Archive for the ‘Secret Law’ Category

Inspector General: TSA uses secrecy to avoid embarrassment

Friday, January 20th, 2017

A report on the security of TSA operational IT and communications systems released last month by the DHS Office of the Inspector General (OIG) is prefaced with a scathing critique of the redactions demanded by the TSA in the censored public version of the report.

The OIG report found a pervasive lack of basic security measures and consciousness at TSA airport facilities: doors propped open or with locks taped off, unmonitored entrances, lack of logs of physical access to communication nodes and servers, lack of redundancy, etc.

But the TSA tried to keep the OIG from reporting on even those problems that at already been publicly reported, after TSA review and permission, in earlier OIG reports or other pages of the same report. The real point of the TSA’s censorship is not security but avoidance of public and Congressional debate and oversight.

Here’s what the DHS’s own internal auditor reported:

I must lodge an objection regarding the way that TSA has handled information in the report it considered Sensitive Security Information (SSI). Specifically, we issued the draft report, Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports, to the Department on September 16, 2016.

[W]e asked for agency comments, including a sensitivity review, within 30 days of receipt of the draft. On October 7, 2016, the Chief of the SSI Program provided the results of its sensitivity review, marking as SSI various passages in the report. The redactions are unjustifiable and redact information that had been publicly disclosed in previous Office of Inspector General (OIG) reports. I am challenging TSA’s proposed redactions to our summary report….

I can only conclude that TSA is abusing its stewardship of the SSI program. None of these redactions will make us safer and simply highlight the inconsistent and arbitrary nature of decisions that TSA makes regarding SSI information. This episode is more evidence that TSA cannot be trusted to administer the program in a reasonable manner.

This problem is well-documented. In addition to my previous objection to the handling of one of our reports, the House Committee on Oversight and Government Reform in 2014 issued a bipartisan staff report finding that TSA had engaged in a pattern of improperly designating certain information as SSI in order to avoid its public release because of agency embarrassment and hostility to Congressional oversight.

(more…)

IDP comments on TSA proposal to require ID to fly

Monday, January 9th, 2017

Today the Identity Project and the Cyber Privacy Project filed comments with the Transportation Security Administration opposing a stealthy TSA proposal to start requiring ID to fly.

The TSA has long harassed people who try to fly without being required to show their “Papers, Please!” at TSA checkpoints.

But the TSA’s official position in court has always been that ID is not required to fly: “You don’t have to show ID to fly. You can fly without ID. We have a procedure for that.”

You can fly without ID, if you (1) fill out and sign the obscure TSA Form 415, (2) satisfy the TSA with your answers to a bunch of questions about what’s the file about you obtained by the TSA from the commercial data broker Accurint, and (3) submit to more intrusive than standard search (“secondary screening”) as a “selectee”.

That’s the way it is, and that’s the way it’s been for years.

Now, as we reported in November of last year, the TSA is contemplating a new pattern and practice of preventing anyone from passing through a TSA checkpoint or getting on an airline flight unless either  they have ID the TSA deems acceptable, or they reside in a state that the TSA deems sufficiently compliant with the REAL-ID Act.

(more…)

The rhetoric and reality of counterterrorism

Thursday, December 8th, 2016

Remarks by President Barack Obama on the Administration’s Approach to Counterterrorism, MacDill Air Force Base, Tampa, Florida, December 6, 2016:

Let my final words to you as your Commander-in-Chief be a reminder of what it is that you’re fighting for, what it is that we are fighting for…

The United States of America is not a place where some citizens have to withstand greater scrutiny, or carry a special ID card, or prove that they’re not an enemy from within. We’re a country that has bled and struggled and sacrificed against that kind of discrimination and arbitrary rule, here in our own country and around the world.

We’re a nation that believes freedom can never be taken for granted and that each of us has a responsibility to sustain it…. We are a nation that stands for the rule of law.

That sounds great in theory. But in practice?

  • Some citizens do have to withstand greater scrutiny.  That’s the whole point of the pre-crime profiling that the Obama Administration has called “risk-based security” and that President-Elect Trump has called “extreme vetting”.
  • Under the REAL-ID Act and the TSA’s latest proposal, some citizens — those who want to exercise our right to freedom of movement and to air travel by common carrier — will have to carry a special “REAL-ID Act compliant” ID card and have our personal information added to a national ID database maintained by a private contractor that isn’t subject to government rules for transparency or accountability.
  • The DHS has held itself above the law, arguing that its actions should not be subject to judicial review and that it needs to be allowed to act secretly and unpredictably (i.e arbitrarily) in order not to reveal “rules” that would help terrorists “game” the system — as if asserting one’s legal rights was tantamount to terrorism.

