Apr 21 2021

DHS wants to put REAL-ID drivers licenses on smartphones

The Department of Homeland Security has published a Request For Information (RFI) from vendors and other stakeholders regarding standards for drivers licenses and other IDs stored on smartphones or other mobile devices to be considered compliant with the REAL-ID Act of 2005.

Responses to the RFI are due by June 18, 2021.

The amendments to the REAL-ID Act signed into law at the end of 2021 included provisions authorizing the DHS to certify digital ID credentials as “REAL-ID compliant”. That certification can’t happen, though, until the DHS promulgates new regulations.

The RFI published in the Federal Register this week is not formerly part of such a rulemaking, but appears to be part of the preparations for it.

A “mobile ID” would consist of a certificate digitally signed by a state department of motor vehicles. The RFI contemplates a process through which “individuals would electronically send identity verification information to the DMV to establish their identities and ownership of the target device.” No explanation or justification is provided for why or how a digitally-signed certificate would be, or should be, bound to a specific device, rather than simply provided as a file that can be stored on any digital device or storage medium.

It’s just as easy to loan a smartphone or other mobile device to another person whose appearance is similar as it is to loan a physical ID card to another person.

A drivers license rarely needs to be displayed, and in the form of a wallet-sized plastic card it  can be kept in a relatively secure pocket or compartment of a purse. A smartphone, in marked contrast, is likely to be frequently consulted and carried in a location on one’s person that is much more exposed and vulnerable to snatch-thieves than one’s wallet.

A smartphone is already, for many people, vulnerable as a single point of failure for identity and password management. Binding a digital ID to a specific smartphone appears likely to increase the risk and exacerbate the consequences of smartphone theft as a method of identity theft.

The RFI says that the DHS is considering incorporating the American Association of Motor Vehicle Administrators Mobile Driver License (mDL) Implementation Guidelines (April 2019) in the DHS standards and regulations, and the DHS seeks comments on those AAMVA guidelines. But those AAMVA guidelines are posted only on the “members-only” portion of the AAMVA website, and aren’t available to the public.

In the past, when we reposted specifications for the AAMVA’s national REAL-ID database that AAMVA had posted for years on the public portion of its website, AAMVA not only moved those specifications to to the members-only portion of its website, but asserted their copyright and threatened us with litigation to get us to take them off our site.

The DHS notice purporting to invite the public to submit comments on a secret document, not available to the public, that might be incorporated into DHS regulations, exemplifies everything that is wrong with both secret law and the outsourcing of “lawmaking” to entities such as AAMVA that are nominally private and not subject  to Federal or state freedom of information, public records, or open meetings laws.

There’s no indication in the RFI as to when or how the DHS plans to move forward with the separate rulemaking and approval procedures that will be required if it is to follow through on its threats to start turning away would-be air travelers at TSA checkpoints if they don’t have REAL-ID approved ID or don’t have or show any ID.

Apr 14 2021

More support for court challenge to TSA impunity

Two months ago, the last time we checked in on Sai v. TSA (now Sai v. Pekoske) —  the landmark challenge to the TSA’s attempt to avoid ever facing a Federal trial over its checkpoint procedures —  the disabled, pro se plaintiff had been given what seemed an impossibly short deadline by the 1st Cicruit Court of Appeals to file “hypothetical” objections to whatever “orders” the TSA might have issued that adversely affected them, without knowing what those orders might be.

Since then, we are pleased to report, things have been looking up for Sai and for all those who would subject the TSA to the rule of law.

Jonathan Corbett, Esq., who has brought a series of lawsuits against the TSA on his own behalf and that of his clients, stepped in to represent Sai pro bono, and got a small extension of time.

Of necessity given the limited time and resources, the brief filed on Sai’s behalf on April 2nd greatly narrows the issues presented. But it continues to challenge the TSA’s claim that its checkpoint procedures can’t be challenged or brought to trial in U.S. District Court, but can only be “appealed” to Circuit Courts where no fact-finding can be conducted and what constitutes the “record” to be (deferentially) reviewed is defined by the TSA itself. Sai also continues to challenge the TSA’s attempt to withhold self-defined “Sensitive Security Information” from disclosure in response to Freedom of Information Act (FOIA) requests.

