Mar 17 2010

Long reach of “Secure Flight” angers Canadians

On September 11, 2001, Canada followed the US in closing its airspace and grounding all aircraft, stranding tens of thousands of passengers on flights to and from the US (mostly on inbound flights from Europe and Asia) at airports like Gander and St. John’s, Newfoundland.  The Canadian welcome and hospitality for these travelers became the stuff of legend.  But ever since, Canada has struggled to retain sovereignty over its airspace in the face of US “security” demands.

Canadian privacy law was amended, under US pressure, to allow “sharing” with the US government of information contained in reservations for flights between Canada and the US.  But most Canadians assumed that the role of the US in determining who is permitted to fly is limited to flights to and from the US.

This month a four-part series by Kevin Dougherty in the Montreal Gazette, syndicated across Canada in the Canwest newspaper chain, has broken open that Canadian complacency about the long reach of US claims to passenger information and “fly/no-fly” decision-making authority:

The series raises serious questions as to the legal basis for denying boarding to passengers on Canadian-flag aircraft not landing in the US on the basis of secret blacklists or decisions by the black-box Secure Flight system in the US.

Since publication of the Canwest series about “Secure Flight”, letters to the editor, op-ed colums, and editorials across Canada have denounced the application of the Secure Flight scheme to Canadian airlines and travelers.  Many have pointed out the hypocrisy: As was made evident when all those flights were grounded on September 11th, almost all trans-Atlantic and many trans-Pacific flights to and from the US pass over Canada, but Canada demands no information about who is on those planes and asserts no authority to control who is allowed to be.

On top of all this, there’s another shoe still to fall:  Canadians remain unaware that the vast majority of travel agencies, and tour operators in Canada subscribe to computerized reservation systems (CRSs) based in the US.  That means all their passenger name records (PNRs) and customer profiles are stored in the USA, even for flight that go nowhere near the US.  These travel agencies, tour operators, and other travel companies don’t tell their customers that they have outsourced their travel records to the USA, where the government could get them secretly from the CRS with a “National Security Letter”.

That’s a flagrant violation of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). Canadians should complain to their Privacy Commissioner and demand that she take action against companies — of which travel agencies are leading examples — that outsource their customer data to the US without their customers’ knowledge or consent, and without any way to know what’s done with that data once it is in the hands of CRSs in the US.

Mar 08 2010

Military spymaster to be nominated for head of the TSA

Testing the waters yesterday, White House sources leaked to Reuters and the Associated Press that President Obama plans to nominate retired Army Major General Robert A. Harding to be the Administrator of the TSA.

Harding’s 30-year career as an army officer was spent moving up through the military “intelligence” ranks, culminating as “DoD’s senior HUMINT [human intelligence] officer.”  In other words, he was the U.S. military’s most senior spymaster. Following his retirement out the military-industrial revolving door (through which he would return if confirmed to head the TSA), he double-dipped by founding a military consulting and contracting company which he sold last year to private equity investors. “Harding Security Associates provides identity intelligence and other security services to the federal government, including doing work for the Department of Defense’s biometric-identification analysis and forensics.”

Many of the TSA’s practical problems and abuses of civil liberties have involved schemes like CAPPS-II (later Secure Flight) that were dreamed up by the NSA and other military intelligence agencies and “experts” unaccustomed to operating within the civilian, domestic U.S. legal regime and ignorant of transportation industry technical infrastructure and business practices. Harding’s autobiography gives no indication that he has any experience whatsoever with civilian or domestic civil liberties, with legal constraints on “intelligence gathering” (spying and surveillance) on civilians or U.S. persons or within the U.S., or with the transportation industry.

If Harding is nominated to head the TSA, his military background and lack of any track record on civilian civil liberties makes it especially critical for Senators to question him closely (we have some suggestions to start that questioning) about his views on the fundamental civil liberties and human rights issues facing the TSA, before any confirmation vote, and to resist any calls for an abbreviated or rushed review of his suitability for the position.