We’ll be watching closely to see whether the gap between the rhetoric and reality of profiling, discrimination, rights, and rule of law widens or narrows under President-Elect Trump and his nominee for Secretary of Homeland Security, retired Marine Gen. John F. Kelly.

In the meantime, we’ll keep doing our part, as we encourage our readers to do theirs, to act on the President’s statement that “freedom can never be taken for granted and that each of us has a responsibility to sustain it.”

What does Donald Trump’s election mean for our work?

Friday, November 18th, 2016

We endorsed neither Hillary Clinton, Donald Trump, nor any other candidate for elected office. So what does the presumptive election of Donald Trump as President of the U.S. — when the electors cast their ballots on December 19, 2016, and the votes are counted on January 6, 2017 — mean for the work of the Identity Project?

First and foremost, it means that our work, and the need for it, will continue — as it has under previous administrations, both Democratic and Republican.

Human and Constitutional rights are, by definition, no more dependent on the party affiliation of the President, if any, than on our own. Freedom is universal. Our defense of the right of the people to move freely in and out of the U.S. and within the country, and to go about our business, without having our movements tracked and our activities logged or having to show our papers or explain ourselves to government agents, has been and will remain entirely nonpartisan.

We will continue to criticize those who restrict our freedoms and infringe our rights, regardless of their party, just as we have criticized the actions of both the Obama and Bush administrations and of members of Congress and other officials of both parties, many of whom remain in power despite the changes at the top.

Attacks on our liberty have been, and remain, just as bipartisan as our resistance to them. This is especially true of the imperial power which the Presidency has been allowed to accrue, and which is exercised through Presidential proclamations, executive orders, and the secret law (or, to be more accurate, lawlessness) of Federal agency “discretion”. Those who acquiesced in the expansion of Presidential power and executive privilege because they thought that it would be used to their benefit by a President of their own party have only themselves to blame if that power is later used against them by a new President of a different party, or without allegiance to a traditional party hierarchy.

Many of the most imminent ID-related threats are those that arise from existing laws or extrajudicial administrative practices, the limits of which — in the absence of legislative or judicial oversight and checks and balances — are set solely by executive order. Where President Trump can make changes to ratchet up repression, to register and track both U.S. and foreign citizens, and to monitor and control our movements within the country and across borders, with the stroke of a pen, we don’t expect that he will hesitate to wield the power he has inherited to govern by issuing public decrees or by giving secret orders to his minions.

In some of these cases, Federal officials and the homeland-security industrial complex of contractors, confident that the incoming occupant of the White House will bless their efforts to anticipate has desires, may take action even before they are ordered to do so. This seems especially likely, in our area of concern, with respect to (1) the DHS implementation schedule and requirements for the REAL-ID Act,  (2) the TSA’s longstanding desire to enforce and eliminate exceptions to a de facto ID requirement for air travel that lacks any basis in statute and contravenes the U.S. Constitution and international law, and (3) expanded use of ID and surveillance-based pre-crime profiling (President-to-be Trump calls it “extreme vetting”) as the basis for control of movement, especially across borders.

We will be watching closely and reporting on signs of activity on all these fronts, some of which are already visible.

Now more than ever, we need your support — not just helping us to defend your rights, but asserting your rights and taking direct action to defend them yourselves. “The limits of tyrants are prescribed by the endurance of those whom they oppress.”

We invite you to join us in our continued resistance to all lawless attacks from any and all sides on our Constitution, our freedom, and our human rights.

An apology from the State Department

Friday, August 19th, 2016

We got a pleasant surprise this week: a phone call from Eric F. Stein, the head of the State Department’s FOIA-processing office.

Mr. Stein’s name and signature appeared on a bizarre letter we received last month, telling us that one of the unanswered Freedom Of Information Act requests we’d been bugging the State Department about for the last five years would be “dismissed” if we didn’t respond immediately to say that we were “still interested” in the records we had requested.  To make it harder to respond, there was no phone number or e-mail address in the letter.

“I want to apologize to you directly for that letter,” Mr. Stein said. “I’m sorry we sent you that letter. It was sent by somebody who had the authority to use my signature, but we should never have sent it to you. I’m still trying to find out why it was sent. Somebody is supposed to look at the file before they send out one of these letters. You laid it out very clearly in your letter, and you’re right: Nobody could have looked at that file, and everything you had done to follow up on your request, and thought that you weren’t interested in a response any more. I’ve just had an all-hands meeting of my department and told my staff not to send out any more ‘still interested’ letters until we can be sure that we are following the procedures we said we would follow.”