Further strengthening Sai’s case against TSA impunity from trial or judicial fact-finding, the Institute for Justice — which is moving forward with its own challenge to systematically lawless TSA practices — has intervened in Sai’s case against the TSA with a friend-of-the-court brief and a request to participate in oral argument before the Court of Appeals.

We fully endorse the latest arguments made by both Sai and IJ, and look forward to having them given the consideration they deserve by the 1st Circuit panel.

Apr 07 2021

4th Circuit panel rejects rights to travel and to due process

In one of the worst court decisions on the right to travel since Gilmore v. Gonzales,  a three-judge panel of the 4th Circuit Court of Appeals has reversed the decision of a U.S. District Court that  the U.S. government’s system of extrajudicial administrative blacklists (euphemistically and inaccurate called “watchlists” although the consequences for the people who are listed include much more then merely being “watched”) is unconstitutional.

The decision comes in a class-action lawsuit brought on behalf of blacklisted Muslim  American travelers in 2018 by the Council on American Islamic Relations (CAIR). It folows a disturbing trend of decisions in similar cases by courts in the 6th Circuit and the 10th Circuit.

According to Gadeir Abbas, the CAIR attorney who has led the national campaign of lawsuits (many others of which are still pending) against post-9/11 blacklists, CAIR plans to petition for “rehearing en banc” by the 4th Circuit Court of Appeals:

A three-judge panel on the Fourth Circuit reversed a historic U.S. District Court decision that declared the entirety of the watchlist unconstitutional. In doing so, the judges ignored the dire consequences experienced by American citizens placed on the watchlist and took a dim view of what the Constitution requires. We are disappointed in this decision, but we remain undeterred. The fight is not over. CAIR will now ask the entire Fourth Circuit to review the case.

The 4th Circuit panel gets off on the wrong foot by declaring that it is reviewing a challenge to a “system vital to public safety”, despite the absence of any finding by the District Court to that effect or any evidence in the record to support such a claim. In fact, watchlists/blacklists are based on anything but actual dangerousness. If an individual were actually demonstrably dangerous, the government could and should either arrest them or apply to a court for an injunction restricting their dangerous actions. But the government has never done that with any of the people it has blacklisted.

The 4th Circuit panel opinion is dismissive of almost every aspect of the right to travel or of due process. It finds that government-imposed travel delays of hours or perhaps even days aren’t sufficient interference with the right to travel to constitute a legally-cognizable infringement of the right to travel, and that denial of air transport is Constitutionally insignificant because, “Plaintiffs can travel internationally by boat.”

Despite acknowledging that the blacklists/watchlists were “created by executive order” and not by any Congressional action, and that the Terrorist Screening Center “receives around 113,000 nominations annually and around 99% are accepted,” the 4th Circuit panel finds that no judicial review of these decisions is necessary.

Relying on an outdated history of entry and exit procedures when an intercontinental journey took weeks, and a delay of hours or days would only lengthen the journey time by a small percentage, the 4th Circuit panel brushes off the detention (in many cases at gunpoint), interrogation, and search of the plaintiffs. “Delays and inconveniences at the borders are… as old as the nation itself…. The experiences alleged by plaintiffs do not rise to the level of constitutional concern…. Given the government’s broad power to control movement across the nation’s borders, the burdens experienced by plaintiffs are not infringements of  ‘liberty’ within the meaning of the Due Process Clause.”

We join CAIR in looking forward to en banc rehearing and reversal of this ill-founded decision.

