Papers, Please!

The Identity Project

Category Archives: Surveillance State

Mar 27 2010

Second TSA nominee withdraws

Robert A. Harding, President Obama’s second nominee to head the TSA, has become the second such nominee to withdraw himself from consideration in response to questions about the ethics of his previous activities.

Earlier, Erroll Southers withdrew himself as nominee for TSA Administrator after it became public that he had abused his connections and access to police databases to try to dig up dirt on his ex-wife’s new lover.

After he retired from the U.S. Army as a Major General, Harding founded a company that provided services under contract to the his former buddies in the military, DHS, and TSA, in the typical revolving-door fashion of the military-industrial complex.

There are conflicting reports in separate articles in the Washington Post today about Harding’s withdrawal.

One story suggests that it was related to his successful claim to qualify for preferential treatment in applying for military and government contracts as a “”service disabled veteran” on account of sleep apnea, a serious ailment but one not considered likely to be related to a military desk job.

A second story points to questions about possible over-billing for services rendered by Harding’s company in providing “interrogators assigned to Iraqi prisons”.

Without knowing anything about whether any of these allegations are true, we’re glad that the TSA won’t be handed over to a “leader” whose model for Israeli-style “engagement” and questioning of citizens is the sort of interrogation practiced in Iraqi prisons, even down to compelling citizens, when questioned by airline staff or travel agents or while under detention at airports like SFO where “screening” has been outsourced, to answer questions from private contractors rather than actual law enforcement officers.

Mar 27 2010

Heathrow body scanner operator: “‘I love those gigantic tits”

Even as the TSA continues to claim that virtual strip-search machines (body scanners, “whole body imaging”, or in the latest TSA euphemism “advanced imaging technology”)  at airport and other checkpoints don’t reveal excessively intimate physical detail of subjects’ bodies, and that the images can’t be captured, and less than two months after similar scanners were introduced in the UK, a screener at Heathrow Airport in London was spotted taking a photo of a scanner image and overheard talking about the detail it revealed of the woman’s breasts.

I’m sure you’ll all be reassured to hear that the screener has been “warned” by the police and might be (but hasn’t yet been) fired.

Ironically, the screener was caught only because his victim was a fellow airport worker.  An ordinary traveler probably wouldn’t have been in position to see or overhear what had happened, or have realized what it meant.

The TSA says that the capability to store and transmit images, which the TSA has required to be built into the scanners, is “disabled” on the scanners when they are in use.  But the TSA has declined to comment on whether these TSA-required features are disabled in hardware or software, what would be needed to re-enable them, who is authorized to re-enable them, or how those authorizations are carried out or controlled.

Mar 19 2010

Obama endorses DNA database, considers biometric national ID

Yesterday President Obama met again with Senators Chuck Schumer (D-NY) and Lindsey Graham (R-SC), the sponsors of the “immigration reform” bill we reported on yesterday, which has as its first “pillar” a mandatory biometric national worker ID card.  In conjunction with his meeting with the Senate sponsors of this scheme, President Obama issued a statement which didn’t mention the national ID card specifically, but praised the overall proposal as “a promising, bipartisan framework which can and should be the basis for moving forward.”

Meanwhile, President Obama has strongly and explicitly endorsed mandatory DNA sampling of everyone arrested (not convicted, arrested — people who are presumed to be innocent) and retention of DNA records in a national database. “It’s the right thing to do… This is where the national registry becomes so important,” the President said [transcript] in an on-camera interview.  We hope he reconsiders, and that his views on a national DNA database aren’t an indication of his leanings on a national biometric ID card.

Whichever way they are leaning now, the President and the Senate need to hear from the public, right away, what you think of these ideas — and that you won’t go along with unconstitutional restrictions on your rights.

Mar 12 2010

Airlines, travel agencies, Congress join public outcry against passport fees

We don’t think it’s fair or legal for the government to charge you a fee to exercise your rights under the First Amendment and international human rights treaties to enter or leave the USA.  Those rights are all but absolute, and rules that restrict or burden them, such as by imposing fees, are subject to strict scrutiny.

Judging from the response to the government’s latest proposal to increase passport fees (in order to cover the increased costs of including a uniquely-numbered remotely-readable RFID chip in each passport), we aren’t alone in our views.

More than a thousand people filed comments with the Department of State by yesterday’s deadline to oppose the proposed passport fee increases.  In addition to the comments filed by individual citizens and travelers and by the Identity Project, Consumer Travel Alliance, and Center for Financial Privacy and Human Rights, comments objecting to the proposed fee increases were filed by United Airlines, the American Society of Travel Agents, and the Interactive Travel Services Association.  United Airlines told the State Department, as we did, that the proposed rules would violate the Administrative Procedure Act, and demanded that the Department reveal the cost analysis that they claim supports the fee increases and extend the comment period for responses to it before finalizing any fee increase. ASTA (which represents brick-and-mortar travel agencies) and ITSA (which represents online travel agencies), have generally been at each other’s throats; we’re not sure we’ve ever seen them file joint comments in a Federal rulemaking.  The overall picture painted by the industry comments is of the extent to which the proposed fee increases would, in fact, impose a meaningful burden on international travel.

