At the meeting of the LIBE (civil liberties) committee of the European Parliament on the 7th of April, a representative of the European Commission announced that the EC will shortly be releasing a report on the second closed-door EC-DHS joint review of DHS compliance with the current “agreement” on DHS access to and use of PNR data related to flights between the EU and USA.

We haven’t yet seen this report of the second joint review, although drafts of an EU report on the joint review and the DHS response to the EU draft have been posted by Statewatch. But since the first joint review in 2005, the DHS has published two reports — one in December 2008 and an update in February 2010 — on its own self-assessment and claims of compliance with the agreement, and we have studied  them carefully..

These 2008 and 2010 DHS reports are seriously misleading and contain significant legal and factual misstatements.  Their inaccuracy makes clear that DHS claims cannot be relied on without independent verification. The willingness of the DHS to publish such false claims calls into question the good faith of DHS participation in the joint review, and reinforces the need for a truly independent review including an audit of DHS actions by technical experts with access to legal process to compel full access to DHS records.

It’s not for us, as Americans, to tell European politicians what policies they should adopt. Nonetheless, as Americans who have systematically tested what happens when travellers attempt to access PNR data about themselves held by the DHS, and what happens when they attempt to complain about misuse of PNR data by the DHS, we think it is important for Europeans not to be misled about the status of DHS compliance or noncompliance with the current DHS-EU “agreement” on PNR data.

Here’s what we can say about the current situation, and about the claims in the 2008 and 2010 DHS reports regarding compliance with the agreement. Read More →

Today the DHS announced that it is partially replacing its practice of illegally profiling air travelers seeking to board flights destined to the US by national origin — the subject of our still-unanswered formal complaint — with a new scheme to illegally profile passengers individually, bsed on based on mining of commercial data in passenger name records (PNRs) obtained from airlines and other travel companies and on secret DHS dossiers about would-be passengers including their lifetime travel histories maintained in the illegal Automated Targeting System and other databases.

The consequences if you fit the secret profile would continue to include, as before, being subjected to “secondary screening” (more intrusive search and/or interrogation, with no publicly-disclosed rules governing which questions you are required to answer) or having the airline not be given “clearance” under the APIS permission system to allow you to board the flight.  (Under the APIS system already on the books, the default is “No fly” unless the airline receives an affirmative, individualized, per-passenger, per-flight “clearance to board” message from the DHS.)

The new profiles reportedly could include both individual identities and vaguer patterns of suspicion such as countries previously visited (a clear case of targeting based on activities protected by the First Amendment), association (a matching phone number in a PNR, such as from having reconfirmed flights form the name hotel as thousands of other travelers), or appearance (leaving room for continued racial and/or ethnic profiling).

The profiling and selection algorithm, the identity of the decision-makers, and the data on which they will base their determinations remain secret.  No mechanism for judicial review of these decisions, or of actions taken on the basis of them, was mentioned in the DHS press release or FAQ.

The new practice greatly increases the significance of the DHS’s decision in February of this year to exempt much of the information in PNRs, including derogatory personal information submitted by travel companies without travelers’ knowledge, from release to data subjects in response to requests under the Privacy Act. It also highlights the significance of the DHS’s routinely late, incomplete, and improper responses to requests for travel records, when they respond at all.

Some of our Privacy Act requests to the DHS for travel records are 6 months old with no response at all (a year is not unusual), while one of our appeals of an obviously incomplete and improper response has been pending for more 2 1/2 years without a decision.  Of the responses we have seen to requests for PNRs and ATS travel history records, all are obviously incomplete, and invoke inapplicable exemptions (such as invoking the broader exemptions applicable to third-part requests under FOIA in response to first-party requests under the Privacy Act, to which FOIA exemptions don’t apply).  None actually appear to have been processed under the Privacy Act, only under the more limited FOIA rules, even when the requests were explicitly made under the Privacy Act.

So far as we know, nobody has actually received the “accounting of disclosures” (access log) that the DHS is required to provide on request.  And none of the major computerized reservation systems (CRSs) to which airlines outsource hosting of their PNR databases maintains logs of access to PNRs, which would be necessary for CRSs or their airline and travel company subscribers to comply with “Safe Harbor”, European Union data protection law, and other international privacy norms.  Since CRSs keep no records, nobody knows who actually accesses PNRs.

There are also still unanswered questions as to the extraterritorial US claim of jurisdiction over actions related to boarding of foreign-flag aircraft at foreign airports, especially where international aviation treaties between the US and those countries require airlines to operate as “common carriers” and transport all passengers willing to pay the fare and comply with the rules in the published tariff.

Both Americans and foreigners — including members of the European Parliament who are currently debating whether to approve continued DHS access to European PNR data — should be outraged that the DHS is simultaneously increasing the weight given to commercial and other information in secret DHS dossiers about us, while hiding even more of that information from us, even if we specifically ask to see it.  We’ll be bringing this to their attention in meetings and testimony in Brussels and Strasbourg, and talks with European activists, over the next few weeks.

The most recently filed lawsuit to result from detention of a would-be traveler at a TSA checkpoint highlights an interesting pattern:

While Federal departments themselves, and their agents in their official capacities, have thus far largely escaped legal liability for interference with travelers’ rights, multiple lawsuits against individuals who have enforced secret DHS directives — including DHS officers in their individual capacities as well as city, state, and tribal police acting as their accomplices and/or at their behest — are moving forward.  Yet at the same time, the DHS continues to use local law enforcement officers to carry out its secret orders, and has in some cases revealed policies directing DHS agents to take a literal “hands-off” attitude themselves, even while calling in local police to enforce what are at root (illegal) Federal orders.

Here’s a round-up of some pending cases across the country, leading up to the latest, with apologies for the sometimes tortured procedural histories which tend to characterize such cases and obscure the real issues: Read More →