Papers, Please!

The Identity Project

Category Archives: Surveillance State

May 14 2009

California DMV plans crackdown on “look-alikes”

Has anyone ever looked at your face and mistaken you for someone else?

If so, and if you live in California, you could be a victim of a proposal by the California Department of Motor Vehicles which is now under consideration in the state legislature.

At a hearing yesterday (May 13, 2009) before the Assembly Budget Subcommittee No. 5 on Information Technology/Transportation, the Director and Chief Information Officer of the DMV pleaded for more money (in spite of the desperate state budget crisis) to hire a contractor to digitize and store the photographs taken for every California drivers license or state ID, and then use “biometric” facial recognition and matching software to compare each new photo of an applicant for a license or ID with every photo in the database. (The DMV proposal next goes before the Senate Budget Subcommittee No. 2 on Resources, Environmental Protection, Energy and Transportation on Wednesday, March 20th.)

If the computer thinks your picture looks like any other picture in the database, both you and the other person whose photo the robot thinks looks like yours would be placed under suspicion of fraud, identity theft, or worse. Read More

May 03 2009

EU Council renews push for government access to PNR data

The Council of the European Union has put forward its new version of the “Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes” originally made by the European Commission. (More background on the proposal is available from Statewatch.)

The latest Council version of the proposal is essentially the same as the original Commision proposal, with only trivial changes in repsonse to input from Council members.  Like the original version introduced by the European Commission, the new Council version of the PNR proposal would require each member state to establish a new surveillance agency (a government “Passenger Information Unit” or PIU), and would require each airline operating flights to, from, or within the EU to make PNR data available to the PIU of each origin or destination state.

The Council appears to have entirely ignored the criticisms raised by the European Parliament in its consideration of the PNR proposal, as detailed in its most recent November 2008 resolution withholding Europarl approval. As the Europarl rapporteur said in the plenary session preceeding the vote:

I think the European Parliament is a serious partner, fully available to give input in this process. However, we will only issue a formal position once there are full, satisfactory and detailed answers to all the concerns and objections that were raised on several occasions by the European Parliament, the European Data Protection Supervisor, the national data protection authorities, the fundamental rights agencies and the airlines, because I think they are entitled to a real answer.

The latest Europarl vote in favor of this resolution (and against approval of the PNR proposal) was overwhelming: 512 to 5, with 19 abstentions.  Under the “codecision” procedure, Europarl approval is required in order for the PNR proposal to be adopted.  But neither the Commission nor the Council have responded in any meaningful way to their critics, or provided any evidence that any benefit of the PNR scheme would be proportionate to the grave damage it would do to funadamental freedoms.

Europeans should encourage their MEPs to continue to demand answers before they approve any scheme with such profound implications for justice and civil liberties, and not to allow the EU to repeat the mistakes made by the U.S. in establishing PNR-based systems of travel surveillance and control.

Mar 21 2009

DHS releases (censored) documents on Automated Targeting System

As part of its celebration of “Sunshine Week”, The Electronic Frontier Foundation has posted more than a thousand pages of documents about the Automated Targeting System (ATS) for archiving and data-mining airline reservations to asisgn risk scores to all international travelers, released by the Department of Homeland Security over the last two years in response to Freedom of Informaiton Act requests and a FOIA lawsuit by EFF’s FOIA Litigation for Accountable Government (FLAG) project.

DHS claims still to be searching for and “processing” yet more documents responsive to the original requests, the documents that have been released are heavily redacted, and the lawsuit is ongoing.  Recently, EFF has asked the Court hearing the case to stay further proceedings while DHS decisions under the Bush Administration to withhold and redact documents at issue in the case are reviewed in light of the Obama Administration’s new instructions to Federal agencies on transparecncy and the processing of FOIA requests.

We’re still making our way through the newly-published documents for the first time, but they include extensive internal DHS discussion on how to respond to our criticisms, when the DHS first published the official notice (we’re still not exactly sure how many years after the fact) that was supposed to precede the deployment of any such system of Federal records about individuals, that the ATS was being used for a purpose specifically forbidden by Congress.  The documents also seem to confirm, even through the redactions, the lack of understanding by DHS of what information is included in the Passenger Name Records (PNRs) being sucked into government databases by the ATS dragnet, or how to interpret it.  Briefing memos prepared by operational staff for senior policy officials and public relations spokespeople refer to what PNRs “seem” to contain, and appear to be based on guesses and reverse engineering rather than on any expertise in industry standards, messaging protocols (such as the AIRIMP), or business practices.

Mar 18 2009

Air France puts digital fingerprints in RFID boarding passes

Yesterday (just in time for tomorrow’s planned strike by French air traffic controllers, which is expected to force the cancellation of many of their flights), Air France began a public beta test of what they are calling a “smartboarding” card, as depicted in this video (and third-party videos in English and another in French) and photos and as described in this press release:

This new system is a world first. With a personal card which contains the latest biometric technology (encrypted fingerprints), RFID (radio frequency identification) and thermal printing (the back of the card can be reused up to 500 times), these passengers will be able to board through a dedicated portal whenever they choose.