Members of Congress, particularly from border districts, have also objected, with Rep. Chris Lee of New York writing to Secretary of State Clinton that the fee increase would “further burden American travelers,” and fellow Rep. Brian Higgins, also from upstate New York (along the busiest sector of the Canadian border), issuing a statement that, “Creating financial barriers to the international traffic flow will cost our national economy and this community greatly in the long run.”

According to its filing, “Given its questions, and the importance of access to fairly priced travel documents to support international travel, United has sought a copy of or further details on the CoSS [Cost of Service Study] on March 9, 2010. United was advised that the CoSS is not a study or a report, but rather a model which the Department plans to demonstrate during a public meeting sometime in April or May of 2010.”

We’ll keep you posted of any announcement we hear of an extension of the comment period or a public hearing on the proposal to raise passport fees to pay for RFID chips in passports.

Mar 08 2010

Military spymaster to be nominated for head of the TSA

Testing the waters yesterday, White House sources leaked to Reuters and the Associated Press that President Obama plans to nominate retired Army Major General Robert A. Harding to be the Administrator of the TSA.

Harding’s 30-year career as an army officer was spent moving up through the military “intelligence” ranks, culminating as “DoD’s senior HUMINT [human intelligence] officer.”  In other words, he was the U.S. military’s most senior spymaster. Following his retirement out the military-industrial revolving door (through which he would return if confirmed to head the TSA), he double-dipped by founding a military consulting and contracting company which he sold last year to private equity investors. “Harding Security Associates provides identity intelligence and other security services to the federal government, including doing work for the Department of Defense’s biometric-identification analysis and forensics.”

Many of the TSA’s practical problems and abuses of civil liberties have involved schemes like CAPPS-II (later Secure Flight) that were dreamed up by the NSA and other military intelligence agencies and “experts” unaccustomed to operating within the civilian, domestic U.S. legal regime and ignorant of transportation industry technical infrastructure and business practices. Harding’s autobiography gives no indication that he has any experience whatsoever with civilian or domestic civil liberties, with legal constraints on “intelligence gathering” (spying and surveillance) on civilians or U.S. persons or within the U.S., or with the transportation industry.

If Harding is nominated to head the TSA, his military background and lack of any track record on civilian civil liberties makes it especially critical for Senators to question him closely (we have some suggestions to start that questioning) about his views on the fundamental civil liberties and human rights issues facing the TSA, before any confirmation vote, and to resist any calls for an abbreviated or rushed review of his suitability for the position.

Feb 25 2010

DHS accomplices face legal liability

The most recently filed lawsuit to result from detention of a would-be traveler at a TSA checkpoint highlights an interesting pattern:

While Federal departments themselves, and their agents in their official capacities, have thus far largely escaped legal liability for interference with travelers’ rights, multiple lawsuits against individuals who have enforced secret DHS directives — including DHS officers in their individual capacities as well as city, state, and tribal police acting as their accomplices and/or at their behest — are moving forward.  Yet at the same time, the DHS continues to use local law enforcement officers to carry out its secret orders, and has in some cases revealed policies directing DHS agents to take a literal “hands-off” attitude themselves, even while calling in local police to enforce what are at root (illegal) Federal orders.

Here’s a round-up of some pending cases across the country, leading up to the latest, with apologies for the sometimes tortured procedural histories which tend to characterize such cases and obscure the real issues: Read More

Feb 23 2010

DHS using ICAO again for policy laundering

News reports about recent diplomatic initiatives by the US Department of Homeland Security suggest that the DHS may once again be using the International Civil Aviation Organization (ICAO) as a vehicle for policy laundering.

In the past, ICAO has been the focus of attention for its role in the imposition of RFID passports and the associated systems of automated monitoring and control of international travel.

Now, the DHS appears to be trying to use ICAO as the vehicle through which to impose its ideas of passenger searching (virtual strip-search machines) and passenger surveillance (pre-flight government access to PNR data and its use in conjunction with identity-linked travel histories and personal profiles for control of who is allowed to fly)  as global norms.

