Apr 29 2010

European Parliament debate on DHS access to EU airline reservations

Last week the European Parliament, following a hearing earlier in the month in Brussels at which we testified, held a three-hour plenary debate in Strasbourg on proposals to approve access by the US Department of Homeland Security to European interbank transfer (SWIFT) and airline reservation (Passenger Name Record, PNR) data.

The current “provisional” agreement to authorize blanket access by the DHS to PNRs for trans-Atlantic flights was executed by the Council of the EU over the objections of Parliament, but the changes in the structure of the EU brought about by the Lisbon Treaty, which entered into force in December 2009, now give the EP veto power over its continuation in force, or over any new agreement.

The transcript of the plenary session is posted only in the language in which speeches were delivered. But if the Europarl website recognizes your browser and media player, you can click the link under the thumbnail portrait of each speaker for an archived video clip with the the full choice of 23 languages — the most elaborate simultaneous translation operation in any chamber in the world — that were provided to those in attendance in the Hémicyle during the session.

The precautionary closure of most European airspace in response to the volcanic ash cloud kept some MEPs from reaching Strasbourg. As a result, voting on this and all other issues was postponed until next week, May 5-6, in Brussels.

But despite the deferral of voting, the debate was an important manifestation of the climate of opinion among the 736 directly-elected representatives of more than 500 million European citizens.

Several things were noteworthy in the plenary discussion: Read More

Apr 18 2010

DHS “update” still misstates compliance with EU agreement on PNR data

At the meeting of the LIBE (civil liberties) committee of the European Parliament on the 7th of April, a representative of the European Commission announced that the EC will shortly be releasing a report on the second closed-door EC-DHS joint review of DHS compliance with the current “agreement” on DHS access to and use of PNR data related to flights between the EU and USA.

We haven’t yet seen this report of the second joint review, although drafts of an EU report on the joint review and the DHS response to the EU draft have been posted by Statewatch. But since the first joint review in 2005, the DHS has published two reports — one in December 2008 and an update in February 2010 — on its own self-assessment and claims of compliance with the agreement, and we have studied  them carefully..

These 2008 and 2010 DHS reports are seriously misleading and contain significant legal and factual misstatements.  Their inaccuracy makes clear that DHS claims cannot be relied on without independent verification. The willingness of the DHS to publish such false claims calls into question the good faith of DHS participation in the joint review, and reinforces the need for a truly independent review including an audit of DHS actions by technical experts with access to legal process to compel full access to DHS records.

It’s not for us, as Americans, to tell European politicians what policies they should adopt. Nonetheless, as Americans who have systematically tested what happens when travellers attempt to access PNR data about themselves held by the DHS, and what happens when they attempt to complain about misuse of PNR data by the DHS, we think it is important for Europeans not to be misled about the status of DHS compliance or noncompliance with the current DHS-EU “agreement” on PNR data.

Here’s what we can say about the current situation, and about the claims in the 2008 and 2010 DHS reports regarding compliance with the agreement. Read More

Apr 07 2010

Testimony to the European Parliament on PNR data

Identity Project consultant and technical expert Edward Hasbrouck is testifying Thursday in Brussels on the proposed agreement between the European Union and the U.S. Department of Homeland Security on transfers of Passenger Name Records (PNR’s) from the European Union to the DHS, at a public hearing on “Protection of Personal Data in Transatlantic Security Cooperation: SWIFT, PNR & Co. – which way forward?”, hosted by Jan Philipp Albrecht, Member of the European Parliament. 14:00-17:00 (8-11 a.m. Eastern time, 5-8 a.m. Pacific time), European Parliament, Brussels, room ASP 1G-3 (open to the public, but prior arrangement required for access to the building).

