Feb 27 2010

U.S. raising fees for travel credentials and permissions

Under a series of new laws and regulatory proposals, almost everyone traveling internationally to or from the USA — US passport holders, visa-free foreign visitors, and foreigners with visas — would have to pay more in government fees for the required credentials and/or permissions.

This week the U.S. Senate passed the “Travel Promotion Act”, a bill designed to encourage foreigners to visit the USA … by making it more expensive for them to do so.

The money would go for advertising, presumably to try to persuade foreigners that the USA is worth the price and the hassle. This ignores the fact that people around the world already want to visit the USA, and don’t need to be told that. What’s standing in the way of more foreigners spending their money in the USA are the xenophobic rules and procedures that make it so difficult and expensive to get permission to travel to the USA — not lack of desire to take the family on a vacation to Disney World or Las Vegas, or a shopping junket to New York or Miami.

The Travel Promotion Act, previously passed by the House and thus now headed to the White House to be signed into law, will add a US$10 fee (good for an unlimited number of visits in a 2-year period from the date it is paid) to the price of obtaining “pre-approval” to travel to the USA through the “Electronic System for Travel Authorization” (ESTA) .

ESTA pre-approval doesn’t guarantee that you will be admitted to the USA, but is required as a de facto exit visa before the USA considers you authorized to depart from your home country for the USA. No, the USA has no authority to impose an exit permit requirement on departure from other countries, as the Identity Project argued in comments to the DHS when the scheme was proposed, but the legality of the ESTA was never brought up in Congressional debate on the Travel Promotion Act.

ESTA pre-approval is required for all those “intending” to enter the USA without a visa under the “Visa Waiver Program” (VWP). Outside of the VWP, which is limited to a short list of mostly-wealthy most-favored nations, most of them populated mostly by white-skinned people, everyone else except US and Canadian citizens and US permanent residents (green-card holders) needs a visa even to change planes in the USA, which costs a minimum of about US$200 depending on the type of visa.

Those fees for US visas would increase substantially under a pending regulatory proposal from the State Department, which would also increase the fees for issuance or renewal of US passports.

The proposed rule published in the Federal Register earlier this month would increase the total price of a new or renewal US passport from US$100 to US$135. Part of that is an increase in the “Security Surcharge” for each passport to US$40, which presumably reflects the additional cost of including a remotely-readable uniquely-numbered RFID chip in each passport.

The State Department is accepting public comments through 10 March 2010 through the Regulations.gov Web site or by e-mail to fees@state.gov. (You must include the docket number, “RIN 1400-AC58” in the subject line of your e-mail message.) This would be a good chance to tell the Obama Administration that they wouldn’t need the proposed passport fee increase if they reconsidered and rescinded the requirement for RFID chips in passports.

Frequent international travelers with US passports will also get socked. Adding pages to a passport that has filled up with visa and entry and exit stamps, previously free, will now cost US$82. Ouch! That’s particularly unfair to those who requested a passport with extra pages, but didn’t get one, since the passport application form still doesn’t include any place to indicate that you want a thicker passport book (48 or 96 pages instead of the standard 24). If you are submitting comments to the State Department, please include a request that they put check-boxes on the application form to indicate a request for a 48 or 96-page passport.

Interestingly, despite the other ostensibly cost-based fee increases the State Department admits that they are deliberately keeping the cost of a passport card, which has a much longer-range RFID chip than a standard passport book, dramatically below cost, in effect giving travelers a large financial incentive to carry a credential with a longer-range tracking beacon.

And lest Canadians feel left out (they are essentially the only nationality that doesn’t need either a US passport, a US visa, or ESTA pre-approval to travel to the USA, and thus escapes these US fee increases), this week Canada’s Transport Minister announced increases in security fees that will be added to all air tickets for departures from Canadian airports, both domestic and international. Why the higher fees? To pay for more virtual strip-search machines (“body scanners”).

Enjoy your trip, and come back and visit us again soon!

[Comments filed by the Identity Project, Consumer Travel Alliance, Center for Financial Privacy and Human Rights, and John Gilmore, which you can use as a template for your own comments; also available in Open Office .odt and MS-Office .doc formats.]

Jun 25 2009

Courts and Congress finally start to rein in the TSA

Until recently, the TSA has been a domestic legal Guantanamo, and the TSA has treated their domain of “checkpoints” and travel control and surveillance as a law-free zone where their powers of search, seizure, detention, and denial of passage were unconstrained by the Constitution, human rights treaties, judicial review, or stautory or regulatory standards.  As indeed it has been: Congress has enacted no law specifically defining any limits on the authority of TSA agents at checkpoints (or elsewhere), and the TSA itself has never conducted any rulemaking or issued any publicly-disclosed regulations defining its authority, the limits of that authority, what orders travellers do or don’t have to comply with, and which forms of “noncooperation” are considered grounds for which sanctions (more intrusive search, denial of transportation, admninistrative fine, detention, etc.). While the TSA has never been explicitly exempted from the Constitution or treaties such as the International Covenant on Civil and Political Rights, the DHS has sought to avoid ever allowing judicial review of fly/no-fly decisions, and the courts themselves have gone out of their way to avoid ruling on the legality of TSA actions — such as when the 9th Circuit invented a counter-factual claim (without ever allowing an evidentiary hearing on the facts) that John Gilmore hadn’t actually been required to show ID credentials in order to fly, as a way to avoid ruling on whether an ID-to-fly requirement would be Constitutional. As for the Executive, President Obama has yet to nominate an Administrator of the TSA, leaving this one of the highest-ranking vacancies in the Administration and leaving the TSA operating on autopilot under lame-duck holdovers.

