Papers, Please!

The Identity Project

Jul 16 2020

European court (again) finds US data protection inadequate

Today the highest court in the European Union ruled (summary, full decision) for the second time, that US law does not provide an “adequate” level of protection for personal information transferred from the EU to companies or servers in the US.

What does this mean for Passenger Name Records (PNRs) or other records of our travels?

Understanding the implications of today’s decision — especially with respect to airline reservations and other  information about when, where, how, and with whom we have traveled — requires some review of the background:

Read More

Jul 03 2020

Two courts deny injunctions against state restrictions on interstate travel

Following separate hearings yesterday, two Federal District Court judges in New York and Hawaii denied applications for temporary restraining orders against state health orders mandating quarantine of some or all people arriving from out of state.

A ruling in Corbett v. Cuomo was issued orally, immediately following argument by phone, by Judge Lorna Schofield in New York.  A written ruling in Carmichael v. Ige was issued late last night by Judge Jill Otake in Hawaii, following an afternoon hearing by videoconferencing.

Neither of yesterday’s rulings is a final decision in either of these cases, even at the District Court level. Both cases are continuing, and motions for temporary restraining orders can be renewed if conditions change and/or new evidence becomes available. The standard that must be met to persuade a court to issue a temporary restraining order or preliminary injunction, especially against government action, is always high, and is generally higher than what must be shown to support a favorable decision on the merits.

The judges issuing yesterday’s rulings indicated a disturbing willingness to accept conclusionary hand-waving, by anyone designated by the state as an expert, as sufficient to justify restrictions on the right to travel. During the oral arguments, both judges paid lip service to the idea that there might be some limits on what state authorities could do once they invoked the magic words, “because pandemic“.  But neither Assistant New York Attorney General Matthew Lawson nor Hawaii Attorney General Clare Connors was prepared to say where those limits might be, and neither of the judges’ rulings spelled out meaningful criteria or limits to state officials’ discretion.

We are concerned, and the public should be concerned, if Federal courts wash their hands of oversight over state officials, and leave it to “discretion” of those state officials to decide for themselves to what extent they can infringe on people’s fundamental right in the name of whatever they consider to be the exigency of the moment, whether that be defense against Communism, anarchism, terrorism, pandemic, or tomorrow’s demon of the day.

Read More

Jun 30 2020

Freedom to travel across state lines

Oral arguments have been scheduled by two different Federal District Court judges for this Thursday, July 2, 2020, on motions for temporary restraining orders against enforcement of separate state health orders mandating 14-day quarantine of all people arriving in New York or Hawaii from out of state.

Corbett v. Cuomo will be argued at 2 p.m. EDT by telephone in New York; Carmichael v. Ige will be argued in person (and not available for remote auditing) at 11 a.m. HST in Hawaii.

The Hawaii quarantine order, as we’ve discussed previously, applies to anyone arriving from out of state. The New York order only applies to people who have visited certain states designated by New York authorities, but those states include almost half the US population. The blacklisted states include Georgia and Texas, so anyone who changes planes in Atlanta, Houston, or Dallas-Ft. Worth — all major airline hubs — en route to New York is affected, even if they are coming from some other, less-infected state.

As the complaint in the New York case notes, it’s unclear whether those involuntarily quarantined in New York will be held in jails, hospitals, or some other locations, but according to a public statements by New York Governor Cuomo cited in the complaint, they are to be detained at their own expense.

On its face, the New York order applies to anyone arriving in New York who has recently been in any of the blacklisted states, even if they don’t intend to stay in New York. This would include people changing planes in New York, or passing through on the short New York section of Interstate 95 or on the Northeast Corridor between New England and New Jersey, Pennsylvania, and points south and west. All routes between New England and the rest of the US pass through either New York or Canada. With the US-Canada border mostly closed, enforcement of the New York travel restrictions would render New England an isolted island accessible only by air.

