Surveillance State – Papers, Please!

May 08 2025

ARC sells airline ticket records to ICE and others

Contracts by Federal agencies with the Airlines Reporting Corporation for access to reports of airline tickets issued by US travel agencies, from USAspending.gov.

A company you’ve probably never heard of is selling copies of every airline ticket issued by a travel agency in the US to the US Department of Homeland Security (DHS) and a plethora of other Federal law enforcement and immigration agencies — and who knows who else.

Records of all airline tickets issued by travel agencies in the US are being sold to US Immigration and Customs Enforcement (ICE) and other Federal law enforcement agencies, according to an ICE procurement document posted yesterday on a US government contract website and uncovered in a major scoop today by Katya Schwenk of Lever News.

According to the document found by Ms. Schwenk on SAM.gov, ICE is entering into a no-bid contract with the Airlines Reporting Corporation (ARC) “to procure, on a sole source basis, licenses for Travel Intelligence Program (TIP)… The vendor listed is the only company that can provide the required software licenses.”

ARC is the financial clearinghouse through which travel agencies in the US (from mom-and-pop agencies to online mega-agencies like Expedia) pay airlines (including both US and foreign airlines) for the tickets those agencies have sold. Its role is similar to that of VISA and MasterCard for credit card merchant transactions, except that VISA and MasterCard compete with each other, while ARC has no competitor in the US. A few travel agencies have special arrangements to pay certain airlines directly, bypassing ARC for tickets those agencies issue on those airlines only, but that’s the exception.

Ticket sales by travel agencies in the US are reported daily to ARC through links to computerized reservation systems. Every week, each travel agency in the US submits a report to ARC with a copy of every ticket it has issued, the amount paid, the fare calculation and tax breakdown, and the form of payment. ARC takes the total for the week’s sales on all airlines out of the agency’s bank account, and pays each airline a weekly total for its tickets issued by all agencies accredited through ARC. (The amount transferred to or from the agency is the net total, taking into account ticket sales, refunds, any commissions to the agency from airlines, “debit memos” when an airline disputes the fare originally collected by the agency, and whether credit card charges have been processed by the agency or the airline as the merchant.) Copies of tickets are included with agencies’ reports to ARC so that airlines can audit that agents have charged the correct fare. ARC is a joint venture owned by just a few airlines, but provides settlement services to more than 200 other airlines.

(ARC only handles payments from travel agencies in the US. Payments and credits to airlines from travel agencies in countries other than the US are settled through other regional financial clearinghouses under IATA’s Billing and Settlement Plan, BSP.)

The amounts paid to ARC by Federal agencies aren’t large enough to make selling data to the Feds a significant line of business for ARC. But the amounts are large enough to indicate that Federal law enforcement and immigration agencies are using information about airline tickets obtained from ARC in a significant and growing number of cases, for unknown purposes and on an unknown legal basis.

We’ve never heard of the “Travel Intelligence Portal” through which ARC offers access to ticket records before now. TIP isn’t mentioned anywhere on ARC’s website, in ARC’s privacy policy, or in the privacy policy of any airline or travel agency we’ve reviewed. Travelers and ticket purchasers who don’t know that ARC exists aren’t likely to ask what it has done with their data. We don’t know whether TIP is a service offered by ARC exclusively to Federal agencies, or if it has other government or commercial users in the US and/or abroad.

The previously unnoticed ARC contracts with ICE and other US government agencies also raise substantial doubt as to whether travel agencies or airlines — including foreign airlines that process payments for their ticket sales in the US through ARC, and travel agencies that act as their agents in the US — are complying with foreign laws including PIPEDA in Canada and the GDPR in Europe.

If ARC is selling ticket data to the US government without reporting those disclosures to the travel agencies and airlines involved, those agencies and airlines will be unable to provide data subjects with an accurate or complete accounting of the disclosures of their personal data, as required by PIPEDA and the GDPR.

On the other hand, if travel agencies and/or airlines have authorized ARC to make this data available to the US government, or have continued to transmit data to ARC after learning that ARC was making it available to the US government, those travel agencies and/or airlines have likely violated their duty not to transmit personal data to entities that can’t not assure adequate protection of that data against onward disclosure.

