Papers, Please!

The Identity Project

Category Archives: Secure Flight

Jun 30 2010

New lawsuit challenges no-fly orders

In a lawsuit filed today by the ACLU in Federal court in Oregon, Latif, et al. v. Holder, et al., ten U.S. citizens who have been refused permission to board flights to, from, or within the US, or have boarded flights to the U.S. only to have them turn back en route, are suing the Attorney General, the Director of the FBI, and the Director of the Terrorist Screening Center for denying their rights by ordering airlines not to transport them.

At least one of the plaintiffs even flew to Mexico, to avoid overflying the US, with the hope of returning to the US by land.  Instead, he was arrested by Mexican police (presumably at the behest of the U.S. government, and deported not to the country of his citizenship, the USA, but to Colombia, where he has only a temporary visa and can’t remain.  That should have prompted diplomatic protest by the US to Mexico for the improper deportation of a US citizen to a third country.  But presumably Mexico acted at the behest of the US, and there has been no sign of US objection.

So far as we know, this is only the second lawsuit to directly challenge the legality of no-fly orders, and the first on behalf of US citizens.  The previous case was brought by Rahinah Ibrahim, a Malaysian graduate student at Stanford University, after she was detained by San Francisco Airport police and prevented from flying home to her country in 2005. While her complaint remains pending against the individual police in U.S. District court for the Northern District of California, the cases against all of the Federal agencies and officials have been dismissed.

The latest case will test whether the Obama Administration still agrees with former Secretary of Homeland Security Chertoff that no-fly decisions should not be subject to judicial review.  [Update: From the latest statement by the Director of the National Counterterrorism Center, it appears that they may.] And it will be closely watched in Europe as well, where the Obama Administration has assured the European Union that adequate means of redress do exist in U.S. courts for individuals — including some of the plaintiffs in the latest case — denied permission to travel from the EU to the U.S. on the basis of passenger data transmitted to the DHS.

Jun 30 2010

Will Canadian travelers be subject to more US tracking and control?

After a series of investigative reports in the Canwest newspapers in March of this year called attention to the lack of any legal basis under Canadian law for US government access to information about flights to and from Canada that overfly the US (notably including Canada-Cuba flights), the Canadian Conservative minority government has responded by introducing a bill earlier this month that would, if approved by the Canadian Parliament, override Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) to allow the US or any foreign government to find out who is on flights to and from Canada overflying those countries, even if they don’t land in the US.

Canadian law was amended after September 11, 2001, to override PIPEDA and allow US government access to airline reservation data, but only for flights that actually carry passengers to or from the USA. BIll C-42 would extend that to overflights of any country that wants to vet (or simply log) who’s on flights through its airspace.

The sponsors of the latest proposal, Bill C-42, expect it to be controversial, and it has already been criticized by opposition MPs.  Opposition parties have united to pass other legislation supported by the minority government related to collaboration with US wars (such as a measure supporting political asylum in Canada for people resisting service in the US military in wars in Iraq and Afghanistan that violate Canadian and international law), and some observers predict that could happen with Bill C-42 as well.

We certainly hope that Canadians learn from the mistakes of the USA, stand up for their sovereignty, and say “no” to US surveillance of overflights, just as people in the USA would say “no” if the Cuban government demanded to know who is on the dozens of flights every day that fly over Cuba en route between Miami and South America.

Jun 22 2010

TSA reaches out to the Identity Project

After years of having our complaints ignored, we were pleased to be invited by the TSA to participate in the ongoing “Multi-Cultural Coalition” organized by the Office of Traveler Specialized Screening and Outreach of the TSA Office of Civil Rights and Liberties, under the direction of the TSA Office of the Special Counselor.

In response to an invitation to submit questions and concerns for the agenda of today’s TSA outreach briefing with this coalition — our first such — we submitted the following questions.  We only got notice of the conference call and submitted our questions at the last minute, and didn’t expect these issues to be addressed on such short notice, but we were pleased to be able to put them on the table for TSA consideration, should the agency chose to respond:

  1. Now that the TSA is carrying out all fly/no-fly decision-making for domestic flights through Secure Flight, what is the procedure for obtaining judicial review of no-fly decisions? Or is it the TSA’s belief that no-fly decisions are not subject to judicial review? (We are particularly concerned, of course, about the situation and the means for judicial review of these decisions against US citizens trapped overseas and unable to return to the USA, or unable to leave the USA, because the DHS will not permit them to fly. The upcoming transition to Secure Flight for international flights means, we presume, that these decisions will shortly be transferred to the TSA. We would like to work this out with the TSA before this transition, so that after the transition travelers denied passage have clear information as to the procedures for judicial review.)
  2. Does the TSA have any plans to promulgate regulations defining what orders travelers are required to comply with from TSA employees or contractors, and/or what questions travelers are required to answer, as a condition of being given TSA permission to proceed through checkpoints or board flights? (The Identity Project has received no response, after more than 6 months, to our FOIA requests for the TSA’s standard operating procedures, and of course those procedures are not binding regulations.)
  3. In particular, does the TSA assert the authority to deny passage to travelers who remain silent in response to TSA or TSA-contractor interrogatories? What language would the TSA prefer travelers use (or would you prefer that they simply remain mute?) in order to most clearly and concisely invoke their right to remain silent in response to interrogatories by TSA employees or contractors?
  4. There have recently been problems with TSA employees and contractors calling local law enforcement officers and making complaints against travelers for exercising their rights to photograph and record their own interactions with TSA employees and contractors, and/or for exercising their right to remain silent in response to TSA or contractor interrogatories. Has the TSA conducted any training or issued any guidance to screeners regarding travelers’ rights to remain silent and/or to record and photograph their interactions with TSA employees and contractors (just as the TSA, airport operators, and/or law enforcement agencies and officers record and/or photograph those interactions)? If so, will the TSA make that guidance public, so that travelers who wish to exercise these rights would be able to carry copies of this TSA guidance to show to TSA employees, contractors, and/or local law enforcement officers?
  5. Has the TSA and/or DHS designated a point of contact and procedures for complaints of violations of human rights treaties, including the International Covenant on Civil and Political Rights, in accordance with Executive Order 13107 on implementation of human rights treaties? If not, when does the TSA and/or DHS expect to do so? Will pending complaints need to be re-submitted once this designation is made? (The complaints of the Identity Project that TSA regulations and procedures violate the ICCPR have been pending without response since 2007 in the case of Secure Fight, and since 2009 in the case of the TSA’s practices of secondary screening on the basis of nationality, in addition to our similar unanswered complaints against other DHS components on closely-related issues.)
  6. The TSA changed its office locations without promulgating new Privacy Act SORN’s or FOIA notices, so that none of the addresses of record in the most recent Federal Register notices or the CFR are valid. As a consequence, none of the TSA’s current SORN’s or FOIA notices are valid, and the knowing operation of each TSA system of records, without a valid SORN with a valid current address having been published in the Federal Register, is a criminal violation of the Privacy Act. What action, if any, is the TSA taking to promulgate valid SORN’s and a valid FOIA notice, to discipline those responsible for the current violations of FOIA and the Privacy Act, and/or to alert those who have sent FOIA or Privacy Act requests into the black hole of the current addresses of record that their requests have not been received, and will need to be re-submitted? What is the proper point of contact for complaints of these violations?
  7. In general, what is the proper point of contact in the TSA and/or DHS for complaints of criminal violations of the Privacy Act, e.g. knowing operation of systems of records by TSA without having promulgated a valid SORN? (The Identity Project has never received any response to any of our complaints, filed in TSA and other DHS component regulatory dockets, of criminal violations of the Privacy Act by TSA or other DHS components.)
  8. 42 USC 2000aa prohibits search or seizure of media, journalism, or other public communications work product materials in the absence of specified conditions (probable cause, etc.). We have received several reports of, and have ourselves experienced, search and seizure of such materials by TSA and its contractors. Has the TSA given any training or produced any guidance to TSA employees and contractors regarding 42 USC 2000aa? If so, will that guidance be made public, so that it can be carried and shown at checkpoints by journalists and others carrying work product materials protected from search and seizure? What procedure would the TSA recommend to people carrying such materials, as a way to alert TSA employees and contractors that certain material is exempt from search or seizure under this statute, and to invoke its protections?

In the course of today’s conference call, the TSA asked for suggestions to improve the signs at TSA checkpoints where virtual strip-search machines (Advanced Imaging Technology (AIT), previously “Whole-Body Imaging” (WBI) in the latest TSA-speak) are being used.  We suggested that the signs should include whole-body images at the same size, scale, and resolution as the displays used by the operators of the machines, when the display is zoomed in on a portion of the body to its maximum magnification.  “That’s new information to me” that the current signs don’t do that, said TSA Special Counselor Kimberly Walton. “We’ll have to look into that. I will take that under advisement.”

May 18 2010

TSA still has no answers to key questions about “Secure Flight”

The procedures and timeline for implementation of the TSA’s Secure Flight scheme for identity-based surveillance and control of airline passengers are spelled out not in laws or published regulations but in secret Security Directives to airlines.  So we noted with considerable interest this report today by travel journalist Charlie Leocha of a relatively rare public appearance by the head of the Secure Flight program (emphasis added below):

Paul Leyh, TSA Director Secure Flight Program, claimed that all U.S. airlines will be enrolled in Secure Flight within a month and that all foreign carriers will be working in the program by the end of 2010.

