Apr 12 2021

Connecting the DHS to the airline industry

A Request For Information (RFI) posted on a website for Federal government contractors gives a glimpse into the degree to which the Department of Homeland Security (DHS) has embedded itself into the information technology infrastructure of the airline industry.

The RFI for Services to Electronically Transmit Airline Data was posted April 5, 2021, by US Customs and Border Protection (CBP). Responses from potential vendors are due by April 19, 2021.

CBP says it is “conducting market research to gain a greater understanding of the full range of available options for services for obtaining names and related information of passengers who are arriving and departing the U.S. on commercial airlines.” Although the RFI was put out by CBP, which surveils and controls international air travel and cargo transport to and from the US, it appears to contemplate integration with the parallel systems used by the Transportation Security Administration (TSA) for data-driven surveillance and control of domestic US air travel as well.

According to the RFI:

CBP is evaluating transmission options for air carriers to use in compliance with these requirements.

  • The vendor must have established connectivity with the airline community.
  • The vendor must be able to test and certify with the air carriers, the vendor, CBP and TSA as required.

For those unfamiliar with the “parallel universe” of airline IT and data communications networks, this RFI might best be conceptualized by analogy to the specifications for the equipment — revealed by whistleblower Mark Klein — that was installed in the facilities of AT&T and other telecommunications companies to provide real-time copies of message data to the National Security Agency (NSA).

While the NSA receives metadata about the movements of our messages in the form of telephone calls, email messages, Web browsing, and other Internet traffic, CBP receives metadata about the movements of our physical bodies, whenever we travel by air, in the form of, according to the RFI,  “Passenger Name Records (PNR), air cargo manifests, advance passenger information (API), passenger manifests, and other airline-related data.”

The TSA receives a similar but somewhat different dataset of all domestic airline flights in the form of Secure Flight Passenger Data (SFPD).

The RFI requests information from vendors that already have  “an available global private network primarily used by the aviation industry to enable the aviation industry to send/receive API, PNR, and other information to CBP and other entities.”

The gateways provided by these vendors would also, presumably, position these vendors to serve other governments wanting to surveil and control air travel while using common gateways to connect to airlines without having to connect to each airline separately.

As the NSA did with telecommunications companies, CBP embeds itself in vendors’ data centers and message switching hubs:

The contractor shall provide the following to permit the electronic transmission of airline data to CBP’s computer network and host systems:

Provide Ethernet Internet Protocol (IP) connections to the contractor’s private global network. CBP routers are located on vendor’s premises. Contractor provides physical space at their datacenter(s) to include ¼ communications rack to house DHS/CBP co-located equipment that connects to the contractor’s private global network.

Unlike the “black boxes” installed in AT&T and other telecommunications and Internet switching centers to send mirror copies of messages to the NSA, the CBP/DHS connection to the global airline reservation cloud is bidirectional. The role of the DHS is not limited to passive surveillance, which would require only a unidirectional data feed.  DHS exercises positive permission-based prior restraint and control of the issuance of each boarding pass, which requires reliable real-time transmission of Boarding Pass Printing Result (BPRR) permission messages from DHS to airline check-in counters and Web check-in systems worldwide.

Currently, each airline has the option of connecting directly to CBP for bi-directional  transmission of PNR and API data and receipt of BPPR messages through a virtual private network using CBP-specified protocols and vendors, or connecting to DHS through one of two vendors approved by CBP to act as intermediaries: ARINC or SITA.

Read More

Apr 05 2021

Can TSA checkpoints be used as a general law enforcement dragnet?

Airline travelers who were searched at Transportation Security Administration (TSA) checkpoint for cash and other items unrelated to any threat to aviation are entitled to their day in court, according to the first significant ruling by a Federal judge in Pittsburgh in a class action lawsuit filed a year ago.

The class action complaint in Brown v. TSA was brought by the Institute for Justice on behalf of all air travelers whose cash was seized at TSA checkpoints. It charges that searches at TSA checkpoints for “general law enforcement purposes” that aren’t limited to searches for weapons, explosives, and incendiaries that could pose a danger to aviation are (1) “ultra vires”,  that is, outside the scope of any authority granted by law to TSA checkpoint staff, and (2) unconstitutional as warrantless, unreasonable searches and seizures prohibited by the 4th Amendment.

The TSA and Drug Enforcement Administration (DEA) defendants tried to get the court to dismiss the complaint on such specious grounds as that the dozens of incidents of seizures of air travelers’ cash described in the complaint were merely “isolated incidents” unlikely to be repeated, and that a Federal law that has often frustrated judicial review of TSA actions, 49 U.S.C. § 46110, denies any Federal District Court jurisdiction to even consider such a complaint.

