Jun 25 2009

Courts and Congress finally start to rein in the TSA

Until recently, the TSA has been a domestic legal Guantanamo, and the TSA has treated their domain of “checkpoints” and travel control and surveillance as a law-free zone where their powers of search, seizure, detention, and denial of passage were unconstrained by the Constitution, human rights treaties, judicial review, or stautory or regulatory standards.  As indeed it has been: Congress has enacted no law specifically defining any limits on the authority of TSA agents at checkpoints (or elsewhere), and the TSA itself has never conducted any rulemaking or issued any publicly-disclosed regulations defining its authority, the limits of that authority, what orders travellers do or don’t have to comply with, and which forms of “noncooperation” are considered grounds for which sanctions (more intrusive search, denial of transportation, admninistrative fine, detention, etc.). While the TSA has never been explicitly exempted from the Constitution or treaties such as the International Covenant on Civil and Political Rights, the DHS has sought to avoid ever allowing judicial review of fly/no-fly decisions, and the courts themselves have gone out of their way to avoid ruling on the legality of TSA actions — such as when the 9th Circuit invented a counter-factual claim (without ever allowing an evidentiary hearing on the facts) that John Gilmore hadn’t actually been required to show ID credentials in order to fly, as a way to avoid ruling on whether an ID-to-fly requirement would be Constitutional. As for the Executive, President Obama has yet to nominate an Administrator of the TSA, leaving this one of the highest-ranking vacancies in the Administration and leaving the TSA operating on autopilot under lame-duck holdovers.

In the absence of any explicit rules or any judicial, legislative, or executive oversight, the TSA has felt no need to seek authority for its ever-expanding assertions of authority through legislation or rulemaking.  Nor has the TSA recognized any duty of self-restraint or self-policing to ensure its actions conform to the law. Instead, the TSA has simply wielded its power to do whatever it wished, on the disgraceful assumption that, “If we’re doing something wrong, the courts will tell us — if and when someone can afford to sue us, and they win a court judgement against us.”  In the meantime, the TSA will do, and claim the right to do, anything that hasn’t already specifically been ruled illegal. Kind of like the thief who assumes that they can steal whatever they want, and that if something turns out not be theirs, they’ll give it back if and when someone sues and wins a court judgement ordering its return.

Time and again we’ve pointed out this failure to subject the TSA to the rule of law. See, for example, our most recent prior post on this topic, our agenda on the right to travel submitted to the Obama Administration and Congress after the 2008 elections, and our comments earlier this month at the Computers, Freedom, and Privacy conference session with Obama Administration representatives and others at 1:45:53 of this video.  Until recently, however, neither the Courts, the Congress, nor the Executive branch have wanted to confront the question of what rules govern the TSA.

We’re please to report that this is finally beginiing to change, in small ways but on numerous fronts:

Read More

Jun 01 2009

Today we’re all prisoners in the USA

As of today, June 1, 2009, even U.S. citizens are officially prisoners in the USA, or exiles barred from entering our own country without the government’s permission.

We are now forbidden by Federal regulations from leaving or entering the USA, anywhere, by any means — by air, by sea, or by land, to or from any other country or international waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable uniquely-numbered radio tracking beacons in the form of RFID transponder chips), or unless the Department of Homeland Security chooses to to exercise its standardless “discretion” to decide — in secret, with no way for us to know who is making the decision or on what basis — to issue a (one-time case-by-case) “waiver” of the new travel document requirements.

If you’re in the USA without such documents — even if you were born here, or are a foreigner who entered the USA legally without such documents (a Canadian, for example, who entered the USA by land yesterday when no such documents were yet required), or your document(s) have expired or have been lost or stolen — you are forbidden to leave the country unless and until you procure such a document, or unless and until the DHS gives you an exit permit in the form of a discretionary one-time waiver to leave the country — but not necessarily to come home, unless they again exercise their discretion to “grant” you another waiver.

