Archive for the ‘Surveillance State’ Category

Obama Admin’s parting gift to foreign visitors: social media surveillance

Sunday, December 25th, 2016

In the Obama Administration’s parting gift to foreign visitors, the Office of Management and Budget (OMB) has approved the collection of social media IDs from foreign visitors to the US.  As part of the online Electronic System for Travel Authorization (ESTA), tourists, business travelers, and foreign citizens visiting friends and relatives in the US are now being asked whether they have accounts on any social media platforms, and if so, their user names or IDs.

(more…)

“AFI” is the latest DHS name for “extreme vetting”

Wednesday, December 21st, 2016

We’ve heard a lot of talk in recent months about “extreme vetting” of immigrants, Muslims, and foreign visitors to the US. But what does “extreme vetting” really mean?

“Vetting” of both domestic and international travelers — making predictive pre-crime decisions as to whether or not to allow them to travel — is already extreme, and already routine.

“Vetting” means examining people and deciding who to allow, and who not to allow, to do something.

Under DHS procedures that have been in place for a decade, no airline operating to, from, or within the US is allowed to issue a boarding pass or let you on a plane unless and until it has sent your personal information to DHS and received an individualized, per-passenger, per-flight “Boarding Pass Printing Result” (BPPR) message giving the airline “permission” to “allow” you to exercise your right to travel by common carrier. The default if DHS doesn’t respond is “no”, and both the algorithms used for the decision and the data put into that algorithmic black box are secret.

What could be more “extreme”? Manual strip searches for all travelers, instead of just virtual strip searches using as-though-naked imaging machines?

But as President-Elect Trump’s “extreme” rhetoric suggests, the government’s desire for surveillance and control of our movements is insatiable. It’s always possible to make yet another mirror copy of the government’s warehouse of metadada about our movements, disseminate it more widely, and pile on another layer of pre-crime profiling algorithms. More is always better, right — especially if you call it “intelligence”?

The latest replication and propagation of travel data, and the latest layer of traveler “vetting” tools, is the so-called “Analytical Framework for Intelligence” (AFI) operated by, or under contract to, US Customs and Border Protection (CBP).  As we told Spencer Woodman of The Verge for his story today about AFI:

“When Trump uses the term ‘extreme vetting’, AFI is the black-box system of profiling algorithms that he’s talking about,” says Edward Hasbrouck of the Identity Project, a civil liberties initiative that focuses on the rights of travelers. “This is what extreme vetting means.”

DHS in general, and CBP in particular, have been playing a shell game for many years with their travel surveillance and control systems.

Government copies of airline reservations (Passenger Name Records) were first claimed to be part of a system of records called TECS, then declared to be part of a “new” system of records called the Automated Targeting System (ATS), although still stored in the TECS database. (Huh?)  Now an additional mirror copy of all this PNR data (still stored in TECS and still also deemed part of ATS) is being created as part of another “newer” system of records known as AFI.

If you’re confused by all the acronyms and name changes, and don’t know which government files you should ask for or worry about, that’s exactly what DHS wants.

AFI itself has changed fundamentally and for the worse in the last few months, at least if we can believe what DHS says. It’s always been a suspicion-generating and guilt-by-association machine, but now it’s a much more powerful one.  More powerful, to be clear, does not mean “better” or “more accurate”. It means, “capable of placing more people under suspicion” based on more intrusive data aggregation, data mining, and profiling. Here’s how:

(more…)

Controls on land travel vs. the right to free movement

Thursday, December 15th, 2016

In a partial but symbolically significant victory, the Belgian government has postponed a final vote in the national Parliament on legislation to require certain international railways to provide passenger name records (PNRs) to the government for surveillance and advance “vetting” of train travelers, as is already being done for air travelers between the EU, the US, and other countries.

(Text of the proposed law in French and Flemish/Dutch; report on first reading in Parliament; analysis and commentary in English; legislative history; legislative status.)

The Belgian proposal was approved by the anti-terror committee in Parliament despite a threat by the German national railway to suspend its high-speed services to Belgium if the bill passes, as well as other criticism.

One Belgian think tank, analyzing the proposal in the context of other anti-terrorism proposals, concluded that, “The creation of a Belgian PNR system is a good illustration of this dynamic: taking it as a given that it will facilitate the arrest of terrorists who are planning attacks is something of a fairy tale…. Social sciences, unlike astrology, is not about predicting the future.”

The decisive factor in the Belgian government’s decision to postpone the scheduled final vote in the national Parliament appears to have been intervention by the European Commission in response to a formal complaint by Access Now that the law would violate the right of EU citizens to move freely within the EU.