After review of initial recommendations by a Federal Magistrate, U.S. District Judge Marilyn Horan has denied most of the government’s motions to dismiss the class action complaint, allowing the case to move forward toward a decision on the merits.

As we noted when we first reported on the filing of this lawsuit, its importance extends well beyond the specific issues of searches and seizures of cash. This is one of two key pending lawsuits (along with one filed by Sai that’s pending in the 1st Circuit Court of Appeals with friend-of-the-court briefs due to be filed by the end of this week) challenging the TSA’s attempt to expand its checkpoints from limited special-purpose administrative searches for items posing a hazard to aviation to general law enforcement checkpoints like the “4th Amendment-free zones” at international borders and points of entry.

There have been, and continue to be, strong pressures from within the Department of Homeland Security and from other law enforcement agencies to use TSA checkpoints for an even wider range of general law enforcement purposes. That would create a new airport exception to the 4th Amendment, based on treating travel as presumptively grounds for suspicion (and thus subject to search and/or seizure) rather than the exercise of a right.

We are pleased to see this case go forward as an important test of the limits to the TSA’s authority, the meaning of the 4th Amendment, and the existence of a right to travel.

Mar 30 2021

Expanding travel policing beyond no-fly lists (and the Fourth Amendment)

According to an article in POLITICO based on interviews with unnamed “law enforcement officials,” the US Department of Homeland Security (DHS) is considering expanded use of airline reservation data  to target travelers  for more intrusive searches:

The department could begin analyzing the travel patterns of suspected domestic extremists, monitor flights they book on short notice and search their luggage for weapons, a senior law enforcement official told POLITICO. There have also been discussions about putting suspected domestic violent extremists — a category that includes white supremacists — on the FBI’s No Fly List, the official said. When suspected extremists travel internationally, officials may be more likely to question them before they pass through customs and to search their phones and laptops.

A second law enforcement official told POLITICO that conversations about monitoring domestic extremists’ travel have involved multiple federal agencies at the interagency level, including the FBI.

We’ve recently discussed what’s wrong with the no-fly lists (there are several, created and maintained by different, although interlocking, entities, for different ostensible purposes) and why they shouldn’t be used like this or in most of the other ways that they are now used.

As Gary Leff puts it in his View from  the Wing travel blog:

Denying the freedom of travel, without trial, is precisely the mob rule outside of the rule of law that we’re supposed to be pushing back on after the events of January 6th. Having the government ban travel on all airlines without judicial review is frightening in a democracy.

The latest article in POLITICO suggests tactics that go well beyond no-fly lists. It’s important to understand what’s being talked about, and how it would differ from previously-disclosed practices and exceed what is permitted by current law.

It’s crucial to recognize that, in this proposal, the DHS is testing the waters not for an expansion of existing authority, but an entirely new category of exception to the Fourth Amendment: a “pre-crime” search that is based on neither a warrant nor probable cause, but that — unlike an administrative search — targets individuals selectively.

Read More

Mar 05 2021

Court says you can sue TSA agents who don’t let you film them

Judge John A. Gibney, Jr. of the US District Court for the Eastern District of Virginia has ruled that TSA checkpoint staff can be sued (and, potentially, held personally liable for damages) for stopping a traveler from recording video with his cellphone of them searching (“patting down”) his wife, and ordering him to delete the video.

The initial decision in the case of Dyer v. Smith is likely to be appealed to the Court of Appeals for the 4th Circuit. But Judge Gibney’s ruling is an important step toward holding the TSA accountable to the 1st Amendment (freedom of speech and of the press) and 4th Amendment (freedom from unreasonable search and seizure) to the US Constitution.

In particular, Judge Gibney not only (1) recognized that members of the public have a Constitutional right to film at TSA checkpoints, and not to have their recordings seized, but also (2) rejected the claim that this right was not “clearly established” and thus that TSA checkpoint staff should have “qualified immunity” from lawsuits, and (3) allowed the lawsuit against the TSA to go forward, under the so-called “Bivens doctrine” already recognized by courts in other contexts, even though there is no specific law (other than the Constitution itself, which ought to suffice) providing for lawsuits against TSA staff who violate travelers’ Constitutional rights.

We are particularly pleased that Judge Gibney recognized that the Constitutional right to film the TSA is “clearly established,” contrary to the court finding in 2015 in Phil Mocek’s lawsuit against TSA checkpoint staff and Albuquerque Police that, while Mr, Mocek’s rights had been violated, the right to film at TSA checkpoints was not (yet) clearly established — so Mr. Mocek was not entitled to any redress through the courts for the violation.

