Surveillance State – Page 28

Apr 21 2011

DHS can’t “opt out” of liability for violating the Privacy Act

The DHS can’t exempt itself from the civil remedies provided by the Privacy Act for people who are harmed by government violations of the law, according to a decision announced today by the 6th Circuit Court of Appeals in Cincinnati in the case of Shearson v. Department of Homeland Security.

The case was brought by Julia Shearson, Executive Director of the Cleveland chapter of the Council on American-Islamic Relations (CAIR). The incident that led to the case is described in today’s court opinion as follows:

Shearson and her four-year-old daughter, United States citizens by birth and Muslims, returned by car from a weekend in Canada at around 8:30 p.m. on January 8, 2006, via the Peace Bridge in the Buffalo, New York/Fort Erie area. On scanning their United States passports, the CBP computer flashed “ARMED AND DANGEROUS,” and CBP agents asked Shearson to turn over her car keys and step out of the car. Shearson was handcuffed, and, after several hours of questioning in the terminal, she and her daughter were released without explanation. As they left, Shearson inquired whether her vehicle had been searched and was told no search had been conducted. This proved to be false; Shearson’s vehicle had been searched and was damaged in the course of the search. After Shearson wrote several Ohio congressional representatives, who in turn contacted the CBP, the CBP advised the legislators that its agents had acted “in response to what later proved to be a false computer alert.”

The DHS admitted that they had improperly flagged her as a “suspected terrorist” in the (illegal) travel records system that later came to be known as the “Automated Targeting System,” but refused to say why or on the basis of what, if any evidence or allegation against her they did so. Five years later, she’s still trying to find out why — other than working for CAIR — she was labeled in ATS as a “suspected terrorist” to be arrested at gunpoint, separated from her child, and held in handcuffs.

Shearson brought suit against the DHS under the Privacy Act for, among other violations, improperly maintaining records of her religious and other activities protected by the First Amendment, failure to maintain accurate records, improper disclosure of the erroneous records about her, and refusal to show her their files about her. She filed and argued the case pro se for several years, although Gadeir Abbas (then a law student and now a staff attorney with CAIR) and David Wolfe Leopold (now the president of AILA, the American Immigration Lawyers), later assisted in the case, and attorney Kurt Hunt represented Ms. Shearson in the appeal to the 6th Circuit Court of Appeals.

In response to the lawsuit, CBP (U.S. Customs and Border Protection, a division of DHS), argued that they had exempted themselves from any liability related to ATS for under the provisions of the Privacy Act for civil remedies. Such overbroad self-exemption claims have been a common technique of the DHS to shield itself from acountability to the courts for its actions, even when they infringe citizens’ rights.

As Shearson’s attorney in the 6th Circuit appeal, Kurt Hunt, described the ruling, it means that, “A citizen can sue the government for breaching mandatory provisions of the Privacy Act (for example: improperly maintaining records of First Amendment activity), and the government cannot simply pass a rule to ‘exempt’ itself from potential civil liability for violating those mandatory provisions. In short, it makes it possible for a citizen to actually enforce the Privacy Act in a civil action.”

Hunt notes that, “The circuits are currently split about this question, and the split appears to be widening. Because this was the first 6th Circuit decision to address civil remedies exemptions, today’s ruling will have national implications. We hope the Sixth Circuit’s decision will be the start of a trend of decisions putting the “teeth” back into the Privacy Act.”

Now that DHS’s attempt at self-exemption has been overturned by the Court of Appeals, Shearson’s case has now been remanded for further action on her claims for violation of the Privacy Act and her rights.

We don’t yet know whether similar claims of total self-exemption from liability to civil remedies will be asserted by CBP in our own case, Hasbrouck v. CBP, which so far as we know is the only other case to have been brought under the Privacy Act and related to Automated Targeting System records.

Mar 18 2011

State Dept. proposes “Biographical Questionnaire” for passport applicants

The U.S. Department of State is proposing a new Biographical Questionnaire for passport applicants. The proposed new Form DS-5513 asks for all addresses since birth; lifetime employment history including employers’ and supervisors names, addresses, and telephone numbers; personal details of all siblings; mother’s address one year prior to your birth; any “religious ceremony” around the time of birth; and a variety of other information. According to the proposed form, “failure to provide the information requested may result in … the denial of your U.S. passport application.”