Secretary of Homeland Security Napolitano, accompanied by Asst. Secretary for Policy David Heyman (successor to former NSA and DHS attorney Stewart Baker), has been barnstorming the globe in pursuit of this agenda over the last month.  She met with ICAO officials and their airline industry partners at IATA in Geneva, attended a regional European ministerial meeting on aviation security in Spain which issued a joint statement agreeing to “Promote international co-ordination … through ICAO”, followed by a regional ICAO meeting in Mexico for the Americas and the Caribbean (attended by ICAO’s Secretary General) which declared participating goverments’ commitment to “systematically collaborate within ICAO… with a view to convene both international expert and intergovernmental meetings to agree upon actions in the following fields:”

  • Broaden existing cooperation mechanisms among our countries and with other parties to the Chicago Convention, and the civil aviation industry, for information exchange …
  • Share best practices in a range of areas related to civil aviation, such as … screening and inspection techniques, airport security, behavioral detection, passenger targeting analysis…
  • Utilize modern technologies to detect prohibited materials and to prevent the carriage of such materials on board aircraft.
  • Transmit in a timely manner passengers’ information prior to takeoff to effectively support screening … as well as develop and improve compatible systems for the collection and use of advance passenger information (API) and passenger name record (PNR) information.

In a detailed video news release, Napolitano herself described this as “an unprecedented international initiative” centered on “a series of regional meetings around the globe facilitated by ICAO”:

There were four broad areas for discussion: Information sharing, passenger vetting, technology, and international standards…. Look for announcement in each of these four areas in the weeks ahead.

The agenda and the forum could not be more clear: Unless defenders of civil liberties and human rights mobilize effective opposition, the goal of the US and the DHS is for ICAO to put forward “international standards”, effectuated by national laws on “compliance with standards”, which will mandate virtual strip-search machines (“modern technology”), worldwide government access to PNR data, and government “vetting” (identity-based and permission-based control) of international air travelers.  That is perfectly in line with the 10-year plan of ICAO’s working group on Machine-Readable Travel Documents (MRTD), “MRTD Vision 2020,” as laid out in the latest ICAO MRTD Report.

ICAO is a UN-affiliated intergovernmental organizing most of whose decisions are made in invitation-only working groups. The interests of citizens are supposed to be represented in ICAO decision-making by their national governments, but national delegations to ICAO are invariably drawn from security, surveillance, law enforcement, and aviation regulatory agencies, and have never included representatives of data protection, civil liberties, or human rights authorities.

In effect, ICAO’s decisions reflect the desires of the world’s police.  By enacting national laws requiring “compliance” with ICAO “standards”, national governments can effectively outsource national law-making to those police, while justifying repressive measures (which their own representatives have proposed and championed at ICAO) as being the reult of an extenral, international mandate for which they aren’t responsible. Policy laundering.

ICAO’s importance to the DHS (and its counterparts in Europe and elsewhere) is heightened by the likelihood that, in the wake of the precedent set by its rejection of the SWIFT agreement on financial transaction data sharing with the US government, the European Parliament will reject the similar PNR agreement for travel transaction data sharing with the US government. The DHS had been pressuring the Europarl to fast-track approval of the PNR agreement. With the writing on the wall that the PNR agreement is headed for defeat in the Europarl, the DHS is already making it clear that ICAO standards are their back-door “Plan B” for how to impose a global PNR and identity-based travel sureveillance and control regime.  They are losing in Brussels, so they are trying to shift to more “Big Brother friendly” ICAO forums in Geneva and Montreal.

ICAO draws on invited technical experts from the aviation industry, but unfortunately their interests in surveillance for commercial purposes coincide with those of the police in the same surveillance for political purposes. Airlines and other travel companies are happy to help governments monitor travelers, as long as they get get paid for collecting the data and are allowed to use it themselves too. We’ve heard them tell ICAO so in so many words.

ICAO’s dual secretariats in Montreal and Geneva, and its process in which most decisions have effectively been made before they are presented to rubber-stamp plenaries, makes effective civil society participation difficult without long-term commitment and international cooperation.  A useful model is provided by environmental activists, who have formed a single-issue international NGO coalition for the sole purpose of obtaining accreditation and observer status with ICAO. Despite previous joint appeals to ICAO by an ad hoc international civil liberties coalition, human rights groups haven’t yet formalized their coalition or sought observer status with ICAO, and have had no presence at ICAO meetings or working groups.

If you are interested in working with the Identity Project to get our voices heard at ICAO, please get in touch — before its too late.

Feb 19 2010

Travelport becomes first CRS to claim it complies with EU privacy law

This week Travelport — the holding company that owns two of the big four Computerized Reservation Systems (CRSs) or Global Distribution Systems (GDSs) — announced that it has “certified” that it complies with “Safe Harbor” privacy and data protection principles for companies that want to be eligible to receive transfers to the US of personal data collected in the EU or Switzerland.

As travel industry technology news site Tnooz reports, quoting Identity Project consultant Edward Hasbrouck:

Travelport’s headline on its press release about the issue, “Travelport is First GDS Provider to be Safe Harbor Certified,’ may be true, but can easily be misconstrued because Safe Harbor is a self-certification process.

