Sep 28 2009

Now that Ted Kennedy’s dead, the TSA’s found somebody else in Congress to harass

Senator Edward M. Kennedy (D-MA) used to have constant trouble at airports because a name similar to his was on the TSA’s “no-fly” list.  Even as a senior Senator he couldn’t find out why, and couldn’t get the harassment stopped (which he eventually mentioned publicly during a Senate hearing) for more than three weeks.  For ordinary mortals, “redress” takes months or years, if it ever happens at all.

Now it’s Representative Jason Chaffetz (R-UT) — sponsor of the amendment passed overwhelmingly by the House in June, despite opposition from the leadership of both major parties, to restrict the TSA’s use of virtual strip search (“Whole Body Imaging”) machines at checkpoints in airports — who’s gotten on the TSA’s VIP list for special treatment.

According to reports in the Salt Lake Tribune and Deseret News, frequent-flyer freshman Congressman Chaffetz — who has refused to move to Washington, sleeps on a cot in a back room of his Congressional office during the week, and flies home to Utah to be with his family every weekend — got into trouble at SLC last week after he (1) refused to “consent” to a virtual strip search (“Chaffetz had told the House, “You don’t have to look at my wife and 8-year-old daughter naked to secure an airplane.” He says he didn’t want the TSA looking at him naked either. He told the Deseret News the TSA has not lived up to promises to post signs about what the whole-body imaging machine does”) and then (2) tried to read the name on a TSA agent’s badge (which the agent only showed him after Chaffetz identified himself as a member of Congress, although the TSA agents said they already knew who he was).

Of course, Chaffetz was then “randomly” selected for extra groping (“secondary screening”).  But we’re sure that had nothing to do with his political opinions or attempts to hold the TSA accountable to the laws he helps make.

Aug 16 2009

Secure Flight: Frequently Asked Questions

There’s been a lot of confusing (and often confused) reporting recently about the TSA’s so-called “Secure Flight” scheme for surveillance and control of passengers on domestic U.S. airline flights, based on data mining of airline reservations and lifetime travel histories.

If you’re looking for answers, you might start with our FAQ about “Secure Flight”.

Much of the confusion comes from the fact that the TSA’s orders to the airlines to implement “Secure Flight”, setting out which airlines are required to do what, and when, are all contained in secret “Security Directives”.  So we have only the TSA’s press releases — which they have previously told us would “creat[e] public confusion” were the public actually to rely on them, and which have often proven to be lies anyway — as clues to what is really being required.

We do know, however, the essence of what the “Secure Flight” regulations actually require: the shift to a permssion-based system of control of domestic air travelers (similar to the shift already being made for international air travelers under the APIS regulations, and for land border crossings under the WHTI rules), with a default of, “No”.

In addition to the questions in our original our FAQ, recent news reports raise some additional questions worth answering:

  • Was the “Secure Flight” scheme “[b]orn out of recommendations from the 9/11 Commission” (NPR)? No. “Secure Flight” is the latest name for a program originally called “CAPPS-II”, which was conceived almost immediately after 9/11 and well before the 9/11 Commission was even appointed.  More importantly, “Secure Flight” is directly contrary to the recommendation of the 9/11 Commission that, “The burden of proof for retaining a particular governmental power should be on the executive, to explain (a) that the power actually materially enhances security and (b) that there is adequate supervision of the executive’s use of the powers to ensure protection of civil liberties. If the power is granted, there must be adequate guidelines and oversight to properly confine its use…. [There should be a board within the executive branch to oversee adherence to the guidelines we recommend and the commitment the government makes to defend our civil liberties.”
  • Is “Secure Flight” a legal “requirement” (TSA press release)? No. Not only is “Secure Flight” (a) in violation of international treaties to which the U.S. is a party (Article 12 of the ICCPR provides in part that, “Everyone lawfully within the territory of a State shall, within that territory, have the right to liberty of movement”) and (b) the First Amendment to the U.S. Constitution (“Congress shall make no law … abridging … the right of the people peaceably to assemble”), but (c) the TSA has been expressly forbidden by Federal law from implementing “Secure Flight” “on other than a test basis” unless and until the GAO has certified that 10 specific criteria have been met.  The GAO has moved the goalposts set by Congress to certify that most of those criteria have, under clearly distorted interpretations, been met — but not yet all of them.  The assignment to each would-be passenger of a score of “cleared”, “inhibited”, or “not cleared” appears to violate the provision of the same law that, “None of the funds provided in this or any previous appropriations Act may be utilized to develop or test algorithms assigning risk to passengers whose names are not on government watch lists.”  And “Secure Flight” also potentially violates restrictions on data mining. [Update: It appears that the TSA is interpreting the GAO’s statements as constituting the necessary certification, even though the GAO said that “Additional Actions Are Needed”.  According to Business Travel News, “‘There’s nothing more to be tested, and no more approvals we need,’ said program director Paul Leyh…. ‘All it is now is to start the implementation process.'”]
  • Can the TSA or the airline prevent you flying or impose other sanctions as a penalty for non-compliance with “Secure Flight” requirements such as providing my date of birth, gender, etc? No. [Not unless they can successfully claim that the GAO has made the necessary certification, and that “cleared”, “inhibited”, or “not cleared” is not a “risk score”.] The same law that prohibits the TSA from “deployment or implementation, on other than a test basis” of “Secure Flight” also provides that, “During the testing phase … no information gathered from passengers, foreign or domestic air carriers, or reservation systems may be used to screen aviation passengers, or delay or deny boarding to such passengers, except in instances where passenger names are matched to a government watch list.”
Jun 25 2009