The plaintiff, Dustin Dyer, is himself a lawyer, but served only as pro se local counsel to civil rights attorney Jonathan Corbett, one of whose specialties is TSA wrongdoing.

(Mr. Corbett is also, we are pleased to report, representing Sai in his challenge to the Constitutionality of 49 USC § 46110, the Federal law which establishes special and especially limited procedures and criteria for judicial review of “orders” issued by the TSA.)

As with Mr. Mocek, Mr. Dyer was able to recover the “deleted” video, although it’s not clear how important that may have been in deterring the TSA from making up stories about what happened, as the TSA and police did (unsuccessfully, in the face of video and audio evidence falsifying their official reports) with respect to Mr. Mocek.

It’s worth reading both Mr. Corbett’s brief in support of his client Mr. Dyer, and the amicus brief by Constitutional law professors Brandon Hasbrouck of Washington and Lee School of Law and Katherine Mims Crocker of William and Mary Law School (where Judge Gibney is also an adjunct professor). As friends of the court, these law professors note that “The logic of the single decision [the defendants] cite [Mocek v. Albuquerque] is quite strained.” Judge Gibney seems to have agreed.

Feb 25 2021

Precog in a Box

[Flowchart of “goTravel” software package developed by the government of the Netherlands and offered to U.N. members through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT)]

National governments of all members of the United Nations are being pressured to implement new U.N. mandates for surveillance, profiling,  and control of air travelers.

These unprecedented mandates for the creation and deployment of new surveillance and “pre-crime” policing systems in every U.N. member state  are the result of a successful twenty-year campaign carried out by the US and its allies through the U.N. Security Council and the International Civil Aviation Organization (ICAO) as policy laundering proxies.

This U.N. mandate is illegal: it contravenes provisions of the International Covenant on Civil and Political Rights, to which almost all U.N. members are parties. It’s immoral: it goes against basic principles of justice, including the presumption of innocence and punishment for criminal actions rather than for inferred criminal states of mind. And it’s wrong: it presumes the existence of human and/or robotic “precogs” that can predict future crimes.

U.N. members that haven’t yet set up “pre-crime” police agencies to surveil and profile air travelers are being pushed by Security Council and ICAO directives, and pulled by offers of  their choice of free “Precog in a Box” software and other training and support from US Customs and Border Protection (CBP) through the World Customs Organization (WCO), or from the government of the Netherlands through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT).

But how did we get here? What’s going on? And what’s wrong with this picture?

Read More

Dec 21 2020

We say “No” to mug shots at airports and borders

Illustration from CBP website. The claim that facial recogntion “helps to prevent the spread of germs” is especially bogus, since facial recognition requires travelers to remove their face masks wherever it is used.

Today the Identity Project (IDP), Restore the Fourth, Privacy Times, and the National Workrights Institute  filed joint comments with U.S. Customs and Border Protection (CBP) in opposition ot the CBP proposal to require mug shots (and possibly collection of other biometrics) from all non-U.S. citizens at all border crossings and international airports and seaports:

The purported NPRM [Notice of Proposed Rulermaking] was promulgated under purported authority delegated by an official purporting to exercise the duties of the Secretary of Homeland Security. That official was not appointed in accordance with the Vacancies Reform Act and therefore lacks authority to promulgate notices of proposed rules or final rules, or to delegate authority to do so which they do not themselves hold….

The proposed rules and procedures would violate the Privacy Act, and must therefore be revised or withdrawn.

The proposed rules and procedures would violate the Paperwork Reduction Act (PRA), and must therefore be revised or withdrawn.

The impact assessment in the NPRM is incomplete, inaccurate, and grossly underestimates the costs which would be imposed on individual travelers by the proposed rule. The NPRM fails to consider how many (more) individuals would opt out of collection of biometrics, if they were provided with the notices required by the PRA, or the cost to those travelers who are so delayed that they miss their flights. The impact assessment must be revised.

Read More

Oct 09 2020

Port of Seattle continues debate on facial recognition

The debate continues on whether the Port of Seattle should allow or pay for continued or expanded use of facial recognition at Sea-Tac Airport (SEA) and the Seattle cruise port.

Yesterday Port of Seattle staff and a subcommittee of the Port Commission met with an advisory committee on biometrics appointed by the Port Commission.

