Papers, Please! – Page 10 – The Identity Project

Sep 22 2021

A vaccine mandate hides an ID mandate

As we have long feared, and as has already happened in other countries, COVID-19 vaccination requirements are being used to impose unrelated ID requirements.

There’s a difference between “unvaccinated” and “undocumented” — a difference that’s gotten lost in some recent regulations and orders imposing “vaccination mandates”.

Case in point: the San Francisco Department of Public Health.

An order from the SFDPH purports to require people entering indoor businesses or other indoor venues including anywhere food or beverages are served, gyms, and other “large indoor events” to show “proof” of having been fully vaccinated against COVID-19.

But proof of vaccination is not what the order actually mandates. Its only real mandate is a an ID mandate, and in practice its effects would be felt primarily by undocumented people (including vaccinated but undocumented people) who don’t have or don’t choose to show ID, not by unvaccinated people.

Regardless of whether you’ve been vaccinated or whether you think other people should be vaccinated, the ID mandate hidden in this order, like similar ID mandates lurking in other “vaccination” regulations and directives, is a step backward for civil liberties. It is vulnerable to, and deserving of, Constitutional challenge.

Here’s what the SFDPH order would actually require:

Sep 15 2021

DHS must explain failure to release e-mail files

In a victory for the Freedom Of Information Act (FOIA), an Administrative Law Judge (ALJ) has ruled that the Department of Homeland Security (DHS) must either disclose records of e-mail messages which we requested in the “native” file formats in which they are held on DHS servers or archival storage media, or must “demonstrate with sufficient justification that they cannot produce the documents in their original fully digital version.”

This ruling was made in response to an administrative appeal by the Identity Project of the DHS (non)-response to a FOIA request we made in 2016 for the reports submitted to the DHS each month on how may people attempted to enter Federal facilities without ID or with ID deemed “noncompliant” with the REAL-ID Act of 2005, and what happened to these people. How many were eventually allowed to enter, and how many were turned away?

Jul 23 2021

The right to international travel and the right to a U.S. passport

In late 2015, as we noted at the time, Congress voted — as part of an unrelated surface transportation bill — to authorize the Department of State to revoke and/or refuse to issue a U.S. passport to anyone against whom the IRS has assessed an administrative lien or levy (even in the absence of any judicial action) for $50,000 or more in tax debt.

This week, the first appellate court to review this law upheld it as Constitutional, although on limited grounds. In its “per curiam” opinion in Maehr v. Department of State, the 10th Circuit Court of Appeals upheld a decision by a U.S. District Court judge in Colorado dismissing a lawsuit by Jeffrey T. Maehr, one of almost half a million people who have been deemed subject to revocation or non-issuance of U.S. passports, and thus prohibited from legally leaving (or returning to) the U.S., for alleged tax debts.

Two judges wrote opinions in support of the “per curiam” decision, each joined in different parts by the third member of the three-judge panel.

All three judges found (wrongly, we think) that, although there is some sort of “right” to international travel by U.S. citizens, it is not such a “fundamental” right as to make restrictions on the exercise of the right to travel be subject to to what courts call “strict scrutiny”.

Jul 19 2021

Photographing and recording the TSA

After stalling for more than five years, the Transportation Security Administration has made public a curious internal memo regarding photography and audio and video recording at TSA checkpoints.

The TSA wants to photograph us and track our movements and activities using facial recognition, but wants to limit our ability to photograph and record its activities.

The memo was released in May 2021 in response to a Freedom Of Information Act (FOIA) request made by Sai in March 2016. The memo itself is undated, but was distributed in July 2011 to TSA Federal Security Directors (FDSs) “for your immediate dissemination and implementation.” Needless to say, that “dissemination” did not include disclosure to the public, then or at any time until now, ten years after the fact.

That we have to make FOIA requests for internal TSA records like this, wait years for answers, and then try to parse the fragmentary responses for clues about TSA “policy” — rather than reading official policies applicable to the public in the U.S. Code, the Statutes at Large, or the Code of Federal Regulations — is indicative of the systemic problem of secret law.

