Nov 25 2024

Do you need ID to read the REAL-ID rules?

[“The welcoming, friendly and visually pleasing appearance” of the TSA’s headquarters at 6595 Springfield Center Drive, Springfield, VA.]

We spent most of a day last week outside the headquarters of the Transportation Security Administration (TSA), trying and failing to find out what the rules are for the TSA’s new digital-ID scheme.  What we did learn is that, by TSA policy and practice, you can’t read the REAL-ID rules, get to the TSA’s front door, or talk to any TSA staff unless you already have ID, bring it with you, and show it to the private guards outside the TSA’s gates.

The problems we have faced just trying to get access to the text of the TSA’s rules raise issuess about (recursive) incorporation by reference of third-party, nongovernmental text in regulations, secret law, and access to Federal services and rights by those without ID, as well as the underlying issues of REAL-ID, mobile driver’s licenses, and digital IDs.

In late October, as we’ve previously reported, the TSA issued a final rule establishing “standards” for smartphone-based digital IDs that would be deemed by the TSA to comply with the REAL-ID Act of 2005. These mobile driver’s licenses (mDLs) will be issued by state driver’s license agencies, but the standards incorporated into the TSA rule require that they be deployed through smartphone platforms (i.e. Google and/or Apple) and operate through government apps that collect photos of users and log usage of these credentials.

The standards themselves — the meat of the TSA’s rule — weren’t published in the Federal Register or made public either when the rule was proposed or when it  was finalized. Instead, thousands of pages of documents from private third parties were incorporated by reference into the TSA’s rules, giving them the force of law, on the basis of false and fraudulent claims — the falsehood of which was easy for anyone who checked to verify — that they were “reasonably accessible” to affected individuals.

Secret laws are per se a violation of due process, and should be per se null and void. How can it be that “ignorance of the law is no excuse” if the government has kept you ignorant of the law, even when you try to find out what the law says?

You shouldn’t need ID to read the law, just as you shouldn’t need ID to travel by common carrier. But the TSA doesn’t seem to have read the Constitution.

Read More

Nov 04 2024

TSA launches smartphone-based digital ID scheme

Brushing off objections from the Identity Project and others, the US Transportation Security Administration (TSA) has issued regulations creating the framework for an all-purpose smartphone-based national digital ID and tracking system.

The TSA’s new rules are piggybacked on the REAL-ID Act of 2005, and are ostensibly standards for what states will have to do to issue digital versions of driver’s licenses or ID cards that the TSA and other Federal agencies will accept for Federal purposes, in circumstances where ID is required by other Federal laws. This doesn’t include airline travel, for which no ID is legally required, although the TSA keeps lying about this.

The TSA’s new rules provide that acceptable digital IDs can only be issued to individuals who already have physical driver’s licenses or state-issued ID cards. And individuals are still required by standard state laws to “have their Physical Credential on their person while operating a motor vehicle”, even if they also have a digital ID on their smartphone. So this regulatory scheme isn’t really about driver’s licenses at all. It’s about pressuring states to move from uploading information about all their residents to a national ID database to putting a digital tracking app with a state-issued identifier on each resident’s smartphone.

We’ll have more to say in our next article about some of the ways this might be used for surveillance and control of individuals’ activities in the physical and online realms.

The TSA dismissed out of hand our suggestion that an individual could be provided with a digitally-signed file (signed by a government agency) containing the same information as is contained on a physical license or ID card. Such a  file could be carried on any sort of device and presented over any sort of connection. Instead, the TSA’s new rules require that a digital ID must be “provisioned” through an app on a smartphone. The smartphone must be “bound” to an individual (how is this possible?) and must have bluetooth-low energy (BTE) radio connectivity enabled so that the app containing the digital ID can be remotely interrogated by the government (perhaps without the user’s knowledge).

How will this work? What else will these apps do? In what situations, and for what purposes, will these apps and digital IDs be required? We don’t really know.

Read More

Sep 16 2024

TSA again backs down from its REAL-ID threats

The Transportation Security Administration (TSA) has again backed down from its decades-old threats to start requiring all airline passengers to show ID that the TSA deems to be compliant with the REAL-ID Act of 2005. But the new rules proposed by the TSA would create new problems that won’t go away until Congress repeals the REAL-ID Act.

In a notice published in the Federal Register on September 12th , the TSA has proposed another two-year postponement of the most recent  of the “deadlines” the agency has imposed on itself for REAL-ID enforcement.  But that postponement would be combined  with interim rules for the next two years that ignore the law and invite arbitrariness in how travelers are treated.

