Papers, Please!

The Identity Project

Oct 09 2020

Port of Seattle continues debate on facial recognition

The debate continues on whether the Port of Seattle should allow or pay for continued or expanded use of facial recognition at Sea-Tac Airport (SEA) and the Seattle cruise port.

Yesterday Port of Seattle staff and a subcommittee of the Port Commission met with an advisory committee on biometrics appointed by the Port Commission.

Jennifer Lee of the ACLU of Washington State delivered a letter co-signed by a coalition of organizations including the Identity Project urging the Port Commission not to authorize, pay for, or participate in any use of facial recognition to identify travelers:

On December 10, 2019, the Commission adopted seven principles to guide its decision-making on if and how biometrics should be used at the Port. These principles are: justified, voluntary, private, equitable, transparent, legal, and ethical.

We do not believe that either the current or the proposed uses of biometrics to identify travelers on Port property can be implemented in a manner consistent with these principles. Port staff state that its recommendations “are not meant to suggest that the Port should implement public-facing biometrics, but rather how to do so in alignment with our guiding principles.”  The only action that would be aligned with those principles would be to ban the use of facial recognition technology to identify members of the public by the Port, as well as by the Port’s tenants and contractors….

1. We urge the Port of Seattle Commission to reject participation in, and funding of, CBP’s facial recognition exit and entry programs….

2. We urge the Port of Seattle Commission to prohibit use of facial recognition technology by private entities.

The Port of Seattle should prohibit business tenants such as airlines from integrating with CBP’s Traveler Verification Service (TVS) — the agency’s “Identity as a Service” biometrics system…. When Port tenants integrate with CBP’s TVS architecture, it is impossible to separate “private” or non-federal surveillance from federal government surveillance of travelers. Travelers may think that they are having their photo taken at a self-service kiosk solely for use by the airport or airline. But in reality, that photo will also be shared with DHS and CBP.

The Port, airlines, and contractors should not obscure the role of DHS and CBP by collecting facial images on their behalf. The Privacy Act, as discussed further below, requires that if an individual’s personal information is to be used by a federal agency, it must be collected by that agency directly from that individual. The best way to provide travelers with clear notice that facial images are being passed on to DHS is to require that any such images be collected by identifiable, uniformed DHS staff, using DHS equipment, at DHS’s expense.

The Port meeting also heard from the office of Rep. Pramila Jayapal, who represents the city of Seattle and environs (although not Sea-Tac Airport) in Congress.  Noting the concerns that led her to introduce a bill in Congress that would “place a prohibition on the domestic use of facial recognition technology by federal entities, which can only be lifted with an act of Congress,” Rep. Jayapal suggested that the Port Commission “consider a moratorium on the use of biometrics technology in all Port activities under its purview.”

Read More

Sep 17 2020

New CBP propaganda on facial recognition and other biometrics

US Customs and Border Ptotection (CBP) has launched an entire new subdomain of its website, biometrics.cbp.gov, devoted to propaganda intended to persuade the traveling public to submit to, and airlines and airport operating authorities to collaborate in, the use of facial recognition and other biometrics to identify and track travelers.

There’s nothing in CBP’s happy-talk sales pitch for facial recognition on this new website that we haven’t seen before. And there are still no answers to any of the questions we’ve asked CBP officials about these practices and the legal basis (not) for them.

Biometrics.cbp.gov features links to the (nonbinding) Privacy Impact Assessments (PIAs) that are supposed to describe how mug shots obtained by CBP or its airport and airline “partners” are to be used. But the new CBP site doesn’t link to the legally binding System Of Records Notices (SORNs) that disclose a much wider range of routine and permitted uses of these images.

If there’s anything noteworthy on this site, it’s under the Resources tab, where you can download  copies of the official CBP signs that are supposedly posted at airports, seaports, and land border crossings, including those for airport arrivals (shown at the top of this blog post), airport departures, cruise ports, and pedestrian lanes at land borders.

Leaving aside questions of the accuracy of the claims on these signs, they provide definitive confirmation that all of these biometric programs are in flagrant violation of Federal law — as we’ve pointed out repeatedly to CBP, but to no avail.

None of these signs contain any Paperwork Reduction Act (PRA) notice or any OMB Control Number. Even if the collection of photos or other biometric information were authorized by law, even if it were voluntary, even if it were limited to non-US persons, and even if none of the images or other data were retained, this collection of information would still have to be approved in advance by OMB, assigned an OMB Control Number confirming the approval, and accompanied by PRA notices including that OMB Control Number.

