Papers, Please!

The Identity Project

Category Archives: Surveillance State

Sep 24 2017

Muslim Ban 3.0 blaimed on ICAO passport standards and “ID management”

Invoking memes that we’ve seen and warned about before under both Democratic and Republican administrations, President Trump has attributed the latest version 3.0 of his “Muslim ban”announced today (proclamation, FAQ, explainer) with the need to comply with ICAO and INTERPOL standards for passport issuance, “identity management”, and data sharing about travelers — as though US immigration and asylum policy should be determined by an international technical body for aviation operations, as though such a body has the authority to override US treaty obligations to freedom of movement and “open skies“, and as though predictive pre-crime profiling based on “biographic and biometric data” can be substituted for judicial fact-finding as a basis for denial of the right to travel.

We hope that seeing the “Muslim Ban 3.0” blamed on ICAO standards will lead human rights advocates to pay more attention to ICAO’s standard-setting role and opaque decision-making process in non-aviation matters such as passports, identity management, and data sharing.

Read More

Sep 19 2017

Amtrak lied to travel agents who questioned ID requirements

The encouraging disclosure in the latest installment of documents released by Amtrak in response to one of our Freedom Of Information Act (FOIA) requests is that some travel agents resisted Amtrak demands that they collaborate in surveillance, profiling, and control of train travelers by entering passport or ID numbers and details in each reservation for cross-border Amtrak travel.

According to an email message to Amtrak from a product manager at Worldspan (one of the major computerized reservation systems), “We have one subscriber [i.e. a travel agency that uses Worldspan] that has checked the Federal Register and is quoting ‘chapter and verse’ that it is not mandated … to provide the data”:

Some travel agents pushed back repeatedly, read the official notices and instructions to travel agents about the rail API program carefully (and correctly), and made a travel agency “policy decision of non-provision” of ID data about their customers:

Kudos to the unnamed travel agencies that refused to help the government spy on their customers and called Amtrak on its lies that this was required.

Read More

Sep 11 2017

California DMV proposes to “comply” with the REAL-ID Act

On September 1, 2017, the California Department of Motor Vehicles quietly published a notice of proposed regulations that would purportedly allow the California DMV to issue drivers licenses and state ID cards that would be “compliant” with the Federal REAL-ID Act of 2005:

For many years, the California DMV has appeared intent on eventual “compliance” with the REAL-ID Act, regardless of whether that compliance was authorized by the legislature. The current DMV rulemaking proposal to bring California into “compliance” with the REAL-ID Act by administrative fiat is the latest and most significant step along that path, and a disturbing effort to bypass legislative debate.

We encourage all Californians who are concerned about freedom of movement, Federal commandeering of state agencies to function as agents for enforcing Federal restrictions on individual rights, and lack of transparency, oversight and accountability for biometric and ID databases to submit comments opposing the proposed regulations and, if you can make it to Sacramento, to testify at the hearing on October 16th.

Read More

Sep 08 2017

No US passports for “terrorist sympathizers”?

Bills are moving forward in both houses of Congress which, if approved, would mandate the administrative, extra-judicial revocation, non-renewal, and refusal of issuance of a US passport to any US citizen, even if their citizenship is unquestioned and they have been accused of no crime, but “whom the Secretary [of State] has determined is a member of or is otherwise affiliated with an organization the Secretary has designated as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act (8 U.S.C. 1189).”

The proposed legislation would leverage administrative determinations related to immigration (which US courts have allowed to be largely exempted from judicial review insofar as they only affect foreigners who aren’t considered by the US to have the same human rights as US citizens) to impose a categorical ban on certain US citizens leaving or entering the US except at the (standardless, i.e. arbitrary) “discretion” of the Secretary of State.

