Feb 10 2020

DHS doesn’t trust New Yorkers

In a new twist on the familiar US Department of Homeland Security (DHS) tactic of trying to intimidate state governments into sharing drivers license data with the DHS by threatening to harass, delay, or interfere with the rights of residents of those states when they travel,  the Acting Secretary of Homeland Security has declared that New York residents won’t be allowed to apply for or renew participation in any of the DHS Customs and Border Protection (CBP) “trusted traveler” programs.

The DHS says that this is because New York’s new “Driver’s License Access and Privacy Act… effective December 14, 2019… forbids New York Department of Motor Vehicles (DMV) officials from providing… driver’s license and vehicle registration information to the United States Department of Homeland Security (DHS).”

That provision of New York state law appears to be intended to prevent New York DMV records pertaining to driver’s licenses issued to otherwise undocumented New York residents from being used by the DHS to round these New Yorkers up and deport them. The DHS doesn’t like it that New York, like at least fifteen other states, issues driver’s licenses on the basis of whether residents demonstrate competence to drive, not their immigration status.

The DHS knows that it has no authority to tell states to whom they can or can’t issue drivers’ licenses. Instead, it has used the data sharing prohibition in New York law as the pretext for retaliating against the state government by discriminating against New Yorkers.

As New York Governor Mario Cuomo pointed out in his response to the DHS decision, the DHS has never previously required applicants for any of its “trusted traveler” programs to have a driver’s license at all. No law supports the DHS demand for access to DMV data about drivers as part of its pre-crime assessments of would-be air travelers.

It’s clear from a comparison with DHS actions related to the REAL-ID Act that the DHS claim that it “needs” state DMV data to “vet” (i.e., make pre-crime assessments of) air travelers is pretextual, hypocritical, and fully warrants a judicial finding that it constitutes an arbitrary denial of equal protection of the law to New York residents.

The REAL-ID Act — unlike any law or regulation related to “trusted traveler” programs — does require states to share drivers license and state-issued ID data if they want to deemed “compliant” (although state compliance is optional).  An outsourced national ID database has been set up by a nominally private contractor to allow states that want to comply to do so. However, New York, like more than half of the other states and territories subject to the REAL-ID Act, hasn’t chosen to participate in the SPEXS database or share its data.

But the DHS, despite this manifest noncompliance with the explicit statutory criteria for driver’s license data sharing, has chosen to certify New York (and almost all of the other noncompliant states and territories) as “compliant” with the REAL-ID Act.

Members of the House of Representatives have already asked the DHS for an explanation of the legal basis for its new discrimination against New York residents. And both the state of New York and the New York Civil Liberties Union have announced that they plan to sue the DHS on behalf of New Yorkers who are being discriminated against.

Read More

Jan 22 2020

European high court to review PNR-based travel surveillance

The highest court of the European Union will be reviewing the legality of  the directive adopted by the EU in 2017 requiring airlines to send Passenger Name Record (PNR) data to the government of each EU member state, and requiring each EU member state to establish a “Passenger Information Unit” to carry out PNR-based surveillance and profiling of air travelers.

National courts first in Belgium and more recently in Germany have referred questions concerning the legality under European Union human rights law of government access to and use of Passenger Name Records (PNRs) to the Court of Justice of the European Union (CJEU).

Read More

Jan 17 2020

Is the TSA “screening” for threats to aviation, or for cash and drugs?

A class-action lawsuit filed this week in Pittsburgh by the Institute for Justice, Brown v. TSA, exposes the dirty non-secret that TSA checkpoints are used primarily as drug checkpoints  and as a revenue center for law enforcement agencies, not to protect aviation.

Warrantless, suspicionless dragnet administrative searches at TSA checkpoints are justified as measures to “screen” travelers for weapons, explosives, and other threats to aviation.

When the actions of TSA Transportation Security “Officers” are challenged in court, the TSA has claimed that its “Officers” are not the “officers” referred to in the Federal Tort Claims Act (“any officer of the United States who is empowered by law to execute searches, to seize evidence, or to make arrests for violations of Federal law”) ; conduct only limited administrative searches for weapons, explosives, and threats to aviation; do not have any authority to conduct searches for any other purpose; and neither have nor exercise authority to arrest or seize travelers.

