Papers, Please!

The Identity Project

Category Archives: REAL ID

Jan 02 2020

Drivers’ license data sold to businesses, given to Feds

As we start the year of the once-a-decade US Census, it’s an appropriate time to start looking at some of the ways and the purposes for which data — including drivers license data — is used and shared by the Bureau of the Census.

State agencies that issue drivers’ licenses want us not to object to their demands for more and more personal information about matters unrelated to driving — digital photos, scans of birth certificates and social security cards, etc. — in order to obtain drivers’ licenses that comply with the Federal REAL-ID Act.

State driver licensing agencies say we shouldn’t worry — notwithstanding the requirement of the REAL-ID Act that drivers’ license and state ID data be made available electronically to all other states — because this data will only be shared “as permitted by law”.

But what does that mean? What sharing of this data does the law permit?

Recent reports show that drivers’ license data can be, and is, widely shared with both commercial entities and Federal agencies — including the Bureau of the Census, which will be conducting the decennial census in 2020 — for purposes unrelated to motor vehicle operation or drivers’ licenses. Both Federal and state agencies say that all of this is permitted by the Drivers Privacy Protection Act (DPPA).

Read More

Nov 21 2019

What will the REAL-ID Act mean for Californians?

[Steve Gordon, Director of the California Department of Motor Vehicles]

The director of a $9 million state publicity campaign to persuade Californians that they will be “turned away at the TSA checkpoint” if they try to fly without ID and that “you will need to show federally-compliant identification in order to board a domestic flight within the U.S.” admits that he knows you can fly without any ID, and he’s flown without ID himself.

That admission by Steve Gordon, Director of the California Department of Motor Vehicles (DMV), came following a hearing in Los Angeles yesterday at which we also testified (written testimony, video starting at 1:10:23) before the California Assembly Budget Subcommittee responsible for oversight of the DMV.

California DMV Director Gordon said the DMV has an “overall budget north of $9 million” for an “awareness and motivational campaign” in all media — billboards, online keyword advertising buys , etc. — to “drive people to action” to apply for REAL-ID cards.

Gordon said that the DMV had changed its message from “You can apply for either a REAL-ID ‘compliant’ or ‘noncompliant’ drivers license or ID card” to, “You should get a REAL-ID card,” because it was “too confusing” to tell people they have a choice.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More

Aug 05 2019

Questions about the REAL-ID Act

Fragmentary and jumbled records related to the REAL-ID Act of 2005 released by the US Department of Homeland Security in response to one of our Freedom Of Information Act (FOIA) requests don’t reveal much about DHS policy, but do provide a glimpse of DHS practices and plans.

The DHS has been threatening to harass, interfere with, or bar access to facilities or passage through checkpoints (including, but not limited to, those at airports) to people who don’t have, don’t carry, or don’t show ID; show ID that the DHS doesn’t deem compliant with the REAL-ID Act; or show ID issued by states or territories that the DHS deems insufficiently compliant with the REAl_ID Act.

These threats to deny equal rights to residents of noncompliant states and territories have been central to the DHS campaign to extort compliance from state and territorial officials reluctant to upload their residents’ data to an outsourced, privately-held national ID database.

But what sort of enforcement problem, at what scale, is this likely to pose for the DHS and those collaborators carrying out its REAL-ID directives? How many people will be affected, at what sorts of facilities and locations, in what circumstances?  Inquiring minds want to know, including opponents of the REAL-ID Act like ourselves, but also including officials at DHS headquarters trying to devise a workable REAL-ID enforcement plan.

Read More

Jul 10 2019

Automated DHS searches of state drivers’ license photos

State agencies that issue drivers’ licenses are conducting warrantless searches of their databases of license photos, using automated face recognition software, at the request of  law enforcement agencies including the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security.

The use of automated facial recognition to search databases of drivers’ license mug shots was revealed in responses to requests made under the Freedom Of Information Act and  state public records laws by the Georgetown University Center on Privacy & Technology.  It was reported in recent days in the Washington Post, New York Times, and in two stories on NPR, and was discussed in a Congressional hearing today on the use of automated facial recognition by Federal agencies. (Earlier Congressional hearings on automated facial recognition were held on May 22nd and June 4th.)

