Archive for the ‘Surveillance State’ Category

Congress votes to stigmatize and surveil the travel of second-class US citizens

Tuesday, February 2nd, 2016

Can second-class US citizens be required to carry second-class US passports with a conspicuous stigmatizing “scarlet letter” label? Congress has now said yes.

Do DHS pre-cogs have the omniscience and infallibility of angels at predicting and protecting the US and the world against future crimes? Congress has now said yes.

Yesterday Congress completed its approval of a bill which, assuming it is signed into law by the President, will stigmatize and surveil the international movements of certain US citizens by (1) requiring the State Department to mark their passports with a modern equivalent of an “A for Adulterer” or “J for Jew” (a “visual designation affixed to a conspicuous location on the passport indicating” their status), (2) requiring these individuals to notify the government, in advance, of any intended travel outside the US, including their complete itinerary and any details of their planned movements demanded by the Attorney General, and (3) creating a new pre-crime travel surveillance and policing agency within the DHS to track, log, and alert foreign governments to the intended movements of these travelers.

The bill, H.R. 515, obtained final approval yesterday in the House of Representatives by voice vote, with no real debate and only a handful of members present, under procedures allowing for suspension of normal Congressional rules. [The bill had already been approved by the Senate in December.] But in previous statements about the bill and its predecessors, which Congress has been considering for years, members of Congress have made clear their hope that the combined effect of stigmatized passports, deliberately burdensome reporting requirements, and advance notice to foreign governments from the US government (carrying with it an implicit message that the US wants those foreign governments to deny entry to these US citizens) will effectively prevent these US citizens from traveling abroad at all, and confine them within the borders of the USA.

In an astonishing Orwellianism — but one that perfectly describes the fallacy of the vision embodied in the law — Congress has named the new pre-crime travel policing unit within the DHS the “Angel Watch Center”, claiming for the DHS the omniscient and infallible divine predictive ability of angels to watch over us and protect us from the people they think, or “know” by means that mortals cannot question, are going to commit future crimes.

(more…)

The REAL-ID Act is about the database

Friday, January 8th, 2016

At yesterday’s first meeting of a new Minnesota “Legislative Working Group on REAL-ID Compliance“, state lawmakers’ concerns centered on (1) whether residents showing state-issued IDs will be prevented from boarding domestic flights, or harassed and delayed by the TSA, if the state doesn’t agree to “comply” with the REAL-Act Act to the satisfaction of the DHS, and (2) what compliance with the REAL-ID Act would mean for the state’s database of information about people with Minnesota drivers’ licenses or state ID cards.

The DHS has been trying to mislead state officials and the public about both these issues. Understanding both, and separating fact from DHS fiction and innuendo, is key to understanding the REAL-ID Act.

A report from a legislative analyst with the legislature’s research department distributed at yesterday’s meeting asserts that, “At some unspecified point in time (which could be in 2016), a REAL ID-compliant form of documentation will become required to fly in scheduled airline service.” But — oddly for a purported legislative analysis or research report — no authority is cited for this alleged legal “requirement”.

In fact, as we testified yesterday and as we have confirmed through more than a decade of litigation, research, and FOIA requests, this key claim — the threat being used by the DHS to induce reluctant states to accede to DHS requests for “compliance” — has no basis in any publicly-disclosed law or regulation.

People fly without ID every day, and the TSA has procedures for that, as we’ve heard them testify in court. People without ID may be (unlawfully) harassed and delayed at TSA checkpoints and airline check-in counters, but the TSA’s responses to our FOIA requests for its daily reports on how many people try to fly without ID show that almost all of these people are allowed to fly. And those few people who are prevented by the TSA from traveling by air, like the larger numbers who are harassed or delayed by the TSA merely because they don’t show ID or answer other questions, likely have cause for legal action against the TSA. They deserve the support of the states where they reside.

If you lose your wallet and find out the next day that your mother is dying 2,000 miles away, as happened to a friend of ours in St. Paul just before Christmas, you don’t have time to get your driver’s license replaced or take a bus across the country. You need to get on a plane right away, without ID. That’s what our friend did, and fortunately she got there in time. The TSA isn’t going to try to stop you from seeing your mother before she dies. That’s not a case the TSA wants to take to court, or would be likely to win.

But what’s this other question about the database?

To meet the requirements of the REAL-ID-Act, a state must “Provide electronic access to all other States to information contained in the motor vehicle database of the State,” including, “all data fields printed on drivers’ licenses and identification cards issued by the State.” In effect, this would allow state databases to function as part of a distributed but national ID database system.