In practice, however, the primary use of TSA checkpoints by the government is to “screen” travelers for drugs and cash, and to seize and expropriate illegal drugs, drug-related cash, and all “large” sums of cash being carried by airline passengers, regardless of the presence or absence of any evidence linking that cash to illegal drugs or any other illegal activity.

Read More

Jan 02 2020

Drivers’ license data sold to businesses, given to Feds

As we start the year of the once-a-decade US Census, it’s an appropriate time to start looking at some of the ways and the purposes for which data — including drivers license data — is used and shared by the Bureau of the Census.

State agencies that issue drivers’ licenses want us not to object to their demands for more and more personal information about matters unrelated to driving — digital photos, scans of birth certificates and social security cards, etc. — in order to obtain drivers’ licenses that comply with the Federal REAL-ID Act.

State driver licensing agencies say we shouldn’t worry — notwithstanding the requirement of the REAL-ID Act that drivers’ license and state ID data be made available electronically to all other states — because this data will only be shared “as permitted by law”.

But what does that mean? What sharing of this data does the law permit?

Recent reports show that drivers’ license data can be, and is, widely shared with both commercial entities and Federal agencies — including the Bureau of the Census, which will be conducting the decennial census in 2020 — for purposes unrelated to motor vehicle operation or drivers’ licenses. Both Federal and state agencies say that all of this is permitted by the Drivers Privacy Protection Act (DPPA).

Read More

Dec 17 2019

Airports of the future: surveillance by design

As we’ve seen in the ongoing debate over biometric identification of travelers at Sea-Tac Airport, and as we’ve seen before elsewhere, airlines and government agencies want to pretend that each of their initiatives to identify and track travelers is a discrete, limited project, not part of any common agenda for government and commercial surveillance.

Don’t believe a word of this soothing blather. These measures are part of a conscious, deliberate, and (in their internal communications) explicit plan to deploy pervasive, integrated common-use infrastructure and data sharing for government and commercial identification and tracking  purposes throughout airports and each step of an air traveler’s journey. The airline/airport/government consensus is on surveillance by design, not privacy by design.

Here’s our latest glimpse at the real thinking behind the curtain of propaganda: The leading provider of communications and IT infrastructure and services for air transportation has a guest commentary of end-of-the-year predictions for “airports of the future” on an industry news site:

Airports of the future: SITA’s 10 predictions for the next decade
by Benoit Verbaere, business development director, SITA
Passenger Terminal Today, December 12, 2019

Air transport IT provider SITA has unveiled 10 bold predictions about the technology shaping how passengers will move through the airport of the future. Benoit Verbaere, business development director, SITA, predicts major change in almost every aspect of the airport experience….

Security will be integrated into a frictionless journey.

Over the next decade, going through security will mean walking along a corridor…. Passengers and their bags will be recognized automatically as they go through automated checkpoints. Hard checkpoints will be replaced by sensor corridors….

In future airports, risk will be constantly assessed by specialist artificial intelligence (AI), using the passenger’s digital identity…. [G]overnments… will use automated collaborative systems to approve – or, in some cases, not approve – the various steps of the journey….

Everything will have tags: people, bags and cargo. And they will be tracked throughout their entire journey, whatever mode of transport they are using…

The airport will be highly connected.

Our new era of connected airports will be driven by increasingly cheap sensors, less dedicated hardware and new data lakes, fed by every device….

Across every single journey, there are 10 or more different entities that are responsible for making the trip a reality. The only way to collect all the data to make this journey seamless is through close collaboration between everyone working at an airport: the airport itself, airlines, government agencies, ground handlers, restaurants, and shops. We also need collaboration across the entire ecosystem of connected airports….

The fast and frictionless journey to, and through, the airport will make some current revenue streams, for example, parking, weaker or obsolete. Airports will, therefore, need to find new ways to augment the travel experience to replace them. Personalization will be the key….

The future of airports lies in connected, highly-intelligent and efficient operations that offer passengers …  frictionless travel and rich, personalized experiences. Today’s … operational silos will dissolve, resulting in data sharing.

