Papers, Please!

The Identity Project

Category Archives: Papers, Please

Jun 19 2018

Coding Amtrak’s collaboration with US Customs and Border Protection

We’ve received and posted the latest installment in a continuing trickle of responses to a Freedom of Information Act request  we made in 2014 for records related to Amtrak’s collaboration with US and foreign law enforcement and “border control” agencies.

The most recent batch of records released by Amtrak consists mainly of email correspondence between Amtrak IT staff responsible for supporting ticket sales through travel agencies  (most of which occur through computerized reservation systems), programmers with Amtrak’s in-house ARROW  reservation system, and Amtrak’s technical contacts at  the four major CRSs used by travel agencies: Sabre, Apollo, Worldspan, and Amadeus.

Most of these exchanges relate to Amtrak’s decision in 2005 to start feeding information about all passengers on cross-border (USA-Canada and Canada-USA) Amtrak trains to US Customs and Border Protection, and to require all passengers on these trains to provide Amtrak with passport or travel document info to pass on to CBP.

This was not required by any US law or regulations,  but was a voluntary decision by Amtrak. Some travel agents complained about this, but we’ve still seen no indication that they were given any answer about why Amtrak was doing this or what travelers or travel agents who didn’t want to provide this information could do. Amtrak’s own programmers were falsely told that this was required by order of CBP.

The messages we have received show that requiring travel agents to enter names and details of ID documents in PNRs for Amtrak travel created in the CRSs, and getting this information to flow through in standardized form to ARROW records and transmissions to CBP, proved more difficult than had been expected.

Read More

May 29 2018

More stupid questions for applicants for U.S. visas

The list of questions asked of applicantas for U.S. visas goes on for page after page, including:

  • Do you belong to a clan or tribe?
  • Are you or have you ever been a drug abuser or addict?
  • Are you coming to the United States to engage in prostitution or unlawful commercialized vice?
  • Do you seek to engage in espionage, sabotage, export control violations or any other illegal activity in the United States?
  • Are you a member of a terrorist organization?
  • Have you ever participated in genocide?
  • Have you ever been directly involved in the coercive transplantation of human organs or bodily tissue?
  • Have you ever committed torture?
  • Have you ever engaged in the recruitment or the use of child soldiers?
  • Are you coming to the U.S. to practice polygamy?
  • Are you a member of the Communist party?

Some of these questions are pointless. How many people have been denied admission to the U.S. because they volunteered that they were terrorists, torturers, or genocidists?

Others of these questions are vague, irrelevant, and/or intrusive.

Unfortunately, the list of questions asked of would-be travelers to the U.S. has grown ever longer, under both Democratic and Republican administrations.

In 2016, questions about social media identifiers were added to the online application for the Electronic System for Travel Authorization (ESTA), a sort of short-form electronic visa used by tourists and some short-stay business visitors from most-favored countries.

Now those same questions are being added to the printed and  online forms used by all other applicants for any type of visa to visit, transit, or immigrate to the U.S.

Today the Identity Project and five other national civil liberties and human rights organizations — Government Information Watch, Cyber Privacy Project (CPP), American-Arab Anti-Discrimination Committee (ADC), Restore the Fourth, Inc., and National Immigration Law Center (NILC) — filed comments with the Department of State objecting to this questioning as unconstitutional and contrary to international human rights treaties and Federal laws.

Read More

May 08 2018

TSA releases redacted ID verification procedures

Five years after we requested them under the Freedom Of Information Act, the TSA has released a redacted copy of its Identity Verification Call Center (IVCC) procedures for interrogation and “screening” of people who show up at TSA checkpoints without ID or with ID the TSA initially deems unacceptable.

Most of these people — 98% of them, according to summaries and logs eventually released to us by the TSA in response to our FOIA request — are eventually “allowed” by the TSA or TSA contractors to exercise their right to travel by common carrier, but only after being put through the TSA’s identity verification procedures.

The TSA’s Standard Operating Procedures for travelers without ID or with initially unacceptable ID include requiring them to complete and sign an (illegal) TSA Form 415, “Certification Of Identity” (COI), and playing a pointless game of 20 questions by telephone with the ID Verification Call Center to see if the traveler’s answers to questions match the information in the files secretly maintained by a commercial data broker, the Accurint division of LexisNexis (part of Reed Elsevier).

In 2013, we asked the TSA for its records of what happens to people who try to fly without ID or with ID that the TSA or its contractors initially deem unacceptable. As part of the same request, we asked for related email messages and policies.

