Papers, Please!

The Identity Project

Category Archives: RFID

Nov 04 2024

TSA launches smartphone-based digital ID scheme

Brushing off objections from the Identity Project and others, the US Transportation Security Administration (TSA) has issued regulations creating the framework for an all-purpose smartphone-based national digital ID and tracking system.

The TSA’s new rules are piggybacked on the REAL-ID Act of 2005, and are ostensibly standards for what states will have to do to issue digital versions of driver’s licenses or ID cards that the TSA and other Federal agencies will accept for Federal purposes, in circumstances where ID is required by other Federal laws. This doesn’t include airline travel, for which no ID is legally required, although the TSA keeps lying about this.

The TSA’s new rules provide that acceptable digital IDs can only be issued to individuals who already have physical driver’s licenses or state-issued ID cards. And individuals are still required by standard state laws to “have their Physical Credential on their person while operating a motor vehicle”, even if they also have a digital ID on their smartphone. So this regulatory scheme isn’t really about driver’s licenses at all. It’s about pressuring states to move from uploading information about all their residents to a national ID database to putting a digital tracking app with a state-issued identifier on each resident’s smartphone.

We’ll have more to say in our next article about some of the ways this might be used for surveillance and control of individuals’ activities in the physical and online realms.

The TSA dismissed out of hand our suggestion that an individual could be provided with a digitally-signed file (signed by a government agency) containing the same information as is contained on a physical license or ID card. Such a  file could be carried on any sort of device and presented over any sort of connection. Instead, the TSA’s new rules require that a digital ID must be “provisioned” through an app on a smartphone. The smartphone must be “bound” to an individual (how is this possible?) and must have bluetooth-low energy (BTE) radio connectivity enabled so that the app containing the digital ID can be remotely interrogated by the government (perhaps without the user’s knowledge).

How will this work? What else will these apps do? In what situations, and for what purposes, will these apps and digital IDs be required? We don’t really know.

Read More

Oct 04 2022

ICAO expands travel tracking and control through RFID passports

The triennial general assembly of the International Civil Aviation Organization (ICAO) is underway in Montreal for its first session since the outbreak of COVID-19, with speakers at its opening plenary last week including US Secretary of Transportation Pete Buttigieg.

It’s been many years since the US delegation to an ICAO meeting has included a Cabinet member. Secretary Buttigieg’s presence brought greater public attention than usual to the ICAO general assembly and related side events.  Unfortunately, news reports have focused on what Secretary Buttigieg said (mainly his comments about Taiwan) rather than on what ICAO is actually doing.

Despite its ostensibly limited role as a specialized international organization with a mandate to administer aviation treaties — a role which would make it logical for the US delegation to be headed by the Secretary of Transportation — police in the US and other ICAO members have coopted ICAO into functioning as a policy laundering venue for imposition of surveillance mandates on all travelers, whether or not they travel by air.

Rather than “faciliating” travel, ICAO’s Facilitation Programme is increasingly devoted to facilitating government control of travel. This includes a new ICAO standard, as discussed below, to enable global blackballing of travelers disfavored by any ICAO member country.

So far as we can tell, no representative of a data protection authority or a ministry primarily responsible for protection of human rights or civil liberties has been included in any country’s ICAO delegation or appointed to any ICAO technical working group.

But that hasn’t stopped ICAO from issuing mandates, under the purported authority of aviation treaties but directly contrary to human rights treaties, for the creation of a new surveillance and pre-crime profiling agency in every ICAO member, and for deployment and use of passports containing remotely-readable RFID chips.

ICAO’s lack of expertise in this non-aviation policy area makes it exceptionally vulnerable to capture — and indeed it has been entirely captured — by a malign convergence of interest between proponents of government  surveillance and control of travel and a travel industry which has been given a free ride for its shared use of government surveillance infrastructure and information for its own business process automation.

Here’s the bad news about what’s happening at ICAO with RFID passports:

Read More

Sep 08 2017

No US passports for “terrorist sympathizers”?

Bills are moving forward in both houses of Congress which, if approved, would mandate the administrative, extra-judicial revocation, non-renewal, and refusal of issuance of a US passport to any US citizen, even if their citizenship is unquestioned and they have been accused of no crime, but “whom the Secretary [of State] has determined is a member of or is otherwise affiliated with an organization the Secretary has designated as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act (8 U.S.C. 1189).”