As with “rights” for US citizens that aren’t recognized as human rights for all, a decision by the EU or Belgium based solely on the rights of EU citizens falls short of full recognition of the right to travel. But so far as we know, this is the first time that the EU has blocked any proposed travel surveillance or control measure, in the EU or any of its members states, on the basis of the right to freedom of movement.

We hope that the Belgian government will withdraw its railway PNR proposal entirely, not leave it pending, and that other EU member states will take note of the incompatibility of measures like this with fundamental European and human rights principles.

What does Donald Trump’s election mean for our work?

Friday, November 18th, 2016

We endorsed neither Hillary Clinton, Donald Trump, nor any other candidate for elected office. So what does the presumptive election of Donald Trump as President of the U.S. — when the electors cast their ballots on December 19, 2016, and the votes are counted on January 6, 2017 — mean for the work of the Identity Project?

First and foremost, it means that our work, and the need for it, will continue — as it has under previous administrations, both Democratic and Republican.

Human and Constitutional rights are, by definition, no more dependent on the party affiliation of the President, if any, than on our own. Freedom is universal. Our defense of the right of the people to move freely in and out of the U.S. and within the country, and to go about our business, without having our movements tracked and our activities logged or having to show our papers or explain ourselves to government agents, has been and will remain entirely nonpartisan.

We will continue to criticize those who restrict our freedoms and infringe our rights, regardless of their party, just as we have criticized the actions of both the Obama and Bush administrations and of members of Congress and other officials of both parties, many of whom remain in power despite the changes at the top.

Attacks on our liberty have been, and remain, just as bipartisan as our resistance to them. This is especially true of the imperial power which the Presidency has been allowed to accrue, and which is exercised through Presidential proclamations, executive orders, and the secret law (or, to be more accurate, lawlessness) of Federal agency “discretion”. Those who acquiesced in the expansion of Presidential power and executive privilege because they thought that it would be used to their benefit by a President of their own party have only themselves to blame if that power is later used against them by a new President of a different party, or without allegiance to a traditional party hierarchy.

Many of the most imminent ID-related threats are those that arise from existing laws or extrajudicial administrative practices, the limits of which — in the absence of legislative or judicial oversight and checks and balances — are set solely by executive order. Where President Trump can make changes to ratchet up repression, to register and track both U.S. and foreign citizens, and to monitor and control our movements within the country and across borders, with the stroke of a pen, we don’t expect that he will hesitate to wield the power he has inherited to govern by issuing public decrees or by giving secret orders to his minions.

In some of these cases, Federal officials and the homeland-security industrial complex of contractors, confident that the incoming occupant of the White House will bless their efforts to anticipate has desires, may take action even before they are ordered to do so. This seems especially likely, in our area of concern, with respect to (1) the DHS implementation schedule and requirements for the REAL-ID Act,  (2) the TSA’s longstanding desire to enforce and eliminate exceptions to a de facto ID requirement for air travel that lacks any basis in statute and contravenes the U.S. Constitution and international law, and (3) expanded use of ID and surveillance-based pre-crime profiling (President-to-be Trump calls it “extreme vetting”) as the basis for control of movement, especially across borders.

We will be watching closely and reporting on signs of activity on all these fronts, some of which are already visible.

Now more than ever, we need your support — not just helping us to defend your rights, but asserting your rights and taking direct action to defend them yourselves. “The limits of tyrants are prescribed by the endurance of those whom they oppress.”

We invite you to join us in our continued resistance to all lawless attacks from any and all sides on our Constitution, our freedom, and our human rights.

Profiling travelers to find the “good guys” — and recruit them as informers

Tuesday, October 25th, 2016

targeting

[Some of the multiple sources and types of targeting rules in the TECS algorithms used to profile international travelers, from a CBP/FBI flowchart published by The Intercept. Click on image for larger version. “PAU” = CBP Passenger Analysis Unit at a specific international airport in the USA or abroad.]

Most (although certainly not all) of the people who contact the Identity Project for assistance in finding out what information the government has about their travels, or interpreting responses to their requests for travel records, are Muslims. Many of them, Muslim or not, can’t figure out why they were “targeted” for special treatment at US borders and/or airports despite having done nothing wrong. “What do they suspect me of, and why?” they want to know.

A recent report by The Intercept based on documents from an anonymous whistleblower source confirms what we, and many of the people who have sought our help, already suspected: The FBI is systematically “looking for ‘good guys’ not ‘bad guys'” among international travelers, to recruit them as informers (“confidential human sources”).  US Customs and Border Protection is using profiles and identities provided by the FBI to mine the information airlines are required to collect and provide CBP about passengers on upcoming flights to anticipate when potential informer recruits will be passing through US airports.