Questions are being asked by members of Congress, state officials, and civil libertarians: What is the legal basis, if any, for these dragnet searches of drivers’ license photo databases? How have they have evaded judicial oversight?  Warrants or court orders were neither requested by DHS or other law enforcement agencies, nor demanded by the state agencies that carried out the searches in response to extrajudicial administrative requests.

A letter sent this week by a coalition of civil liberties organizations calls on Congress to suspend the use of facial recognition technology by the DHS. While that is appropriate, it doesn’t address how, from what sources, or on what legal basis databases of ID-linked mug shots of innocent individuals are being created and obtained by the DHS.

Additional questions ought to be asked about the implications of the latest revelations for the REAL-ID Act and the use of facial recognition by airlines, airport operators, and DHS officers and agents at airports and borders:

Read More

Apr 04 2019

TSA plans to put new lying signs in airports

[This sign is a lie.]

According to a press release  issued today by the Transportation Security Administration, the TSA plans to start posting signs as shown above in airports throughout the USA, claiming that “ID Requirements Are Changing” and that  “Beginning Beginning October 1, 2020, you will need a REAL ID compliant license or another acceptable form of ID, such as a valid passport or U.S. military ID, to fly within the U.S.”

According to today’s TSA press release:

REAL ID-compliant licenses or other acceptable forms of ID, such as a valid passport, federal government PIV card or U.S. military ID, will be mandatory for air travel beginning on October 1, 2020. Critically important, on October 1, 2020, individuals who are unable to verify their identity will not be permitted to enter the TSA checkpoint and will not be allowed to fly.

These signs and this and similar press releases are lies.

This isn’t the first time, and probably won’t be the last, that the TSA and/or DHS have made lying statements, issued lying press releases, or posted lying signs about the REAL-ID Act and ID to fly.

Is ID required to fly? No.

One would expect “requirements” announced by a Federal agency to be contained in laws or regulations. But the TSA’s own lawyers, officials, and witnesses testifying under oath have told judges in every lawsuit in which the issue has arisen that no law or regulation required domestic air travelers to have, carry, or show any ID cards or credentials.

The TSA’s responses to our Freedom Of Information Act (FOIA) requests for its records of people who show up at TSA and TSA-contractor checkpoints at airports without ID show that more than 98% of them — hundreds a day, and tens of thousands every year — are allowed to continue to board their flights without carrying or showing ID.

Is this scheduled to change? No.

Changes to Federal laws require action by Congress. No bill has been introduced in the current Congress (or ever, so far as we can tell) that would impose any ID requirement for air travel.

Changes to Federal regulations require a process governed by the Administrative Procedure Act that starts with a “Notice of Proposed Rulemaking” (NPRM) published in the Federal Register.  No notice of any proposed rules related to ID to fly has been published.

In 2016, the TSA published a notice that it planned to seek approval from the Office of Management and Budget (OMB) — but had not yet sought that approval — for a new version of a form some air travelers without ID have been asked to fill out. (Because the form has never been submitted to, or approved by, OMB, its use is illegal and no penalty can lawfully be imposed for declining to respond to the questions on the form.)

We pointed out to the TSA and OMB that it was improper to ask OMB to approve this form without first enacting a law or promulgating regulations providing a legal basis for the form. Other organizations and individuals also objected to the proposed form. The TSA has neither responded to any of the objections nor submitted the form for OMB approval.

Will the REAL-ID Act of 2005 change this? No.

The REAL-ID Act and implementing regulations are concerned only with which ID cards are considered “acceptable”, in circumstances in which some (other) valid Federal law regulations requires ID for some Federal purpose. The REAL-ID Act itself did not purport to impose any new ID requirements, either when it was enacted, in 2010, or ever.

Will I still be allowed to fly without ID in the future? Maybe, maybe not. That’s up to the TSA.  But if the TSA or its contractors prevent you from traveling, without a lawful basis, they will be violating your rights and breaking the law.

Since the TSA is wielding power by secret internal orders and security directives to staff, contractors, and airlines, announced (if at all) through press releases rather than through proper formal notices in the Federal Register, it’s impossible to say with certainty what it will try to do. What it will do is likely to depend, in significant part, on its assessment of how widely and strongly particular assertions of illegitimate authority will be resisted.