The State Department estimated that the average respondent would be able to compile all this information in just 45 minutes, which is obviously absurd given the amount of research that is likely to be required to even attempt to complete the form.

The proposed “Biographical Questionnaire” follows the introduction in December 2010 of a new Form DS-11 for all passport applicants. It seems likely that only some, not all, applicants will be required to fill out the new questionnaire, but no criteria have been made public for determining who will be subjected to these additional new written interrogatories.

It’s not clear from the supporting statement, statement of legal authorities, or regulatory assessment submitted by the State Department to the Office of Management and Budget (OMB) why declining to discuss one’s siblings or to provide the phone number of your first supervisor when you were a teenager working at McDonalds would be a legitimate basis for denial of a passport to a U.S. citizen.

The State Department is accepting comments for OMB on this proposal on this proposal for 60 days, which began February 24, 2011, and thus should run through April 25, 2011. (Under the Paperwork Reduction Act, OMB must approve and assign an OMB control number before any new form can be used.) Details and instructions for submitting comments are in the Federal Register notice (also available here as a PDF):

You may submit comments by any of the following methods:

E-mail: GarciaAA@state.gov
Mail (paper, disk, or CD-ROM submissions): Alexys Garcia, U.S. Department of State, 2100 Pennsylvania Ave., NW., Room 3031, Washington, DC 20037
Fax: 202-736-9202
Hand Delivery or Courier: Alexys Garcia, U.S. Department of State, 2100 Pennsylvania Ave., NW., Room 3031, Washington, DC 20037

You must include the DS form number [DS-5513], information collection title [Biographical Questionnaire for U.S. Passport], and OMB control number [none yet assigned; 1405-XXXX requested by Dept. of State] in any correspondence.

Alternatively, you can submit comments online at Regulations.gov until midnight EDT on Monday, April 25, 2011. Go here, then click the “Submit a Comment” button at the upper right of the page.

(Note that the proposed form itself was not published in the Federal Register. We were eventually provided with a copy after requesting it from the Department of State, and have posted it here.)

We’ve submitted comments, and we encourage others to do so as well.

Our comments (PDF) were co-signed by the Center for Financial Privacy and Human Rights (CFPHR), Knowledge Ecology International (KEI), Center for Media and Democracy (CMD), Privacy Activism, Consumer Travel Alliance (CTA), Robert Ellis Smith, and John Gilmore. If you would like to use these for ideas for comments of your own, here’s a version in OpenOffice format for easier editing.

You can view the comments docketed to date here. (There’s sometimes a delay of up to several days before comments are docketed, so don’t panic if you don’t see yours immediately.)

Extra points to the person who gives the best answer in the comments to the question, “”Please describe the circumstances of your birth including the names (as well as address and phone number, if available) of persons present or in attendance at your birth.”

[P.S. – To those who have been wondering if this is a hoax: We understand that it may seem fishy that the State Department chose to publish a notice in the Federal Register that it was proposing a new form, but didn’t publish the proposed form itself in the Federal Register. But that was their choice of how to proceed, not ours. We were sent the proposed Form DS-5513 in March, in response to our request, by the person identified in the Federal Register notice as the point of contact from whom it could be obtained: Alexys Garcia, GarciaAA@state.gov, 212-736-9216. We immediately published the form we received from the State Department here on our website. There’s more at the links in the sidebar on who we are and how to contact us, as well as links to press reports on our previous work and current projects. You can also check out the other co-signers of the comments we submitted to the State Department. We’re for real, and so is this proposal from the State Department. We wish this were a hoax, but it’s not.]

