Papers, Please!

The Identity Project

Category Archives: Surveillance State

Feb 06 2023

CBP proposes to require even more information from international air travelers

US Customs and Border and Border Protection (CBP) has proposed new rules to expand its Advance Passenger Information System (APIS) to require all international airlines serving the US to provide additional information about all passengers, prior to flight departures.

CBP’s Notice of Proposed Rulemaking (NPRM), published last Thursday in the Federal Register, falsely claims that the proposed rules would not affect individuals, only airlines. But the mandate for airlines to provide additional information about each would-be passenger makes it a de facto requirement, as a condition of air travel, for travelers to provide this information to airlines and the government.

This would constitute a significant expansion of an ongoing unconstitutional surveillance and profiling program in which all international air travelers are required to respond to suspicionless, warrantless, interrogatories administered through airlines as intermediaries and outsourced government surveillance agents and interrogators.

APIS is not a passive surveillance scheme, however. It is part of a real-time system of  granular, per-passenger, per-flight government control of air travel:

After performing the security vetting, the CBP system transmits to the carrier an electronic message. This message is generally referred to as CBP’s response message. If the carrier is using an interactive transmission system, the response message provides certain instructions to the carrier. Specifically, it states whether each passenger is authorized to board, requires additional security screening, or is prohibited by TSA from boarding… Depending on the instructions received in the response message, the carrier may be required to take additional steps, including coordinating secondary security screening with TSA, before loading the baggage of or boarding the passenger at issue.

The Identity Project has objected to every step in the expansion of APIS since 2006, and we will be filing comments objecting to the latest NPRM. If you’d like to file your own objections, the deadline is April 3, 2023. We’ll post ours for others to use as a model.

Current mandatory APIS data fields include name, date of birth, gender, nationality, passport or travel document number, and flight details (airline, flight number, and departure and arrival airports, dates, and times). In addition to the information that CBP has been requiring since 2006, the new NPRM proposes that airlines operating flights to or from the US be required to collect and transmit to CBP additional information including:

  • Street address in the US (currently required of aliens but not of US citizens)
  • Telephone number and “alternate” telephone number (presumably the second phone number is required in order to help the government build social network maps and  guilt-by-association links of First Amendment protected associations between individuals)
  • Email address

What if a US citizen has no fixed address, or no address in the US — or doesn’t want to tell the US government? What if they don’t yet know at which hotel or with which friend or relative  they will be staying — or don’t want their host permanently linked with them in the government’s surveillance and suspicion-generating files?

Are two telephone numbers and an email address required as a condition of air travel?

The proposed rules are silent, but they imply that any airline that transports such a passenger would be subject to sanctions:

CBP cannot require that a passenger be denied boarding. However, if an air carrier boards a passenger who is then denied entry to the United States, the air carrier may have to pay a penalty and bear the costs of transporting that passenger out of the United States.

On arrival in the US, the US government has the duty to allow a US citizen to enter the country unless there is genuine doubt as to their US citizenship. They are not required to provide any information not related to, and needed to determine, their US citizenship.

If a CBP inspector at a border crossing or airport asks a US citizen their address in the US, phone number(s), or email address, they have the right to stand mute or to refuse to answer. CBP can search them, but cannot make them answer questions or deny them entry for standing mute.

If CBP would have no Constitutional authority to require a traveler to answer these questions after they arrive in the US, on what possible grounds would it claim authority to require answers to those same questions before a traveler even boards a flight to the US?

The NPRM does not mention the Bill of Rights or any limits on the authority of the government or a common carrier to demand personal information or answers to interrogatories as a condition of carriage.  We believe that there is no such authority. The proposed rules would violate the First, Fourth, and Fifth Amendments, the Privacy Act, and US obligations as a party to the International Covenant on Civil and Political Rights.

Since the creation  of the Department of Homeland Security (DHS) after September 11, 2001, the DHS has imposed more than a billion dollars in unfunded mandates to the airline industry  to collect additional information about all airline passengers, transmit that information to DHS components (CBP for international flights and the TSA for domestic flights), and receive and process instructions from the DHS before issuing any boarding pass.

