Papers, Please!

The Identity Project

Category Archives: Surveillance State

Aug 16 2009

Secure Flight: Frequently Asked Questions

There’s been a lot of confusing (and often confused) reporting recently about the TSA’s so-called “Secure Flight” scheme for surveillance and control of passengers on domestic U.S. airline flights, based on data mining of airline reservations and lifetime travel histories.

If you’re looking for answers, you might start with our FAQ about “Secure Flight”.

Much of the confusion comes from the fact that the TSA’s orders to the airlines to implement “Secure Flight”, setting out which airlines are required to do what, and when, are all contained in secret “Security Directives”.  So we have only the TSA’s press releases — which they have previously told us would “creat[e] public confusion” were the public actually to rely on them, and which have often proven to be lies anyway — as clues to what is really being required.

We do know, however, the essence of what the “Secure Flight” regulations actually require: the shift to a permssion-based system of control of domestic air travelers (similar to the shift already being made for international air travelers under the APIS regulations, and for land border crossings under the WHTI rules), with a default of, “No”.

In addition to the questions in our original our FAQ, recent news reports raise some additional questions worth answering:

  • Was the “Secure Flight” scheme “[b]orn out of recommendations from the 9/11 Commission” (NPR)? No. “Secure Flight” is the latest name for a program originally called “CAPPS-II”, which was conceived almost immediately after 9/11 and well before the 9/11 Commission was even appointed.  More importantly, “Secure Flight” is directly contrary to the recommendation of the 9/11 Commission that, “The burden of proof for retaining a particular governmental power should be on the executive, to explain (a) that the power actually materially enhances security and (b) that there is adequate supervision of the executive’s use of the powers to ensure protection of civil liberties. If the power is granted, there must be adequate guidelines and oversight to properly confine its use…. [There should be a board within the executive branch to oversee adherence to the guidelines we recommend and the commitment the government makes to defend our civil liberties.”
  • Is “Secure Flight” a legal “requirement” (TSA press release)? No. Not only is “Secure Flight” (a) in violation of international treaties to which the U.S. is a party (Article 12 of the ICCPR provides in part that, “Everyone lawfully within the territory of a State shall, within that territory, have the right to liberty of movement”) and (b) the First Amendment to the U.S. Constitution (“Congress shall make no law … abridging … the right of the people peaceably to assemble”), but (c) the TSA has been expressly forbidden by Federal law from implementing “Secure Flight” “on other than a test basis” unless and until the GAO has certified that 10 specific criteria have been met.  The GAO has moved the goalposts set by Congress to certify that most of those criteria have, under clearly distorted interpretations, been met — but not yet all of them.  The assignment to each would-be passenger of a score of “cleared”, “inhibited”, or “not cleared” appears to violate the provision of the same law that, “None of the funds provided in this or any previous appropriations Act may be utilized to develop or test algorithms assigning risk to passengers whose names are not on government watch lists.”  And “Secure Flight” also potentially violates restrictions on data mining. [Update: It appears that the TSA is interpreting the GAO’s statements as constituting the necessary certification, even though the GAO said that “Additional Actions Are Needed”.  According to Business Travel News, “‘There’s nothing more to be tested, and no more approvals we need,’ said program director Paul Leyh…. ‘All it is now is to start the implementation process.'”]
  • Can the TSA or the airline prevent you flying or impose other sanctions as a penalty for non-compliance with “Secure Flight” requirements such as providing my date of birth, gender, etc? No. [Not unless they can successfully claim that the GAO has made the necessary certification, and that “cleared”, “inhibited”, or “not cleared” is not a “risk score”.] The same law that prohibits the TSA from “deployment or implementation, on other than a test basis” of “Secure Flight” also provides that, “During the testing phase … no information gathered from passengers, foreign or domestic air carriers, or reservation systems may be used to screen aviation passengers, or delay or deny boarding to such passengers, except in instances where passenger names are matched to a government watch list.”
Jul 17 2009

Secure Flight to use same data mining tools as CAPPS-II

The TSA has been anxious to convince us that the renamed Secure Flight scheme for airline passenger profiling, surveillance, and control is fundamentally different and (despite the great new name) less Orwellian than its prdecessor, the thoroughly discredited CAPPS-II (“Computer-Assisted Passenger Pre-Screening System, version 2”).

The TSA also wants us to believe that Secure Flight “does not use commercial data” (actually, it relies primarily on commercial data in airline reservations or Passenger Name Records) or data mining.