The TSA notes that “frustrated travelers at the checkpoint may also increase security risks” if the TSA stopped allowing travelers to fly without REAL-ID. But the TSA doesn’t mention its current procedures for flying without any ID or its position in litigation that no law or regulation requires airline passengers to show any ID. Instead, The TSA claims without explanation that without this postponment, “individuals without  REAL ID-compliant DL/ID or acceptable alternative would be unable to board federally regulated aircraft.”

Comments from the public on the proposed rule are due by October 15, 2024. Dozens of comments have already been submitted, almost all of them opposing requiring REAL-ID to fly.

We’ll be submitting comments opposing the proposed rules and reminding the TSA that (1) no state is yet in compliance with the REAL-ID Act, which would require sharing of driver and ID databases with all other states, and (2) neither the REAL-ID Act nor any other Federal law requires air travelers to have, to carry, or to show any ID.

Unless the law is changed to try to impose an unconstitutional ID requirement as a condition on the right to travel by common carrier, the TSA must continue to recognize the right to fly without ID. Any distinction by the TSA or other Federal agencies between state-issued ID, when no state complies with the REAL-ID Act or could do so until all states participate in the national REAL-ID database (SPEXS), would be arbitrary and unlawful.

Read More

Sep 03 2024

Congress asks more questions about TSA blacklists

The “No-Fly” and “Selectee” lists managed by Federal agencies through the joint Watch List Advisory Council (WLAC) aren’t the only blacklists and watchlists that are used to determine who is given US government permission to board an airline flight, and how they are treated when they fly.

Senior members of relevant House and Senate Committees are asking overdue questions about the blacklists created and used by the Transportation Security Administration (TSA) to target selected travelers for special scrutiny, surveillance, and searches when they fly.

The TSA’s Secure Flight program is used to determine, on the basis of identifying and itinerary information from ID documents and airline reservations, what Boarding Pass Printing Result (BPPR) to send to the airline for each would-be passenger. The ruleset included in the Secure Flight algorithm includes list-based and profile-based Quiet Skies rules created by the TSA itself, independent of the interagency No-Fly and Selectee travel blacklists.

These Quiet Skies rules are used to flag certain airline passengers as “Selectees” to be searched more intrusively at TSA checkpoints (even if they aren’t on the interagency Selectee list), and to assign Federal Air Marshals (FAMs) to follow, watch, and file reports on their activities in airports and on flights. A secret alert is sent to FAMs, based on airline reservations, 72 hours before each planned flight by a person on the Quiet Skies list.

The Quiet Skies program was implemented secretly in 2012. “In March 2018,” according to a later report on the Quiet Skies program by the DHS Office of Inspector General (OIG), “in addition to enhanced checkpoint screening, TSA began surveillance (observation and collection of data) of Quiet Skies passengers beyond security checkpoints, as part of its Federal Air Marshal Service’s (FAMS) Special Mission Coverage flights.

The No-Fly list and profile-based no-fly rules are used in the Secure Flight travel control  and surveillance algorithm to determine who is allowed to fly. The Selectee and Quiet Skies lists and rules are used to  determine who to search and surveil when they fly.

The Quiet Skies program came to light later in 2018 when FAM whistleblowers went to the Boston Globe with their complaints that the wrong travelers were being targeted, mis-prioritizing which flights FAMs were being assigned to. These FAM whistleblowers complained, that, for example, anyone identitied from airline reservations as having traveled to Turkey was put on the Quiet Skies list and had a FAM assigned to each US flight they took for the next several months, including domestic flights. Travelers’ reports of being followed through airports (presumably by FAMs) and subjected to more intusive searches at TSA checkpoints after trips to Turkey supported these allegations.

The TSA initially declined to confirm the existence of the Quiet Skies program. But in response to questions from Congress and follow-up reprting by the Globe, the TSA released a belated Privacy Impact Assessement (PIA) for Quiet Skies in 2019. However, that PIA specified none of the Quiet Skies rules and gave no demographic or other information about who those rules had targeted.

Additional descriptions of the program, including the flowchart above, but still not including any of the Quiet Skies rules, were included in a critical DHS OIG report on the program in 2020.

Since January 6, 2021, there has been a new round of complaints by travelers and disgruntled FAMs that participants in the activities that day at the US Capital have been put on the No-Fly, Selectee, and/or Quiet Skies lists.

