Mar 30 2020

“Known Traveler Digital Identity” (KTDI)

On March 26, 2020, the World Economic Forum published specifications  and launched a new website for a project it has christened “Known Travel Digital Identity” (KTDI):

KTDI is a “surveillance-by-design” vision for tracking and control of travelers more dystopian than anything we have seen before.

KTDI would use a blockchain-based distributed ledger to bind together, through an app on a traveler’s mobile device, all of the following data:

  • Biometrics (initially facial images, possibly also fingerprints, etc.)
  • Government-issued ID credentials (passport number, etc.)
  • Travel history including logs of border crossings, hotel stays, and possibly also car rentals and/or other events
  • Purchase logs and possibly bank account information and/or other financial and transaction records
  • Pre-crime predictive “risk assessment” and profiling scores generated at each “intervention” point before and during each trip or transaction

Read More

Mar 24 2020

How drivers license photos are aggregated and shared

During a press conference yesterday, President Trump announced a postponement of the “deadline” previously announced by the Department of Homeland Security for “enforcement” of the REAL-ID Act of 2005 at TSA checkpoints:

I’m also announcing that we’re postponing the deadline for compliance with REAL ID requirements…. We will be announcing the new deadline very soon. It’s going to be announced in a very short moment.

The REAL-ID Act “deadline” was set by DHS press release, not by law or regulation. It’s unclear if a new date will be announced by decree of the Secretary of Homeland Security, or by promulgation of regulations. There has been no further announcement by the DHS, and there is no notice of rulemaking in the Federal Register today.

As we noted yesterday, neither a postponement nor any of the other proposed amendments to the REAL-ID Act would address the central problems in this law: the requirement for states that want to be deemed “compliant” to share their drivers’ license and state-ID databases with all other states.

Read More

Mar 23 2020

In a pandemic, freedom is the first casualty

We’ve seen before — notably after September 11, 2001 — how a crisis can result in damage to rights and freedoms that persists long after the initial cause of public panic.

Some advocates for restrictions on individuals and our movements and activities will exploit any crisis to ratchet the mechanisms of surveillance and control tighter.

Other officials, including many who mean well but are too traumatized to recognize the long-term consequences of their short-term actions, will advocate “temporary” restrictions on individual rights and freedoms that almost inevitably become permanent.

We don’t yet know what the cost in lost lives of the coronavirus pandemic will be. But we can already see the outlines of some of its potential cost in lost civil liberties.

Earlier in the pandemic, we reminded our readers of the risks of abuse of overbroad quarantine powers. But that’s only one aspect of the problem.

The basic methodology of control of travel and movement is that compulsory identification of travelers enables surveillance (tracking and logging) of travel and movement histories, and control of future movements based on individuals’ identities and the histories and other databases of personal information linked to those identities.

Already, changes to policies and practices related to (1) identification, (2) surveillance, and (3) control of travelers have all been proposed in response to the coronavirus pandemic: Read More

Mar 10 2020

Seattle Port Commission reneges on its “principles” for facial recognition

[CBP sign at biometric boarding gate at Newark Liberty International Airport. Note the absence of the OMB Control Number and other notices required by the Paperwork Reduction Act.]

Repudiating the principles for assessment of biometric identification of travelers  it adopted in December 2019, and effectively mooting the policy development process it had begun since then, the Port of Seattle Commission voted unanimously today to authorize a $5 million, ten-year contract to purchase and install Port-owned common-use cameras and facial recognition stations at all 30 departure gates of a new international terminal.

The Port issued a detailed, self-congratulatory press release within minutes after the vote, which strongly suggests that Port staff knew how the Commissioners would vote before today’s charade by the Commissioners of taking comments from the public and “debating” the issue even began.

Behind the scenes, US Customs and Border Protection (CBP) appears to have been playing hardball, using the typical law enforcement line of, “We’re going to do this to you anyway. You can either choose to make it easy for us, or we’ll make it hard on you.” The Seattle Times reported after the Port Commission vote that CBP recently began fingerprinting non-U.S. citizens boarding some international flights at Sea-Tac Airport. It seems likely that the implicit or explicit threat by CBP was that if the airport didn’t install and deploy automated facial recognition to track passengers, CBP would use a more humiliating form of biometric tracking, fingerprinting departing non-U.S. citizens the way it already fingerprints non-U.S. citizens when they arrive in the U.S.