[Follow-up: Public outrage at proposed questionnaire for passport applicants]

[Follow-up: State Dept. already using illegal passport questionnaire]

[Follow-up: State Dept. responds to passport form furor — with lies]

Feb 25 2011

Feds got NY Times reporter’s PNR data in search for his sources

Politico.com reported yesterday that Federal investigators obtained “certain travel records” of New York Times reporter and author James Risen, as part of their attempt to identify Risen’s confidential sources. According to Politico.com:

The scope and intrusiveness of the government’s efforts to uncover reporter James Risen’s sources surfaced Thursday in the criminal case of Jeffrey Sterling, a former CIA officer facing federal criminal charges for allegedly disclosing classified information [to] Risen… In a motion filed in federal court in Alexandria [VA], Sterling’s defense lawyers .. reveal that the prosecution … “has produced … Mr. Risen’s credit card and bank records and certain records of his airline travel.” [emphasis added]

What were these “certain records” of Mr. Risen’s air travel? How did the Feds obtain them? And how were they used? Read More →

Feb 16 2011

“British man marooned in Canada because of U.S. no-fly list”

Highlighting what will happen — and already is happening — when other countries follow the bad example of the USA in restricting freedom of movement, the Canadian Press news service reported last night on the situation of, “A British man … stranded in Canada after being denied permission to fly home because he’s on the U.S. no-fly list”:

Dawood Hepplewhite of Sheffield, England, turned up at Pearson Airport in Toronto on Sunday only to be told by an Air Transat official he couldn’t board the plane…

Hepplewhite, 30, divides his time between Sheffield and Toronto, where his Canadian wife Farhia and their three children reside. All five were planning to head back to England for an extended stay.

Hepplewhite says Air Canada and British Airways also refused to let him fly to England on Monday…

Hepplewhite says he’s no security threat, but suspects he is on the no-fly list because he’s a white Muslim and attended a job interview in Yemen — considered a hotbed of terrorism — for a position teaching English a few years ago.

“And when I came back to England I got pulled aside by the police.”

But Hepplewhite abandoned any idea of working in the Middle-Eastern country and has been to Canada several times since that incident.

It’s not clear what will happen next, but, “Hepplewhite’s visa allowing him to stay in Canada expires on April 29.” If he overstays his visa, Canadian law would provide for him eventually to be deported from Canada to the country of his citizenship, the U.K. By air. At the expense of the airline that brought him to Canada — the same airline that is now refusing to allow him to use his paid ticket for just such a flight home before his visa expires.

Who gave the no-fly order? And how did they know Mr. Hepplewhite planned to be on that plane? According to the Canadian Press story:

A bill currently before Parliament would allow airlines to share passenger information required by the U.S. Secure Flight program….

But both Canada and the U.S. say there is no statutory requirement — at least not yet — to provide passenger information for such flights, and Air Canada says it is not doing so….

When asked recently about use of the U.S. list, Air Canada spokesman Peter Fitzpatrick said “we comply with all applicable laws and regulations wherever we operate, and that includes those in the U.S.”

Whatever is happening, it certainly isn’t complying with Canadian law (which requires airlines to operate as common carriers, and protects against arbitrary denial of fundamental rights) or international treaty law by which Canada is bound (which guarantees the right to return to the country of one’s citizenship). And there’s no claim that the U.S. would have had any jurisdiction over Mr. Hepplewhite’s YYZ-LHR flight, since unlike unlike some flights to and from Canada, such as Montreal-Paris flights that sometimes pass over part of Maine, it wouldn’t have passed through U.S. airspace.

So there’s really no question that there was no basis for any valid U.S. no-fly order.

But it’s unclear whether:

The Canadian government (illegally and extrajudicially, in violation of its treaty obligations under Article 12 of the ICCPR) ordered all airlines serving Canada not to transport people with names matching those on the U.S. no-fly list in general, or Mr. Hepplewhite in particular, perhaps without even seeing the evidence, if any, forming the basis for this U.S. request for a Canadian government order; or
The airlines (illegally, in violation of Canada’s basic privacy law, PIPEDA) allowed passenger passenger information to be accessed by the U.S. government, or by CRSs or other intermediaries who did so, and (illegally, in violation of their licenses to operate as common carriers) denied transportation to those the U.S. requested not be transported or (more likely, given the change in the U.S. default to, “No”) those with respect to whom the U.S. didn’t send back an affirmative “Cleared” message.

Which of these happened, and how, is an appropriate question for inquiry both by the Canadian Parliament and by the Privacy Commissioners of Canada and of Ontario.