Since June 1, 2009, US citizens have been forbidden by Federal law and regulations from crossing any border into or out of the US by any means (land, sea, or air) without a passport, passport card, or Federally-approved “enhanced” drivers license. Denial of a passport thus amounts to a categorical ban on leaving or returning to the US. As such,  it is a blatant violation of the rights of US citizens pursuant to the First Amendment “right of the people… peaceably to assemble” and their human rights pursuant to Article 12 of the International Covenant on Civil and Political Rights:

2. Everyone shall be free to leave any country, including his own….

4. No one shall be arbitrarily deprived of the right to enter his own country.

The proposed law would not define how, on what basis, according to what procedures, or using what standard of proof the Secretary of State would make determinations as to membership or other “affiliation” of a US citizen with a blacklisted organization.  To make matters worse, the bills proposing this travel ban for US citizens associated with blacklisted organizations contain no definition of “member” or “otherwise affiliated”.

If you don’t like the decision of the Secretary of State, the bill would provide you with a “Right of Review” entitling you to a hearing before … the  Secretary of State.

Substitute “Communist” for “terrorist” in the proposed legislation, and it becomes clear that these bills would recreate the worst of the guilt-by-association witch-hunting of the MyCarthyist and other Red Scares.

Commie sympathizer? No passport for you! Terrorist symp? No passport for you!

Read More

Aug 01 2017

Biometric entry/exit tracking of US citizens

We were invited to a briefing session today at U.S. Customs and Border Protection (CBP) headquarters: “an information sharing session and open dialog …  with external privacy stakeholders” to discuss “recent enhancements to CBP’s biometric exit initiatives” and “CBP’s implementation plans for a biometric exit system“.

Although we weren’t able  to make it to Washington for today’s meeting, we have many questions about CBP’s ongoing (and illegal, as discussed below)  photographing of the faces of US citizens entering the US, and the agency’s plans to expand the current (also illegal) trials of exit photography to include most or all US citizens leaving the country.

We look forward to another chance to quiz CBP officials about these programs and their (lack of) legal basis. More importantly, we hope that members of Congress and the public will ask hard questions about these programs if regulations or legislation are proposed that would purport to authorize them.

We share the general concerns raised by others about the use of biometric information such as facial photos (mug shots) for suspicionless dragnet surveillance of any travelers. The right to leave any country is explicitly guaranteed by international treaty (Article 12 of the ICCPR) as a human right independent of citizenship.

But we find it especially objectionable — and likely to be illegal — that CBP is extending these surveillance schemes to US citizens. Here are some of the issues: Read More

Jul 16 2017

CBP is taking mug shots of US citizens who leave the country

US Customs and Border Protection (CBP) has expanded its photography of the faces of all non-US citizens entering or leaving the US (under the “US-VISIT” program) to add mug shots of US citizens leaving the country, starting with all passengers on a daily flight on United Airlines from Washington Dulles Airport (IAD) to Dubai, U.A.E. (DXB).

This exit photo scheme is part of a larger program of biometric traveler tracking for which CBP and DHS recently opened an entire new database management and airport procedures simulation facility.

US citizens have the legal right not to submit to this mass surveillance and travel control scheme. But as with your right to fly without ID, CBP notices at airports won’t tell you that. You need to know your rights and be prepared to assert them.

Read More

May 10 2017

New long form proposed for (some) applicants for U.S. visas

The Department of State has requested “emergency” approval  from the Office of Management and Budget for a new questionnaire which some applicants for U.S. visas would be required to complete.

The questions on the proposed new “long form” for disfavored visa applicants would include:

  • Travel history during the last fifteen years, including source of funding for travel [how many frequent business travelers would be able to provide a complete and accurate 15-year retrospective itinerary of their travels?];
  • Address history during the last fifteen years;
  • Employment history during the last fifteen years;
  • All passport numbers and country of issuance held by the applicant [for an unspecified time period, so perhaps meaning for your entire life];
  • Names and dates of birth for all siblings;
  • Name and dates of birth for all children;
  • Names and dates of birth for all current and former spouses, or civil or domestic partners;
  • Social media platforms and identifiers, also known as handles, used during the last five years; and
  • Phone numbers and email addresses used during the last five years.

Applicants required to complete this form could include tourists and other short-stay visitors (business, visiting friend and relatives, etc.) as well as applicants for work, student, refugee, or other visas.