The proposed legislation would leverage administrative determinations related to immigration (which US courts have allowed to be largely exempted from judicial review insofar as they only affect foreigners who aren’t considered by the US to have the same human rights as US citizens) to impose a categorical ban on certain US citizens leaving or entering the US except at the (standardless, i.e. arbitrary) “discretion” of the Secretary of State.

Since June 1, 2009, US citizens have been forbidden by Federal law and regulations from crossing any border into or out of the US by any means (land, sea, or air) without a passport, passport card, or Federally-approved “enhanced” drivers license. Denial of a passport thus amounts to a categorical ban on leaving or returning to the US. As such,  it is a blatant violation of the rights of US citizens pursuant to the First Amendment “right of the people… peaceably to assemble” and their human rights pursuant to Article 12 of the International Covenant on Civil and Political Rights:

2. Everyone shall be free to leave any country, including his own….

4. No one shall be arbitrarily deprived of the right to enter his own country.

The proposed law would not define how, on what basis, according to what procedures, or using what standard of proof the Secretary of State would make determinations as to membership or other “affiliation” of a US citizen with a blacklisted organization.  To make matters worse, the bills proposing this travel ban for US citizens associated with blacklisted organizations contain no definition of “member” or “otherwise affiliated”.

If you don’t like the decision of the Secretary of State, the bill would provide you with a “Right of Review” entitling you to a hearing before … the  Secretary of State.

Substitute “Communist” for “terrorist” in the proposed legislation, and it becomes clear that these bills would recreate the worst of the guilt-by-association witch-hunting of the MyCarthyist and other Red Scares.

Commie sympathizer? No passport for you! Terrorist symp? No passport for you!

Read More

Jul 28 2014

US government’s witchhunting manual made public

The Intercept has published the March 2013 edition of the US government’s Watchlisting Guidance. This 166-page document, previously kept secret as Sensitive Security Information (SSI), provides standardized but not legally binding “guidance” to Federal executive agencies as to how, on what basis, and by whom entries are to be added to or removed from terrorism-related government “watchlists”, and what those agencies are supposed to do when they “encounter” (virtually or in the flesh) people who appear to match entries on those lists.

The Intercept didn’t say how it obtained the document.

The “Watchlisting Guidance” is the playbook for the American Stasi, the internal operations manual for a secret political police force.  As such, it warrants careful and critical scrutiny.

Most of the initial reporting and commentary about the “Watchlisting Guidance” has focused on the substantive criteria for adding individuals and groups to terrorism watchlists.  Entire categories of people can be added to watchlists without any basis for individualized suspicion, as discussed in Section 1.59 on page 26 of the PDF.

These criticisms of the watchlisting criteria are well-founded. But we think that there are at least as fundamental problems with what this document shows about the watchlisting procedures and the watchlist system as a whole.

Read More

Jun 01 2014

Can the TSA retroactively declare public information “secret”?

At the request of the government, the Supreme Court has agreed to review the decision of the Court of Appeals for the Federal Circuit in favor of Robert MacLean, a TSA “air marshal” who was fired for telling a journalist, members of Congress, and the DHS Office of the Inspector General about an unclassified text message that the TSA,  three years later, would designate as “Sensitive Security Information” (SSI).

Mr. MacLean challenged his firing as being in violation of the Whistleblower Protection Act, which prohibits retaliation against Federal government employees for certain types of disclosures of information.  But the law has an exception for disclosures “specifically prohibited by law.”

A 3-judge panel of the Court of Appeals found that the ex post facto administrative designation of the text message by the TSA as SSI did not make its disclosure “specifically prohibited by law.”  The Court of Appeals unanimously denied the government’s petition for rehearing en banc.  Now the Supreme Court has decided to hear the case, DHS v. MacLean, during its 2014-2015 term.

The issue presented to the Supreme Court is the meaning of the phrase, “specifically prohibited by law,” in the Whistleblower Protection Act.  But the case is also necessarily about the extent of the TSA’s authority to create “secrets” retroactively and by administrative fiat.

Federal laws and regulations shouldn’t be interpreted by the courts as though they were written in Orwell’s Newspeak.  Information known to the public is not “secret”. The TSA cannot make it “secret” by retroactive administrative action, and should not be allowed to punish those who talk about or disseminate it.

Aug 22 2013

California considers “enhancing” drivers licenses with radio tracking beacons

California’s legislature is considering a bill to authorize adding radio tracking beacons to drivers licenses and state non-driver ID cards.

