Sep 17 2013

How airline reservations are used to target illegal searches

One of the most detailed pictures to date of how the US government uses airline reservations to target illegal searches is provided by documents released recently by the US government as part of an agreement to settle a lawsuit brought by David House, an activist with the Pvt. Manning Support Network.

Mr. House was detained and searched and had his electronic devices confiscated and copied by DHS personnel at O’Hare Airport as he was re-entering the US after a vacation in Mexico in 2010.

The government learned of Mr. House’s travel plans through their systems for real-time monitoring and mining of airline reservations:

The ACLU analysis of the documents released to Mr. House, and reports by the New York Times and the Associated Press,  focus on the DHS seizure and copying of the data from Mr. House’s electronic devices. An article in Mother Jones highlights the technical ineptness of the government’s attempts to analyze the data seized from Mr. House. (It took DHS “experts” more than a month, for example, to realize that a portion of the data dump from Mr. House’s netbook was a Linux partition.)

But as discussed below, more is revealed by these documents about DHS access to, and use of, airline reservations.

The documents released to Mr. House may also help explain how David Miranda, the domestic partner of journalist Glenn Greenwald, was detained and searched last month while changing planes at Heathrow Airport in London.

And in that context, they may also suggest an explanation for why Mr. Miranda was detained and searched in the UK, and Mr. House in the US, but Mr. Greenwald himself has not been detained or similarly searched when he travels to the US.

Read More

Sep 10 2013

9th Circuit considers Constitutionality of ban on Internet anonymity

Last year, we reported on a Federal district court hearing on the Constitutionality of portions of the law enacted by California’s Proposition 35, which requires California residents who have been convicted of certain sex-related crimes to register with the local police, annually and within 24 hours of any addition or change, for the rest of their lives, “A list of any and all Internet identifiers established or used by the person [and] A list of any and all Internet service providers used by the person… For purposes of this chapter, (a) “Internet service provider” means a business, organization, or other entity providing a computer and communications facility directly to consumers through which a person may obtain access to the Internet…. (b)  “Internet identifier” means an electronic mail address, user name, screen name, or similar identifier used for the purpose of Internet forum discussions, Internet chat room discussions, instant messaging, social networking, or similar Internet communication.”

The challenge to this portion of the law, being argued by Electronic Frontier Foundation and the ACLU of Northern California on behalf of as-yet-anonymous clients who would be subject to this registration requirement, is a crucial test of the right to anonymity on the Internet.

It’s easy to say, “This only affects sex offenders.”

But restrictions on First Amendment rights are always imposed first on the most stigmatized groups of people, whether the villians du jour are serial killers, perverts, Communists, or Jews.  Once they are accepted by the public as applied to those disfavored classes, these measures can gradually be expanded until everyone has to register with the government, carry government-assigned credentials identifying them and/or their group affiliation (Star of David, pink triangle, etc.), or comply with other restrictions that have come to be accepted  as merely “administrative” rules for how they can exercise their rights, and are no longer considered substantive restrictions on rights.

Judge Thelton Henderson of the U.S. District Court for the Northern District of California had issued a temporary restraining order prohibiting the state form enforcing this part of the law. Following the hearing we reported on, Judge Henderson converted that order into a preliminary injunction.  Both the state of California, and the sponsors of the ballot initiative (as “intervenors” in the court case) appealed to the Circuit Court before the District Court could resolve the issue of whether to make the injunction permanent.

Today a three-judge panel of he 9th Circuit Court of Appeals heard arguments on whether to let the preliminary injunction remain in force while the District Court proceedings continue.

Today’s hearing focused on whether the provisions of Prop. 35 requiring registration of Internet service providers and “identifiers” chill the exercise of free speach and are overbroad, i.e are not “narrowly tailored” to restrict no more activity protected by the First Amendment than is necessary. (The vagueness of the terms “Internet service provider” and “Internet identifier” was raised in the briefs, but barely mentioned at argument.)

Early in the hearing, Judge Jay Bybee observed that, “We’re living in a post-Snowden world now, where we all have to wonder whether all of our communications are being monitored by the NSA.” It was an intriguing suggestion of how much judicial attitudes may have been reshaped by the actions of whistleblowers.

The law’s proponents argued that free speech would not be chilled because under the law the police would have only limited authority to make Internet identifiers public.

But Michael Risher of the ACLU pointed out that chilling effects result primarily from fear of official retaliation — such as by the police. Police don’t have to make registration information public to use it themselves against people who say things they don’t like.