Now we learn from the boasts of one of the TSA’s contractors that “Secure Flight” will rely on the same fuzzy matching and data mining software that was used in the first trials of CAPPS-II in 2002 — which were unsuccessful, and which used illegally obtained PNRs for real travelers on real flights.

And despite the TSA’s claims that it isn’t a data-mining system, the contractor, Infoglide Software, describes the software being incorporated into “Secure Flight” as a tool for “mining today’s evergrowing sources of data”.  Oops!  perhaps the TSA forgot to tell them the party line about how to describe their products, or their marketing department didn’t get the message.

Nothing has really changed in CAPPS-3, a/k/a “Secure Flight”.  Depite all the minor tweaks from CAPPS-II, it still doesn’t meet the standards required by international human rights treates, the Constitution, or Federal statutes. Nothing has changed, including the need to stop it now — before another billion dollars or more is spent over the next year or two on implementing this system of surveillance and control of our movements.

Jun 25 2009

Courts and Congress finally start to rein in the TSA

Until recently, the TSA has been a domestic legal Guantanamo, and the TSA has treated their domain of “checkpoints” and travel control and surveillance as a law-free zone where their powers of search, seizure, detention, and denial of passage were unconstrained by the Constitution, human rights treaties, judicial review, or stautory or regulatory standards.  As indeed it has been: Congress has enacted no law specifically defining any limits on the authority of TSA agents at checkpoints (or elsewhere), and the TSA itself has never conducted any rulemaking or issued any publicly-disclosed regulations defining its authority, the limits of that authority, what orders travellers do or don’t have to comply with, and which forms of “noncooperation” are considered grounds for which sanctions (more intrusive search, denial of transportation, admninistrative fine, detention, etc.). While the TSA has never been explicitly exempted from the Constitution or treaties such as the International Covenant on Civil and Political Rights, the DHS has sought to avoid ever allowing judicial review of fly/no-fly decisions, and the courts themselves have gone out of their way to avoid ruling on the legality of TSA actions — such as when the 9th Circuit invented a counter-factual claim (without ever allowing an evidentiary hearing on the facts) that John Gilmore hadn’t actually been required to show ID credentials in order to fly, as a way to avoid ruling on whether an ID-to-fly requirement would be Constitutional. As for the Executive, President Obama has yet to nominate an Administrator of the TSA, leaving this one of the highest-ranking vacancies in the Administration and leaving the TSA operating on autopilot under lame-duck holdovers.

In the absence of any explicit rules or any judicial, legislative, or executive oversight, the TSA has felt no need to seek authority for its ever-expanding assertions of authority through legislation or rulemaking.  Nor has the TSA recognized any duty of self-restraint or self-policing to ensure its actions conform to the law. Instead, the TSA has simply wielded its power to do whatever it wished, on the disgraceful assumption that, “If we’re doing something wrong, the courts will tell us — if and when someone can afford to sue us, and they win a court judgment against us.”  In the meantime, the TSA will do, and claim the right to do, anything that hasn’t already specifically been ruled illegal. Kind of like the thief who assumes that they can steal whatever they want, and that if something turns out not be theirs, they’ll give it back if and when someone sues and wins a court judgment ordering its return.

Time and again we’ve pointed out this failure to subject the TSA to the rule of law. See, for example, our most recent prior post on this topic, our agenda on the right to travel submitted to the Obama Administration and Congress after the 2008 elections, and our comments earlier this month at the Computers, Freedom, and Privacy conference session with Obama Administration representatives and others at 1:45:53 of this video.  Until recently, however, neither the Courts, the Congress, nor the Executive branch have wanted to confront the question of what rules govern the TSA.

We’re please to report that this is finally beginiing to change, in small ways but on numerous fronts:

Read More

Jun 23 2009

“Clear” registered traveler company fails after wasting $116M

260,000 members down the tubes. No refunds.

Congratulations, suckers! Not only did you sign up for and pay money to a totalitarian program, but as usual, the police state was run by incompetents. Your little attempt to suck up to the TSA gestapo now won’t be doing you any good.

Their competitor “Flo Corp” is working hard to “analyze the implications of this announcement”. We can give them some help. A tiny minority of Americans signed up for the National Security State you offered them. You lost the election, the people voted with their wallets and their feet. Your fly-by-night stock is hovering right near 1cent per share. So get a clue and get out of the business while you still can pay your debts. What the public deserves is reform of the whole TSA system, so it provides real rights and real service and real accountability to EVERY traveler — not just to rich guys happy to have their iris and fingerprints on file. TSA’s culture of impunity needs to end, then we’ll all get along a lot better.