It might be true, in the narrowest sense, that Air Canada does not directly “provide passenger information” to the U.S. government for flights that don’t touch U.S. airspace. But as the treatment of Mr. Hepplewhite shows, the U.S. government has access to such data, either or both because (a) airlines serving Canada have given the U.S. government “root” access to their reservation systems, not restricted to flights to, from, or overflying the U.S., and/or (b) the U.S. government has similar root access to the Computerized Reservation Systems/Global Distribution Systems (CRSs/GDSs) based in the U.S., to which most travel agencies and tour operators in Canada outsource (illegally, in flagrant violation of PIPEDA, without notice to or consent of travelers and in the absence of any U.S. privacy law governing CRSs) the storage of their reservations and agency customer/traveler profiles.

We’ve talked about both these problems before, in testimony to both the Canadian and European Parliaments, and they picked up on in a recent letter to the European Commission (see the top of p. 2) from the “Article 29 Working Party” of EU national data protection authorities. It remains to be seen how they will be dealt with in Canada, and how this will affect other countries’ willingness to join the U.S. war on freedom of travel through PNR and identity-based surveillance and control.

[Update from the Toronto Star: “James Mortimer, a spokesman for the British Foreign and Commonwealth Office in London, England, told the Star he is looking into the matter.”]

[Update from the Canadian Press: “British man on U.S. no-fly list gets ‘one-time offer’ to fly to Glasgow…. An Englishman left stranded in Canada because he’s on the U.S. no-fly list is headed home — sort of. Dawood Hepplewhite says a British consular official called with a ‘one-time offer’ from Air Transat to fly with his wife and children to Glasgow, Scotland, on Wednesday night as a ‘goodwill gesture.'”]

Jan 10 2011

Interviews with Antiwar.com and KPFK radio

We were interviewed Friday on Scott Horton’s “Antiwar Radio” podcast on Antiwar.com and on KPFK Pacifica Radio in Los Angeles (play stream) (download).

The two half-hour interviews cover much of the same ground. We recommend the one on Antiwar.com.

Here are some links for more information about things we mentioned on the show:

Gulet Mohamed and the right to leave or return to one’s country
The right to freedom of movement in international law
The case of Phil Mocek and the TSA
Our lawsuit against the Department of Homeland Security for its records about our travels
How to request your own travel records
What’s in a Passenger Name Record (PNR)?
PNR-based air travel permission and control systems:
- International flights to, from, via, or overflying the USA (APIS)
- Domestic US flights (Secure Flight)
US internationalization of travel surveillance and control:
- European Union
- Canada
- Pakistan (and worldwide)
- Worldwide through ICAO (more here and here; our experience with ICAO here)

Jan 08 2011

Tidbits from the TSA show “screening” being used as illegal general criminal dragnet, not for aviation security

The TSA has reviewed 929 pages of policies we requested, and released one page of them and parts of 12 other pages. All the rest are still being kept secret. But even those tidbits show that the TSA is exceeding its legal authority.

The TSA continues to drag its feet in responding to our outstanding Freedom Of Information Act (FOIA) requests for the policies and procedures that they expect travelers to comply with. When the TSA answers our requests at all, the answer is mostly, “No.”

Case in point: The letter we just received from the TSA, dated December 15, 2010, in response to the FOIA request we sent on December 9, 2009. The TSA took more than a year to answer, even though it is required to release records requested under FOIA within at most 30 business days.

We asked for various TSA policy documents whose existence was revealed when the TSA posted a copy of its “Screening Management Standard Operating Procedures” (SOP) on a public government website. (We are currently appealing their refusal to release the current SOPs.)

One of the few excerpts the TSA chose to release was the “TDC Referral Form” (see page 16) used by “travel document checkers” for reporting travelers they have “referred” for further action such as a ordering them to submit to a more intrusive search or interrogation, summoning local law enforcement officers, etc. Although courts have upheld administrative searches at airports only when they are limited to the detection of weapons, explosives, or other threats to aviation, neither “suspected terrorism” nor any other “threat to aviation security” appears in the TSA’s menu of reasons for arrest:

Suspect documents
Outstanding warrant
Suspect drugs
Undeclared currency
Illegal Alien
Other

On its face, this document makes clear that TSA “screening” is being used primarily for purposes that are outside the TSA’s legal authority, as a general screening dragnet for illegal drugs and other crimes and not for the limited purpose of aviation safety or security.