As with the “long form” supplemental questionnaire for U.S. citizens applying for passports, some but not all applicants for visas to visit or reside in the U.S. will be required to complete the proposed new form. The State Department says it expects to require about 65,000 people a year, or half a percent of all applicants for U.S. visas, to complete the proposed new long from.

As with the long form passport application, there are no publicly-disclosed standards or procedures for judicial review of decisions by State Department staff to require particular individuals to complete the long form. Those decisions would be “discretionary”, meaning that they would be arbitrary and could be discriminatory.

Most people would be unable to provide complete answers to some of the questions on the long from, or would inevitably leave things out or make mistakes that would provide a basis for denial of their application.  The proposed “discretionary” long form is thus a pretext for arbitrarily selective denial of entry to the U.S., at the whim of State Department staff and/or on the basis of secret pre-crime algorithms, as well as of arbitrarily selective surveillance of certain foreign citizens.

Comments on the “emergency” proposal for this new questionnaire can be submitted to the Office of Management and Budget through May 18, 2017.

Apr 27 2017

Is the TSA checking domestic airline passengers for warrants?

[Entities and data flows involved in decision-making (“vetting”) about travelers. Larger image, PDF with legend.]

The latest annual report on data-mining by the Department of Homeland Security contains a disturbing hint that the TSA may have gotten the ability to include checks for warrants and police “wants” in its “vetting” of passengers on domestic airline flights.

This would turn airline check-in counters and kiosks and TSA checkpoints for domestic air travel into dragnet suspicionless warrant checkpoints.

According to page 16 (page 19 of the PDF) of the newly-released 2016 DHS Data Mining Report, “An annex to this report containing Sensitive Security Information (SSI) about Secure Flight’s use of ATS-P is being provided separately to the Congress.”

What data from ATS, to which the TSA didn’t already have independent access,  is being used by the TSA as part of Secure Flight? For what purpose?

In the diagram above (larger image, PDF with legend), the solid green line shows the transfer of data from the FBI’s “National Criminal Information System” (NCIC) criminal history database to CBP’s “Automated Targeting System” (ATS) for use in “vetting” international airline passengers. The dashed green line shows the newly-disclosed transfer of ATS data to the “Secure Flight” system used by the TSA to “vet” domestic airline passengers. This could allow the TSA to check all domestic airline passengers for warrants and “wants” listed in NCIC, as CBP already has the ability to dos for all international airline passengers on flights to or from the US.

There is no explicit mention in the public portion of the DHS report of TSA use of NCIC data for decision-making (“vetting”) about domestic air travelers. But as the diagram above shows, almost all of the other data contained in ATS is already available directly to the TSA for use in Secure Flight. It’s not clear what data from ATS, other than criminal history data imported to ATS from NCIC, the TSA doesn’t already obtain directly without needing to get it from ATS.

Records of arrest warrants in NCIC are often inaccurate, as we have noted before. It’s especially common for the issuance of a warrant to be reported to the FBI for inclusion in NCIC, but for the later cancellation of that warrant not to be reported to NCIC. NCIC contains hundreds of thousands, perhaps millions, of listings for warrants that are no longer valid. Using TSA “vetting” of domestic airline passengers as a suspicionless dragnet for “wanted” individuals would inevitably result in the detention and arrest of many innocent people at TSA checkpoints on the basis of inaccurate NCIC data.

Normally, warrant checks are permissible only on the basis of reasonable articulable suspicion that a person has committed a crime. The current CBP checks of international travelers for warrants, police “wants”, and investigative “lookouts” have been permitted only as part of a judicially-created border exception to the 4th Amendment to the US Constitution. There is no comparable “airport exception” to the 4th Amendment that would allow suspicionless dragnet warrant checks on domestic travelers by the TSA. Travel is not an inherently suspicious activity. It’s the exercise of a Constitutional and human right, and cannot in itself be the basis for warrant checks.