But since secret rulemaking is standard operating procedure for the Department of Homeland Security and its components, what can we learn form the most recently-released memo about photography and recording at TSA checkpoints?

Jun 17 2021

DHS still evades review of no-fly orders

Two recent court cases, and follow-up articles and interviews with the plaintiffs and their lawyers, show how the highest priority for the U.S. government with respect to no-fly orders continues to be preventing judicial review of these government decisions, not preventing terrorism.

When an airline requests permission to allow an individual to board a flight, and the U.S. Department of Homeland Security (DHS) declines to give permission, that “Boarding Pass Printing Result” (BPPR) message is communicated only to the airline, not the would-be traveler. Even the airline is not told the basis, if any, for the negative BPPR message. (The default is “No”, in the absence of affirmative, individualized government permission-to-board.)

Again and again and again, when people have challenged these no-fly orders in U.S. courts, the government has chosen not to disclose or defend the basis for its decisions that these people constitute a threat to aviation sufficient to justify restricting their right to travel.

Instead, the government has told the plaintiffs that they have been (although perhaps only temporarily) removed from “the no-fly list” (although with no assurance that they won’t again be prevented from traveling in the future), and then gotten their complaints dismissed in court as “moot”. Only rarely has it been possible to pursue these cases.

A special law restricting the jurisdiction of the Federal courts over “orders” of the Transportation Security Administration (TSA), 49 U.S.C. § 46110, has also been used to avoid fact-finding as to the basis, if any, for these orders. In our opinion this law is clearly unconstitutional. But the Constitutionality of this law has not yet been directly ruled on, and it has been the subject of little Congressional scrutiny.

If the government really thought these people were dangerous, it should have gone to court sooner to obtain injunctions or restraining orders restricting their freedom of movement. If challenged, it should have defended its actions before Federal judges in adversarial, evidence-based fact-finding proceedings.

The government has chosen to do neither, and has consistently responded to no-fly lawsuits by taking almost everyone with the means and will to pursue extended litigation off the not-fly list. This reflects the reality that the DHS sees judicial oversight of its actions, not terrorism, as the greater threat to its standard operating procedures. The top DHS priority is to be able to continue its practice of extrajudicial secret decision-making — disconnected from facts and based instead on fantasies of “pre-crime” predictive ability — about who is, and who is not, allowed to exercise their Constitutional rights.

The stories of Ahmad Chebli and Ashraf Maniar illustrate how this plays out in real life — and how it wrecks real people’s lives and livelihoods.

May 19 2021

A race to the bottom: DHS “Biometric Tech Rally”

Today the U.S. Department of Homeland Security (DHS) announced a competition between hardware and software vendors to demonstrate the facial-recognition systems that are most useful for surveillance and other malign uses: cameras or other sensors and facial and/or other biometric matching algorithms that can identity travelers (or other people in public places) even if they are wearing masks:

[T]he 2021 Biometric Technology Rally will focus on evaluating the ability of systems to reliably collect and/or match images of individuals, including those wearing face masks. The intent is to improve the ability to recognize people without requiring travelers to remove protective equipment….

The 2021 Biometric Technology Rally will be held at the Maryland Test Facility (MdTF) in Upper Marlboro, Maryland, later this fall. Testing will be performed in controlled scenarios relevant to DHS operations….

Providers of face and multi-modal biometric acquisition systems, as well as providers of biometric matching algorithms, are encouraged to participate.

Requiring travelers to remove their masks at checkpoints operated by or on behalf of the Transportation Security Administration (TSA) and/or other DHS components endangers travelers and makes clear that the U.S. government has put surveillance and tracking of travelers ahead of safety and health.

But the way to completely eliminate the threat to travelers’ health and safety posed by unmasking is to stop trying to identify travelers, which is based on the “pre-crime” fantasy that identity-based algorithms can read travelers’ minds and predict which of them intend to commit future aviation-related crimes. Instead, the TSA should confine its searches to those intended to detect genuinely threatening objects: weapons and explosives.