“A registrant who wants to criticize the local police department in comments on a local newspaper’s website, but doesn’t want to face retaliation, will be chilled if they know that their identifier is on file with those local police…. Among the reasons for protection of anonymous speech is to protect against this sort of official retaliation.”  It’s easy for the police to make life hard for a registered sex offender, Risher pointed out.

The law’s defenders had a particularly hard time justifying the breadth of the registration requirement, which they conceded applied (at least as the law is written) to screen names or accounts used to post comments on websites from the New York Times to eBay, and to people whose crimes had nothing to do with the Internet.

“If I open an account so I can sell my bicycle on Craigslist, do I have to report that?”, Judge Bybee asked.

When counsel for the intervenors tried to justify the requirement for registration of Internet identifiers (but not pseudonyms used for other sorts of communications) by claiming that “sex crimes are moving to the Internet”, Judge Mary Schroeder shot back, “So is shopping. So what?”

We’re relatively optimistic that this panel of the 9th Circuit will allow the District Court’s preliminary injunction to remain in force. But it’s still up to the District Court to make that injunction permanent.

Sep 06 2013

Why did the NSA hack an airline reservation system (when CBP already has root access)?

The latest revelations about NSA attacks on encrypted electronic communications include this sentence buried in an article in yesterday’s New York Times (first noted today by the travel news website Skift):

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

It’s no surprise that the U.S. government was and is interested in monitoring airline reservations in real time as well as in mining historical airline reservation records.

But why did the NSA feel it was necessary to hack into airline and computerized reservation system (CRS) messaging, when the U.S. Customs and Border Protection division of DHS already had root access to reservations for flights worldwide stored in any of the four largest CRSs (including Amadeus, the only one not based in the USA), and was already extracting copies of all reservations that include flights to, from, via, or over the U.S. and compiling them into tits Automated Targeting System (ATS)?

  • Was the government interested in some airlines (who were these three?) that didn’t use one of the big four CRSs to host their reservations?
  • Was the government afraid that some airline or CRS (which one?) might pull the plug on CBP access, or restrict it to reservations for flights that actually touch the USA?
  • What was it about airline and CRS messaging that interested the NSA?  For what NSA purpose was the content of PNRs insufficient?

Whistleblowers, especially with airlines or CRSs or their contractors and suppliers, we need your help! If you know what was up with the NSA’s hacking of airline and CRS messaging, leave a comment or get in touch.

Aug 22 2013

California considers “enhancing” drivers licenses with radio tracking beacons

California’s legislature is considering a bill to authorize adding radio tracking beacons to drivers licenses and state non-driver ID cards.

Each such card would broadcast a unique tracking number which could legally be intercepted by anyone with a suitable radio transceiver within range, and which would be linked to a national DHS database of drivers license, state ID card, and citizenship information.

The tracking beacons are designed to allow the tracking numbers on ID cards carried by travelers in motor vehicles to be read from outside their vehicles as they approach or pass through checkpoints.

Independent academic studies of actual ID cards issued by other states, using the same standards proposed for use in California, have found that they can sometimes be read from more than 50 yards away.

S.B. 397 has already been approved by the California Senate, and is now under consideration in the Assembly. Because it has been amended by the Assembly, it will need to be reconsidered by the Senate (to decide whether to accept the Assembly amendments) if and when it is approved by the Assembly.

To date, S.B. 397 has been largely unopposed in the California legislature, and it is likely to be approved unless legislators start hearing a groundswell of opposition from their constituents.

What excuse is being offered for this scheme? And what’s its real purpose?

Read More

Jun 18 2013

Our comments on the TSA’s virtual strip-search machines

Today the Identity Project filed our comments on the TSA’s proposed rules to require travelers to submit to “screening” using virtual strip-search machines (“Advanced Imaging Technology” in TSA-speak.

You have until next Monday, June 24, 2013 to submit your own comments.

Here’s the introductory summary of our comments:

Regulations of the Transportation Security Administration (TSA) at 49 CFR § 1540.107 currently require would-be air travelers to “submit to screening”, but neither define nor limit the meaning of “submit” or “screening”. Under this NPRM, the TSA proposes to add a new paragraph (d) to § 1540.107, which would authorize the TSA to include “screening technology used to detect concealed anomalies without requiring physical contact with the individual being screened” as part of the “screening” to which would-be passengers must “submit” (those terms remaining otherwise undefined and unlimited).

The proposed rule would require travelers to submit to virtual strip-searches and/or manual groping of their genitals, as a condition of the exercise of their right to travel by air by common carrier.