Speaking at U.S. Travel Association’s Pow Wow conference to encourage foreign tourism, Leyh noted that TSA is about to complete their mission of … performing the [watchlist] matches prior to allowing passengers to board….

The system sounds simple, however, there were significant IT hurdles to be overcome. Expanded data field requirements for online travel agents such as Expedia, Travelocity, Orbitz and Priceline were more complex than originally thought. The new data collection by brick and mortar travel agents meant internal profile systems to accommodate the storage of this very valuable and confidential information had to be developed…

Foreign journalists attending the press conference asked whether there is a judicial process to use should the normal DHS TRIP process not result in having your name cleared. Leyh didn’t have an answer for that question….

Leyh didn’t have an answer about privacy issues regarding the GDS [Global Distribution Systems, also known as Computerized Reservation Systems], airline reservation systems or travel agents who are allowed to keep all passenger information indefinitely and who fall under no privacy legislation.

Leyh may not have had answers today, but the TSA can’t avoid those questions forever, especially when they are being raised from abroad.  Last month, the European Parliament voted to include both judicial review of no-fly orders and a review of US government access to CRS/GDS data in its conditions for any agreement to give the DHS access to data about passengers on flights between the EU and the US.

May 17 2010

Three Strikes?

Having been passed over for appointment to head the Drug Enforcement Administration, Deputy FBI Director John S. Pistole today got the booby prize as President Obama’s third-choice nominee to head the Transportation Security Administration.

For those who haven’t been keeping score, retired spymaster and Army General Robert A. Harding withdrew his name from nomination in response to questions about overbilling and cronyism in contracts between his security consulting firm and his former military comrades. Obama’s first choice, former Las Angeles airport cop Erroll Southers, withdrew earlier after apparently lying to Congress about his having used his police connections improperly to get derogatory information from supposedly restricted police files about his estranged wife’s lover.

We have the same questions for Mr. Pistole as we’ve had for the previous nominees for TSA administrator.

As of now, the TSA is still being run on auto-pilot by caretakers from the previous administration.  Unfortunately, we don’t see anything in Mr. Pistole’s official biography as a career cop, or the President’s statement about his nomination (which mentions only a desire to “stengthen” screening at airports, and says nothing about strengthening civil liberties or human rights) to suggest any likelihood of improvement in TSA policies.

May 17 2010

Canadian privacy office questions US surveillance of Canadian travelers

In testimony before a Canadian parliamentary hearing last week by Assistant Commissioner Chantal Bernier, the office of the Privacy Commissioner of Canada raised questions (previously asked in the Canadian press) about the implications for Canadian travelers of the US Secure Flight program — questions that travelers in the US and other countries should share.

Asst. Privacy Commissioner Bernier noted that despite Canadian objections, the US continues to insist on applying the Secure Flight requirements (transmission of passenger data to the DHS, and receipt by the airline of affirmative DHS permission before each prospective passenger is allowed to board a flight) to flights that pass through US airspace to and from Canada, even if they never land in the USA. This includes most flights between Canada and Central America, South America, and the Caribbean.  As Bernier pointed out to Members of Parliament, “This means that DHS will collect personal information of Canadian travelers. This is not without risk.”

It’s worth noting, although it wasn’t reported to have been mentioned at the hearing, that Canada imposes no comparable requirement for the vastly larger number of flights to and form the USA that pass through Canadian airspace.  These include virtually all transatlantic flights to and from the USA, and transpacific flights to and from all points in the USA east of the West Coast. Nor does any other country through which flights routinely pass en route to and from the USA.  Most flights between Miami and Latin America, for example, pass over Cuba.  But American Airlines is required neither to provide the Cuban government with detailed information about each passenger on those flights, nor to obtain Cuban government permission before allowing them to board.

Important as they are, however, the concerns raised in last week’s testimony suggest that even the Office of the Privacy Commissioner of Canada still doesn’t fully appreciate the scope of the problem or of the violations of Canadian law.

Asst. Comm. Bernier’s statement was limited to flights to, from, or overflying the USA.  We suspect that her office is unaware that the DHS already has ways to get access — without the knowledge or consent of anyone in Canada, including airlines and travel agencies — to information about passengers and reservations for flights within Canada and between Canada and other countries, regardless of whether they pass though US airspace.

Read More

Apr 07 2010

Testimony to the European Parliament on PNR data

Identity Project consultant and technical expert Edward Hasbrouck is testifying Thursday in Brussels on the proposed agreement between the European Union and the U.S. Department of Homeland Security on transfers of Passenger Name Records (PNR’s) from the European Union to the DHS, at a public hearing on “Protection of Personal Data in Transatlantic Security Cooperation: SWIFT, PNR & Co. – which way forward?”, hosted by Jan Philipp Albrecht, Member of the European Parliament. 14:00-17:00 (8-11 a.m. Eastern time, 5-8 a.m. Pacific time), European Parliament, Brussels, room ASP 1G-3 (open to the public, but prior arrangement required for access to the building).