Jennifer Lee of the ACLU of Washington State delivered a letter co-signed by a coalition of organizations including the Identity Project urging the Port Commission not to authorize, pay for, or participate in any use of facial recognition to identify travelers:

On December 10, 2019, the Commission adopted seven principles to guide its decision-making on if and how biometrics should be used at the Port. These principles are: justified, voluntary, private, equitable, transparent, legal, and ethical.

We do not believe that either the current or the proposed uses of biometrics to identify travelers on Port property can be implemented in a manner consistent with these principles. Port staff state that its recommendations “are not meant to suggest that the Port should implement public-facing biometrics, but rather how to do so in alignment with our guiding principles.”  The only action that would be aligned with those principles would be to ban the use of facial recognition technology to identify members of the public by the Port, as well as by the Port’s tenants and contractors….

1. We urge the Port of Seattle Commission to reject participation in, and funding of, CBP’s facial recognition exit and entry programs….

2. We urge the Port of Seattle Commission to prohibit use of facial recognition technology by private entities.

The Port of Seattle should prohibit business tenants such as airlines from integrating with CBP’s Traveler Verification Service (TVS) — the agency’s “Identity as a Service” biometrics system…. When Port tenants integrate with CBP’s TVS architecture, it is impossible to separate “private” or non-federal surveillance from federal government surveillance of travelers. Travelers may think that they are having their photo taken at a self-service kiosk solely for use by the airport or airline. But in reality, that photo will also be shared with DHS and CBP.

The Port, airlines, and contractors should not obscure the role of DHS and CBP by collecting facial images on their behalf. The Privacy Act, as discussed further below, requires that if an individual’s personal information is to be used by a federal agency, it must be collected by that agency directly from that individual. The best way to provide travelers with clear notice that facial images are being passed on to DHS is to require that any such images be collected by identifiable, uniformed DHS staff, using DHS equipment, at DHS’s expense.

The Port meeting also heard from the office of Rep. Pramila Jayapal, who represents the city of Seattle and environs (although not Sea-Tac Airport) in Congress.  Noting the concerns that led her to introduce a bill in Congress that would “place a prohibition on the domestic use of facial recognition technology by federal entities, which can only be lifted with an act of Congress,” Rep. Jayapal suggested that the Port Commission “consider a moratorium on the use of biometrics technology in all Port activities under its purview.”

Read More

Sep 09 2020

Portland bans facial recognition by city agencies or in places of public accommodation

Today the City Council of Portland, Oregon, voted unanimously to ban the use of facial recognition technology by City agencies or by private entities in places of public accommodation within the City limits, including at the Portland International Airport (PDX), effective immediately.

Many local and national organizations and individuals testified eloquently in favor of these proposals. We don’t need to repeat all of their general arguments.

But a point of particular concern and particular pleasure for us is that the Port of Portland asked the City Council for an exemption from the ban to allow use of facial recognition “for air carrier passenger processing” — and was turned down.

No member of the City Council mentioned the Port’s request for a carve-out for facial recogntion of air travelers during the City Council discussion, and the proposals were adopted without amendment except for making the ban on private use of facial recognition in places of public accommodation effective immediately, as had already been proposed for the ban on use by city agencies. (The amendment to make the private entity ban effective immediately was made verbally during the City Council meeting, so it isn’t reflected in the advance text of the proposal.)

This is an important precedent , as Portland is only the second jurisdiction in the US to consider local rules related to facial recognition at its airport.

Earlier this year, after behind-the-scenes threats by the US Department of Homeland Security (DHS) to make life difficult for the Port of Seattle if it didn’t collaborate with DHS facial recognition schemes at Sea-Tac International Airport (SEA) and allow airlines and contractors also to do so, the Port of Seattle Commission reneged on the aspirational policy principles it adopted in 2019  and decided to buy and operate common-use facial recognition cameras integrated with DHS and airline databases and operations.

(See our written testimony to the Seattle Port Commission on use of facial recognition at SEA: 1, 2, 3., and articles in our blog here and here.)

The decision by the Port of Seattle was made just before the COVID-19 pandemic drastically reduced traffic at SEA and other airports and delayed the need for the new gates at SEA where the DHS-linked cameras were to be installed. A broad coalition of local and national community and civil liberties organizations has called on the Seattle Port Commission to use the opportunity provided by this delay to reconsider its decision on facial recognition.

Portland did significantly better than Seattle in working to distance itself from and isolate the DHS — not surprisingly in light of the object lesson the DHS has provided in Portland recently with respect to DHS trustworthiness (not), self-restraint (not), commitment to the rule of law (not), and respect for civil and human rights (not). Portlanders don’t trust the DHS to behave any better at PDX Airport than it’s been behaving on the streets of Portland.