The TSA dragged its feet for years, gradually releasing a trickle of redacted and scanned page-view images of derivative reports, but none of the email messages or reports.

A year ago, the TSA declared its munged partial response “complete”. We filed an administrative appeal, and six months later, the TSA’s appeal officer partially upheld our appeal and remanded our request for a further search for email messages and policies.

After eight more months, we’ve finally received a redacted image of the 2013 version (the version in effect when we first made our request) of the TSA’s ID Verification Call Center “Standard Operating Procedures”.

By the time the TSA finally looked for the email messages on which some of the reports were based, after our appeal was upheld, those messages had all been deleted:

No email messages pertaining to the responsive records were located. The email account utilized to prepare and distribute the TSOC reports was centralized into the National Transportation Vetting Center email account, and all emails created during that time associated with the TSOC reports already released to you have been deleted.

Ultimately, the  ID Verification SOP leaves the final decision on whether a would-be airline passenger is allowed to travel to the standardless discretion of the TSA staff person in charge for each airport, the Federal Security Director (FSD) or their designee.

There are some other curious statements between the redactions in the version of the  ID Verification SOP released to us by the TSA.

According to the SOP:

Under these procedures, passengers are required to produce acceptable identification to a TSA Screening Representative (TSR) before proceeding to the security checkpoint. Passengers who do not produce acceptable identification and who fail to assist TSA personnel in adequately identifying their identity will be denied entry.

There is no indication of the legal basis, if any, for this TSA claim that airline passengers have an affirmative duty to  “produce acceptable identification” or “assist TSA personnel in adequately identifying their identity”, or what the basis would be for denial of passage.

The SOP also contains a bizarre assertion in section 2.5.9 of the SOP that the COI form (TSA Form 415), which travelers without ID or with unacceptable ID are required to complete and sign, is “Sensitive Security Information” (SSI) which is “not to be circulated to the public” and which passengers must surrender to checkpoint or TSA staff on demand. The SOP doesn’t say how this form could be held to constitute SSI.

TSA Form 415 has already been made public in response to another of our FOIA requests, and the Paperwork Reduction Act requires that forms used to collect information from the public be published for comment before they are approved.

In 2016, after using Form 415 and its unnumbered predecessor illegally for years, the TSA published a notice that it planned to apply for approval of this form (to which we objected). But the TSA has yet to apply for, much less receive, the approval it would need before using this form.

Apr 27 2018

DHS still using American Samoans as “REAL-ID” guinea pigs

When last we checked in on the status of DHS threats to harass residents of states and territories that haven’t been sufficiently “compliant” with the REAL-ID Act of 2005, the focus was on the territory of American Samoa.

The REAL-ID Act applies to the District of Columbia and five US territories as well as to the fifty US states. American Samoa is the most distant from the US mainland and one of the smallest in population of these US territories, and is the only place subject to the REAL-ID Act whose native-born residents are not US citizens. There are only two scheduled airline flights a week between American Samoa and any other US state or territory.

Perhaps for these reasons, the DHS in its infinite wisdom unreviewable discretion chose to make American Samoa the test of its threats to “enforce” the REAL-ID Act.

Every other state or territory was either certified as sufficiently compliant with the REAL-ID Act (even though few of them are) or given an extension of time to show a more compliant attitude. But the DHS invoked its REAL-ID “nuclear option” on American Samoa, announcing that  effective February 5, 2018, “a driver’s license or ID issued by American Samoa (AS) will no longer be an acceptable document to board a federally-regulated commercial aircraft.” Air travelers showing ID cards issued by the government of American Samoa are subject to additional “ID verification” and/or “screening” (searches).

So how has the DHS effort to make an example out of American Samoa fared? And what can other states and territories learn from this example?

Basically, (1) the sky didn’t fall, and (2) the DHS blinked (again). The message to other states is that they shouldn’t be panicked into “compliance” by empty DHS threats.

Read More

Apr 12 2018

Mapping #CheckpointAmerica

Our friends at the Cato Institute have launched a new  section of their Website in English and Spanish, Checkpoint: America — Monitoring The Constitution Free Zone. The new site provides annotated maps of the locations and details of known permanent checkpoints operated by U.S. Customs and Border Protection (CBP) to control internal travel on roads within the U.S.

