Papers, Please!

The Identity Project

Category Archives: Surveillance State

Jun 19 2018

Coding Amtrak’s collaboration with US Customs and Border Protection

We’ve received and posted the latest installment in a continuing trickle of responses to a Freedom of Information Act request  we made in 2014 for records related to Amtrak’s collaboration with US and foreign law enforcement and “border control” agencies.

The most recent batch of records released by Amtrak consists mainly of email correspondence between Amtrak IT staff responsible for supporting ticket sales through travel agencies  (most of which occur through computerized reservation systems), programmers with Amtrak’s in-house ARROW  reservation system, and Amtrak’s technical contacts at  the four major CRSs used by travel agencies: Sabre, Apollo, Worldspan, and Amadeus.

Most of these exchanges relate to Amtrak’s decision in 2005 to start feeding information about all passengers on cross-border (USA-Canada and Canada-USA) Amtrak trains to US Customs and Border Protection, and to require all passengers on these trains to provide Amtrak with passport or travel document info to pass on to CBP.

This was not required by any US law or regulations,  but was a voluntary decision by Amtrak. Some travel agents complained about this, but we’ve still seen no indication that they were given any answer about why Amtrak was doing this or what travelers or travel agents who didn’t want to provide this information could do. Amtrak’s own programmers were falsely told that this was required by order of CBP.

The messages we have received show that requiring travel agents to enter names and details of ID documents in PNRs for Amtrak travel created in the CRSs, and getting this information to flow through in standardized form to ARROW records and transmissions to CBP, proved more difficult than had been expected.

Read More

May 29 2018

More stupid questions for applicants for U.S. visas

The list of questions asked of applicantas for U.S. visas goes on for page after page, including:

  • Do you belong to a clan or tribe?
  • Are you or have you ever been a drug abuser or addict?
  • Are you coming to the United States to engage in prostitution or unlawful commercialized vice?
  • Do you seek to engage in espionage, sabotage, export control violations or any other illegal activity in the United States?
  • Are you a member of a terrorist organization?
  • Have you ever participated in genocide?
  • Have you ever been directly involved in the coercive transplantation of human organs or bodily tissue?
  • Have you ever committed torture?
  • Have you ever engaged in the recruitment or the use of child soldiers?
  • Are you coming to the U.S. to practice polygamy?
  • Are you a member of the Communist party?

Some of these questions are pointless. How many people have been denied admission to the U.S. because they volunteered that they were terrorists, torturers, or genocidists?

Others of these questions are vague, irrelevant, and/or intrusive.

Unfortunately, the list of questions asked of would-be travelers to the U.S. has grown ever longer, under both Democratic and Republican administrations.

In 2016, questions about social media identifiers were added to the online application for the Electronic System for Travel Authorization (ESTA), a sort of short-form electronic visa used by tourists and some short-stay business visitors from most-favored countries.

Now those same questions are being added to the printed and  online forms used by all other applicants for any type of visa to visit, transit, or immigrate to the U.S.

Today the Identity Project and five other national civil liberties and human rights organizations — Government Information Watch, Cyber Privacy Project (CPP), American-Arab Anti-Discrimination Committee (ADC), Restore the Fourth, Inc., and National Immigration Law Center (NILC) — filed comments with the Department of State objecting to this questioning as unconstitutional and contrary to international human rights treaties and Federal laws.

Read More

May 24 2018

DHS aggregating commercial biometric data and position logs

The DHS is proposing to expand its biometric identification and surveillance programs, and its collaboration with commercial entities in biometric-based surveillance, with the creation of a new database of “External Biometric Records” (EBR). EBR would include (1) biometric identifiers (such as facial photos, iris scans, fingerprints, DNA profiles, etc.) and (2) logs of the location, date, and time where each image or biometric sample is created.   EBR records would be aggregated from commercial sources, and available for use by all DHS components and sharing  with other Federal, state, local, and foreign entities.

The DHS is also proposing to exempt EBR from most of the requirements of the Privacy Act, including the right of individuals to find out what information about them is in the database and to what other government agencies or third parties it has been disclosed.

Today we filed comments, together with four other national civil liberties and human rights organizations — Government Information Watch, the Cyber Privacy Project (CPP), Restore the Fourth, Inc., and the National Immigration Law Center (NILC) — objecting to the DHS proposals as unconstitutional and contrary to Federal law.