The Identity Project objects to the proposed rule on the following grounds:

1. The TSA fails to recognize that travel by air by common carrier is a right, not a privilege to be granted or denied by the government or subjected to arbitrary or unjustified conditions. As a condition on the exercise of a right, a requirement to submit to searches or other aspects of “screening” is subject to strict scrutiny. The burden is on the TSA to show that the current and proposed requirements will actually be effective for a permissible purpose within the jurisdiction of the TSA, and that they are the least restrictive alternative that will serve that purpose. The TSA has not attempted to asses the proposed rule according to this standard, and has not met this burden.

2. The TSA errs in claiming that, “Individuals … are not included in the definition of a small entity” in the Regulatory Flexibility Act (RFA). Nothing in the statutory definition of “small entities” excludes individuals, and in fact many individual travelers affected by the proposed rule are “small entities” as that term is used in the RFA. The TSA must publish and allow comment on a new RFA analysis that takes into consideration the impact of the proposed rule on individuals in their capacity as “small entities”. If the TSA fails to do so, OMB must disapprove the proposed rule, pursuant to the RFA.

3. In the absence of any definitions of “submit” or “screening”, the current and proposed rules are unconstitutionally vague and overbroad. Travelers subject to the rules can’t tell what is prohibited or what is required as a condition of travel by air by common carrier, or which actions at TSA checkpoints are and aren’t subject to TSA civil penalties. The rules reach a significant amount of protected conduct by denying the right to travel to a significant number of individuals who pose no threat to aviation.

The proposed rule should be withdrawn, and the practices it would purport to authorize should be suspended. If the proposed rule is not withdrawn by the TSA, it should be rejected by the Office of Management and Budget (OMB) for failure to include the analysis required by the RFA. The TSA should open a notice-and-comment rulemaking to define “submit” and “screening”, as those terms are used in 49 USC § 44901, 49 CFR § 1540.107, and 49 CFR § 1540.109, with sufficient specificity to enable prospective travelers to know what actions are required and what actions are proscribed.

You can see all 5,000+ comments submitted to the TSA here.

May 28 2013

TSA “Glomar” response to request for Terrorist Screening Database records

An individual who used our forms to ask the DHS for its records about their travel  has received response of a sort that we haven’t previously seen to a request of this sort: a “Glomar” response that the DHS will neither confirm nor deny that there are any records about the requester in the DHS mirror copy of the FBI’s “Terrorist Screening Database” (TSDB).

It has long been the policy of the FBI, which is nominally “responsible” for the TSDB, neither to confirm nor deny the existence of TSDB records about any individual.

In 2011, DHS published a notice that it planned to make its own mirror copy, for which it would be responsible, of the FBI’s database. At the same time, the DHS exempted the DHS copy of the TSDB from the Privacy Act.

This is the first DHS response we have seen to a request for records from the DHS copy of the TSDB. It’s no real surprise, but it’s different from the typical DHS responses to requests for records about individuals, which include ignoring requests, producing obviously incomplete responses with no explanation of the missing records, and producing pages and pages of completely blacked-out records.

So the TSA won’t say if you are listed in its copy of the Terrorist Screening Database, but will use it against you if you are.

May 27 2013

Audio: “In the matter of John Brennan”

After extensive negotiations, we were given permission to record audio (but not video or still photographs) of the formal hearing conducted in Portland. OR, on May 14, 2013, in the matter of “Naked American Hero” John Brennan.

Linked below are audio recordings of the entirety of the hearing:

Dramatis Personae other than witnesses (in order of appearance):

Audio (MP3 recordings can be streamed from here or downloaded directly from the links below):

Video: Excerpt from TSA/airport security camera video (from news report, but also entered into evidence at the formal hearing)

Mr. Brennan exercised his First Amendment right to express his political opinion by taking off all his clothes while he was being subjected to “secondary” searching at a TSA checkpoint at the Portland airport (PDX) on April 17, 2012.

The TSA called the Portland police, who arrested Mr. Brennan for “indecent” exposure, but he was eventually acquitted of all criminal charges by an Oregon judge.

Undeterred — or, more precisely, fearing that Mr. Brennan and others would no longer be deterred from similar politically expressive conduct after his acquittal — the TSA has proposed to assess a $1,000 “civil penalty” against Mr. Brennan for “interfering with screening”.

It certainly appears to us that Mr. Brennan’s actions should have facilitated his screening, and he testified that he was trying to assist the screeners in determining that he was not carrying explosives or weapons.

There are many Alice-In-Wonderland aspects to this administrative proceeding, among them that the TSA has declared the “Notice of Proposed Civil Penalty” which explains the basis for the proposed fine to be “Sensitive Security Information” (SSI) exempt from public disclosure.  The notice was, we presume, served on Mr. Brennan and/or his attorney, but they were not allowed to quote from it publicly.