Courts and Congress finally start to rein in the TSA

Until recently, the TSA has been a domestic legal Guantanamo, and the TSA has treated their domain of “checkpoints” and travel control and surveillance as a law-free zone where their powers of search, seizure, detention, and denial of passage were unconstrained by the Constitution, human rights treaties, judicial review, or stautory or regulatory standards.  As indeed it has been: Congress has enacted no law specifically defining any limits on the authority of TSA agents at checkpoints (or elsewhere), and the TSA itself has never conducted any rulemaking or issued any publicly-disclosed regulations defining its authority, the limits of that authority, what orders travellers do or don’t have to comply with, and which forms of “noncooperation” are considered grounds for which sanctions (more intrusive search, denial of transportation, admninistrative fine, detention, etc.). While the TSA has never been explicitly exempted from the Constitution or treaties such as the International Covenant on Civil and Political Rights, the DHS has sought to avoid ever allowing judicial review of fly/no-fly decisions, and the courts themselves have gone out of their way to avoid ruling on the legality of TSA actions — such as when the 9th Circuit invented a counter-factual claim (without ever allowing an evidentiary hearing on the facts) that John Gilmore hadn’t actually been required to show ID credentials in order to fly, as a way to avoid ruling on whether an ID-to-fly requirement would be Constitutional. As for the Executive, President Obama has yet to nominate an Administrator of the TSA, leaving this one of the highest-ranking vacancies in the Administration and leaving the TSA operating on autopilot under lame-duck holdovers.

In the absence of any explicit rules or any judicial, legislative, or executive oversight, the TSA has felt no need to seek authority for its ever-expanding assertions of authority through legislation or rulemaking.  Nor has the TSA recognized any duty of self-restraint or self-policing to ensure its actions conform to the law. Instead, the TSA has simply wielded its power to do whatever it wished, on the disgraceful assumption that, “If we’re doing something wrong, the courts will tell us — if and when someone can afford to sue us, and they win a court judgment against us.”  In the meantime, the TSA will do, and claim the right to do, anything that hasn’t already specifically been ruled illegal. Kind of like the thief who assumes that they can steal whatever they want, and that if something turns out not be theirs, they’ll give it back if and when someone sues and wins a court judgment ordering its return.

Time and again we’ve pointed out this failure to subject the TSA to the rule of law. See, for example, our most recent prior post on this topic, our agenda on the right to travel submitted to the Obama Administration and Congress after the 2008 elections, and our comments earlier this month at the Computers, Freedom, and Privacy conference session with Obama Administration representatives and others at 1:45:53 of this video.  Until recently, however, neither the Courts, the Congress, nor the Executive branch have wanted to confront the question of what rules govern the TSA.

We’re please to report that this is finally beginiing to change, in small ways but on numerous fronts:

Read More

Jun 04 2009

Are there any rules at airport checkpoints?

We had a chance to ask some questions (starting at 55:00 of the video, although the entire panel is worth watching) of the TSA’s Chief Privacy Officer, Peter Pietra, when he showed up at the Computers, Freedom, and Privacy conference to talk about the SPOT program, under which roving teams of TSA agents watch people in airports for a (secret, of course) checklist of “suspicious” behavior, question some of those people, and finger some of them for more intrusive search or further questioning when they reach the “screening” checkpoints.

Petra claimed that, “There isn’t any search or seizure … until the checkpoint”, even if you decline to respond to questions from the SPOT teams or other TSA agents.  But, “At the checkpoint, it’s a different story … There’s a ‘special circumstances’ exception that would permit at least a reasonable search.”