Read More

May 14 2018

Senators say US citizens shouldn’t have to submit to airport mug shots

Senators Mike Lee (R-UT) and Ed Markey (D-MA) have sent another joint letter to Secretary of Homeland Security Kirstjen Nielson renewing their objections to requiring US citizens to submit to mug shots (“facial recognition”) as part of a DHS “biometric exit” program for identifying and tracking international travelers departing from US airports and seaports.

The letter sent last Friday is a follow-up to an earlier letter six months ago, in which the Senators told the DHS that such a requirement for US citizens is “facially unauthorized”:

Most crucially, while Congress has repeatedly voted to authorize biometric entry-exit scanning of foreign nationals, it has never authorized biometric exit screening for U.S. citizens. In fact, Congress has pointedly neglected to authorize DHS to use the program on U.S. citizens for any purpose. Additionally, while airport infrastructure may not be conducive to separate boarding procedures for U.S. citizens and non-citizens, convenience should not be placed above congressionally mandated requirements. We are concerned that the use of the program on U.S. citizens remains facially unauthorized.

Read More

Apr 12 2018

Mapping #CheckpointAmerica

Our friends at the Cato Institute have launched a new  section of their Website in English and Spanish, Checkpoint: America — Monitoring The Constitution Free Zone. The new site provides annotated maps of the locations and details of known permanent checkpoints operated by U.S. Customs and Border Protection (CBP) to control internal travel on roads within the U.S.

CBP claims the “border” authority to operate permanent or temporary roadblocks and stop and question U.S. citizens without a warrant anywhere within 100 miles of any international border or coastline. Including the Atlantic and  Pacific coasts and Great Lakes shorelines, this “border” area includes the majority of the population of the U.S.

Cato compiled information about the checkpoints from non-governmental sources after CBP stonewalled a FOIA request for it: “A 2015 Freedom of Information Act request to CBP filed by Cato Policy Analyst Patrick Eddington for information on these checkpoints has been on administrative appeal for two years.”

The clickable map shows, “overhead and ground-level photography of the facilities, physical descriptions of the checkpoints, and … (where available) press accounts, administrative actions, and court proceedings involving a given checkpoint.”

The new Cato site also acknowledges and links to our friends at Roadblock Revelations (Checkpoint USA), who have been documenting and challenging these checkpoints for many years.

Apr 06 2018

Transportation companies should not consent to police harassment of travelers

The ACLU is calling on Greyhound to stop giving the Border Patrol (US Customs and Border Protection) permission to board Greyhound buses and interrogate passengers.

According to a public letter sent to Greyhound by ACLU affiliates across the US:

Greyhound recently has said that the company believes it is “required” to “cooperate with [CBP] if they ask to board our buses.” We are aware of no such requirement. Rather, Greyhound has a Fourth Amendment right to deny CBP permission to board and search its buses without a judicial warrant…. [W]e urge Greyhound to change its policy and to refuse CBP permission to conduct invasive bus raids without a warrant.

Or, as a petition already signed by more than 30,000 people puts it more succinctly, “Your company has the right to say no to [the] Border Patrol — now is the time to do it.”

We wholeheartedly endorse this call on Greyhound to stop doing the wrong thing — and we extend the same call to all transportation companies including airlines and Amtrak.

Federal, state, and local police routinely collaborate to interrogate travelers on buses and trains and in bus and train stations and airports. The purpose of this questioning is typically not to obtain information, but to trick and/or intimidate travelers with a sufficient show of force  to get them to “consent” to searches of their belongings for drugs and/or cash, so that travelers’ cash and/or other valuables can be seized and forfeited to the police agencies involved. “Consensual” questioning and searches are also used as the basis for additional harassment, detention, and deportation of immigrants and other foreigners.

These sordid practices depend, we reiterate, on trickery and intimidation as well as on the willingness of the courts to countenance “consent” given under patently coercive conditions when armed police are blocking the aisle of a bus or train or the door of a compartment on a sleeping car, or surrounding a traveler in an airport waiting area.

But these practices also depend on the willingness of transportation companies to let these goons onto their buses and trains and into their stations and airports to conduct these looting expeditions for anything they can expropriate through civil forfeiture.

Greyhound buses are private property. Except in “hot pursuit” of a suspected criminal, police cannot board Greyhound buses without a ticket or permission from Greyhound.

Amtrak is a Federal government corporation, but nothing in its charter from Congress requires it to collaborate with, or consent to, warrantless searches of Amtrak property, including passenger coaches and sleeping cars, or questioning of Amtrak passengers.

(We are continuing to receive a foot-dragging trickle of responses to a FOIA request we made to Amtrak in 2014 for information about Amtrak’s sharing of information about passengers with the DHS and with foreign law enforcement agencies.)