Some people wonder why we care about OMB approval or PRA notices. OMB approval is often little more than a rubber stamp. It’s not an onerous burden on the agency, and it doesn’t usually involve any meaningful scrutiny of the legal basis claimed by an agency for collecting information from individuals. PRA notices don’t give much information about how the data that’s being collected will be used.  Few people know to look for PRA notices or OMB Control Numbers, how to interpret them, or what they signify.

The significance of CBP’s complete disregard for the PRA — a minimal administrative formality that CBP could easily comply with — is that it is indicative of CBP’s complete disregard for the law in general. It’s not that CBP or its parent agency the US Department of Homeland Security (DHS) are lazy. The choice not to seek OMB approval for their actions, or to post PRA notices, is not an accident. It’s emblematic of the extent to which CBP and the DHS assume that they can disregard any of the substantive or procedural rules that apply to all other agencies, and make their own laws through secret diktats. The real problem is not the violation of the PRA, but that CBP and DHS have no greater respect for human rights treaties or the US Constitution than they do for Federal laws like the PRA.

Sep 15 2020

DHS lies again about REAL-ID

As it’s been doing for years, the US Department of Homeland Security (DHS) is still lying about the state of compliance by states with the Federal REAL-ID Act of 2005.

The latest DHS whopper is this DHS press release issued September 10, 2010:

The DHS claims that “All U.S. States [Are] Now Compliant” with the REAL-ID Act. But as we’ve noted many times before, the REAL-ID Act explicitly and unambiguously requires that to be “compliant”, a state must “Provide electronic access to all other States to information contained in the motor vehicle database of the State.”

How many states do that today? At most, 28, not all 50, as shown in the map below:The only mechanism available for states that want to share their drivers’ license databases is the outsourced “State to State” (S2S) system operated by the American Association of Motior Vehicle Administators (AAMVA), a private contractor not subject to the Federal or any state Freedom Of Information Act (FOIA) or other laws proviidng transparency and accountability for government agencies. Despite the misleading name, S2S is not a mechanism for messaging directly from state to state. It’s a centralized system which depends on a central national ID database, SPEXS, aggregated from state drivers’ license and ID data.

Here’s the latest list released by AAMVA of states that are particpating in S2S. Each particpating state has uploaded information about all drivers’  licenses and state ID to SPEXS. Together these 28 states include substantially less than half the U.S. population:

We wish we didn’t have to keep saying, again and again, that the DHS is lying about REAL-ID. But as long as Federal and state agencies keep putting these lies in their headlines, we’re going to keep on pointing out that the emperor (still) has no clothes.

Sep 14 2020

10th Circuit: No qualified immunity for police who demand ID

A panel of the 10th Circuit US Court of Appeals has ruled, in the case of Mglej v. Gardner, that it is “clearly established law” that police in Utah may not require suspects (or anyone else they detain, except operators of motor vehicles) to show ID documents, and therefore that the Garfield County Sheriff who wrongly arrested Matthew T. Mglej for “refusing to identify himself” is not entitled to qualified immunity and can be held liable for damages.

In the summer of 2011, Mr. Mglej, then 21 years old, set out on his motorcycle from his family home in Portland, OR, to visit relatives in Dallas, TX. Mid-way on that road trip, his motorcycle developed problems, and he stopped in Boulder, UT (population around 200), to see if he could get his bike repaired and replace a tire that was threatening to blow.

Read More

Sep 09 2020

Portland bans facial recognition by city agencies or in places of public accommodation

Today the City Council of Portland, Oregon, voted unanimously to ban the use of facial recognition technology by City agencies or by private entities in places of public accommodation within the City limits, including at the Portland International Airport (PDX), effective immediately.

Many local and national organizations and individuals testified eloquently in favor of these proposals. We don’t need to repeat all of their general arguments.

But a point of particular concern and particular pleasure for us is that the Port of Portland asked the City Council for an exemption from the ban to allow use of facial recognition “for air carrier passenger processing” — and was turned down.

No member of the City Council mentioned the Port’s request for a carve-out for facial recogntion of air travelers during the City Council discussion, and the proposals were adopted without amendment except for making the ban on private use of facial recognition in places of public accommodation effective immediately, as had already been proposed for the ban on use by city agencies. (The amendment to make the private entity ban effective immediately was made verbally during the City Council meeting, so it isn’t reflected in the advance text of the proposal.)

This is an important precedent , as Portland is only the second jurisdiction in the US to consider local rules related to facial recognition at its airport.

