Apr 08 2022

Amtrak gave train reservations to the TSA for a profiling test

[“Secure Flight” process flow used by the TSA for airline passengers and being tested on Amtrak passengers. The red box at right center is the “black box” for algorithmic profiling, blacklist/blocklist enforcement, and fly/no-fly decision making.]

Amtrak has reportedly given the Transportation Security Administration several months of  archives of Amtrak passenger reservations and frequent rider profiles. At Amtrak’s request, the TSA has used these records to test the TSA’s ability to extend to Amtrak passengers the ID-based profiling and blacklisting algorithms the TSA already applies to air travelers.

If you aren’t allowed to travel by air, the right to travel by train is critical. And while all common carriers have an obligation to transport all would-be passengers, Amtrak as a government agency should be most strictly held to that obligation.

The plans to run a batch of historical Amtrak reservations through the TSA’s “threat assessment” black box were disclosed in a Privacy Impact Assessment (PIA) quietly posted on the Department of Homeland Security website last December, and first noted in a news report by Mark Albert of Hearst Television earlier this week.

The PIA posted by the TSA in December 2021 said that Amtrak would give notice of the batch transfer of reservation archives to the TSA through an update to Amtrak’s privacy policy. That policy was last updated in November 2021, and doesn’t mention data sharing with the TSA. But a follow-up report today by Hearst Television quotes the TSA as saying that, “The collection of data and analysis has already occurred,” without the promised notice in Amtrak’s privacy policy.

What will this TSA’s test of Amtrak passenger profiling reveal? Of course some of the people who aren’t allowed to travel by air travel by train or bus instead. Amtrak and Greyhound are the long-distance carriers of last resort for undocumented and blacklisted travelers. So it’s to be expected that the TSA will find a disproportionate percentage of the people it has blacklisted from air travel on Amtrak passenger manifests.

Even more people will be forced to take Amtrak or Greyhound instead of flying if the TSA — as it has threatened — starts preventing people from flying if they don’t have, or don’t show, any ID, or ID the TSA deems to be compliant ID with the REAL-ID Act.

Does this mean that would-be terrorists are riding Amtrak trains? No. It means only that people blacklisted from air travel are riding trains. So far as we know, there have been no terrorist attacks on Amtrak trains. The false positives generated by the TSA’s “threat assessment” algorithms and precogs are evidence of what’s wrong with predictive profiling and why the right to travel by common carrier is so important.

The TSA and DHS have long wanted to extend their prior restraint of travel from airline passengers to all modes of travel including  trains and buses, but have lacked any legal basis to do so. Amtrak’s sharing of reservation  data with the DHS, even for passengers on international trains, has been represented as a “voluntary” action by Amtrak.

In the absence of any notice from Amtrak, it’s unclear what Amtrak claims as the legal basis for the recent “test” of TSA profiling of passengers on domestic Amtrak trains. Read More

Jan 26 2022

9th Circuit to review secrecy of CRS-based travel surveillance

May court records related to orders requiring a travel reservations company to provide real-time updates to the U.S. government whenever a “person of interest” makes reservations for flights or other travel  be kept secret from the public, the press, and other travel companies including the airlines on which the target plans to travel?

That issue is now before the 9th Circuit Court of Appeals in the case of Forbes Media and Thomas Brewster vs. the United States (Court of Appeals Docket #21-35612).

The legal question before the 9th Circuit is whether courts can keep their own actions secret. That’s important, but the the underlying facts raise other issues as well.

Read More

Sep 15 2021

DHS must explain failure to release e-mail files

In a victory for the Freedom Of Information Act (FOIA), an Administrative Law Judge (ALJ) has ruled that the Department of Homeland Security (DHS) must either disclose records of e-mail messages which we requested in the “native” file formats in which they are held on DHS servers or archival storage media, or must “demonstrate with sufficient justification that they cannot produce the documents in their original fully digital version.”

This ruling was made in response to an administrative appeal by the Identity Project of the DHS (non)-response to a FOIA request we made in 2016 for the reports submitted to the DHS each month on how may people attempted to enter Federal facilities without ID or with ID deemed “noncompliant” with the REAL-ID Act of 2005, and what happened to these people. How many were eventually allowed to enter, and how many were turned away?

Read More

Jul 19 2021

Photographing and recording the TSA

After stalling for more than five years, the Transportation Security Administration has made public a curious internal memo regarding photography and audio and video recording at TSA checkpoints.

The TSA wants to photograph us and track our movements and activities using facial recognition, but wants to limit our ability to photograph and record its activities.

