Feb 10 2020

DHS doesn’t trust New Yorkers

In a new twist on the familiar US Department of Homeland Security (DHS) tactic of trying to intimidate state governments into sharing drivers license data with the DHS by threatening to harass, delay, or interfere with the rights of residents of those states when they travel,  the Acting Secretary of Homeland Security has declared that New York residents won’t be allowed to apply for or renew participation in any of the DHS Customs and Border Protection (CBP) “trusted traveler” programs.

The DHS says that this is because New York’s new “Driver’s License Access and Privacy Act… effective December 14, 2019… forbids New York Department of Motor Vehicles (DMV) officials from providing… driver’s license and vehicle registration information to the United States Department of Homeland Security (DHS).”

That provision of New York state law appears to be intended to prevent New York DMV records pertaining to driver’s licenses issued to otherwise undocumented New York residents from being used by the DHS to round these New Yorkers up and deport them. The DHS doesn’t like it that New York, like at least fifteen other states, issues driver’s licenses on the basis of whether residents demonstrate competence to drive, not their immigration status.

The DHS knows that it has no authority to tell states to whom they can or can’t issue drivers’ licenses. Instead, it has used the data sharing prohibition in New York law as the pretext for retaliating against the state government by discriminating against New Yorkers.

As New York Governor Mario Cuomo pointed out in his response to the DHS decision, the DHS has never previously required applicants for any of its “trusted traveler” programs to have a driver’s license at all. No law supports the DHS demand for access to DMV data about drivers as part of its pre-crime assessments of would-be air travelers.

It’s clear from a comparison with DHS actions related to the REAL-ID Act that the DHS claim that it “needs” state DMV data to “vet” (i.e., make pre-crime assessments of) air travelers is pretextual, hypocritical, and fully warrants a judicial finding that it constitutes an arbitrary denial of equal protection of the law to New York residents.

The REAL-ID Act — unlike any law or regulation related to “trusted traveler” programs — does require states to share drivers license and state-issued ID data if they want to deemed “compliant” (although state compliance is optional).  An outsourced national ID database has been set up by a nominally private contractor to allow states that want to comply to do so. However, New York, like more than half of the other states and territories subject to the REAL-ID Act, hasn’t chosen to participate in the SPEXS database or share its data.

But the DHS, despite this manifest noncompliance with the explicit statutory criteria for driver’s license data sharing, has chosen to certify New York (and almost all of the other noncompliant states and territories) as “compliant” with the REAL-ID Act.

Members of the House of Representatives have already asked the DHS for an explanation of the legal basis for its new discrimination against New York residents. And both the state of New York and the New York Civil Liberties Union have announced that they plan to sue the DHS on behalf of New Yorkers who are being discriminated against.

Read More

Feb 09 2020

Fact-checking the REAL-ID Act

Two weeks ago today, the Oregonian published an editorial containing multiple false factual claims exemplifying the “big lies” about the REAL-ID Act being propagated by the US Department of Homeland Security (DHS) and, in many instances, its collaborators at state driver licensing agencies.

We submitted the op-ed below, thinking that it would be the best way for the Oregonian to correct the factual errors in its editorial.

We’ve heard nothing in response, and no correction has been published.

Corrections to editorials are sometimes necessary. We certainly wouldn’t suggest that a newspaper is obligated to publish opinions contrary to its own. But when an editorial contains demonstrably false factual claims, we think the editors have the same ethical obligation to publish a correction as they would if those claims were made in a news story.

Since our commentary hasn’t been published, we’ve asked the Oregonian to publish a correction.

We’re publishing our commentary here, not just as a correction to the Oregonian editorial but as a correction to numerous other uncorrected news stories (we’ve called out the New York Times, among others, for amplifying these same DHS lies in the past) repeating the same DHS lies:

Read More

Feb 07 2020

The nightmare of airport facial recognition

[TSA Biometrics Roadmap, September 2018. Note that face ID will be used for all air travelers and that all use of physical ID credentials is “phasing out” in favor of facial recognition and digital tokens on mobile devices.]

