Apr 27 2017

Is the TSA checking domestic airline passengers for warrants?

Entities and data flows involved in decision-making (“vetting”) about travelers. Larger image, PDF with legend.

The latest annual report on data-mining by the Department of Homeland Security contains a disturbing hint that the TSA may have gotten the ability to include checks for warrants and police “wants” in its “vetting” of passengers on domestic airline flights.

This would turn airline check-in counters and kiosks and TSA checkpoints for domestic air travel into dragnet suspicionless warrant checkpoints.

According to page 16 (page 19 of the PDF) of the newly-released 2016 DHS Data Mining Report, “An annex to this report containing Sensitive Security Information (SSI) about Secure Flight’s use of ATS-P is being provided separately to the Congress.”

What data from ATS, to which the TSA didn’t already have independent access,  is being used by the TSA as part of Secure Flight? For what purpose?

In the diagram above (larger image, PDF with legend), the solid green line shows the transfer of data from the FBI’s “National Criminal Information System” (NCIC) criminal history database to CBP’s “Automated Targeting System” (ATS) for use in “vetting” international airline passengers. The dashed green line shows the newly-disclosed transfer of ATS data to the “Secure Flight” system used by the TSA to “vet” domestic airline passengers. This could allow the TSA to check all domestic airline passengers for warrants and “wants” listed in NCIC, as CBP already has the ability to dos for all international airline passengers on flights to or from the US.

There is no explicit mention in the public portion of the DHS report of TSA use of NCIC data for decision-making (“vetting”) about domestic air travelers. But as the diagram above shows, almost all of the other data contained in ATS is already available directly to the TSA for use in Secure Flight. It’s not clear what data from ATS, other than criminal history data imported to ATS from NCIC, the TSA doesn’t already obtain directly without needing to get it from ATS.

Records of arrest warrants in NCIC are often inaccurate, as we have noted before. It’s especially common for the issuance of a warrant to be reported to the FBI for inclusion in NCIC, but for the later cancellation of that warrant not to be reported to NCIC. NCIC contains hundreds of thousands, perhaps millions, of listings for warrants that are no longer valid. Using TSA “vetting” of domestic airline passengers as a suspicionless dragnet for “wanted” individuals would inevitably result in the detention and arrest of many innocent people at TSA checkpoints on the basis of inaccurate NCIC data.

Normally, warrant checks are permissible only on the basis of reasonable articulable suspicion that a person has committed a crime. The current CBP checks of international travelers for warrants, police “wants”, and investigative “lookouts” have been permitted only as part of a judicially-created border exception to the 4th Amendment to the US Constitution. There is no comparable “airport exception” to the 4th Amendment that would allow suspicionless dragnet warrant checks on domestic travelers by the TSA. Travel is not an inherently suspicious activity. It’s the exercise of a Constitutional and human right, and cannot in itself be the basis for warrant checks.

Members of Congress should look closely at the secret annex to the 2016 DHS Data Mining Report, and question the DHS and TSA as to whether they are using, or intend to use, data obtained from NCIC (directly or indirectly through ATS or otherwise) to conduct warrant checks on domestic air travelers.

If any of our readers has information about someone being identified for arrest on an outstanding warrant (valid or invalid) on the basis of TSA “screening”, rather than on the basis of an independent police warrant check based on reasonable suspicion, please let us know.

Nov 18 2016

What does Donald Trump’s election mean for our work?

We endorsed neither Hillary Clinton, Donald Trump, nor any other candidate for elected office. So what does the presumptive election of Donald Trump as President of the U.S. — when the electors cast their ballots on December 19, 2016, and the votes are counted on January 6, 2017 — mean for the work of the Identity Project?

First and foremost, it means that our work, and the need for it, will continue — as it has under previous administrations, both Democratic and Republican.

Human and Constitutional rights are, by definition, no more dependent on the party affiliation of the President, if any, than on our own. Freedom is universal. Our defense of the right of the people to move freely in and out of the U.S. and within the country, and to go about our business, without having our movements tracked and our activities logged or having to show our papers or explain ourselves to government agents, has been and will remain entirely nonpartisan.