CBP claims the “border” authority to operate permanent or temporary roadblocks and stop and question U.S. citizens without a warrant anywhere within 100 miles of any international border or coastline. Including the Atlantic and  Pacific coasts and Great Lakes shorelines, this “border” area includes the majority of the population of the U.S.

Cato compiled information about the checkpoints from non-governmental sources after CBP stonewalled a FOIA request for it: “A 2015 Freedom of Information Act request to CBP filed by Cato Policy Analyst Patrick Eddington for information on these checkpoints has been on administrative appeal for two years.”

The clickable map shows, “overhead and ground-level photography of the facilities, physical descriptions of the checkpoints, and … (where available) press accounts, administrative actions, and court proceedings involving a given checkpoint.”

The new Cato site also acknowledges and links to our friends at Roadblock Revelations (Checkpoint USA), who have been documenting and challenging these checkpoints for many years.

Apr 02 2018

Can US citizens entering the country opt out of CBP mug shots?

US Customs and Border Protection (CBP) has published a new Privacy Impact Assessment (PIA) for its Automated Passport Control (APC) kiosks and Mobile Passport Control (MPC) apps.  Unlike most PIA’s, this one does not say why it was prepared, or what, if anything, about the programs it assesses has changed. But it appears to be a response — although an inadequate and possibly still a factually inaccurate one — to some of our complaints.

At many international airports and some cruise ports  in the US, travelers — including US citizens — have to submit their mug shots to CBP through either an APC kiosk or the MPC smartphone app before they are allowed to proceed to CBP officers for customs, immigration, and agricultural inspections.  This requirement is enforced by “line minders” manning the velvet ropes and directing pedestrian traffic inside “sterile” arrival areas. These line minders are employed by the airline, airport, and/or their contractors or sub-contractors, making it easy for CBP to deny any responsibility for their actions.

In January of this year, we were part of a meeting between civil liberties and human rights organizations and CBP officials on the subject of these  “biometric entry/exit” schemes.

The CBP officials we met with in January denied that anyone is required to use the APC kiosks, contrary to our experience and that of other participants in the meeting.

When we complained that CBP hasn’t complied with even the minimal notice requirements of the Privacy Act and the Paperwork Reduction Act (PRA) for this sort of data collection, CBP’s Privacy Officer responded, “I do not consider this program to be operating in violation of the Privacy Act, therefore, I have nothing to investigate.”

But although CBP didn’t conduct an “investigation”, it does appear to have conducted a new “assessment” and published a new set of claims about what it is doing.

What does CBP now say about its mug shots of arriving travelers? And is it true?

We call B.S.

Read More

Mar 30 2018

State Department proposes more surveillance of social media, communications, and travel

[Excerpt from proposed US visa application form as posted at Regulations.gov]

Today the US Department of State published proposals in the Federal Register to expand its ongoing surveillance of social media, e-mail, and travel by applicants for immigrant and nonimmigrant (tourism and other temporary visits) visas:

The Department is revising the collection to add several additional questions for…  visa applicants. One question lists multiple social media platforms and requires the applicant to provide any identifiers used by applicants for those platforms during the five years preceding the date of application. The platforms listed may be updated by the Department by adding or removing platforms….

Other questions seek five years of previously used telephone numbers, email addresses, and international travel.

Questions about social media identifiers were added to the applications for visas and the ESTA form (electronic visa for citizens of countries in the US Visa Waiver Program) in 2016. But until now, the State Department has claimed that answering these questions was “voluntary”.

This expanded social media, telephone, and e-mail surveillance has all the problems we and other organizations have previously objected to, and more.

There has not previously been any requirement for would-be visitors or immigrants to the US to provide current or past telephone numbers, e-mail addresses, or a comprehensive list of which countries other than the US have been visited or when they have been visited.

The State Department will use these identifiers and share them with other Federal agencies such as DHS, including through the National Vetting Center, to target surveillance of foreign citizens, to mine its historical archives of dragnet surveillance, and to decide whether or not to allow foreigners to enter or remain in the US.  As part of “Visa Lifecyle Vetting” (formerly known as the “Extreme Vetting Initiative”) they will also be used for “continuous vetting”: ongoing suspicionless monitoring, profiling, and scoring by “pre-crime” algorithms purported to have robotic “pre-cognitive” abilities to predict future crimes based on what people say and who they associate with.

