Sep 24 2018

Will the government get mug shots of all air travelers?

The dispute over government-mandated biometric identification of travelers through automated facial recognition continues to sharpen.

ID document requirements for air travel have been imposed on a de facto basis by DHS administrative fiat without ever having been approved by Congress or authorized by law.

In a similar way, requirements for US citizens to submit to mug shots — either by components of the Department of Homeland Security or by airlines, airport operators, or contractors who share photos with DHS — are being imposed on a growing scale without any Congressional debate or statutory  basis.

Last week the World Privacy Forum submitted a petition for rulemaking asking the DHS to “provide formal notice and solicit public comments pursuant to the Administrative Procedure Act” before proceeding with further “trials” of biometric identification of travelers: Read More

Sep 18 2018

Globalization and policy laundering of travel control

An interview with the head of US Customs and Border Protection (CBP) published this month by the U.S. Military Academy as part of a “View From The Foxhole” series provides an unusually revealing, and disturbing, picture of the expansion and globalization of surveillance and control of travelers. It also highlights the ways that policy is being “laundered” through the rationale of “compliance with international standards” to avoid any domestic political debate in the US or other collaborating countries.

CBP Commissioner Kevin K. McAleenan begins his overview of the role of the CBP by referring to “people who are… seeking that permission to travel to the United States”.

But US citizens don’t need “permission” from CBP or any other government agency to travel to the US. McAleenan’s comment makes clear the extent to which the US government has arrogated to itself, and now takes for granted, the illegitimate authority to condition the exercise of the right to freedom of movement on government permission.

CBP Commissioner McAleenan doubles down by asserting that “we have the responsibility to interview and inspect all travelers and make decisions on whether they present a risk.”

But that’s not true either. CBP’s authority to inspect travelers is limited to determining whether there is probable cause to charge them with violations of the law. We have a system of criminal law, not a pre-crime system of “risk-based” predictive denial of rights.

Read More

Aug 28 2018

CBP expands partnership with airlines on facial recognition

This month US Customs and Border Protection (CBP) posted the latest in a series of Privacy Impact Assessments (PIAs) for its Traveler Verification Service (TVS) program.

The  latest PIA gives notice (although not in the form required by Federal law) that CBP and its airline and airport  partners are carrying out a second expanded phase of “demonstrations” of TVS, an identity-as-a-service scheme designed to use automated recognition of images from a shared CBP/airline/airport database of facial photos for purposes including surveillance and control (for CBP) and business process automation and price personalization (for airlines and airports).

CBP (1) describes TVS as a “biometric exit” program, (2) describes the current use of TVS as merely a “demonstration”, (3) continues to claim that airlines and airports “have no interest in keeping or retaining” facial images any longer , or using them for any other purposes, than is required by CBP for “security”, and (4) says that U.S citizens aren’t required to submit to mug shots.

These claims are intended to lull the public into not protesting: “This is only a test, using photos for limited purposes. The photos will be deleted once you get on the plane, and not used for nay commercial or other purpose.” And so forth.

All that might be somewhat reassuring, if any of it were true. But  none of it is:

Read More

Jul 29 2018

Federal Air Marshals blow the whistle on TSA “Quiet Skies” traveler surveillance program

Jana Winter has a detailed investigative report on the front page of today’s Boston Globe about a previously secret TSA program of illegal surveillance of innocent air travelers, “Quiet Skies”.

According to the story in the Globe, based in part on descriptions and documents  apparently leaked by dissident Federal Air Marshals, the “Quiet Skies” program selects certain airline passengers, who aren’t on any blacklist (“watchlist”) or under investigation for any crime, on the basis of algorithmic profiling, countries previously visited (merely traveling to Turkey has been enough to get some people selected), phone numbers or email addresses, and/or other factors in DHS files about them.

A FAM or team of FAMs is assigned to follow each targeted traveler from the time they arrive at their airport of origin (which the TSA knows from its access to airline reservations through the Secure Flight program), onto and on the plane, through any connecting airports, and until the unwitting target of their surveillance leaves the airport at their final destination.

The FAM gumshoes are required to file detailed reports on each traveler they are assigned to stalk, including a checklist of details such as whether the person being tailed used the toilet in the airport or on the plane, whether they slept for most of the flight or only briefly, and whether they had “strong body odor” or engaged in “excessive fidgeting.”