[IATA airline vision for shared use of facial recognition by governments, airlines, and airports]

The ACLU has released an important white paper on airport facial recognition by ACLU senior policy analyst Jay Stanley. Citing some of our previous reporting and analysis, the ACLU white paper focuses, appropriately, not so much on the details of current use of facial recognition at airports, but on where governments and the aviation industry — who share a an explicitly-recognized interest in common use of facial recognition — say it will lead if we don’t stop them.

Driving the dystopian trend called out in the ACLU white paper is the malign convergence of interest between governments that want to use facial recognition and other techniques of compelled and automated identification for surveillance and control of travelers’ movements, and airlines, airports, and other businesses that want to share use of the same identification systems and data for business process automation and commercial tracking and profiling of travel customers.

Below are some key excerpts, but we encourage you to read the full ACLU white paper:

Customs and Border Protection’s new airport face recognition system has attracted a lot of attention and criticism, most recently last month when the agency backed away from suggestions that it would make the program mandatory for American citizens….

CBP officials argue that this program doesn’t involve mass surveillance. But CBP’s program still involves the mass collection of photographs of the general public….

The biggest harm from this program, however, is likely to come from the investment that it represents, the precedent it sets, and the path it puts us on as a society.

And where that path leads is a nightmare. It hardly takes a paranoid flight of fancy to foresee this program morphing into something far more comprehensive and dystopian — a world where face recognition is used throughout our public spaces to scrutinize our identity, record our movements, and create a world where everyone is constantly watched….

DHS and the aviation industry as a whole have a sweeping vision of expanded use of face recognition in the air travel context, and the government itself has already laid out — and begun following — a very specific, clear, and well-defined pathway for how the current program leads to a much broader implementations of face surveillance at the airport. And from there, it will be poised to expand far beyond the airport.

Here is what that pathway looks like:…

Read More

Jan 31 2020

Can “quarantine” orders restrict travel and movement?

Imagine that you are a US citizen living or traveling overseas, and find yourself in a place of possible danger. The US government, as part of its “services” to US citizens abroad, offers to charter a plane to evacuate US citizens and repatriate them to the US, and you agree to pay a pro-rated share of the cost of the flight back to a US gateway airport, from which you are told you will be free to proceed to your home or to wherever else you choose to go.

But the flight, which was scheduled to take you to San Francisco International Airport, is diverted first to Ontario [CA] Airport and then to an Air Force Reserve Base in the Mojave Desert, where passengers are confined in a  cordoned-off section of the base. When one of you tries to leave, they are detained by the authorities.

This is what has happened to 195 US citizens “evacuated” from Wuhan, China.

Have they been “rescued” by their government? Or have they been kidnapped?

Questions are already being raised about this and other incidents of individual and mass “quarantines”.  Some have questioned the medical argument for quarantine orders, while others have suggested that the current panic reflects ethnic and national bigotry.

Our particular concern is — as it has been for many years, and as it has been for other legal experts who have criticized the Federal quarantine regulations — with the legal basis and procedures for restricting the right to freedom of movement, extrajudicially, on ostensibly medical grounds, rather than  relying on existing legal mechanisms for the issuance by judges of temporary restraining orders or injunctions restricting individuals’ movements.

Unfortunately, US authorities, especially the Centers for Disease Control and Prevention (CDC), have tried to avoid acknowledging the scope of the authority they claim, or giving either the public or specifically affected individuals clear notice of their rights. Instead, as in other recent incidents of quarantine orders, they have tried to avoid any judicial review of their actions by persuading individuals to waive their rights, just as police avoid judicial review of other types of detentions, searches, and interrogations by intimidating members of the public into giving “consent”.

KTLA television reports that “None of the passengers showed signs of the illness after being evacuated from the epicenter of the deadly coronavirus outbreak. However, they agreed to stay voluntarily, according to Dr. Chris Braden of the U.S. Centers for Disease Control and Prevention.”

The CDC claim that passengers “agreed to stay voluntarily” seems to be contradicted by other facts reported in the same news story: Read More

Jan 22 2020

European high court to review PNR-based travel surveillance

The highest court of the European Union will be reviewing the legality of  the directive adopted by the EU in 2017 requiring airlines to send Passenger Name Record (PNR) data to the government of each EU member state, and requiring each EU member state to establish a “Passenger Information Unit” to carry out PNR-based surveillance and profiling of air travelers.