Each such card would broadcast a unique tracking number which could legally be intercepted by anyone with a suitable radio transceiver within range, and which would be linked to a national DHS database of drivers license, state ID card, and citizenship information.

The tracking beacons are designed to allow the tracking numbers on ID cards carried by travelers in motor vehicles to be read from outside their vehicles as they approach or pass through checkpoints.

Independent academic studies of actual ID cards issued by other states, using the same standards proposed for use in California, have found that they can sometimes be read from more than 50 yards away.

S.B. 397 has already been approved by the California Senate, and is now under consideration in the Assembly. Because it has been amended by the Assembly, it will need to be reconsidered by the Senate (to decide whether to accept the Assembly amendments) if and when it is approved by the Assembly.

To date, S.B. 397 has been largely unopposed in the California legislature, and it is likely to be approved unless legislators start hearing a groundswell of opposition from their constituents.

What excuse is being offered for this scheme? And what’s its real purpose?

Read More

Apr 26 2013

Residents near music festival “required” to wear RFID armbands

The L.A. Times has reported that people who live anywhere within a mile of the site of the Coachella Valley Music Festival in Indio, California (and perhaps residents’ visitors, if any visitors were allowed?) were “required” to wear individually numbered RFID-chipped tracking bracelets throughout the two weekends of the festival:

In 2011, the organization began using microchip-embedded wristbands….

No one can so much as get within a mile of the Empire Polo Field, where Coachella is held, without wearing one. Local residents, whose homes surround the polo field, also have to wear one just to get to their houses, and Guitron said homeowners must also register their cars….

Guitron said it created a safe perimeter for the event, where every concertgoer and resident can be identified via a microchip.

It’s not clear by whom, or by what authority, nearby residents or their guests and visitors could be “required” to wear devices each of which transmit a unique tracking ID number any time it is requested by private parties.

The festival Website explains the “requirements”, but says nothing about their legal basis:

  • “Police check points will vary from one quarter mile to one mile outside of the festival perimeter. Please have your wristbands properly applied on your wrist prior to your departure to the festival.”
  • “You cannot pass through the police vehicle checkpoints without your wristband properly applied on your wrist….”
  • “You cannot walk or bike to the festival site without a wristband properly applied on your wrist.”

According to a trade-journal review of the system being used at Coachella and some other festivals and events:

For organisers, a major benefit is receiving real-time statistics detailing how many people are in each designated area of the site at any time…. “RFID technology is ideal for an exhibition environment, or at any event where customer relationships, outreach and sales leads are sought.”… [T]he RFID micro-chips are linked to an individual ticket-holder’s information.

Will we see controls and RFID person and vehicle tracking requirements like this next year on Patriots Day for everyone who lives, works, shops, visits, attends political meetings or religious services, or passes through the area within one mile of the Boston Marathon route?

We’d be interested to hear from anyone who lives in the area in Indio in where RFID bracelets were “required”.

Nov 06 2012

DHS Scrooge says U.S. citizen can’t come home for the holidays to see his ailing mother

In the latest episode in the increasingly bizarre but all too real saga of standardless secret administrative no-fly orders from the DHS to airlines, prohibiting the transportation back to their home country of US citizens,  Oklahoma native Saadiq Long is being prevented from returning home to the US to spend the holiday season with his terminally ill mother.

Long is a US citizen and a veteran of the US Air Force, never charged with any crime in the US or any other country, who has been living and working as an English teacher in Qatar for the last several years.  He’s also a convert to Islam, which shouldn’t be relevant but probably is.

When he learned of his mother’s illness back home in Oklahoma, he made reservations and bought tickets from KLM for flights from Qatar to the US for what might be a last visit with his mother.

Less than 24 hours before his scheduled departure from Qatar in May, KLM told Mr. Long that the airline (and all others serving the US) had been forbidden from allowing him to board any flight to the US.

Mr. Long has been trying ever since to find out why the government of his country has forbidden all airlines from transporting him, or to find a way to get those orders rescinded. But to date, the DHS has maintained its position that it will neither confirm nor deny whether it has issued any no-fly orders with respect to any specific person, much less the basis (if any) for such orders.

