The travel industry — concerned that treating all travelers as suspected terrorists will discourage travel and reduce their business — has joined forces with the homeland-security industrial complex of providers of travel surveillance and control technology in a pseudo-grassroots lobbying and propaganda campaign for more profiling of travelers.

The motives of DHS contractors and their lobbyists are obvious. But we’re disgusted with travel companies, especially “common carriers” required to transport all would-be customers, whose pitch to the public is that it’s OK for the travel industry to collaborate with the government in collecting lifetime travel histories of their customers, and to subject some of them to everything from virtual strip-searches and/or manual groping to standardless secret no-fly orders, as long as those invasions of privacy and the right to travel are imposed selectively.

Making sexual assault, warrantless searches, and denial of transportation discriminatory and selective — where the selection is based on anything other than a search or arrest warrant, injunction, or  other court order — only exacerbates the unfairness and the denial of rights.

The latest euphemistic buzzword for “trusted traveler” and other profiling schemes is “risk-based”. The term “risk-based’ is used to create the mis-impression that profiling actually measures risk. But let’s be clear: whether there is sufficient evidence of “risk” in a particular case to justify search, detention, and/or denial of freedom of movement is a matter to be determined by a judge, not a profiling algorithm. And even if we wanted to ignore the Bill of Rights, there is no reliable algorithm for identifying “risky people”.  Some people do bad things, but trying to identify “bad people” is impossible without trying to read minds. Any trusted traveler program would inevitably be a “Department of Pre-Crime”, and not based on any actual judicial determination of risk — much less of risk sufficient to justify prior restraint on the exercise of First Amendment rights of assembly.

The travel industry and the profiling companies want you to think that you’d never fit the profile, that you’d be considered a “trusted” traveler, and that all the bad things would be reserved for other bad people who, on the basis of their travel history or other (legal) activities, “deserve” to be treated like terrorists. But the reality is that any trusted traveler program is a threat to all our rights.

Just say no to any “trusted traveler” proposal. Just say no to the traveler surveillance and profiling it would require. And just say no to the discrimination it would embody and institutionalize.

The DHS can’t exempt itself from the civil remedies provided by the Privacy Act for people who are harmed by government violations of the law, according to a decision announced today by the 6th Circuit Court of Appeals in Cincinnati in the case of Shearson v. Department of Homeland Security.

The case was brought by Julia Shearson, Executive Director of the Cleveland chapter of the Council on American-Islamic Relations (CAIR). The incident that led to the case is described in today’s court opinion as follows:

Shearson and her four-year-old daughter, United States citizens by birth and Muslims, returned by car from a weekend in Canada at around 8:30 p.m. on January 8, 2006, via the Peace Bridge in the Buffalo, New York/Fort Erie area. On scanning their United States passports, the CBP computer flashed “ARMED AND DANGEROUS,” and CBP agents asked Shearson to turn over her car keys and step out of the car. Shearson was handcuffed, and, after several hours of questioning in the terminal, she and her daughter were released without explanation. As they left, Shearson inquired whether her vehicle had been searched and was told no search had been conducted. This proved to be false; Shearson’s vehicle had been searched and was damaged in the course of the search. After Shearson wrote several Ohio congressional representatives, who in turn contacted the CBP, the CBP advised the legislators that its agents had acted “in response to what later proved to be a false computer alert.”

The DHS admitted that they had improperly flagged her as a “suspected terrorist” in the (illegal) travel records system that later came to be known as the “Automated Targeting System,” but refused to say why or on the basis of what, if any evidence or allegation against her they did so. Five years later, she’s still trying to find out why — other than working for CAIR — she was labeled in ATS as a “suspected terrorist” to be arrested at gunpoint, separated from her child, and held in handcuffs.

Shearson brought suit against the DHS under the Privacy Act for, among other violations, improperly maintaining records of her religious and other activities protected by the First Amendment, failure to maintain accurate records, improper disclosure of the erroneous records about her, and refusal to show her their files about her.  She filed and argued the case pro se for several years, although Gadeir Abbas (then a law student and now a staff attorney with CAIR) and David Wolfe Leopold (now the president of AILA, the American Immigration Lawyers), later assisted in the case, and attorney Kurt Hunt represented Ms. Shearson in the appeal to the 6th Circuit Court of Appeals.

In response to the lawsuit, CBP (U.S. Customs and Border Protection, a division of DHS), argued that they had exempted themselves from any liability related to ATS for under the provisions of the Privacy Act for civil remedies. Such overbroad self-exemption claims have been a common technique of the DHS to shield itself from acountability to the courts for its actions, even when they infringe citizens’ rights.

As Shearson’s attorney in the 6th Circuit appeal, Kurt Hunt, described the ruling, it means that, “A citizen can sue the government for breaching mandatory provisions of the Privacy Act (for example: improperly maintaining records of First Amendment activity), and the government cannot simply pass a rule to ‘exempt’ itself from potential civil liability for violating those mandatory provisions. In short, it makes it possible for a citizen to actually enforce the Privacy Act in a civil action.”

Hunt notes that, “The circuits are currently split about this question, and the split appears to be widening. Because this was the first 6th Circuit decision to address civil remedies exemptions, today’s ruling will have national implications. We hope the Sixth Circuit’s decision will be the start of a trend of decisions putting the “teeth” back into the Privacy Act.”

Now that DHS’s attempt at self-exemption has been overturned by the Court of Appeals, Shearson’s case has now been remanded for further action on her claims for violation of the Privacy Act and her rights.