The choice for the airport and its governing board was whether to collaborate with CBP. Port Commissioners seemed to want to reign in CBP. But at the end of the day, they proved unwilling to assert their authority as an elected public oversight  board against the malign convergence of interest between government agencies, airlines, and Port staff who identify with the police and the airline industry more than with the public. The Port Commissioners  chose to have the airport actively collaborate with and front for CBP, at the airport’s expense, rather than dissociating itself from CBPs flagrantly illegal activities, making CBP do its own dirty work at its own expense, or trying to mitigate the damage through signage informing travelers of their rights.

The Port press release claims that “the Commission’s goal is to replace CBP”, but that’s clearly false and appears intended to mislead the public. In fact, the sole purpose of the cameras and software to be purchased by the Port is to augment, not replace, the ability of CBP to use, retain, and share photos as its sees fit. Every photo of a traveler taken by the Port cameras will immediately be sent to CBP. There’s no plan to replace CBP, deny it access to any photos, or expose its secret algorithms and secret biometric databases.

All of the comments from the public to the Port Commission on this issue, as members of the Commission acknowledged, were opposed to the Port collaborating with CBP on facial recognition or spending Port money to do so. Members of the public, including experts in cybersecurity and threat modeling, pointed out that many key questions about the Port’s proposal and CBP’s and airline’s practices, plans, and policies remain unanswered. Most urged the Commission to reject the proposal outright and withdraw its request for bids for facial recognition equipment. All commenters agreed that approval of the procurement contract would be premature until more information is made available to the public and the current policy development process is completed.

In our latest written comments to the Port Commission today, which we summarized in person at today’s meeting (see also our previous submissions to the Port Commission on December 10, 2019, and February 25, 2020), we pointed out that:

The proposed procurement and deployment would violate Federal law, the norms of Fair Information Practices (FIPPs), and the professed “principles”, including FIPPs, of both the Port and US Customs and Border Protection (CBP). It should be rejected, and the RFP for this project should be withdrawn or, at a minimum, postponed….

It isn’t just that CBP is violating the Privacy Act, or that collecting facial images and sending them to CBP would make the Port complicit in this violation of Federal law. The violation of the Privacy Act by CBP lies specifically in CBP’s outsourcing the collection of this personal data to the Port, airlines, or any other non-Federal entities.

This provision was and is included in the Privacy Act for good reason. The Port should heed it, and make CBP comply with Federal law by collecting any personal data it uses for making decisions about individuals, including facial images of travelers, directly from those individuals. CBP could collect this data itself at Sea-Tac, as it does at some other airports. It doesn’t want to, but it has clearly demonstrated that it could do so.

If there is one lane at a departure gate, or on arrival, where a uniformed CBP agent is photographing travelers, and one lane without a Federal law enforcement officer with a camera, travelers will have a much clearer and more informed choice – and one that, unlike the proposal before the Port Commission, might comply with the Privacy Act.

Port Commissioners claimed, quite implausibly, to think that having the Port install and operate the cameras would give the Port some control of how CBP uses the photos after the Port sends them on, or at least more control over signage. But CBPs “Biometric Air Exit Business Requirements” for its airline and airport “partners”, which were finally disclosed only two days ago in response to our request, and were never provided to or reviewed by the Port’s “Biometrics External Advisory Group” (BEAG), tell a different story about who’s in control. As we explained in our comments:

Some Port staff, in their proposals to the BEAG and the Port Commission, have suggested that by owning and operating facial recognition systems the Port would have more control over signage and other notices provided to the public to enable more informed consent and mitigate the harm to the public of CBP’s (illegal) activities.

But in fact, the proposed procurement would have exactly the opposite effect. By agreeing to comply with CBP’s “Requirements” – which are explicitly incorporated by reference in the RFP and the proposal for action by the Port Commission – the Port would be tieing its own hands and committing itself to display CBP’s signs – regardless of their truth or falsehood or their compliance with the law – and not to display any signage, make any announcements, or provide any information not approved by CBP.

Item 8 of CBP’s “Requirements” would prohibit the Port from posting any signs or distributing any communications pertaining to CBP’s use of biometrics without CBP’s prior approval.

Item 13 of CBP’s “Requirements” would obligate the Port to post whatever signage CBP demands, regardless of whether the Port considers it inaccurate, misleading, or incomplete.