The DHS has picked out only a subset of the statutory requirements in the REAL-ID Act to consider in deciding whether to exercise its statutorily standardless discretion to certify whether states are making progress toward compliance or to grant them discretionary waivers of “deadlines” which have been set by the DHS in its discretion, and can be and have been repeatedly postponed in the exercise of that same discretion.

The initial DHS-selected criteria don’t include the requirement in the law for nationwide access by state agencies to other states’ drivers’ license and ID databases. DHS undoubtedly knows that this is one of the most objectionable, and potentially one of the most difficult and costly to implement, of the elements of state “compliance” with the REAL-ID Act, and has tried to downplay or deny the plain language in the law requiring unrestricted interstate access to drivers’ license databases. Including full interstate database access in its “compliance” criteria also would probably compel DHS, if it was to be honest, to concede that no state has yet fully complied with the REAL-ID Act.

But state officials shouldn’t be fooled: A state that agrees to “comply” with the REAL-ID Act is agreeing to comply with all of its provisions, including the database access mandate, not just the less objectionable portions that the DHS has decided to focus on first.

Once a state agrees to comply, it no longer has any leverage to move Congress to change those requirements. The only power a state has to exert pressure for change in the REAL-ID Act requirements, or their repeal, is to withhold state agreement to comply until those requirements are amended to its satisfaction, repealed, or overturned by the courts as unconstitutional.

(more…)

No Social Security number? No passport. Why?

Tuesday, December 15th, 2015

When we reported last week on the passport provisions in the new “Fixing America’s Surface Transportation Act”, we focused on the details of the rules for denial or revocation of US passports of citizens alleged to owe more than $50,000 in Federal taxes.

We should, perhaps, have put more emphasis on the other new basis we mentioned for the denial of a passport application: failure to provide a valid Social Security account number on the passport application form. This could affect more people than the linkage of passports to taxes.

While the shorthand title on our blog post referred to people who “don’t have” a Social Security number, the same fate could befall anyone who chooses not to disclose their Social Security number. The new law would authorize but not require the Secretary of State — at her standardless “discretion” — to deny any passport application that doesn’t contain a valid Social Security number.

There are probably more US citizens who don’t have a Social Security number than who owe more than $50,000 in taxes. And there are good reasons for even those citizens who do have a Social Security number not to want to disclose it to the State Department and to all the other government agencies (including the DHS) with which it shares passport data.

Federal law and IRS regulations already imposed a $500 civil penalty for applying for a passport without providing a Social Security number. This was a high price to pay for freedom from travel dataveillance based on Social Security number. But it wasn’t always enforced (more “discretion”), and it was not a basis for denial of a passport. Now it is.

Why would someone who has a Social security number not want to give it to the State Department? The answer is obvious once you reverse the question: Why does the State Department want to record the Social Security number of each passport holder? And how do the State Department, and the other agencies with which it shares this data, plan to use it?

There’s a separate legal requirement and required form, which includes the passport number, for reporting any international transportation of $10,000 or more in cash or “monetary instruments”, either as accompanied baggage or in an unaccompanied shipment. So the State Department doesn’t need Social Security numbers in passport files to know whether large sums of money are being taken in or out of the country by the holder of a particular passport.

The new law doesn’t just require that you show that you have a valid Social Security number before you can receive or renew your passport. You must provide your Social Security number to the State Department, so that it can be entered into the passport records database.

Nor is your Social Security number used only to check with the IRS whether you are suspected of owing back taxes. The principal routine users of this data outside the State Department are the DHS, “for border patrol, screening, and security purposes.” Screening is, of course, a euphemism for algorithmic profiling and profile-based search and control.

In other words, the real point of requiring each US passport applicant to supply their Social Security number is to enable all the financial records linked to that Social Security number to be combined with the travel records linked to the passport number in the DHS “Automated Targeting System” and included in the inputs to the pre-crime “black box” that decides whether to give airlines and other common carriers permission to transport each US citizen, and how intrusively to search and/or interrogate each US citizen who is allowed to travel.

DHS Automated Targeting System records include many identifiers and pointers that can be used to link them to other databases: timestamped IP addresses, cellphone numbers, passport numbers, credit card numbers, names of emergency contacts and traveling companions, etc. But they haven’t yet contained Social Security numbers, so far as we know. Now they will, or will be linked to a related database that does.

Government records indexed by Social Security number aren’t just tax records, but records of your worldwide assets and financial affairs. Records identified by Social Security Number (but not passport number, so they would otherwise be at least somewhat more difficult for DHS to use for this profiling), include not only US bank accounts but also foreign bank accounts (reported by Social Security number on the required annual FBAR form) and other foreign “financial assets” (a partially overlapping category) required to be reported each year on IRS Form 8938.