The TSA has been making threats to start harassing residents of states and territories that it hasn’t chosen — in what it has claimed is its standardless discretion — to certify as being sufficiently “compliant” with the REAL-ID Act, or to give extensions of time to comply. These certifications and extensions of time have had little apparent relationship with actual compliance, so they too are impossible to predict.

The next of these threats is an extension of time to California to comply with the REAL-ID Act which is scheduled to expire at the end of the day on April 10, 2019.

We suspect, especially after today’s press release — which focuses on an arbitrary date of October 1, 2020, rather than any of the “extension” expiration dates — that the DHS will either certify California and all of the other states and territories as “compliant” (even if they aren’t) or extend their time to comply until October 1, 2020.

Apr 01 2019

DHS continues to extort participation in REAL-ID database

If there is one truth hiding in the forest of DHS lies about the REAL-ID Act of 2005, it’s that the DHS doesn’t want to cause riots at airports by subjecting residents of disfavored states to  more intrusive searches and “ID verificationinterrogation when they travel by air.

The goal of the REAL-ID Act is to intimidate states into adding their residents drivers’ license and state ID data to the SPEXS national ID database, through threats to harass residents of states and territories that aren’t sufficiently compliant.

Like any extortionist, the DHS wants its victims to submit, and doesn’t really want (and may not even be prepared) to carry out its threats.

But what will the DHS do when its bluff is called by states or territories that are either unwilling or unable to comply?

Today, April Fools Day, we’re seeing the latest test of the answer to this question, with the US Virgin Islands as the target of DHS threats.

Read More

Jan 09 2019

How many times will the DHS cry wolf on REAL-ID?

The last time we checked in on the status of the seemingly endless game of “chicken” being played by the US Department of Homeland Security with its threats to start harassing air travelers who reside in states the DHS deems insufficiently “compliant”, every state and territory had been given another “extension” of time to demonstrate commitment to compliance until at least January 10,  2019.

Since then, the DHS, in its standardless administrative discretion, has announced further extensions until at least April Fools Day, 2019 (for the US Virgin Islands), for every state and territory except California and Guam.

But as of today, the DHS website says that, “California has an extension for REAL ID enforcement, allowing Federal agencies to accept driver’s licenses and identification cards from California at Federal facilities, nuclear power plants and federally regulated commercial aircraft until January 10, 2019.”

As of this morning, with the “deadline” less than 48 hours away, we got the following response to our questions about this from a spokesperson for the California DMV:

The State of California has been working for the better part of a year to be deemed compliant with the REAL ID act, unfortunately due to a lack of response on the part of the Federal Government with the ongoing shutdown there has been no final confirmation.

So was that a real deadline for REAL-ID in California?

Is the DHS really prepared to have TSA checkpoint staff — working for indefinitely deferred pay — start trying to carry out time-consuming “ID verification procedures” for everyone who shows up at an airport checkpoint with a California drivers’ license or ID, starting the day after tomorrow?

The answer turns out to be, “No.”

The DHS and TSA have blinked yet again in the face of insufficient state “compliance”.

We’ve just received the following updated statement from the DMV:

The California DMV has confirmed with the Department of Homeland Security (DHS) that they will be granting California an extension to April 1, 2019. Due to the furlough, the letter might not arrive until tomorrow and DHS will likely not be updating their website until the furlough ends. All driver licenses will remain valid and can continue to be used for federal purposes.

And this from a spokesperson for the TSA:

I recently learned from DHS that California’s extension has been extended through April 1, 2019…. Updates to their website are underway.

California doesn’t actually comply with the REAL-ID Act. That would require uploading data about all California drivers’ licenses and ID cards to the SPEXS national ID database, which California hasn’t done and which would probably violate multiple provisions of California’s state constitution. But DHS certifications and extensions are discretionary, and need not be based on any specific criteria or on actual compliance.

There’s still no public word about Guam, the extension for which is also scheduled to expire tomorrow.

Phase 4b” of REAL-ID Act enforcement at airports supposedly started on January 22, 2018. Since then, the only state or territory where the DHS has let a REAL-ID  extension lapse, even temporarily, has been American Samoa, for which another extension has now been granted until October 10, 2019. We’re still waiting for any response to our FOIA request for records of what happened to American Samoans who tried to fly during the period last year when the extension had lapsed.