If you are a U.S. citizen abroad without such a document (for example, if you entered Canada legally without it yesterday by land, when it wasn’t required, or again if your document(s) are expired, lost, or stolen) you are forbidden to come home unless and until you can procure a new document acceptable to the DHS, or unless and until the DHS gives you permission to come home in the form of a discretionary one-time waiver. Read More

Mar 18 2009

Air France puts digital fingerprints in RFID boarding passes

Yesterday (just in time for tomorrow’s planned strike by French air traffic controllers, which is expected to force the cancellation of many of their flights), Air France began a public beta test of what they are calling a “smartboarding” card, as depicted in this video (and third-party videos in English and another in French) and photos and as described in this press release:

This new system is a world first. With a personal card which contains the latest biometric technology (encrypted fingerprints), RFID (radio frequency identification) and thermal printing (the back of the card can be reused up to 500 times), these passengers will be able to board through a dedicated portal whenever they choose.

Developed together with Citizengate, the smartboarding® service has 4 stages:

1. In a special office at the airport (Paris-Charles de Gaulle Terminal 2F), customers can obtain their personal smartboarding® card in just a few minutes which is immediately operational. During registration, all the customer’s identity information (surname, first name, Flying Blue membership number), as well as their encrypted fingerprints is transmitted to the smart card. This registration stage is only carried out once and no files are kept by Air France. Read More

Mar 18 2009

NPR parrots the government line on RFID passports

Today’s edition of “All Things Considered” includes a puff piece on e-passports with embedded RFID chips, based entirely on propaganda statements by government spokespeople.  For the other side of the story that NPR didn’t bother to cover, see the listener comments in NPRs blog, our previous articles on RFID chips in government-issued identity documents, and reports elsewhere on how RFID passports facilitate ID theft, how the globally unique ID numbers on the RFID chips facilitate surveillance, how the encryption used for the rest of the data on the RFID chip has already been cracked, and how space has already been reserved in the data structure on the chip for logs of travelers’ movements.

Mar 10 2009

DHS considering hackable long-range RFID as “alternative” to REAL-ID

Chris Strohm of the National Journal’s CongressDaily reports:

Homeland Security Secretary Janet Napolitano, a former governor of Arizona, said Monday that her office is participating in a working group established by the National Governors Association to review the so-called Real ID law, which Congress passed in 2005 while under Republican control.

“What they’re looking at is whether statutory changes need to be made to Real ID,” Napolitano said after a speech to Homeland Security employees marking the sixth anniversary of the department’s creation.

“They are looking at whether some version of an enhanced driver’s license that perhaps creates options for states would be feasible. They’re looking at what the fiscal impact would be particularly given that states have no money right now,” she added.

“I would expect that over the course of the spring we’ll be rolling something out,” she said.

So-called “enhanced” drivers licenses, already being issued in Washington and Vermont, contain a remotely-readable long-range (“vicinity”) RFID chip, in violation of ICAO international standards for only shorter-range RFID chips in travel documents, with a globally unique identification number to permit anyone within range to track the card or the movements of the person carrying it.  Hackers have already demonstrated, in on-camera real-world tests on the streets of San Francisco, that these enhanced drivers licences and the passport cards that use the same type of RFID chips have succeeded in their design goal of being readable from inside or outside a moving car as it passes by.

This is no “solution” to the problems of the REAL-ID Act, and no improvement.

As we’ve argued in our proposals to the administration and Congress, the only solution to REAL-ID is repeal.  Until Congress takes that essential action, states and citizens should continue their refusal to comply with REAL-ID.

Feb 03 2009

Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

Read More

Nov 26 2008

Border Agents Begin Using “Long-Range” RFID Scanners on ID Cards

USA Today has a story on the new long-range RFID scanners reading ID cards as individuals drive toward the border.

“By the time a car stops at the Customs booth, the agent will have the photos and information of everyone in the car. If a name is on a watch list or database, the person will be taken in for questioning. The system will be “more efficient,” says Thomas Winkowski of Customs and Border Protection.”

DHS claims that the unsecured wireless transmissions will make border crossing more efficient, but why is Homeland Security choosing speed over security.