None of this has anything to do with citizenship, which should be the sole criterion of entitlement (not merely “eligibility” at the government’s “discretion”) to a US passport.

More pre-crime profiling of visitors to the US?

Friday, December 11th, 2015

President Obama’s televised speech last Sunday included a smorgasbord of proposals (and endorsements for proposals already made by members of Congress) for more control and surveillance of travel.

We’ll look first at the proposals for restrictions on travel by foreign visitors to the US, followed in our next post by some of those that would affect US citizens.

According to the President:

We should put in place stronger screening for those who come to America without a visa so that we can take a hard look at whether they’ve traveled to warzones. And we’re working with members of both parties in Congress to do exactly that.

What does “stronger screening” mean? And what’s a “warzone” [sic] when on the one hand there has been no declaration of war against anyone, anywhere, and on the other hand the government apparently believes that it has the authority to treat the entire planet as a battlefield on which to wage its “War on Terror”?

To understand what the President really means, let’s look at the proposed legislation. The President appears to have been referring to H.R.158, the so-called “Visa Waiver Program Improvement Act of 2015”, which passed the House this week and is pending in the Senate.

The “Visa Waiver Program” (VWP) is a scheme under which citizens of certain preferred countries are given US government permission through the “Electronic System for Travel Authorization” (ESTA) to board flights to the US — provided that they agree in advance that they when they arrive in the US, they can be denied admission for any or no reason, that they will not contest any denial of admission, and that they will bear their own costs of deportation if they aren’t admitted.

This isn’t based on reciprocity. Citizens of all other second-class countries must obtain paper visas, which require a much higher fee and an in-person interview at a US Embassy or Consulate, even for short visits as tourists or to change planes in the US in transit between e.g. Europe or Asia and Latin America.

Most of the countries that the US “allows” to participate in the VWP allow US citizens to enter as tourists, and sometimes for other purposes, without obtaining any permission or submitting any information to the destination government prior to their arrival.

An ESTA walks like a visa and quacks like a visa, except that it is issued electronically rather than stamped in a passport. To obtain an ESTA, a would-be foreign visitor must apply through a cumbersome CBP Web site, providing a variety of personal information to enable the application to be matched with the applicant’s “travel history” and other secret data in the CBP’s Automated Targeting System (the information required on the ESTA application was just increased last month) and pay a fee with a credit card so that the application can also be matched with any US government records about the applicant’s finances.

The travel industry reportedly wants the current euphemistic name of this program changed to the more Orwellian, “Secure Travel Partnership”, which gives a pretty accurate indication of the industry’s willingness to partner with governments in surveillance and control of travelers, as long as doing so doesn’t cost the industry money.

Any foreign citizen who “intends” to enter the US under the VWP is required to obtain an ESTA before CBP will give an airline permission to issue a boarding pass for a flight to the U S.

After operating the VWP/ESTA scheme for seven years under an “interim” rule, the DHS finalized the VWP/ESTA regulations and made them permanent earlier this year, dismissing our objections that the rules are unconstitutional, violate US obligations under international human rights treaties, and exceed the authority of CBP or the DHS.

How would any of this change if the bill endorsed by the President, H.R.158, becomes law?

Aside from reporting requirements, the only substantive change that would be made by the House bill would be to require that the secret pre-crime prediction algorithm incorporated into the ESTA approval/denial decision-making black box must consider “terrorism risk” in addition to, as is already required, “security risk”. We have no idea what this means. What sort of “terrorism risk” wouldn’t also constitute a “security risk”? But we can only assume that the proponents of this bill, including the President, want more secret rules added to the algorithm, to keep away even more visitors.

The White House has also talked about denying ESTA approvals and entry under the VWP on the basis of which other countries travelers have previously visited. A European citizen who has visited friends or family in Syria, for example, might find themselves barred from the US for the next five years unless they go through the drawn-out and expensive process of applying for a full US visa. A provision to this effect is part of both the Democratic (S. 2337) and Republican (S. 2362) versions of Visa Waiver Program bills pending in the Senate, but wasn’t included in the version approved by the House.

Accurint exposed as data broker behind TSA “ID verification”

Monday, November 9th, 2015

The most recent documents released in response to one of our Freedom of Information Act (FOIA) requests may have identified the data broker powering the TSA’s “ID verification” system as Accurint — the current incarnation of a component of the discredited and supposedly disbanded Total Information Awareness program — rather than Acxiom as we had speculated (and as had powered other TSA passenger-profiling schemes).