We will continue to criticize those who restrict our freedoms and infringe our rights, regardless of their party, just as we have criticized the actions of both the Obama and Bush administrations and of members of Congress and other officials of both parties, many of whom remain in power despite the changes at the top.

Attacks on our liberty have been, and remain, just as bipartisan as our resistance to them. This is especially true of the imperial power which the Presidency has been allowed to accrue, and which is exercised through Presidential proclamations, executive orders, and the secret law (or, to be more accurate, lawlessness) of Federal agency “discretion”. Those who acquiesced in the expansion of Presidential power and executive privilege because they thought that it would be used to their benefit by a President of their own party have only themselves to blame if that power is later used against them by a new President of a different party, or without allegiance to a traditional party hierarchy.

Many of the most imminent ID-related threats are those that arise from existing laws or extrajudicial administrative practices, the limits of which — in the absence of legislative or judicial oversight and checks and balances — are set solely by executive order. Where President Trump can make changes to ratchet up repression, to register and track both U.S. and foreign citizens, and to monitor and control our movements within the country and across borders, with the stroke of a pen, we don’t expect that he will hesitate to wield the power he has inherited to govern by issuing public decrees or by giving secret orders to his minions.

In some of these cases, Federal officials and the homeland-security industrial complex of contractors, confident that the incoming occupant of the White House will bless their efforts to anticipate has desires, may take action even before they are ordered to do so. This seems especially likely, in our area of concern, with respect to (1) the DHS implementation schedule and requirements for the REAL-ID Act,  (2) the TSA’s longstanding desire to enforce and eliminate exceptions to a de facto ID requirement for air travel that lacks any basis in statute and contravenes the U.S. Constitution and international law, and (3) expanded use of ID and surveillance-based pre-crime profiling (President-to-be Trump calls it “extreme vetting”) as the basis for control of movement, especially across borders.

We will be watching closely and reporting on signs of activity on all these fronts, some of which are already visible.

Now more than ever, we need your support — not just helping us to defend your rights, but asserting your rights and taking direct action to defend them yourselves. “The limits of tyrants are prescribed by the endurance of those whom they oppress.”

We invite you to join us in our continued resistance to all lawless attacks from any and all sides on our Constitution, our freedom, and our human rights.

Sep 27 2016

Proposed laws would expand travel controls from airlines to passenger railroads

Legislation has been introduced in both the USA and Belgium to subject rail travelers to the same sorts of travel surveillance schemes that are already being used to monitor and control air travelers.

If these proposals are enacted into law, passenger railroads would be required to collect and enter additional information such as passport or ID numbers and dates of birth (not currently required or routinely included in US or European train reservations) in Passenger Name Records (PNRs), and transmit rail travel itineraries and identifying information about passengers to the government, in advance.

As is already the case for all airline travel in the USA, including domestic travel, railroads would be forbidden to allow any passenger to board unless and until the railroad receives an explicit, affirmative, individualized, per-passenger, per-flight permission-to-board message (“Boarding Pass Printing Result”) from the government.

In both the USA and Belgium, the proposed legislation would create legal conflicts with civil liberties and human rights, and practical conflicts with railroad business processes and IT capabilities.

Read More

Jan 09 2015

“CAPPS IV”: TSA expands profiling of domestic US airline passengers

Under color of a vestigial provision of Federal law related to an airline passenger profiling program that was discontinued more than four years ago, and applying the name of that program (and attempting to apply the same legal mandate) to an entirely new scheme, the TSA is adding a new, additional layer of passenger profiling to its pre-crime system for domestic airline flights within the United States.

The existence and TSA-mandated implementation of the new so-called “Computer-Assisted Passenger Prescreening System (CAPPS)” was first disclosed publicly in an obscure posting this Monday on the DHS website and an equally obscure notice published the same day in the Federal Register.   According to both documents, the new CAPPS scheme has been under development since at least 2013, in secret collaboration between the TSA, the inter-departmental National Counterterrorism Center (NCTC), airlines, and private contractors.

What was the old CAPPS? What is the new CAPPS? And what does this mean for the rights of travelers?