This month a redacted version was made public of a formal complaint to the DHS OIG by a FAM who says his wife was put on the Quiet Skies list and “targeted for FAMS ‘Special Mission Coverage’ simply because she attended President Trump’s January 6, 2021 speech at the ellipse in Washington, D.C.” FAMs also said that former US Representative and Presidential candidate Tulsi Gabbard has been put on the Quiet Skies list because of her role in the January 6, 2021 events. When she read those reports, Gabbard said that, “The whistleblowers’ account matches my experience” of disprate treatment at TSA checkpoints.

We’ve been unable to confirm or disprove these reports. But we find them plausible and — whether or not they are true — indicative of fundamental problems in these arbitrary, secret, extrajudicial schemes for making decisions about the exercise of our right to travel by common carrier and to be free from unreasonable searches and seizures.

Read More

Aug 27 2024

100,000 passport applicants have gotten the long form

More than 100,000 US citizens — almost ten times as many as the State Department had projected — have been required to complete one or both of two impossible “long form” supplements to their applications for US passports, according to records we received this month in response to a Freedom Of Information Act (FOIA) request we filed in 2011.

[Numbers of passport applicants sent each of the two version of the long form passport application each year since 2014, as reported to us this month by the State Department in response to our 2011 FOIA request.]

Back in 2011, the State Department proposed an outrageous long form to be sent to some subset of applicants for US passports. The form includes a bizarre list of questions which most applicants would be unable to answer.

Do you know, or do you have any way to find out, the dates, addresses, and names of doctors for each of your mother’s pre-natal medical appointments, or the names, addresses, and phone numbers of everyone who was in the room when you were born?

Sending someone the supplemental long form is a pretext for denying their application for a passport. As we said in our comments to the State Department:

The proposed form reminds us unpleasantly of the invidious historic “Jim Crow” use of a literacy or civics test of arbitrary difficulty, required as a condition of registering to vote and administered in a standardless manner. By making the test impossible to pass, voter registrars could use it as an arbitrary and discriminatory – but facially neutral – excuse to prevent any applicant to whom they chose to give a sufficiently difficult test from registering to vote, on the ostensible basis of their having “failed” the test.

In a similar way, choosing to require an applicant for a passport to complete the proposed Form DS-5513, which few if any applicants could complete, would amount to a de facto decision to deny that applicant a passport. And that decision would be standardless, arbitrary, and illegal.

After we publicized this proposal, thousands of people submitted comments to the State Department calling for the proposed form to be withdrawn.

Although the State Department had falsely claimed in its application for approval that this was a “new” form, commenters reported that they had already (illegally) been required to fill out a version of this form, even though it had not been approved.

As soon as we learned this, we filed a Freedom of Information Act (FOIA) request in April 2011 to find out how long the long form had been in use illegally without approval, how many people had been told to fill out the long form, and what if any criteria had been established for when to require a passport applicant to fill out the long form.

Read More

Aug 15 2024

Travel blacklists target political critics

US government travel blacklists (euphemistically described by the government as merely “watchlists”) are being used to restrict airline travel and target searches of electronic devices of organizers of protests against US support for Israel’s military actions in Gaza, according to a complaint filed this week in Federal court by attorneys for two blacklisted Palestinian-American US citizens, Dr. Osama Abu Irshaid and Mr. Mustafa Zeidan.

It might be tempting to interpret the allegations in this complaint as indicative of the need for oversight or guardrails to prevent “abuse” of the blacklisting and travel control system. But we think it makes more sense to see this case as indicative of the risk of political weaponization inherent in the system of algorithmic, identity-based, extrajudicial administrative control of travel. This case shows why this travel control system should be abolished entirely, and why any restrictions on the right to travel should be imposed through existing judicial procedures for restraining orders and injunctions — adversary procedures that incorporate notice, the right to confront one’s accusers, and the other elements of Constitutional due process.

The heavy lifting that makes this use of travel controls to restrict political dissidents possible was carried out when airlines were required to install communication and control lines enabling the US government to decide, in real time, on the basis of information from airline reservations and travelers’ ID documents, whether or not to give airlines “permission” to transport each would-be passenger. That entailed more than $2 billion, by the US government’s own underestimate, in unfunded mandates imposed on airlines and their IT providers for changes to their reservation and departure control systems.

Now that this infrastructure is in place, only the ruleset needs to be changed to change who is, and who is not, allowed to travel by air, or how they are treated when they fly.

Names and other selectors (phone numbers, IP addresses, etc.) can be added to list-based rules. New category-based rules can be added to the ruleset. New real-time “pre-crime” profiling and scoring algorithms can be applied to fly/no-fly decision-making. New external databases and actors can be connected to the system.