The memo was released in May 2021 in response to a Freedom Of Information Act (FOIA) request made by Sai in March 2016. The memo itself is undated, but was distributed in July 2011 to TSA Federal Security Directors (FDSs) “for your immediate dissemination and implementation.” Needless to say, that “dissemination” did not include disclosure to the public, then or at any time until now, ten years after the fact.

That we have to make FOIA requests for internal TSA records like this, wait years for answers, and then try to parse the fragmentary responses for clues about TSA “policy” — rather than reading official policies applicable to the public in the U.S. Code, the Statutes at Large, or the Code of Federal Regulations — is indicative of the systemic problem of secret law.

But since secret rulemaking is standard operating procedure for the Department of Homeland Security and its components, what can we learn form the most recently-released memo about photography and recording at TSA checkpoints?

Read More

Jun 17 2021

DHS still evades review of no-fly orders

Two recent court cases, and follow-up articles and interviews with the plaintiffs and their lawyers, show how the highest priority for the U.S. government with respect to no-fly orders continues to be preventing judicial review of these government decisions, not preventing terrorism.

When an airline requests permission to allow an individual to board a flight, and the U.S. Department of Homeland Security (DHS) declines to give permission, that “Boarding Pass Printing Result” (BPPR) message is communicated only to the airline,  not the would-be traveler. Even the airline is not told the basis, if any, for the negative BPPR message. (The default is “No”, in the absence of affirmative, individualized government permission-to-board.)

Again and again and again, when people have challenged these no-fly orders in U.S. courts, the government has chosen not to disclose or defend the basis for its decisions that these people constitute a threat to aviation sufficient to justify restricting their right to travel.

Instead, the government has told the plaintiffs that they have been (although perhaps only temporarily) removed from “the no-fly list” (although with no assurance that they won’t again be prevented from traveling in the future), and then gotten their complaints dismissed in court as “moot”. Only rarely has it been possible to pursue these cases.

A special law restricting the jurisdiction of the Federal courts over “orders” of the Transportation Security Administration (TSA), 49 U.S.C. § 46110, has also been used to avoid fact-finding as to the basis, if any, for these orders. In our opinion this law is clearly unconstitutional. But the Constitutionality of this law has not yet been directly ruled on, and it has been the subject of little Congressional scrutiny.

If the government really thought these people were dangerous, it should have gone to court sooner to obtain injunctions or restraining orders restricting their freedom of movement. If challenged, it should have defended its actions before Federal judges in adversarial, evidence-based fact-finding proceedings.

The government has chosen to do neither, and has consistently responded to no-fly lawsuits by taking almost everyone with the means and will to pursue extended litigation off the not-fly list. This reflects the reality that the DHS sees judicial oversight of its actions, not terrorism, as the greater threat to its standard operating procedures. The top DHS priority is to be able to continue its practice of extrajudicial secret decision-making — disconnected from facts and based instead on fantasies of “pre-crime” predictive ability — about who is, and who is not, allowed to exercise their Constitutional rights.

The stories of Ahmad Chebli and Ashraf Maniar illustrate how this plays out in real life —  and how it wrecks real people’s lives and livelihoods.

Read More

May 17 2021

ACLU: “Digital IDs Could Be a Nightmare”

As the U.S. Department of Homeland Security is soliciting proposals from vendors for how to put digital versions of drivers licenses and other ID credentials on smartphones, the ACLU has released a timely and insightful white paper, Identity Crisis: What Digital Driver’s Licenses Could Mean for Privacy, Equity, and Freedom, by Jay Stanley of the ACLU Speech, Privacy, and Technology Project, along with an executive summary in the form of a blog post, Digital IDs Might Sound Like a Good Idea, But They Could Be a Privacy Nightmare.

The ACLU white paper links to some of our research and reporting and highlights many of our concerns with compelled identification, the REAL-ID Act, invisible virtual checkpoints, ID-based blacklists and controls on what we are and aren’t allowed to do, and the role of AAMVA and other “private” entities as outsourced, opaque, unaccountable, creators of ID “standards” that function as de facto laws and regulations that govern our movements and activities, but that are adopted in secret, exempt from the Freedom Of Information Act or other transparency laws, and lack basic privacy protections. or respect for rights recognized by the U.S. Constitution and international human rights treaties.

We encourage readers interested in these issues to read the ACLU white paper in full. But here’s an excerpt form the introduction to the white paper, framing the issue:

Read More

Apr 21 2021

DHS wants to put REAL-ID drivers licenses on smartphones

The Department of Homeland Security has published a Request For Information (RFI) from vendors and other stakeholders regarding standards for drivers licenses and other IDs stored on smartphones or other mobile devices to be considered compliant with the REAL-ID Act of 2005.

Responses to the RFI are due by June 18, 2021.