 

 

Mar 30 2021

Expanding travel policing beyond no-fly lists (and the Fourth Amendment)

According to an article in POLITICO based on interviews with unnamed “law enforcement officials,” the US Department of Homeland Security (DHS) is considering expanded use of airline reservation data  to target travelers  for more intrusive searches:

The department could begin analyzing the travel patterns of suspected domestic extremists, monitor flights they book on short notice and search their luggage for weapons, a senior law enforcement official told POLITICO. There have also been discussions about putting suspected domestic violent extremists — a category that includes white supremacists — on the FBI’s No Fly List, the official said. When suspected extremists travel internationally, officials may be more likely to question them before they pass through customs and to search their phones and laptops.

A second law enforcement official told POLITICO that conversations about monitoring domestic extremists’ travel have involved multiple federal agencies at the interagency level, including the FBI.

We’ve recently discussed what’s wrong with the no-fly lists (there are several, created and maintained by different, although interlocking, entities, for different ostensible purposes) and why they shouldn’t be used like this or in most of the other ways that they are now used.

As Gary Leff puts it in his View from  the Wing travel blog:

Denying the freedom of travel, without trial, is precisely the mob rule outside of the rule of law that we’re supposed to be pushing back on after the events of January 6th. Having the government ban travel on all airlines without judicial review is frightening in a democracy.

The latest article in POLITICO suggests tactics that go well beyond no-fly lists. It’s important to understand what’s being talked about, and how it would differ from previously-disclosed practices and exceed what is permitted by current law.

It’s crucial to recognize that, in this proposal, the DHS is testing the waters not for an expansion of existing authority, but an entirely new category of exception to the Fourth Amendment: a “pre-crime” search that is based on neither a warrant nor probable cause, but that — unlike an administrative search — targets individuals selectively.

Read More

Feb 04 2021

“Hypothetical” briefing ordered in TSA lawsuit

The most significant legal challenge since the creation of the Transportation Security Administration to the TSA’s attempt to operate outside the law, and to avoid judicial review of its actions, is coming to a head in the next month in the First Circuit Court of Appeals in Boston. It’s a David v. Goliath legal battle, and the plaintiff wants and needs help.

We’ve talked about Sai’s various challenges to TSA practices before. A little over five years ago, Sai (they go by only one name) filed a pro se challenge to the Constitutionality of 49 USC § 46110, the Federal law which establishes special (and especially limited) procedures and criteria for judicial review of “orders” issued by the TSA.

49 USC § 46110 exempts TSA orders from the usual jurisdiction of Federal District Courts. TSA orders can be reviewed only by the Circuit Courts of Appeal, where there are no trials. Circuit Courts must base their decisions on the “administrative record” as supplied by the  TSA, and must grant the truth of any TSA claims supported by “substantial” evidence, regardless of the existence of any (perhaps more persuasive) evidence to the contrary or impeaching the credibility of the TSA and its claims, and regardless of any evidence that the TSA doesn’t chose to include in its “administrative record”. Needless to say, no objections at all will be in the TSA-created “record” with respect to secretly-issued orders.

In a case of first impression, Sai challenged the Constitutionality of this law both on its face and as applied to them. This is the case that will determine, for all practical purposes, whether the TSA is subject to the rule of law, or can continue to make up and enforce its own secret “rules” as it goes along, changing or disregarding them at whim.

We won’t try to recount the history of the case. Suffice it to say that, although motion practice has been extensive, none of the fundamental issues have yet been addressed. The RECAP docket mirror of the docket doesn’t capture most of the filings in the Court of Appeals. There’s a link to a folder of court filings and other related  documents here on Sai’s website, but they haven’t been able to keep that index up to date.

A few days ago, after months of silence, the 1st Circuit went from “wait” to “hurry up” and  gave Sai just 30 days to brief all their remaining issues and claims, or have them deemed denied. Sai is indigent, proceeding pro se (on their own without a lawyer), and has substantial vision and other physical disabilities that limit the pace of their work.

But that’s not all, and maybe not the worst, of the unfairness in the Court’s latest order.