All of this has, in fact, been done, making it harder and harder for anyone to exercise effective oversight over the system or the decisions generated by its secret algorithms.

The potential for targeting of dissidents and political opponents is a feature, not a bug, of secret administrative decision-making, especially in the absence of judicial review.

Here’s how it played out in this case, according to the complaint and other reports: Read More

Jul 29 2024

5th Circuit reads travel blacklists into Federal law

In a decision issued last week, the 5th Circuit Court of Appeals has offered the first appellate opinion on whether there is any basis in law for the U.S. government’s creation and use of a system of “watchlists” (blacklists) to determine who is allowed to travel by air and how they are treated when they travel, as well as to impose other sanctions.

Numerous lawsuits have challenged various aspects of the government’s blacklistsing system and its application to airline passengers, but this is the first time that any U.S. appellate court has ruled on whether Congress has given the various agencies that created, maintain, and use these lists any statutory authority to so so.

The 5th Circuit panel found multiple mentions in Federal law of the use “databases” for “screening” of airline passengers. But that begs the question that was actually presented. As the Council on American-Islamic Relations (CAIR) argued in their brief on appeal:

Below, both the district court and the Government presented a mishmash of statutory language, none of which clearly authorizes any of the Defendant agencies to create, maintain, administer, or use a million-name list to infringe on the liberty of U.S. citizens and foreign nationals alike….  High-level congressional authorization of general law-enforcement and national-security activity is self-evidently inadequate to satisfy the major questions doctrine. Even the more precisely-worded statutory provisions that the Government offers to justify specific uses of the watchlist fall short because they nowhere authorize the creation or maintenance of the watchlist in the first place. At bottom, a survey of the Government’s cited authorities reveals that Congress did not create the watchlist—unelected bureaucrats did….

The district court did not conclude that the text of any specific statute clearly authorized federal agencies to create, maintain, and use the watchlist. Instead, the district court followed the Government’s lead and cobbled together (supposedly) clear statutory authorization from a hodgepodge of different laws, none of which—whether viewed separately or together—comes close to supplying clear congressional authorization….

Other cited provisions may grant TSA the power to use the watchlist to screen passengers but nowhere authorize any agency to create, maintain, or administer the watchlist in the first place.

Congress’s after-the-fact acquiescence to an agency’s power grab cannot provide the clear congressional authorization for the agency’s action. Rather, Congress’s clear authorization must come before the agency asserts the power to significantly intrude on the liberty of millions of Americans.

Read More

Mar 19 2024

Unanimous Supreme Court rules that no-fly case can go forward

In a unanimous 9-0 decision announced today,  the US Supreme Court has ruled that a lawsuit brought by Yonas Fikre challenging the US government’s placing him on its no-fly list can go forward even though the government has, for the time being (and only after he sued), taken him off its travel blacklist.

Mr. Fikre is a US citizen who was put on the US government’s “no-fly” list while he was traveling overseas, in order to pressure him to become an informer working for the FBI to spy on members of a mosque he had attended back home in Portland, OR. As a result of being unable to return to the US, he was eventually arrested (at the behind-the-scenes instigation of the US, he plausibly claims) for overstaying his visa, tortured and further interrogated (also at the behest of the US, he claims, also plausibly), and again told he could be removed from the no-fly list — and thus allowed to be released from immigration detention and deported to the US — if he became an FBI informer.

The Supreme Court’s unanimous decision is narrow but important. The government has never, so far as we can tell, actually tried to defend any of its no-fly decisions and orders in court. Instead, the government has tried to avoid judicial review of either its decision-making procedures (as the Supreme Court notes in its opinion today, “no statute or publicly promulgated regulation describes the standards the government employs when adding individuals to, or removing them from, the list”) or the substantive outcomes (a striking pattern, publicly-revealed when the list was leaked, of anti-Muslim bigotry).

The government’s two-prong strategy for avoiding judicial review has been to argue that the evidentiary basis (if any) for no-fly decisions is a state secret that can’t be disclosed even to judges, much less the subjects of no-fly orders, and to try to render the remaining cases “moot” by taking those who lawyer up and sue off the blacklist before their cases can come to trial, as it did with Mr. Fikre once he was back in the US.

The Supreme Court’s decision today deals solely with the “mootness” issue. So little has been revealed about the government’s  actions in putting Mr. Fikre on, and later off, the no-fly list that there is no basis for confidence that the government actions that he complained of in his lawsuit won’t recur if the case is dismissed.