The proposed new rules would send the airline IT industry back to the drawing board to modify all of its software, user interfaces, APIs, and business-process layers to collect and transmit additional data fields  about each passenger to CBP prior to departure of each international flight to or from the US.

CBP says that some airlines are already “voluntarily” providing personal information about passengers to CBP beyond what has been required by the current APIS regulations.

Why would airlines be willing to collaborate with the DHS in these schemes?

The proposed rules would leave airlines free to retain, use, share, sell, or otherwise monetize the additional personal information which travelers would be required to provide. This would amount to a huge informational windfall for airlines, and this is the quid pro quo to airlines for collecting this additional data for the government. To put it another way, the proposed rules would constitute a government-compelled taking and transfer to airlines of the value of travelers’ personal information.

Airlines don’t collect this data systemically now, and have not yet developed any standards for normalizing, storing, or exchanging it. This would be a massive unfunded mandate for modifications to airline industry IT systems, at every level from interline messaging protocols to user interfaces, and in training staff. But most of these costs would be one-time costs, and in the long term would be offset by the informational windfall to airlines.

Airlines are already experts in monetizing passenger data, making billions of dollars a year by selling advertising targeted to members of their frequent flyer programs. Compelled provision of additional contact information would enable airlines to expand these customer data monetization and ad targeting programs to all air travelers, including infrequent flyers who aren’t members of these programs.

Many foreign airlines are parastatal entities, so this rule would effectively require many asylum seekers to divulge info to the foreign governments from which they are trying to flee, prior to departure from those countries, placing themselves and their associates (linked to them by e.g. shared contact info)  at even greater peril.

Travelers and airlines should just say no. Travelers should decline to answer questions unrelated to their admissibility to the US, and airlines should transport them anyway and challenge any attempt to impose sanctions on them for refusing to spy on their passengers by interrogating them and collecting surveillance data for the government.

Nov 23 2022

The airport of the future is the airport of today — and that’s not good.

(video; slides)

[Facial recognition at each step in airline passenger processing. Slide from presentation by Heathrow Airport Holdings Ltd. to the International Civil Aviation Organization (ICAO) Traveler Identitification Program symposium, October 2018]

Today, the day before Thanksgiving, will probably be the busiest day for air travel in the USA since the outbreak of the COVID-19 pandemic in early 2020.

If you are flying this week for the first time in three years, what will you see that has changed?

Unfortunately, many of the most significant changes made during the pandemic are deliberately invisible — which is part of what makes them so evil.

During the pandemic, largely unnoticed, the dystopian surveillance-by design airport of the future that we’ve been worried and warning about for many years has become, in many places, the airport of today.

While travelers were sheltering in place during the COVID-19 pandemic, airports have taken advantage of the opportunity to move ahead with expansion and renovation projects. While passenger traffic was reduced, and terminals and other airport facilities were operating well below capacity, disruptions due to construction could be minimized.

A characteristic feature of almost all new or newly-renovated major airports in the U.S. and around the world is that they are designed and built on the assumption that all passengers’ movements within the airport will be tracked at all times, and that all phases of “passenger processing” will be carried out automatically using facial recognition, as shown in this video from a technology vendor, Airport of the Future:

[Stills from 2019 vendor video, Airport of the Future.]

In the airport of the future, or in a growing number of present-day airports, there’s no need for a government agency or airline that wants to use facial recognition to install cameras or data links for that purpose. As in the new International Arrivals Facility at Sea-Tac Airport, which opened this year, the cameras and connectivity are built into the facility as “common-use”  public-private infrastructure shared by airlines, government agencies, and the operator of the airport — whether that’s a public agency (as with almost all U.S. airports) or a private company (as with many foreign airports).

Read More

Oct 04 2022

ICAO expands travel tracking and control through RFID passports

The triennial general assembly of the International Civil Aviation Organization (ICAO) is underway in Montreal for its first session since the outbreak of COVID-19, with speakers at its opening plenary last week including US Secretary of Transportation Pete Buttigieg.