May 17 2021

ACLU: “Digital IDs Could Be a Nightmare”

As the U.S. Department of Homeland Security is soliciting proposals from vendors for how to put digital versions of drivers licenses and other ID credentials on smartphones, the ACLU has released a timely and insightful white paper, Identity Crisis: What Digital Driver’s Licenses Could Mean for Privacy, Equity, and Freedom, by Jay Stanley of the ACLU Speech, Privacy, and Technology Project, along with an executive summary in the form of a blog post, Digital IDs Might Sound Like a Good Idea, But They Could Be a Privacy Nightmare.

The ACLU white paper links to some of our research and reporting and highlights many of our concerns with compelled identification, the REAL-ID Act, invisible virtual checkpoints, ID-based blacklists and controls on what we are and aren’t allowed to do, and the role of AAMVA and other “private” entities as outsourced, opaque, unaccountable, creators of ID “standards” that function as de facto laws and regulations that govern our movements and activities, but that are adopted in secret, exempt from the Freedom Of Information Act or other transparency laws, and lack basic privacy protections. or respect for rights recognized by the U.S. Constitution and international human rights treaties.

We encourage readers interested in these issues to read the ACLU white paper in full. But here’s an excerpt form the introduction to the white paper, framing the issue:

May 14 2021

More DHS “pre-crime” policing, but still no real “precogs”

The U.S. Department of Homeland Security has announced the formation and rebranding of new and existing DHS components into what it is now calling the DHS Center for Prevention Programs and Partnerships (“C3P” in milspeak).

C3P is explicitly intended to be a “precrime” crime prevention agency, and to teach and promote “precrime” techniques for predicting future crimes and identifying future criminals to other Federal, state, and local law enforcement agencies. According to the DHS press release announcing the formation of C3P, “DHS’s efforts are grounded in an approach to violence prevention that leverages behavioral threat assessment and management tools, and addresses early-risk factors that can lead to radicalization to violence.”

C3P’s attempts to predict future crimes are to be based on behavioral patterns, i.e profiling, and on encouraging members of the public to inform on their families, friends, and classmates. According to Secretary of Homeland Security Alejandro Mayorkas, future criminals “typically exhibit behaviors that are recognizable to many but are best understood by those closest to them, such as friends, family, and classmates.”

The problem, of course is that the law does not permit prosecution based solely on patterns of lawful behavior. With good reason: “precrime” prediction is a figment of the imagination of the creators of a dystopian fantasy movie, Minority Report.

Neither the DHS nor anyone else actually has any “precogs” (human, robotic, or cybernetic) like those in the movie who can predict future crimes, or any profile or algorithm that actually enables it to predict who will commit future crimes.

“Precrime” policing should be left in Hollywood where it belongs, not allowed to infect the thinking of those who wield real-world police powers.

Apr 27 2021

DHS extends REAL-ID airport enforcement “deadline” again

The Department of Homeland Security has once again postponed its self-proclaimed “deadline” for enforcement of the REAL-ID Act at airports, this time from October 1, 2021, to May 3, 2023.

The latest postponement proves, once again, that the dates of the DHS threats to begin “enforcing” the REAL-ID Act at airports are as changeable as the dates in any of the threats made by extortionists or kidnappers. Today’s DHS press release is more like a ransom note than a legal notice: “If you get an ID we deem acceptable, we might not harass you as much when you fly, and we might allow you to exercise your right to travel.”

It remains unclear what enforcement of the REAL-ID Act at airports might mean. No law requires air travelers to have any ID, and the REAL-ID Act doesn’t change that. The Transportation Security Administration recently posted a video showing how you can fly without ID. But today’s DHS press release implies that the DHS is contemplating denying passage through TSA checkpoints at airports to travelers who don’t have, don’t carry, or don’t chose to show ID credentials that the DHS and TSA deem “compliant” or “acceptable”:

Beginning May 3, 2023, every air traveler 18 years of age and older will need a REAL ID-compliant driver’s license or identification card, state-issued enhanced driver’s license, or another TSA-acceptable form of identification at airport security checkpoints for domestic air travel.

Since this is a press release, not a bill proposing new legislation or a notice of proposed new regulations, it doesn’t need to say what legal basis there might be for this claim. But so far as we call tell, there is none.

