May 08 2018

TSA releases redacted ID verification procedures

Five years after we requested them under the Freedom Of Information Act, the TSA has released a redacted copy of its Identity Verification Call Center (IVCC) procedures for interrogation and “screening” of people who show up at TSA checkpoints without ID or with ID the TSA initially deems unacceptable.

Most of these people — 98% of them, according to summaries and logs eventually released to us by the TSA in response to our FOIA request — are eventually “allowed” by the TSA or TSA contractors to exercise their right to travel by common carrier, but only after being put through the TSA’s identity verification procedures.

The TSA’s Standard Operating Procedures for travelers without ID or with initially unacceptable ID include requiring them to complete and sign an (illegal) TSA Form 415, “Certification Of Identity” (COI), and playing a pointless game of 20 questions by telephone with the ID Verification Call Center to see if the traveler’s answers to questions match the information in the files secretly maintained by a commercial data broker, the Accurint division of LexisNexis (part of Reed Elsevier).

In 2013, we asked the TSA for its records of what happens to people who try to fly without ID or with ID that the TSA or its contractors initially deem unacceptable. As part of the same request, we asked for related email messages and policies.

The TSA dragged its feet for years, gradually releasing a trickle of redacted and scanned page-view images of derivative reports, but none of the email messages or reports.

A year ago, the TSA declared its munged partial response “complete”. We filed an administrative appeal, and six months later, the TSA’s appeal officer partially upheld our appeal and remanded our request for a further search for email messages and policies.

After eight more months, we’ve finally received a redacted image of the 2013 version (the version in effect when we first made our request) of the TSA’s ID Verification Call Center “Standard Operating Procedures”.

By the time the TSA finally looked for the email messages on which some of the reports were based, after our appeal was upheld, those messages had all been deleted:

No email messages pertaining to the responsive records were located. The email account utilized to prepare and distribute the TSOC reports was centralized into the National Transportation Vetting Center email account, and all emails created during that time associated with the TSOC reports already released to you have been deleted.

Ultimately, the  ID Verification SOP leaves the final decision on whether a would-be airline passenger is allowed to travel to the standardless discretion of the TSA staff person in charge for each airport, the Federal Security Director (FSD) or their designee.

There are some other curious statements between the redactions in the version of the  ID Verification SOP released to us by the TSA.

According to the SOP:

Under these procedures, passengers are required to produce acceptable identification to a TSA Screening Representative (TSR) before proceeding to the security checkpoint. Passengers who do not produce acceptable identification and who fail to assist TSA personnel in adequately identifying their identity will be denied entry.

There is no indication of the legal basis, if any, for this TSA claim that airline passengers have an affirmative duty to  “produce acceptable identification” or “assist TSA personnel in adequately identifying their identity”, or what the basis would be for denial of passage.

The SOP also contains a bizarre assertion in section 2.5.9 of the SOP that the COI form (TSA Form 415), which travelers without ID or with unacceptable ID are required to complete and sign, is “Sensitive Security Information” (SSI) which is “not to be circulated to the public” and which passengers must surrender to checkpoint or TSA staff on demand. The SOP doesn’t say how this form could be held to constitute SSI.

TSA Form 415 has already been made public in response to another of our FOIA requests, and the Paperwork Reduction Act requires that forms used to collect information from the public be published for comment before they are approved.

In 2016, after using Form 415 and its unnumbered predecessor illegally for years, the TSA published a notice that it planned to apply for approval of this form (to which we objected). But the TSA has yet to apply for, much less receive, the approval it would need before using this form.

Mar 13 2018

Is the DHS using this Unisys pre-crime software?

A press release last week from Unisys gives a disturbing glimpse into the extent to which border guards — possibly including US Customs and Border Protection (CBP) and other components of the US Department of Homeland Security — are making decisions on the basis of automated “pre-crime” predictions of future bad actions or bad intentions.