PDX airport is located within the City of Portland but operated by the Port of Portland, a special-purpose agency of the state of Oregon governed by a board appointed by the Governor of Oregon. The City of Portland can’t prevent use of facial recognition by the DHS or the Port of Portland, but can regulate or prohibit its use by private entities, including airlines, within the city limits, including at the airport.

The Port of Portland has the authority to enter into contracts, borrow and spend money, manage its employees, and enact rules for activities at PDX Airport. But in addition to the requirements of due process and other Constitutional rights, and the obligations on the airport as a publicly owned and operated place of public accommodations and common-carrier facility, the legislative authority of the Port is limited to the issuance of rules consistent with city ordinances. That appears to mean that the Port may not prohibit that which the city has duly prohibited. (If readers have more expertise on this jurisdictional issue, feel free to leave a comment or drop us a line.)

The Federal government could preempt the Portland ordinances if it enacted valid laws or promulgated valid regulations mandating use of facial recognition by Federally-regulated airlines and/or airports. But no law mandates use of facial recognition for US citizens, even when traveling internatoinally, or for passengers on domestic flights

The DHS has refrained from promulgating any such regulations, preferring to operate outside the law than to establish any legal framework for its use of facial recognition or subject it claim of authority to notice-and-comment rulemaking or judicial review. A petition for rulemaking on use of biometrics for traveler identification submitted to the DHS by the Portland-based World Privacy Forum has been ignored by the DHS for almost two years.

While the DHS has engaged in heavy-handed behind-the-scenes lobbying and threats to “persuade” airlines and airport operating agencies to become its “partners” in biometric surveillance and control of air travelers, as it did in Seattle, the DHS has continued to maintain — correctly — that this “cooperation” is entirely voluntary. In declining to participate, and by exercising its jurisdiction to prohibit airlines or other contractors form doing so within the city limits, the City of Portland is doing only what the DHS has consistently said that local jurisdictions have the authority to do, if they so choose.

The July 14, 2020, letter from the Port of Portland to the Portland City Council requesting exemption from the facial recognition ban made numerous false factual claims and specious arguments. Since these bogus arguments are likely to be raised again in other cites despite having failed to persuade any of the members of the Portland City Council, it’s worth noting and debunking them:

Read More

Sep 04 2020

ICAO mandates worldwide government surveillance of air travelers

Playing out the endgame we predicted last year of a two-decade campaign by the US government to establish a global regime of government surveillance of air travelers, the International Civil Aviation Organization (ICAO) has adopted an amendment to the Chicago Convention on Civil Aviation that will require each of the 193 state parties to that treaty — essentially every national government in the world — to require all airlines operating international flights to provide a designated government agency with complete mirror copies of all reservation records (“Passenger Name Records“) in a standard PNRGOV transmission format.

This is an extraordinary and, so far as we can tell, unprecedented globalization and normalization of suspicionless mass surveillance of the innocent exercise of legal rights.

To the best of our knowledge, this is the first time that any industry — much less an industry of common carriers required by law (including by international aviation treaties) to transport all would-be passengers, without discrimination, in the exercise of a right to freedom of movement also recognized by international treaties — has been mandated by international treaty to provide government agencies worldwide with complete copies of its commercial records of each of its transactions with a customer. No such treaty obligation exists, for example, with respect to records of postal, telephone, Internet, or financial transactions.

The exercise of rights should not be deemed per se suspicious or a legitimate grounds for surveillance.

The requirement for PNR-based surveillance of air travelers is included in Amendment 28 to Annex 9 to the Chicago Convention. This amendment was approved by ICAO’s Council — an executive committee of countries elected by ICAO’s members to make decisions between ICAO’s triennial General Assembly of all member states — on June 23, 2020.

Read More

Jul 23 2020

CBP to buy license-plate reader data to track vehicles away from borders

Are parking garages and toll roads spying on innocent motorists for Federal police?

Reversing a decision made in response to public pressure in 2014, US Customs and “Border” Protection (CBP) plans to pay a commercial aggregator of license-plate reader data to track vehicles that aren’t near any US border or in the “border zone” within 100 miles of coasts and borders where CBP has its own license plate readers, according to a Privacy Impact Assessment (PIA) published this month.

According to the new PIA, the aggregated commercial database that CBP is paying to query includes “nationwide… license plate image information from private businesses (e.g., parking garages), local governments (e.g., toll booth cameras), law enforcement agencies, and financial institutions via their contracted repossession companies.”

The PIA is worded in the future tense (“CBP plans to…”), but the contract is describes may already have gone into effect, or could do so at any time.

Read More