We found this clue to the company behind the curtain in the daily reports on the operation of the TSA Identity Verification Call Center (IVCC) that gets the call whenever someone tries to fly without having, or without being willing to show,  government-issued ID satisfactory to the TSA or contractor staff at an airport checkpoint:

Over the past 48 hours the IVCC experienced on-going internet connectivity issues that caused IVCC operations to be disconnected from Accurint and WebEOC databases…. The interrupted service resulted in extended call times when either database conductivity was abruptly discontinued or unavailable. At approximately 1430, TSOC IT contacted the Accurint Customer Support who indicated the issue was internal to Accurint. At approximately 1615, service appeared to be restored. At 1900, the connectivity issue resurfaced but with limited impact to operations. The TSOC Network Engineer is monitoring the Accurint situation and EMOC Security is working to identify and resolve those issues separate to Accurint.

This report strongly suggests that it’s Accurint that provides the database and “verification” algorithms used by the IVCC, the TSA, and TSA contractors to decide who to allow to fly, and who not to allow to fly.  There’s no other apparent reason why the IVCC would need connectivity to Accurint, or why an outage in IVCC connectivity would would be significant.

Who are these guys? It’s a shell game of acronyms, acquisitions, and corporate restructuring.

Accurint is a service of the LexisNexis brand of the UK-incorporated RELX Group plc, which until June 2015 was named Reed Elsevier.  The aggregated “garbage in, garbage out” database and pre-crime profiling algorithms used by Accurint for “ID verification” were developed by a company called Seisint, under contracts (brokered in part by Rudy Giuliani’s influence-peddling consultancy) to the DHS and Department of Justice, for the MATRIX (Multistate Anti-Terrorism Information Exchange) component of Total Information Awareness (TIA).

In the midst of public controversy over MATRIX, TIA, and other aspects of Seisint and its operations, Seisint was acquired by Reed Elsevier for $775 million in 2004.  Seisint’s Accurint service was folded into LexisNexis, part of what is now RELX Group plc.

“Matrix reloaded”?

Here’s what Megan Kaushik of the Brennan Center for Justice found when she tried to find out what’s in Accurint’s files about herself:

After an exhaustive search, I ultimately received records from … LexisNexis’s Accurint…. The report[] listed every phone number and address I had ever been associated with, from my college mailbox to the relative’s home where I’d forwarded mail while abroad. Accurint listed the apartment I rented while interning in DC, along with the names and phone numbers of its current occupants. It even provided the sale price and mortgage on each home I’d lived in.

Surprisingly, much of the information was also inaccurate….

Accurint listed someone named Florinda as “Associated with Subject’s SSN” though it assured me this “doesn’t usually indicate fraud.”

Obtaining my data … was difficult. Amending incorrect information was impossible. Unlike Canada or the UK where data brokers must allow individuals to access and amend their data, American law lacks such requirements. Accurint’s report stated it “may not contain all personally identifiable information in our databases” and they “do not verify data, nor is it possible to change incorrect data.”

In addition, “LexisNexis does not suppress personal information from databases used by law enforcement customers,” regardless of whether LexisNexis knows it to be inaccurate or misleading. As we said earlier,  “garbage in, garbage out”. All the garbage, no matter how much it stinks.

Since its latest latest corporate restructuring in June 2015, Accurint has been operated by a UK corporation, RLEX Group plc. Stock in RLEX Group plc is owned partly by a UK-based and partly by a Netherlands-based parent corporation. But there’s no US-incorporated subsidiary to shield RLEX Group plc, as a UK corporation, from its obligation to comply with UK law in its worldwide operations, whether in the US or anywhere else.

Many of Accurint’s policies and practices with respect to its services for the TSA and other law enforcement agencies appear to violate both the LexisNexis privacy policy and, more importantly, the obligations of RLEX Group plc pursuant to UK and European Union data protection law. The governing factor under UK and EU law appears to be that the data controller for Accurint, RLEX Group plc, is legally domiciled in the UK.

It doesn’t help rescue RELX Group plc from liability under UK and EU law that it has relied on self-certification that it complies with the “safe harbor” framework, which has now been ruled legally inadequate, as the basis for transferring personal data to entities in the US such as the TSA.