Once these potential informers are targeted, CBP arranges special joint CBP/FBI “welcome parties” to interrogate and search them and assess their ability, willingness, and suitability to serve as CHSs.  CBP uses its “border search” authority to conduct the searches and questioning, but FBI agents supply the questions and targeting lists and rules, sit in on the interrogations, and follow up with those who are determined to be potential recruits or who come under suspicion as a result of their response to the attempt to recruit them as informers.

The story in the The Intercept and the leaked documents published along with it don’t reveal much that we and others hadn’t already suspected. But they do fill out the some of the details.  And for anyone who was still in doubt, they show clearly how the government is already using its systematic access to airline reservations for surveillance of non-suspects, and for other general police purposes, contrary to the hollow assurances it has provided to the public and to foreign governments that this data will only be used for prevention of specific categories of crimes.

CDC proposes martial law in the guise of “medical quarantine”

Friday, October 14th, 2016

In the guise of a proposal for “medical quarantine“, the U.S. Centers for Disease Control and Prevention (CDC) have proposed regulations that would give CDC employees sweeping martial-law powers of warrantless search, interrogation, tracking of movements, arrest, and extrajudicial mass detention (at the detainees’ own expense!) of individuals or entire groups of unlimited numbers of people for unlimited periods of time.

The proposal revives a dormant decade-old rulemaking initiated after the 2001 and 2005 anthrax scares in Washington, DC. But rather than finalizing the rules proposed (and widely criticized) in 2005, or responding to the comments submitted back then in response to the original proposal, the CDC has published a new and different but perhaps even more objectionable replacement proposal.  It’s unclear why this is happening now, but it seems likely that the CDC feels a political necessity to be seen as “doing something” to prepare for the possibility of another outbreak of Ebola virus disease.

As we say in comments we filed today with the CDC:

The NPRM [Notice of Proposed Rulemaking] describes the proposed rules as a medical quarantine program. But they go far beyond what is medically indicated, authorized by statute, or permitted by the Constitution.

The CDC’s proposal completely ignores existing medical and legal procedures for involuntary commitment of individuals determined to constitute a danger to themselves or others. Instead, the proposed rules include:

  1.  indefinite extrajudicial mass detention without due process,
  2. compelled responses by travelers to extrajudicial interrogation concerning their exercise of First Amendment rights including rights of movement and assembly, regardless of whether there is any current outbreak of any communicable disease, much less whether there is any basis for belief that any specific traveler subjected to this interrogation is infected with such a disease; and
  3. charging innocent detainees for the costs of their detention.

These misguided, unauthorized, and unconstitutional proposals should be withdrawn.

[Details: Complete comments of the Identity Project, all 13,000+ public comments on the CDC proposal.]

“Following the money” in travel surveillance

Friday, October 7th, 2016

The growth of a homeland-security industrial complex funded by single-source contracts and shielded by knee-jerk invocation of “security” as an excuse for secrecy has created huge opportunities for cronyism and collusion between lobbyists, contractors, and government officials.

The poster child for this revolving door and its invidious effects on government policies and spending is former Secretary of Homeland Security Michael Chertoff and his work as a lobbyist for Rapiscan, the supplier of the TSA’s virtual strip-search machines.

Unsurprisingly, the US isn’t alone in allowing the commercial interests of spy-tech companies to drive government decisions to spy on travelers.

In the latest issue of the EDRi-gram newsletter, our friends  at the European Digital Rights Initiative explore “The curious tale of the French prime minister, PNR and peculiar patterns.”  It seems that the French military technology contractor Safran, whose “Morpho” division is one of the leading vendors of turnkey PNR-based traveler surveillance and profiling systems, is one of the largest employers in the home town of French Prime Minister Manuel Valls.

According to Estelle Massé and Joe McNamee of EDRi:

France has been particularly insistent on the unsubstantiated benefit of profiling all travellers — indiscriminately and in the absence of suspicion. French Interior Minister Bernard Cazeneuve pushed for swift adoption of the EU PNR directive before the EU Council, going so far as to accuse the European Parliament of being “irresponsible for delaying the vote” — implying that democratic debate over a privacy-invasive measure is simply wasting time. French Prime Minister Manuel Valls also pushed for the directive, allegedly arguing for adoption as a strong symbolic gesture in the fight against terrorism…

Safran has a major base in Evry, the small town south of Paris where Valls was mayor from 2001-2012. The company employs more than 3300 people and, earlier this year, Valls visited the site and discussed Safran’s role in ensuring long-term employment in the region. The French government said in a statement following the visit, “We have one aim: that the French industry stays ahead.”