“Order” isn’t defined in 49 USC § 46110. But in other cases, the TSA has interpreted this definition as broadly as possible, to shield as many of its activities as possible from normal procedures for judicial review. And this is the exclusive procedure for review of such orders.

Sai still doesn’t know what orders the TSA has issued that might apply to them (and that the TSA might try to impose sanctions for unwittingly violating), or what if any basis the TSA claims for these orders. The TSA claims the right to keep all this secret from Sai, while submitting secret lists of secret orders, and secret arguments to justify them, to the Court of Appeals “ex parte and in camera”.

Here’s how the Court of Appeals has now told Sai to respond “hypothetically” to these secret arguments about secret laws:

The matter will proceed to briefing based on the administrative record as just designated. A portion of that administrative record has been accepted for filing ex parte and in camera, and petitioner’s request for clearance to access those materials is denied. Nonetheless, briefing shall proceed. The purpose of a proceeding of this sort is to allow for the challenge of specific agency orders, see 49 U.S.C. § 46110(a), not to facilitate broad discovery of agency policies and practices. With this purpose in mind, the court discerns no reason why petitioner cannot prepare a brief that fully conveys challenges to specific orders despite the unavailability of a portion of the administrative record. Petitioner need only clearly articulate the nature of any orders petitioner reasonably believes may have been disclosed in the sealed portion of the administrative record and then explain why such an order, if it exists, would be amenable to review under § 46110 and why the existence or enforcement of such an order would be illegal or unconstitutional. In other words, to the extent petitioner cannot discern from the publicly filed portion of the administrative record whether a particular order exists, petitioner may present arguments hypothetically assuming the existence of the order and explaining why such an order, if it existed, would be illegal or unconstitutional. Once briefing is complete, the ultimate merits panel will be in a position to review the full administrative record, including the portions of the administrative record filed ex parte and in camera. The ultimate merits panel can assess petitioner’s claims in light of that review.

All this to be completed, on Sai’s part, in the next 30 days.

If you thought arguing hypotheticals was for law school exercises and the bar exam, thnk again. Alice In Wonderland, here we come!

We think that any orders that have been issued in secret, can’t be disclosed to those who are supposed to obey them and against whom they are to be enforced, which are justified (if at all) only by secret arguments and/or secret evidence not subject to independent examination, and that can be challenged only “hypothetically” on the basis of guesses about what the orders are or what secret excuses have been made for them, are unconstitutional on their face, as is this “review” procedure itself.

Sai needs and wants legal help to make this argument to the Court of Appeals. One way or another, this case will set an important precedent. Sai is indigent and significantly disabled, and asked the court to appoint counsel for them. But that’s discretionary in civil cases, and the court declined. If you might be able to provide immediate pro bono legal assistance, please contact Sai ASAP.

 

Jan 19 2021

“Put them on the no-fly list!”

Flowchart of no-fly lists and the U.S. government's no-fly decision-making process.

[“How do you get on the no-fly list?” Larger image; PDF with legend.]

In the aftermath of the storming of the U.S. Capitol last week, there’s been a confused cacophony of calls to “put the rioters on the no-fly list.”

At the same time, there have been equally confusing claims and denials that some people found out that they had already been “put on the no-fly list” when they were denied boarding on flights home from Washington.

Are these people “on the no-fly list”? Could they be? Should they be? Is this legal?

More generally:

How do you get on the no-fly list? How do you know if you are on the list? How do you get off? What substantive and procedural legal standards apply?

The answers to all of these questions are much more complicated, and different, than many people seem to think — including the chairs of relevant Congressional committees, who ought to know better. The reality is that:

  1. There isn’t just one U.S. Federal government no-fly list — there are several, created by different agencies for different purposes.
  2. There are also non-list-based ways that real-time no-fly decisions can be made.
  3. No-fly decisions can be, and are, made independently, on the basis of different lists and other criteria, by multiple Federal agencies and by individual airlines.

So a better starting point for understanding what’s happening — before we can begin to assess whether it is legal or what should be happening — is to ask, “How can a would-be passenger be prevented from boarding a scheduled airline flight?”

