Jul 16 2017

CBP is taking mug shots of US citizens who leave the country

US Customs and Border Protection (CBP) has expanded its photography of the faces of all non-US citizens entering or leaving the US (under the “US-VISIT” program) to add mug shots of US citizens leaving the country, starting with all passengers on a daily flight on United Airlines from Washington Dulles Airport (IAD) to Dubai, U.A.E. (DXB).

This exit photo scheme is part of a larger program of biometric traveler tracking for which CBP and DHS recently opened an entire new database management and airport procedures simulation facility.

US citizens have the legal right not to submit to this mass surveillance and travel control scheme. But as with your right to fly without ID, CBP notices at airports won’t tell you that. You need to know your rights and be prepared to assert them.

Read More

May 10 2017

New long form proposed for (some) applicants for U.S. visas

The Department of State has requested “emergency” approval  from the Office of Management and Budget for a new questionnaire which some applicants for U.S. visas would be required to complete.

The questions on the proposed new “long form” for disfavored visa applicants would include:

  • Travel history during the last fifteen years, including source of funding for travel [how many frequent business travelers would be able to provide a complete and accurate 15-year retrospective itinerary of their travels?];
  • Address history during the last fifteen years;
  • Employment history during the last fifteen years;
  • All passport numbers and country of issuance held by the applicant [for an unspecified time period, so perhaps meaning for your entire life];
  • Names and dates of birth for all siblings;
  • Name and dates of birth for all children;
  • Names and dates of birth for all current and former spouses, or civil or domestic partners;
  • Social media platforms and identifiers, also known as handles, used during the last five years; and
  • Phone numbers and email addresses used during the last five years.

Applicants required to complete this form could include tourists and other short-stay visitors (business, visiting friend and relatives, etc.) as well as applicants for work, student, refugee, or other visas.

As with the “long form” supplemental questionnaire for U.S. citizens applying for passports, some but not all applicants for visas to visit or reside in the U.S. will be required to complete the proposed new form. The State Department says it expects to require about 65,000 people a year, or half a percent of all applicants for U.S. visas, to complete the proposed new long from.

As with the long form passport application, there are no publicly-disclosed standards or procedures for judicial review of decisions by State Department staff to require particular individuals to complete the long form. Those decisions would be “discretionary”, meaning that they would be arbitrary and could be discriminatory.

Most people would be unable to provide complete answers to some of the questions on the long from, or would inevitably leave things out or make mistakes that would provide a basis for denial of their application.  The proposed “discretionary” long form is thus a pretext for arbitrarily selective denial of entry to the U.S., at the whim of State Department staff and/or on the basis of secret pre-crime algorithms, as well as of arbitrarily selective surveillance of certain foreign citizens.

Comments on the “emergency” proposal for this new questionnaire can be submitted to the Office of Management and Budget through May 18, 2017.

Apr 27 2017

Is the TSA checking domestic airline passengers for warrants?

[Entities and data flows involved in decision-making (“vetting”) about travelers. Larger image, PDF with legend.]

The latest annual report on data-mining by the Department of Homeland Security contains a disturbing hint that the TSA may have gotten the ability to include checks for warrants and police “wants” in its “vetting” of passengers on domestic airline flights.

This would turn airline check-in counters and kiosks and TSA checkpoints for domestic air travel into dragnet suspicionless warrant checkpoints.

According to page 16 (page 19 of the PDF) of the newly-released 2016 DHS Data Mining Report, “An annex to this report containing Sensitive Security Information (SSI) about Secure Flight’s use of ATS-P is being provided separately to the Congress.”

What data from ATS, to which the TSA didn’t already have independent access,  is being used by the TSA as part of Secure Flight? For what purpose?

In the diagram above (larger image, PDF with legend), the solid green line shows the transfer of data from the FBI’s “National Criminal Information System” (NCIC) criminal history database to CBP’s “Automated Targeting System” (ATS) for use in “vetting” international airline passengers. The dashed green line shows the newly-disclosed transfer of ATS data to the “Secure Flight” system used by the TSA to “vet” domestic airline passengers. This could allow the TSA to check all domestic airline passengers for warrants and “wants” listed in NCIC, as CBP already has the ability to dos for all international airline passengers on flights to or from the US.

