Papers, Please!

The Identity Project

Category Archives: Surveillance State

Oct 27 2009

Who’s watching the watchers at the DHS “Privacy” Office?

The Identity Project has joined with more than two dozen other organizations and individual experts from the Privacy Coalition in a joint letter to the House Committee on Homland Security, criticizing the DHS Privacy Office and its annual report and calling for better Congressional oversight of privacy-invasive DHS practices and the DHS Privacy Office itself.

There’s more about the letter, and the DHS response, today in the Washington Post.

We’re pleased to be part of this joint effort, and we hope Congress does more to rein in the DHS — although of course we are disappointed that DHS noncompliance with the law, the Constitution, and international treaties has made such a campaign necessary.  The DHS consistently tries to exempt itself from major requirements of the Privacy Act, such as:

  • Obtaining personal information from the person affected, rather than from third parties.
  • Making personal information accessible to the person affected.
  • Giving people a serious opportunity to correct records about them at DHS (or collected and held by “private” entities at DHS behest and used by the DHS).
  • Only collecting information that is relevant to lawful purposes.
  • Only collecting information that is timely.
  • Only collecting information that is accurate.
  • Only collecting information about categories of individuals disclosed in formal “System of Records Notices” in the Federal Register.
  • Not collecting information about the First Amendment protected activities of US persons — such as who they are associating with, the books they are carrying or reading, the art or slogans or expressive insignia on their clothing or possessions, or where, why, how, and with whom they are assembling.

DHS claims for itself the ability to “exempt” itself from these statutory requirements. They do not cite any statute or court case that allows them to do so.

The DHS Privacy Office has been intimately involved in producing Federal Register filings that claim these exemptions from fundamental statutory Federal record-keeping requirements, and fail to properly disclose the extent of DHS systems of travel records. DHS travel records include information about numerous categories of people not mentioned in the SORNs, from people who pay for other people’s tickets to people whose phone numbers where entered in reservations of houseguests reconfirming flights, as well other information prohibited form collection by the Privacy Act.  In this way, the Privacy Office has actively undermined the Privacy Act that they are sworn to uphold, and has been a party to criminal violations of the Privacy Act in the continued operation of these systems of records.  We’ve gotten no response whatsoever to our repeated formal complaints of these crimes filed with the DHS Privacy Office.

Oct 21 2009

Why shouldn’t we have to show ID when we fly?

From time to time, people ask us, “But why don’t you want to show ID when you travel?  What’s wrong with that?” There are probably as many answers to that question as there are people who resist government demands to show ID when they travel, even when it’s scary and involves some personal risk to say “No” to the TSA agents and their rent-a-cops.  But for one answer among many to the question, “Why?”, we asked one of those people, Joe Williams.  He responded with the following guest blog post:

Why shouldn’t we have to show ID when flying?

Because it doesn’t make us safer, it’s unconstitutional, and truly free countries don’t require it.

Long after the ID-demand policy was implemented in the summer of 1996, 9/11 proved that ID requirements don’t work. Even if you are on a no- fly list all one needs to do is: Buy a ticket in some innocent person’s name. Check in online and print that person’s boarding pass. Save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate use the real boarding pass to board your flight.

Being required to show ID only proves the success of al-Qaeda with fear established and freedoms violated.

Most people are not aware that freedoms in the Constitution are “inalienable & natural” meaning we were born with them. They are not government granted. Just as the U.S. Constitution represents our inalienable right to life, liberty, & freedom, so too does the TSA represent a significant threat to those God-given rights. TSA protocol is to assume all innocent people to be a threat until being cleared from a secret list. Put another way, “The innocent shall suffer the sins of the guilty.”

Previous court decisions are referenced in justifying the legalization of ID requirements which translates into; it’s OK to violate a little of the people’s freedom, just not a lot. Most people are not willing to be inconvenienced to challenge these requirements, let alone initiate a real legal battle or protest. It’s easier to show ID than to fight for one’s rights and freedom.