In addition to the 14-day quarantine, New York state has also begun demanding that each interstate traveler arriving by air (regardless of their state of residence or whether they have visited any of the blacklisted states) complete and sign a written declaration (Exhibit B to the complaint) about themselves, their business affairs, and their travels.

The Hawaii and New York quarantines and the New York questionnaire for interstate air travelers are all backed with threats of arrest and fines for noncompliance.

The New York quarantine order and travel declaration are being challenged by Jonathan Corbett, who has his primary residence and business interests in Brooklyn, New York, but is also a member of the California bar who practices law in California. Before his admission to the bar, Mr. Corbett had brought multiple pro se lawsuits challenging restrictions on air travel and searches of travelers, including the TSA’s use of “virtual strip-search” imaging machines.

Significantly, in light of the written declaration that the state of New York is now ordering arriving air travelers to fill out and sign, Mr. Corbett has also previously challenged administrative interrogations of air travelers (who aren’t suspected of any crime) by, or at the behest of, the TSA. That case was dismissed without the court reaching the Constitutionality of administrative interrogation of travelers. So far as we know, Corbett v. Cuomo is the first time this issue has arisen in a COVID-19 quarantine case.

There’s extensive case law on administrative searches, but very little on administrative interrogations. Mr. Corbett argues, and we concur, that he has an absolute right to stand mute in response to interrogatories by state authorities at state borders or airports.

In the current circumstances, it’s tempting to give health authorities a free pass for whatever they do, “because pandemic”. But that would be a mistake. We’ve already seen what happened when authorities were given free rein to impose new restrictions on travelers after September 11, 2001, “because terrorism”. Many of those measures had no rational relationship to the prevention of terrorism, were implemented without regard for Constitutional rights, and have become permanent, or effectively so.

How long will the current health emergency last? And will Federal, state, and local government agencies return to their prior practices at airports and borders if and when the emergency is declared to have ended, or will restrictions imposed during the pandemic become the permanent “new normal”?

If our Constitution is to have meaning, and if there is a sufficient justification for restrictions on travel, it should be possible to defend those restrictions on the basis of the Constitution. It should not be necessary to argue for suspending the Constitution.

Read More

Jun 26 2020

Federal bills would restrict airport facial recognition

A bill introduced yesterday in both houses of Congress would, at least initially, prohibit all or most current and planned use of facial recognition or other biometric identification at US airports and borders by the Transportation Security Administration (TSA) and US Customs and Border Protection (CBP).

The Facial Recognition and Biometric Technology Moratorium Act of 2020 was introduced by Sen. Edward Markey (D-MA) as S. 4084 and by Rep. Pramila Jayapal (D-WA) as H.R. 7356. The new bill has already been endorsed by a broad coalition of civil liberties organizations. Sen. Markey has been a leading Congressional critic of facial recognition at airports.

This Federal proposal, if enacted as introduced, would fill a significant gap in ongoing efforts to rein in facial recognition through state laws and local ordinances.

Read More

Jun 23 2020

TSA wants more authority for ID demands, “vetting”, and data use

The Transportation Security Administration (TSA) wants more power to require ID from travelers (“credentialing”), control who is and who is not allowed to exercise their right to travel (“vetting”), and use and share information about travelers with more third parties and for more purposes (“expanded data use”).

These TSA priorities for the next two years are included in a 2020 update released today to the 2018 implementation road map for the TSA and White House long-term strategic plans for travel surveillance and control.

TSA Administrator David Pekoske’s oddly-named “Intent 2.0” strategy update also prioritizes “biometric vetting and [identity] verification”, a “near-contactless experience” at TSA checkpoints, and “vetting as a service”.

The “near-contactless experience” would be achieved, it appears, not through reduced hands-on groping or fewer demands for ID, but through increased use of remote sensing such as facial recognition.