(more…)

Yes, we still want the State Department to answer our 5-year-old FOIA requests

Thursday, August 11th, 2016

In the latest episode of the FOIA follies, we recently received a bizarre letter letter from the U.S. State Department asking us whether we are “still interested” in receiving a response to one of several of our requests for State Department records that have each gone unanswered for more than five years.

The Department of Homeland Security is the leader in improper denial of FOIA requests and wrongful withholding and redaction of records, and has the largest backlog of unanswered requests. The State Department typically practices a different strategy of denial by delay, and has most of the oldest unanswered requests of any Federal department. A five-year wait for an answer from the State Department to a simple FOIA request is routine, although clearly illegal.

The latest letter we got from the State Department threatens to “close” one of our cases and take no further action on our request — in flagrant violation of the FOIA statute — unless we respond by fax (who still has a fax machine these days?) or snail-mail to confirm our continued interest in having the State Department fulfill its legal obligation to provide us with the records we’ve requested, including those about what happened to our complaints of human rights violations and the supplemental “long form” some passport applicants are asked to fill out, among other issues.

We’ve written back to the State Department (by snail-mail, since their letter included no phone number or email address) to tell them that yes, we really do want them to release the records we asked for five years ago — as they should know, since we already formally appealed their failure to answer our request within the time limit set by the law. (In response, they said they wouldn’t accept any administrative appeal until they answered our original request, making it impossible to challenge an illegal delay without filing a Federal lawsuit.) We’ve been making formal written requests at least annually since then for updates on the status of our requests and when the State Department estimates it will answer. (Each year, they set their estimated response dates back another year.) In the meantime, we made additional FOIA requests to the State Department on other subjects  in 2014 and 2015. We have yet to actually get an answer from the State Department to any of our FOIA requests, regardless of how long ago we made them.

The Freedom Of Information Act does not require periodic expressions of continued interest in receiving late responses. But even though it isn’t required, we have provided repeated, explicit written expressions of continued interest in each of our requests.  It would make no sense to allow a government agency to use the fact that it hasn’t responded to a request for government records within the legal deadline as an excuse never to respond at all.

In response to complaints from numerous advocates for government transparency, both the Department of Justice (OIP) and the FOIA ombudsman’s office (OGIS) of the National Archives and Records Administration have recently issued guidelines for the use of “still interested?” letters, if they are used at all.  In May 2016, OGIS wrote to the State Department urge it to  implement the OGIS recommendations regarding “still interested?” letters to FOIA requesters.

The State Department’s Chief FOIA Officer has claimed, both in her most recent annual report in March 2016 and in her response to OGIS in May 2016, that “we can assure you that DOJ guidance and OGIS recommendations are being thoroughly followed”.  As we discuss in our reply to the State Department , which we have also sent to OGIS, the “still interested?” letter we received makes clear that this isn’t true.

“Freedom of information” means nothing if government agencies can, with impunity, ignore the law. A government agency’s own delay in complying with the law shouldn’t be an excuse never to comply at all.

Watchlist Soup

Wednesday, July 6th, 2016

nofly-nogun

Congress  is again debating the proposals we wrote about last year to deny firearms licenses or permits to anyone “suspected of supporting” terrorism.

We stand by our earlier analysis and our condemnation of this proposal as (1) another step from sanctions against criminal conduct to pre-crime predictive policing, and (2) an expansion of the collateral consequences of secret, unconstitutional, extra-judicial, administrative blacklisting decisions.

But there seems to be a lot of confusion about what is really being proposed. This diagram shows what is already happening with the “No-Fly” and “No-Gun” lists, and what it would mean to merge them.

The proposed “No-Fly, No Buy” law currently under debate in Congress would add the TSDB as a third source (yellow arrow at center right of flow chart) of entries in “No-Gun” list in NCIC, in addition to Federal and state felony convictions and certain misdemeanor crimes of domestic violence. Everything else on this diagram except the one yellow line already exists and would remain the same.

Click the image above for a larger version, or click here for a full-page PDF of the flow chart with a key to all the acronyms.

How does the TSA decide if you are who you say you are?

Thursday, June 9th, 2016

An ongoing trickle of still-incomplete responses by the TSA to a Freedom Of Information Act (FOIA) request we made in June 2013 continues to shed more light on the TSA’s procedures for air travelers who don’t have ID credentials the TSA deems satisfactory.