As we’ve explained before, there are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Off-the-shelf readers can easily skim the data.

Currently, the RFID-enabled ID cards only transmit a unique number to allow border agents to pull up an individual’s file. However, the Department of Homeland Security could easily add more data to the ID card, especially if the agency can convince people to use the RFID-enabled card as an “all-in-one” identification document – where you could use it when you go to the bank, grocery store, gym, school, and more. Read More

Nov 10 2008

The Obama Administration and the Right to Travel

The Obama Administration promises change, and invites suggestions for their agenda.

Since they’ve asked, here are the first things we think the new administration should do to restore our right to travel, and to address the issues of ID requirements and identity-based government surveillance and control of travel and movement.

Some of these can be accomplished with the stroke of a pen on Inauguration Day in January, through Presidential proclamations and directives to Executive staff and agencies.  Others can be ordered by the President, but will require a slightly longer process to comply with administrative notice and comment requirements for changes to (and, in many cases, withdrawal of) Federal regulations.  Others will require legislation, which we urge the Presidential transition team and members of Congress to begin drafting so they can take action early in the new Congressional session. If asked, we would be available to advise and participate in this process. Finally, Senators should question nominees for Executive appointments —especially those nominated to be the new Secretary of Homeland Security and the Administrator of the TSA – about how they will address specific, important issues from the day they take office. These questions are detailed below (and also available here in PDF format).

Executive Orders:

  1. Reaffirm Executive Order 13107 on Implementation of Human Rights Treaties, and instruct heads of agencies to ensure that it is carried out.  As part of his agenda, President-Elect Obama has promised to “strengthen civil rights enforcement,” and this should include enforcement of rights guaranteed by international human rights treaties to which the U.S. is a party.  In particular, President-Elect Obama should extend Executive Order 13107 to explicitly mandate consideration of international human rights treaties in Federal agency rulemakings that could implicate rights protected under those treaties — such as the freedom of movement guaranteed by Article 12 of the International Covenant on Civil and Political Rights (ICCPR). Read More
Sep 29 2008

New York Begins Issuing RFID-Enabled “Enhanced” Driver’s Licenses

The state of New York has begun issuing (pdf) so-called “enhanced” driver’s licenses (or EDLs). These licenses contain RFID tags and include the individual’s citizenship status on the face of the cards. They are issued under the Department of Homeland Security’s “Western Hemisphere Travel Initiative” and will be used as alternatives to passports for crossing the US border.

According to DHS, the “long-range” RFID tag would include a unique number that Customs and Border Protection would “read” as you drove up to the checkpoint and use that unique number to link to your individual name and file. (Such long-range tags can be read from a distance of 70 feet or more.) There are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Some EDL critics would surprise you: the RFID industry, the Government Accountability Office, and the DHS’s own Data Privacy and Integrity Advisory Committee.

The DHS Data Privacy and Integrity Advisory Committee urged (pdf) that long-range RFID only be used in ID documents if RFID is the “least intrusive means,” because there are significant privacy and security drawbacks.

The Government Accountability Office also has urged (pdf) against the use of RFID to track people, testifying that: Read More

Dec 14 2006

Czar Chertoff defends Real ID

The Real ID bill that was sneaked into law last year is getting pushed by head totalitarianism czar Michael Chertoff. Slashdot readers are unimpressed. State legislators throughout the US will be considering bills to either ban Real ID or to implement it in 2007. We suggest writing to your state representatives, asking them to ban it in your state. It will cost billions, it will hassle every ordinary person (you’ll have to produce original birth certificates and such to the DMV again — and any paper that’s out of order will mean endless harassment), and the basic premise is wrong in two ways. One, the federal government can’t tell us citizens that we’re not permitted to travel, or go to court, without its permission; those are RIGHTS, not privileges. Second, the federal government doesn’t have the authority to demand that the states revise their IDs; that’s a state power. The reason the federal government doesn’t have either of these powers is to guard against totalitarian rule from Washington. All hail Czar Chertoff! (Those who don’t salute will be blacklisted).