Similarly, most airports and some bus and train stations are publicly operated, but free to refuse their consent to warrantless entry onto some or all of their premises, other than customs facilities leased to CBP, by agents of the DEA, CBP, or other law enforcement officers not involved in routine airport, train station, or bus station patrols and policing.

If you see police doing something you don’t like on a bus or train, in a bus or train station, or in an airport, say something to the company that “consented”  to this police activity.

Apr 04 2018

Anything you say (to the census) can and will be used against you

[Excerpt from census report used for internment of Japanese-Americans. Names and street numbers were redacted by the academic researchers who published this, but were included in the original report provided to internment authorities and later found in government archives.]

Yesterday 17 more states, the District of Columbia, and six cities joined the state of California in court challenges to plans for the 2020 Census to include a question about the citizenship of each person found to be present in the US on census day.

Like police, census takers can ask any questions they like. But if they ask questions such as, “Are you a US citizen?”, you can, and you should, exercise your right to remain silent.

The US Constitution requires to Federal government to conduct a census — a count — every ten years. But you don’t have to say anything for the government to count you.

Anything you say to the US Census can and will be used against you.

How do we know this? We know it could happen again, because it has happened before.

In 1943, the Bureau of the Census prepared block-by-block reports based on responses to the 1940 census listing the name, street address, age, occupation and employer, and citizenship of each Japanese or Japanese-American person. A sample of one of these reports is reproduced at the top of this article.

These census reports were turned over to the military authorities administering the round-up and “internment” (a euphemism) of Japanese and Japanese-American people. Archived copies of these reports were found in the Franklin D. Roosevelt Presidential Library and published by academic researchers in 2007.

Responses to census questions were thus used against (Japanese-American) US citizens as well as against (Japanese) foreign citizens who resided in the US.

This documented history teaches that it’s not just immigrants and foreigners who should decline to answer census questions. US citizens have a well-founded fear that answers to census questions about lawful status — there was nothing illegal or sanctionable, at the time of the 1940 census, about being of Japanese ancestry — can be and have been used against them.

Today, the Bureau of the Census claims that “We promise that we will use the information only to produce timely, relevant statistics about the population and the economy of the United States.” According to the Census Bureau FAQ on “Why We Ask Questions About… Citizenship“:

We use your confidential survey answers to create statistics…. no one is able to figure out your survey answers from the statistics we produce. The Census Bureau is legally bound to strict confidentiality requirements. Individual records are not shared with anyone, including federal agencies and law enforcement entities. By law, the Census Bureau cannot share respondents’ answers with anyone — not the IRS, not the FBI, not the CIA, and not with any other government agency.

History shows, however, that it times of war, panic trumps previously declared policy. The “War on Terror” is no exception.

The only way to prevent the misuse of information is not to collect it. Unless the current lawsuits are successful, the only way to prevent the census from collecting this information will be for people questioned by census takers to exercise their right to remain silent. If you want to be counted, you can show yourself at a window. You don’t need to say anything for the census taker to count you.

If someone claiming to be a census taker knocks on your door, don’t open the door. Claiming to be a census taker is a great pretext for identity theft, burglary, or home invasion. Ask them if they have a warrant or court order signed by a judge. If they don’t, tell them to them to go away. If they persist, say the same things you would say to police: “Go away. I do not consent to any search. I want to talk to a lawyer. I’m going to remain silent.”

Apr 02 2018

Can US citizens entering the country opt out of CBP mug shots?

US Customs and Border Protection (CBP) has published a new Privacy Impact Assessment (PIA) for its Automated Passport Control (APC) kiosks and Mobile Passport Control (MPC) apps.  Unlike most PIA’s, this one does not say why it was prepared, or what, if anything, about the programs it assesses has changed. But it appears to be a response — although an inadequate and possibly still a factually inaccurate one — to some of our complaints.

At many international airports and some cruise ports  in the US, travelers — including US citizens — have to submit their mug shots to CBP through either an APC kiosk or the MPC smartphone app before they are allowed to proceed to CBP officers for customs, immigration, and agricultural inspections.  This requirement is enforced by “line minders” manning the velvet ropes and directing pedestrian traffic inside “sterile” arrival areas. These line minders are employed by the airline, airport, and/or their contractors or sub-contractors, making it easy for CBP to deny any responsibility for their actions.

In January of this year, we were part of a meeting between civil liberties and human rights organizations and CBP officials on the subject of these  “biometric entry/exit” schemes.

