Feb 16 2018

Will “continuous vetting” include new demands for travel information?

Congress is currently considering multiple “immigration” bills containing provisions for “continuous screening” or “continuous vetting” of foreign residents, visitors, and would-be visitors to the US. As we have noted previuosly, “continuous screening” and “continuous vetting” are euphemisms for “continuous surveillance and control”.

These so-called “immigration” bills would not be limited to foreigners. Many of them would include US citizens exercising our right to leave our country, and to return, in pre-crime travel surveillance and control schemes.

One question that has been raised about some of these proposals is (1) whether they would require airlines to provide the DHS with additional informaiton about  air travelers, or require information about potential passengers to be provided further in advance of scheduled flights, and (2) if so, whether this would violate the US “agreement” with the European Union regarding US government use of PNR data obtained from airlines.

Here’s some background, and some analysis, of what “continuous vetting” might mean for US government use of data from airlines, and for the US agreement with the EU:

Read More

Feb 06 2018

New “National Vetting Center” will target travelers

The White House today announced the creation by executive order of a new “National Vetting Center”, led by the DHS, to coordinate efforts to surveill, profile, and control movement by U.S. citizens, residents, immigrants, and visitors.

The “National Security Presidential Memorandum” was not made public, and the  press release announcing it gives few details. So far as we can tell, it appears that the intent  is to integrate the pre-crime functions of the DHS, particularly those of the National Targeting Center that currently issues extrajudicial yes-fly and no-fly orders or “recommendations” to airlines, with the travel and immigrant surveillance components of other departments, and to extend it from border crossings to continuous surveillance and control.

Since “pre-cogs” capable of making pre-crime predictions are a Hollywood sci-fi fantasy, not a reality, what would be the criteria for this “Extreme Vetting”?

A report commissioned last month by the head of US Customs and Border Protection and  made public by Foreign Policy gives an indication of the likely “vetting” criteria for action against individuals by the new National Vetting Center. Read More

Jan 30 2018

Government and industry collaborate in travel surveillance

Senior officials of US Customs and Border Protection (CBP) came to San Francisco last week to meet with representatives of the Identity Project and other civil liberties and human rights organizations regarding CBP “biometric entry/exit” schemes. These CBP programs, some of which are already in operation, involve taking digital mug shots of international travelers — including US citizens — as they enter and leave the US. The meeting in San Francisco was a follow-up to one in Washington, DC, in August 2017.

Debra Danisek, CBP Privacy Officer, and John Wagner, Deputy Executive Assistant Commissioner in charge of the CBP “Office of Field Operations”, were accompanied to the meeting by CBP national, regional, and SF Bay Area local CBP policy anbd operations staff.

We welcomed the opportunity to point out to the CBP officials in charge of these programs that — especially as they apply to US citizens — they violate multiple Federal laws,  involve unconstitutional warrantless, suspicionless dragnet surveillance of how we exercise our right to assemble  as protected by the First Amendment, and should be abandoned.

It was an infuriating meeting, however. Rather than offering explanations for many of the CBP’s practices, the CBP officials acorss the table flatly denied much of what is happening at airports throughout the US, even in the face of first-person testimony to the contrary from many of the civil liberties advocates in attendance.

Since they wouldn’t admit that some of the most abusive CBP practices — the ones we thought the meeting had been called to discuss — are actually happening, the CBP officials wouldn’t talk about what, if any, legal basis these practices might have. Meanwhile, these unlawful practices by CBP and other DHS components continue and  expand.

Here are some of the counter-factual claims made by CBP in our meeting, and some of the issues left unaddressed: Read More

Jan 15 2018

Citizens: Just say “No” to requests for your passwords

Our article last week on the new DHS policy on demands for passwords to travelers’ electronic devices has prompted extensive discussion on Hacker News and elsewhere.

One theme in the comments is that travelers who are not US citizens could be turned away at the US border or sent back when they arrive at a US airport if they decline to disclose the passwords to their electronic devices, and might also be blacklisted from the US for life.

That’s a legitimate concern for non-US citizens.

We would argue that denial of entry or blacklisting and denial of future entry on the basis of declining to provide passwords would be illegal, but the DHS might well do it anyway, and it could be hard for non-US persons to challenge in court.

It’s not clear that a non-US citizen would have no means of redress in court. As we noted in our earlier article, the Paperwork Reduction Act (44 US Code, Section 3512) provides that:

(a) Notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information that is subject to this chapter if—
(1) the collection of information does not display a valid control number assigned by the Director in accordance with this chapter; or
(2) the agency fails to inform the person who is to respond to the collection of information that such person is not required to respond to the collection of information unless it displays a valid control number.
(b) The protection provided by this section may be raised in the form of a complete defense, bar, or otherwise at any time during the agency administrative process or judicial action applicable thereto.