May 02 2025

Objections to blanket approval for USCIS surveillance of social media

Today the Identity Project, Privacy Times, and Government Information Watch filed comments objecting to a proposal by US Citizenship and Immigration Services (USCIS) for blanket advance approval for USCIS to demand that all foreigners submitting any sort of application to USCIS provide a statement under penalty of perjury a list of all social media “platforms” and “identifiers” they have used in the last five years. The forms on which this information would be required would include applications for permanent residency, adjustment of status, and naturalization.

The proposal builds on earlier proposals, to which we and many other organizations objected, to require applicants for visas or visa-free entry to the US to provide lists of social media platforms and identifiers they have used. The current proposal by USCIS would extend mandatory social media usage reporting to those foreigners who have already demonstrated the strongest ties to the US, including permanent US residents applying for naturalization as US citizens. The current proposal would also give blanket pre-approval to USCIS to demand this information on other forms in the future.

According to our comments:

The proposed collection of information does not comply with the Paperwork Reduction Act (PRA), the First and Fourth Amendments to the U.S. Constitution, or the International Covenant on Civil and Political Rights (ICCPR). This vague and overbroad collection of information from permanent residents, applicants for naturalization, and other non-U.S. citizens is inappropriate as a matter of policy and contrary to U.S. national and international interests in democracy and human rights. In many cases, it would be impossible for individuals to provide the requested information or to attest under penalty of perjury to its completeness. The proposed request for information, in its proposed form, would thus function as a pretext for denial of residency or naturalization as a citizen or other adverse decisions.

The proposal for this collection of information by U.S. Citizenship and Immigration Services (USCIS) should be withdrawn. If this proposal is submitted to the Office of Management and Budget (OMB) for approval, it should be rejected as failing to meet the statutory standard of necessity for an agency purpose and as a violation of the Constitutional and human rights of individuals about whom information would be collected, including U.S. citizens who engage in protected acts of assembly and speech with non-U.S citizens.

Social media platforms and identifiers are undefined in the proposal or in any other law or regulation, leaving the proposed requirement unconstitutionally vague.

The proposal targets social media, and only social media, in order to identify with whom we associate, including associations between US and foreign citizens. It appears to be based on the assumption that freedom of speech and freedom of association are rights of citizenship, not human rights, that can be denied not just to non-citizens but to US citizens who associate with foreigners. But this assumption has no basis in the US Constitution or in the human rights treaties the US has ratified.

What, if any, social media platforms or identifiers a person has used is not, and cannot Constitutionally be, a basis for USCIS decisions. Rather than having any lawful use, this information would be useful only for a a variety of unlawful purposes, including:

Robotic predictive pre-crime profiling;
Suspicion generation and guilt by association; and
Pretextual denial of applications for permanent residency or naturalization.

You can submit your own comments on the USCIS proposal by clicking on the “Comment” button here until the end of the day on Monday, May 5, 2025.

We have urged USCIS to withdraw its proposal for this collection of social media usage information. If the proposal is not withdrawn, there will be a second comment period when it is submitted to the Office of Management and Budget (OMB) for final approval

Apr 11 2025

DOGE, DHS, and data matching

“Data matching” may seem abstract, but its consequences can be life-changing: visa revocation, deportation, sudden cessation of Social Security payments, all without warning or opportunity to present argument or evidence to a human fact-finder.

One of the hallmarks of the new U.S. Department Of Government Efficiency (DOGE) is large-scale algorithmic analysis and comparison of existing databases of personally-identified information. In many cases, algorithms, AI, and data matching are being substituted for human judgement as the basis for decisions about individuals. Similar projects are being carried out by the Department of Homeland Security (DHS).

These activities appear likely to violate the Privacy Act (including its rarely-enforced criminal provisions) and/or the Computer Matching and Privacy Protection Act.

DOGE’s programmers are working to aggregate and correlate databases that have been compiled by different agencies or commercial third parties such as social media platforms, identified in different ways, and ingested in different formats.