There is no explicit mention in the public portion of the DHS report of TSA use of NCIC data for decision-making (“vetting”) about domestic air travelers. But as the diagram above shows, almost all of the other data contained in ATS is already available directly to the TSA for use in Secure Flight. It’s not clear what data from ATS, other than criminal history data imported to ATS from NCIC, the TSA doesn’t already obtain directly without needing to get it from ATS.

Records of arrest warrants in NCIC are often inaccurate, as we have noted before. It’s especially common for the issuance of a warrant to be reported to the FBI for inclusion in NCIC, but for the later cancellation of that warrant not to be reported to NCIC. NCIC contains hundreds of thousands, perhaps millions, of listings for warrants that are no longer valid. Using TSA “vetting” of domestic airline passengers as a suspicionless dragnet for “wanted” individuals would inevitably result in the detention and arrest of many innocent people at TSA checkpoints on the basis of inaccurate NCIC data.

Normally, warrant checks are permissible only on the basis of reasonable articulable suspicion that a person has committed a crime. The current CBP checks of international travelers for warrants, police “wants”, and investigative “lookouts” have been permitted only as part of a judicially-created border exception to the 4th Amendment to the US Constitution. There is no comparable “airport exception” to the 4th Amendment that would allow suspicionless dragnet warrant checks on domestic travelers by the TSA. Travel is not an inherently suspicious activity. It’s the exercise of a Constitutional and human right, and cannot in itself be the basis for warrant checks.

Members of Congress should look closely at the secret annex to the 2016 DHS Data Mining Report, and question the DHS and TSA as to whether they are using, or intend to use, data obtained from NCIC (directly or indirectly through ATS or otherwise) to conduct warrant checks on domestic air travelers.

If any of our readers has information about someone being identified for arrest on an outstanding warrant (valid or invalid) on the basis of TSA “screening”, rather than on the basis of an independent police warrant check based on reasonable suspicion, please let us know.

Apr 19 2017

Fly, Don’t Spy!

Last December, over our formal objections filed with the Department of Homeland Security, US Customs and Border Protection began asking foreign visitors to the US to fill out the online form, shown above, requesting their user names on social media platforms form Facebook to GitHub.

As of then, and as of now, answering this question is still “optional”, although there’s no guarantee that those who decline to respond won’t be denied entry.

However, new Secretary of Homeland Security Kelly has begun speaking publicly about wanting to require foreign visitors to provide CBP not just with their user names but also their passwords for social media and email accounts.

In response, we’ve joined several dozen other organizations in a Fly, Don’t Spy! campaign to oppose “any proposal to require visa applicants, refugees, or other foreign visitors to provide passwords for online accounts, including social media, in order to enter the United States.”

Please add your name to the petition and the coalition mailing list for updates and actions at FlyDontSpy.com, and help spread the word.

More background:

Mar 15 2017

Palantir, Peter Thiel, Big Data, and the DHS

San Francisco and Silicon Valley are among the centers of opposition to President Trump and his fascism, especially as it relates to restrictions on movement, border controls, immigration, and asylum.

Bay Area technology companies and their better-paid classes of employees like to think of themselves as building a better world that reflects the distinctive values that have attracted dreamers and futurists to this region  from across the country and around the world. But some of these companies are key developers and providers of “big data” tools for the opposite sort of “Brave New World“.

On Saturday, Edward Hasbrouck of the Identity Project was invited to speak to an ad hoc group of picketers outside the Pacific Heights mansion of Palantir Technologies founder and Trump supporter Peter Thiel (photo gallery from the SF Chronicle, video clip from KGO-TV; more photos from the East Bay Express).

