Sep 01 2020

TSA tries out another (illegal) biometric “ID verification” system

Today the Transportation Security Administration (TSA) announced that it has launched a “pilot” at Washington National Airport (DCA) of yet another scheme for biometric identification and tracking of domestic air travelers.

[Screen capture from TSA video]

The new “touchless ID verification” stations at DCA include a webcam (at top center of photo above) a magnetic-stripe reader (lower left) for drivers licenses and other ID cards, and a photographic scanner for passports (lower right).

Travelers who volunteer to use the new system are directed to insert their drivers license, ID card, or passport into the appropriate reader, stand on a marked spot in front of the webcam, and remove their face mask, so that the image from the ID (or, more likely, from some back-end image database linked to the ID, although that hasn’t been disclosed) and the image from the webcam can be compared by some undisclosed algorithm.

[Traveler being directed by TSA staff to remove her face mask for digital mug shot.]

As we’ve noted previously, it appears to us that (1) the TSA has no general authority to require travelers to show their faces or remove face masks, and (2) in many jurisdictions, orders issued by state or local health authorities currently require all people in public places such as airports to wear masks.

The TSA describes this system as “touchless”. But while TSA staff don’t have to touch travelers’ IDs, each traveler has to touch the same ID card or passport scanner. Then, immediately after touching the scanner, they have to touch their face again to put their mask back on.

Read More

Jul 28 2020

Senate bill would exempt REAL-ID from due process and oversight

Rather than responding to our comments on the latest proposal by the Department of Homeland Security to require ID for airline travel, the DHS has quietly gone to Congress to try to get the law changed so that it doesn’t have to answer us, and to preclude potential litigation to challenge an ID requirement or defend people who try to fly without ID.

A bill introduced earlier this month in the Senate, and already approved in commitee, would exempt the implementation and administration of the REAL-ID Act from normal administrative requirements for due process in rulemaking and oversight and transparency in demands by Federal agencies for information.

Included in S. 4133, both as introduced and as amended and reported by the commiteee, are provisions that would allow the Secretary of Homeland Security, at his or her “discretion”, to issue regulations and administer the REAL-ID Act without regard for the Paperwork Reduction Act (PRA) or the notice-and-comment requirements of the Administrative Procedure Act (APA).

As of now, no comparable bill has been introduced in the House. (Several bills to amend the REAL ID Act are pending in the House, but none of them contain PRA or APA exemptions.) It’s unclear what effect these provisions would have if enacted. All Federal agencies are, of course, still subject to Constitutional requirements for due process. But these provisions of S. 4133  appear to be a direct response to the objections we raised in May 2020 to the latest DHS proposal to impose an ID requirement for airline travel without complying with the PRA or the APA.

Read More

Jun 08 2020

TSA to take mug shots of domestic air travelers

The Transportation Security Administration (TSA) has officially although quietly announced that, as it has planned for years, its deployment of mug-shot machines at airport checkpoints will move from pilot projects to the new normal for domestic air travelers.

According to a Privacy Impact Assessment (PIA) released last week, the TSA plans to integrate facial recognition into the Secure Flight profiling, scoring, and control system used by the TSA and other linked agencies to decide who is, and who is not, “allowed” to pass through TSA checkpoints to exercise their right to travel by airline common carrier.

Cameras to photograph would-be travelers’ faces will be added to each of the stations at airport checkpoints where TSA employees and contractors currently scan would-be passengers’ travel documents (boarding passes and, if they present ID, ID documents).

Read More

May 11 2020

Will courts finally make the TSA comply with FOIA?

The tenor of questioning by the judge in a Federal court hearing last week raises hope that the Transportation Security Administration (TSA) might soon be ordered to correct some of its longest standing and most systemic violations of the Freedom Of Information Act (FOIA).

It’s no exaggeration to say that, from its creation in November 2001, the TSA has acted with complete contempt for the FOIA law and the requirements that law imposes on the TSA and all other Federal agencies. Time after time, TSA failure to comply with FOIA has delayed, complicated, or completely frustrated our research and reporting on TSA policies and procedures, and has deprived the public of the opportunity for informed scrutiny and comment on what the TSA is doing, why, and with what effects on our rights.

One chronic problem is the way the TSA responds to FOIA requests for digital records.

Provisions of the FOIA statute that went into effect as part of the Electronic FOIA Amendments Act of 1996 —  years before the TSA came into existence — require that:

5 USC § 552(a)(3)(B)  — In making any record available to a person under this paragraph, an agency shall provide the record in any form or format requested by the person if the record is readily reproducible by the agency in that form or format. Each agency shall make reasonable efforts to maintain its records in forms or formats that are reproducible for purposes of this section.

When it set up its FOIA office and procured software for responding to FOIA requests, the TSA completely ignored this provision of FOIA. In a display of either gross incompetence or gross bad faith, the TSA and its parent the Department of Homeland Security (DHS) appear to have entirely omitted this legal requirement for production of records in any form and format in which they are readily reproducible from their procurement specifications and criteria for evaluation of proposals. Instead, the DHS and TSA standardized on the use of cloud-based FOIAXpress software that is designed to munge all records by converting them to rasterized images embedded in PDF files, regardless of the original file format.

There’s lots of other software that was, and is, capable of redacting files in native formats. But it’s impossible for any Federal agency to fulfill its FOIA obligations with respect to the form and format of production of records by using FOIAXpress. FOIAXpress should have been summarily eliminated from consideration for any Federal agency contracts as not capable of satisfying the EFOIA requirements. No Federal agency should ever have used it.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More

Oct 22 2019

9th Circuit upholds “no-fly” procedures & criteria

A 3-judge panel of the 9th Circuit Court of Appeals has upheld the government’s procedures and criteria for issuing “no-fly” orders against a complaint that the criteria (which are essentially “pre-crime” criteria based on predictions of future bad actions) are too vague to provide fair notice of what actions might lead to a “no-fly” order, and that the procedures do not provide the degree of procedural due process (notice of the accusations, an opportunity to see the evidence and cross-examine witnesses, etc.) required by the Constitution.

While the 9th Circuit panel left open the possibility of a challenge to the substantive grounds for a specific no-fly order, it upheld the government’s effort, in mid-litigation, to change the procedures for no-fly orders to keep challenges to no-fly orders out of U.S. District Courts and preclude any trial or adversarial or judicial fact-finding in such cases.

The 9th Circuit panel found that no-fly orders issued by the TSA under the current revised procedures are excluded from the jurisdiction of U.S. District Courts. TSA no-fly orders can be “reviewed” by a Circuit Court of Appeals only on the basis of a self-serving “administrative record” created by the TSA, and on the basis of a deferential standard that presumes the validity of the TSA’s fact-finding. The 9th Circuit panel did not address the Constitutionality of the applicable jurisdiction-stripping law, 49 U.S.C. § 46110, which is currently being challenged in the 1st Circuit in Sai v. Pekoske (originally Sai v. Neffenger).

The decision announced yesterday in Kashem v. Barr may be the worst appellate court decision against freedom of travel since the 2006 decision by the 9th Circuit Court in Gilmore v. Gonzales.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More

Sep 04 2019

US government blacklisting system is unconstitutional

In an opinion issued late today in Alexandria, VA, US District Court Judge Anthony Trenga has upheld the complaint by 23 victims of US government blacklisting that the system pursuant to which the government has designated them as “suspected terrorists” on the basis of secret algorithms applied to secret datasets, without notice or an opportunity to contest any allegedly “derogatory”  information, does not provide those who are stigmatized, and whose stigmatized status is broadcast to tens of thousands of law enforcement and other government agencies and private entities around the world, with the procedural due process required by the US Constitution.

This decision is one of the most fundamental victories for the rule of law since 9/11.

According to today’s opinion, it is undisputed that the DHS and FBI define anyone who has been arrested or charged with an offense related to terrorism as a “known” terrorist, even if they have been acquitted of that charge.  In other words, the DHS and FBI think that what is “known” is what they believe, not what judges or juries have found the facts to be. That presumption that by definition their secret judgements are more reliable than judicial fact-finding pretty much sums up why this decision is correct, why it is so important, and why it should be upheld if, as seems a near certainty, the government appeals.

None of the plaintiffs have even been arrested, much less convicted, for any criminal offense, terrorist or otherwise. The plaintiffs include, among others, several infants whom the government has apparently blacklisted as “suspected terrorists”. But even though the government will neither confirm nor deny that anyone is or is not, or has or has not been, included in the “Terrorist Screening Database” (TSDB), the court found that the plaintiffs have demonstrated sufficient basis for their belief that they have been blacklisted.

The government calls this database and decsion-making system a “watchlist”, but it is really a blacklist intended and used to determine adverse consequences for individuals.

The “No-Fly List” is only a subset of the TSDB, and not being allowed to fly is only a subset of the consequences of blacklisting detailed in the plaintiffs’ submissions to the court and the government’s admissions during discovery and depositions. The TSDB is used as the basis for a plethora of decisions, as the plaintiffs have experienced, from whether to have them arrested at gunpoint when they try to cross land borders  to whether to interrogate them for hours about their religious beliefs, seize their electronic devices for copying and forensic analysis of the data stored on them, deny them public or private-sector jobs, or close their bank accounts and deny them other fincial services.

The government’s use of secret criteria, secret datasets, and guilt by association as the basis for secret decisions — communicated to tens of thousands of other decision-makers, but not to those who have been blacklisted —  resembles the worst of McCarthyism, just with “terrorist sympathizer” or (literal) “fellow traveler” substituted for “Communist  sympathizer” or (ideological) “fellow traveler”.

Read More

Aug 05 2019

Questions about the REAL-ID Act

Fragmentary and jumbled records related to the REAL-ID Act of 2005 released by the US Department of Homeland Security in response to one of our Freedom Of Information Act (FOIA) requests don’t reveal much about DHS policy, but do provide a glimpse of DHS practices and plans.

The DHS has been threatening to harass, interfere with, or bar access to facilities or passage through checkpoints (including, but not limited to, those at airports) to people who don’t have, don’t carry, or don’t show ID; show ID that the DHS doesn’t deem compliant with the REAL-ID Act; or show ID issued by states or territories that the DHS deems insufficiently compliant with the REAl_ID Act.

These threats to deny equal rights to residents of noncompliant states and territories have been central to the DHS campaign to extort compliance from state and territorial officials reluctant to upload their residents’ data to an outsourced, privately-held national ID database.

But what sort of enforcement problem, at what scale, is this likely to pose for the DHS and those collaborators carrying out its REAL-ID directives? How many people will be affected, at what sorts of facilities and locations, in what circumstances?  Inquiring minds want to know, including opponents of the REAL-ID Act like ourselves, but also including officials at DHS headquarters trying to devise a workable REAL-ID enforcement plan.

Read More

Jul 25 2019

Can you “opt out” of TSA groping or virtual strip-searches?

Two recent decisions — one an administrative decision by the TSA,  and the other a judicial decision by the 11th Circuit Court of Appeals —  have dealt with, but failed to resolve, the question of whether, in the face of unpredictable demands for more intrusive searches, an airline passenger can “opt out” if they decide they would rather abandon their attempt to board a flight than submit to whatever search TSA or contractor checkpoint staff demand.

The TSA has withdrawn its proposed administrative fine against Jonathan Cobb, a passenger who, when selected for a pat-down (manual groping of his body, including his genitals, by which he had previously been traumatized), chose to abandon his attempt to fly and left the airport. That’s good, but sets no legally binding precedent.

Meanwhile, the 11th Circuit Court of Appeals has dismissed a petition filed by Jonathan Corbett seeking judicial review of the TSA’s policy of requiring selected passengers to submit to imaging of their bodies by virtual strip-search machines. That’s bad, but at least the decision was based solely on whether Mr. Corbett could expect to be selected for this sort of search, and left undecided whether these searches are Constitutional.

These decisions leave the law unclear in practice — even if the Constitution seems clear — as to whether or when an airline passenger can opt out of which sorts of searches.

How far can the TSA and its contractors legally go? How can tell if they are going too far? And when, if ever, can you “opt out” or say no to an escalated search?

Read More