And this is true specifically of the travel document checks, not just of TSA screening in general.

The form also says that, “No personally identifiable information is permitted in this database,” even though the form includes drivers license, passport, government ID, military ID, and visa numbers. Presumably, this is an attempt to evade having the Privacy Act applied to these referral reports.

Bizarrely, the TSA withheld the policies that relate directly to the obligations of travelers as pertaining primarily to internal TSA procedures, while posting those policies that actually are primarily internal, and directed at TSA staff and contractors rather than the public, on a new page on the TSA website.

Perhaps the most interesting of these, in light of the TSA’s past actions, is the policy on issuance and use of administrative subpoenas such as those the TSA served on bloggers and journalists to try to find the sources of their stories about other leaked TSA policies. The version now posted was reviewed in October, 2010, after the TSA had withdrawn those subpoenas to bloggers and journalists. but it’s unclear whether any changes were made to the policy. The TSA policy still contains no mention of the Federal law which restricts searches of journalists’ work products and other material, or any specific policies for subpoenas against journalists. That’s especially odd in light of the fact that the relevant law, 42 U.S.C. 2000aa, also applies to searches at TSA checkpoints (and, except to the extent such searches are conducted solely to enforce customs laws and not immigration or other laws, to CBP searches at border crossings and international air and seaports).

Jan 07 2011

US wants access to PNRs of all travelers to and from Pakistan

The US government has sought access to all Passenger Name Record (PNR) of air travelers between Pakistan and the rest of the world, according to a report in the local Express Tribune newspaper based on interviews with anonymous officials in Pakistan’s Foreign Office:

The proposed plan also includes the deployment of US homeland security officials at Pakistan’s airports for enhanced scrutiny of passengers travelling to America.

“Initially, they had asked for the record of all passengers travelling outside Pakistan,” the official was quoted as saying. “We resisted that idea and now they are asking for the record of passengers who travel to the US from Pakistan.”

…[A]nother official, who is privy to the discussions between the two countries on the issue…. said the US believes that the step would ensure Pakistani passengers have a “trouble-free” journey.

“But we believe this idea is highly intrusive,” the official said.

Pakistani citizens have been systematically harassed by the DHS since its creations, at borders and airports and through the “special registration” program for citizens of selected countries, which affected more Pakistanis than citizens of any other country. So the idea that any Pakistani is likely to have a “trouble-free” trip to the US any time soon is a sick joke.

What’s more significant about this US request is that it shows the lack of any limits on US claims to extra-territorial (and extra-judicial) authority to monitor, record, and control all worldwide air travel, regardless of whether it involves US citizens, US-flag aircraft, US airports, or US airspace — and the centrality of PNR access rules to the US quest for global hegemony over travel permissions.

Jan 06 2011

DHS says they should get our PNR data, but we shouldn’t

Secretary of Homeland Security Napolitano is in Brussels today, lobbying the European Union to allow the DHS to access airline reservation Passenger Name Record (PNR) data on the same day that DHS lawyers will be facing us in court in San Francisco to argue that nobody — not even US citizens — should have the right to access their own PNR data held by DHS.

Napolitano is reportedly stopping in Brussels on her way back from Israel, where she “visited Ben Gurion International Airport to meet with airport officials to discuss ways both nations are enhancing global aviation security while streamlining legitimate travel and trade,” i.e. expanding the use of Israeli-style ethnic profiling and discrimination at US airports. According to one report on Napolitano’s trip, that’s one of the outcomes of the ongoing DHS policy laundering through ICAO:

Following the attempted terrorist attack on a Detroit bound airliner on Dec. 25, 2009, the Department of Homeland Security worked with the International Civil Aviation Organization (ICAO) and international partners including the Israeli government, as well as the private sector on a global initiative to strengthen the international aviation system against the evolving threats posed by terrorists.