Is this point of view an outlier? No, just the opposite: SITA is jointly owned by airlines, and its agenda expresses its owners’ common agenda and the industry consensus.

SITA is a unique airline joint venture created by its airline owners to provide shared, common-use communications and IT infrastructure and services. SITA messaging has been for decades, and remains, the industry standard for reservations and operational communications between airlines, airport operators, contractors, and — increasingly — government agencies. Today most SITA messages are sent and received by ‘bots, via APIs, or through e-mail gateways, but airline and airport operations staff still have SITA addresses on their business cards along with, or instead of, e-mail addresses.

None of these predictions are new or considered controversial by airlines, airport operators, government agencies, and service providers including SITA and its competitors. Nor is this vision seen as dystopian — those who hold these views see the ability of governments and commercial entities to track each passenger in real time, and to seamlessly share data about travelers identities and movements between airlines, airports, and government agencies, as their utopia.

If we do not resist its implementation, this vision will be the future of travel.

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 03 2019

Seattle Port Commission to consider rules for airport facial recognition

We’ll be in Seattle on December 10, 2019, to give public comments (see our detailed written testimony submitted in advance) at a meeting of the Port of Seattle Commission concerning a proposed resolution on use of facial recognition by airlines at the Seattle-Tacoma International Airport (SEA).

This will be the first time that any operator of a US airport has publicly considered any policies to govern use of facial recognition by airlines or on airport property.

The public authorities that operate almost all major US airports have a key role to play in oversight of traveler surveillance systems deployed on their premises by their tenants.

Read More

Aug 28 2019

Public/private partnerships for travel surveillance

In preparation for the annual Future Travel Experience – Global conference next month in Las Vegas, which will include tours of the TSA’s prototype biometric checkpoint and a “Biometrics Summit” featuring joint presentations by the TSA, CBP, and their partners, both the DHS and its airline, airport, and industry partners (Part 1, Part 2) have released new previews of their plans for collaboration in surveillance and control of air travel through automated facial recognition.

As we’ve noted before, one of the more significant lies being told by the US Department of Homeland Security about its plans for increased surveillance and tracking of travelers is  that airlines and airport operators have no commercial interest in retaining or using facial images and other biometric data collected on behalf of DHS components including the TSA and CBP.

In reality, airlines and airport operators are eager to share facial recognition insfrastructure (cameras, kiosks, etc.) and data with the DHS. Airlines, airports, and the DHS all see this collaboration as fundamental to their plans to transform the airline and airport passenger “processing” experience through a panopticon of shared-use biometric ID systems.

According to a  two-part post in the Future Travel Experience conference blog (Part 1, Part 2), “Biometric technology is expected to play a key role in shaping the seamless passenger experience of the future.”

One of the briefings at the FTE Global 2019 Biometric Summit will be given by CBP’s “Director of Entry/Exit Transformation”, who described his mission as “developing U.S. biometric entry/exit system through private sector partnerships”.

Some of the airline and airport executives quoted in the FTE blog post have begun to argue that airline passengers should be allowed to opt out of biometric identification. But there’s no mention of how that would work or how long those who opt out would be delayed.

The FTE blog post also notes that:

[A]s the use of biometrics is becoming more widespread and the technology is advancing quickly, there have been rising concerns around privacy and data security from a civil rights point of view. For instance, San Francisco became the first US city to ban facial recognition technology as part of an anti-surveillance ordinance, though the ban doesn’t affect federal agencies, such as San Francisco International Airport.

This claim that SFO is a Federal agency exempt from San Francisco legislation is wishful thinking on the part of proponents of biometric surveillance and control of air travelers. While SFO is located in unincorporated San Mateo County, the land and buildings are owned by the City and County of San Francisco and operated by an instrumentality of the City and County of SF. The San Francisco ordinance applies to all City and County departments, including SFO.

Most other major airports are, like SFO, operated by state, county, or municipal governments and/or by other public or publicly-chartered entities subject to state and local public records laws and accountable, at least in theory, to state and local elected officials. These entities could, and should, prohibit any use of automated facial recognition on their property or by their lessees or contractors. Only Federal agencies themselves could escape the jurisdiction of such conditions on use of airport property.