Answering these simple-seeming questions requires understanding the history of government-mandated airline passenger profiling in the US and the shell game of labels that the government has applied to profiling schemes, as well as careful parsing of this week’s abstruse and uninformative (to the uninitiated) official notices.

Read More

Oct 17 2014

“Travelers, say bon voyage to privacy”

We talked at length with Watchdog investigative reporter Dave Lieber for his column in today’s Dallas Morning News: Travelers, say bon voyage to privacy.

Lieber hits the nail on the head by calling out how few travelers realize that the U.S. government is keeping a permanent file of complete mirror copies of their reservations:

Did you know that when you buy an airline ticket and make other travel reservations, the government keeps a record of the details?

If airlines don’t comply, they can’t fly in the U.S., explains Ed Hasbrouck, a privacy expert with the Identity Project who has studied the records for years and is considered the nation’s top expert.

Before each trip, the system creates a travel score for you…. Before an airline can issue you a boarding pass, the system must approve your passage, Hasbrouck explains….

The idea behind extensive use of PNRs [Passenger Name Records], he says, is not necessarily to watch known suspects but to find new ones.

Want to appeal? “It’s a secret administrative process based on the score you don’t know, based on files you haven’t seen,” Hasbrouck says….

Hasbrouck says: “You can’t keep files on everybody in case you want some dirt on them. That’s what J. Edgar Hoover did. We’ve been through this before in this country. Think of all the ways those files targeted innocent people and were misused. People’s lives were destroyed on the basis of unfounded allegations.

“Do we want to go back to that?”

For those whose curiosity has been piqued, here are links to more about this issue:

The FAQ, What’s in a Passenger Name Record (PNR)?, includes links to examples of PNR data, templates to request your travel history and PNR files from DHS, and information about our lawsuit against DHS to try to find out what files it has about us and how it has used and “shared” them.

Requirements for airlines to send passenger data to the government, and receive individualized (per-passenger, per-flight) permission from the government before issuing a boarding pass, are contained in two separate sets of DHS regulations: Secure Flight for domestic flights and the Advance Passenger Information System (APIS) for international flights. (More about the APIS regulations.)

The system of “pre-crime” profiling and assigning scores to all air travelers was discussed in recent government audit reports and at a Congressional hearing last month, and in a front-page story in the New York Times, in which we were quoted, last year.

There’s a good overview of the government’s travel surveillance and control process in a talk by Edward Hasbrouck of the Identity Project that was broadcast on C-SPAN</a> last year. The slides from that talk include diagrams of the system and examples of PNR data and other government files about travelers.

Sep 26 2014

What happens if you fit the DHS profile even though you aren’t a threat?

In a self-assessment published this week by the DHS on the integration of DHS programs for surveillance, profiling, and control of airline passengers (the TSA’s Secure Flight for domestic flights and the CBP’s Automated Targeting System for international flights), the DHS says it is reducing to 15 years the length of time for which DHS will retain logs of people who were singled out for special treatment as “matches” on the basis of (secret) DHS profiling algorithms, but who were “ultimately determined not to be a threat.”

The DHS will still keep its TECS log entries for the trip itself, and will be able to retrieve a new copy of your PNR (airline reservation record) from the airline or CRS (database hosting company) at any time, even if DHS has deleted its previous mirror copy or copies.  But the DHS will purge its record of having wrongly flagged you as a suspect if you’ve stayed out of trouble for the subsequent 15 years:

Records created about an individual associated with a confirmed or possible match to a watchlist that require additional analysis in the ATS case management module ATS-Targeting Framework (TF) will be retained for 15 and seven years respectively in ATS if the individual is ultimately determined not to be a threat. However, COP information maintained only in ATS that is linked to a specific case or investigation will remain accessible for the life of the law enforcement matter to support that activity and other enforcement activities that may become related. In addition, CBP may include information in TECS on individuals who may need additional scrutiny.