Is this the reincarnation of J. Edgar Hoover’s FBI, the (re)emergence of an American Stasi, or standard operating procedure for a government that regards travel as inherently suspicious, rather than as the exercise of human and Constitutional rights?

All of the above, unfortunately.

The story in the Globe speaks for itself, and is worth reading in full.

But lest it be misunderstood, here are some key points about what today’s news reveals, what’s new and what isn’t, and why it’s significant:

Read More

Jul 23 2018

Airlines, airports, and cruise lines “partner” with DHS

This month some cruise lines are joining airlines and airports in taking mug shots of travelers and passing them on to US Customs and Border Protection (CB P). CBP uses these facial images (“biometrics”) for border and travel control and general law enforcement (policing and surveillance) purposes, and shares them with other Department of Homeland Security components and other domestic and foreign entities.

Read More

Jul 17 2018

3rd Circuit gives impunity to TSA checkpoint staff

TSA checkpoint staff often act as though they were above the law. But are they really?

Sadly, they often are, at least in the opinion of some Federal judges.

The 3rd Circuit Court of Appeals recent decision in Pellegrino v. TSA , in combination with its decision last year in Vanderklok v. TSA, mean that — at least for now, and at least in the 3rd Circuit — no civil recourse or remedy is available through the Federal courts against checkpoint staff who deliberately assault travelers, lie about their own actions and those of travellers, and make knowingly and deliberately false complaints to police in order to get travelers wrongly arrested.

The two judges in the majority on the three-judge panel that upheld the dismissal of Nadine Pellegrino’s complaint  explicitly acknowledged the implications of their decision:

We recognize that our holding here, combined with our decision in Vanderklok, means that individuals harmed by the intentional torts of TSOs will have very limited legal redress. And we are sympathetic to the concerns this may raise as a matter of policy, particularly given the nature and frequency of TSOs’ contact with the flying public. For most people, TSA screenings are an unavoidable feature of flying, 49 U.S.C. §44901(a), and they may involve thorough searches of not only the belongings of passengers but also their physical persons…. For these reasons, Congress may well see fit to …  legislate recourse for passengers who seek to assert intentional tort claims against TSOs. But such policy judgments, particularly as they relate to sovereign immunity and the public fisc, fall squarely in the realm of the legislative branch.

The dissenting member of the panel (the dissent starts at p. 54 of the slip opinion) characterized the decision more bluntly:

My colleagues[‘]…  decision insulates TSOs from all intentional tort claims, leaving plaintiffs without a civil remedy. Absent congressional action, they cannot recover if a TSO [Transportation Security “Officer”] assaults them, unlawfully detains them, or unlawfully lodges a criminal complaint against them.

The details of the opinion dismissing Ms. Pellegrino’s complaint might be described charitably as arcane, and uncharitably as twisted.
Read More

Jun 22 2018

Arguments for and against TSA Form 415

We’ve finally begun receiving records from the TSA of how the public responded to the TSA’s proposal in 2016 to start requiring travelers to show ID in order to fly.

Since 2008, TSA and contractor staff at airport checkpoints have been demanding that some travelers who do not have ID, do not show ID to checkpoint staff, or show ID that is initially deemed “unacceptable”, fill out and sign TSA Form 415, “Certification of Identity” and answer questions about the information in the (secret) file about them maintained and made available to the TSA by the commercial data broker Accurint.

Before any Federal agency such as the TSA starts collecting information from the public, whether verbally or through a written form, the agency is required to obtain approval for the “information collection” from the Office of Management and Budget (OMB).

The TSA has never requested or obtained approval for any version of Form 415. But in 2016, the TSA gave notice that it intended to seek OMB approval for Form  415, and accepted comments on that proposal from the public by email. After submitting our own objections to the TSA’s proposal, the Identity Project made a FOIA request for the complete administrative record related to the TSA’s contemplated request.

The TSA has not yet actually submitted a request to OMB for approval of Form 415, but has continued to use it illegally without OMB approval.

In May 2018, we received a heavily redacted version of the TSA’s procedures for “ID verification” including use of Form 415.

Now we’ve received a first partial set of excerpts from the “administrative record” related to the TSA’s proposal, consisting mainly of comments submitted by the public.

Most of the comments were from civil liberties and human rights organizations opposed to the TSA’s proposal, including the Identity Project, the Cyber Privacy Project,  the Constitution Alliance, and the Electronic Privacy Information Center.