As Anna Weiner reported in the New Yorker (“Why Protesters Gathered Outside Peter Thiel’s Mansion This Weekend“):

David Campos, a former member of the San Francisco board of supervisors, who emigrated from Guatemala, in 1985, stood on the brick stoop and raised a megaphone. “The reason we’re here is to call upon the people who are complicit in what Trump is trying to do,” he said. Clark echoed the sentiment. “If your company is complicit, it is time to fight that,” she said. Trauss, when it was her turn, addressed Thiel, wherever he was. “What happened to being a libertarian?” she asked. “What happened to freedom of movement for labor?”

Edward Hasbrouck, a consultant with the Identity Project, a civil-liberties group, took the stand, wearing a furry pink tiger-striped pussyhat. “The banality of evil today is the person sitting in a cubicle in San Francisco, or in Silicon Valley, building the tools of digital fascism that are being used by those in Washington,” he said. “We’ve been hearing back that there are a fair number of people at Palantir who are working really hard at convincing themselves that they’re not playing a role — they’re not the ones out on the street putting the cuffs on people. They’re not really responsible, even though they’re the ones who are building the technology that makes that possible.”

It’s easy to rationalize the creation of technological tools by saying that they can used for good as well as evil. But you can’t separate the work of tool-making from the ways those tools are being used. Palantir workers’ claims to “neutrality” resemble the claims made in defense of IBM and Polaroid and when they were making and selling “general purpose” computers, cameras, and ID-badge making machines to the South African government in the 1970s. None of this technology and equipment was inherently evil. But in South Africa, it was being used to administer the apartheid system of passbooks and permissions for travel, work, and residence.

The same goes for “big data” today. To understand what’s wrong with the work being done by Palantir for the US Department of Homeland Security, it’s necessary to look not just at what tools Palantir is building but at how and by whom they will be used; not just at the data tools but at the datasets to which they are applied, the algorithms they use, and the outcomes they are used to determine.

Read More

Feb 27 2017

What should you to do if you are asked for your password at a US airport or border?

Our work is cited in an article today by Kaveh Waddell in The Atlantic, “How Long Can Border Agents Keep Your Email Password? Some data gathered from travelers going through customs can stay in a Homeland Security database for 75 years.

The article in The Atlantic highlights several recent incidents in which international travelers have been asked or ordered to tell US Customs and Border Protection inspectors the passwords to their electronic devices and/or online accounts. As in many encounters with law enforcement officers or other government agents, the distinction between a request and a command at an airport or international border is often unclear.

In one of these incidents, a Canadian would-be visitor to the US provided CBP with the password to his phone, but balked at providing the password to his accounts with LGBT dating apps and websites. He forfeited his ticket, and left the US “preclearance” site at the airport in Vancouver without boarding his intended flight to the US. A month later, when he tried again to fly to the US, carrying the same phone with the password unchanged, he found that CBP had recorded his phone password in their permanent file about him in the CBP “TECS” lifetime international travel history database.

This sort of data collection and data retention is wrong, but it’s also routine and should be expected.

For more than a decade, since DHS first disclosed the existence of its “Automated Targeting System” database, we’ve been providing forms you can use to request the files about you from TECS and other government databases, helping travelers interpret the (redacted and incomplete) responses from CBP, and reporting on what we’ve seen in the responses and how these dossiers are used in pre-crime profiling and control of who is “allowed” to fly and how they treated when they fly.

We’ve sued to obtain our travel records from CBP and information about how these databases are mined and shared by CBP and other government agencies.

After ignoring our requests for three years, DHS exempted the system from most of the requirements of the Privacy Act, including limits on data retention, when the agency realized we were about to sue.

Any disclosure to us of the government’s permanent files about our travel is now a matter of “discretion”, not a right, if we are US citizens, and expressly forbidden by an Executive Order of President Trump for anyone other than US persons.  As we told The Atlantic:

“Any limits would have to be derived directly from the Constitution or international treaties, not from statutes or regulations,” said Edward Hasbrouck, a travel expert and consultant to The Identity Project. “I am not aware of any case law limiting retention of this sort of data.”