Feb 19 2010

Travelport becomes first CRS to claim it complies with EU privacy law

This week Travelport — the holding company that owns two of the big four Computerized Reservation Systems (CRSs) or Global Distribution Systems (GDSs) — announced that it has “certified” that it complies with “Safe Harbor” privacy and data protection principles for companies that want to be eligible to receive transfers to the US of personal data collected in the EU or Switzerland.

As travel industry technology news site Tnooz reports, quoting Identity Project consultant Edward Hasbrouck:

Travelport’s headline on its press release about the issue, “Travelport is First GDS Provider to be Safe Harbor Certified,’ may be true, but can easily be misconstrued because Safe Harbor is a self-certification process.

Privacy expert Edward Hasbrouck, who has written extensively about the issue, notes that what Travelport’s Safe Harbor designation “means is that Travelport has made a formal claim … that Travelport complies with certain Safe Harbor principles. That claim has not been vetted, audited or verified by anyone.”…

“None of the GDS companies comply with EU data protection law, or have made any effort even to pay lip service to it until now,” Hasbrouck says. … Read More

Jan 08 2010

Lessons from the case of the man who set his underpants on fire

We’ve been having a hard time keeping up with events over the last few weeks. Every time we think the keystone cops from the Department of Homeland Security can’t come up with anything dumber to do, they prove us wrong. At this point we’re not sure who is most deserving of derision: (1) the would-be terrorist who tried but failed to explode his underpants, and succeeded only in burning his balls, (2) the goons the TSA sent to intimidate bloggers who tried to tell travelers what to expect when they got to the airport, and find out who had “leaked” the TSA’s secrets, but who left their own notebook of “secret” notes about their investigation of this and other cases behind in a public place, or (3) the TSA agents who felt so ill at the smell of honey they found in checked luggage that they checked themselves into a hospital and shut down the airport. It’s a tough call. Leave your votes, or other nominations, in the comments.

What’s most striking about the government’s response to this unsuccessful bombing attempt is the complete lack of any rational relationship between the actions that have been taken and are being proposed, any analysis of which of these and similar tactics did or did not contribute to the success or failure of the Christmas Day attack on Northwest Airlines flight 253, and any likelihood that they would make future attempts at terrorism less likely to succeed.

Now that the dust has settled a bit, perhaps it’s time to survey the security, security theater, surveillance, and travel control techniques at issue: Read More

Nov 26 2009

“Keeping Track of Travelers’ Personal Information”

WSAV-TV has a Thanksgiving travel-season report on what they found when they used our forms and instructions to request their travel records from the DHS “Automated Targeting System”, including examples of what sorts of information are included in these records and extensive supplmentary material on their website including a 20-minute interview with Identity Project consultant Edward Hasbrouck.

Nov 02 2009

TSA nominee up for Senate questioning November 10th

The Senate Committee on Homeland Security has scheduled a hearing on Tuesday, November 10th, at 10 a.m. in Washington to consider the nomination of Erroll G. Southers to be Assistant Secretary of Homeland Security for the Transportation Security Administration.

None of the questions we think are important got asked during an earlier confirmation hearing before the Senate Commerce and Transportation Committee.  If you want the nominee for TSA to have to tell us, before he is confirmed, whether or not he thinks we have a right to travel, whether TSA decisions should be subject to judicial review, and whether he thinks the government should be keeping logs of the movements of innocent people, let your Senators and the members of the Homeland Security Committee know about your concerns, before November 10th.

We’ve asked for expedited processing of our FOIA request for the TSA’s “Standard Operating Procedures” at checkpoints, in order to make it possible to ask the nominee about those procedures and which of them he would change.

Oct 27 2009

DHS Inspector General rips “TRIP” kangaroo courts

The DHS Office of the Inspector General (OIG) has released a redacted version of a report (OIG-09-103) that was provided to Congress in August, evaluating the TSA’s “Traveler Redress Inquiry Program” (TRIP). The TRIP name may be corny, but it’s also oddly accurate: it’s a system for inquiries, not answers, and as the OIG concludes it advertises more than it delivers and and often doesn’t result in real redress.