Oh, and to investors in Clear? It’s charming how you hoped to profit from funding the totalitarian tracking of the movements of all the citizens. (You couldn’t hope to make money at it unless pretty much every traveler signed up for it.) We’re so glad that every dollar you gave Clear is now a dollar that you can’t waste on your next socially destructive idea.

Jun 03 2009

Congress to vote on virtual strip searches

The U.S. House of Representatives will vote this week on a proposal to (1) restrict the use of virtual strip search machines at airports, (2) prohibit their use as a “primary” screening method (i.e. in place of curent metal detectors) or “unless another method of screening, such as metal detection, demonstrates cause for preventing such passenger from boarding an aircraft,” and (3) require that people selected for “secondary sccreening”  be told what the “Whole Body Imaging” machines do (a TSA agent out of your sight in a back room examines and can zoom in on any area of a picture taken using microwaves that pass through your clothes and show your body as though naked) and be offered the choice of a pat-down instead of a virtual strip search.

This proposal doesn’t go nearly far enough, but it’s an important first step.  Currently, no law or published regulation places any restrictions on any aspect of TSA activities at checkpoints.  What’s needed is to subject the TSA’s  domestic Guantanamo at every airport to the rule of law and the standards applicable to search, seizure, interrogation, and detention in any other context.

As travel commentator Charlie Leocha wrote in his column yesterday, “The last time I checked, there was a law about ‘reasonable suspicion’ before subjecting someone to a strip search. Is simply the act of getting on a plane now considered ‘reasonable suspicion’?”  (Today Leocha reports on the result of an informal online survey of his readers, showing that more than two-thirds of respondents think this is “an invasion of privacy”.)

The proposal was originally a standalone bill (H.R. 2027) introduced by Rep. Jason Chaffetz (R-UT), but will now be voted on as an amendment to H.R. 2200, the TSA Authorization Act.

What can you do?  Visit StopDigitalStripSearches.org and sign the online petition endorsed by the Identity Project.  More importantly, call and/or email your member of Congress today and urge them to vote FOR the “Chaffetz amendment on Whole Body Imaging” to H.R. 2200, the TSA authorization bill.

Rep. Chaffetz’ point person on this issue tells us they expect the House floor vote will most likely be Thursday, June 4, 2009.

Jun 01 2009

Today we’re all prisoners in the USA

As of today, June 1, 2009, even U.S. citizens are officially prisoners in the USA, or exiles barred from entering our own country without the government’s permission.

We are now forbidden by Federal regulations from leaving or entering the USA, anywhere, by any means — by air, by sea, or by land, to or from any other country or international waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable uniquely-numbered radio tracking beacons in the form of RFID transponder chips), or unless the Department of Homeland Security chooses to to exercise its standardless “discretion” to decide — in secret, with no way for us to know who is making the decision or on what basis — to issue a (one-time case-by-case) “waiver” of the new travel document requirements.

If you’re in the USA without such documents — even if you were born here, or are a foreigner who entered the USA legally without such documents (a Canadian, for example, who entered the USA by land yesterday when no such documents were yet required), or your document(s) have expired or have been lost or stolen — you are forbidden to leave the country unless and until you procure such a document, or unless and until the DHS gives you an exit permit in the form of a discretionary one-time waiver to leave the country — but not necessarily to come home, unless they again exercise their discretion to “grant” you another waiver.

If you are a U.S. citizen abroad without such a document (for example, if you entered Canada legally without it yesterday by land, when it wasn’t required, or again if your document(s) are expired, lost, or stolen) you are forbidden to come home unless and until you can procure a new document acceptable to the DHS, or unless and until the DHS gives you permission to come home in the form of a discretionary one-time waiver. Read More

May 26 2009

Add your name to the campaign against TSA “Virtual Strip Searches”

The Identity Project has joined with the Privacy Coalition in a campaign to stop “Whole Body Imaging” in U.S. airports.

The TSA is in the process of substituing these “Virtual Strip Search” machines as a replacement for, or an addiiton to, metal detectors for primary screening of all travelers.  You’ll be able (at least at first) to opt out of the virtual strip search “Whole Body Imaging”, but then you’ll automatically get the full secondary screening pat-down, as though you had set off the metal detector.  The “Whole Body Imaging” machines use microwaves that go through your clothes and reflect off your skin to display a detailed picture of your naked body to a TSA operator, in a back room where you can’t see who they are or what they are doing while they ogle your as-though-naked image.