And when legal challenges have been made against these secret “security directives”, courts have ruled they are secret laws and barred from public scrutiny or debate. Checkpoints & ID requirements are more commonly associated with governments who suppress freedom yet we implement them in the name of safety and security. In the name of national security, government can violate peoples’ freedom. Being forced to announce one’s self is a loss of privacy and “taking away a person’s privacy renders to the government the ability to control absolutely that person.” (Ayn Rand)

“In the end, the photo ID requirement is based on the myth that we can somehow correlate identity with intent. We can’t.” (Bruce Schneier, Chief Security Technology officer of BT Global Services) Surveillance is not freedom. Having to ask for permission is not freedom. Most elected officials believe the more legislation passed exerting more government control over people, the better off society is. The Constitution was written to restrict government yet most elected officials look for ways to circumvent instead of defending the Constitution as stated in their oath of office. It is not an elected official’s job to give freedom. It’s their job to defend it.

I would rather live in a higher risk society wrapped in freedom than live as a slave in complete safety & security.

Joe Williams
concerned citizen
Atlanta, GA

“Domestic travel restrictions are the hallmark of authoritarian states, not free nations.” (Congressman Ron Paul)

“Safety from external danger is the most powerful director of national conduct. Even the ardent love of liberty will, after a time, give way to its dictates. The violent destruction of life and property incident to war — the continual effort and alarm attendant on a state of continual danger, will compel nations the most attached to liberty, to resort for repose and security, to institutions, which have a tendency to destroy their civil and political rights. To be more safe they, at length, become willing to run the risk of being less free. The institutions alluded to are STANDING ARMIES, and the correspondent appendages of military establishments.” (Alexander Hamilton, Federalist No. 8, November 20, 1787)

“We uphold Freedom by exercising it – not by restricting it.” (The Identity Project)

Oct 21 2009

Softball questions for TSA nominee

President Obama’s much-belated nominee to head the Transportation Security Administration, Erroll Southers — faced only softball questioning at a confirmation hearing last week before the Senate Committee on Commerce, Science, and Transportation.  None of the questions we’ve raised for the nominee about TSA policies and procedures, or about the philosophical or practical attitude of the nominee toward the right to travel, were asked by any of the Senators. Nor, despite the nominee’s background of as a policeman (L.A. airport police commander and former FBI agent), was there any exploration of the role of the TSA as the Federal police agency that most often interacts directly with people who are accused of no crime — literally the front lines of Federal policing of innocent citizens.

The nomination of Mr. Southers has also been referred to the Committee on Homeland Security, which plans to hold its own confirmation hearing after it receives further background information from Mr. Southers, probably in late November.

If you want to know whether the Obama Administration and its nominee plan to set a new course for the TSA, let your Senators and the members of the Homeland Security know that you want them to ask tough questions (“Do we have a right to travel? Should the obligations of travelers at TSA checkpoints be spelled out in publicly-disclosed regulations?  Should no-fly decisions be subject to judicial review? Should we have to show ID to fly? Should the government keep records of our travels?”) before they vote to approve any nominee for TSA Administrator.

Oct 01 2009

Do you need government ID to observe Federal government meetings?

With the public paying more attention ot Federal financial policy, more people might be interested in watching government meetings like those of the Federal Reserve Board.

But what if you don’t have  government-issued identity credentials, or don’t chose to show them? Are you still entitles to observe your tax dollars at work?

We recently came across this 2002 opinion from Office of Legal Counsel of the Department of Justice, advising the the Federal Reserve Board that notwithstanding the open meeting requirements of the Government in the Sunshine Act, the Fed can prevent people from watching its meetings if they don’t give advance notice of their intent to attend, don’t have or won’t reveal their Social Security Number or various other information, or if they don’t have or won’t show a photo ID.

Footnote 4 of the 2002 opinion points out a 1977 DoJ letter that states, “[o]f course, any person may attend a meeting without indicating his identity and/or the person, if any, whom he represents and no requirement of prior notification of intent to observe a meeting may be required.” However, the OLC “disagrees with” that letter.