But the TSA also received comments questioning the TSA proposal from at least one state government, and a single frighteningly revealing comment urging the TSA to use even more intrusive measures to track people who try to fly without “acceptable” ID.

Read More

Jun 19 2018

Coding Amtrak’s collaboration with US Customs and Border Protection

We’ve received and posted the latest installment in a continuing trickle of responses to a Freedom of Information Act request  we made in 2014 for records related to Amtrak’s collaboration with US and foreign law enforcement and “border control” agencies.

The most recent batch of records released by Amtrak consists mainly of email correspondence between Amtrak IT staff responsible for supporting ticket sales through travel agencies  (most of which occur through computerized reservation systems), programmers with Amtrak’s in-house ARROW  reservation system, and Amtrak’s technical contacts at  the four major CRSs used by travel agencies: Sabre, Apollo, Worldspan, and Amadeus.

Most of these exchanges relate to Amtrak’s decision in 2005 to start feeding information about all passengers on cross-border (USA-Canada and Canada-USA) Amtrak trains to US Customs and Border Protection, and to require all passengers on these trains to provide Amtrak with passport or travel document info to pass on to CBP.

This was not required by any US law or regulations,  but was a voluntary decision by Amtrak. Some travel agents complained about this, but we’ve still seen no indication that they were given any answer about why Amtrak was doing this or what travelers or travel agents who didn’t want to provide this information could do. Amtrak’s own programmers were falsely told that this was required by order of CBP.

The messages we have received show that requiring travel agents to enter names and details of ID documents in PNRs for Amtrak travel created in the CRSs, and getting this information to flow through in standardized form to ARROW records and transmissions to CBP, proved more difficult than had been expected.

Read More

May 29 2018

More stupid questions for applicants for U.S. visas

The list of questions asked of applicantas for U.S. visas goes on for page after page, including:

  • Do you belong to a clan or tribe?
  • Are you or have you ever been a drug abuser or addict?
  • Are you coming to the United States to engage in prostitution or unlawful commercialized vice?
  • Do you seek to engage in espionage, sabotage, export control violations or any other illegal activity in the United States?
  • Are you a member of a terrorist organization?
  • Have you ever participated in genocide?
  • Have you ever been directly involved in the coercive transplantation of human organs or bodily tissue?
  • Have you ever committed torture?
  • Have you ever engaged in the recruitment or the use of child soldiers?
  • Are you coming to the U.S. to practice polygamy?
  • Are you a member of the Communist party?

Some of these questions are pointless. How many people have been denied admission to the U.S. because they volunteered that they were terrorists, torturers, or genocidists?

Others of these questions are vague, irrelevant, and/or intrusive.

Unfortunately, the list of questions asked of would-be travelers to the U.S. has grown ever longer, under both Democratic and Republican administrations.

In 2016, questions about social media identifiers were added to the online application for the Electronic System for Travel Authorization (ESTA), a sort of short-form electronic visa used by tourists and some short-stay business visitors from most-favored countries.

Now those same questions are being added to the printed and  online forms used by all other applicants for any type of visa to visit, transit, or immigrate to the U.S.

Today the Identity Project and five other national civil liberties and human rights organizations — Government Information Watch, Cyber Privacy Project (CPP), American-Arab Anti-Discrimination Committee (ADC), Restore the Fourth, Inc., and National Immigration Law Center (NILC) — filed comments with the Department of State objecting to this questioning as unconstitutional and contrary to international human rights treaties and Federal laws.

Read More

May 24 2018

DHS aggregating commercial biometric data and position logs

The DHS is proposing to expand its biometric identification and surveillance programs, and its collaboration with commercial entities in biometric-based surveillance, with the creation of a new database of “External Biometric Records” (EBR). EBR would include (1) biometric identifiers (such as facial photos, iris scans, fingerprints, DNA profiles, etc.) and (2) logs of the location, date, and time where each image or biometric sample is created.   EBR records would be aggregated from commercial sources, and available for use by all DHS components and sharing  with other Federal, state, local, and foreign entities.

The DHS is also proposing to exempt EBR from most of the requirements of the Privacy Act, including the right of individuals to find out what information about them is in the database and to what other government agencies or third parties it has been disclosed.

Today we filed comments, together with four other national civil liberties and human rights organizations — Government Information Watch, the Cyber Privacy Project (CPP), Restore the Fourth, Inc., and the National Immigration Law Center (NILC) — objecting to the DHS proposals as unconstitutional and contrary to Federal law.

Read More