It’s difficult to compile statistics from files in the image format in which the TSA has released them, but we can make some anecdotal observations about what happens to people who try to fly without “acceptable” ID. (more…)

Class action challenges Federal blacklists (“watchlists”)

Tuesday, April 5th, 2016

The broadest and most fundamental legal challenge to the waging of the US “War on Terror” through standardless, secret, extra-judicial government blacklists was filed today in the Federal court for the district in Virginia where the National Counterterrorism Center (NCTC), Terrorist Screening Center (TSC), and Transportation Security Administration (TSA) are headquartered. (Video backgrounder and interviews with plaintiffs and attorneys; more video interviews; PACER links)

Both an individual complaint (Elhady et al. v. Piehota at al.) and a class action complaint (Baby Doe et al. v. Piehota et al.) were filed. Presumably, that is so that  that the individual complaint for injunctive and declaratory relief could go forward even if class action certification  is denied, while the class action lawsuit could go forward even if the named plaintiffs are delisted. (An earlier, similar lawsuit was dismissed as moot after the plaintiffs were told they were no longer on blacklists.) Almost all of the individual complaint is repeated in the class action complaint, so if you are going to read just one, read the class action complaint which includes additional plaintiffs and their stories.

The case takes its name from the first of the listed representatives of the class of people on US government blacklists (“watchlists”):

Plaintiff Baby Doe is a four year old toddler.

He was seven months old when his boarding pass was first stamped with the “SSSS” designation, indicating that he had been designated at a “known or suspected terrorist.”

While passing through airport security, he was subjected to extensive searches,  pat downs and chemical testing.

Every item in his mother’s baby bag was searched, including every one of his diapers.

Let’s get one thing straight from the start: as we’ve noted before, calling the “Terrorist Screening Database” (TSDB) and similar lists “watchlists” is at best misleading euphemism, and at worst Orwellian doublespeak.

The government uses the term “watchlist” to avoid the stigma deservedly associated with the label “blacklist”, with its connotations of McCarthyism and J. Edgar Hooverism. A “watchlist” suggests a list of people who are being watched, a component of a system of surveillance or investigation. “Watchlisting” might, one presumes, lead to eventual intervention such as the criminal prosecution or an application to a court for a restraining order or injunction. But inclusion on the TSDB occurs after, not before, a decision to intervene is (secretly) made, and the consequences of listing in the TSDB are not limited to mere passive surveillance or watching. Each listing on the TSDB includes a “handling code” which determines what happens to the people who are deemed (typically by automated pattern-matching algorithms) to match the listing.

As the litany of horror stories in the complaint in Baby Doe v. Piehota makes clear, and as we’ve seen in previous incidents, being “watchlisted” can trigger  consequences ranging from denial of transportation by common carriers to freezing of bank accounts, inability to rent an apartment, or inability to get or keep a job, even with a private non-governmental employer.  As when a jury must decide which of a progression of more and less serious offenses to convict a defendant of, without knowing what sentences are mandated for any of those offenses, it’s not clear whether the Federal administrative staff in the secret rooms reviewing the secret dossiers of derogatory information and deciding which secret lists to put people on, or which secret “action codes” to assign them, even know what the full panoply of collateral consequences of their decisions will be.

The US government doesn’t have to issue binding orders to convert “watchlisting” into de facto blacklisting. As the complaint filed today points out, “Defendants disseminated the the records pertaining to Plaintiffs from its terrorist watch list to foreign governments with the purpose and hope that those foreign governments will constrain the movement of the Plaintiffs in some manner.” We saw one of the ways that can work during the trial of Dr. Rahinah Ibrahim’s challenge to her placement on the no-fly list.  The US government successfully used a “POSSIBLE NO BOARD REQUEST” message to induce a foreign airline to refuse to transport Dr. Ibrahim’s daughter, a US citizen, even though the US claimed that she was merely on a “watchlist” and not on the no-fly list.

It’s time to to reject the government’s “watchlist” doublespeak, and start calling the TSDB what it is: a government blacklist.

The first of the named defendants, Christopher Piehota, is the Director of the Terrorist Screening Center (TSC), an inter-agency entity responsible for the TSDB and nominally under the control of the FBI.