Data matching is central to the methods of DOGE and the Trump 2.0 Administration. One of President Trump’s Executive Orders to heads of all Federal agencies directs that:

Agency Heads shall take all necessary steps, to the maximum extent consistent with law, to ensure Federal officials designated by the President… have full and prompt access to all unclassified agency records, data, software systems, and information technology systems… This includes authorizing and facilitating both the intra- and inter-agency sharing and consolidation of unclassified agency records.

How is this working out, and what does this say about ID-linked records?

Mar 17 2025

FinCen demands reporting of cash transactions over $200

The Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury has ordered all money transfer agencies and currency exchanges in seven counties in California and Texas along the US-Mexico border to file reports with FinCEN including the identities of the customers engaging in all cash transactions over $200.

Implicit in this order is that would-be customers who are unable or unwilling to provide sufficient evidence of their identity (and to allow that information and the details of their transaction to be passed on to FinCEN) will be denied these financial services.

The Geographic Targeting Order published by FinCEN in the Federal Register last Friday is effective for transactions with financial services businesses in those counties from April 14, 2025, through September 9, 2025. The Bank Secrecy Act, which authorizes such orders, limits them to 180 days but allows them to be renewed an unlimited number of times.

The misleadingly-named Bank Secrecy Act is already subject to abuse as an enabler and pretext for financial surveillance, and already requires reporting of cash transactions of $10,000 or more. But so far as we’ve been able to determine, this order lowering the reporting threshhold to $200 is, even for a geographically limited area, unprecedented.

Other Geographic Targeting Orders have been issued, but typically with much higher threshholds — real estate transactions over $50,000 in Baltimore, for example. Why Baltimore, with a lower threshhold than anywhere else in the US? FinCEN didn’t say.

The new order goes against growing bipartisan calls in Congress to repeal the Bank Secrecy Act or at least raise the threshhold amounts for for customer identification and transaction reporting.

Nothing in the order gives any real justification for its geographic boundaries. More than a million people live in the area covered by the order, but it will actually affect a much larger number of people. Many travellers stop at “Casas de Cambio” on their way to and from border crossings in these counties to exchange cash dollars for pesos and pesos for dollars.

It’s unclear whether the goal of the order is primarily harassment or surveillance. The costs of completing the extra paperwork will undoubtedly drive up currency exchange and remittance fees and waste time for financial service businesses and their customers.

Feb 25 2025

“TSA must go away”

Thanks to a mutual fan, we were invited to speak about the work of the Identity Project with Alex Newman on the latest edition of The Liberty Report on Patriot.tv and Rumble.

We talked about current and long-term concerns including digital ID, the REAL-ID Act, how demands for ID enable surveillance and control and are being increasingly integrated into a global system of surveillance and control of our movements, and the importance of anonymous cash payment for protection against financial surveillance.

What can be done? We talked about the need for popular vigilance and popular resistance, but also about what the government could do:

If the Department Of Government Efficiency (DOGE) is really concerned about identifying unnecessary and ineffective government programs to cut, they could start with the TSA.

Members of Congress could do their part by reintroducing the Freedom To Travel Act and working to abolish the TSA.

Most importantly, though, we the people can continue to resist these attacks on our freedom.

Thnaks to Alex Newman and his crew for giving us a chance to bring these issues to his listeners and viewers.

Jan 28 2025

Surveillance as a service (SAAS)

[Infographic from WCC.]

Does SAAS stand for “software as a service” or “surveillance as a service”?

As we’ve reported previously, the UN Security Council and ICAO have illegally ordered all UN and ICAO members to create national agencies for surveillance of airline passengers and global sharing of airline reservations (PNR) and passenger manifest (API) data.

Through bilateral and multilateral efforts and the UN Countering Terrorist Travel program, the US and Dutch governments have made available ready-made software for creating and managing travel watchlists, blocklists, and profiling algorithms and rulesets.

These aren’t the only options, though, for national governments wanting or feeling pressured by the US, UN, and/or ICAO to get on the traveler profiling bandwagon.