Individual travelers as well as organizations can sign up until May 31, 2009 (Sunday) to endorse a joint letter (scroll ot the bottom of this page for the sign-on form) calling for on Secretary of Homeland Security Napolitano to suspend the use of “Whole Body Imaging” for primary screening. Read More

May 16 2009

Air France passenger data and “no-fly” orders

Follow-up reports have provided more details but also raised more questions about the incident last month in which the US government refused to allow an Air France flight en route from Paris to Mexico City to follow its normal route through US airspace, because the passengers included a journalist on the US “no-fly” list.  The orders from the US authorities, coming while the plane was already in flight, resulted in a lengthy detour to avoid overflying US territory, and an unscheduled refueling stop in Martinique.  (Air France’s Paris-Mexico flights used to stop in Houston, but these days they are scheduled to operate nonstop, in significant part to spare through passengers the need for US transit visas and US-VISIT processing including fingerprinting and photgraphing, now required even for foreign passengers merely transiting a US airport.)

As with previous incidents of blacklisted passengers and delayed, diverted, or canceled flights, this episode should be a reminder that the problems with the “no-fly” list are not limited to mistaken for other people on the watchlist.  The problem, in this case, is that one of the passengers actually was on the list of people administratively banned from the US, without any way of knowing why, confronting his accusers or the evidence (if any) against him,  or obtaining judicial review of their decision to deny him the right of passage by common carrier through US airspace (a right guaranteed by international treaties to which the US is a party).

Also at issue has been how, when, and through what intermediaries or data pathways US authorities learned who was on the plane, espcially since it wasn’t scheduled to touch US soil. Read More

May 14 2009

California DMV plans crackdown on “look-alikes”

Has anyone ever looked at your face and mistaken you for someone else?

If so, and if you live in California, you could be a victim of a proposal by the California Department of Motor Vehicles which is now under consideration in the state legislature.

At a hearing yesterday (May 13, 2009) before the Assembly Budget Subcommittee No. 5 on Information Technology/Transportation, the Director and Chief Information Officer of the DMV pleaded for more money (in spite of the desperate state budget crisis) to hire a contractor to digitize and store the photographs taken for every California drivers license or state ID, and then use “biometric” facial recognition and matching software to compare each new photo of an applicant for a license or ID with every photo in the database. (The DMV proposal next goes before the Senate Budget Subcommittee No. 2 on Resources, Environmental Protection, Energy and Transportation on Wednesday, March 20th.)

If the computer thinks your picture looks like any other picture in the database, both you and the other person whose photo the robot thinks looks like yours would be placed under suspicion of fraud, identity theft, or worse. Read More

May 03 2009

EU Council renews push for government access to PNR data

The Council of the European Union has put forward its new version of the “Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes” originally made by the European Commission. (More background on the proposal is available from Statewatch.)

The latest Council version of the proposal is essentially the same as the original Commision proposal, with only trivial changes in repsonse to input from Council members.  Like the original version introduced by the European Commission, the new Council version of the PNR proposal would require each member state to establish a new surveillance agency (a government “Passenger Information Unit” or PIU), and would require each airline operating flights to, from, or within the EU to make PNR data available to the PIU of each origin or destination state.

The Council appears to have entirely ignored the criticisms raised by the European Parliament in its consideration of the PNR proposal, as detailed in its most recent November 2008 resolution withholding Europarl approval. As the Europarl rapporteur said in the plenary session preceeding the vote:

I think the European Parliament is a serious partner, fully available to give input in this process. However, we will only issue a formal position once there are full, satisfactory and detailed answers to all the concerns and objections that were raised on several occasions by the European Parliament, the European Data Protection Supervisor, the national data protection authorities, the fundamental rights agencies and the airlines, because I think they are entitled to a real answer.

The latest Europarl vote in favor of this resolution (and against approval of the PNR proposal) was overwhelming: 512 to 5, with 19 abstentions.  Under the “codecision” procedure, Europarl approval is required in order for the PNR proposal to be adopted.  But neither the Commission nor the Council have responded in any meaningful way to their critics, or provided any evidence that any benefit of the PNR scheme would be proportionate to the grave damage it would do to funadamental freedoms.

Europeans should encourage their MEPs to continue to demand answers before they approve any scheme with such profound implications for justice and civil liberties, and not to allow the EU to repeat the mistakes made by the U.S. in establishing PNR-based systems of travel surveillance and control.