Unisys describes its “LineSight” (TM)  product as,

[N]ew software that uses advanced data analytics and machine learning to … enable border agents to make … on-the-spot decisions about whether to trigger closer inspection of travelers … before admitting them into a country…. The solution [sic] uses advanced targeting algorithms to continuously ingest and analyze high volumes of data from multiple sources and to flag potential threats in near real time. For travelers crossing borders, LineSight assesses risk from the initial intent to travel and refines that risk assessment as more information becomes available – beginning with a traveler’s visa application to travel, reservation, ticket purchase, seat selection, check-in and arrival.

Think about what this means: This is not a tool for investigation of illegal conduct or prosecution of people who have committed crimes. It presumes that government agencies will be sufficiently deeply embedded in travel industry infrastructure and have the surveillance capability to know as soon as you form an “initial intent to travel”. It’s being marketed to government agencies as a “pre-crime” system alleged to have “pre-cognitive” ability to predict intentions and future actions, and to generate its own algorithms for doing so:

“Many legacy border security solutions identify potentially risky travelers and cargo based on previously known threats – which is kind of like driving a car and only using your rear view mirror,” said Mark Forman, global head of Unisys Public Sector….

LineSight does not depend solely on pre-defined pattern matching rules; it also includes predictive analytics and machine learning that allow the system to learn from experience and automatically generate new rules and algorithms to continuously improve assessment accuracy over time.

Decisions about which travelers should be subjected to more intrusive searches should be be made on the basis of probable cause to believe that  crimes have been committed, not on the basis of fantasies of “pre-cognitive” pre-crime prediction.

It’s wrong to delegate judicial decisions to administrative agencies, wrong to further delegate those decisions to software ‘bots, and wrong to set those robots loose to make up their own rules to govern whch individuals are subjected to searches or other sanctions.

Read More

Mar 07 2018

FOIA request for information about DHS “Extreme Vetting”

Despite a “shell game” of changing program names, most recently “Visa Lifecycle Vetting”, the general intent of what the DHS and President Trump previously refered to as the “Extreme Vetting Initiative” is clear and has remained unchanged:

  1. To expand the ongoing unconstitutional warrantless and suspicious surveillance of refugees, asylum seekers, immigrants, foreign residents, and US citizens who travel internationally, so that this dragnet sureveillance will be carried on continuously rather than only in conjunction with specific controlled actions such as vsia issuance or  entering or leaving the US, as though international travel were per se probable cause for search and surveillance rather than the exercise of a right; and
  2. To convert the present systems for making decisions as to who is or is not issued a visa or electronic “travel authorization“, allowed to enter or leave the US, or allowed to exercise their right to travel by common carrier, which are already based on pre-crime profiling, into a system of continuous pre-crime policing under which DHS pre-cogs can assign extrajudicial adverse consequences at any time, not just when individuals are attempting to engage in specific controlled actions.

While the DHS has made its intent clear, it has provided few details about who would be subjected to this “vetting”, what data would be used as inputs to the pre-crime prediction system, what algorithms would be used to make predictions, or what procedures would be followed in assigning consequences. More of this information has been provided in “Industry Day” briefings to private contractors to which these extraducial functions would be outsourced than to the public.

In November 2017, we joined dozens of other organizations in a letter to the Secretary of Homeland Security opposing and requesting more information about this program.

The response to our letter was a cursory brush-off providing no further information.

So this month, as part of a coalition led by Muslim Advocates, we filed a request under the Freedom of Information Act (FOIA) for more information about these DHS programs, including infomation about outsourcing of “vetting” to private conteractors and about DHS monitoring of social media.

We requested expedited processing of our request, but we don’t expect a prompt response. The DHS has a dismal track record of noncompliance with FOIA deadlines. But we hope that this request will eventually help us learn more about DHS surveillance and control of immigrants, foreigners, and travelers, including which companies are building the infrastructure of this police state.

Dec 15 2017

“Continuous screening” means continuous surveillance and control

Today the Identity Project joins more than 20 other government-accountability and civil liberties organizations in a joint letter opposing S. 2192, the “SECURE Act of 2017”, which  was introduced in the Senate earlier this month and immediately placed on the Senate calendar for a floor vote at any time.