In the absence of any explicit rules or any judicial, legislative, or executive oversight, the TSA has felt no need to seek authority for its ever-expanding assertions of authority through legislation or rulemaking.  Nor has the TSA recognized any duty of self-restraint or self-policing to ensure its actions conform to the law. Instead, the TSA has simply wielded its power to do whatever it wished, on the disgraceful assumption that, “If we’re doing something wrong, the courts will tell us — if and when someone can afford to sue us, and they win a court judgement against us.”  In the meantime, the TSA will do, and claim the right to do, anything that hasn’t already specifically been ruled illegal. Kind of like the thief who assumes that they can steal whatever they want, and that if something turns out not be theirs, they’ll give it back if and when someone sues and wins a court judgement ordering its return.

Time and again we’ve pointed out this failure to subject the TSA to the rule of law. See, for example, our most recent prior post on this topic, our agenda on the right to travel submitted to the Obama Administration and Congress after the 2008 elections, and our comments earlier this month at the Computers, Freedom, and Privacy conference session with Obama Administration representatives and others at 1:45:53 of this video.  Until recently, however, neither the Courts, the Congress, nor the Executive branch have wanted to confront the question of what rules govern the TSA.

We’re please to report that this is finally beginiing to change, in small ways but on numerous fronts:

Read More

Jun 01 2009

Today we’re all prisoners in the USA

As of today, June 1, 2009, even U.S. citizens are officially prisoners in the USA, or exiles barred from entering our own country without the government’s permission.

We are now forbidden by Federal regulations from leaving or entering the USA, anywhere, by any means — by air, by sea, or by land, to or from any other country or international waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable uniquely-numbered radio tracking beacons in the form of RFID transponder chips), or unless the Department of Homeland Security chooses to to exercise its standardless “discretion” to decide — in secret, with no way for us to know who is making the decision or on what basis — to issue a (one-time case-by-case) “waiver” of the new travel document requirements.

If you’re in the USA without such documents — even if you were born here, or are a foreigner who entered the USA legally without such documents (a Canadian, for example, who entered the USA by land yesterday when no such documents were yet required), or your document(s) have expired or have been lost or stolen — you are forbidden to leave the country unless and until you procure such a document, or unless and until the DHS gives you an exit permit in the form of a discretionary one-time waiver to leave the country — but not necessarily to come home, unless they again exercise their discretion to “grant” you another waiver.

If you are a U.S. citizen abroad without such a document (for example, if you entered Canada legally without it yesterday by land, when it wasn’t required, or again if your document(s) are expired, lost, or stolen) you are forbidden to come home unless and until you can procure a new document acceptable to the DHS, or unless and until the DHS gives you permission to come home in the form of a discretionary one-time waiver. Read More

Mar 18 2009

Air France puts digital fingerprints in RFID boarding passes

Yesterday (just in time for tomorrow’s planned strike by French air traffic controllers, which is expected to force the cancellation of many of their flights), Air France began a public beta test of what they are calling a “smartboarding” card, as depicted in this video (and third-party videos in English and another in French) and photos and as described in this press release:

This new system is a world first. With a personal card which contains the latest biometric technology (encrypted fingerprints), RFID (radio frequency identification) and thermal printing (the back of the card can be reused up to 500 times), these passengers will be able to board through a dedicated portal whenever they choose.

Developed together with Citizengate, the smartboarding® service has 4 stages:

1. In a special office at the airport (Paris-Charles de Gaulle Terminal 2F), customers can obtain their personal smartboarding® card in just a few minutes which is immediately operational. During registration, all the customer’s identity information (surname, first name, Flying Blue membership number), as well as their encrypted fingerprints is transmitted to the smart card. This registration stage is only carried out once and no files are kept by Air France. Read More

Mar 18 2009

NPR parrots the government line on RFID passports

Today’s edition of “All Things Considered” includes a puff piece on e-passports with embedded RFID chips, based entirely on propaganda statements by government spokespeople.  For the other side of the story that NPR didn’t bother to cover, see the listener comments in NPRs blog, our previous articles on RFID chips in government-issued identity documents, and reports elsewhere on how RFID passports facilitate ID theft, how the globally unique ID numbers on the RFID chips facilitate surveillance, how the encryption used for the rest of the data on the RFID chip has already been cracked, and how space has already been reserved in the data structure on the chip for logs of travelers’ movements.