The company now appears to be in fine fettle. It won major contracts to put in place expensive PNR systems in France and Estonia. Now that the PNR directive will make such systems mandatory across the EU, it is also seeking contracts in several other EU countries.

That’s not the end of the story. The pattern of links between Valls and Safran run even deeper. According to the French news outlet Marianne, in 2012, when a Safran contract was not renewed, Valls, who was then interior minister, allegedly intervened to help the company. He appears to have done so despite the fact that the proposed change to the contract could have saved 30 million euro of public funds.

Bertrand Marechaux, the police chief who questioned the contract, kept fighting to modify it and initiating legal proceedings against Morpho, a subsidiary of Safran. He was ultimately removed from his position. Valls’ office didn’t respond to Marianne’s request for comment at the time.

How the DEA uses travel company spies to confiscate travelers’ cash

Monday, October 3rd, 2016

A report by the Office of the Inspector General (OIJ) of the U.S. Department of Justice (DOJ) sheds more light on how the Drug Enforcement Agency (DEA) pays workers for airlines, Amtrak, bus companies, and package delivery services to spy on their customers, troll through reservation and shipping records, and finger travelers and senders and recipients of packages to the DEA in enchange for a share of the cash which can be seized and “forfeited” to the government even if no drugs are found and no criminal charges are brought.

This practice was first reported in August 2016 by Brad Heath in USA  Today, based on case-by-case review of court filings describing the basis for DEA searches that led to “civil forfeiture” proceedings. And the DOJ OIG had released brief interim summaries of its investigations into DEA relationships with one Amtrak employee and one TSA employee who were paid to inform on travelers.

The new OIG report released last week provides much more detail about the scope of the DEA’s use of travel and transportation staff as paid “confidential sources” to target travelers and parcels for cash seizures on the basis of travel reservations and shipping records. The OIG found that the DEA is paying employees of Amtrak, airlines, bus companies, and other transportation companies millions of dollars for individual tips and copies of entire passenger manifests:

[DEA] Special Agents have various ways of receiving these “tips,” but generally receive the information on a daily basis via email or text message, some of which are sent to government accounts and others to non-government private accounts that are established and controlled by the Special Agents. Additionally, we found that although some Special Agents estimated receiving up to 20 “tips,” or passenger itineraries, per day from their… commercial airline confidential sources, the DEA does not maintain a record of receipt of the totality of the confidential source “tips.”….

[S]ome Agents requested that sources provide them with suspicious travel itineraries that met criteria defined by the Agents, and in some cases requested entire passenger manifests almost daily….

(more…)

Restriction of movement is a punishment like banishment

Monday, August 29th, 2016

A Federal Court of Appeals has found that the latest version  of Michigan’s “Sex Offender Registration Act” (SORA), including restrictions on where registrants can live, work, or “loiter”, constitutes a form of punishment intended to inflict pain or unpleasant consequences. “More specifically, SORA resembles, in some respects at least, the ancient punishment of banishment,” according to the 6th Circuit Court of Appeals.

Both Federal and state governments have enacted a variety of misleadingly misnamed “sex offender registration” laws.

Despite being labeled as applying to “offenders”, these laws typically apply also to ex-offenders who have completed their entire sentence of incarceration, parole, and /or probation. These ex-offenders are subject to few legal restrictions except those of the “sex offender registration” laws and the no-gun list.

And while they are described as “registration” laws, these laws almost invariably require more than mere registration.  This parallels the government’s typical euphemistic use of the term “watchlists” for what are, in fact, blacklists or blocklists.

“Registration” laws typically restrict and regulate the exercise of First Amendment rights and rights recognized by international human rights law, including the rights to freedom of speech and freedom of movement, of people who are required to register.  In several states, these laws restrict free speech by prohibiting use of unregistered Internet access accounts or “identifiers” (whatever that means) by ex-offenders who are subject to these laws.  In a growing number of states, these laws restrict freedom of movement and residence by prohibiting registrants from living or working within a specified distance of any school — a distance which, in a populated area with neighborhood schools, can prohibit registrants from legally living anywhere in a municipality or community, or force them to live in wilderness or wasteland encampments without water, sewer, or electric service in order to stay far enough away from any school.

As we have reported, a Federal District Court judge has issued a preliminary injunction prohibiting California from enforcing its requirement for registration of Internet service accounts and identifiers, and that injunction has been upheld by the 9th Circuit Court of Appeals. The lawsuit challenging the California law drags on, however, while the court keeps giving the state more time for its legislature to try to “fix” the law to make it Constitutional.