It’s been many years since the US delegation to an ICAO meeting has included a Cabinet member. Secretary Buttigieg’s presence brought greater public attention than usual to the ICAO general assembly and related side events.  Unfortunately, news reports have focused on what Secretary Buttigieg said (mainly his comments about Taiwan) rather than on what ICAO is actually doing.

Despite its ostensibly limited role as a specialized international organization with a mandate to administer aviation treaties — a role which would make it logical for the US delegation to be headed by the Secretary of Transportation — police in the US and other ICAO members have coopted ICAO into functioning as a policy laundering venue for imposition of surveillance mandates on all travelers, whether or not they travel by air.

Rather than “faciliating” travel, ICAO’s Facilitation Programme is increasingly devoted to facilitating government control of travel. This includes a new ICAO standard, as discussed below, to enable global blackballing of travelers disfavored by any ICAO member country.

So far as we can tell, no representative of a data protection authority or a ministry primarily responsible for protection of human rights or civil liberties has been included in any country’s ICAO delegation or appointed to any ICAO technical working group.

But that hasn’t stopped ICAO from issuing mandates, under the purported authority of aviation treaties but directly contrary to human rights treaties, for the creation of a new surveillance and pre-crime profiling agency in every ICAO member, and for deployment and use of passports containing remotely-readable RFID chips.

ICAO’s lack of expertise in this non-aviation policy area makes it exceptionally vulnerable to capture — and indeed it has been entirely captured — by a malign convergence of interest between proponents of government  surveillance and control of travel and a travel industry which has been given a free ride for its shared use of government surveillance infrastructure and information for its own business process automation.

Here’s the bad news about what’s happening at ICAO with RFID passports:

Read More

Sep 22 2022

Freedom to travel to get an abortion

[Arrows indicate populations of states where abortion is, or is likely to become, illegal, and directions and distances to the nearest states where abortion is legal. Note that some of the routes shown are more likely to be followed than others, since abortion is more or less heavily restricted in some states where it is shown on this map as legal. Diagram by Bloomberg News based on data from the Guttmacher Institute.]

Increasing variations between state laws related to abortion are prompting an increase in the already large numbers of women who travel across state lines to obtain abortions.

For women in many states, bans on abortion are making the right to interstate travel an essential prerequisite to the right to obtain an abortion.

Both anti-abortion vigilantes and state laws criminalizing actions related to abortion, including facilitating abortion-related travel, are prompting women seeking abortions as well as those who support abortion rights to think about how to protect abortion travelers and their supporters against identification, surveillance, stalking, harassment, or legal sanctions.

In this context, the right to anonymous travel has acquired new importance and urgency. If you’ve wondered, “Why would anyone want to travel anonymously?” now you know one of the reasons.  But what’s needed is “right to travel” legislation, not just “privacy” legislation. Current Federal “privacy” bills would do little to protect abortion travelers.

What are the patterns of abortion-related travel? How could state authorities or private vigilantes identify or track the travels of these women — whether they drive or take buses, trains, planes, or automobiles? What, if anything, can women traveling across state lines to obtain abortions do to protect themselves against being identified, tracked, and potentially prosecuted or subjected to retaliation, harassment, or other sanctions?  What could the Federal government do to protect these women’s right to travel, and to do so privately and safely?

As discussed in detail below, the possibilities for technical self-defense against threats to the right to travel are limited. Congress needs to act to include protection for the right to travel — regardless of the purpose for which you  travel — in any abortion rights legislation.

Read More

Sep 19 2022

CBP aggregates and disseminates travel data from warrantless searches

A series of revelations in recent months have highlighted a pattern of misuse by US Customs and Border Protection (CBP) of data about travelers and their activities.

Information obtained without a warrant or probable cause under a under a variety of exceptions to the Fourth Amendment (including administrative searches and mug shots at airports, border searches, and “consent” to collection of location information by private third parties) has been aggregated, indexed, and made available for search and retrieval by other CBP staff, other law enforcement agencies, and foreign governments.