The name of this bill is Newspeak. It is not about security, but about surveillance and control of immigrants, borders, and international travelers, including  U.S. citizens.

The coalition letter to members of Congress that we signed today focuses on Sections 6002-6003 (pp. 488-499) of S. 2192,  which would authorize the Secretary of Homeland Security, Secretary of State, or Attorney General to exempt their respective Federal departments from the Administrative Procedure Act,  the Privacy Act, and the Paperwork Reduction Act with respect to a wide range of border control and surveillance activities.

The Administrative Procedure Act (APA) spells out the details of Constititionally-required “due process” as it applies to administrative decision-making by Federal agencies. Decisions adversely affecting individuals’ rights made without complying with the APA would be highly likely to violate Constitutional norms of due process.

Exemption from the Privacy Act  would allow the creation and maintenance, without notice, of secret Federal government databases about U.S. citizens, and the use of secret, unreliable, uncorrected, and/or irrelevant data as the basis for decisions to deny U.S. citizens their rights. These practices would also be likely to be unconstitutional.

Many of the provisons of S. 2192 are copied from S. 1757, an earlier omnibus “border control” bill we criticized when it was introduced in September.

Like its predecessor S. 1757, S. 2192 incorporates a patently unconstitutional “Passport Revocation Act” (Section 1632, pp. 446-448), which would purport to authorize revocation or refusal to issue or renew a U.S. passsport, and the prohibition of departure from or return to the U.S., on the guilt-by-association basis of (1) an extrajudicial  administrative designation of an organization as a “foreign terrorist organization”, and (2) an extrajudicial  administrative determination by the State Department that a U.S. citizen is “affiliated” with such an organization (without the law defining the meaning of “affiliated”).

The number of references to the “unreviewable discretion” of officials and agencies has increased from 14 in S. 1757 to 17 in S. 2192.

S. 2192 also includes provisions from S. 1757 mandating government monitoring of activities and ideas expressed on social media, and the use of this surveillance data for making visa decisions and for “continuous screening” (continuous surveillance and control) of immigrants, foreign residents (including permanent residents), and foreign-citizen visitors to the U.S.

As the letter we sent today concludes, “We oppose these provisions in S.2192 and any other border security bill.”
Nov 16 2017

“Extreme Vetting” would be a #PreCrime #DigitalMuslimBan

Today The Identity Project joined 55 other civil rights, civil liberties, government accountability, human rights, immigrant rights, and privacy organizations in calling on the US Department of Homeland Security to abandon its Extreme Vetting Initiative.

The essential goal of the DHS Extreme Vetting Initiative is to extend the bogus “pre-crime” prediction algorithms and methods based on “big data” from suspicionless mass surveillance, already being used by the DHS and its partner agencies in the US and abroad to decide who is allowed to board airplanes, to a broader range of decisions about who is allowed to travel to, or reside or remain in, the US.

But the DHS doesn’t have any “pre-cogs”, human or robotic, to make these predictions. And prior restraint of our movements or other activities based on predictions of future criminality is not only impossible (and inherently subject to abuse by those who create the predictive and decision-making algorithms) but an affront to fundamental notions of justice, due process, and human rights.

According to a joint letter we sent today to the Acting Secretary of Homeland Security, Elaine Duke:

We write to express our opposition to Immigration & Customs Enforcement’s proposed new Extreme Vetting Initiative, which aims to use automated decision-making, machine learning, and social media monitoring to assist in vetting of visa applicants and to generate leads for deportation. As it is described in ICE documents, this program would be ineffective and discriminatory. It would also pose a signal threat to freedom of speech and assembly, civil liberties, and civil and human rights. We urge the Department of Homeland Security to abandon this effort….

The goal of the Extreme Vetting Initiative is to “develop processes that determine and evaluate an applicant’s probability of becoming a positively contributing member of society as well as their ability to contribute to national interests,” using analytic capabilities including machine learning.  ICE also seeks to “develop a mechanism/methodology that allows [the agency] to assess whether an applicant intends to commit criminal or terrorist acts after entering the United States.”