Denial of entry to the US would certainly seem to be a “penalty” proscribed by the PRA. However, we are unaware of any case law on whether “person” as used in the PRA is limited to US citizens.

More pragmatically, the DHS might claim that the denial of entry was for some other reason, rather than admitting that it was as retaliation for declining to disclose passwords.

Arbitrary or baseless denial of entry to non-US citizens often evades US judicial review.

The clearest precedent for this threat is the case of Dr. Rahinah Ibrahim, whose name was added to the no-fly list by an FBI agent who checked the wrong boxes on a “nomination” form. Ten years of litigation culminated in the first (and to date only) trial in a no-fly case, and a court decision  in Dr. Ibrahim’s favor. The government took Dr. Ibrahim’s name off the no-fly list — but not before putting her name on a different blacklist, for reasons that remain secret, and denying her a visa to return to the US.

So it’s reasonable for non-US persons to fear that even if they have a “right” not to be penalized for refusing to tell the US government their passwords, they could be blacklisted and denied entry to the US then or in the future, withough legal recourse.

What this means, of course, is that it’s up to US citizens to stand up for the rights of all, including the rights of those more likely to be kept out of the US and out of US courts.

US citizens have a clear legal right, explicitly recognized by international human rights treaty,  to leave or return to the US. US citizens can’t be denied the right to enter or leave the US for exercising their right to remain silent once they have completed the approved customs declaration form. And US citizens have a much better chance of being able to challenge any denial of entry or exit or other adverse action in court. It’s up to us.

If travelers submit to these demands — even if they do so “under protest” — their acquiescense will be deemed to have been “voluntary”. Only those who decline to provide passwords are likely to ahve legal standing to challenge the legality of these demands.

If US citizens don’t resist, nobody will. Even if foreigners complain about the actions of US border guards, they may have no way to get their complaints considered by US courts.

If you are a US citizen and US government agents ask for your passwords, just say “No”.

Jan 05 2018

New DHS policy on demands for passwords to travelers’ electronic devices

US Customs and Border Protection, a component of the Department of Homeland Security, today posted a revised policy on Border Searches of Electronic Devices and a Privacy Impact Assessment of some of the changes made by the new policy.

CBP has received (and largely ignored) numerous complaints by travelers who have been detained and told they wouldn’t be allowed to go unless they told CBP the passwords to their smartphones, laptop computers, or other electronic devices. Electronic devices have been seized and copied, and in some cases returned only long afterward and/or in altered or damaged condition. A lawsuit challenging suspicionless searches and seizures of data stored on travelers’ electronic devices, brought by EFF and the ACLU, is pending in Boston.

Federal courts have generally been overly deferential to government claims to the existence of a general exception to the Fourth Amendment making it per se “reasonable” to search or seize anything at or “near” a border or at an international airport, regardless of whether there is any basis to suspect a traveler of anything except international travel.

But the new CBP policy stretches the government’s claim of authority for warrantless, suspicionless, searches and seizures of electronic devices and data even further than its 2009 predecessor.

As the new PIA correctly notes, “The 2009 policy was silent regarding CBP’s handling of passcode-protected or encrypted information.”

CBP now says as follows, without citing any basis for this assertion:

Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents… Passcodes or other means of entry may be requested and retained as needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device. If an Officer is unable to complate an inspection of an electronic device because it is protected by a passcode or encryption, the Officer may… detain the device pending a determination as to its admissibility, exclusion, or other disposition.

In other words, CBP is now claiming the authority to confiscate your cellphones, laptops, memory cards, and any other electronic devices if you won’t tell CBP your passwords, and to retain the passwords you give them as well as the contents of those devices.

Yes, this applies to U.S. citizens and permanent residents as well as visitors.

Read More

Dec 19 2017

“Border control” as pretext for drug dragnet

The latest so-called “Privacy Impact Assessment ” (PIA) made public by the US Department of Homeland Security, “CBP License Plate Reader Technology“, provides unsurprising but disturbing details about how the US government’s phobias about foreigners and drugs are driving (pun intended) the convergence of border surveillance and dragnet surveillance of the movements of private vehicles within the USA.

The main reason for the publication of the CBP License Plate Reader Technology PIA is to provide the public with “notice that CBP is partnering with the Drug Enforcement Administration (DEA) to leverage each other’s .. LPR [License Plate Reader] systems.”