Members of Congress should look closely at the secret annex to the 2016 DHS Data Mining Report, and question the DHS and TSA as to whether they are using, or intend to use, data obtained from NCIC (directly or indirectly through ATS or otherwise) to conduct warrant checks on domestic air travelers.

If any of our readers has information about someone being identified for arrest on an outstanding warrant (valid or invalid) on the basis of TSA “screening”, rather than on the basis of an independent police warrant check based on reasonable suspicion, please let us know.

Apr 19 2017

Fly, Don’t Spy!

Last December, over our formal objections filed with the Department of Homeland Security, US Customs and Border Protection began asking foreign visitors to the US to fill out the online form, shown above, requesting their user names on social media platforms form Facebook to GitHub.

As of then, and as of now, answering this question is still “optional”, although there’s no guarantee that those who decline to respond won’t be denied entry.

However, new Secretary of Homeland Security Kelly has begun speaking publicly about wanting to require foreign visitors to provide CBP not just with their user names but also their passwords for social media and email accounts.

In response, we’ve joined several dozen other organizations in a Fly, Don’t Spy! campaign to oppose “any proposal to require visa applicants, refugees, or other foreign visitors to provide passwords for online accounts, including social media, in order to enter the United States.”

Please add your name to the petition and the coalition mailing list for updates and actions at FlyDontSpy.com, and help spread the word.

More background:

Mar 15 2017

Palantir, Peter Thiel, Big Data, and the DHS

San Francisco and Silicon Valley are among the centers of opposition to President Trump and his fascism, especially as it relates to restrictions on movement, border controls, immigration, and asylum.

Bay Area technology companies and their better-paid classes of employees like to think of themselves as building a better world that reflects the distinctive values that have attracted dreamers and futurists to this region  from across the country and around the world. But some of these companies are key developers and providers of “big data” tools for the opposite sort of “Brave New World“.

On Saturday, Edward Hasbrouck of the Identity Project was invited to speak to an ad hoc group of picketers outside the Pacific Heights mansion of Palantir Technologies founder and Trump supporter Peter Thiel (photo gallery from the SF Chronicle, video clip from KGO-TV; more photos from the East Bay Express).

As Anna Weiner reported in the New Yorker (“Why Protesters Gathered Outside Peter Thiel’s Mansion This Weekend“):

David Campos, a former member of the San Francisco board of supervisors, who emigrated from Guatemala, in 1985, stood on the brick stoop and raised a megaphone. “The reason we’re here is to call upon the people who are complicit in what Trump is trying to do,” he said. Clark echoed the sentiment. “If your company is complicit, it is time to fight that,” she said. Trauss, when it was her turn, addressed Thiel, wherever he was. “What happened to being a libertarian?” she asked. “What happened to freedom of movement for labor?”

Edward Hasbrouck, a consultant with the Identity Project, a civil-liberties group, took the stand, wearing a furry pink tiger-striped pussyhat. “The banality of evil today is the person sitting in a cubicle in San Francisco, or in Silicon Valley, building the tools of digital fascism that are being used by those in Washington,” he said. “We’ve been hearing back that there are a fair number of people at Palantir who are working really hard at convincing themselves that they’re not playing a role — they’re not the ones out on the street putting the cuffs on people. They’re not really responsible, even though they’re the ones who are building the technology that makes that possible.”

It’s easy to rationalize the creation of technological tools by saying that they can used for good as well as evil. But you can’t separate the work of tool-making from the ways those tools are being used. Palantir workers’ claims to “neutrality” resemble the claims made in defense of IBM and Polaroid and when they were making and selling “general purpose” computers, cameras, and ID-badge making machines to the South African government in the 1970s. None of this technology and equipment was inherently evil. But in South Africa, it was being used to administer the apartheid system of passbooks and permissions for travel, work, and residence.

The same goes for “big data” today. To understand what’s wrong with the work being done by Palantir for the US Department of Homeland Security, it’s necessary to look not just at what tools Palantir is building but at how and by whom they will be used; not just at the data tools but at the datasets to which they are applied, the algorithms they use, and the outcomes they are used to determine.

Read More