We commend Rep. Bennie Thompson, Chair of the House Homeland Security Committee, for requesting this report. It’s worth reading for giving one of the most detailed public descriptions to date as to the actual process by which a constellation of Federal agencies decide what entries to put on (and off) their “watch lists”, and who to allow to fly.

The OIG doesn’t consider the statutory, Constitutional, and international treaty-law right to travel, referring at one point to “the privilege of boarding an aircraft” (p. 68). But even within this perspective of travel as a privilege, not a right, the OIG concludes that the current redress and review procedure “is not fair” (p. 59):

This approach provides no guarantee that an impartial review of the redress complaint will occur. Instead, it ensures that the offices that initially acted on the TECS lookout and were the source of the redress-seeker’s travel difficulties will also be the final arbiters of whether the basis for the traveler’s secondary inspection is overridden…

DHS is required to offer aggrieved travelers a “fair” redress process. Impartial and objective review and adjudication of redress petitions is an essential part of any fair redress process. A process that relies exclusively on the review and consideration of redress claims by the office that was the source of the traveler’s grievance is not fair. CBP should modify its redress process in this area to provide for independent review.

Read More

Oct 27 2009

Who’s watching the watchers at the DHS “Privacy” Office?

The Identity Project has joined with more than two dozen other organizations and individual experts from the Privacy Coalition in a joint letter to the House Committee on Homland Security, criticizing the DHS Privacy Office and its annual report and calling for better Congressional oversight of privacy-invasive DHS practices and the DHS Privacy Office itself.

There’s more about the letter, and the DHS response, today in the Washington Post.

We’re pleased to be part of this joint effort, and we hope Congress does more to rein in the DHS — although of course we are disappointed that DHS noncompliance with the law, the Constitution, and international treaties has made such a campaign necessary.  The DHS consistently tries to exempt itself from major requirements of the Privacy Act, such as:

  • Obtaining personal information from the person affected, rather than from third parties.
  • Making personal information accessible to the person affected.
  • Giving people a serious opportunity to correct records about them at DHS (or collected and held by “private” entities at DHS behest and used by the DHS).
  • Only collecting information that is relevant to lawful purposes.
  • Only collecting information that is timely.
  • Only collecting information that is accurate.
  • Only collecting information about categories of individuals disclosed in formal “System of Records Notices” in the Federal Register.
  • Not collecting information about the First Amendment protected activities of US persons — such as who they are associating with, the books they are carrying or reading, the art or slogans or expressive insignia on their clothing or possessions, or where, why, how, and with whom they are assembling.

DHS claims for itself the ability to “exempt” itself from these statutory requirements. They do not cite any statute or court case that allows them to do so.

The DHS Privacy Office has been intimately involved in producing Federal Register filings that claim these exemptions from fundamental statutory Federal record-keeping requirements, and fail to properly disclose the extent of DHS systems of travel records. DHS travel records include information about numerous categories of people not mentioned in the SORNs, from people who pay for other people’s tickets to people whose phone numbers where entered in reservations of houseguests reconfirming flights, as well other information prohibited form collection by the Privacy Act.  In this way, the Privacy Office has actively undermined the Privacy Act that they are sworn to uphold, and has been a party to criminal violations of the Privacy Act in the continued operation of these systems of records.  We’ve gotten no response whatsoever to our repeated formal complaints of these crimes filed with the DHS Privacy Office.

Oct 21 2009

Why shouldn’t we have to show ID when we fly?

From time to time, people ask us, “But why don’t you want to show ID when you travel?  What’s wrong with that?” There are probably as many answers to that question as there are people who resist government demands to show ID when they travel, even when it’s scary and involves some personal risk to say “No” to the TSA agents and their rent-a-cops.  But for one answer among many to the question, “Why?”, we asked one of those people, Joe Williams.  He responded with the following guest blog post:

Why shouldn’t we have to show ID when flying?

Because it doesn’t make us safer, it’s unconstitutional, and truly free countries don’t require it.