Accurint also integrates social media data from “Twitter, Tumblr, Disqus, Foursquare, WordPress, Instagram, Facebook, Google+, YouTube and more,”  monitored and mined by Digital Stakeout, Inc. This confirms what we have long feared: that (privatized but government-funded) surveillance of social media and other Internet activity is being used as one of the inputs to the black box that decides whether to allow us to exercise our rights. As we said five years ago in conjunction with the first “Social Network Users’ Bill of Rights”:

In such a world, your “identity” is what these companies say it is. Where do these private companies think you lived, and with whom, in a certain year, for example? An identity thief who has gotten your files may be more likely than you are to to know the “correct” answer.  And each time such a commercial service is used to verify your ID for government purposes, the service provider has a record of the transaction to add to its dossier about you, and use for whatever purposes it chooses.

We’ll be posting more details and statistics as the TSA releases more of its records about what happens to people who try to fly without ID. But the records we’ve received to date show that people are already being prevented from traveling by air, despite having valid tickets on common carrier airlines, because the private data broker(s) consulted by the TSA don’t have enough data to profile them, or their answers don’t correspond to the garbage in the aggregators’ data warehouses about things such as who Accurint thinks they live with or thinks who their neighbors are.

Can the US be a “safe harbor” for travel surveillance?

Thursday, October 29th, 2015

At its plenary session today in Strasbourg, the European Parliament adopted a “Resolution on the electronic mass surveillance of European Union citizens”.

As part of that resolution, the European Parliament, “Calls on the EU Member States to drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistleblower and international human rights defender.”

We’re pleased, of course, to see such a democratically and popularly elected body as the European Parliament coming to Mr. Snowden’s defense and joining the calls for recognition of his claim for asylum. But while the Snowden clause is getting most of the attention, it’s not all that’s included in today’s Europarl resolution.

The resolution adopted today by the European Parliament discusses what needs to be done, and by whom, to address the “electronic surveillance” Mr. Snowden has helped to expose. Notably, the resolution explicitly includes the electronic surveillance of travel and finance along with surveillance of telephone and Internet communications.

We have long argued, and we suspect Mr. Snowden would agree, that warrantless, suspicionless dragnet collection of metadata about the movements of people through root access by governments to PNRs stored in airlines’ Computerized Reservation Systems, warrantless, suspicionless dragnet collection of metadata about the movements of money through government access to electronic funds transfer intemediaries like SWIFT, and warrantless, suspicionless dragnet collection of metadata about the movements of messages through government root access to telecom and Internet backbone networks are all part of the same overarching surveillance program that raises issues common to all of these types of movement metadata.  That point of view is implicitly endorsed by today’s Europarl resolution.

Today’s action by the European Parliament was prompted in part by the decision earlier this month by the European Court of Justice (sometimes abbreviated “ECJ”, sometimes “CJEU”) in Schrems v. Facebook.  In that case, an Austrian user of Facebook, Max Schrems, asked the data protection authority in Ireland, where Facebook’s European subsidiary is based, to prohibit the transfer of personal data about him to Facebook servers in the USA where it would be subject to uncontrolled and secret access by the NSA and possibly by other US government agencies. The Irish authorities refused to investigate Facebook’s practices and dismissed Mr. Schrems’ complaint on the grounds that the European Commission had already determined that the so-called “Safe Harbor framework” for self-regulation assured adequate protection for personal data transferred from the EU to the US by participating companies.

The ECJ found that, “without there being any need to examine the content of the safe harbour principles,”  the Commission’s finding that US law “ensures” adequate protection for personal data transferred to the US was invalid, because “legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life, as guaranteed by Article 7 of the Charter” of Fundamental Rights and Freedoms of the European Union.

Too bad that US courts haven’t yet recognized, as of course they should, that these US laws and government practices also violate fundamental rights guaranteed by the US Constitution.

The European Commission has previously brushed off questions — including questions from Members of the European Parliament and in a more recent expert report commissioned by the Council of Europe — about the legality of outsourcing and transfers of PNR data to CRSs to which the US government has unlogged root access. And EU data protection authorities have dismissed or declined to investigate complaints against airlines, travel agencies, and CRSs.

Now, however, the European Commission and European DPA’s have an explicit mandate to investigate complaints like that of Mr. Schrems against companies that are transferring personal data from the EU to the US, and the explicit authority and obligation to order the termination of such transfers.

It’s in this context that the European Parliament resolved today that it:

Urges the Commission to assess the legal impact and implications of the Court of Justice ruling of 6 October 2015 in the Schrems case (C-362/14) vis-à-vis any agreements with third countries allowing for the transfer of personal data, such as the EU-US Terrorist Finance Tracking Programme (TFTP) Agreement, passenger name record (PNR) agreements, the EU-US umbrella agreement and other instruments under EU law which involve the collection and processing of personal data.