KLM explicitly informed Mr. Long that it had received a no-fly order from the DHS. So in theory, KLM would be required by Dutch data protection law to disclose that order to Mr. Long on request. That wouldn’t tell Mr. Long why he had been banned form returning to his country (the DHS probably didn’t share the reasons for its order with the airline), but would prevent the DHS from claiming in court that whether Mr. Long has been prohibited form flying is a state secret.

Given KLM’s poor track record when individuals have requested KLM’s records of its communications with governments, and the Dutch data protection authority’s poor track record of enforcing the law, it’s hard to predict whether KLM would comply with a request from Mr. Long for all orders or communications pertaining to him between KLM and the US government.

Mr. Long is being assisted by the Council on American-Islamic Relations (CAIR), which has led the struggle for judicial review of no-fly orders. CAIR staff attorney Gadeir Abbas, the leading advocate for US citizens exiled by no-fly orders, told Glenn Greenwald that, “Every few weeks I hear of another Muslim citizen who cannot return to the country of which he is a citizen.”

[Update: Mr. Long was again denied boarding by KLM in Qatar on November 8, 2012.]

Mar 30 2010

Comments on passport fee increases re-opened through April 8

While cancelling its plans for a public hearing in response to the outcry against its plans to increase fees to travelers to pay for the RFID chips in passports, the State Department has re-opened the public comment period on the proposal through next Thursday, April 8th.

An uninformative supplemental notice (PDF) was published in the Federal Register on  March 24, 2010, with a new docket number (DOS-2010-0037) so that people searching or monitoring the original docket wouldn’t know that comments have been re-opened.

You can submit comments by e-mail to fees@state.gov with “RIN 1400-AC57 and 1400-AC58” in the subject line until 5 p.m. Washington time on Thursday, April 8, 2010.  You can use our comments (also available in OpenOffice .odt and MS-Office .doc formats) as a model if you need ideas for what to say.

The supplemental notice claims that comments can also be submitted through the Regulations.gov Web site, but because the notice wasn’t linked to the original docket and was mis-categorized as “non-rulemaking”, that isn’t currently possible.

[Update: Not surprisingly, in light of the problems with the online docket, few additional comments were submitted. The most significant are from United Airlines and the U.S. Travel Association, calling for the State Dept. to suspend the rulemaking until it discloses the cost basis for the proposed fee increases, holds a public meeting to explain them, and provided a new notice and comment period.]

Mar 23 2010

State Dept. backs away from public hearing on passport fees

As we noted earlier this month, the State Department told United Airlines that they planned to hold “a public meeting sometime in April or May of 2010” to explain the cost basis of their proposal to increase fees for passports, visas, and other international travel permissions and credentials.

We contacted the State Department as soon as we read this in United’s comments, to try to find out when and where the meeting would be.  At first, a State Department spokesperson said they had “no knowledge of any meeting being organized”.  After we pointed out the statement in United’s comments, they backpedaled, and told us they were “working out the details on whether there will be a public meeting”.  Then this week they  admitted that there had been a plan for a public meeting, but there no longer is. Instead, they now say the State Deaprtment will publish a new notice in the Federal Register next week (probably in this docket folder), with more background on the  “Cost of Service Study”, and re-open public comments for an additional 15 days.

We take it as a sign that the State Department has gotten the message:  So many people oppose this scheme to charge us more for an improper prerequisite to the exercise of our right to travel that the agency responsible for the proposal realizes that any public hearing would provide a forum for the opposition.

The good news is that if you missed the original comment period, you’ll get a second chance.   Comments are currently closed, but get them ready to send as soon as the window re-opens next week.  You can use our comments (also available in OpenOffice .odt and MS-Office .doc formats) as a model if you need ideas for what to say.

[Update: An uninformative supplemental notice (PDF) was published in the Federal Register on  March 24, 2010, with a new docket number (DOS-2010-0037) so that people searching the original docket wouldn’t know that comments have been re-opened.  You can submit comments by e-mail to fees@state.gov with “RIN 1400-AC57 and 1400-AC58” in the subject line until 5 p.m. Washington time on Thursday, April 8, 2010.  The supplemental notice claims that comments can be submitted through the Regulations.gov Web site, but because the notice wasn’t linked to the original docket and was mis-categorized as “non-rulemaking”, that isn’t currently possible.  In the most important of the follow-up comments, which wasn’t posted to the online docket until a month after it was filed, United Airlines and the U.S. Travel Association jointly argue that the State Department still hasn’t provided sufficient information to allow the public to judge whether the fee increases are justified.]