The DHS privacy impact self-assessment confirms that the DHS has shifted from blacklist/whitelist matching to real-time profiling and scoring as its methodology for making fly/no-fly and “intrusiveness of search” decisions.  The self-assessment also makes explicit that the reason for long-term retention by DHS of mirror copies of the commercial airline records is to enable subsequent pre-crime data mining:

It is over the course of time and multiple visits that a potential risk becomes clear. Travel records (including historical records), are essential to assist CBP officers with their risk-based assessments of travel indicators and identifying potential links between known and previously unidentified terrorist facilitators. Analyzing these records for these purposes allows CBP to effectively identify suspect travel patterns and irregularities.

Sep 22 2014

GAO audit confirms TSA shift to pre-crime profiling of all air travelers

A Congressional hearing last week on the so-called “Secure Flight” system for “screening” domestic air travelers confirmed that the TSA has completed a shift from blacklist and whitelist matching to a comprehensive real-time pre-crime profiling system that assigns each air traveler a  “risk assessment” score on the four-step scale we’ve previously described and which is illustrated above in the latest GAO report.

Redacted versions of three audit reports on Secure Flight by the Government Accountability Office (1, 2, 3) were made public in conjunction with GAO testimony at the hearing.  According to one of those reports, “Secure Flight” started out as a blacklist and whitelist matching system:

Since implementation began in January 2009, the Secure Flight system has identified high-risk passengers by matching SFPD [against the No Fly List and the Selectee List, subsets of the Terrorist Screening Database (TSDB), the U.S. government’s consolidated watchlist of known or suspected terrorists maintained by the Terrorist Screening Center, a multiagency organization administered by the Federal Bureau of Investigation (FBI)…. To carry out this matching, the Secure Flight system conducts automated matching of passenger and watchlist data to identify a pool of passengers who are potential matches to the No Fly and Selectee Lists. Next, the system compares all potential matches against the TSA Cleared List, a list of individuals who have applied to, and been cleared through, the DHS redress process.

But that’s not how it works any more. According to the same GAO report:

Since January 2009, the Secure Flight program has changed from one that identifies high-risk passengers by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. Specifically, Secure Flight now identifies passengers as high risk if they are matched to watchlists of known or suspected terrorists or other lists developed using certain high-risk criteria, as low risk if they are deemed eligible for expedited screening through TSA Pre-Check — a 2011 initiative to preapprove passengers for expedited screening — or through the application of low-risk rules, and as unknown risk if they do not fall within the other two risk categories. To separate passengers into these risk categories, TSA utilizes lists in addition to the No Fly and Selectee Lists, and TSA has adapted the Secure Flight system to perform risk assessments, a new system functionality that is distinct from both watchlist matching and matching against lists of known travelers.

We’ve said from the start that Secure Flight would not be limited to “list matching” and would assign risk scores to all travelers. Now that’s been confirmed by GAO auditors.  When the TSA talks about “risk-based screening”, what they mean is “pre-crime profiling” of all air travelers — part of a larger pattern of “predictive” pre-crime policing through surveillance and profiling.

The diagram at the top of this article shows what the GAO says the current “Secure Flight” profiling process, and its consequences, look like. Note the references to “risk assessments” and “rules-based lists”, although in fact these are real-time scoring systems and there are no publicly-disclosed “rules”.

Read More

Jul 28 2014

US government’s witchhunting manual made public

The Intercept has published the March 2013 edition of the US government’s Watchlisting Guidance. This 166-page document, previously kept secret as Sensitive Security Information (SSI), provides standardized but not legally binding “guidance” to Federal executive agencies as to how, on what basis, and by whom entries are to be added to or removed from terrorism-related government “watchlists”, and what those agencies are supposed to do when they “encounter” (virtually or in the flesh) people who appear to match entries on those lists.

The Intercept didn’t say how it obtained the document.

The “Watchlisting Guidance” is the playbook for the American Stasi, the internal operations manual for a secret political police force.  As such, it warrants careful and critical scrutiny.

Most of the initial reporting and commentary about the “Watchlisting Guidance” has focused on the substantive criteria for adding individuals and groups to terrorism watchlists.  Entire categories of people can be added to watchlists without any basis for individualized suspicion, as discussed in Section 1.59 on page 26 of the PDF.

These criticisms of the watchlisting criteria are well-founded. But we think that there are at least as fundamental problems with what this document shows about the watchlisting procedures and the watchlist system as a whole.