The amendments to the REAL-ID Act signed into law at the end of 2021 included provisions authorizing the DHS to certify digital ID credentials as “REAL-ID compliant”. That certification can’t happen, though, until the DHS promulgates new regulations.

The RFI published in the Federal Register this week is not formerly part of such a rulemaking, but appears to be part of the preparations for it.

A “mobile ID” would consist of a certificate digitally signed by a state department of motor vehicles. The RFI contemplates a process through which “individuals would electronically send identity verification information to the DMV to establish their identities and ownership of the target device.” No explanation or justification is provided for why or how a digitally-signed certificate would be, or should be, bound to a specific device, rather than simply provided as a file that can be stored on any digital device or storage medium.

It’s just as easy to loan a smartphone or other mobile device to another person whose appearance is similar as it is to loan a physical ID card to another person.

A drivers license rarely needs to be displayed, and in the form of a wallet-sized plastic card it  can be kept in a relatively secure pocket or compartment of a purse. A smartphone, in marked contrast, is likely to be frequently consulted and carried in a location on one’s person that is much more exposed and vulnerable to snatch-thieves than one’s wallet.

A smartphone is already, for many people, vulnerable as a single point of failure for identity and password management. Binding a digital ID to a specific smartphone appears likely to increase the risk and exacerbate the consequences of smartphone theft as a method of identity theft.

The RFI says that the DHS is considering incorporating the American Association of Motor Vehicle Administrators Mobile Driver License (mDL) Implementation Guidelines (April 2019) in the DHS standards and regulations, and the DHS seeks comments on those AAMVA guidelines. But those AAMVA guidelines are posted only on the “members-only” portion of the AAMVA website, and aren’t available to the public.

In the past, when we reposted specifications for the AAMVA’s national REAL-ID database that AAMVA had posted for years on the public portion of its website, AAMVA not only moved those specifications to to the members-only portion of its website, but asserted their copyright and threatened us with litigation to get us to take them off our site.

The DHS notice purporting to invite the public to submit comments on a secret document, not available to the public, that might be incorporated into DHS regulations, exemplifies everything that is wrong with both secret law and the outsourcing of “lawmaking” to entities such as AAMVA that are nominally private and not subject  to Federal or state freedom of information, public records, or open meetings laws.

There’s no indication in the RFI as to when or how the DHS plans to move forward with the separate rulemaking and approval procedures that will be required if it is to follow through on its threats to start turning away would-be air travelers at TSA checkpoints if they don’t have REAL-ID approved ID or don’t have or show any ID.

Apr 14 2021

More support for court challenge to TSA impunity

Two months ago, the last time we checked in on Sai v. TSA (now Sai v. Pekoske) —  the landmark challenge to the TSA’s attempt to avoid ever facing a Federal trial over its checkpoint procedures —  the disabled, pro se plaintiff had been given what seemed an impossibly short deadline by the 1st Cicruit Court of Appeals to file “hypothetical” objections to whatever “orders” the TSA might have issued that adversely affected them, without knowing what those orders might be.

Since then, we are pleased to report, things have been looking up for Sai and for all those who would subject the TSA to the rule of law.

Jonathan Corbett, Esq., who has brought a series of lawsuits against the TSA on his own behalf and that of his clients, stepped in to represent Sai pro bono, and got a small extension of time.

Of necessity given the limited time and resources, the brief filed on Sai’s behalf on April 2nd greatly narrows the issues presented. But it continues to challenge the TSA’s claim that its checkpoint procedures can’t be challenged or brought to trial in U.S. District Court, but can only be “appealed” to Circuit Courts where no fact-finding can be conducted and what constitutes the “record” to be (deferentially) reviewed is defined by the TSA itself. Sai also continues to challenge the TSA’s attempt to withhold self-defined “Sensitive Security Information” from disclosure in response to Freedom of Information Act (FOIA) requests.

Further strengthening Sai’s case against TSA impunity from trial or judicial fact-finding, the Institute for Justice — which is moving forward with its own challenge to systematically lawless TSA practices — has intervened in Sai’s case against the TSA with a friend-of-the-court brief and a request to participate in oral argument before the Court of Appeals.

We fully endorse the latest arguments made by both Sai and IJ, and look forward to having them given the consideration they deserve by the 1st Circuit panel.

Apr 07 2021

4th Circuit panel rejects rights to travel and to due process

In one of the worst court decisions on the right to travel since Gilmore v. Gonzales,  a three-judge panel of the 4th Circuit Court of Appeals has reversed the decision of a U.S. District Court in the case of Elhady v. Kable that  the U.S. government’s system of extrajudicial administrative blacklists (euphemistically and inaccurate called “watchlists” although the consequences for the people who are listed include much more then merely being “watched”) is unconstitutional.