The unanimous opinion, written by Justice Gorsuch, didn’t reach the question of classified or “privileged” information or “state secrets”. Those issues remain to be addressed as the case proceeds on remand in the U.S. District Court for the District of Oregon. Justice Alito, joined by Justice Kavanaugh, filed a concurring opinion agreeing with the judgment that the case was not moot, but stressing that they “do not understand the Court’s opinion to require the Government to disclose classified information as a matter of course” and that it might be possible to decide the case on the basis of unclassified evidence.

Gadeir Abbas, the lawyer for the Council on American Islamic Relations (CAIR) who argued Mr. Fikre’s case before the Supreme Court, said after today’s decision was announced, “The FBI cannot place innocent Muslims on the No Fly List, only to then block that unconstitutional list from scrutiny by removing those Muslims whenever they file a lawsuit.”

We congratulate Mr. Fikre and his lawyers for standing up for all blacklisted Americans. Fifteen years after he was blacklisted by his government and ten years after he filed his lawsuit, Mr. Fikre is still a long way from a trial or a ruling on the merits of his case. Today’s ruling is a step toward justice, but shouldn’t be misunderstood as meaning that “the system works” or that Mr. Fikre has been “given his day in court”.

We wish Mr. Fikre and his lawyers all success on remand in the District Court in Portland.

Feb 16 2024

FOIA follies at the State Department

It’s sometimes hard to say which Federal agency does the worst job or displays the most bad faith in responding (or not responding) to Freedom Of Information Act requests.

But the latest actions by the FOIA office of the Department of State certainly place near the top of our all-time scorecard of FOIA follies.

In the past, our worst FOIA experiences have been predominantly with the Transportation Security Administration (TSA) and other components of the Department of Homeland security (DHS). There was the time the TSA’s Chief Privacy [sic] Officer circulated libelous statements about us to the FOIA offices of all DHS components, in the hope of influencing them not to take us or our requests seriously, and then the TSA FOIA office tried to hide this misconduct from us by illegally redacting the libelous lines from the versions of their internal email messages that they released to us. We found out only when another staff person accidentally sent us an unredacted copy of the incriminating TSA email.

For more than a decade, the TSA FOIA office has included knowingly false bad-faith boilerplate in every letter or email message it sends about any FOIA request, claiming that “This office can be reached at 571-227-2300”. That same number and a toll-free number that goes to the same line, 866-364-2872, are the only phone numbers listed on the FOIA section of the TSA’s website or on FOIA.gov. But as anyone can easily verify, that number is answered by an automated system of recorded messages with no option even to leave a voicemail message, much less to reach any human being. The recording played at that number begins, “This phone line is not staffed by FOIA employees.” It’s impossible to contact the FOIA office, or to contact anyone, at that number.

The recorded phone messages advise FOIA requesters to contact the TSA FOIA office by email, but our email messages to that office are rarely answered. It’s unclear if they are received and ignored, or not received at all. If your email to the TSA FOIA office is filtered out as spam, there’s no way to know, or to follow up by phone. When we wrote to the TSA’s FOIA Public Liaison about this, at the address in their letters and on their website, by certified mail, return receipt requested, our letter was returned marked “Vacant. Unable to Forward.”

So what has the State Department done to rival the TSA’s record of FOIA bad faith?

The saga begins at some unknown date more than a decade ago, when the State Department began singling out some arbitrarily selected subset of disfavored applicants for U.S. passports and illegally demanding that they fill out a bizarre supplemental “long form” passport application asking  questions such in what church they were baptized, every address at which they had ever lived, and every employer for which they had worked. (Imagine trying to fill that out if you worked as a day laborer.)

The selective imposition of a deliberately more difficult questionnaire for some applicants is disturbingly reminiscent of the “Jim Crow” practice of selectively requiring African-American applicants for voter registration to answer a more difficult version of a literacy or civics questionnaire.

The Paperwork Reduction Act requires that all forms like this be approved by the Office of Management and Budget before members of the public can be required to fill them out, but the State Department never submitted this passport form to OMB.

In 2011, however, the State Department asked OMB to approve an even longer supplemental “long form” for certain applicants for U.S. passports, adding questions such as your mother’s address one year prior to your birth, the dates of each of your mother’s pre-natal medical appointments, a complete list of everyone who was in the room when you were born, and whether (and if so in what circumstances) you were circumcised.

We filed a FOIA request in April 2011 with the State Department to find out how long this and similar unapproved forms had been in use, how many passport applicants had been singled out for this second-class treatment, and how they were selected.

In July of 2011, we filed another FOIA request to find out what had happened to our unanswered complaints of human rights violations by the State Department, including those related to passport issuance and requirements.

Read More