What does this mean for the future of travel surveillance in the EU, the example it might set for other countries, and the prospects for US efforts to globalize a panopticon of travel dataveillance as a new norm?

(more…)

Court orders TSA to publish “rules” for use of strip-search machines

Friday, October 23rd, 2015

Acting on a petition submitted in July 2015 by the Competitive Enterprise Institute, the National Center for Transgender Equality, and the Rutherford Institute, the Court of Appeals for the D.C. Circuit today ordered the Department of Homeland Security to, within 30 days from today, “submit to the court a schedule for the expeditious issuance of a final rule” governing the TSA’s use of virtual strip search machines or body scanners (what the TSA calls “Advanced Imaging Technology “within a reasonable time”.

The court didn’t say what it would consider “expeditious” or a “reasonable” time for the TSA to finalize rules for its use of body scanners. Nor did the court even consider what such a rule should say, or what it would take for such a rule to be Constitutional.

But as we pointed out in the comments we submitted to the TSA three years ago in this as-yet-incomplete rulemaking, any “final rule” on body scanners promulgated by the TSA would be the first and to date only publicly-disclosed definition of any aspect of what the TSA and DHS think travelers are required to do and/or prohibited from doing in order to satisfy our obligation under Federal law to “submit” to “screening” as a condition of the exercise of our right to air travel by common carrier.

Five years ago, we were one of 35 organizations that petitioned the TSA and DHS to conduct a public “rulemaking” — including notice of the proposal, and opportunity for public comment, consideration of the comments by the agency, and finally the publication of rules for what is and isn’t prohibited and/or required — before deploying or continuing to deploy  as-though-naked body imaging machines in airports.

In  2011, in response to a lawsuit brought by one of the other petitioners, EPIC, the D.C. Circuit court ordered the DHS to conduct such a rulemaking.  The DHS dragged its feet, but under pressure from the Coiurt, finally published proposed (vague and unconstitutional) rules for body scanners in 2013. Basically, the DHS proposed rules that would require travelers to submit to whatever “imaging technology” the TSA chooses to use.

The Identity Project and more than 5000 other organizations and individuals submitted comments to the DHS, the overwhelming majority of which opposed the proposed rules, the TSA’s use of virtual strip-search machines, and the TSA practices of groping travelers including those who “opt out” of the imaging machines.

In response to the latest lawsuit by CEI, the DHS says that it is still working diligently, three years later, to read, analyze, and respond to the public comments and prepare a (possibly revised) final rule.

Today, the Court declined (for now, at least) to set a deadline for the DHS to stop dragging its feet and publish final rules for the body scanners. But the Court ordered the DHS to come up with a timeline of specific dates by which it intends to do so. Once the DHS gives dates certain to the Court, it will risk sanctions for contempt if it fails to meet those deadlines without an explanation satisfactory to the Court.

It’s a small but significant step toward subjecting the TSA, for the first time, to the rule of law.

Does CBP have access to domestic Amtrak reservations?

Wednesday, September 23rd, 2015

Documents released to us by Amtrak suggest that since 2012, US Customs and Border Protection (CBP) has had direct access to Amtrak’s reservation system, possibly including access to reservations for Amtrak passengers traveling entirely within the USA.

What do these documents show? And why would an immigration and border patrol agency want access to records of travel by US citizens and other residents within the borders of the US?

(more…)

Laura Poitras sues DHS et al. for records of her airport detentions and searches

Monday, July 27th, 2015

Documentary filmmaker Laura Poitras, represented by the Electronic Frontier Foundation, has filed a lawsuit under the Freedom of Information Act (FOIA) against the Department of Homeland Security (DHS), the Department of Justice (DHS), and the Office of the Director of National Intelligence (ODNI, which includes the NSA). The winner of an Oscar and a Pulitzer Prize for her independent journalism, Poitras is seeking the release of records kept by the government about her travels, and about why she has been detained for hours at a time, searched, and interrogated at airports whenever she entered or left the US.