Caitlin Chandler of Wired, in conjunction with Andrew Couts, Crofton Black, Ariadne Papagapitos, and Daniel Howden of the European nonprofit newsroom Lighthouse Reports, has a ground-breaking report putting the spotlight on four commercial providers of outsourced and privatized air travel surveillance, profiling, and control systems: Swiss-based SITA (an established joint venture formed by airlines to provide shared IT services) and Travizory, French-based Idemia, and Dutch-based WCC.

These are the companies that make presentations, lurk on the sidelines and in the booths, and negotiate public-private partnership agreements at the annual FTE Global trade show, ICAO’s annual TRIP symposium in Montreal, and similar regional events.

Each of these companies offers a turn-key solution, either user-installed or cloud-based, to governments that want to jump-start their air travel surveillance and control programs and “push their borders offshore”, as one of these vendors describes their service.

Another vendor quoted by Wired says that with their system and its interconnections, “Participating governments are then able to respond to the carrier … in real-time, authorizing or denying the boarding of each and every passenger.” These systems are also designed to interface with electronic travel authorization (departure permission) systems.

[SITA brochure on the “Exported Border”.]

Each of these systems supports drag-and-drop importing of watchlists and blocklists from other countries, creation and addition of entries to new watchlists and blocklists, and creation of new profiling and travel blocking algorithms and alerts. Each also allows government customers to enable the vendor’s preconfigured pre-crime and artificial unintelligence profiles and algorithms as part of their surveillance, blocking, and alert ruleset.

In interviews reported in Wired, these companies disclaim responsibility for how these tools are used by government customers or what rules customers add to their algorithms — a claim that is at best disingenuous, especially when government customers turn on pre-crime and AI profiling and scoring algorithms provided by the vendor as part of a black box.

It would be a mistake to focus too much on these surveillance-as-a-service providers, to the exclusion of the governments that have contracted and paid for their services. That governments and their commercial partners are illegally interfering with the right to freedom of movment, the right to leave any country, the right to travel by common carrier, and the right to asylum is more significant than the specific systems they are using to do so. But the report in Wired outing these companies and their role in travel surveillance and control is an important step. These vendors and their surveillance-as-a-service products, as well as the government agencies they work with, deserve continuing scrutiny and oversight from human rights activists and international human rights bodies alike.

Jan 20 2025

UK “Electronic Travel Authorization” sets a bad example

Effective January 8, 2025, the United Kingdom began requiring citizens of the USA and most other countries who previously could enter the UK without visas for short visits for tourism and some other purposes to obtain a so-called Electronic Travel Authorization (ETA) as a new precondition for admission to the UK for those purposes.

The UK ETA is significant both in its own right and as a case study in what’s wrong with similar requirements and systems already in effect in other countries, including the USA, Canada, Australia, and in preparation in many more countries including all members of the European Union.

The requirement for an ETA is intended for a pupose fundamentally contrary to international treaties on aviation and the rights of refugees, and has been implemented in ways that facilitate surveillance of ETA applicants and arbitrary control by a few private companies of who can and who can’t travel to the UK.

We hope the EU and other countries will learn from and avoid, not emulate, this bad example set by the UK.

The UK ETA system is not the first of its kind, but it’s the first that most US citizens, except those who have traveled to Australia, will encounter. US citizens don’t generally see what foreign citizens have to go through to enter the US, even as tourists or in transit. And US and Canadian citizens visiting each other’s countries are exempt from the electronic travel authorization requirements that their governments apply to visitors from other countries.

But while it may be a new experience for US citizens, the UK ETA is similar to what’s already required for most tourists and short-term business visitors to the USA, Canada, or Australia. And the UK ETA is similar to the system that the EU plans to roll out for citizens of the US, Canada, UK, and many other countries.

Australia pioneered this concept with its ETA system, beginning in 1996 (and modified several times since them). The USA launched its ESTA system, modeled on the Australian ETA, in 2009. Canada followed with its eTA system in 2016. Now the UK is rolling out its similar ETA system in 2025.