In reality, as a group of prominent technologists advised in a recent letter, “no computational methods can provide reliable or objective assessments of the traits that ICE seeks to measure.” There is no definition anywhere in American law of what it means to be a “positively contributing member of society” or to “contribute to national interests,” posing a risk that ICE will exercise maximal latitude to discriminate beneath the cover of an unproven algorithm….

Confirming that ICE’s focus is on quantity rather than quality, the agency has announced that the winning vendor for the Extreme Vetting Initiative contract must “generate a minimum of 10,000 investigative leads annually” – without regard to how many leads are actually appropriate….

The Extreme Vetting Initiative will also undoubtedly chill free expression, contravening the First Amendment and international human rights, such as those contained in the Universal Declaration of Human Rights, for which the United States has registered official support, and the International Covenant on Civil and Political Rights, to which the U.S. is a party… These risks are particularly acute in light of existing initiatives to ask travelers to identify all of their social media handles in order to obtain permission to travel to the United States….

Through the Extreme Vetting Initiative, ICE seeks to automate the process by which the U.S. government targets, finds, and forcibly removes people from our country…. But this system … risks hiding politicized, discriminatory decisions behind a veneer of objectivity – at great cost to freedom of speech, civil liberties, civil rights, and human rights.

Palantir Technologies has already become a target of criticism for its role in building tools for “extreme vetting”. (See our report from a protest outside the home of Palantir founder Peter Thiel earlier this year, and this recent 10-minute video, “Is Silicon Valley Building the Infrastructure for a Police State? New AI tools could empower the government to violate our civil liberties.“)  Now IBM, which attended a recent outreach day for Extreme Vetting Initiative contractors and has declined to distance itself from bidding to build the pre-crime program, is also being targeted by a petition asking IBM to “back up your verbal support of immigrants by publicly rejecting and denouncing the Extreme Vetting Initiative and pledge to not bid on any contract to build the tool.”

Sep 18 2017

TSA says it doesn’t know how to copy files

We’ve gotten used to delays, obstruction, and slander from TSA privacy and Freedom Of Information Act (FOIA) officers. Sometimes it’s hard to tell whether these result from incompetence, under-staffing, lack of diligence, mendacity, malice, or some combination of these and/or other factors.

The latest in these TSA FOIA follies is a letter we got last week from the TSA’s FOIA appeal officer, saying that the TSA doesn’t know how to copy computer files, and doesn’t know the names of any of the files on their computers or any other filesystem information or metadata about those files:

You assert that TSA should be able to reproduce digital files as bitwise copies. TSA does not maintain records in bitwise format nor can we produce records in such a format. Additionally,… the file or filesystem data or metadata from the raw format of the records are not available.

Where does this nonsense come from? Do the officials making these statements really believe them, or expect us to?

Read More

Sep 13 2017

Federal court can review the Constitutionality of Federal blacklists

A Federal judge has ruled that yes, he can review the Constitutionality of Federal blacklists (euphemistically but misleadingly labeled “watchlists”).

That should be an unsurprising finding. But “pre-crime” and predictive policing programs, including decisions to put people on blacklists that are used to control what they are and aren’t allowed to do, have largely operated in secrecy and outside the rule of law.

Rather than defending blacklisting programs or individual blacklisting decisions, the Federal government — under both Democratic and Republican administrations — has consistently argued that it should not be required to disclose, explain or defend these decisions, the identity of the decision-makers, the criteria for their decisions, or the “derogatory” information on which these decisions are purportedly based, either to the people who have been blacklisted or to the courts.

Too often, even sixteen years after 9/11/2001, courts still traumatized by memories and fears of 9/11 have acquiesced to these Executive-branch claims that the conduct of the “war on terror” is exempt from judicial review.