The decision comes in a class-action lawsuit brought on behalf of blacklisted Muslim  American travelers in 2018 by the Council on American Islamic Relations (CAIR). It folows a disturbing trend of decisions in similar cases by courts in the 6th Circuit and the 10th Circuit.

According to Gadeir Abbas, the CAIR attorney who has led the national campaign of lawsuits (many others of which are still pending) against post-9/11 blacklists, CAIR plans to petition for “rehearing en banc” by the 4th Circuit Court of Appeals:

A three-judge panel on the Fourth Circuit reversed a historic U.S. District Court decision that declared the entirety of the watchlist unconstitutional. In doing so, the judges ignored the dire consequences experienced by American citizens placed on the watchlist and took a dim view of what the Constitution requires. We are disappointed in this decision, but we remain undeterred. The fight is not over. CAIR will now ask the entire Fourth Circuit to review the case.

The 4th Circuit panel gets off on the wrong foot by declaring that it is reviewing a challenge to a “system vital to public safety”, despite the absence of any finding by the District Court to that effect or any evidence in the record to support such a claim. In fact, watchlists/blacklists are based on anything but actual dangerousness. If an individual were actually demonstrably dangerous, the government could and should either arrest them or apply to a court for an injunction restricting their dangerous actions. But the government has never done that with any of the people it has blacklisted.

The 4th Circuit panel opinion is dismissive of almost every aspect of the right to travel or of due process. It finds that government-imposed travel delays of hours or perhaps even days aren’t sufficient interference with the right to travel to constitute a legally-cognizable infringement of the right to travel, and that denial of air transport is Constitutionally insignificant because, “Plaintiffs can travel internationally by boat.”

Despite acknowledging that the blacklists/watchlists were “created by executive order” and not by any Congressional action, and that the Terrorist Screening Center “receives around 113,000 nominations annually and around 99% are accepted,” the 4th Circuit panel finds that no judicial review of these decisions is necessary.

Relying on an outdated history of entry and exit procedures when an intercontinental journey took weeks, and a delay of hours or days would only lengthen the journey time by a small percentage, the 4th Circuit panel brushes off the detention (in many cases at gunpoint), interrogation, and search of the plaintiffs. “Delays and inconveniences at the borders are… as old as the nation itself…. The experiences alleged by plaintiffs do not rise to the level of constitutional concern…. Given the government’s broad power to control movement across the nation’s borders, the burdens experienced by plaintiffs are not infringements of  ‘liberty’ within the meaning of the Due Process Clause.”

We join CAIR and the many friends of the court who filed briefs in support of the plaintiffs in Elhady v. Kable in looking forward to en banc rehearing and reversal of this ill-founded decision.

Update: Petition for rehearing en banc, Order denying petition for rehearing

Mar 30 2021

Expanding travel policing beyond no-fly lists (and the Fourth Amendment)

According to an article in POLITICO based on interviews with unnamed “law enforcement officials,” the US Department of Homeland Security (DHS) is considering expanded use of airline reservation data  to target travelers  for more intrusive searches:

The department could begin analyzing the travel patterns of suspected domestic extremists, monitor flights they book on short notice and search their luggage for weapons, a senior law enforcement official told POLITICO. There have also been discussions about putting suspected domestic violent extremists — a category that includes white supremacists — on the FBI’s No Fly List, the official said. When suspected extremists travel internationally, officials may be more likely to question them before they pass through customs and to search their phones and laptops.

A second law enforcement official told POLITICO that conversations about monitoring domestic extremists’ travel have involved multiple federal agencies at the interagency level, including the FBI.

We’ve recently discussed what’s wrong with the no-fly lists (there are several, created and maintained by different, although interlocking, entities, for different ostensible purposes) and why they shouldn’t be used like this or in most of the other ways that they are now used.

As Gary Leff puts it in his View from  the Wing travel blog:

Denying the freedom of travel, without trial, is precisely the mob rule outside of the rule of law that we’re supposed to be pushing back on after the events of January 6th. Having the government ban travel on all airlines without judicial review is frightening in a democracy.

The latest article in POLITICO suggests tactics that go well beyond no-fly lists. It’s important to understand what’s being talked about, and how it would differ from previously-disclosed practices and exceed what is permitted by current law.

It’s crucial to recognize that, in this proposal, the DHS is testing the waters not for an expansion of existing authority, but an entirely new category of exception to the Fourth Amendment: a “pre-crime” search that is based on neither a warrant nor probable cause, but that — unlike an administrative search — targets individuals selectively.

Read More