In effect, these provisions would amount to a (self-imposed) gag order not to criticize CBP, and a (self-imposed) agreement to serve as a mouthpiece for CBP propaganda, regardless of its truth or falsehood. Rather than enabling the Port to mitigate the harms of CBP’s (illegal) practices through more or better signs or announcements, the proposed action by the Port Commission would prevent the Port from doing so.

If CBP fails – as it has failed to date at Sea-Tac and all other airports with biometric departure gates – to post the notices required by the Paperwork Reduction Act, informing individuals, regardless of citizenship or immigration status, of their right not to respond to any Federal collection of information that does not display a valid OMB Control Number and PRA notice, the Port itself should post such notices at all gates. But the Port won’t be able to do so without CBP approval (which wouldn’t be likely to be granted) if the Port Commission approves the proposal on your agenda for action today.

Port Commissioners approved a motion declaring that CBP’s uses of facial recognition at airports are “lawful”, while simultaneously and hypocritically dismissing our objections to CBP’s flagrant violations of Federal law by saying that, “We’re not judges. If a court says it’s illegal, we won’t do it.” This ignores the fact that, as we also noted in our comments, CBP and DHS have promulgated regulations exempting the databases in which they store facial images from the rights otherwise available to individuals under the Privacy Act to access, accounting of disclosures, and civil remedies for violations. This makes it all but impossible to have CBP’s practices reviewed by the courts.

Today’s decision by the Port of Seattle Commission sets the worst possible national precedent. But it doesn’t render the Port’s ongoing  process of developing policies for use of biometrics at Sea-Tac entirely irrelevant. We will continue to monitor the process and engage with the Port Commission as it considers use of facial recognition (in collaboration with, and sending passenger photos to, CBP and perhaps in the future the TSA) by airlines and other commercial entities for their own purposes.

As we noted in response to the first draft of a Port of Seattle policy for “non-Federally mandated” uses of biometrics:

Missing from that draft is any explanation of the purpose or justification for airlines to identify passengers, independent of any Federal mandate.

Airlines could, and did, operate for decades without requesting ID from passengers. Airlines began asking (but not requiring) passengers to identify themselves only when they were ordered to do so by the FAA (the predecessor of the TSA). The only lawful reason for airlines to ask passengers for ID is to satisfy a government mandate.

As common carriers, airlines are required to transport all passengers, regardless of who they are, and are required to sell tickets at prices determined by a public tariff.

An airline cannot lawfully “reserve the right to refuse service”. It cannot lawfully personalize prices or charge different prices based on passengers’ identities.

So why do airlines think they “need” to identify passengers at all, by any means?

One cannot assess the justification (or lack thereof) for biometric identification of travelers for non-Federally mandated purposes without first assessing the justification (or lack thereof) for identification of travelers generally for such purposes.

This assessment is entirely absent from the draft recommendations for Port policy, but is essential.

Feb 25 2020

Is facial recognition at Sea-Tac Airport a fait accompli?

In December 2019, the elected Port of Seattle Commission voted to develop public policies and criteria for deciding whether to approve use of facial recognition or other biometrics to identify travelers at the Seattle-Tacoma International Airport (SEA) and the Seattle cruise port.

This is a positive step — but only if the Port follows through and enforces appropriate rules.

Since then, an internal working group of Port staff and a Port-appointed Biometrics External Advisory Group have begun work on this policy-development process. Today’s meeting of the Port Commission at noon at the Conference Center at Sea-Tac (on the Mezzanine level above the Arrivals Hall) will include a report on that work to date, including recommendations drafted by Port staff and proposed to the external advisory group.

But in the meantime, Port staff didn’t wait for governing policies to be developed and approved before posting a Request For Proposals (RFP) soliciting bids for new automated facial recognition systems to be deployed by the Port itself at Sea-Tac.

As we note in our comments to the Port Commission for today’s meeting:

We are concerned that:

  1. The Port has, according to the RFP, already made a “commitment” to U.S. Customs and Border Protection (CBP) to deploy a biometric exit system at all gates of the new International Arrival Facility (IAF) at Sea-Tac;
  2. The RFP requires bids to be submitted months before the biometrics policies and procedures which bidders will be required to comply with are finalized;
  3. The Port staff draft of recommendations  proposed to the Biometrics External Advisory Group contains material misstatements of law and fact; and
  4. Neither the RFP nor the draft recommendations include any of the Port, airline, biometrics vendor, or CBP policies or notices (if any such policies exist) which would apply to the collection and use of facial images at biometric exit stations….