But in contrast to this judicial rejection of some “registration” laws that restrict ex-offenders’ free speech on the Internet, courts have upheld restrictions on registrants’ residency, employment, and movement against a variety of challenges. So we were especially pleased that last week’s opinion by the 6th Circuit  in Does v. Snyder recognizes that both the restrictions on movement and those on Internet speech in the Michigan SORA amount to “punishment”:

SORA resembles, in some respects at least, the ancient punishment of banishment. True, it does not prohibit the registrant from setting foot in the school zones…  But its geographical restrictions are nevertheless very burdensome, especially in densely populated areas. Consider, for example, this map of Grand Rapids, Michigan, prepared by one of Plaintiff’s expert witnesses:

GRR

Sex Offenders are forced to tailor much of their lives around these school zones, and, as the record demonstrates, they often have great difficulty in finding a place where they may legally live or work. Some jobs that require traveling from jobsite to jobsite are rendered basically unavailable since work will surely take place within a school zone at some point.

The John and Mary Doe plaintiffs in the Michigan lawsuit were convicted before the SORA law was enacted. The court found that, because the law imposed imposed retroactive “punishment” on the plaintiff, it was an unconstitutional ex post facto law as applied to the plaintiffs:

We conclude that Michigan’s SORA imposes punishment. And while many (certainly not all) sex offenses involve abominable, almost unspeakable, conduct that deserves severe legal penalties, punishment may never be retroactively imposed or increased…. As the founders rightly perceived, as dangerous as it may be not to punish someone, it is far more dangerous to permit the government under guise of civil regulation to punish people without prior notice. Such lawmaking has “been, in all ages, [a] favorite and most formidable instrument[] of tyranny.” The Federalist No. 84, supra at 444 (Alexander Hamilton)…. The retroactive application of SORA’s 2006 and 2011 amendments to Plaintiffs is unconstitutional, and it must therefore cease.

The court didn’t reach the question of whether the law would be Constitutional as applied to people convicted after its enactment, but did express strong doubts about how it would rule in such a case:

As we have explained, this case involves far more than an Ex Post Facto challenge. And as the district court’s detailed opinions make evident, Plaintiffs’ arguments on these other issues are far from frivolous and involve matters of great public importance. These questions, however, will have to wait for another day because none of the contested provisions may now be applied to the plaintiffs in this lawsuit, and anything we would say on those other matters would be dicta. We therefore reverse the district court’s decision that SORA is not an Ex Post Facto law and remand for entry of judgment consistent with this opinion.

 

Wanna be Facebook friends with U.S. Customs & Border Protection?

Monday, August 22nd, 2016

Today we submitted formal comments to U.S. Customs and Border Protection objecting to its proposal to start asking visitors to the USA to list all their “social media identifiers”. USCBP (a division of the Department of Homeland Security) proposes to add this question to the I-94W form for international visitors arriving in the U.S., and to the online ESTA (Electronic System for Travel Authorization) application form for vistors form countries in the U.S. Visa Waiver Program:

Please enter information associated with your online presence—Provider/Platform—Social media identifier.” It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.

We’ve previously argued that the entire ESTA scheme is an illegal de facto visa requirement that violates the rights of foreign visitors to the U.S. But this proposal would make it even worse.  Hundreds of individuals and more than two dozen organizations have already denounced this proposal. You can submit your own comments here until midnight tonight, Eastern time. If you agree with us that this is a terrible idea, feel free to endorse our comments or use them as a template:

We oppose this absurd and un-American questioning of foreign visitors to the U.S., and urge USCBP to withdraw this proposal.

Both freedom of speech and freedom of movement (“the right of the people… peaceably to assemble”) are recognized by the First Amendment to the U.S. Constitution. These rights are also recognized in Article 12 (freedom of movement) and Article 19 (freedom of expression) of the International Covenant on Civil and Political Rights (ICCPR), a treaty ratified by, and binding on, the U.S. In addition, Article 17 of the ICCPR recognizes a right to protection against “arbitrary or unlawful interference with … privacy … or correspondence.”…

The essence of human rights law is that these rights are recognized as universal rights to which all people are entitled regardless of their citizenship or nationality (if any). This proposal … treats foreign visitors to the U.S. as lacking these human rights, and thus implicitly as less than human… This would reinforce the impression around the world that the U.S. does not believe in or respect human rights, but regards these universal human rights as “privileges” granted by the government and enjoyed only by U.S. citizens. We do not want to live under such a government or in such a world…

(more…)