“Vetting as a service” refers to allowing airlines, airport operators, and perhaps other government agencies and/or commercial third parties to use the TSA’s databases of profiles, risk scores, travel histories, free-text comments in reservations by travel industry workers, unverified aggregated derogatory data form other sources, and biometric and other identifiers for their own purposes. This not only expands the potential adverse impact of arbitrary secret algorithmic profiling based on secret databases, but gives airlines a financial incentive to carry out facial-recognition surveillance on the TSA’s behalf in order to get a free ride to use the TSA’s identification/vetting service for business process automation, personalization (including personalized pricing), or other purposes.

None of the TSA’s strategy documents say how the TSA hopes to acquire “expanded vetting and credentialing authorities” or “expanded approvals for data use”. Will the TSA seek to have these included in new laws? Or will to try to grant itself wider authority through  rulemaking or press releases, as it has often done in the past?

At least now we know, if we didn’t already, what to watch out for from the TSA in the months and years ahead.

Jun 08 2020

TSA to take mug shots of domestic air travelers

The Transportation Security Administration (TSA) has officially although quietly announced that, as it has planned for years, its deployment of mug-shot machines at airport checkpoints will move from pilot projects to the new normal for domestic air travelers.

According to a Privacy Impact Assessment (PIA) released last week, the TSA plans to integrate facial recognition into the Secure Flight profiling, scoring, and control system used by the TSA and other linked agencies to decide who is, and who is not, “allowed” to pass through TSA checkpoints to exercise their right to travel by airline common carrier.

Cameras to photograph would-be travelers’ faces will be added to each of the stations at airport checkpoints where TSA employees and contractors currently scan would-be passengers’ travel documents (boarding passes and, if they present ID, ID documents).

Read More

Jun 05 2020

“Qualified immunity” and TSA impunity

We are pleased that legislation has been introduced in Congress to end “qualified immunity“, one of the main judicial theories that has enabled Transportation Security Administration checkpoint staff to violate travelers’ rights with de facto impunity.

H.R. 7085, introduced yesterday in the House of Representatives, is a simple and straightforward bill to end qualified immunity:

The lead sponsor of H.R. 7085, Rep. Justin Amash (Libertarian of Michigan) is also the sponsor of a pending bill, H.R. 4431, to prohibit the TSA or any other DHS component from preventing  a US citizen or permanent resident from boarding a commercial airline flight on the basis of a “no-fly list” or “watchlist” unless that individual has been convicted of a Fderal crime of terrorism. H.R. 7085 has 17 other initial co-sponors.

S. Res. 602, introduced earlier this week in the Senate, is a resolution expressing the “sense of the Senate” that:

Congress should amend section 1979 of the Revised Statutes (42 U.S.C. 1983) to eliminate the qualified immunity defense for law enforcement officers.

A resolution adopted by Congress calling on Congress to take a certain action is, of course, inherently half-hearted.If Congress believes that Congress should amend a law, Congress can and should amend that law, not merely pass a resolution telling itself what it ought to do. Nevertheless, S. Res. 602 is a step toward Senate acknowledgment of the need for action on this issue. Perhaps the introduction of H.R. 7085 in the House will prompt Senators to introduce a similar bill to give meaning to the sentiments expressed in S. Res. 602.

As the preamble to H.R. 7085 explains, “qualified immunity” is a rationale invented by Federal judges as their excuse for absolving law enforcement officers of liability when they have  violated individuals’ rights. Qualified immunity is a judicially created doctrine that does not purport to be derived from anything in the text of the law.

“Qualified immunity” gives police and other government agents “immunity” (i.e. impunity) when they violate individuals’ rights, if they believed in “good faith” that their actions were legal, unless the fact that their actions were illegal was “clearly established”. Judges typically presume good faith on the part of police, and it’s much harder to show evidence of bad faith or malign intent, as a state of mind, than to show evidence of illegal actions.