But what does the TSA consider “reasonable”? In particular, once we get to the checkpoint, are we required to answer questions from the TSA?

“I don’t know,” Petra said.

If we decline to answer questions at a TSA checkpoint, does the TSA claim the authority to detain us, prevent us from traveling, or impose administrative sanctions?  Or is the maximum penalty for declining to answer TSA questions having to submit to a pat-down search and hand search of our carry-on baggage (“secondary screening”)?

“Once you get to the checkpoint, you have to ‘cooperate’ with screening.”

What does “cooperate” mean? Are there any guidelines that tell us what we are required to do to consitutute “cooperation” with screening at a checkpoint?

“I don’t know,” Petra again answered.

We asked Petra to try to find out, but we won’t hold our breath waiting for an answer.

Jun 01 2009

Today we’re all prisoners in the USA

As of today, June 1, 2009, even U.S. citizens are officially prisoners in the USA, or exiles barred from entering our own country without the government’s permission.

We are now forbidden by Federal regulations from leaving or entering the USA, anywhere, by any means — by air, by sea, or by land, to or from any other country or international waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable uniquely-numbered radio tracking beacons in the form of RFID transponder chips), or unless the Department of Homeland Security chooses to to exercise its standardless “discretion” to decide — in secret, with no way for us to know who is making the decision or on what basis — to issue a (one-time case-by-case) “waiver” of the new travel document requirements.

If you’re in the USA without such documents — even if you were born here, or are a foreigner who entered the USA legally without such documents (a Canadian, for example, who entered the USA by land yesterday when no such documents were yet required), or your document(s) have expired or have been lost or stolen — you are forbidden to leave the country unless and until you procure such a document, or unless and until the DHS gives you an exit permit in the form of a discretionary one-time waiver to leave the country — but not necessarily to come home, unless they again exercise their discretion to “grant” you another waiver.

If you are a U.S. citizen abroad without such a document (for example, if you entered Canada legally without it yesterday by land, when it wasn’t required, or again if your document(s) are expired, lost, or stolen) you are forbidden to come home unless and until you can procure a new document acceptable to the DHS, or unless and until the DHS gives you permission to come home in the form of a discretionary one-time waiver. Read More

May 26 2009

TSA releases (censored) ID checking procedures

In response to a request by the Identity Project under the Freedom of Information Act, the TSA has for the first time given us a (redacted) version of the section on Travel Document and ID Checks from the TSA’s “Screening Management SOP” (Standard Operating Procedures) manual.  Our request was made June 21, 2008, the day the TSA announced what they claimed were changes to ID “requirements” for air travelers. It took the TSA almost seven months to respond.

The version of the SOP manual which the TSA has now made public is dated June 30, 2008, so it ought to reflect the changes announced in the TSA’s June 21, 2008 press release. But there is nothing at all in the sections of the manual the TSA has released about the new procedures and new ID verification form which the TSA had, in fact, started using.  Rather than requiring people who don’t have or don’t choose to show government-issued ID credentials to execute affidavits stating who they are under penalty of perjury, the TSA procedures manual requires that such people be allowed to proceed through secondary screening as “selectees”, and specifically directs screeners and other TSA staff not to make any attempt to detain or delay them.

Read More

May 18 2009

GAO moves the goalposts to “approve” Secure Flight

We were surprised last week to see that the GAO has issued a report certifying that, “As of April 2009, TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved 1 condition (TSA had defined plans, but had not completed all activities for this condition).”

Surprised, that is, until we we saw how the GAO had defined (re-defined?) those statutory conditions in ways very different from what we thought they meant, or what we think Congress thought they meant: Read More

May 18 2009

Time to stop tinkering with “watchlists”

This month the Office of the Inspector General (OIG) of the Department of Justice has released a report on their recent audit of the FBI’s “Terrorist Watchlist Nomination Practices”.

The OIG report contains far more detail than has previously been made public about how and by whom (although very little about why) the government’s watchlists are compiled. It’s must reading for anyone interested in how the US government is deciding who to allow, and who not to allow, to travel or to engage in other activities for which these watchlists are used as blacklists.

As we discuss in our FAQ about Secure Flight, these watchlists serve as the primary determinant of who the DHS (both the CBP for international flights and the TSA for domestic flights, although eventually the TSA under Secure Flight for both) gives permission to fly.