Since at least 2007, US Customs and Border Protection (CBP) has had a network of license plate readers continuously monitoring and recording the license plate numbers and locations of vehicles near US borders. “Near” and “border” in this context are euphemisms: Federal regulations define the “border” zone for purposes of CBP authority as including anywhere within 100 miles of any US border or seacoast,  which puts roughly two-thirds of the US population within “border” regions.

Meanwhile, the DEA has compiled an aggregated database of geotagged and timestamped license plate records purchased from commercial sources, including records of vehicle locations far from what even the DHS considers the “border zone”.

CBP and DEA are already able to query and retrieve data from each other’s LPR databases. A DEA agent can also set a “TECS alert” flag in the DHS database for a specific license plate number, the same way they  can for a specific passport number, so that they will be notified automatically whenever that plate is spotted by a DHS camera.

What’s changing is that instead of providing LPR information to each other only in response to specific targeting requests, CBP and DEA plan to “stream” all of the data from their LPR networks to each other in real time. “CBP intends to provide DEA access to CBP LPR information… through a real-time streaming service.”  Each agency will have a complete copy of the data collected by the other, so that they can merge and mine it and use it for “pre-crime” profiling.

As is the trend with all DHS surveillance systems, the goal is to convert a targeted system for investigating suspects into a dragnet system that treats everyone as a suspect subject to continuous surveillance and “continuous screening” or “continuous vetting”.

Read More

Dec 18 2017

Canada puts U.S. Customs and Border Protection officers above the law

A Canadian law which received final approval last week, Bill C-23, gives officers of U.S. Customs and Border Protection (CBP) staffing “preclearance” facilities within Canada police powers to detain, interrogate, and search travelers, while granting these agents of the U.S. government absolute and unconditional immunity from any civil lawsuit or liability under Canadian law, and immunity from criminal liability except in limited cases of death, injury, or property damage.

This immunity from civil lawsuits or liability in Canada extends to violations by US CBP officers at preclearance sites of fundamental rights, including the Canadian Charter of Rights and Freedoms, that are protected by law everywhere else in Canada,. Bill C-23 places CBP officers above Canadian law, as though they were diplomats enjoying immunity from local law inside extraterritorial enclaves, while giving them police-like powers to use force against ordinary people seeking to travel between the US and Canada.

Travelers passing through US preclearance facilities at Canadian airports, train stations, and ferry terminals are now required by Canadian law to: Read More

Dec 15 2017

“Continuous screening” means continuous surveillance and control

Today the Identity Project joins more than 20 other government-accountability and civil liberties organizations in a joint letter opposing S. 2192, the “SECURE Act of 2017”, which  was introduced in the Senate earlier this month and immediately placed on the Senate calendar for a floor vote at any time.

The name of this bill is Newspeak. It is not about security, but about surveillance and control of immigrants, borders, and international travelers, including  U.S. citizens.

The coalition letter to members of Congress that we signed today focuses on Sections 6002-6003 (pp. 488-499) of S. 2192,  which would authorize the Secretary of Homeland Security, Secretary of State, or Attorney General to exempt their respective Federal departments from the Administrative Procedure Act,  the Privacy Act, and the Paperwork Reduction Act with respect to a wide range of border control and surveillance activities.

The Administrative Procedure Act (APA) spells out the details of Constititionally-required “due process” as it applies to administrative decision-making by Federal agencies. Decisions adversely affecting individuals’ rights made without complying with the APA would be highly likely to violate Constitutional norms of due process.

Exemption from the Privacy Act  would allow the creation and maintenance, without notice, of secret Federal government databases about U.S. citizens, and the use of secret, unreliable, uncorrected, and/or irrelevant data as the basis for decisions to deny U.S. citizens their rights. These practices would also be likely to be unconstitutional.

Many of the provisons of S. 2192 are copied from S. 1757, an earlier omnibus “border control” bill we criticized when it was introduced in September.

Like its predecessor S. 1757, S. 2192 incorporates a patently unconstitutional “Passport Revocation Act” (Section 1632, pp. 446-448), which would purport to authorize revocation or refusal to issue or renew a U.S. passsport, and the prohibition of departure from or return to the U.S., on the guilt-by-association basis of (1) an extrajudicial  administrative designation of an organization as a “foreign terrorist organization”, and (2) an extrajudicial  administrative determination by the State Department that a U.S. citizen is “affiliated” with such an organization (without the law defining the meaning of “affiliated”).

The number of references to the “unreviewable discretion” of officials and agencies has increased from 14 in S. 1757 to 17 in S. 2192.