Is the Port’s current policy-development process a good-faith effort to determine what, if any, use of public-facing biometrics should be permitted on Port property?

Or is it merely window-dressing for decisions that are already faits accomplis?

As our comments to the Port Commission explain, there is already ample evidence to establish that the current and proposed biometric entry, exit, and departure-gate systems at Sea-Tac do not, and are not likely to, satisfy the principles adopted in December 2019 by the Port of Seattle Commission. We’ll be watching closely to see whether the Port Commission acts on its stated principles, or whether it allows them to be ignored.

Feb 23 2020

Greyhound withdraws consent to warrantless searches

Just a week after the publication of a memo from the U.S. Border Patrol confirming that it’s up to bus companies to decide whether to allow law enforcement officers onto their buses to search and/or question passengers, Greyhound has yielded to longstanding pressure and agreed to withdraw its consent for warrantless bus boardings by police.

According to the Associated Press:

In an emailed statement, the company said it would notify the Department of Homeland Security that it does not consent to unwarranted searches on its buses or in areas of terminals that are not open to the public — such as company offices or any areas a person needs a ticket to access.

Greyhound said it would provide its drivers and bus station employees updated training regarding the new policy, and that it would place stickers on all its buses clearly stating that it does not consent to the searches.

It’s clearly established law that warrantless dragnet searches or entries to private property require consent. So Border Patrol agents or other DHS law enforcement officers who disregard the new stickers and board buses without consent risk personal liability.

Greyhound has now (finally) done the right thing. Other common carriers including bus and rail operators and airlines can and should do likewise, without further delay.

Feb 18 2020

It’s time for Greyhound to say no to police harassment of bus riders

A memo from the Border Patrol component of US Customs and Border Protection (CBP) first reported last Friday by the Associated Press confirms what critics of Greyhounds’s collaboration with the US Border Patrol and other police have been saying for years: unless they have a warrant or in exigent circumstances, CBP agents can’t board Greyhound’s buses without Greyhound’s permission.

Greyhound has defended itself by claiming that it has no legal right to keep Border Patrol agents from boarding buses and questioning passengers. But those claims — which we’re pretty sure Greyhound’s lawyers have always known to be false — have now been shown to be directly contrary to the instructions given to all Border Patrol field supervisors:

When transportation checks occur on a bus at non-checkpoint locations, the agent must demonstrate that he or she gained access to the bus with the consent of the company’s owner or one of the company’s employees.

It’s time for Greyhound to stop making excuses or blaming the government for its corporate choices. Greyhound could and should decline to consent to police boarding its buses, and explicitly prohibit its employees and agents from giving such consent.

Read More

Feb 13 2020

REAL-ID Act amendments don’t address the real ID problem

In response to fears by the travel industry (fueled by government lies) that businesses dependent on air travel will lose money if their would-be customers are prevented by the Transportation Security Administration (TSA) from flying because they don’t have ID credentials that the Department of Homeland Security (DHS) deems sufficiently “compliant”, a proposal was introduced in Congress this week by Rep. Debbie Lesko of Arizona to amend the REAL-ID Act of 2005.

What’s really called for, though, is repeal, not revision, of the REAL-ID Act, and explicit Congressional recognition that travel by common carrier is a right that cannot be conditioned on government-issued credentials or other permission. The amendments proposed in H.R. 5827 would only exacerbate the Constitutional flaws in the REAL-ID Act, and would do nothing to rein in the TSA and other DHS components in their violations of travelers’ rights.

H.R. 5827 appears to have been drafted by travel industry lobbyists. Its provisions exactly match the recommendations of the U.S. Travel Association, the umbrella trade association for the travel industry in the USA. Rep. Lesko’s press release announcing the filing of H.R. 5827 quotes endorsements for the bill from spokespeople for U.S. Travel and its constituent trade associations of airlines, airports (which in the US are almost all publicly operated, but tend to act like self-interested businesses rather than operating in the public interest), and travel agents. No advocates for travelers , civil liberties, or freedom to travel are quoted — nor are they likely to endorse H.R. 5827 or the REAL-ID Act it would amend.