This took place, ,of course, at a time when the OLC was also advising Federal agencies on the legality of torture, “extraordinary rendition”, and so forth.  But we can find no record of any action by the Obama Administration to rescind or update this advice.

All of which begs the Catch-22 question of what happens to people who want to enter government buildings where ID is required for entry — such as passport offices located in Federal office buildings — in order to apply for the ID credentials they don’t yet have.

Oct 01 2009

Congress, investors won’t let “Trusted Traveler” die

As a hearing yesterday before the Subcommittee on Transportation of the House Homeland Security Committee, Republicans and Democrats joined in urging a re-start of the all-but-bankrupt “Registered Traveler” or “Trusted Traveler” scheme that shut down this June.  Subcommittee members even went to so far as to criticize the TSA for having planned — until members of Congress and a temporary injunction in a customer lawsuit for refunds prevailed on them to hold off — to delete the fingerprints, iris scans, and other personal data collected for use by the TSA and the Registered/Trusted Traveler vendors.  If you think this data should be purged from government files sooner rather than later, let your representative know what you think.

Amazingly, there are even private equity investors who showed up at the hearing to proclaim their readiness to buy some of the assets (including the personal data bank, of course, but not the liability for refunds to no-longer-trusted travelers who now want out) of the largest of the former registered-traveler operator, “Clear” Verified Identity Pass, and to try to bring it back to life.

But the would-be investors made clear that their business model would depend on government support.  The TSA has admitted that the Registered Traveler program has no security value, and stopped conducting, or charging for, background checks on applicants.  That leaves the program as nothing more than a way for members to pay extra to go through a dedicated line at the TSA checkpoint, which is possible only if the TSA allows these private companies to control access to the government checkpoint people have to pass through to travel by common carrier.  Sort of like a government-facilitated scheme to allow you to bribe your way to the front of the line.  Except that it’s more like extortion than bribery, since the point is not to receive government services but to avoid (in part) government restrictions and costs imposed on the exercise of rights.

The government has no business collaborating with this racket, or helping private businesses shake down members of the public who can’t afford the delays imposed by TSA security theater.  “Trusted Traveler” is dead, and the government should leave it in its grave.

Sep 28 2009

Now that Ted Kennedy’s dead, the TSA’s found somebody else in Congress to harass

Senator Edward M. Kennedy (D-MA) used to have constant trouble at airports because a name similar to his was on the TSA’s “no-fly” list.  Even as a senior Senator he couldn’t find out why, and couldn’t get the harassment stopped (which he eventually mentioned publicly during a Senate hearing) for more than three weeks.  For ordinary mortals, “redress” takes months or years, if it ever happens at all.

Now it’s Representative Jason Chaffetz (R-UT) — sponsor of the amendment passed overwhelmingly by the House in June, despite opposition from the leadership of both major parties, to restrict the TSA’s use of virtual strip search (“Whole Body Imaging”) machines at checkpoints in airports — who’s gotten on the TSA’s VIP list for special treatment.

According to reports in the Salt Lake Tribune and Deseret News, frequent-flyer freshman Congressman Chaffetz — who has refused to move to Washington, sleeps on a cot in a back room of his Congressional office during the week, and flies home to Utah to be with his family every weekend — got into trouble at SLC last week after he (1) refused to “consent” to a virtual strip search (“Chaffetz had told the House, “You don’t have to look at my wife and 8-year-old daughter naked to secure an airplane.” He says he didn’t want the TSA looking at him naked either. He told the Deseret News the TSA has not lived up to promises to post signs about what the whole-body imaging machine does”) and then (2) tried to read the name on a TSA agent’s badge (which the agent only showed him after Chaffetz identified himself as a member of Congress, although the TSA agents said they already knew who he was).

Of course, Chaffetz was then “randomly” selected for extra groping (“secondary screening”).  But we’re sure that had nothing to do with his political opinions or attempts to hold the TSA accountable to the laws he helps make.