Unfortunately, because it is confined to the “nomination” component of the system, the OIG report fails to address the more fundamental problems with the watchlist system — problems that cannot be resolved by the sort of tinkering with the watchlisting process that is suggested by the OIG’s recommendations. A much more fundamental change is required in how the watchlists and their use are conceptualized.

Read More

May 16 2009

Air France passenger data and “no-fly” orders

Follow-up reports have provided more details but also raised more questions about the incident last month in which the US government refused to allow an Air France flight en route from Paris to Mexico City to follow its normal route through US airspace, because the passengers included a journalist on the US “no-fly” list.  The orders from the US authorities, coming while the plane was already in flight, resulted in a lengthy detour to avoid overflying US territory, and an unscheduled refueling stop in Martinique.  (Air France’s Paris-Mexico flights used to stop in Houston, but these days they are scheduled to operate nonstop, in significant part to spare through passengers the need for US transit visas and US-VISIT processing including fingerprinting and photgraphing, now required even for foreign passengers merely transiting a US airport.)

As with previous incidents of blacklisted passengers and delayed, diverted, or canceled flights, this episode should be a reminder that the problems with the “no-fly” list are not limited to mistaken for other people on the watchlist.  The problem, in this case, is that one of the passengers actually was on the list of people administratively banned from the US, without any way of knowing why, confronting his accusers or the evidence (if any) against him,  or obtaining judicial review of their decision to deny him the right of passage by common carrier through US airspace (a right guaranteed by international treaties to which the US is a party).

Also at issue has been how, when, and through what intermediaries or data pathways US authorities learned who was on the plane, espcially since it wasn’t scheduled to touch US soil. Read More

Apr 20 2009

TSA claims new powers of detention, search, and interrogation

Once again as before trying to legislate by press release and blog posting, the TSA has asserted that it has the general law-enforcement authority to detain would-be airline passengers, seize their possessions, and compel them to answer questions — for reasons entirely unrelated to aviation or security, and even when it cannot articulate any probable cause for a belief that any law has been violated.

These new assertions come in response to an incident in which a passenger attempted to bring a locked metal cash box as part of their carry-on baggage on a domestic flight.  Since the box was opaque to x-rays, the TSA staff at the checkpoint at Lambert Airport in St. Louis asked the traveler to open the box so that they could check whether it contained any prohibited or dangerous items, and took him into a private room to do so.

So far, OK. Commenters in the TSA blog, including jewel dealers, point out that many types of valuables must be carried on (because they are exempt from airline liability if placed in checked baggage) and that they don’t want them inspected in public, where other people might learn what they are carrying.

In the back room, the traveler unlocked the box, and the TSA agents verified that it contained only cash (approximately $4,700), checks, and other documents.  No weapons or explosives, and nothing even arguably prohibited, dangerous, contraband, or illegal.  That should have been the end of the screening. Instead of letting the traveler go on through the checkpoint, however, the TSA then called the local police. It’s unclear if the TSA actually detained the traveler or kept custody of his cash box and its contents while waiting for the police, or if he could have left the airport (with or without his money and checks) before the police arrived, but it’s clear that they wouldn’t have allowed him to continue past the checkpoint to his flight.

Once the police arrived, the police and the TSA together informed the traveler that he was under detention and not free to leave, and interrogated the traveler about his employment, the reasons for his trip to St. Louis, the ownership and source of the money and checks (which in fact were the proceeds from a political event, which thus contained information protected by the First Amendment about acts of assembly and association by the writers of the checks), and other issues unquestionably unrelated to weapons, explosives, or aviation security.

The traveler responded to each of these questions, calmly and politely, by asking, “Am I required by law to answer that question?”  None of the TSA staff or police would answer this question, nor have they subsequently done so.  Instead, they told him that possession of cash and failing to answer their questions was “suspicious”, and threatened to keep him under detention and “take him downtown” to be questioned further by the Drug Enforcement Administration (DEA).

After about 25 minutes, and after some conversation out of his hearing between the agents and an unidentified person in plain clothes, the traveler was told he was free to go.  He made his plane, with his cash box and its contents.

We know all this because the traveler, Steve Bierfeldt, covertly recorded all but the start of the incident on his iPhone. There’s more about the incident, including interviews with Mr. Bierfeldt, in these reports from Fox News and the Washington Times.  And in case you are wondering, the incident occurred in Missouri, where the law permits any party to a converstion to record it, even without the knowledge or consent of the other party or parties.

But the worst thing isn’t what the TSA did, but what it has subsequently claimed it has the right to do, and to compel would-be travelers to do.  According to the TSA blog: Read More