We don’t yet know whether similar claims of total self-exemption from  liability to civil remedies will be asserted by CBP in our own case, Hasbrouck v. CBP, which so far as we know is the only other case to have been brought under the Privacy Act and related to Automated Targeting System records.

Highlighting what will happen — and already is happening — when other countries follow the bad example of the USA in restricting freedom of movement, the Canadian Press news service reported last night on the situation of, “A British man … stranded in Canada after being denied permission to fly home because he’s on the U.S. no-fly list”:

Dawood Hepplewhite of Sheffield, England, turned up at Pearson Airport in Toronto on Sunday only to be told by an Air Transat official he couldn’t board the plane…

Hepplewhite, 30, divides his time between Sheffield and Toronto, where his Canadian wife Farhia and their three children reside. All five were planning to head back to England for an extended stay.

Hepplewhite says Air Canada and British Airways also refused to let him fly to England on Monday…

Hepplewhite says he’s no security threat, but suspects he is on the no-fly list because he’s a white Muslim and attended a job interview in Yemen — considered a hotbed of terrorism — for a position teaching English a few years ago.

“And when I came back to England I got pulled aside by the police.”

But Hepplewhite abandoned any idea of working in the Middle-Eastern country and has been to Canada several times since that incident.

It’s not clear what will happen next, but, “Hepplewhite’s visa allowing him to stay in Canada expires on April 29.”  If he overstays his visa, Canadian law would provide for him eventually to be deported from Canada to the country of his citizenship, the U.K.  By air. At the expense of the airline that brought him to Canada — the same airline that is now refusing to allow him to use his paid ticket  for just such a flight home before his visa expires.

Who gave the no-fly order? And how did they know Mr. Hepplewhite planned to be on that plane? According to the Canadian Press story:

A bill currently before Parliament would allow airlines to share passenger information required by the U.S. Secure Flight program….

But both Canada and the U.S. say there is no statutory requirement — at least not yet — to provide passenger information for such flights, and Air Canada says it is not doing so….

When asked recently about use of the U.S. list, Air Canada spokesman Peter Fitzpatrick said “we comply with all applicable laws and regulations wherever we operate, and that includes those in the U.S.”

Whatever is happening, it certainly isn’t complying with Canadian law (which requires airlines to operate as common carriers, and protects against arbitrary denial of fundamental rights) or international treaty law by which Canada is bound (which guarantees the right to return to the country of one’s citizenship). And there’s no claim that the U.S. would have had any jurisdiction over Mr. Hepplewhite’s YYZ-LHR flight, since unlike unlike some flights to and from Canada, such as Montreal-Paris flights that sometimes pass over part of Maine, it wouldn’t have passed through U.S. airspace.

So there’s really no question that there was no basis for any valid U.S. no-fly order.

But it’s unclear whether:

1. The Canadian government (illegally and extrajudicially, in violation of its treaty obligations under Article 12 of the ICCPR) ordered all airlines serving Canada not to transport people with names matching those on the U.S. no-fly list in general, or Mr. Hepplewhite in particular, perhaps without even seeing the evidence, if any, forming the basis for this U.S. request for a Canadian government order; or
2. The airlines (illegally, in violation of Canada’s basic privacy law, PIPEDA) allowed passenger passenger information to be accessed by the U.S. government, or by CRSs or other intermediaries who did so, and (illegally, in violation of their licenses to operate as common carriers) denied transportation to those the U.S. requested not be transported or (more likely, given the change in the U.S. default to, “No”) those with respect to whom the U.S. didn’t send back an affirmative “Cleared” message.

Which of these happened, and how, is an appropriate question for inquiry both by the Canadian Parliament and by the Privacy Commissioners of Canada and of Ontario.

It might be true, in the narrowest sense, that Air Canada does not directly “provide passenger information” to the U.S. government for flights that don’t touch U.S. airspace. But as the treatment of Mr. Hepplewhite shows, the U.S. government has access to such data, either or both because (a) airlines serving Canada have given the U.S. government “root” access to their reservation systems, not restricted to flights to, from, or overflying the U.S., and/or (b) the U.S. government has similar root access to the Computerized Reservation Systems/Global Distribution Systems (CRSs/GDSs) based in the U.S., to  which most travel agencies and tour operators in Canada outsource (illegally, in flagrant violation of PIPEDA, without notice to or consent of travelers and in the absence of any U.S. privacy law governing CRSs) the storage of their reservations and agency customer/traveler profiles.

We’ve talked about both these problems before, in testimony to both the Canadian and European Parliaments, and they picked up on in a recent letter to the European Commission (see the top of p. 2) from the “Article 29 Working Party” of EU national data protection authorities.  It remains to be seen how they will be dealt with in Canada, and how this will affect other countries’ willingness to join the U.S. war on freedom of travel through PNR and identity-based surveillance and control.

[Update from the Toronto Star: “James Mortimer, a spokesman for the British Foreign and Commonwealth Office in London, England, told the Star he is looking into the matter.”]

[Update from the Canadian Press: “British man on U.S. no-fly list gets ‘one-time offer’ to fly to Glasgow…. An Englishman left stranded in Canada because he’s on the U.S. no-fly list is headed home — sort of. Dawood Hepplewhite says a British consular official called with a ‘one-time offer’ from Air Transat to fly with his wife and children to Glasgow, Scotland, on Wednesday night as a ‘goodwill gesture.'”]