Sep 28 2009

FBI wants records from travel data aggregators

Ryan Singel of Wired News has reported that documents (see the links to some of them at the end of the Wired story) provided in response to requests under the Freedom of Information Act show that the FBI’s National Security Branch “National Security Analysis Center” (NSAC) has obtained a variety of commercial travel records from hotel chains and franchisers, car rental companies, and the operator of the financial clearinghouse for most airline tickets (and some other travel services) issued or sold by travel agents in the USA.

The numbers of these records Wired reports that the FBI has already obtained are small compared to the numbers of customers these companies have, but Wired also reports that the FBI documents they obtained also show that the FBI is seeking, as part of a lengthy “wish list” of data types and sources, to get greater and perhaps routine and comprehensive access to these travel records.

Given the lax rules for inter-agency data sharing, and the FBI’s lead role in the inter-agency “Terrorist Screening Center” where no-fly decisions enforced by the TSA are made, it’s less important which specific federal agency has or is seeking this data than what information they are after, and from whom.

Read More

Sep 09 2009

More travel records, more exemptions from the Privacy Act

An anonymous traveler has posted the records of their international travel that were provided by the Customs and Border Protection (CBP) division of the Department of Homeland Security, in response to a request under the Privacy act using these forms updated from those used by the Identity Project in our original investigation of the CBP “Automated Targeting System” (ATS).  As noted by philosecurity.org, which published the latest example of the government’s travel data vacuum cleaner, as provided by one of the site’s readers,

The document reveals that the DHS is storing the reader’s:

  • Credit card number and expiration (really)
  • IP address used to make web travel reservations
  • Hotel information and itinerary
  • Full Name, birth date and passport number
  • Full airline itinerary, including flight numbers and seat numbers
  • Cruise ship itinerary
  • Phone numbers, incl. business, home & cell
  • Every frequent flyer and hotel number associated with the subject, even ones not used for the specific reservation

There are also the details of a reservation at a hotel the person didn’t end up staying at, but which they had a reservation for when the CBP pulled a snapshot of their PNR from the airline or CRS. Sadly, all this is typical of what’s in a PNR and what we found in our continuing investigation of CBP/DHS travel records.

Meanwhile, even as more travelers are finally getting portions of their travel records, the DHS published a new final rule on August 31, 2009 (74 Federal Register 45070-45072) exempting portions of those records from the Privacy Act. Read More

Aug 24 2009

Travelers more worried about TSA than airline safety

Travelers are more concerned about TSA screening than airline safety, according to the results of the first poll conducted by the Consumer Travel Alliance.

“TSA screening” ranked sixth in the survey, with 44.1 percent of respondents saying it was of the highest priority among all possible travel issues (not limited to airlines). “Airline safety” was seventh, with 41.1 percent rating it among the “most important” consumer travel issues.

Congress, are you listening?

Aug 20 2009

“Clear” data temporarily enjoined from sale, but not yet safe

According to news reports today, Verified Identity Pass, Inc., (“VIP”) which operated the defunct Clear traveler registration scheme, has been temporarily enjoined by a Federal court from selling or transferring to any third party any data about its (former) customers.

That doesn’t mean that the personal data about “VIP” travelers — including fingerprints, iris scans, and data about their passage through “Clear” lanes at airports — is safe.  The injunction is only preliminary, and was issued in a case in which Clear customers have sued for refunds.  More importantly, VIP is not (yet) bankrupt and hasn’t yet been sold, although since the shutdown of the Clear service it has no revenue and no way to avoid bankruptcy except through a sale of all or part of its business or assets.

The terms of service and privacy policy for the Clear program contained an explicit provision authorizing the sale or transfer of customer data to another company providing a similar service, as part of a sale of the entire line of business. And if VIP goes bankrupt, the bankruptcy court would still be required to auction the personal data to the highest bidder, unless in the meantime Congress enacts new privacy protection for personal data in bankruptcy cases.