Earlier this year, after behind-the-scenes threats by the US Department of Homeland Security (DHS) to make life difficult for the Port of Seattle if it didn’t collaborate with DHS facial recognition schemes at Sea-Tac International Airport (SEA) and allow airlines and contractors also to do so, the Port of Seattle Commission reneged on the aspirational policy principles it adopted in 2019  and decided to buy and operate common-use facial recognition cameras integrated with DHS and airline databases and operations.

(See our written testimony to the Seattle Port Commission on use of facial recognition at SEA: 1, 2, 3., and articles in our blog here and here.)

The decision by the Port of Seattle was made just before the COVID-19 pandemic drastically reduced traffic at SEA and other airports and delayed the need for the new gates at SEA where the DHS-linked cameras were to be installed. A broad coalition of local and national community and civil liberties organizations has called on the Seattle Port Commission to use the opportunity provided by this delay to reconsider its decision on facial recognition.

Portland did significantly better than Seattle in working to distance itself from and isolate the DHS — not surprisingly in light of the object lesson the DHS has provided in Portland recently with respect to DHS trustworthiness (not), self-restraint (not), commitment to the rule of law (not), and respect for civil and human rights (not). Portlanders don’t trust the DHS to behave any better at PDX Airport than it’s been behaving on the streets of Portland.

PDX airport is located within the City of Portland but operated by the Port of Portland, a special-purpose agency of the state of Oregon governed by a board appointed by the Governor of Oregon. The City of Portland can’t prevent use of facial recognition by the DHS or the Port of Portland, but can regulate or prohibit its use by private entities, including airlines, within the city limits, including at the airport.

The Port of Portland has the authority to enter into contracts, borrow and spend money, manage its employees, and enact rules for activities at PDX Airport. But in addition to the requirements of due process and other Constitutional rights, and the obligations on the airport as a publicly owned and operated place of public accommodations and common-carrier facility, the legislative authority of the Port is limited to the issuance of rules consistent with city ordinances. That appears to mean that the Port may not prohibit that which the city has duly prohibited. (If readers have more expertise on this jurisdictional issue, feel free to leave a comment or drop us a line.)

The Federal government could preempt the Portland ordinances if it enacted valid laws or promulgated valid regulations mandating use of facial recognition by Federally-regulated airlines and/or airports. But no law mandates use of facial recognition for US citizens, even when traveling internatoinally, or for passengers on domestic flights

The DHS has refrained from promulgating any such regulations, preferring to operate outside the law than to establish any legal framework for its use of facial recognition or subject it claim of authority to notice-and-comment rulemaking or judicial review. A petition for rulemaking on use of biometrics for traveler identification submitted to the DHS by the Portland-based World Privacy Forum has been ignored by the DHS for almost two years.

While the DHS has engaged in heavy-handed behind-the-scenes lobbying and threats to “persuade” airlines and airport operating agencies to become its “partners” in biometric surveillance and control of air travelers, as it did in Seattle, the DHS has continued to maintain — correctly — that this “cooperation” is entirely voluntary. In declining to participate, and by exercising its jurisdiction to prohibit airlines or other contractors form doing so within the city limits, the City of Portland is doing only what the DHS has consistently said that local jurisdictions have the authority to do, if they so choose.

The July 14, 2020, letter from the Port of Portland to the Portland City Council requesting exemption from the facial recognition ban made numerous false factual claims and specious arguments. Since these bogus arguments are likely to be raised again in other cites despite having failed to persuade any of the members of the Portland City Council, it’s worth noting and debunking them:

Read More

Sep 04 2020

ICAO mandates worldwide government surveillance of air travelers

Playing out the endgame we predicted last year of a two-decade campaign by the US government to establish a global regime of government surveillance of air travelers, the International Civil Aviation Organization (ICAO) has adopted an amendment to the Chicago Convention on Civil Aviation that will require each of the 193 state parties to that treaty — essentially every national government in the world — to require all airlines operating international flights to provide a designated government agency with complete mirror copies of all reservation records (“Passenger Name Records“) in a standard PNRGOV transmission format.

This is an extraordinary and, so far as we can tell, unprecedented globalization and normalization of suspicionless mass surveillance of the innocent exercise of legal rights.

To the best of our knowledge, this is the first time that any industry — much less an industry of common carriers required by law (including by international aviation treaties) to transport all would-be passengers, without discrimination, in the exercise of a right to freedom of movement also recognized by international treaties — has been mandated by international treaty to provide government agencies worldwide with complete copies of its commercial records of each of its transactions with a customer. No such treaty obligation exists, for example, with respect to records of postal, telephone, Internet, or financial transactions.