The EU EES and ETIAS schemes were planned to go into operation several years ago, sooner than the UK ETA, but have been postponed repeatedly. The most recent announcement by EU authorities is that EES — a system for collecting mug shots and fingerprints of visitors to the EU, as the US already does with visitors — will be launched sometime in 2025, and ETIAS — an electonic travel authorization like the US ESTA and the UK ETA — will go into effect six months after the EES launch. (The EU is also considering a related system for a “travel permission app” with problematic implications.)

Acronym soup and national variations aside, what’s an ETA? How do ETA requirements violate international law? What’s wrong with the way the UK has implemented its ETA program? Read More →

Dec 16 2024

Identification as the enabler of ID-based surveillance and control

Edward Hasbrouck of the Identity Project was a guest today with Prof. David Farber (Keio Univ. Cyber Civilization Research Center) and Prof. Dan Gillmor (Arizona State Univ.) for the CCRC / IP-ASIA weekly online gathering on current issues, discussing the expansion of demands for ID, identification as a service provided by the government to commercial entities, the evolution of ID-based surveillance and control, and the human rights work of the Identity Project:

How do demands for ID enable ID-based surveillance and ID-based control of offline and online activities, including predictive “pre-crime” controls?
When are we required to identify ourselves ourselves or submit to automated identification?
How is this changing?
What can we do about it?
Invitation and Zoom link
Slides

Dec 09 2024

Public/private partnerships for financial surveillance

[Email from the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury to some of its banking industry partners forwarding list prepared by Mitsubishi United Financial Group (MUFG) of vendors at DMV (DC, Maryland, and Virginia) airports, train stations, and bus stops, to target reporting of purchases at these locations as “suspicious” .]

The House Committee on the Judiciary and its Select Subcommittee on the Weaponization of the Federal Government have released a ground-breaking report on their investigation of what they describe — accurately, we think — as “the coordination between Big Banks and Big Government” in financial surveillance.

The Judiciary Committee and Subcommittee’s latest report on financial surveillance as well as their earlier interim report on the same issue are part of their broader inquiry into the investigative tactics used in the aftermath of the storming of the US Capitol on January 6, 2021.

Partisan criticism of the Weaponization Subcommittee may lead to some skepticism or dismissal of its report and recommendations. But that would be a mistake, regardless of what anyone thinks about the Weaponization Subcommittee in general. The report is thoroughly researched and its sources are well documented. It’s based on interviews with witnesses from goverment agencies and the banking industry and tens of thousands of documents provided in response to Congressional subpoenas.

The report on financial surveillance uses the post-January 6th investigation only as a case study. The practices it reports on could have been, and still could be, used against any of us, regardless of party or affiliation (if any). They shouldn’t be used against anyone, even the most stigmatized individuals and groups. What we allow to be done to our enemies, or anyone’s enemies, could be done to any of us. The report deserves bipartisan public attention and calls for bipartisan action by Congress.

As we’ve noted in surveying what’s likely to lie ahead in demands for ID and ID-based surveillance and control of our real-world and virtual movements and activities, it’s all too easy and all too common for otherwise-principled civil libertarians to allow their distaste for particularly reviled individuals to blind them to the bad precedents being set by the investigative and prosecutorial tactics used against those stigmatized defendants.

We can’t afford to be sanguine about violations of anyone’s rights. The government’s response to the events of January 6, 2021, was a textbook example of the way that unsympathetic defendants are exploited to expand the norms of permissible and publicly-tolerated investigative and prosecutorial practices that can later used more widely.

After January 6th there were misguided calls to add everyone involved in the storming of the Capitol (and perhaps also anyone suspected of possibly having been involved) to the million-and-a-half names already on the US government’s no-fly list — by summary, secret, extrajudical administrative action. It’s unclear whether, or to what extent, that was done. That remains an open question, as does the larger question of how no-fly decisions are made. We hope that the Weaponization Subcommittee and the Subcommittee on the Administrative State will look into these questions during the next session of Congress.