S. 2192 also includes provisions from S. 1757 mandating government monitoring of activities and ideas expressed on social media, and the use of this surveillance data for making visa decisions and for “continuous screening” (continuous surveillance and control) of immigrants, foreign residents (including permanent residents), and foreign-citizen visitors to the U.S.

As the letter we sent today concludes, “We oppose these provisions in S.2192 and any other border security bill.”
Nov 16 2017

“Extreme Vetting” would be a #PreCrime #DigitalMuslimBan

Today The Identity Project joined 55 other civil rights, civil liberties, government accountability, human rights, immigrant rights, and privacy organizations in calling on the US Department of Homeland Security to abandon its Extreme Vetting Initiative.

The essential goal of the DHS Extreme Vetting Initiative is to extend the bogus “pre-crime” prediction algorithms and methods based on “big data” from suspicionless mass surveillance, already being used by the DHS and its partner agencies in the US and abroad to decide who is allowed to board airplanes, to a broader range of decisions about who is allowed to travel to, or reside or remain in, the US.

But the DHS doesn’t have any “pre-cogs”, human or robotic, to make these predictions. And prior restraint of our movements or other activities based on predictions of future criminality is not only impossible (and inherently subject to abuse by those who create the predictive and decision-making algorithms) but an affront to fundamental notions of justice, due process, and human rights.

According to a joint letter we sent today to the Acting Secretary of Homeland Security, Elaine Duke:

We write to express our opposition to Immigration & Customs Enforcement’s proposed new Extreme Vetting Initiative, which aims to use automated decision-making, machine learning, and social media monitoring to assist in vetting of visa applicants and to generate leads for deportation. As it is described in ICE documents, this program would be ineffective and discriminatory. It would also pose a signal threat to freedom of speech and assembly, civil liberties, and civil and human rights. We urge the Department of Homeland Security to abandon this effort….

The goal of the Extreme Vetting Initiative is to “develop processes that determine and evaluate an applicant’s probability of becoming a positively contributing member of society as well as their ability to contribute to national interests,” using analytic capabilities including machine learning.  ICE also seeks to “develop a mechanism/methodology that allows [the agency] to assess whether an applicant intends to commit criminal or terrorist acts after entering the United States.”

In reality, as a group of prominent technologists advised in a recent letter, “no computational methods can provide reliable or objective assessments of the traits that ICE seeks to measure.” There is no definition anywhere in American law of what it means to be a “positively contributing member of society” or to “contribute to national interests,” posing a risk that ICE will exercise maximal latitude to discriminate beneath the cover of an unproven algorithm….

Confirming that ICE’s focus is on quantity rather than quality, the agency has announced that the winning vendor for the Extreme Vetting Initiative contract must “generate a minimum of 10,000 investigative leads annually” – without regard to how many leads are actually appropriate….

The Extreme Vetting Initiative will also undoubtedly chill free expression, contravening the First Amendment and international human rights, such as those contained in the Universal Declaration of Human Rights, for which the United States has registered official support, and the International Covenant on Civil and Political Rights, to which the U.S. is a party… These risks are particularly acute in light of existing initiatives to ask travelers to identify all of their social media handles in order to obtain permission to travel to the United States….

Through the Extreme Vetting Initiative, ICE seeks to automate the process by which the U.S. government targets, finds, and forcibly removes people from our country…. But this system … risks hiding politicized, discriminatory decisions behind a veneer of objectivity – at great cost to freedom of speech, civil liberties, civil rights, and human rights.

Palantir Technologies has already become a target of criticism for its role in building tools for “extreme vetting”. (See our report from a protest outside the home of Palantir founder Peter Thiel earlier this year, and this recent 10-minute video, “Is Silicon Valley Building the Infrastructure for a Police State? New AI tools could empower the government to violate our civil liberties.“)  Now IBM, which attended a recent outreach day for Extreme Vetting Initiative contractors and has declined to distance itself from bidding to build the pre-crime program, is also being targeted by a petition asking IBM to “back up your verbal support of immigrants by publicly rejecting and denouncing the Extreme Vetting Initiative and pledge to not bid on any contract to build the tool.”

Nov 14 2017

Silicon Valley Is Building the Infrastructure for a Police State

The Identity Project is  featured along with our friends at the Electronic Frontier Foundation in the latest report from Reason.TV, Is Silicon Valley Building the Infrastructure for a Police State? New AI tools could empower the government to violate our civil liberties.

If you have ten minutes to watch the video, it’s a good introduction to Palantir, pre-crime policing, automated decision-making and control (“extreme vetting”), and the homeland-security industrial complex.