Mar 10 2009

DHS considering hackable long-range RFID as “alternative” to REAL-ID

Chris Strohm of the National Journal’s CongressDaily reports:

Homeland Security Secretary Janet Napolitano, a former governor of Arizona, said Monday that her office is participating in a working group established by the National Governors Association to review the so-called Real ID law, which Congress passed in 2005 while under Republican control.

“What they’re looking at is whether statutory changes need to be made to Real ID,” Napolitano said after a speech to Homeland Security employees marking the sixth anniversary of the department’s creation.

“They are looking at whether some version of an enhanced driver’s license that perhaps creates options for states would be feasible. They’re looking at what the fiscal impact would be particularly given that states have no money right now,” she added.

“I would expect that over the course of the spring we’ll be rolling something out,” she said.

So-called “enhanced” drivers licenses, already being issued in Washington and Vermont, contain a remotely-readable long-range (“vicinity”) RFID chip, in violation of ICAO international standards for only shorter-range RFID chips in travel documents, with a globally unique identification number to permit anyone within range to track the card or the movements of the person carrying it.  Hackers have already demonstrated, in on-camera real-world tests on the streets of San Francisco, that these enhanced drivers licences and the passport cards that use the same type of RFID chips have succeeded in their design goal of being readable from inside or outside a moving car as it passes by.

This is no “solution” to the problems of the REAL-ID Act, and no improvement.

As we’ve argued in our proposals to the administration and Congress, the only solution to REAL-ID is repeal.  Until Congress takes that essential action, states and citizens should continue their refusal to comply with REAL-ID.

Feb 03 2009

Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

Read More

Nov 26 2008

Border Agents Begin Using “Long-Range” RFID Scanners on ID Cards

USA Today has a story on the new long-range RFID scanners reading ID cards as individuals drive toward the border.

“By the time a car stops at the Customs booth, the agent will have the photos and information of everyone in the car. If a name is on a watch list or database, the person will be taken in for questioning. The system will be “more efficient,” says Thomas Winkowski of Customs and Border Protection.”

DHS claims that the unsecured wireless transmissions will make border crossing more efficient, but why is Homeland Security choosing speed over security.

As we’ve explained before, there are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Off-the-shelf readers can easily skim the data.

Currently, the RFID-enabled ID cards only transmit a unique number to allow border agents to pull up an individual’s file. However, the Department of Homeland Security could easily add more data to the ID card, especially if the agency can convince people to use the RFID-enabled card as an “all-in-one” identification document – where you could use it when you go to the bank, grocery store, gym, school, and more. Read More

Nov 10 2008

The Obama Administration and the Right to Travel

The Obama Administration promises change, and invites suggestions for their agenda.

Since they’ve asked, here are the first things we think the new administration should do to restore our right to travel, and to address the issues of ID requirements and identity-based government surveillance and control of travel and movement.

Some of these can be accomplished with the stroke of a pen on Inauguration Day in January, through Presidential proclamations and directives to Executive staff and agencies.  Others can be ordered by the President, but will require a slightly longer process to comply with administrative notice and comment requirements for changes to (and, in many cases, withdrawal of) Federal regulations.  Others will require legislation, which we urge the Presidential transition team and members of Congress to begin drafting so they can take action early in the new Congressional session. If asked, we would be available to advise and participate in this process. Finally, Senators should question nominees for Executive appointments —especially those nominated to be the new Secretary of Homeland Security and the Administrator of the TSA – about how they will address specific, important issues from the day they take office. These questions are detailed below (and also available here in PDF format).

Executive Orders:

  1. Reaffirm Executive Order 13107 on Implementation of Human Rights Treaties, and instruct heads of agencies to ensure that it is carried out.  As part of his agenda, President-Elect Obama has promised to “strengthen civil rights enforcement,” and this should include enforcement of rights guaranteed by international human rights treaties to which the U.S. is a party.  In particular, President-Elect Obama should extend Executive Order 13107 to explicitly mandate consideration of international human rights treaties in Federal agency rulemakings that could implicate rights protected under those treaties — such as the freedom of movement guaranteed by Article 12 of the International Covenant on Civil and Political Rights (ICCPR). Read More
Sep 29 2008

New York Begins Issuing RFID-Enabled “Enhanced” Driver’s Licenses

The state of New York has begun issuing (pdf) so-called “enhanced” driver’s licenses (or EDLs). These licenses contain RFID tags and include the individual’s citizenship status on the face of the cards. They are issued under the Department of Homeland Security’s “Western Hemisphere Travel Initiative” and will be used as alternatives to passports for crossing the US border.

According to DHS, the “long-range” RFID tag would include a unique number that Customs and Border Protection would “read” as you drove up to the checkpoint and use that unique number to link to your individual name and file. (Such long-range tags can be read from a distance of 70 feet or more.) There are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Some EDL critics would surprise you: the RFID industry, the Government Accountability Office, and the DHS’s own Data Privacy and Integrity Advisory Committee.

The DHS Data Privacy and Integrity Advisory Committee urged (pdf) that long-range RFID only be used in ID documents if RFID is the “least intrusive means,” because there are significant privacy and security drawbacks.

The Government Accountability Office also has urged (pdf) against the use of RFID to track people, testifying that: Read More