Following five regional aviation summits across five continents, 190 countries adopted a historic Declaration on Aviation Security at the ICAO Triennial Assembly in October, forging a historic new foundation for aviation security.

In response to our lawsuit, US Customs and Border protection (the division of DHS that keeps PNR dossiers and other international travel records) has claimed that our initial request wasn’t signed or dated, that it didn’t include a declaration attesting to the requester’s identity and authorizing release of his records to our attorney, that they didn’t receive our administrative appeal, and that they didn’t learn of the existence of our 2007 appeal until February 2009, even though they signed a postal receipt for it in 2007 and we queried them repeatedly as to its status and called it to their attention in a formal filing with them (see page 5) in August 2008.

DHS is also claiming in response to our lawsuit that there are no logs showing what queries were made to search for or retrieve our PNR and other data, despite the repeated claims in their Privacy Impact Assessments that all such access is logged. See, for example, page 13 of the PIA for ATS (the system of records that includes PNRs) “ATS retains audit logs for all user access,” and page 16 of the PIA for TECS (one of the other systems of travel records), “Extensive audit logs are maintained showing who has accessed records and what changes, if any, were made to the records.”

We don’t yet know why DHS has lied about the facts and contradicted their prior claims. But they have more reasons to do so than simple incompetence or disorganization. And this is part of a pattern that isn’t limited to the particular Privacy Act and FOIA requests at issue in this case. We’ve had consistent difficulty in getting our requests and complaints acknowledged and docketed.

Why?

Dec 21 2010

CBP’s answer to our lawsuit: Deny everything, and claim that nobody has any rights

[Where has your PNR data gone? (click image for larger version or here for details)]

The U.S. government has filed its initial answer to our lawsuit against U.S. Customs and Border Protection (CBP) for illegally withholding records of its travel surveillance system, and an initial procedural hearing in the case has been scheduled for Thursday, January 6, 2011, at 10 a.m. in San Francisco.

But if the government’s claims are true, the implications of some of them are shocking. In particular, they claim that, “Plaintiff was provided all documents that he is entitled to by law,” even though — like everyone else who has requested their records from the “Automated Targeting System” (ATS) — we have never received anything that was even claimed to be in response to my request for the “accounting of disclosures” required by the Privacy Act. Nor did we receive anything which was even claimed to be the “risk assessments” made of me, or the rules for determining those risk assessments, both of which were mentioned in CBP’s years-belated official notice of the contents of the ATS.

In other words, the government is claiming in answer to our lawsuit that nobody — not even U.S. citizens — has any legal entitlement to know what other government agencies or third parties have received their travel records including PNR’s from CBP, what “risk” scores (used to decide whether to allow us to fly, or how to treat us) have been assigned to us, or how those scores have been generated.

So much for any pretense of transparency, accountability, or access rights. Nobody has any right to know who has gotten our PNRs, or how they are being used against us.

Dec 01 2010

Testimony to the Canadian Parliament on US access to travel data

Edward Hasbrouck of the Identity Project testified yesterday on behalf of the Liberty Coalition at a hearing before the Canadian House of Commons’ Standing Committee on Transport, Infrastructure and Communities on Bill C-42, which — as we’ve discussed previously — would override Canada’s “Personal Information Protection and Electronic Documents Act” (PIPEDA) to permit airlines to give personal information about passengers to the government of any country whose airspace a flight would pass through, even if it didn’t land in that country.

Bill C-42 was proposed by the government, but is being opposed by some within Parliament as well as civil liberties and human rights activists and (along with the US Secure Flight scheme) by the Office of the Privacy Commissioner of Canada.

The English-language audio archive of the hearing is here; the complete transcript is here. Mr. Hasbrouck’s introductory statement is from 24:45 to 35:15 of the audio stream; he was also questioned extensively by the members of the Committee.

Because of the Thanksgiving holiday in the US, the invitation to testify arrived too late for the requisite translation into French of any written notes or supporting documents. For more background on the information architecture and cross-border data flows of the airline industry, see the slides from Mr. Hasbrouck’s more detailed testimony on related issues earlier this year at the European Parliament in Brussels.

Here’s the transcript of our introductory statement:

Read More →

Papers, Please!

The Identity Project