H.R. 5827 is styled as the “Trusted Traveler REAL ID Relief Act of 2020”, and is described as a bill “To exempt certain travelers from certain requirements of the REAL ID Act of 2005 for purposes of boarding a federally regulated commercial aircraft, and for other purposes.”

But what would H.R. 5827 actually do, and would that make things better or worse?

Read More

Feb 11 2020

DHS considered using REAL-ID data sharing for immigration enforcement

The acting head of the Policy Office at the Department of Homeland Security (DHS) recommended that the DHS use the REAL-ID Act mandate for national sharing of drivers’ license and state-issued ID data to get access for DHS immigration enforcement to records of licenses and IDs issued to otherwise undocumented residents by states that won’t provide that data directly to the DHS, according to a DHS memo obtained by Buzzfeed News.

As discussed below, there’s a clear lesson in this report:

State refusal to participate in or upload state drivers license or ID data to the SPEXS national REAL-ID database — which necessarily implies state noncompliance with the REAL-ID Act — must be recognized as an essential element of any genuine state “sanctuary” policy against allowing state resources to be used for enforcement of Federal immigration policies and practices.

States including New York that don’t want state motor vehicle and driver licensing agencies to collaborate in Federal immigration crackdowns and other Federal witchhunts should promptly enact explicit prohibitions on SPEXS participation by their state agencies.

Here’s what that means and why it’s necessary:

According to a report by Hamed Aleaziz, the DHS considered several methods for obtaining data from “uncooperative” states or punishing those states or their residents, as the DHS is already doing to New Yorkers. But the first recommended option was to leverage the data-sharing element of state compliance with the REAL-ID Act:

Read More

Feb 10 2020

DHS doesn’t trust New Yorkers

In a new twist on the familiar US Department of Homeland Security (DHS) tactic of trying to intimidate state governments into sharing drivers license data with the DHS by threatening to harass, delay, or interfere with the rights of residents of those states when they travel,  the Acting Secretary of Homeland Security has declared that New York residents won’t be allowed to apply for or renew participation in any of the DHS Customs and Border Protection (CBP) “trusted traveler” programs.

The DHS says that this is because New York’s new “Driver’s License Access and Privacy Act… effective December 14, 2019… forbids New York Department of Motor Vehicles (DMV) officials from providing… driver’s license and vehicle registration information to the United States Department of Homeland Security (DHS).”

That provision of New York state law appears to be intended to prevent New York DMV records pertaining to driver’s licenses issued to otherwise undocumented New York residents from being used by the DHS to round these New Yorkers up and deport them. The DHS doesn’t like it that New York, like at least fifteen other states, issues driver’s licenses on the basis of whether residents demonstrate competence to drive, not their immigration status.

The DHS knows that it has no authority to tell states to whom they can or can’t issue drivers’ licenses. Instead, it has used the data sharing prohibition in New York law as the pretext for retaliating against the state government by discriminating against New Yorkers.

As New York Governor Mario Cuomo pointed out in his response to the DHS decision, the DHS has never previously required applicants for any of its “trusted traveler” programs to have a driver’s license at all. No law supports the DHS demand for access to DMV data about drivers as part of its pre-crime assessments of would-be air travelers.

It’s clear from a comparison with DHS actions related to the REAL-ID Act that the DHS claim that it “needs” state DMV data to “vet” (i.e., make pre-crime assessments of) air travelers is pretextual, hypocritical, and fully warrants a judicial finding that it constitutes an arbitrary denial of equal protection of the law to New York residents.

The REAL-ID Act — unlike any law or regulation related to “trusted traveler” programs — does require states to share drivers license and state-issued ID data if they want to be deemed “compliant” (although state compliance is optional).  An outsourced national ID database has been set up by a nominally private contractor to allow states that want to comply to do so. However, New York, like more than half of the other states and territories subject to the REAL-ID Act, hasn’t chosen to participate in the SPEXS database or share its data.

But the DHS, despite this manifest noncompliance with the explicit statutory criteria for driver’s license data sharing, has chosen to certify New York (and almost all of the other noncompliant states and territories) as “compliant” with the REAL-ID Act.

Members of the House of Representatives have already asked the DHS for an explanation of the legal basis for its new discrimination against New York residents. And both the state of New York and the New York Civil Liberties Union have announced that they plan to sue the DHS on behalf of New Yorkers who are being discriminated against.

Read More