 

Jan 04 2019

Issues for the revitalized Privacy and Civil Liberties Oversight Board

With its recent revival, the Federal government’s Privacy and Civil Liberties Oversight Board (PCLOB) has a chance to take a fresh look at how far the USA has gone since 9/11 in implementing a combination of “pre-crime” policing (à la Minority Report) and “social credit scoring” integrated with commercial service providers (à la China) as a means of control of what people can and cannot do, and where they can and cannot go.

The PCLOB didn’t have a quorum since early 2017, and was down to only one member. But three new members were confirmed in October 2018. An Executive Director – who may end up with longer-term influence than the members of the Board, especially given that the new members weren’t appointed and confirmed until just three months before one of their terms is scheduled to end – is currently being hired. Civil libertarians able to obtain a security clearance and willing to relocate to DC are encouraged to apply.

>What should the PCLOB focus on, with its limited time and resources? The PCLOB is an advisory committee with neither legislative nor prosecutorial authority. The best use it can make of its limited mandate is to ask hard questions and raise issues that Federal agencies won’t otherwise acknowledge or address.

The TSA and DHS were created in haste after 9/11 without consideration of the privacy and civil liberties implications of their new activities, many of which have never been explicitly approved by Congress. The reactivation of the PCLOB after the latest hiatus is a chance to take a fresh look at the big picture of what these agencies are doing, and what this means for privacy and civil liberties. It might be tempting to focus on “emerging” threats, but the first priority should be to assess the DHS surveillance and control systems that are already in place:

  1. Conversion of state licensing of motor vehicle operators into a national ID system. More than a decade after Congress enacted the REAL-ID Act of 2005, we are entering the endgame of DHS efforts to pressure states into participating in an outsourced, privately-operated, national ID database created to enable compliance with the REAL-ID Act. SPEXS already includes records sourced from states about more than 50 million Americans, but is not subject to any direct government control and has never been the subject of any publicly-disclosed review of its implications for privacy and civil liberties.

  2. Mass surveillance and permission-based predictive control of movement and travel. Congress has never debated whether air travelers should be required to identify themselves,whether the government should keep histories of innocent citizens’ movements (compiled from commercial airline reservations for common carrier travel, license plate readers for travel by private vehicle, and facial recognition for pedestrian movement), or whether existing judicial mechanisms for restricting the right to travel and movement through injunctions or restraining orders should be replaced with secret, extrajudicial administrative prior restraint and similar orders. How has travel been transformed from a right to a privilege exercised only by government permission? How does this implicate the 1st Amendment right to assemble and the right of freedom of movement recognized by international human rights treaties? How widely, and with what implications for privacy and civil liberties, has the precedent set by real-time “pre-crime” predictive control of travel expanded to other activities and transactions?

  3. Suspicionless dragnet administrative searches. Today, the most common hands-on interaction between a Federal agent and a person not suspected of any crime is a TSA pat-down. But there’s never been any comprehensive review of the legality or the implications for privacy and security of the proliferation of suspicionless administrative searches since the creation of the DHS and TSA: security theater in airports, warrantless searches at internal checkpoints (domestic airports, CBP roadblocks on roads that don’t cross the US border, and attempts to claim the right to impose searches on the public in other forms of transportation.

There’s much more that we and others could say about each of these issues, if the PCLOB choses to consider them. But the first challenge for the PCLOB is whether it will tackle these big-picture issues.

Jan 02 2019

Who’s paying for the national ID database?

As part of a flurry of overdue year-end responses to our Freedom Of Information Act (FOIA)  requests, we’ve gotten some curious messages about Federal government funding for SPEXS, the national database of drivers’ license and state ID-card data being created — with no apparent consideration of its impact on privacy and civil liberties — to enable states to comply with the Federal REAL-ID Act of 2005.

The DHS continues to claim that SPEXS isn’t a Federal database: “REAL ID does not create a federal database of driver license information.” But we know that much of the funding for the SPEXS database and the “State-To-State” (S2S) system of which it is a component has come from Federal grants laundered through grants to states and then reassembled by the American Association of Motor Vehicle Administrators (AAMVA) to pay the contractors building and operating the database and network.

Read More