In this context, the decision last week by Judge Anthony Trenga of the U.S. District Court for the Northern District of Virginia, rejecting the government’s motion to dismiss a lawsuit by blacklisted Muslim Americans, is one of the most significant steps to date toward legal accountability for the DHS and its accomplices in the war at home against Americans secretly accused and extrajudicially sanctioned through Federal blacklisting.

The decision comes in a case brought by the Council on American-Islamic Relations (CAIR) on behalf of 24 individuals and as as a class action on behalf of all those who have suffered adverse consequences as a result of arbitrarily and without due process being named on Federal blacklists (“watchlists”) . As we reported when this case was filed last year, it’s the most fundamental challenge to date to the Constitutionality of the entire scheme of DHS and FBI pre-crime blacklists based on secret administrative procedures and algorithms rather than on court orders such as criminal convictions, injunctions, or restraining orders.

Read More

Jul 20 2017

Fact-checking the FAQs on ID to fly

In May and June of 2017, several new FAQs about “requirements” for travel on common-carrier airlines were posted on TSA.gov and DHS.gov:

Statements about current and future ID “requirements” similar to those on these websites have also appeared on official signs in some airports.

It should go without saying that neither government websites nor informational signs in airports create legal rights or obligations or can be relied on as authoritative statements of the law.

Federal law is contained in the US Constitution, international treaties duly ratified by the US in accordance with the US Constitution, the US Code, and US Public Laws. Federal regulations are contained in the Code of Federal Regulations. The Freedom of Information Act requires that binding Federal agency rules, regulations, and orders of general applicability be published in the Federal Register.

If you want to know what the law says, you need to read the law, not press releases from government agencies or anyone else (including us!).

This is especially important with respect to the TSA, since the TSA website and TSA signs in airports have for years included statements about ID requirements to fly that have been disclaimed by TSA witnesses testifying under oath and by TSA lawyers arguing before Federal courts.

So what is the TSA saying now about ID to fly? Is it true? And is it legal?

The TSA’s latest public statements are more accurate than some of the agency’s previous press releases about ID to fly, and may (although we can’t really tell, given the absence of fomal proposals or published rules) accurately describe the changes the TSA intends to implement. But major questions remain about the legality of both current and possible future ID practices at TSA and contractor checkpoints at US airports.

Read More

May 23 2017

TSA reveals that “Naked American Hero” John Brennan wasn’t alone

Last week three judges of the 9th Circuit Court of Appeals upheld the TSA’s administrative decision to fine “Naked American Hero” John Brennan $500 for taking off all his clothes to protest TSA’s practices and to show that he wasn’t hiding any explosives under his clothes despite a false-positive result from a TSA swab test for residue of explosives.

At the same time, the TSA revealed that Mr. Brennan was not alone: At least two other air travelers have been fined in  recent years for taking off all their clothes in response to TSA demands that they submit to “pat-down” searches for weapons and explosives.

The judges on the 9th Circuit panel claimed not to believe that viewers would understand Mr. Brennan’s symbolic speech — notwithstanding the public reaction that made clear that Mr. Brennan’s expressive intent and message were perfectly clear to those who heard about what he had done. According to thre court’s “unbpublished” (it;s actually public, but can’t be cited as precednt in future cases) opinion:

Brennan’s core contention is that stripping naked in the middle of a TSA checkpoint is expressive conduct protected by the First Amendment. But Brennan fails to carry his burden of showing that a viewer would have understood his stripping naked to be communicative. Therefore, his conduct is not protected by the First Amendment.

The TSA fine was based on the claim that Mr. Brennan “interfered” with TSA screening because the TSA stopped screening him in order to stare at, or perhaps in order to avert their eyes from, Mr. Brennan’s naked body, or diverted their attention to trying to shield other travelers from sight of him.

But the TSA never claimed that Mr. Brennan’s nakedness violated any Federal law or regulation, and the local courts dismissed the criminal charges brought against him under state and municipal law on the grounds that his nakedness was, in the circumstances, protected by Oregon law. Mr. Brennan could legally have shown up at the TSA checkpoint already naked, and the duty of the TSA would have been to allow him to proceed unless “screening” showed him to be a threat to aviation security.