Apr 02 2010

DHS shifting from national origin to ID-based passenger profiling

Today the DHS announced that it is partially replacing its practice of illegally profiling air travelers seeking to board flights destined to the US by national origin — the subject of our still-unanswered formal complaint — with a new scheme to illegally profile passengers individually, bsed on based on mining of commercial data in passenger name records (PNRs) obtained from airlines and other travel companies and on secret DHS dossiers about would-be passengers including their lifetime travel histories maintained in the illegal Automated Targeting System and other databases.

The consequences if you fit the secret profile would continue to include, as before, being subjected to “secondary screening” (more intrusive search and/or interrogation, with no publicly-disclosed rules governing which questions you are required to answer) or having the airline not be given “clearance” under the APIS permission system to allow you to board the flight.  (Under the APIS system already on the books, the default is “No fly” unless the airline receives an affirmative, individualized, per-passenger, per-flight “clearance to board” message from the DHS.)

The new profiles reportedly could include both individual identities and vaguer patterns of suspicion such as countries previously visited (a clear case of targeting based on activities protected by the First Amendment), association (a matching phone number in a PNR, such as from having reconfirmed flights form the name hotel as thousands of other travelers), or appearance (leaving room for continued racial and/or ethnic profiling).

The profiling and selection algorithm, the identity of the decision-makers, and the data on which they will base their determinations remain secret.  No mechanism for judicial review of these decisions, or of actions taken on the basis of them, was mentioned in the DHS press release or FAQ.

The new practice greatly increases the significance of the DHS’s decision in February of this year to exempt much of the information in PNRs, including derogatory personal information submitted by travel companies without travelers’ knowledge, from release to data subjects in response to requests under the Privacy Act. It also highlights the significance of the DHS’s routinely late, incomplete, and improper responses to requests for travel records, when they respond at all.

Some of our Privacy Act requests to the DHS for travel records are 6 months old with no response at all (a year is not unusual), while one of our appeals of an obviously incomplete and improper response has been pending for more 2 1/2 years without a decision.  Of the responses we have seen to requests for PNRs and ATS travel history records, all are obviously incomplete, and invoke inapplicable exemptions (such as invoking the broader exemptions applicable to third-part requests under FOIA in response to first-party requests under the Privacy Act, to which FOIA exemptions don’t apply).  None actually appear to have been processed under the Privacy Act, only under the more limited FOIA rules, even when the requests were explicitly made under the Privacy Act.

So far as we know, nobody has actually received the “accounting of disclosures” (access log) that the DHS is required to provide on request.  And none of the major computerized reservation systems (CRSs) to which airlines outsource hosting of their PNR databases maintains logs of access to PNRs, which would be necessary for CRSs or their airline and travel company subscribers to comply with “Safe Harbor”, European Union data protection law, and other international privacy norms.  Since CRSs keep no records, nobody knows who actually accesses PNRs.

There are also still unanswered questions as to the extraterritorial US claim of jurisdiction over actions related to boarding of foreign-flag aircraft at foreign airports, especially where international aviation treaties between the US and those countries require airlines to operate as “common carriers” and transport all passengers willing to pay the fare and comply with the rules in the published tariff.

Both Americans and foreigners — including members of the European Parliament who are currently debating whether to approve continued DHS access to European PNR data — should be outraged that the DHS is simultaneously increasing the weight given to commercial and other information in secret DHS dossiers about us, while hiding even more of that information from us, even if we specifically ask to see it.  We’ll be bringing this to their attention in meetings and testimony in Brussels and Strasbourg, and talks with European activists, over the next few weeks.

Mar 27 2010

Second TSA nominee withdraws

Robert A. Harding, President Obama’s second nominee to head the TSA, has become the second such nominee to withdraw himself from consideration in response to questions about the ethics of his previous activities.

Earlier, Erroll Southers withdrew himself as nominee for TSA Administrator after it became public that he had abused his connections and access to police databases to try to dig up dirt on his ex-wife’s new lover.

After he retired from the U.S. Army as a Major General, Harding founded a company that provided services under contract to the his former buddies in the military, DHS, and TSA, in the typical revolving-door fashion of the military-industrial complex.