Contradicting the public claim that airlines and airports have no interest in using biometric data shared with CBP, the FTE blog says that, “CBP’s view is that we will see further expansion into other aspects of the travel continuum, such as bag drop, international boarding and improved arrival process.” And of course a CBP spokesperson also tells the FTE blog that, “This is not a surveillance programme .”

Meanwhile, the DHS has released a Privacy Impact Assessment for the Travel Document Checker Automation Using Facial Recognition to be tested and first deployed at LAS airport, with its unveiling to attendees of the FTE Global 2019 conference.

The PIA acknowledges, in a footnote, that, “For passengers who are unable to present verifying identity documentation, TSA offers an alternative identity verification process in which passengers answer knowledge-based questions.” But the PIA ignores the fact that this questioning is being conducted illegally, without the required OMB approval, in violation of the Paperwork Reduction Act and other statutes.

In late 2016, the TSA gave notice that it planned to request OMB approval for the form that air travelers without ID or with ID deemed unacceptable are asked to complete. But the TSA received numerous objections, including ours, in response to this notice, and has not yet submitted a request to OMB for approval of the form or the “knowledge-based” questioning of travelers (which is based on commercial data aggregated by the Accurint division of Lexis-Nexis).

The last time we tried to attend a government-industry lovefest like FTE Global, we were ordered to leave and our registration fee and, eventually, our travel expenses were refunded. We’d welcome reports from our readers, workers at the conference venue, or other whistleblowers or leakers as to what gets said at FTE Global 2019.

Aug 27 2019

Guilt by social media and cellphone association

Ismail B. Ajjawi, a Palestinian freshman admitted to Harvard College, arrived at Logan Airport in Boston last Friday, Lebanese passport and US student visa in hand.

But after Mr. Ajjawai complied with demands by US customs and immigration officers at the airport to unlock his cellphone and laptop, the officers read what his “friends” had posted on social media. Five hours later, after questioning Mr. Ajjawai about his religious beliefs and his friends’ political statements, the officers revoked Mr. Ajjawi’s visa on the spot, denied him entry to the US, and deported him back to Lebanon — at his own expense, of course, using the return ticket he was required to have before being allowed to board a flight to the US.

According to a report in the Harvard Crimson, which broke the story today:

“After the 5 hours ended, she called me into a room , and she started screaming at me. She said that she found people posting political points of view that oppose the US on my friend[s] list.” Ajjawi wrote that he told the officer he had not made any political posts and that he should not be held responsible for others’ posts. “I responded that I have no business with such posts and that I didn’t like, [s]hare or comment on them and told her that I shouldn’t be held responsible for what others post,” he wrote. “I have no single post on my timeline discussing politics.”

Harvard’s lawyers are working to get Mr. Ajjawi’s visa reinstated and get him admitted to the US. Most people turned away at US borders don’t have Harvard at their back, and are unlikely ever to be admitted to the US once they are branded as undesirable.

In a 2017 notice of intent to expand DHS surveillance of immigrants’ and visitors’ expressive activities on social media, the DHS claimed that “consular officers are directed not to request user passwords [and] not to violate or attempt to violate individual privacy settings or controls.” But that’s belied by what Mr. Ajjawi says happened to him at Logan Airport, according to the Crimson: “The … officer then asked him to unlock his phone and laptop, and left to search them for roughly five hours, Ajjawi alleges.”

It’s hard to imagine anyone from a place as politicized as Palestine (or Kashmir, or many other places) who doesn’t have any social-media “friends” who mention political opinions. The answer to social-media surveillance shouldn’t be that immigrants or visitors have to  try to isolate themselves from politics or ostracize their political associates.

Rather, the lessons reinforced by this incident are that:

  1. Nothing good can come of consenting to any search by law enforcement officers, including searches of your digital devices. Border guards and customs and immigration officers are police, not your friends. Their job is to find reasons to suspect you or bar your entry. No matter how “innocent” you think you are, anything you or your “friends” say, or have ever said, can and will be used against you.
  2. If government officials have access to social-media networks of “friends”, associations, and messages, they will use this information invidiously. The way to prevent misuse of information about how travelers exercise their First Amendment rights of expression and association is not to allow police access to this information in the first place. Just say no to requests for your passwords or data.
Aug 12 2019

CBP databases for travel surveillance and profiling

An advance notice posted last week by US Customs and Border Protection (CBP) of a forthcoming request for bids by IT contractors includes one of the most detailed inventories made public to date of the databases and interfaces used by CBP and its government and commercial partners (some of which are shown in the illustration above from the notice) for tracking, profiling, and control of travelers’ and our movements.

