly.

Hundreds of people fly without ID every day, just as tens of millions of people every day buy groceries without showing ID. No current or proposed law or regulation requires air travelers to show ID, and any such law would be invalid as a violation of human rights recognized by the US Constitution and international treaties.

Claims by the Secretary of Homeland Security and state driver licensing agencies that you need (or will need) ID to fly are as baseless as Pres. Trump’s claim that you need ID to buy groceries. Anyone who has ever flown without ID — perhaps after their ID was lost or stolen, perhaps because they forgot their ID, or perhaps because they don’t have ID — knows that these claims are false.

But rather than questioning or fact-checking these baseless claims by the DHS and state agencies, or mocking the officials who make these false claims about ID to fly the way they have mocked Pres. Trump for his false claims about ID to buy groceries, major news media have reprinted this fake news about ID to fly as fact.

The real lesson to be learned from the obvious falsehood of Pres. Trump’s claims is that you can’t trust the government to tell you the truth about ID requirements or your rights. You need to know your rights, assert them, and be prepared to defend them in court — or the false government claim that you have no rights will become a self-fulfilling myth.

We hope that this incident leads more journalists and members of the public alike to question the truth and the legitimacy of government claims about ID “requirements”.

Jul 18 2018

California DMV lies about the REAL-ID Act

We’ve heard that the California Department of Motor Vehicles has posted scary new signs in DMV offices around the state misinforming motorists and holders of DMV-issued non-driver state ID cards about the Federal REAL-ID Act of 2005.

We assume that these public disinformation messages are similar in content to the false answers to frequently asked questions and other propaganda about REAL-ID on the DMV website.

We’ve been through all this before with similar false claims about the REAL-ID Act by the California DMV and the Federal Department of Homeland Security. But lest anyone be misled by seemingly authoritative statements from government agencies, here are some of the real facts about REAL-ID that are contradicted, denied, or ignored in DMV press releases. Read More →

Jul 14 2018

Greyhound, Amtrak, and ID demands

Changes in Greyhound business practices jeopardize the already-limited options for cross-country travel by people in the USA who don’t have, or don’t chose to show, government-issued ID credentials.

For local transportation, undocumented people who want or need to travel further and/or faster than they can walk can ride bicycles (although there have been proposals in some jurisdictions to require registration of bicycles and/or bicyclists), or use public mass transit (where it exists, and where fares can be paid anonymously in cash, which isn’t the case with some cashless transit fare payment schemes).

Long-distance travel options for people without papers are even more limited. Policies adopted by airlines and Amtrak, combined with ID requirements for drivers of private motor vehicles, have left long-distance bus companies as the carriers of last resort for long-distance travel by undocumented people.

The options for the undocumented get even narrower when one starts looking at specific routes. Greyhound is the only company providing scheduled transcontinental bus service, a truly national route system, or any intercity bus service to many destinations in the USA.

That makes Greyhound’s route system and ID policies, or the lack of any Greyhound policy conditioning domestic US travel on possession or display of government-issued ID, of paramount importance to anyone who wants to move about the US without showing ID.

Jun 22 2018

Arguments for and against TSA Form 415

We’ve finally begun receiving records from the TSA of how the public responded to the TSA’s proposal in 2016 to start requiring travelers to show ID in order to fly.

Since 2008, TSA and contractor staff at airport checkpoints have been demanding that some travelers who do not have ID, do not show ID to checkpoint staff, or show ID that is initially deemed “unacceptable” fill out and sign TSA Form 415, “Certification of Identity”, and answer questions about the information in the (secret) file about them maintained and made available to the TSA by the commercial data broker Accurint.

Before any Federal agency such as the TSA starts collecting information from the public, whether verbally or through a written form, the agency is required to obtain approval for the “information collection” from the Office of Management and Budget (OMB).

The TSA has never requested or obtained approval for any version of Form 415. But in 2016, the TSA gave notice that it intended to seek OMB approval for Form 415, and accepted comments on that proposal from the public by email. After submitting our own objections to the TSA’s proposal, the Identity Project made a Freedom Of Information Act (FOIA) request for the complete administrative record related to the TSA’s contemplated request.

The TSA has not yet actually submitted a request to OMB for approval of Form 415, but has continued to use it illegally without OMB approval.

In May 2018, we received a heavily redacted version of the TSA’s procedures for “ID verification” including use of Form 415.

Now we’ve received a first partial set of excerpts from the “administrative record” related to the TSA’s proposal, consisting mainly of comments submitted by the public.

Most of the comments were from civil liberties and human rights organizations opposed to the TSA’s proposal, including the Identity Project, the Cyber Privacy Project, the Constitution Alliance, and the Electronic Privacy Information Center.

But the TSA also received comments questioning the TSA proposal from at least one state government, and a single frighteningly revealing comment urging the TSA to use even more intrusive measures to track people who try to fly without “acceptable” ID.

Papers, Please!

The Identity Project