Here’s what our experience and our research confirms: CBP officers are not your friends, and their job is not to help you. They are law enforcement officers. Their job is to find evidence of violations of the law, and/or reasons to deny you entry to the US. Anything you say to them can be retained and used against you at any time in the future, just like anything you say to any other law enforcement officers. You should expect that anything you have with you, anything you say, and anything you do at an international border, airport, or CBP checkpoint can and will be recorded. That information can and will be retained by DHS for the rest of your life. You could be questioned about it in any future encounter with CBP or other law enforcement or government agents, even many years later, and have it used against you or anyone else in court at any time, perhaps in ways you could never anticipate.

We’ve seen all sorts of information — irrelevant, inappropriate, and potentially subject to derogatory interpretations or giving rise to guilt by association — in CBP travel dossiers. We’ve been questioned at a US border crossing, years later, about completely inconsequential and legal events at another airport years earlier, because those were being recorded in the TECS database even during primary screening on a routine entry to the US by a US citizen.

What can you do, and what should you do, if you are asked to tell CBP agents any of your passwords?

We agree with all the lawyers consulted by The Atlantic: US citizens should not voluntarily provide passwords to US border guards or inspectors at airports.

Read More

Feb 15 2017

Searches at airports and US borders

President Trump’s Executive Order expanding the pre-existing and ongoing #MuslimBan from foreign airports to US points of entry, by forbidding entry to the US by citizens of specified blacklisted countries,  doesn’t say anything explicit about searches or interrogation of people entering or leaving the US.

But this Executive Order seems to have been interpreted by US Customs and Border Protection officers at US borders and international airports and at “preclearance” sites abroad as giving them a green light for intensified questioning and searches (“extreme vetting”) of  travelers including searches and demands for passwords to laptops, cellphones, and other digital devices.

In response to this wave of digital harassment and snooping at airports and borders, several news outlets, civil liberties organizations, and free press and journalists’ rights organizations have posted technical and legal advisories about how journalists and ordinary travelers can protect their data when they travel.

We welcome this attention to airport and border search law, and these efforts to educate travelers.

We want to add one potentially significant law that few travelers (or CBP officers or TSA checkpoint staff) are aware of, and that isn’t mentioned in any of the advice to travelers about airport and border searches that we’ve seen recently: The Privacy Protection Act of 1980.

We’ve written about the Privacy Protection Act several times before, especially in the context of border searches of activists and journalists. But the protection offered by this law isn’t limited to journalists. Here’s an unfortunately necessarily refresher on what this law means and what you can do to take advantage of it:

Read More

Jan 29 2017

Trump repudiates agreement with EU on PNR data

In a panel discussion Wednesday at the Computers, Privacy, and Data Protection conference in Brussels, Edward Hasbrouck of the Identity Project pointed out that that both the so-called Privacy Shield and the EU-US agreement on transfers of Passenger Name Record (PNR) data from the European Union to the US government depend on non-treaty “promises”, “commitments”, “undertakings”, and executive orders by the Obama Administration.

These are not binding on President Trump, and there is no reason to expect Trump do anything just because Obama said he would do it.

Quite the contrary: President Trump has no intention of continuing many of President Obama’s policies, and every intention of reversing many of them — even if Trump continues others, such as mass surveillance, profiling of US citizens and foreigners, and reliance on executive orders to avoid the need for Congressional approval of his program, which Trump presumably will continue.

“As of this week, with Trump’s inauguration, the EU-US PNR agreement and Privacy Shield are dead letters. The only question is whether the Trump administration will officially renounce them, or whether it will simply ignore them,” Hasbrouck told the audience at CPDP.

The answer came just a few hours later the same day, when President Trump issued an executive order including the following:

Sec. 14.  Privacy Act.  Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.

The US recognized privacy as a human right when it ratified the International Covenant on Civil and Political Rights:

Article 17

1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence….

2. Everyone has the right to the protection of the law against such interference or attacks.

But as we have complained to the relevant UN treaty bodies, the US has flouted its obligations under this and other provisions of the ICCPR related to freedom of movement as a human right, and has provided no effective means of redress for these violations.