Mar 23 2010

Rules of engagement for the TSA

The U.S. Senate Committee on Commerce, Science, and Transportation held a desultory hearing this morning on the nomination of retired U.S. Army Major General Robert A. Harding to be Administrator of the Transportation Security Administration and an Assistant Secretary of the U.S. Department of Homeland Security.

Despite the nominee’s exclusively military background and total lack of experience with the rights of civilian U.S. citizens, domestic civil liberties, or law enforcement, neither any of our questions nor any others about the limits of TSA authority were asked.  Despite some questions about how quickly General Harding has gone back and forth through the military-industrial-government revolving door since his retirement, founding and selling a military “intelligence” consulting contractor and then serving as advisor to a venture capital firm investing in similar companies, Committee members from both sides of the aisle generally praised the nominee’s background.

General Harding, in turn, praised Secure Flight and Israeli-style vetting of would-be travelers, which typically involves both intrusive searches and compulsory responses to open-ended questioning:

We should move even more to an Israeli model where there’s more engagement with passengers.

Harding didn’t define ‘engagement’, although he used the term repeatedly.  In context, though, it was clear that it would include approaching and questioning travelers.

The problem with that, of course, is that that there are no rules of engagement for TSA agents at checkpoints.  No statute or regulation spells out what the TSA is allowed to demand, or what questions a would-be traveler can be required to answer as a condition of the exercise of their right to travel.  Without that, the greater “engagement” that Harding wants is an unconstitutionally open-ended all-purpose general administrative warrant for search and interrogation of people who are neither suspected nor accused of any crime, have received no Miranda warnings, and are not free to leave once they enter the TSA checkpoint.  Once can see why a soldier might like that, but that’s not the way civilians are supposed to be dealt with by civilian law enforcement agencies in the USA.

And near the end of his testimony, Harding gave a clue as to the importance being placed by the DHS on international lobbying:

International [air] carriers will meet in Canada in September.  If I’m confirmed, the Secretary [of Homeland secuirty] would send me to that.

It’s not clear whether he was referring to IATA or ICAO — both have their secretariats in Montreal and Geneva — but the rest of the world shouldn’t be talked into imposing a US-style permission-based travel control regime just because some old soldiers from the U.S. Army like Harding think that’s the way to run the civilian travel world.

Mar 17 2010

Long reach of “Secure Flight” angers Canadians

On September 11, 2001, Canada followed the US in closing its airspace and grounding all aircraft, stranding tens of thousands of passengers on flights to and from the US (mostly on inbound flights from Europe and Asia) at airports like Gander and St. John’s, Newfoundland.  The Canadian welcome and hospitality for these travelers became the stuff of legend.  But ever since, Canada has struggled to retain sovereignty over its airspace in the face of US “security” demands.

Canadian privacy law was amended, under US pressure, to allow “sharing” with the US government of information contained in reservations for flights between Canada and the US.  But most Canadians assumed that the role of the US in determining who is permitted to fly is limited to flights to and from the US.

This month a four-part series by Kevin Dougherty in the Montreal Gazette, syndicated across Canada in the Canwest newspaper chain, has broken open that Canadian complacency about the long reach of US claims to passenger information and “fly/no-fly” decision-making authority:

The series raises serious questions as to the legal basis for denying boarding to passengers on Canadian-flag aircraft not landing in the US on the basis of secret blacklists or decisions by the black-box Secure Flight system in the US.

Since publication of the Canwest series about “Secure Flight”, letters to the editor, op-ed colums, and editorials across Canada have denounced the application of the Secure Flight scheme to Canadian airlines and travelers.  Many have pointed out the hypocrisy: As was made evident when all those flights were grounded on September 11th, almost all trans-Atlantic and many trans-Pacific flights to and from the US pass over Canada, but Canada demands no information about who is on those planes and asserts no authority to control who is allowed to be.

On top of all this, there’s another shoe still to fall:  Canadians remain unaware that the vast majority of travel agencies, and tour operators in Canada subscribe to computerized reservation systems (CRSs) based in the US.  That means all their passenger name records (PNRs) and customer profiles are stored in the USA, even for flight that go nowhere near the US.  These travel agencies, tour operators, and other travel companies don’t tell their customers that they have outsourced their travel records to the USA, where the government could get them secretly from the CRS with a “National Security Letter”.

That’s a flagrant violation of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). Canadians should complain to their Privacy Commissioner and demand that she take action against companies — of which travel agencies are leading examples — that outsource their customer data to the US without their customers’ knowledge or consent, and without any way to know what’s done with that data once it is in the hands of CRSs in the US.