The diagram above (larger version; PDF with legend of acronyms and color-coding) gives only a summary of the U.S. government’s no-fly decision-making process, not including individual airines’ no-fly decision-making practices. (We’ve published versions of the diagram before. The latest version above has been updated to include the Angel Watch Center, the CDC Do Not Board List and Lookout List, and the Watchlisting Advisory Council.)

As discussed in more detail below, no-fly decisions can be based on any of the following:

  • U.S. government no-fly orders:
  • Airline no-fly decisions, based on:
    • Airline conditions of carriage.
    • Airline no-fly lists (created and maintained separately by each airline).
    • Other non-list-based “rules” interpreted and enforced by airlines (most significantly the entry requirements described in the Timatic “travel information manual”).

How does all this work? Here are some FAQs about the no-fly list and no-fly orders:

Read More

Nov 06 2020

Canada copies US “Secure Flight” air travel controls

While we were watching US election returns, our neighbors to the north were adopting new travel regulations that incorporate some of the worst aspects of the US system of surveillance and control of air travel, and in some respects go even further in the wrong direction.

Canadian authorities don’t generally want to be seen as imitating the US or capitulating to US pressure. There was no mention in the official analysis of the latest amendments to the Canadian regulations of the US models on which they are based. But according to the press release this week from Public Safety Canada, the latest version of the Canadian Secure Air Travel Regulations  which came into force this week for domestic flights within Canada as well as international flights to or from Canada include the following elements, each of which appears to be based on the US Secure Flight system:

  1. All air travelers will be required to show government-issued photo ID. The Canadian ID requirement to fly is now explicit, unlike the de facto ID requirement that the US Department of Homeland Security is attempting to impose and already wrongly enforcing, in some cases, without statutory or regulatory authority. The Canadian rules appear to reflect the authority to deny passage to air travelers without ID that the DHS has sought, but has not yet been granted, in the US.
  2. Fly/no-fly decision-making will be transferred from airlines (making binary fly/no-fly decisions on the basis of a no-fly list provided by the government) to a government agency. After receiving information about each passenger from the airline, Public Safety Canada will transmit a permission messages to the airline with respect to each would-be passenger on each flight,  with a default of “not permitted to board” if no message is received by the airline from the government. Exactly this change was made in the US through the Secure Flight regulations promulgated in 2008. This change serves two purposes for the government: (A) it provides a basis for building positive real-time government control over boarding pass issuance into airline IT infrastructure, converting every airline check-in kiosk or boarding-pass app into a virtual government checkpoint that can be used to control movement on any basis and for any reason that the government later chooses, and (B) it enables the switch from blacklist-based no-fly decision-making to more complex and opaque real-time algorithmic pre-crime profiling  based on a  larger number of factors.
  3. Air travelers in Canada will be required to provide the airline  with their full name, gender, and date of birth, as listed on government-issued ID, and airlines will be required to enter this data in each reservation and transmit it to the government 72 hours before the flight or as soon as the reservation is made, whichever comes first. All of this is exactly as has bene required for flights within the US since the coming into force of the DHS Secure Flight regulations. This additional information about each passenger enables the government to match passengers’ identities, in advance, to other commercial and government databases, and thus to incorporate a much wider range of surveillance and data mining into its profiling algorithms.
  4. Travelers will be able to apply to the government for a “Canadian Travel Number” which, if issued, they can enter in their reservations to distinguish themselves as whitelisted people from blacklisted people with similar names and/or other similar personal data.  This Canadian Travel Number is obviously modeled on the “redress number” incorporated in the US Secure Flight system. The goal of this “whitelist number” is to reduce the complaints and political embarrassment of the recurring incidents of innocent people with similar names, including  children, being mistakenly identified as blacklisted people, and denied boarding on Canadian flights. The problem, of course, is that this does nothing to help the innocent people who are correctly identified as having been blacklisted by the government, but who were wrongly blacklisted in the first place.

As our Canadian friends at the  International Civil Liberities Monitoring Group put it in a statement this week:

These regulations do not address the central, foundational problems that plague Canada’s No Fly List system and will continue to result in the undermining of individuals’ rights as they travel….

The Canadian government had a solution from the beginning, and they still do: abolish the No Fly List. If someone is a threat to airline travel or to those in the region they are traveling to, charge them under the criminal code and take them to court where they can defend themselves, in public.

It’s time to be done with secret security lists once and for all.

Sep 01 2020

TSA tries out another (illegal) biometric “ID verification” system

Today the Transportation Security Administration (TSA) announced that it has launched a “pilot” at Washington National Airport (DCA) of yet another scheme for biometric identification and tracking of domestic air travelers.

[Screen capture from TSA video]

The new “touchless ID verification” stations at DCA include a webcam (at top center of photo above) a magnetic-stripe reader (lower left) for drivers licenses and other ID cards, and a photographic scanner for passports (lower right).

Travelers who volunteer to use the new system are directed to insert their drivers license, ID card, or passport into the appropriate reader, stand on a marked spot in front of the webcam, and remove their face mask, so that the image from the ID (or, more likely, from some back-end image database linked to the ID, although that hasn’t been disclosed) and the image from the webcam can be compared by some undisclosed algorithm.

[Traveler being directed by TSA staff to remove her face mask for digital mug shot.]

As we’ve noted previously, it appears to us that (1) the TSA has no general authority to require travelers to show their faces or remove face masks, and (2) in many jurisdictions, orders issued by state or local health authorities currently require all people in public places such as airports to wear masks.

The TSA describes this system as “touchless”. But while TSA staff don’t have to touch travelers’ IDs, each traveler has to touch the same ID card or passport scanner. Then, immediately after touching the scanner, they have to touch their face again to put their mask back on.

Read More

Jul 28 2020

Senate bill would exempt REAL-ID from due process and oversight

Rather than responding to our comments on the latest proposal by the Department of Homeland Security to require ID for airline travel, the DHS has quietly gone to Congress to try to get the law changed so that it doesn’t have to answer us, and to preclude potential litigation to challenge an ID requirement or defend people who try to fly without ID.

A bill introduced earlier this month in the Senate, and already approved in committee, would exempt the implementation and administration of the REAL-ID Act from normal administrative requirements for due process in rulemaking and oversight and transparency in demands by Federal agencies for information.

Included in S. 4133, both as introduced and as amended and reported by the committee, are provisions that would allow the Secretary of Homeland Security, at his or her “discretion”, to issue regulations and administer the REAL-ID Act without regard for the Paperwork Reduction Act (PRA) or the notice-and-comment requirements of the Administrative Procedure Act (APA).

As of now, no comparable bill has been introduced in the House. (Several bills to amend the REAL ID Act are pending in the House, but none of them contain PRA or APA exemptions.) It’s unclear what effect these provisions would have if enacted. All Federal agencies are, of course, still subject to Constitutional requirements for due process. But these provisions of S. 4133  appear to be a direct response to the objections we raised in May 2020 to the latest DHS proposal to impose an ID requirement for airline travel without complying with the PRA or the APA.

Read More

Jun 08 2020

TSA to take mug shots of domestic air travelers

The Transportation Security Administration (TSA) has officially although quietly announced that, as it has planned for years, its deployment of mug-shot machines at airport checkpoints will move from pilot projects to the new normal for domestic air travelers.

According to a Privacy Impact Assessment (PIA) released last week, the TSA plans to integrate facial recognition into the Secure Flight profiling, scoring, and control system used by the TSA and other linked agencies to decide who is, and who is not, “allowed” to pass through TSA checkpoints to exercise their right to travel by airline common carrier.

Cameras to photograph would-be travelers’ faces will be added to each of the stations at airport checkpoints where TSA employees and contractors currently scan would-be passengers’ travel documents (boarding passes and, if they present ID, ID documents).

Read More