The CBP officials we met with in January denied that anyone is required to use the APC kiosks, contrary to our experience and that of other participants in the meeting.

When we complained that CBP hasn’t complied with even the minimal notice requirements of the Privacy Act and the Paperwork Reduction Act (PRA) for this sort of data collection, CBP’s Privacy Officer responded, “I do not consider this program to be operating in violation of the Privacy Act, therefore, I have nothing to investigate.”

But although CBP didn’t conduct an “investigation”, it does appear to have conducted a new “assessment” and published a new set of claims about what it is doing.

What does CBP now say about its mug shots of arriving travelers? And is it true?

We call B.S.

Read More

Mar 30 2018

State Department proposes more surveillance of social media, communications, and travel

[Excerpt from proposed US visa application form as posted at Regulations.gov]

Today the US Department of State published proposals in the Federal Register to expand its ongoing surveillance of social media, e-mail, and travel by applicants for immigrant and nonimmigrant (tourism and other temporary visits) visas:

The Department is revising the collection to add several additional questions for…  visa applicants. One question lists multiple social media platforms and requires the applicant to provide any identifiers used by applicants for those platforms during the five years preceding the date of application. The platforms listed may be updated by the Department by adding or removing platforms….

Other questions seek five years of previously used telephone numbers, email addresses, and international travel.

Questions about social media identifiers were added to the applications for visas and the ESTA form (electronic visa for citizens of countries in the US Visa Waiver Program) in 2016. But until now, the State Department has claimed that answering these questions was “voluntary”.

This expanded social media, telephone, and e-mail surveillance has all the problems we and other organizations have previously objected to, and more.

There has not previously been any requirement for would-be visitors or immigrants to the US to provide current or past telephone numbers, e-mail addresses, or a comprehensive list of which countries other than the US have been visited or when they have been visited.

The State Department will use these identifiers and share them with other Federal agencies such as DHS, including through the National Vetting Center, to target surveillance of foreign citizens, to mine its historical archives of dragnet surveillance, and to decide whether or not to allow foreigners to enter or remain in the US.  As part of “Visa Lifecyle Vetting” (formerly known as the “Extreme Vetting Initiative”) they will also be used for “continuous vetting”: ongoing suspicionless monitoring, profiling, and scoring by “pre-crime” algorithms purported to have robotic “pre-cognitive” abilities to predict future crimes based on what people say and who they associate with.

Read More

Mar 13 2018

Is the DHS using this Unisys pre-crime software?

A press release last week from Unisys gives a disturbing glimpse into the extent to which border guards — possibly including US Customs and Border Protection (CBP) and other components of the US Department of Homeland Security — are making decisions on the basis of automated “pre-crime” predictions of future bad actions or bad intentions.

Unisys describes its “LineSight” (TM)  product as,

[N]ew software that uses advanced data analytics and machine learning to … enable border agents to make … on-the-spot decisions about whether to trigger closer inspection of travelers … before admitting them into a country…. The solution [sic] uses advanced targeting algorithms to continuously ingest and analyze high volumes of data from multiple sources and to flag potential threats in near real time. For travelers crossing borders, LineSight assesses risk from the initial intent to travel and refines that risk assessment as more information becomes available – beginning with a traveler’s visa application to travel, reservation, ticket purchase, seat selection, check-in and arrival.

Think about what this means: This is not a tool for investigation of illegal conduct or prosecution of people who have committed crimes. It presumes that government agencies will be sufficiently deeply embedded in travel industry infrastructure and have the surveillance capability to know as soon as you form an “initial intent to travel”. It’s being marketed to government agencies as a “pre-crime” system alleged to have “pre-cognitive” ability to predict intentions and future actions, and to generate its own algorithms for doing so:

“Many legacy border security solutions identify potentially risky travelers and cargo based on previously known threats – which is kind of like driving a car and only using your rear view mirror,” said Mark Forman, global head of Unisys Public Sector….

LineSight does not depend solely on pre-defined pattern matching rules; it also includes predictive analytics and machine learning that allow the system to learn from experience and automatically generate new rules and algorithms to continuously improve assessment accuracy over time.

Decisions about which travelers should be subjected to more intrusive searches should be be made on the basis of probable cause to believe that  crimes have been committed, not on the basis of fantasies of “pre-cognitive” pre-crime prediction.

It’s wrong to delegate judicial decisions to administrative agencies, wrong to further delegate those decisions to software ‘bots, and wrong to set those robots loose to make up their own rules to govern whch individuals are subjected to searches or other sanctions.

Read More