TSA staff and contractors are often distracted from their duties by the appearance of the travelers they are inspecting and groping. But that’s not a lawful basis for sanctions against those travelers. Mr. Brennan is not responsible for the decision of the TSA staff to stop doing their job because of what he looked like or how he was (legally) dressed or undressed.

The court found that the TSA rule against “interfence” isn’t unconstitutionally vague, even as applied to Mr. Brennan’s entirely peaceful and nonviolent conduct:

We have long recognized that “‘interfere’ has such a clear, specific and well-known meaning as not to require more than the use of the word[] . . . in a criminal statute.” In other words, the word has a “settled legal meaning[].” And courts have often defined and applied it, but never in a way that would lead a person of ordinary intelligence to think that he or she could strip naked at a TSA checkpoint and refuse to get dressed, leading to the closure of the checkpoint.

The court’s error, of course, is the mistaken claim that it was Mr. Brennan’s actions, rather than the choice of the TSA to abandon their duties and refuse either to screen a naked man or allow him to proceed once they could see he had no concealed weapons, that “led to” the closure of the checkpoint.

The 9th Circuit was the first (and only) court to review the Constitutionality of the TSA’s administrative fine of Mr. Brennan. TSA administrative decision-makers are forbidden from considering whether the regulations, policies, and practices they enforce are legal or Constitutional.

Brennan v. TSA and DHS was fully briefed before the 9th Circuit two years ago. Earlier this year, after a long silence, the court scheduled oral argument, which was to have been held earlier this month in Portland. Then, on its own initiative and without explanation, the court cancelled the scheduled oral argument, and decided the case a few days later on the written arguments. Our best guess is that one of the three judges on the panel had questions about a draft opinion, but was persuaded or decide to withdraw them.

Mr. Brennan discussed his original protest and his thoughts on the 9th Circuit decision in a lengthy interview with Portland TV station KGW. Some excerpts:

Read More

May 10 2017

New long form proposed for (some) applicants for U.S. visas

The Department of State has requested “emergency” approval  from the Office of Management and Budget for a new questionnaire which some applicants for U.S. visas would be required to complete.

The questions on the proposed new “long form” for disfavored visa applicants would include:

  • Travel history during the last fifteen years, including source of funding for travel [how many frequent business travelers would be able to provide a complete and accurate 15-year retrospective itinerary of their travels?];
  • Address history during the last fifteen years;
  • Employment history during the last fifteen years;
  • All passport numbers and country of issuance held by the applicant [for an unspecified time period, so perhaps meaning for your entire life];
  • Names and dates of birth for all siblings;
  • Name and dates of birth for all children;
  • Names and dates of birth for all current and former spouses, or civil or domestic partners;
  • Social media platforms and identifiers, also known as handles, used during the last five years; and
  • Phone numbers and email addresses used during the last five years.

Applicants required to complete this form could include tourists and other short-stay visitors (business, visiting friend and relatives, etc.) as well as applicants for work, student, refugee, or other visas.

As with the “long form” supplemental questionnaire for U.S. citizens applying for passports, some but not all applicants for visas to visit or reside in the U.S. will be required to complete the proposed new form. The State Department says it expects to require about 65,000 people a year, or half a percent of all applicants for U.S. visas, to complete the proposed new long from.

As with the long form passport application, there are no publicly-disclosed standards or procedures for judicial review of decisions by State Department staff to require particular individuals to complete the long form. Those decisions would be “discretionary”, meaning that they would be arbitrary and could be discriminatory.

Most people would be unable to provide complete answers to some of the questions on the long from, or would inevitably leave things out or make mistakes that would provide a basis for denial of their application.  The proposed “discretionary” long form is thus a pretext for arbitrarily selective denial of entry to the U.S., at the whim of State Department staff and/or on the basis of secret pre-crime algorithms, as well as of arbitrarily selective surveillance of certain foreign citizens.

Comments on the “emergency” proposal for this new questionnaire can be submitted to the Office of Management and Budget through May 18, 2017.