Developed together with Citizengate, the smartboarding® service has 4 stages:

1. In a special office at the airport (Paris-Charles de Gaulle Terminal 2F), customers can obtain their personal smartboarding® card in just a few minutes which is immediately operational. During registration, all the customer’s identity information (surname, first name, Flying Blue membership number), as well as their encrypted fingerprints is transmitted to the smart card. This registration stage is only carried out once and no files are kept by Air France. Read More

Mar 18 2009

NPR parrots the government line on RFID passports

Today’s edition of “All Things Considered” includes a puff piece on e-passports with embedded RFID chips, based entirely on propaganda statements by government spokespeople.  For the other side of the story that NPR didn’t bother to cover, see the listener comments in NPRs blog, our previous articles on RFID chips in government-issued identity documents, and reports elsewhere on how RFID passports facilitate ID theft, how the globally unique ID numbers on the RFID chips facilitate surveillance, how the encryption used for the rest of the data on the RFID chip has already been cracked, and how space has already been reserved in the data structure on the chip for logs of travelers’ movements.

Feb 11 2009

ID checks and government logs of hotel guests

Demands for ID credentials from hotel guests are once again in the public eye, with commenters in travel journalist Christopher Elliott’s blog weighing in with opinions on his recent article about an Orlando hotel, Hotel shows customer the door after he refuses to show ID — can it do that?

This sort of thing doesn’t happen only in the land of Disney World, though. Coincidentally, one of the final public acts of the outgoing Chief Privacy Officer of the DHS last month was to release a lengthy analysis of European laws and practices for requiring hotel guests to identify themselves, and for government access to those records: Interim Report on the EU Approach to the Commercial Collection of Personal Data for Security Purposes: The Special Case of Hotel Guest Registration Data. Read More

Feb 03 2009

Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

Read More

Jan 15 2009

Recent developments in the USA in travel data

(Comments of the Identity Project at a workshop on “What’s on the agenda in the USA and Canada?” at the annual conference on Computers, Privacy, and Data Protection, Brussels, 16-17 January 2009)

Two major issues have emerged in the last year in relation to personal data about travel: (1) The overall goal of the government of the USA in its various policy initiatives on “travel security” has become increasingly clear. The USA is seeking to establish a global norm that:

  1. Government-issued identity credentials should be required for all forms of travel, domestic and international.
  2. All travel transactions should be recorded in a lifetime “travel history”.
  3. Pre-departure government permission should be required for all travel (based on the identity credential and the associated historical dossier), particularly for air travel or international travel.

Read More

Jan 05 2009

“The Department of Homeland Security in Action”

Just in time for the launch tomorrow night (Tuesday, Jan. 6th) of the the new DHS “reality” television show, Michael Yon has a timely post about an aspect of DHS reality that the “embedded” television production crews probably won’t show us: Border Bullies: The Department of Homeland Security in Action. Read the whole story. The devil is in the details of how Michael’s friend was treated on arrivial in the USA (en route to spend money as a tourist at Disneyworld), but here are a few snippets:

While the U.S. Immigration officer named Knapp rifled through all her belongings, Aew sat quietly. She was afraid of this man, who eventually pushed a keyboard to Aew and coerced her into giving up the password to her e-mail address. Officer Knapp read through Aew’s e-mails that were addressed to me, and mine to her. Aew would tell me later that she sat quietly, but “Inside I was crying.” She had been so excited to finally visit America. America, the only country ever to coerce her at the border. This is against everything I know about winning and losing the subtle wars. This is against everything I love about the United States. We are not supposed to behave like this. Aew would tell me later that she thought she would be arrested if she did not give the password….

Knowing that Homeland Security officers are creating animosity and anxiety at our borders does not make me feel safer. How many truly bad guys slip by while U.S. officers stand in small rooms and pick on little women?…

I had intended to show Aew a bit of my country. But it’s taking a little while for her to get over her discomfort at being in America. She was treated better in China. So was I.

Dec 24 2008

Weekly DHS propaganda hour on prime-time broadcast TV

Giving new meaning to the epithet, “security theater”, the hit Australian reality-television show Border Security has been franchised to the USA in the form of Homeland Security USA.

The weekly hour-long “reality” program is scheduled to begin Tuesday night, January 6th, 2009, on ABC.  Having seen the Australian predecessor, we can hardly wait to see how the DHS, with its growing focus on spin control and image management, wants to be seen.

The show boasts of the “full cooperation” of all DHS departments, without which it couldn’t be produced — and, therefore, who it can’t afford to offend if it wants to continue.