Read More

Jan 31 2018

DHS threatens to harass American Samoan travelers

In the latest installment of the game of chicken between the Department of Homeland Security and US states and territories over the REAL-ID Act of 2005, the DHS has announced that drivers licenses and IDS issued by American Samoa won’t be accepted at TSA checkpoints for “domestic” flights beginning next Monday, February 5, 2018 — unless the DHS, in its standardless discretion, backs down again as it has so many times before, and gives American Samoan travelers a last-minute reprieve.

Why American Samoa? And what will this actually mean?

Read More

Jan 30 2018

Government and industry collaborate in travel surveillance

Senior officials of US Customs and Border Protection (CBP) came to San Francisco last week to meet with representatives of the Identity Project and other civil liberties and human rights organizations regarding CBP “biometric entry/exit” schemes. These CBP programs, some of which are already in operation, involve taking digital mug shots of international travelers — including US citizens — as they enter and leave the US. The meeting in San Francisco was a follow-up to one in Washington, DC, in August 2017.

Debra Danisek, CBP Privacy Officer, and John Wagner, Deputy Executive Assistant Commissioner in charge of the CBP “Office of Field Operations”, were accompanied to the meeting by CBP national, regional, and SF Bay Area local CBP policy and operations staff.

We welcomed the opportunity to point out to the CBP officials in charge of these programs that — especially as they apply to US citizens — they violate multiple Federal laws,  involve unconstitutional warrantless, suspicionless dragnet surveillance of how we exercise our right to assemble  as protected by the First Amendment, and should be abandoned.

It was an infuriating meeting, however. Rather than offering explanations for many of the CBP’s practices, the CBP officials across the table flatly denied much of what is happening at airports throughout the US, even in the face of first-person testimony to the contrary from many of the civil liberties advocates in attendance.

Since they wouldn’t admit that some of the most abusive CBP practices — the ones we thought the meeting had been called to discuss — are actually happening, the CBP officials wouldn’t talk about what, if any, legal basis these practices might have. Meanwhile, these unlawful practices by CBP and other DHS components continue and  expand.

Here are some of the counter-factual claims made by CBP in our meeting, and some of the issues left unaddressed: Read More

Jan 20 2018

All the fake news that’s fit to print about REAL-ID and ID to fly

We’ve been spending a lot of our time lately writing letters to the editor pointing out errors and requesting corrections of news stories reporting DHS propaganda as fact.

Earlier this month, the DHS postponed from January 22, 2018, to October 10, 2018, the date on which it had threatened to have the TSA begin (illegally) interfering with air travel by residents of certain states.  Since neither the January 22, 2018, date nor the choice of which states to threaten was set by law or regulation, but solely by DHS press release, the DHS could and did withdraw its threat merely by issuing another press release.

The DHS had little choice, after its bluff was called by reality (compliance with the REAL-ID Act would require more money, more time, and changes to state laws and in some states including California, changes to state constitutions) and the likelihood of resistance by the flying public (any attempt to prevent residents of certain states from flying without ID would lead to protests at airports and lawsuits that the TSA and DHS would likely lose).

But we are not surprised, given the long history of DHS lies about the REAL-ID Act and ID to fly, that the DHS press release withdrawing the threat of a January 22, 2018, crackdown on air travel without ID by residents of certain states was immediately followed by a renewed DHS public relations campaign of lies about the law and the facts.

DHS press releases should no more be published as “facts” without fact-checking or acknowledgment that they contain contested (and readily refuted) factual and legal claims than should President Trump’s,  President Obama’s, or anyone else’s Tweets.

The New York Times is the latest news outlet to have been taken in, yet again, by this DHS “fake news” campaign, with an article this week on the Times’ website and in the travel section, “Is Your ID Approved for Travel? These Are the Latest Rules“. Many of the DHS falsehoods in this article were reported as facts in an earlier story in the Times in November, 2017, by the same reporter, Shivani Vora. We wrote to Ms. Vora at that time to correct the errors in that story, but received no reply.

To be clear, DHS claims are worthy of reporting as news. It is newsworthy that the DHS has engaged in a decade-long campaign, through both Democratic and Republican Administrations,  of brazen public lies about the REAL-ID Act and ID to fly.

It is equally newsworthy, however, that a “newspaper of record” appears to have made no attempt to fact-check the claims made by DHS spokespeople or to include any other points of view, and repeats demonstrably false DHS claims as undisputed facts even after their falsehood was pointed out to the reporter on the story.

Specifically, the latest article in the New York Times reports the following DHS “fake news” as fact: Read More