We welcome Ms. Poitras’ lawsuit, and we wish her and EFF all success. But we’ve been down this road before, and the results aren’t encouraging:

  • In 2006, Ms. Julia Shearson, Executive Director of the Cleveland Chapter of the Council on American Islamic Relations (CAIR), filed suit pro se against the DHS under the Privacy Act, seeking disclosure of records about why she was detained at gunpoint at the US-Canada border and falsely labeled as a terrorist in government blacklists. Despite years of litigation, Ms. Shearson still hasn’t received any information about why or by whom she was blacklisted as a terrorist, or any confirmation that any of the blacklist entries about her have been corrected.
  • In 2008, Ms. Sophie In ‘t Veld, a Member of the European Parliament from the Netherlands, also represented by EFF, sued the DHS under FOIA for records about her travel from the DHS “Automated Targeting System” (ATS). Although Ms. In ‘t Veld eventually received some excerpts from the DHS dossier about her travels, the pre-crime “risk assessment” scores assigned to her each time she traveled to or from the US were redacted and withheld, as was all information about the algorithms and the information used as the basis for those scores.
  • In 2010, Mr. Edward Hasbrouck, an award-winning travel journalist and a consultant to the Identity Project, represented by our parent organization the First Amendment Project, sued the DHS under both the Privacy Act and FOIA, seeking disclosure of records about himself and his travels from ATS, including risk assessments and rules used for determining them, and information about ATS search and data-mining functionality. Like Ms. In ‘t Veld, Mr. Hasbrouck eventually received some excerpts from the ATS files about his travels, but with all information about risk assessments and risk assessment algorithms redacted and withheld.  While Mr. Hasbrouck’s requests were pending, DHS exempted ATS from all of the access and disclosure accounting requirements of the Privacy Act, and a US District Court judge upheld the retroactive application of those exemptions to unanswered requests that Mr. Hasbrouck had made three years previously.  The judge also upheld the withholding of all information about DHS data-mining capabilities for ATS travel records, without even looking at any of the requested records.
  • In 2011, Mr. David House, a computer programmer associated with the Chelsea Manning (then Bradley Manning) Support Network, represented by the ACLU of Massachusetts, sued the DHS for wrongly searching and seizing Mr. House’s electronic devices and data at the airport when he returned to the US from a vacation abroad.  As part of a settlement of the lawsuit, the government eventually turned over some records from its files about Mr. House and about how the government used its travel surveillance capabilities to target him for his work to publicize Ms. Manning’s case and raise funds for her legal defense.  The records released to Mr. House give a partial picture of how the DHS uses manually-created flags (“lookouts”) to target travelers, but still doesn’t give any information about the algorithms or data inputs used for automated pre-crime profiling and “risk assessment” scores.
  • In 2013, Messrs. C.J. Chivers and Mac William Bishop, two reporters for the New York Times represented by the Times’ in-house legal department, sued the DHS under both FOIA and the Privacy Act for records about why the two journalists were targeted for unusually intrusive searches and interrogations at airports while leaving and returning to the US on reporting assignments for the Times. The Times hasn’t (yet) reported on what, if any, records they have received in response to the lawsuit. We presume that means that the government has yet to disclose any significant new information about its targeting of journalists and their travels. [In response to the lawsuit, DHS did release redacted portions of its TECS and Automated Targeting System (ATS) files about the journalists, including PNR data. But the codes indicating profiling results and reasons for DHS actions as well as some entire pages of ATS records were redacted.]

We’ve been involved as plaintiffs, attorneys, or consultants to plaintiffs and their counsel in all but one of these cases, and we support continued litigation on these issues.

Harassment of journalists and political activists and interference with their right to travel are only part of a bigger picture. Government surveillance and control of travel is a threat to everyone’s rights.  It’s important for the government to disclose what it’s been doing, but it’s equally important to expunge the government’s travel metadata surveillance archives and end the government’s pre-crime profiling and permission-based controls on who it “allows” to travel by common carrier or public right-of-way.

Expert critique of European travel surveillance and profiling plans

Monday, July 6th, 2015

Independent legal experts commissioned by the Council of Europe (COE) to assess proposals for surveillance and profiling of air travellers throughout the European Union have returned a detailed and perceptive critique of the proposed EU directive on government access to, and use of, Passenger Name Record (PNR) data from airline reservations.

Before the revelations by Edward Snowden and other whistleblowers about dragnet surveillance of telephone and Internet communications, few people appreciated the nature of the threat to freedom posed by government acquisition and use of PNR data for dragnet travel surveillance.

The expert report to the Council of Europe marks a breakthrough in the “post-Snowden” understanding of the nature and significance of government demands for PNR data. The report reframes the PNR debate from being an issue of privacy and data protection to being part of a larger debate about suspicionless surveillance and pre-crime profiling. The report also focuses the attention of European citizens, travellers, and policy-makers on the decisions made (in whole or in part) on the basis of PNR data: decisions to subject travellers to search, interrogation, or the total denial of transportation (“no-fly” orders).

The report specifically cites the Kafkaesque case of Dr. Rahinah Ibrahim as an example of the way that decisions made on such a basis tend to evade judicial review or effective redress.