There are conflicting reports in separate articles in the Washington Post today about Harding’s withdrawal.

One story suggests that it was related to his successful claim to qualify for preferential treatment in applying for military and government contracts as a “”service disabled veteran” on account of sleep apnea, a serious ailment but one not considered likely to be related to a military desk job.

A second story points to questions about possible over-billing for services rendered by Harding’s company in providing “interrogators assigned to Iraqi prisons”.

Without knowing anything about whether any of these allegations are true, we’re glad that the TSA won’t be handed over to a “leader” whose model for Israeli-style “engagement” and questioning of citizens is the sort of interrogation practiced in Iraqi prisons, even down to compelling citizens, when questioned by airline staff or travel agents or while under detention at airports like SFO where “screening” has been outsourced, to answer questions from private contractors rather than actual law enforcement officers.

Mar 27 2010

Heathrow body scanner operator: “‘I love those gigantic tits”

Even as the TSA continues to claim that virtual strip-search machines (body scanners, “whole body imaging”, or in the latest TSA euphemism “advanced imaging technology”)  at airport and other checkpoints don’t reveal excessively intimate physical detail of subjects’ bodies, and that the images can’t be captured, and less than two months after similar scanners were introduced in the UK, a screener at Heathrow Airport in London was spotted taking a photo of a scanner image and overheard talking about the detail it revealed of the woman’s breasts.

I’m sure you’ll all be reassured to hear that the screener has been “warned” by the police and might be (but hasn’t yet been) fired.

Ironically, the screener was caught only because his victim was a fellow airport worker.  An ordinary traveler probably wouldn’t have been in position to see or overhear what had happened, or have realized what it meant.

The TSA says that the capability to store and transmit images, which the TSA has required to be built into the scanners, is “disabled” on the scanners when they are in use.  But the TSA has declined to comment on whether these TSA-required features are disabled in hardware or software, what would be needed to re-enable them, who is authorized to re-enable them, or how those authorizations are carried out or controlled.

Mar 19 2010

Obama endorses DNA database, considers biometric national ID

Yesterday President Obama met again with Senators Chuck Schumer (D-NY) and Lindsey Graham (R-SC), the sponsors of the “immigration reform” bill we reported on yesterday, which has as its first “pillar” a mandatory biometric national worker ID card.  In conjunction with his meeting with the Senate sponsors of this scheme, President Obama issued a statement which didn’t mention the national ID card specifically, but praised the overall proposal as “a promising, bipartisan framework which can and should be the basis for moving forward.”

Meanwhile, President Obama has strongly and explicitly endorsed mandatory DNA sampling of everyone arrested (not convicted, arrested — people who are presumed to be innocent) and retention of DNA records in a national database. “It’s the right thing to do… This is where the national registry becomes so important,” the President said [transcript] in an on-camera interview.  We hope he reconsiders, and that his views on a national DNA database aren’t an indication of his leanings on a national biometric ID card.

Whichever way they are leaning now, the President and the Senate need to hear from the public, right away, what you think of these ideas — and that you won’t go along with unconstitutional restrictions on your rights.

Mar 12 2010

Airlines, travel agencies, Congress join public outcry against passport fees

We don’t think it’s fair or legal for the government to charge you a fee to exercise your rights under the First Amendment and international human rights treaties to enter or leave the USA.  Those rights are all but absolute, and rules that restrict or burden them, such as by imposing fees, are subject to strict scrutiny.

Judging from the response to the government’s latest proposal to increase passport fees (in order to cover the increased costs of including a uniquely-numbered remotely-readable RFID chip in each passport), we aren’t alone in our views.