Use of the fruit of this surveillance of travelers hasn’t been limited to the government agency that first obtained it from travelers or commercial third parties, or to the purpose that purportedly allowed CBP to obtain it without warrant or probable cause. No access logs are maintained for some of these databases of travel surveillance data, so it’s impossible to audit how they have been used.

Here’s some of what CBP has been up to with its travel surveillance databases:

Read More

Jun 21 2022

European Court ruling on air travel surveillance

The highest court of the European Union ruled today that an EU mandate for dragnet surveillance of travelers through government access to airline reservations might be permissible under EU law — but only under conditions that governments of EU member countries, and the US government, may be unable or unwilling to meet.

In 2016, the EU enacted a directive requiring each EU member state to enact a law requiring airlines to hand over copies of passenger name records (PNRs) to the government, and establish a new surveillance agency to profile travelers based on this PNR data.  This EU PNR Directive was modeled on US law and on the extrajudicial practices — never tested against the provisions of international human rights treaties, which generally can’t be invoked in US courts — of the US Department of Homeland Security.

The Belgian “Ligue des droits humains” (LDH) filed a lawsuit in the Belgian Constitutional Court challenging the law enacted in Belgium to implement the EU PNR Directive as contrary to multiple provisions of Belgian and EU law.

Before deciding the questions of Belgian law, the Belgian court requested a preliminary ruling from the Court of Justice of the European Union (CJEU), the highest EU court, as to whether the EU PNR Directive is consistent with fundamental EU human rights law.

In today’s ruling (press release and summary in English, full text of judgment in French, provisional translation of judgment in English), the CJEU finds that the EU PNR Directive is not, on its face, invalid — but only if it is implemented and applied in accordance with a long list of conditions specified by the CJEU in its decision.

Governments of EU member states may be unable or unwilling to comply with all of those conditions.

The decision by the CJEU addresses the implications and validity of the EU PNR Directive both as a mandate for suspicionless dragnet surveillance and as a mandate for control of travel, in which PNR data is used as the basis for profiling and other actions.

Of the many conditions set by the CJEU, we find this one on secret law, secret evidence, and judicial review among the most significant. According to the court’s press release:

[T]he Court also stresses that the competent authorities must ensure that the person concerned can  understand the operation of the predetermined assessment criteria and programs applying those criteria, so that it is possible for that person to decide with full knowledge of the relevant facts whether or not to exercise his or her right to judicial redress. Similarly, in the context of such an action, the court responsible for reviewing the legality of the decision adopted by the competent authorities as well as, except in the case of threats to State security, the persons concerned themselves must have had an opportunity to examine both all the grounds and the evidence on the basis of which the decision was taken, including the predetermined assessment criteria and the operation of the programs applying those criteria.

In cases where EU governments act on “recommendations” from the US government to restrict travel to, from, or within the EU, the EU authorities nominally responsible for these actions may not know what evidence (if any) or algorithms for the basis for US recommendations. And the US may not be willing to share that information with EU governments, especially if EU law might require EU governments to disclose that information to European judges, much less to individuals who are “targeted” on the basis of US recommendations.

The court case now returns to the Belgian courts, but it  seems likely that changes to the laws implementing the EU PNR Directive in Belgium and most if not all other EU member states will be required to conform these laws to the conditions laid down today by the CJEU. Another round of litigation in EU member states and perhaps again in the CJEU is likely to be needed to determine whether amended laws have met those tests. Stay tuned!

May 20 2022

New reports on DHS surveillance and profiling

Two new reports from university think-tanks call attention to surveillance and profiling — including surveillance of, and action against, domestic and international travelers — by the Department of Homeland Security and its components.

A Course Correction for Homeland Security, a report by the Brennan Center for Justice at New York University, cites to some of our work and some examples of cases we have been involved with in its analysis of DHS data collection (surveillance), and “risk assessments” (algorithmic profiling and control), especially as they relate to travelers.