The exercise of rights should not be deemed per se suspicious or a legitimate grounds for surveillance.

The requirement for PNR-based surveillance of air travelers is included in Amendment 28 to Annex 9 to the Chicago Convention. This amendment was approved by ICAO’s Council — an executive committee of countries elected by ICAO’s members to make decisions between ICAO’s triennial General Assembly of all member states — on June 23, 2020.

Read More

Sep 03 2020

GAO report on DHS use of facial recognition on travelers

The Government Accountability Office (GAO) has released a new report requested by Congressional oversight committee chairs describing and assessing the ways that US Customs and Border Protection (CBP) and the Transportation Security Administration (TSA) use facial recognition to identity and track international (CBP) and domestic (TSA) travelers.

Here’s how the GAO says it works  (click flowchart for larger version): The GAO report doesn’t address several of the most significant issues with DHS use of facial recognition to identify travelers, including:

Read More

Sep 01 2020

TSA tries out another (illegal) biometric “ID verification” system

Today the Transportation Security Administration (TSA) announced that it has launched a “pilot” at Washington National Airport (DCA) of yet another scheme for biometric identification and tracking of domestic air travelers.

[Screen capture from TSA video]

The new “touchless ID verification” stations at DCA include a webcam (at top center of photo above) a magnetic-stripe reader (lower left) for drivers licenses and other ID cards, and a photographic scanner for passports (lower right).

Travelers who volunteer to use the new system are directed to insert their drivers license, ID card, or passport into the appropriate reader, stand on a marked spot in front of the webcam, and remove their face mask, so that the image from the ID (or, more likely, from some back-end image database linked to the ID, although that hasn’t been disclosed) and the image from the webcam can be compared by some undisclosed algorithm.

[Traveler being directed by TSA staff to remove her face mask for digital mug shot.]

As we’ve noted previously, it appears to us that (1) the TSA has no general authority to require travelers to show their faces or remove face masks, and (2) in many jurisdictions, orders issued by state or local health authorities currently require all people in public places such as airports to wear masks.

The TSA describes this system as “touchless”. But while TSA staff don’t have to touch travelers’ IDs, each traveler has to touch the same ID card or passport scanner. Then, immediately after touching the scanner, they have to touch their face again to put their mask back on.

Read More

Aug 31 2020

8th Circuit finds TSA agents can be liable for assault

A panel of the 8th Circuit Court of Appeals decided today, over a dissent, that TSA checkpoint staff at airports (“Transportation Security Officers”) are “officer[s] of the United States … empowered by law to execute searches… for violations of Federal law”, making TSOs liable for damages if they commit assault, battery, or certain other torts against travelers.

With today’s decision in Iverson v. TSA the 8th Circuit joins the 3rd Circuit (en banc) in what is now a 2-1 split with the 11th Circuit, which ruled in 2014 that TSOs, despite their title and the fact that their primary job is to carry out searches, are not “officer[s] of the United States … empowered by law to execute searches… for violations of Federal law” and thus are completely immune from liability for even intentional assaults on travelers.

Most people unfamiliar with the law assume that the government is generally liable for damages if its agents attack innocent citizens. While the law is complex, the general principle is just the reverse: The US government generally enjoys “sovereign immunity” — a despicably undemocratic vestige of the idea that the king is above the law — and private individuals can sue the government only with the government’s permission.

There are exceptions to this principle, in the form of laws that “waive sovereign immunity” for certain offenses, as well as exceptions to the exceptions. The dispute with respect to liability or impunity for violent or negligent TSOs revolves around the interpretation of the language in Federal law defining one of those exceptions to an exception.

Read More

Aug 11 2020

TSA considers new system for flyers without ID

According to a solicitation to potential contractors published last week, the Transportation Security Administration (TSA) wants to outsource its current questioning of airline passengers without ID, and its decisions about which travelers without ID to allow to travel and which to prevent from flying, to a fee-based system operated through a cellphone app provided by a private contractor and based on (secret) commercial databases.

There’s some good news and some bad news in the TSA’s posting of this Request for Information.

First, the good news:

1. The TSA admits that people can and do fly without ID.

According to the TSA’s Request for Information:

Prior to the COVID-19 National Emergency, TSA encountered over 2.5 million passengers a day and, on average, 600 instances of passengers without acceptable ID. These individuals are able to verify their identity via telephone through our National Transportation Vetting Center (NTVC).