Suspects were targeted for prosecution after January 6th based on what may have been the most extensive use to date in any single investigation of geofence warrants for cellphone location data. Those general warrants were used not to obtain evidence pertaining to individuals who there was already probable cause to suppect of crimes, but to trawl through records of hundreds of millions of innocent cellphone users to find individuals to place under suspicion based on where their cellphones were logged by Google as having been on that day. Challenges to the Constitutionality of these general warrants for dragnet searchess were all — so far as we can tell — dismissed by the judges hearing these cases.

But that’s not all. The latest Judiciary Committee report shows how logs of routine, entirely legal, financial transactions were subjected to warrantless scrutiny and data mining by banks and financial services providers collaborating with government investigators, and used as the basis for placing individuals under suspicion.

The FBI encouraged banking companies to “voluntarily” submit Suspicious Activity Reports (SARSs) to the Financial Crimes Enforcement Network (FinCEN), the police division of the Department of the Treasury. These SARs were used to finger to FinCEN as “suspicious” anyone who had engaged in such mundane activities as taking money out of an ATM, buying a meal at an airport, or paying for a hotel or AirBNB anywhere in the DMV (DC, Maryland, and Virginia) area on January 6th or the days before or after:

To be clear: these transactions were, in and of themselves, entirely legal, and weren’t in and of themselves in any way suspicious. They didn’t create probable cause to believe that each such individual was likely to have committed any crime, and they wouldn’t have provided sufficient basis for the issuance of a search warrant. These SARs were used not to investigate people who were already suspected of crimes, but to identify new individuals to be extrajudically placed under suspicion and investigated without probable cause.

Once submitted to FinCEN, these SARs are available for individual search and retrieval by tens of thousands of government agents, without the need to apply for a warrant. SAR data is also exported in bulk by FinCen for import into other agencies’ data mining systems.

Dec 04 2024

CBP facial recognition is a service for the airline industry

After five years of foot-dragging in responding to our Freedom Of Information Act (FOIA) request, US Customs and Border Protection (CBP) has finally released the pitch it made to the Future Travel Experience airline industry conference in 2019 on why airlines and airport operators should “partner” with CBP on automated facial recognition of airline passengers.

CBP claims in its presentation that “THIS IS *NOT* A SURVEILLANCE PROGRAM”. Its vision, however, is for CBP’s Traveler Verification Service (TVS) facial recognition system to provide automated identification of travelers at every stage of their journeys.

Airlines and airport operators won’t need to operate their own facial recognition software or databases. CBP will do that for them, allowing them to use TVS (which “integrates into airport infrastructure”, CBP boasts) for any of their business process automation, traveler profiling, personalized pricing, etc. purposes. Airlines and airport operators won’t need to store mug shots, since CBP will re-identify travelers for them as often as they want.

And that’s not all. The TVS facial recognition service will also be made available to cruise lines, bus companies, etc., to automatically identify travelers using all modes of transportation:

CBP will use a traveler’s face as the primary way of identifying the traveler…. This will create the opportunity for CBP to transform air travel by enabling all parties in the travel system to match travelers to their data via biometrics, thus unlocking benefits that… enhances the entire traveler experience.

The CBP “Biometric Pathway” will utilize biometrics to streamline passenger processes throughout the air travel continuum, and will provide airport and airline entities with the opportunity to validate identities against DHS information systems using the data available. CBP will partner with airlines, airports, and TSA to build a device independent, vendor neutral backend system called the Traveler Verification Service (TVS) that allows for private sector investment in front end infrastructure, such as selfservice baggage drop off kiosks, facial recognition selfboarding gates, and other equipment; this service will ultimately enable a biometric based entry/exit system to provide significant benefits to air travel partners…. The TVS will also be able to support future biometric deployments in the land and sea environments and throughout the traveler continuum. Figure 4 shows the different environments and touchpoints that will interact with the TVS.

Let’s make a deal”, CBP says to airlines and airport operators. “You provide the camera infrastructure embedded in passenger terminals at airports, and we’ll provide the facial recognition service.” It’s a Faustian bargain in which travelers are the losers, but already by 2019 many airlines and airports had taken CBP up on its offer. In the five years since, many more airlines and airports have joined CBP as collaborators in traveler identification, surveillance, and tracking.

Papers, Please!

The Identity Project