Long after the ID-demand policy was implemented in the summer of 1996, 9/11 proved that ID requirements don’t work. Even if you are on a no- fly list all one needs to do is: Buy a ticket in some innocent person’s name. Check in online and print that person’s boarding pass. Save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate use the real boarding pass to board your flight.

Being required to show ID only proves the success of al-Qaeda with fear established and freedoms violated.

Most people are not aware that freedoms in the Constitution are “inalienable & natural” meaning we were born with them. They are not government granted. Just as the U.S. Constitution represents our inalienable right to life, liberty, & freedom, so too does the TSA represent a significant threat to those God-given rights. TSA protocol is to assume all innocent people to be a threat until being cleared from a secret list. Put another way, “The innocent shall suffer the sins of the guilty.”

Previous court decisions are referenced in justifying the legalization of ID requirements which translates into; it’s OK to violate a little of the people’s freedom, just not a lot. Most people are not willing to be inconvenienced to challenge these requirements, let alone initiate a real legal battle or protest. It’s easier to show ID than to fight for one’s rights and freedom.

And when legal challenges have been made against these secret “security directives”, courts have ruled they are secret laws and barred from public scrutiny or debate. Checkpoints & ID requirements are more commonly associated with governments who suppress freedom yet we implement them in the name of safety and security. In the name of national security, government can violate peoples’ freedom. Being forced to announce one’s self is a loss of privacy and “taking away a person’s privacy renders to the government the ability to control absolutely that person.” (Ayn Rand)

“In the end, the photo ID requirement is based on the myth that we can somehow correlate identity with intent. We can’t.” (Bruce Schneier, Chief Security Technology officer of BT Global Services) Surveillance is not freedom. Having to ask for permission is not freedom. Most elected officials believe the more legislation passed exerting more government control over people, the better off society is. The Constitution was written to restrict government yet most elected officials look for ways to circumvent instead of defending the Constitution as stated in their oath of office. It is not an elected official’s job to give freedom. It’s their job to defend it.

I would rather live in a higher risk society wrapped in freedom than live as a slave in complete safety & security.

Joe Williams
concerned citizen
Atlanta, GA

“Domestic travel restrictions are the hallmark of authoritarian states, not free nations.” (Congressman Ron Paul)

“Safety from external danger is the most powerful director of national conduct. Even the ardent love of liberty will, after a time, give way to its dictates. The violent destruction of life and property incident to war — the continual effort and alarm attendant on a state of continual danger, will compel nations the most attached to liberty, to resort for repose and security, to institutions, which have a tendency to destroy their civil and political rights. To be more safe they, at length, become willing to run the risk of being less free. The institutions alluded to are STANDING ARMIES, and the correspondent appendages of military establishments.” (Alexander Hamilton, Federalist No. 8, November 20, 1787)

“We uphold Freedom by exercising it – not by restricting it.” (The Identity Project)

Oct 21 2009

Softball questions for TSA nominee

President Obama’s much-belated nominee to head the Transportation Security Administration, Erroll Southers — faced only softball questioning at a confirmation hearing last week before the Senate Committee on Commerce, Science, and Transportation.  None of the questions we’ve raised for the nominee about TSA policies and procedures, or about the philosophical or practical attitude of the nominee toward the right to travel, were asked by any of the Senators. Nor, despite the nominee’s background of as a policeman (L.A. airport police commander and former FBI agent), was there any exploration of the role of the TSA as the Federal police agency that most often interacts directly with people who are accused of no crime — literally the front lines of Federal policing of innocent citizens.

The nomination of Mr. Southers has also been referred to the Committee on Homeland Security, which plans to hold its own confirmation hearing after it receives further background information from Mr. Southers, probably in late November.

If you want to know whether the Obama Administration and its nominee plan to set a new course for the TSA, let your Senators and the members of the Homeland Security know that you want them to ask tough questions (“Do we have a right to travel? Should the obligations of travelers at TSA checkpoints be spelled out in publicly-disclosed regulations?  Should no-fly decisions be subject to judicial review? Should we have to show ID to fly? Should the government keep records of our travels?”) before they vote to approve any nominee for TSA Administrator.