Most of the previous attempts to challenge actions taken against individuals as a result of their being listed in the TSDB have foundered on an elaborate shell game of buck-passing between businesses and government agencies. Airlines that refuse to transport blacklisted people (or those with similar names) say that they are only following (secret) orders from the government. Normal judicial review of actions by the TSA and CBP, the components of the DHS that issue no-fly orders (or refuse to issue permission for boarding pass issuance — the default is now “No,” not “Yes”) is precluded by a special law, 49 U.S.C. § 46110. No trials are allowed, and appellate courts are allowed to review these decisions only on the basis of the “administrative record” created by the DHS itself, which will show only that the DHS action was based on “watchlist” status as determined by the TSC, and not the basis (if any) for the FBI’s “watchlisting” decision.

The only previous cases in which District Courts have been able to consider no-fly decisions, and the only trial in a no-fly lawsuit, have been when the FBI, and not just the DHS or DHS components, has been named as a defendant. Today’s cases follow in that line, challenging the blacklisting decisions by the FBI.

To head off lawsuits of exactly this sort, the government has recently shifted nominal final authority over no-fly decisions from the FBI to the TSA. In theory, the government claims, the TSA could now decline to issue a no-fly order, even after the FBI has put someone on the no-fly list. It’s unclear, however, whether this has ever happened, or in what circumstances or on what basis it might happen. The possibility seems remote: Even the FBI, in practice, acts as a rubber-stamp for the decisions of FBI and DHS agents who make effectively final blacklisting decisions when they “nominate” people for listing in the TSDB. According to today’s complaint, 98.96% of the 468,749 people “nominated” for Federal “watchlists” in 2013 were added to those lists by the TSC.

The plaintiffs in the lawsuits filed today are represented by Gadeir Abbas, Lena Masri, and co-counsel from the Council on American-Islamic Relations, who have been leading the legal campaign against US government blacklisting, harassment, and interference with the rights and freedoms of Muslim and other Americans.

Why the Judicial Redress Act is worthless

Thursday, February 25th, 2016

Yesterday President Obama signed the Judicial Redress Act into law.  European Union Commissioner for Justice Věra Jourová described the new law as, “a historic achievement [that] will ensure that all EU citizens have the right to enforce data protection rights in U.S. courts…. The entry into force of the Judicial Redress Act will pave the way for the signature of the EU-U.S. Data Protection Umbrella Agreement.”

Is the Judicial Redress Act really so historic? And will it actually “ensure that all EU citizens have the right to enforce data protection rights in U.S. courts”?

Sadly, no.

Europeans should not be fooled by statements such as those from Commissioner Jourová or her counterparts in other EU institutions. As we know from our own experience in court as US citizens, there are almost no real-world cases in which the Judicial Redress Act will provide any actual protection or enforceable legal rights to citizens or residents of the EU, or anywhere else.

The Judicial Redress Act gives some foreign citizens some of the rights that US citizens currently have, with respect to some of the uses and misuses by the US government of their personal information.  But in no case will any foreigner have more rights under the Judicial Redress Act than US citizens have under the Privacy Act.

Serious scrutiny of the terms of the Privacy Act, and of the history of attempts by US citizens to use the Privacy Act to protect themselves against misuse of our personal information by the US government, has been largely absent from the debate about the Judicial Redress Act. But from our experience as parties to one of the key lawsuits attempting to assert Privacy Act claims by US citizens in relation to one of the most controversial categories of personal information being transferred from the EU to the US — passenger name records (PNRs) for international airline flights — we have learned an important lesson that Europeans need to know: the Privacy Act is so limited and riddled with exceptions that it is almost worthless. It is because the Privacy Act is useless, not because the US government follows fair personal information practices in its dragnet surveillance, that there are so few examples of successful litigation against the US government by US citizens under the Privacy Act.

All of the limitations and exceptions that always rendered the “protection” of the Privacy Act inadequate — even for US citizens — will continue to render the protection of the Judicial Redress Act inadequate for foreigners, in all of the same ways, and in additional ones.

What are these exceptions and limitations? In order to make sense out of the Judicial Redress Act, it’s essential to understand the exemptions in the Privacy Act, as courts have interpreted them.

Federal agencies can exempt themselves from almost all of the requirements of the Privacy Act with respect to “investigatory material compiled for law enforcement purposes,” a catch-all category that has been applied to records of dragnet surveillance and other information compiled and used for “pre-crime” profiling, even when the data subjects have never been accused or suspected of any crime. All an agency has to do to opt-out is to publish a notice in the Federal Register that a particular system of records has been declared exempt by the agency that maintains the records. An agency can wait to promulgate such a notice until after it receives a request for access to records, a request for an accounting of disclosures, or a request for correction of records.

(more…)