Read More

Jun 02 2020

“Immunity passports”, opportunism, and COVID-19

Today the Appropriations Committee of the California Assembly held another hearing on A.B. 2004, a bill that would add to state law a provision that:

An issuer, including an issuer that is a public entity, of COVID-19 test results or other medical test results may use verifiable credentials, as defined by the World Wide Web Consortium (W3C) for the purpose of providing test results to individuals.

What does this mean? Why does it matter? Is it part of a larger pattern?

Read More

May 19 2020

TSA tries again to impose an ID requirement to fly

Air travel in the US has been reduced by more than 90%, measured by the numbers of people passing through checkpoints at airports operated by the Transportation Security Administration (TSA) and its contractors.

And the Department of Homeland Security (DHS) has postponed its threat to start unlawfully refusing passage to travelers without ID credentials compliant with the REAL-ID Act of 2005 for another year, from October 1, 2020, to October 1, 2021.

So relatively little attention is being paid right now to air travel or TSA requirements — making it the ideal time for the TSA to try to sneak a new ID requirement for air travel (to take effect in 2021) into place without arousing public protest.

Today, in collaboration with nine other organizations concerned with freedom of travel, identification, privacy, human rights, and civil liberties, we filed comments with the TSA in opposition to what is ostensibly a “Notice of intent to request approval from the Office of Mangement and Budget” for a new form, TSA Form 415.

Our comments were joined by the Identity Project, Freedom To Travel USA, Fiat Fiendum, Inc., National Center For Transgender Equality (NCTE), Restore The Fourth, Inc., Patient Privacy Rights, Defending Rights And Dissent, The Constitutional Alliance, Privacy Times, and Just Futures Law.

According to our comments, the TSA is attempting to “use the innocuous-seeming device of a request for approval of an information collection to introduce a fundamental and profoundly controversial change in substantive TSA requirements and the rights of travelers”: Read More

May 11 2020

Will courts finally make the TSA comply with FOIA?

The tenor of questioning by the judge in a Federal court hearing last week raises hope that the Transportation Security Administration (TSA) might soon be ordered to correct some of its longest standing and most systemic violations of the Freedom Of Information Act (FOIA).

It’s no exaggeration to say that, from its creation in November 2001, the TSA has acted with complete contempt for the FOIA law and the requirements that law imposes on the TSA and all other Federal agencies. Time after time, TSA failure to comply with FOIA has delayed, complicated, or completely frustrated our research and reporting on TSA policies and procedures, and has deprived the public of the opportunity for informed scrutiny and comment on what the TSA is doing, why, and with what effects on our rights.

One chronic problem is the way the TSA responds to FOIA requests for digital records.

Provisions of the FOIA statute that went into effect as part of the Electronic FOIA Amendments Act of 1996 —  years before the TSA came into existence — require that:

5 USC § 552(a)(3)(B)  — In making any record available to a person under this paragraph, an agency shall provide the record in any form or format requested by the person if the record is readily reproducible by the agency in that form or format. Each agency shall make reasonable efforts to maintain its records in forms or formats that are reproducible for purposes of this section.

When it set up its FOIA office and procured software for responding to FOIA requests, the TSA completely ignored this provision of FOIA. In a display of either gross incompetence or gross bad faith, the TSA and its parent the Department of Homeland Security (DHS) appear to have entirely omitted this legal requirement for production of records in any form and format in which they are readily reproducible from their procurement specifications and criteria for evaluation of proposals. Instead, the DHS and TSA standardized on the use of cloud-based FOIAXpress software that is designed to munge all records by converting them to rasterized images embedded in PDF files, regardless of the original file format.

There’s lots of other software that was, and is, capable of redacting files in native formats. But it’s impossible for any Federal agency to fulfill its FOIA obligations with respect to the form and format of production of records by using FOIAXpress. FOIAXpress should have been summarily eliminated from consideration for any Federal agency contracts as not capable of satisfying the EFOIA requirements. No Federal agency should ever have used it.

Read More