That’s almost three times the average daily number of airline travelers without ID disclosed in the most recent of the TSA’s belated and still-incomplete responses to our Freedom of Information Act (FOIA) requests for records of travelers without ID.

2. You will still be able to fly without ID, even after the TSA “implements” and “enforces” the REAL-ID Act.

In their most recent notice of postponement of their REAL-ID threats, the TSA and the Department of Homeland Security (DHS) have said that they plan to fully implement and enforce the REAL-ID Act, with respect to airline travel, beginning October 1, 2021.

The TSA and DHS have repeatedly claimed that after that date, all air travelers will “need” to show ID that the DHS deems compliant with the REAL-ID Act in order to fly. And the TSA has previously indicated — in 2016 and again in May of 2020 —  that it intended to modify its current ID verification procedures to (illegally) deny passage through TSA checkpoints to would-be travelers who don’t present REAL-ID Act compliant ID cards.

But the TSA is now soliciting information preparatory to soliciting bids for a contract to provide outsourced “identity verification” services for air travelers without ID.

The TSA wouldn’t be preparing to solicit bids for a system to deal with air travelers without ID if the TSA planned, in a little more than a year, to stop allowing those people to fly at all.

And the TSA says that the contractor’s ID verification system for flyers without ID must “be able to process thousands of transactions per hour per day [sic] distributed across the TSA enterprise of airports.”  Whether the TSA means “thousands per hour” or “thousands per day”, that’s several times more than the current number of travelers without acceptable ID.

The only plausible explanation for the expected many-fold increase in the number of travelers without acceptable ID is that the TSA’s implementation of the REAL-ACT will result in many more air travelers’ ID’s being deemed unacceptable, and that the outsourced system is the one the TSA plans to use for travelers without REAL-ID compliant ID.

The TSA is looking for a new system for dealing with travelers without ID only because it has been forced to abandon its original plan to prevent all such people from flying.

The most important takeaway from the TSA’s latest notice is that the TSA is (still) lying about what REAL-ID Act enforcement and implementation will mean. You will not need a compliant ID to fly. The procedures may change, but you will still be able to fly without ID.

This is a major victory for our legal objections and for the potential of popular resistance.

The TSA has implicitly acknowledged that — either because it lacks legal authority to prevent everyone without “acceptable” or REAL-ID Act compliant ID from flying, or because doing so would cause riots at airports or other forms of popular resistance, or both — it  won’t be able to stop travelers without ID or without compliant ID from flying.

The bad news is the nature of the TSA’s contemplated new procedures for flyers without ID (or without “acceptable” ID).

Currently, the TSA leaves the final decision on whether or not to allow airline passengers without ID to pass through TSA or contractor-operated checkpoints to the discretion of the Federal Security Director (FSD) or their designee on duty at the individual airport.

That decision can be based on what the FSD thinks of the traveler’s looks, the nature of any “unacceptable” ID they present, whether they are willing to complete and sign the illegal TSA Form 415, and their responses to questions relayed via the TSA’s Identity Verification Call Center (IVCC) from the TSA National Transportation Vetting Center (NTVC) based on information in records about the traveler held by the commercial data broker Accurint.

The new process apparently being considered by the TSA would outsource the questioning of travelers without ID or with unacceptable ID to a private for-profit contractor, with that questioning to be administered through a smartphone app. The questions would be based on some aggregation of government and commercial data, and the answers would be assessed according to some secret algorithm to generate a binary pass or fail result.

An identity thief (or ‘bot) with access to the commercial database used as the basis for “pass/fail” determinations would be better able to answer questions about the information in that database than would a real person who is unprepared for this questioning and who has no way to know (or to correct) what misinformation is contained in the database.

A traveler who shows up at a TSA checkpoint would, it appears, be told they have to install the mobile app, pay a fee through the app (which presumably would require a credit or debit card or bank account),  complete the in-app questioning, and show a “pass” result from the app to the TSA staff or contractors in order to “complete screening” and proceed through the checkpoint.

  • No cellphone? No fly. (We’ve seen this already in Hawaii.)
  • Your cellphone isn’t a smartphone? No fly.
  • Your smartphone has a different OS that can’t run the contractor’s app? No fly.
  • No charge in your cellphone battery? No fly.
  • No signal in the airport? No fly.
  • No credit or debit card? No fly.
  • Don’t know what misinformation is in data brokers’ records about you? No fly.
  • Your record fits a “fail” profile in the contractor’s secret algorithms? No fly.

Read More