More than a thousand people filed comments with the Department of State by yesterday’s deadline to oppose the proposed passport fee increases.  In addition to the comments filed by individual citizens and travelers and by the Identity Project, Consumer Travel Alliance, and Center for Financial Privacy and Human Rights, comments objecting to the proposed fee increases were filed by United Airlines, the American Society of Travel Agents, and the Interactive Travel Services Association.  United Airlines told the State Department, as we did, that the proposed rules would violate the Administrative Procedure Act, and demanded that the Department reveal the cost analysis that they claim supports the fee increases and extend the comment period for responses to it before finalizing any fee increase. ASTA (which represents brick-and-mortar travel agencies) and ITSA (which represents online travel agencies), have generally been at each other’s throats; we’re not sure we’ve ever seen them file joint comments in a Federal rulemaking.  The overall picture painted by the industry comments is of the extent to which the proposed fee increases would, in fact, impose a meaningful burden on international travel.

Members of Congress, particularly from border districts, have also objected, with Rep. Chris Lee of New York writing to Secretary of State Clinton that the fee increase would “further burden American travelers,” and fellow Rep. Brian Higgins, also from upstate New York (along the busiest sector of the Canadian border), issuing a statement that, “Creating financial barriers to the international traffic flow will cost our national economy and this community greatly in the long run.”

According to its filing, “Given its questions, and the importance of access to fairly priced travel documents to support international travel, United has sought a copy of or further details on the CoSS [Cost of Service Study] on March 9, 2010. United was advised that the CoSS is not a study or a report, but rather a model which the Department plans to demonstrate during a public meeting sometime in April or May of 2010.”

We’ll keep you posted of any announcement we hear of an extension of the comment period or a public hearing on the proposal to raise passport fees to pay for RFID chips in passports.

Mar 08 2010

Military spymaster to be nominated for head of the TSA

Testing the waters yesterday, White House sources leaked to Reuters and the Associated Press that President Obama plans to nominate retired Army Major General Robert A. Harding to be the Administrator of the TSA.

Harding’s 30-year career as an army officer was spent moving up through the military “intelligence” ranks, culminating as “DoD’s senior HUMINT [human intelligence] officer.”  In other words, he was the U.S. military’s most senior spymaster. Following his retirement out the military-industrial revolving door (through which he would return if confirmed to head the TSA), he double-dipped by founding a military consulting and contracting company which he sold last year to private equity investors. “Harding Security Associates provides identity intelligence and other security services to the federal government, including doing work for the Department of Defense’s biometric-identification analysis and forensics.”

Many of the TSA’s practical problems and abuses of civil liberties have involved schemes like CAPPS-II (later Secure Flight) that were dreamed up by the NSA and other military intelligence agencies and “experts” unaccustomed to operating within the civilian, domestic U.S. legal regime and ignorant of transportation industry technical infrastructure and business practices. Harding’s autobiography gives no indication that he has any experience whatsoever with civilian or domestic civil liberties, with legal constraints on “intelligence gathering” (spying and surveillance) on civilians or U.S. persons or within the U.S., or with the transportation industry.

If Harding is nominated to head the TSA, his military background and lack of any track record on civilian civil liberties makes it especially critical for Senators to question him closely (we have some suggestions to start that questioning) about his views on the fundamental civil liberties and human rights issues facing the TSA, before any confirmation vote, and to resist any calls for an abbreviated or rushed review of his suitability for the position.

Feb 25 2010

DHS accomplices face legal liability

The most recently filed lawsuit to result from detention of a would-be traveler at a TSA checkpoint highlights an interesting pattern:

While Federal departments themselves, and their agents in their official capacities, have thus far largely escaped legal liability for interference with travelers’ rights, multiple lawsuits against individuals who have enforced secret DHS directives — including DHS officers in their individual capacities as well as city, state, and tribal police acting as their accomplices and/or at their behest — are moving forward.  Yet at the same time, the DHS continues to use local law enforcement officers to carry out its secret orders, and has in some cases revealed policies directing DHS agents to take a literal “hands-off” attitude themselves, even while calling in local police to enforce what are at root (illegal) Federal orders.

Here’s a round-up of some pending cases across the country, leading up to the latest, with apologies for the sometimes tortured procedural histories which tend to characterize such cases and obscure the real issues: Read More