Privacy expert Edward Hasbrouck, who has written extensively about the issue, notes that what Travelport’s Safe Harbor designation “means is that Travelport has made a formal claim … that Travelport complies with certain Safe Harbor principles. That claim has not been vetted, audited or verified by anyone.”…

“None of the GDS companies comply with EU data protection law, or have made any effort even to pay lip service to it until now,” Hasbrouck says. … Read More

Feb 11 2010

European Parliament rejects deal for US access to SWIFT financial data. Next on the agenda: PNR deal for access to travel data

Today the European Parliament voted 378 to 196 to reject an “agreement” negotiated between the Council of the European Union and the US Department of Homeland Security which would have created a new extrajudicial basis for the DHS to obtain records of bank transfers and payments made via the Society for Worldwide Interbank Financial Telecommunication (SWIFT).

Understanding today’s EP vote and its significance requires first an explanation of the EU decision-making process for US readers, and then an explanation of some of the parallels between SWIFT and US-based Computerized Reservation Systems (CRSs):

Read More

Feb 08 2010

DHS exempts dossiers used for “targeting” from the Privacy Act

In a final rule published last week at 75 Federal Register 5487-5481, the Customs and Border Protection (CBP) division of the Department of Homeland Security has exempted most of the data used by the illegal “Automated Targeting System – Passenger” (ATS-P) from the various requirements of the Privacy Act that information used to make decisions about individuals must be accessible to them on request, accurate, relevant, collected directly from the data subjects whenever possible, and so forth.

The proposal to exempt ATS records from the Privacy Act has been pending for more than two years. In the final rule, the Obama administration adopts, with no changes whatsoever, all of the exemptions proposed by the DHS under the previous administration.  The analysis accompanying the final rule acknowledges, but dismisses more or less out of hand, our comments from two years ago objecting to the proposed exemptions as illegal.  (These followed two sets of comments we filed in 2006, when the ATS itself was first disclosed, objecting to the entire system as illegal.)

On the same day last week, the DHS published a separate final rule similarly exempting from the Privacy Act portions of the “Border Crossing Information” (BCI) system, a log of each person’s entries to and exits from the U.S. which was first disclosed as a part of ATS before being declared a separate system of records. The final BCI exemption rule similarly adopted all of the proposals the previous administration has proposed in 2008, and dismissed our objections to its illegality out of hand.

You can still request your own ATS and other travel records from the DHS.  Even if the newly-promulgated exemptions are upheld, they leave you entitled to substantial portions of your ATS dossier.  We are continuing to pursue our own pending Privacy Act requests and appeals, some of which are themselves more than two years old and all of which were made before the new exemptions were finalized and thus are not subject to the “exemptions”.

The Privacy Act gives agencies the authority to exempt certain types of information, by rulemaking, from certain of the requirements of the Privacy Act.  The rules published last week are, however, the first time that the DHS has attempted to  exercise this authority with request to ATS records.

In the meantime, the CBP has simply ignored the Privacy Act and its lack of exemptions entirely: Every response we have seen to a request pursuant to the Privacy Act for PNR or other ATS data has been processed by the CBP under the Freedom of Information Act (FOIA) instead of the Privacy Act.  Information exempt from disclosure under FOIA has been withheld or redacted, citing specific FOIA exemptions, even when that same information was required by the Privacy Act to be disclosed. This has been in flagrant violation of the Privacy Act, which has different disclosure requirements and exemptions which only partially overlap with those of FOIA. So far as we know, however, CBP and DHS have never responded to a Privacy Act appeal of these wihtholdings and redactions at all — some of our Privacy Act appeals are more than two years old — and while there have been several lawsuits under FOIA concerning ATS data, there have been none yet under the Privacy Act.

Our primary objection is to the very existence of a system under which the government requires common carriers to identify each would-be traveler and get the government’s permission (“clearance”) before they can travel.  Such a scheme is made far worse, however, when those “fly/no-fly” or “cleared/inhibited/not cleared” decisions are made not only in secret by unknown bureaucrats, not judges, and on the basis of secret files about each citizen.

The new exemptions, applicable to future requests for ATS records, are sweeping.  But we are particularly disturbed that the exemption rules purport to authorize the DHS to collect and use an entirely undefined and open-ended category of commercial data obtained from airlines as part of their Passenger Name Records (PNR), and withhold that commercial data, on grounds of “business confidentiality”, from the would-be travelers against whom it is used.

That exemption for commercial data in PNRs creates a limitless loophole through which the DHS could secretly make use, in passenger profiling and “targeting” decisions, of commercial data of any sort.  As long as it is channeled to the DHS through inclusion in PNRs (which as commercial records are themselves subject to no U.S. privacy or disclosure requirements at all), the DHS could base passenger “targeting” decisions on derogatory free-text remarks by customer service representatives, commercial blacklists, credit scores, or records or ratings by data aggregators.  But those are not legal grounds to prevent travel by common carrier.