Instead, on this and other issues the US has acted as though there are no human rights, only privileges of US citizenship. President Trump’s executive order on privacy is only the latest official restatement of this longstanding and bipartisan US government position.

With this Presidential decree, the EU-US PNR agreement is dead.

The next question is when EU institutions will recognize this legal fact, and what they will do about it.

Read More

Dec 25 2016

Obama Admin’s parting gift to foreign visitors: social media surveillance

In the Obama Administration’s parting gift to foreign visitors, the Office of Management and Budget (OMB) has approved the collection of social media IDs from foreign visitors to the US.  As part of the online Electronic System for Travel Authorization (ESTA), tourists, business travelers, and foreign citizens visiting friends and relatives in the US are now being asked whether they have accounts on any social media platforms, and if so, their user names or IDs.

Read More

Dec 21 2016

“AFI” is the latest DHS name for “extreme vetting”

We’ve heard a lot of talk in recent months about “extreme vetting” of immigrants, Muslims, and foreign visitors to the US. But what does “extreme vetting” really mean?

“Vetting” of both domestic and international travelers — making predictive pre-crime decisions as to whether or not to allow them to travel — is already extreme, and already routine.

“Vetting” means examining people and deciding who to allow, and who not to allow, to do something.

Under DHS procedures that have been in place for a decade, no airline operating to, from, or within the US is allowed to issue a boarding pass or let you on a plane unless and until it has sent your personal information to DHS and received an individualized, per-passenger, per-flight “Boarding Pass Printing Result” (BPPR) message giving the airline “permission” to “allow” you to exercise your right to travel by common carrier. The default if DHS doesn’t respond is “no”, and both the algorithms used for the decision and the data put into that algorithmic black box are secret.

What could be more “extreme”? Manual strip searches for all travelers, instead of just virtual strip searches using as-though-naked imaging machines?

But as President-Elect Trump’s “extreme” rhetoric suggests, the government’s desire for surveillance and control of our movements is insatiable. It’s always possible to make yet another mirror copy of the government’s warehouse of metadada about our movements, disseminate it more widely, and pile on another layer of pre-crime profiling algorithms. More is always better, right — especially if you call it “intelligence”?

The latest replication and propagation of travel data, and the latest layer of traveler “vetting” tools, is the so-called “Analytical Framework for Intelligence” (AFI) operated by, or under contract to, US Customs and Border Protection (CBP).  As we told Spencer Woodman of The Verge for his story today about AFI:

“When Trump uses the term ‘extreme vetting’, AFI is the black-box system of profiling algorithms that he’s talking about,” says Edward Hasbrouck of the Identity Project, a civil liberties initiative that focuses on the rights of travelers. “This is what extreme vetting means.”

DHS in general, and CBP in particular, have been playing a shell game for many years with their travel surveillance and control systems.

Government copies of airline reservations (Passenger Name Records) were first claimed to be part of a system of records called TECS, then declared to be part of a “new” system of records called the Automated Targeting System (ATS), although still stored in the TECS database. (Huh?)  Now an additional mirror copy of all this PNR data (still stored in TECS and still also deemed part of ATS) is being created as part of another “newer” system of records known as AFI.

AFI is one several new user interfaces and front-ends to TECS data being developed for use by multiple DHS components including US Customs and Border Protection (CBP) and Immigration and Customs Enforcement  (ICE) as part of a long-term “TECS modernization” project.

If you’re confused by all the acronyms and name changes, and don’t know which government files you should ask for or worry about, that’s exactly what DHS wants.

AFI itself has changed fundamentally and for the worse in the last few months, at least if we can believe what DHS says. It’s always been a suspicion-generating and guilt-by-association machine, but now it’s a much more powerful one. More powerful, to be clear, does not mean “better” or “more accurate”. It means, “capable of placing more people under suspicion” based on more intrusive data aggregation, data mining, and profiling. Here’s how:

Read More