Portions of the evidence and allegations against Mr. Brennan were also designated as SSI and exempt from disclosure.  We were allowed to attend and listen to the whole formal hearing, but not to see any of the documents that were being discussed and entered into the (secret) record.

The  decision of the Administrative Law Judge (ALJ) on whether to assess a fine against Mr. Brennan, and if so in what amount, will probably also deemed SSI.

According to the rules for TSA civil penalty proceedings, journalists or members of the public can inspect  the docket — including the evidence, transcripts of the depositions and the formal hearing, and pre- and post-hearing briefs — only by filing a formal request under the Freedom Of Information Act (FOIA).

We’ve filed a FOIA request for the complete docket record, and have asked (in accordance with FOIA) that it be processed on an expedited basis, but the TSA’s first response was that they estimated that they won’t complete their response until August 23, 2013.  The Coast Guard ALJ’s office told us that they couldn’t remember anyone ever before asking for an active civil penalty docket, and hasn’t yet given us any estimated date for their response.

In the meantime, our audio recordings linked above are the best available public indication of what the TSA thinks Mr. Brennan did, how they think he “interfered with screening“, and why they think he deserves a $1,000 fine. These are also the best available guidance, for others who may be subjected to TSA enforcement action, about how the process works.

The TSA has threatened other protesters with civil penalties, but in most cases either people pay the proposed fines (for example, if they were trying to carry otherwise-legal firearms through a TSA checkpoint, which happens every day), they are convicted of some criminal offense (usually for drugs), or the TSA backs down and withdraws its proposal for a fine. So far as we know, this is the first time the TSA has continued to pursue a proposed civil penalty for nonviolent, non-criminal  political protest at a TSA checkpoint by someone who contested the proposed fine and exercised their right to a formal hearing.

(TSA Publc Affairs Manager Lorie Dankers, who came down from the TSA regional office in Seattle along with the TSA’s lawyer to attend the hearing in Portland, told reporters that since the TSA’s creation the agency has assessed “a few hundred” civil penalties for “interfering with screening.” But most of those cases involved neither political protest nor a formal hearing.)

This was an administrative proceeding, not a trial. It was held in a courtroom rented from the U.S. Bankruptcy Court, but it was not a trial, not a “court” proceeding, and not governed by court rules.

Read More

Mar 30 2013

“Travel Surveillance, Traveler Intrusion” at the Cato Institute

Edward Hasbrouck of the Identity Project will be speaking at a free, public forum on Travel Surveillance, Traveler Intrusion from noon-1 p.m. EDT next Tuesday, 2 April 2013, at the Cato Institute in Washington DC (with a live webcast):

Travel Surveillance, Traveler Intrusion

[photo by kind permission of Jeramie D. Scott]

Video from the Cato Institute (recommended)

Video from C-SPAN

C-SPAN video on Youtube

Audio podcast (listen while viewing the slides)

Slides and notes (PDF)

Featuring Edward Hasbrouck, Journalist, Consumer Advocate, Travel Expert, and Consultant, The Identity Project (PapersPlease.org), Author of the book and blog, The Practical Nomad; and Ginger McCall, Director, Open Government Program, Electronic Privacy Information Center; moderated by Jim Harper, Director of Information Policy Studies, Cato Institute.

The United States government practices surprisingly comprehensive surveillance of air travel, amassing data about the comings and goings of all Americans who fly. Travel expert Edward Hasbrouck has been researching travel surveillance for many years. His findings reveal a stunning level of government surveillance, control of the traveler, and intrusion into commercial travel IT systems.

By April 2, the Transportation Security Administration will have begun a public comment process on its policy of putting travelers through imaging machines that can see under their clothes. Ginger McCall of the Electronic Privacy Information Center has been handling the litigation that prompted the D.C. Circuit Court of Appeals ruling requiring it to do so, and she will assess the proposed regulation and her renewed efforts to bring the TSA within the law.

If you can’t make it to the Cato Institute, watch this event live online at www.cato.org/live.

The Cato Institute asks that you pre-register if you plan to attend in person, but that’s just so they have an estimate of the expected attendance.

Hasbrouck will be presenting examples of what he found in his files when he sued the DHS for its records of his travels, what other travelers have found in theirs, and how the DHS obtains and uses this information to track us and to control who is allowed to travel.

As part of the same program, Ginger McCall of EPIC will be discussing the TSA’s proposed “rules” to require all air travelers to submit to virtual strip-searches. You have 90 days, until 24 June 2013, to tell them what you think of their proposal. (On the form to submit comments to the TSA, note that all of the fields except your comment itself are optional.) You can find some ideas for what to say in our previous article about the rulemaking.