Read More

Mar 13 2014

UN Human Rights Committee review of US implementation of the ICCPR: Day 1

Public questioning by the UN Human Rights Committee (UNHRC) of a delegation from the US government on the subject of US implementation (or not) of the International Covenant on Civil and Political Rights (ICCPR) began today in Geneva, Switzerland, and will continue tomorrow. The proceedings are part of the periodic review of each party to the ICCPR, which the treaty itself mandates be conducted every five years by the UNHRC.

The UNHRC consists of independent individual experts, not representatives of national governments as in the confusingly similarly-named UN Human Rights Council. The ad hoc 32-member US delegation consists of high-level but not top-level officials (e.g. the Acting Deputy Assistant Secretary of Homeland Security for Policy) from half a dozen Federal executive (administrative) agencies led by the Department of State, along with officials from one state (Mississippi) and one municipal (Salt Lake City, UT) government.

With well-designed symbolism, the members of the the US government delegation and the UN Human Rights Committee, facing each other across the central well of the circular Salle XVIII in the UN’s “Palais des Nations”, were almost encircled by rising rings of observers from an NGO delegation of unprecendented size and diversity. Almost 100 human rights activists, mainly from the  the USA but also from other countries where people are concerned about human rights violations in the US and by the US government, came to the UNHRC session. Many more organizations who couldn’t afford to attend the session in Geneva in person made written submissions in advance to the UNHRC of suggestions for issues, questions, and “concluding observations”.

Members of the UNHRC welcomed the NGO presence — unprecedented in scale and diversity — despite describing it in their opening remarks as “overwhelming”.  Human rights aren’t just an issue for women or for people of color, and the US rainbow is well represented. But it says a great deal about the unbalanced gender and racial burdens of human rights violations in the US that perhaps 80% of the US NGO delegation are women and a similar percentage are people of color. Traditional leaders and tribal governments of Native Americans, Native Alaskans, and Native Hawaiians are also in attendance, lumped together by UN procedural rules with “non-governmental” organizations.

The proceedings today were webcast, as those tomorrow will be, and will also be archived for streaming on demand. “Every animal is equal,” UNHRC Chair Nigel Rodley quipped as he called today’s session to order, “But not every animal can get UN TV to the Human Rights Committee,” a small and normally quiet corner of the complicated system of UN treaty bodies. But this is the US, and no other country’s actions have such extraterritorial impacts, good or bad, on the human rights of people around the world.

The UNHRC is authorized by the ICCPR to issue “Concluding Observations” after its review of each country’s implementation of the treaty, but has no power to enforce its recommendations. Despite this major limitation, the extreme reluctance of the US to accept any external oversight over its actions leaves the UNHRC as the sole international body with the authority to compel the US government, on a regular basis (albeit for only two days every five years), to respond publicly to cross-examination  about its human rights record.

For those tuning in for the first time to the UN TV webcast today and tomorrow, it may seem like this is the culmination of the process of review of the US by the UNHRC. At first glance, it might even look like the public dialogue between the UNHRC and the US government is “the review”.

But those of us who’ve been part of the process know that this week’s events in Geneva are neither its start nor its end. Read More

Mar 13 2014

Public questioning of US government on human rights

Today and tomorrow in Geneva (early Thursday and  Friday morning in the USA), a delegation from the US government will be questioned publicly by members of the UN Human Rights Committee about US implementation of the International Covenant on Civil and Political Rights (ICCPR).

Here’s the schedule of the webcast public questioning:

  • Thursday, March 13, 15:00-18:30 Geneva time (7 am-10:30 am PDT, 10 am-1:30 pm EDT)
  • Friday, March 14, 10:00-13:00 Geneva time (2 am-5 am PDT, 5 am-8 am EDT)
  • tentative additional session Friday, March 14, 14:00-17:00 Geneva time (6 am-9 am PDT, 9 am-noon EDT)

This is neither the first nor the last step, but a critical step, in the review conducted by the Human Rights Committee every five years (as with each other country that is a party to the treaty) of US implementation of this international human rights treaty.

We’ll have more details after the sessions, but here are some quick links for those tuning in to the webcast:

Updates: