Nov 06 2020

Canada copies US “Secure Flight” air travel controls

While we were watching US election returns, our neighbors to the north were adopting new travel regulations that incorporate some of the worst aspects of the US system of surveillance and control of air travel, and in some respects go even further in the wrong direction.

Canadian authorities don’t generally want to be seen as imitating the US or capitulating to US pressure. There was no mention in the official analysis of the latest amendments to the Canadian regulations of the US models on which they are based. But according to the press release this week from Public Safety Canada, the latest version of the Canadian Secure Air Travel Regulations  which came into force this week for domestic flights within Canada as well as international flights to or from Canada include the following elements, each of which appears to be based on the US Secure Flight system:

  1. All air travelers will be required to show government-issued photo ID. The Canadian ID requirement to fly is now explicit, unlike the de facto ID requirement that the US Department of Homeland Security is attempting to impose and already wrongly enforcing, in some cases, without statutory or regulatory authority. The Canadian rules appear to reflect the authority to deny passage to air travelers without ID that the DHS has sought, but has not yet been granted, in the US.
  2. Fly/no-fly decision-making will be transferred from airlines (making binary fly/no-fly decisions on the basis of a no-fly list provided by the government) to a government agency. After receiving information about each passenger from the airline, Public Safety Canada will transmit a permission messages to the airline with respect to each would-be passenger on each flight,  with a default of “not permitted to board” if no message is received by the airline from the government. Exactly this change was made in the US through the Secure Flight regulations promulgated in 2008. This change serves two purposes for the government: (A) it provides a basis for building positive real-time government control over boarding pass issuance into airline IT infrastructure, converting every airline check-in kiosk or boarding-pass app into a virtual government checkpoint that can be used to control movement on any basis and for any reason that the government later chooses, and (B) it enables the switch from blacklist-based no-fly decision-making to more complex and opaque real-time algorithmic pre-crime profiling  based on a  larger number of factors.
  3. Air travelers in Canada will be required to provide the airline  with their full name, gender, and date of birth, as listed on government-issued ID, and airlines will be required to enter this data in each reservation and transmit it to the government 72 hours before the flight or as soon as the reservation is made, whichever comes first. All of this is exactly as has bene required for flights within the US since the coming into force of the DHS Secure Flight regulations. This additional information about each passenger enables the government to match passengers’ identities, in advance, to other commercial and government databases, and thus to incorporate a much wider range of surveillance and data mining into its profiling algorithms.
  4. Travelers will be able to apply to the government for a “Canadian Travel Number” which, if issued, they can enter in their reservations to distinguish themselves as whitelisted people from blacklisted people with similar names and/or other similar personal data.  This Canadian Travel Number is obviously modeled on the “redress number” incorporated in the US Secure Flight system. The goal of this “whitelist number” is to reduce the complaints and political embarrassment of the recurring incidents of innocent people with similar names, including  children, being mistakenly identified as blacklisted people, and denied boarding on Canadian flights. The problem, of course, is that this does nothing to help the innocent people who are correctly identified as having been blacklisted by the government, but who were wrongly blacklisted in the first place.

As our Canadian friends at the  International Civil Liberities Monitoring Group put it in a statement this week:

These regulations do not address the central, foundational problems that plague Canada’s No Fly List system and will continue to result in the undermining of individuals’ rights as they travel….

The Canadian government had a solution from the beginning, and they still do: abolish the No Fly List. If someone is a threat to airline travel or to those in the region they are traveling to, charge them under the criminal code and take them to court where they can defend themselves, in public.

It’s time to be done with secret security lists once and for all.

Sep 01 2020

TSA tries out another (illegal) biometric “ID verification” system

Today the Transportation Security Administration (TSA) announced that it has launched a “pilot” at Washington National Airport (DCA) of yet another scheme for biometric identification and tracking of domestic air travelers.

[Screen capture from TSA video]

The new “touchless ID verification” stations at DCA include a webcam (at top center of photo above) a magnetic-stripe reader (lower left) for drivers licenses and other ID cards, and a photographic scanner for passports (lower right).

Travelers who volunteer to use the new system are directed to insert their drivers license, ID card, or passport into the appropriate reader, stand on a marked spot in front of the webcam, and remove their face mask, so that the image from the ID (or, more likely, from some back-end image database linked to the ID, although that hasn’t been disclosed) and the image from the webcam can be compared by some undisclosed algorithm.

[Traveler being directed by TSA staff to remove her face mask for digital mug shot.]

As we’ve noted previously, it appears to us that (1) the TSA has no general authority to require travelers to show their faces or remove face masks, and (2) in many jurisdictions, orders issued by state or local health authorities currently require all people in public places such as airports to wear masks.

The TSA describes this system as “touchless”. But while TSA staff don’t have to touch travelers’ IDs, each traveler has to touch the same ID card or passport scanner. Then, immediately after touching the scanner, they have to touch their face again to put their mask back on.

Read More

Jul 28 2020

Senate bill would exempt REAL-ID from due process and oversight

Rather than responding to our comments on the latest proposal by the Department of Homeland Security to require ID for airline travel, the DHS has quietly gone to Congress to try to get the law changed so that it doesn’t have to answer us, and to preclude potential litigation to challenge an ID requirement or defend people who try to fly without ID.

A bill introduced earlier this month in the Senate, and already approved in commitee, would exempt the implementation and administration of the REAL-ID Act from normal administrative requirements for due process in rulemaking and oversight and transparency in demands by Federal agencies for information.

Included in S. 4133, both as introduced and as amended and reported by the commiteee, are provisions that would allow the Secretary of Homeland Security, at his or her “discretion”, to issue regulations and administer the REAL-ID Act without regard for the Paperwork Reduction Act (PRA) or the notice-and-comment requirements of the Administrative Procedure Act (APA).

As of now, no comparable bill has been introduced in the House. (Several bills to amend the REAL ID Act are pending in the House, but none of them contain PRA or APA exemptions.) It’s unclear what effect these provisions would have if enacted. All Federal agencies are, of course, still subject to Constitutional requirements for due process. But these provisions of S. 4133  appear to be a direct response to the objections we raised in May 2020 to the latest DHS proposal to impose an ID requirement for airline travel without complying with the PRA or the APA.

Read More

Jun 08 2020

TSA to take mug shots of domestic air travelers

The Transportation Security Administration (TSA) has officially although quietly announced that, as it has planned for years, its deployment of mug-shot machines at airport checkpoints will move from pilot projects to the new normal for domestic air travelers.

According to a Privacy Impact Assessment (PIA) released last week, the TSA plans to integrate facial recognition into the Secure Flight profiling, scoring, and control system used by the TSA and other linked agencies to decide who is, and who is not, “allowed” to pass through TSA checkpoints to exercise their right to travel by airline common carrier.

Cameras to photograph would-be travelers’ faces will be added to each of the stations at airport checkpoints where TSA employees and contractors currently scan would-be passengers’ travel documents (boarding passes and, if they present ID, ID documents).

Read More

May 11 2020

Will courts finally make the TSA comply with FOIA?

The tenor of questioning by the judge in a Federal court hearing last week raises hope that the Transportation Security Administration (TSA) might soon be ordered to correct some of its longest standing and most systemic violations of the Freedom Of Information Act (FOIA).

It’s no exaggeration to say that, from its creation in November 2001, the TSA has acted with complete contempt for the FOIA law and the requirements that law imposes on the TSA and all other Federal agencies. Time after time, TSA failure to comply with FOIA has delayed, complicated, or completely frustrated our research and reporting on TSA policies and procedures, and has deprived the public of the opportunity for informed scrutiny and comment on what the TSA is doing, why, and with what effects on our rights.

One chronic problem is the way the TSA responds to FOIA requests for digital records.

Provisions of the FOIA statute that went into effect as part of the Electronic FOIA Amendments Act of 1996 —  years before the TSA came into existence — require that:

5 USC § 552(a)(3)(B)  — In making any record available to a person under this paragraph, an agency shall provide the record in any form or format requested by the person if the record is readily reproducible by the agency in that form or format. Each agency shall make reasonable efforts to maintain its records in forms or formats that are reproducible for purposes of this section.

When it set up its FOIA office and procured software for responding to FOIA requests, the TSA completely ignored this provision of FOIA. In a display of either gross incompetence or gross bad faith, the TSA and its parent the Department of Homeland Security (DHS) appear to have entirely omitted this legal requirement for production of records in any form and format in which they are readily reproducible from their procurement specifications and criteria for evaluation of proposals. Instead, the DHS and TSA standardized on the use of cloud-based FOIAXpress software that is designed to munge all records by converting them to rasterized images embedded in PDF files, regardless of the original file format.

There’s lots of other software that was, and is, capable of redacting files in native formats. But it’s impossible for any Federal agency to fulfill its FOIA obligations with respect to the form and format of production of records by using FOIAXpress. FOIAXpress should have been summarily eliminated from consideration for any Federal agency contracts as not capable of satisfying the EFOIA requirements. No Federal agency should ever have used it.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More

Oct 22 2019

9th Circuit upholds “no-fly” procedures & criteria

A 3-judge panel of the 9th Circuit Court of Appeals has upheld the government’s procedures and criteria for issuing “no-fly” orders against a complaint that the criteria (which are essentially “pre-crime” criteria based on predictions of future bad actions) are too vague to provide fair notice of what actions might lead to a “no-fly” order, and that the procedures do not provide the degree of procedural due process (notice of the accusations, an opportunity to see the evidence and cross-examine witnesses, etc.) required by the Constitution.

While the 9th Circuit panel left open the possibility of a challenge to the substantive grounds for a specific no-fly order, it upheld the government’s effort, in mid-litigation, to change the procedures for no-fly orders to keep challenges to no-fly orders out of U.S. District Courts and preclude any trial or adversarial or judicial fact-finding in such cases.

The 9th Circuit panel found that no-fly orders issued by the TSA under the current revised procedures are excluded from the jurisdiction of U.S. District Courts. TSA no-fly orders can be “reviewed” by a Circuit Court of Appeals only on the basis of a self-serving “administrative record” created by the TSA, and on the basis of a deferential standard that presumes the validity of the TSA’s fact-finding. The 9th Circuit panel did not address the Constitutionality of the applicable jurisdiction-stripping law, 49 U.S.C. § 46110, which is currently being challenged in the 1st Circuit in Sai v. Pekoske (originally Sai v. Neffenger).

The decision announced yesterday in Kashem v. Barr may be the worst appellate court decision against freedom of travel since the 2006 decision by the 9th Circuit Court in Gilmore v. Gonzales.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More

Sep 04 2019

US government blacklisting system is unconstitutional

In an opinion issued late today in Alexandria, VA, US District Court Judge Anthony Trenga has upheld the complaint by 23 victims of US government blacklisting that the system pursuant to which the government has designated them as “suspected terrorists” on the basis of secret algorithms applied to secret datasets, without notice or an opportunity to contest any allegedly “derogatory”  information, does not provide those who are stigmatized, and whose stigmatized status is broadcast to tens of thousands of law enforcement and other government agencies and private entities around the world, with the procedural due process required by the US Constitution.

This decision is one of the most fundamental victories for the rule of law since 9/11.

According to today’s opinion, it is undisputed that the DHS and FBI define anyone who has been arrested or charged with an offense related to terrorism as a “known” terrorist, even if they have been acquitted of that charge.  In other words, the DHS and FBI think that what is “known” is what they believe, not what judges or juries have found the facts to be. That presumption that by definition their secret judgements are more reliable than judicial fact-finding pretty much sums up why this decision is correct, why it is so important, and why it should be upheld if, as seems a near certainty, the government appeals.

None of the plaintiffs have even been arrested, much less convicted, for any criminal offense, terrorist or otherwise. The plaintiffs include, among others, several infants whom the government has apparently blacklisted as “suspected terrorists”. But even though the government will neither confirm nor deny that anyone is or is not, or has or has not been, included in the “Terrorist Screening Database” (TSDB), the court found that the plaintiffs have demonstrated sufficient basis for their belief that they have been blacklisted.

The government calls this database and decsion-making system a “watchlist”, but it is really a blacklist intended and used to determine adverse consequences for individuals.

The “No-Fly List” is only a subset of the TSDB, and not being allowed to fly is only a subset of the consequences of blacklisting detailed in the plaintiffs’ submissions to the court and the government’s admissions during discovery and depositions. The TSDB is used as the basis for a plethora of decisions, as the plaintiffs have experienced, from whether to have them arrested at gunpoint when they try to cross land borders  to whether to interrogate them for hours about their religious beliefs, seize their electronic devices for copying and forensic analysis of the data stored on them, deny them public or private-sector jobs, or close their bank accounts and deny them other fincial services.

The government’s use of secret criteria, secret datasets, and guilt by association as the basis for secret decisions — communicated to tens of thousands of other decision-makers, but not to those who have been blacklisted —  resembles the worst of McCarthyism, just with “terrorist sympathizer” or (literal) “fellow traveler” substituted for “Communist  sympathizer” or (ideological) “fellow traveler”.

Read More

Aug 05 2019

Questions about the REAL-ID Act

Fragmentary and jumbled records related to the REAL-ID Act of 2005 released by the US Department of Homeland Security in response to one of our Freedom Of Information Act (FOIA) requests don’t reveal much about DHS policy, but do provide a glimpse of DHS practices and plans.

The DHS has been threatening to harass, interfere with, or bar access to facilities or passage through checkpoints (including, but not limited to, those at airports) to people who don’t have, don’t carry, or don’t show ID; show ID that the DHS doesn’t deem compliant with the REAL-ID Act; or show ID issued by states or territories that the DHS deems insufficiently compliant with the REAl_ID Act.

These threats to deny equal rights to residents of noncompliant states and territories have been central to the DHS campaign to extort compliance from state and territorial officials reluctant to upload their residents’ data to an outsourced, privately-held national ID database.

But what sort of enforcement problem, at what scale, is this likely to pose for the DHS and those collaborators carrying out its REAL-ID directives? How many people will be affected, at what sorts of facilities and locations, in what circumstances?  Inquiring minds want to know, including opponents of the REAL-ID Act like ourselves, but also including officials at DHS headquarters trying to devise a workable REAL-ID enforcement plan.

Read More