The PNR directive under consideration by the European Union would require each EU member to establish a Passenger Analysis Unit (PAU), if it doesn’t already have one. These PAUs would function as new national surveillance and pre-crime policing agencies. Each PAU would be required to obtain PNR data for all air travellers on flights subject to its jurisdiction, “analyze” this data (i.e. carry out algorithmic pre-crime profiling of air travellers using PNR data as one of its inputs) and share the raw PNR data with its counterparts throughout the EU.

The United Kingdom already has such a Passenger Analysis Unit. It’s not clear which, if any, other EU members already have such units, although staff of the US Department of Homeland Security, based in Germany and elsewhere in Europe, already perform similar functions as “advisors” making “recommendations” to their European counterparts regarding the treatment of European travellers, based on US profiling of PNRs and other travel history and surveillance data.

The COE expert report on Passenger Name Records, Data Mining & Data Protection was commissioned by the COE Directorate General Human Rights and Rule of Law, and prepared by Douwe Korff (Emeritus Professor of International Law at London Metropolitan University, Associate at the Oxford Martin School of the University of Oxford, and currently Visiting Fellow at Yale University in the USA) and Marie Georges (independent expert formerly on the staff of the French national data protection authority, CNIL). The report was presented and discussed at a meeting last week of the “Consultative Committee of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (T-PD)”.

According to the introduction to the report:

Much has been said and written about Passenger Name Records (PNR) in the last decade and a half. When we were asked to write a short report for the Consultative Committee about PNR, “in the wider contexts”, we therefore thought we could confine ourselves to a relatively straightforward overview of the literature and arguments.

However, the task turned out to be more complex than anticipated. In particular, the context has changed as a result of the Snowden revelations. Much of what was said and written about PNR before his exposés had looked at the issues narrowly, as only related to the “identification” of “known or [clearly ‘identified’] suspected terrorists” (and perhaps other major international criminals). However, the most recent details of what US and European authorities are doing, or plan to do, with PNR data show that they are part of the global surveillance operations we now know about.

More specifically, it became clear to us that there is a (partly deliberate?) semantic confusion about this “identification”; that the whole surveillance schemes are not only to do with finding previously-identified individuals, but also (and perhaps even mainly) with “mining” the vast amounts of disparate data to create “profiles” that are used to single out from the vast data stores people “identified” as statistically more likely to be (or even to become?) a terrorist (or other serious criminal), or to be “involved” in some way in terrorism or major crime. That is a different kind of “identification” from the previous one, as we discuss in this report.

We show this relatively recent (although predicted) development with reference to the most recent developments in the USA, which we believe provide the model for what is being planned (or perhaps already begun to be implemented) also in Europe. In the USA, PNR data are now expressly permitted to be added to and combined with other data, to create the kinds of profiles just mentioned — and our analysis of Article 4 of the proposed EU PNR Directive shows that, on a close reading, exactly the same will be allowed in the EU if the proposal is adopted….

Yet it is obvious (indeed, even from the information about PNR use that we describe) that these are used not only to “identify” known terrorists or people identified as suspects in the traditional sense, but that these data mountains are also being “mined” to label people as “suspected terrorist” on the basis of profiles and algorithms. We believe that that in fact is the more insidious aspect of the operations.

The report develops these key points about government access to and use of PNR data as a suspicionless dragnet surveillance system and as part of predictive pre-crime policing (outside of normal mechanisms for penal sanctions or for review and redress for police action) in detail.

In addition, the report endorses and highlights the point we have been making for many years that because most PNR data for flights worldwide is hosted by, and communicated through, reservation databases accessible from the USA and worldwide without purpose or geographic access limitations or access logs, the USA and other governments can already obtain and use this data, entirely bypassing putative controls on access to PNRs directly from airlines.

The report specifically directs the attention of European officials to testimony by Edward Hasbrouck of the Identity Project at a European Parliament hearing in 2010 (hearing agenda and witness list, slides, video):

“Europe” must also examine the highly credible claims by Edward Hasbrouck … that the USA has been systematically violating previous agreements, and is still systematically by-passing European data protection law, by accessing the CRSs used in global airline reservation systems hosted in the USA to obtain full PNR data on most flights, including most European flights (including even entirely intra-European ones), outside of any international agreements….

[W]e believe that the supposed safeguards against such further — dangerous — uses of the data are weak and effectively meaningless, both in their own terms and because, as Edward Hasbrouck has shown, the USA can in any case obtain access to essentially all (full) PNRs, through the Computerized Reservation Systems used by all the main airlines, as described next.

(more…)