There will be a live webcast, for those who aren’t in DC.

If you’d like to follow along, you can download the slides from Hasbrouck’s presentation as a PDF file.

[Update: C-SPAN broadcast the event live. Streaming video is available from the Cato Institute event archives (recommended), the C-SPAN archives, or on Youtube. The C-SPAN and Youtube camera angles don’t show the slides which illustrate Hasbrouck’s talk, so we recommend watching the Cato version and/or downloading the slides to follow along with the talk on C-SPAN. If you want to find out what’s in the file about you in the DHS “Automated Targeting System”, you can use the forms here. We would welcome a chance to review the government’s response, if you get one, and help you interpret it.]

Mar 26 2013

TSA proposes new “rules” for virtual strip-search machines

More than 18 months ago, a federal Court of Appeals ordered the TSA to provide formal notice and an opportunity for public comment on its “rules” for when travelers are required to submit to virtual strip-searches by machines that display images of our bodies as though naked.

Today, after seemingly endless foot-dragging that left it unclear if the TSA would ever comply with the court’s order (or would eventually be found in contempt of court for failing to do so), the TSA published its proposed rule in the Federal Register.

You have until June 24, 2013 to tell the TSA what you think of its proposal.

As Jim Harper of the Cato Institute points out, the proposed “rule” contains none of the (inadequate) limitations on the TSA’s virtual strip-search authority which were described in the TSA’s arguments to the Court of Appeals. (We’ll be talking with Jim and Ginger McCall of EPIC about this and related issues of “Travel Surveillance, Traveler Intrusion” at this lunchtime event at Cato in Washington next Tuesday, April 2nd.)

Rather than proposing a rule pursuant to which travelers would be entitled to opt out of the naked imaging (at the price of more intrusive groping of their genitals) , the TSA has proposed a rule in which, in addition to whatever else the TSA secretly defines as constituting “screening” in any particular case, all travelers are required, as a condition of travel by common carrier, to submit to virtual strip-searches whenever the TSA tells them to do so.

But that’s not the only glaring defect in the TSA’s Notice of Proposed Rulemaking. Read More

Jan 22 2013

TSA replaces “probable cause” with private profiling

The TSA has made explicit its intent to take the next logical but lawless step in the merger of (1) profiling of travelers and (2) privatization of judicial decision-making: outsourcing of decisions as to who should be subjected to what degree of intrusiveness of search to private contractors acting on the basis of commercial data.

The TSA already delegates on-the-spot “discretionary” decisions about searches (“screening”) to private contractors at airports like SFO, and relies for its profiling (“prescreening” and “no-fly”) decisions on commercial data contained in airline Passenger Name Records (PNRs).

Now a request for proposals quietly posted by the TSA early this month among the “Federal Business Opportunities” at FBO.gov, and spotted by the ACLU, gives notice that the TSA is considering “Third Party Prescreening” of travelers: TSA contractors would decide in advance (secretly, of course, on the basis of secret dossiers from private data aggregators) which travelers would be “invited” to proceed through the less-intrusive-search “Pre-Check” security lanes, and which would be subjected to “ordinary”, more intrusive groping of their bodies, opening of carry-on baggage and belongings, interrogation, etc.

In effect, “Third Party Prescreening”, as the concept is defined in the TSA notice to would-be contractors, would replace probable cause with private profiling as the basis for determining who among us would be legally obligated, as a condition of the exercise of Constitutional civil liberties and internationally recognized human rights, to submit to exactly what degree of intrusiveness of search of our persons and property.

The by-invitation-only TSA “Pre-Check” profiling scheme is already entirely arbitrary, as travelers have discovered when they have tried to find out how to obtain an invitation to the less-mistrusted-traveler club or why they haven’t been invited. “Don’t call us, we’ll call you” if we want to invite you, say airlines and the TSA.  There are no publicly-disclosed substantive or procedural standards for invitation or inclusion.

“Third Party Prescreening” would extend that arbitrariness to advance decisions that particular travelers must submit to heightened “screening” (or are not to be allowed to proceed through lighter screening, which amounts to the same thing) before they will be “allowed” to exercise their right to travel.

Such a particularized decision, in advance, conditioning travel by a specific traveler on submission to a specific type or degree of intrusiveness of search is not what was contemplated in judicial decisions upholding “administrative” searches at airports.   Rather, this is the sort of search that the Constitution demands be justified by probable cause, as articulated to and approved by a judge.

Private contractors are not judges. Fitting the profile, based on a secret commercial dossier, as determined by a secret algorithm, is not probable cause. No “Third Party Prescreening” could create a lawful basis for a search, or for interference with the right to travel of those who decline to submit to such a search.