The DHS recently tried to get Congress to exempt its implementaton of the REAL-ID Act from standard Federal rules notice and approval. But Congress turned down the DHS proposal for exemption of REAL-ID implementation from the Administrative Procedure Act and the Paperwork Reduction Act. The DHS has not yet begun any of the notice and approval procedures which would be required before it could impose new restrictions or requirements for air travel on the basis of the REAL-ID Act.

We expect that today’s press release will be followed by a formal rulemaking notice that merely changes the REAL-ID threat date. But such a rulemaking will neither clarify what action is really being threatened (i.e what the TSA will really do when travelers continue to show up at TSA checkpoints without “compliant” ID), clarify what the purported legal basis would be for that action, nor, in itself, create a legal basis for any such action.

Today’s DHS press release says that the change in the “deadline” will give states and individuals more time to “comply” with the REAL-ID Act. But compliance with the REAL-ID Act was, and still is, optional for both states and individuals. What the postponement by the DHS of its self-imposed “deadline” really does is give the DHS itself more time to come up with a legal justification for its threatened actions — or to withdraw its baseless threats. It also gives Congress more time to repeal the REAL-ID Act.

Don’t be intimidated by DHS and TSA threats. Regardless of what self-imposed DHS deadlines come and go, with how many more postponements, you will still have the same right to travel without ID that you have now.

Apr 21 2021

DHS wants to put REAL-ID drivers licenses on smartphones

The Department of Homeland Security has published a Request For Information (RFI) from vendors and other stakeholders regarding standards for drivers licenses and other IDs stored on smartphones or other mobile devices to be considered compliant with the REAL-ID Act of 2005.

Responses to the RFI are due by June 18, 2021.

The amendments to the REAL-ID Act signed into law at the end of 2021 included provisions authorizing the DHS to certify digital ID credentials as “REAL-ID compliant”. That certification can’t happen, though, until the DHS promulgates new regulations.

The RFI published in the Federal Register this week is not formerly part of such a rulemaking, but appears to be part of the preparations for it.

A “mobile ID” would consist of a certificate digitally signed by a state department of motor vehicles. The RFI contemplates a process through which “individuals would electronically send identity verification information to the DMV to establish their identities and ownership of the target device.” No explanation or justification is provided for why or how a digitally-signed certificate would be, or should be, bound to a specific device, rather than simply provided as a file that can be stored on any digital device or storage medium.

It’s just as easy to loan a smartphone or other mobile device to another person whose appearance is similar as it is to loan a physical ID card to another person.

A drivers license rarely needs to be displayed, and in the form of a wallet-sized plastic card it can be kept in a relatively secure pocket or compartment of a purse. A smartphone, in marked contrast, is likely to be frequently consulted and carried in a location on one’s person that is much more exposed and vulnerable to snatch-thieves than one’s wallet.

A smartphone is already, for many people, vulnerable as a single point of failure for identity and password management. Binding a digital ID to a specific smartphone appears likely to increase the risk and exacerbate the consequences of smartphone theft as a method of identity theft.

The RFI says that the DHS is considering incorporating the American Association of Motor Vehicle Administrators Mobile Driver License (mDL) Implementation Guidelines (April 2019) in the DHS standards and regulations, and the DHS seeks comments on those AAMVA guidelines. But those AAMVA guidelines are posted only on the “members-only” portion of the AAMVA website, and aren’t available to the public.

In the past, when we reposted specifications for the AAMVA’s national REAL-ID database that AAMVA had posted for years on the public portion of its website, AAMVA not only moved those specifications to to the members-only portion of its website, but asserted their copyright and threatened us with litigation to get us to take them off our site.

The DHS notice purporting to invite the public to submit comments on a secret document, not available to the public, that might be incorporated into DHS regulations, exemplifies everything that is wrong with both secret law and the outsourcing of “lawmaking” to entities such as AAMVA that are nominally private and not subject to Federal or state freedom of information, public records, or open meetings laws.

There’s no indication in the RFI as to when or how the DHS plans to move forward with the separate rulemaking and approval procedures that will be required if it is to follow through on its threats to start turning away would-be air travelers at TSA checkpoints if they don’t have REAL-ID approved ID or don’t have or show any ID.