According to the 5-year plan in the draft Request For Quotations (RFQ), CBP’s Passenger Systems Program Directorate (PSPD) already outsources some of these databases to Saleforce.com, but plans to migrate them all to commercial cloud “Software-As-A-Service” contractors in 2020. According to the draft RFQ:

CBP’s vision for primary inspection processing of the future is to transform the way travelers are processed…  The paradigm will evolve from biographic data focused to biometric data centric. CBP will identify travelers biometrically based on information already in CBP holdings as an alternative to having the traveler present their travel document. A biometric-based approach allows threats to be pushed-out further beyond our borders before travelers arrive to the U.S…. Integration of facial recognition technologies is intended throughout all passenger applications.

Throughout the draft RFQ, facial recognition is described as a substitute for document checks, rather than as an (optional) alternative. “GE [Global Entry] kiosks are expected to be replaced with a facial recognition solution to identify GE members,” for example. There’s no mention of any provision in user interfaces for opt-out from facial recognition.

Moreover, “The vision for Global Entry of the Future (GE Next Gen) is a kiosk-less solution that uses facial recognition to identify GE members…. GE-Face aligns with CBP’s Biometric Entry-Exit strategy of identifying travelers with biometrics.”

A “kiosk-less solution” suggests that travelers will be identified by cameras that surveil them as they walk through, with neither the need to “present” themselves at a kiosk nor any way to pass through the airport or checkpoint without being photographed and identified — and having one’s presence at that place and time entered into a permanent ID-based government surveillance log.

Capturing photos of all US citizens — including those who currently opt out — so that their movements can be accurately logged is an explicit goal of the planned systems:

Simplified Arrival (SA) is a new and innovative approach that incorporates advanced facial recognition technologies into the primary inspection…. The new Simplified Arrival application will eventually replace TPAC and TPAC-Face. Simplified Arrival leverages facial recognition technologies in … the processing of arriving passengers and airline crew…. Capturing facial biometrics of all passengers adds additional security, as currently there is no biometric verification of U.S. Citizens, most Canadians, citizens of a few other countries and travelers who are exempted for other reasons such as age and class of admission. Using facial matching as the primary biometric verification modality provides a previously unavailable method to verify and facilitate travel for almost everyone, not just those travelers for whom DHS has fingerprints…. The Simplified Arrival process for air travel … Replaces document scan with facial recognition.

Not all CBP databases or systems and interfaces for populating and accessing them are included in the draft RFQ. These include the “Secure Flight”pre-crime program for profiling and tracking air travelers, which is used by both CBP and the TSA but “owned” by the TSA.

Also not mentioned in the draft RFQ is CBP’s Silent Partner pre-crime program for algorithmic profiling, scoring, and targeting of travelers for more intrusive searches and surveillance, and the associated rule-sets and blacklists of targeted travelers.

Silent Partner was first mentioned publicly in DHS testimony to Congress in 2011 as “an aviation security screening program…. the details of this program are classified.” Quiet Skies, a TSA program which uses a subset of the Silent Partner database to target domestic air travelers within the US, was made public by DHS whistleblowers in 2018.

More information about Silent Partner and Quiet Skies was released in Sai v. Pekoske (a pro se challenge to TSA “orders” originally filed as Sai v. Neffenger) and  Elhady v. Kable (a challenge by CAIR to DHS blacklisting originally filed as Elhady v. Piehota).

Only then did the DHS publish a years-belated Privacy Impact Assessment for Silent Partner and Quiet Skies. The PIA makes clear that these are pre-crime programs based on algorithmic profiling, not on suspicion of having committed any criminal or civil violation of law. But the profiling and scoring rules remain a secret to those against whom action is taken.