American Dragnet: Data-Driven Deportation in the 21st Century, a report by the Center on Privacy and Technology at Georgetown University Law School, focuses on DHS’s Immigration and Customs Enforcement (ICE) division, especially ICE access to facial images and other information obtained from drivers licenses and commercial data brokers.

A common theme of both reports is that DHS surveillance is more pervasive, more intrusive, and less visible than is generally recognized.

Airline reservations and demands for ID from travelers are used not merely to check for currently blacklisted would-be travelers, but are retained and used to build travel histories and social networks maps that are then used by suspicion-generating guilt-by-association algorithms to expand the web of surveillance, profiling, and extrajudicial blacklisting.

ICE represents itself as an agency with jurisdiction only over non-US citizens, but in fact runs photos and drivers license and location data about a large fraction of the entire population of US citizens through its profiling and enforcement algorithms. DHS lurks (usually invisibly) in the background, “ingesting” or obtaining access to personal information, when individuals pose for drivers license photos, make airline reservations, or interact with businesses that “share” data directly or indirectly with DHS.

What is to be done about this sorry state of affairs?

Both of these reports suggest that some reforms could be made by policy, at the direction of the President, the Secretary of Homeland Security, or the heads of DHS components.

However, given the thoroughly bipartisan continuity of support by both Democratic and Republican administrations for the continual expansion of DHS surveillance, especially of travelers and foreigners and most especially of border crossers, since its creation 20 years ago, we have little hope for reform from within DHS or at the behest of the White House.

Exposure of abuses is good, but more is needed than a change of administration policy.

While we welcome any additional attention paid to the problems with the DHS, we think they call for court action to uphold the Constitutional and treaty rights of travelers and other individuals, and Congressional action to effectuate those rights and to facilitate judicial review and redress for government actions that violate those rights.

The DHS, as these reports reveal, is an ever-growing dragnet surveillance agency, operating outside the rule of law. What are we going to do to alter or to abolish it?

Jan 26 2022

9th Circuit to review secrecy of CRS-based travel surveillance

May court records related to orders requiring a travel reservations company to provide real-time updates to the U.S. government whenever a “person of interest” makes reservations for flights or other travel  be kept secret from the public, the press, and other travel companies including the airlines on which the target plans to travel?

That issue is now before the 9th Circuit Court of Appeals in the case of Forbes Media and Thomas Brewster vs. the United States (Court of Appeals Docket #21-35612).

The legal question before the 9th Circuit is whether courts can keep their own actions secret. That’s important, but the the underlying facts raise other issues as well.

Read More

May 19 2021

A race to the bottom: DHS “Biometric Tech Rally”

Today the U.S. Department of Homeland Security (DHS) announced a competition between hardware and software vendors to demonstrate the facial-recognition systems that are most useful for surveillance and other malign uses: cameras or other sensors and facial and/or other biometric matching algorithms that can identity travelers (or other people in public places) even if they are wearing masks:

[T]he 2021 Biometric Technology Rally will focus on evaluating the ability of systems to reliably collect and/or match images of individuals, including those wearing face masks. The intent is to improve the ability to recognize people without requiring travelers to remove protective equipment….

The 2021 Biometric Technology Rally will be held at the Maryland Test Facility (MdTF) in Upper Marlboro, Maryland, later this fall. Testing will be performed in controlled scenarios relevant to DHS operations….

Providers of face and multi-modal biometric acquisition systems, as well as providers of biometric matching algorithms, are encouraged to participate.

Requiring travelers to remove their masks at checkpoints operated by or on behalf of the Transportation Security Administration (TSA) and/or other DHS components endangers travelers and makes clear that the U.S. government has put surveillance and tracking of travelers ahead of safety and health.

But the way to completely eliminate the threat to travelers’ health and safety posed by unmasking is to stop trying to identify travelers,  which is based on the “pre-crime” fantasy that identity-based algorithms can read travelers’ minds and predict which of them intend to  commit future aviation-related crimes. Instead, the TSA should confine its searches to those intended to detect genuinely threatening objects: weapons and explosives.