National courts first in Belgium and more recently in Germany have referred questions concerning the legality under European Union human rights law of government access to and use of Passenger Name Records (PNRs) to the Court of Justice of the European Union (CJEU).

Read More

Jan 17 2020

Is the TSA “screening” for threats to aviation, or for cash and drugs?

A class-action lawsuit filed this week in Pittsburgh by the Institute for Justice, Brown v. TSA, exposes the dirty non-secret that TSA checkpoints are used primarily as drug checkpoints  and as a revenue center for law enforcement agencies, not to protect aviation.

Warrantless, suspicionless dragnet administrative searches at TSA checkpoints are justified as measures to “screen” travelers for weapons, explosives, and other threats to aviation.

When the actions of TSA Transportation Security “Officers” are challenged in court, the TSA has claimed that its “Officers” are not the “officers” referred to in the Federal Tort Claims Act (“any officer of the United States who is empowered by law to execute searches, to seize evidence, or to make arrests for violations of Federal law”) ; conduct only limited administrative searches for weapons, explosives, and threats to aviation; do not have any authority to conduct searches for any other purpose; and neither have nor exercise authority to arrest or seize travelers.

In practice, however, the primary use of TSA checkpoints by the government is to “screen” travelers for drugs and cash, and to seize and expropriate illegal drugs, drug-related cash, and all “large” sums of cash being carried by airline passengers, regardless of the presence or absence of any evidence linking that cash to illegal drugs or any other illegal activity.

Read More

Jan 02 2020

Drivers’ license data sold to businesses, given to Feds

As we start the year of the once-a-decade US Census, it’s an appropriate time to start looking at some of the ways and the purposes for which data — including drivers license data — is used and shared by the Bureau of the Census.

State agencies that issue drivers’ licenses want us not to object to their demands for more and more personal information about matters unrelated to driving — digital photos, scans of birth certificates and social security cards, etc. — in order to obtain drivers’ licenses that comply with the Federal REAL-ID Act.

State driver licensing agencies say we shouldn’t worry — notwithstanding the requirement of the REAL-ID Act that drivers’ license and state ID data be made available electronically to all other states — because this data will only be shared “as permitted by law”.

But what does that mean? What sharing of this data does the law permit?

Recent reports show that drivers’ license data can be, and is, widely shared with both commercial entities and Federal agencies — including the Bureau of the Census, which will be conducting the decennial census in 2020 — for purposes unrelated to motor vehicle operation or drivers’ licenses. Both Federal and state agencies say that all of this is permitted by the Drivers Privacy Protection Act (DPPA).

Read More

Dec 17 2019

Airports of the future: surveillance by design

As we’ve seen in the ongoing debate over biometric identification of travelers at Sea-Tac Airport, and as we’ve seen before elsewhere, airlines and government agencies want to pretend that each of their initiatives to identify and track travelers is a discrete, limited project, not part of any common agenda for government and commercial surveillance.

Don’t believe a word of this soothing blather. These measures are part of a conscious, deliberate, and (in their internal communications) explicit plan to deploy pervasive, integrated common-use infrastructure and data sharing for government and commercial identification and tracking  purposes throughout airports and each step of an air traveler’s journey. The airline/airport/government consensus is on surveillance by design, not privacy by design.

Here’s our latest glimpse at the real thinking behind the curtain of propaganda: The leading provider of communications and IT infrastructure and services for air transportation has a guest commentary of end-of-the-year predictions for “airports of the future” on an industry news site:

Airports of the future: SITA’s 10 predictions for the next decade
by Benoit Verbaere, business development director, SITA
Passenger Terminal Today, December 12, 2019

Air transport IT provider SITA has unveiled 10 bold predictions about the technology shaping how passengers will move through the airport of the future. Benoit Verbaere, business development director, SITA, predicts major change in almost every aspect of the airport experience….

Security will be integrated into a frictionless journey.

Over the next decade, going through security will mean walking along a corridor…. Passengers and their bags will be recognized automatically as they go through automated checkpoints. Hard checkpoints will be replaced by sensor corridors….

In future airports, risk will be constantly assessed by specialist artificial intelligence (AI), using the passenger’s digital identity…. [G]overnments… will use automated collaborative systems to approve – or, in some cases, not approve – the various steps of the journey….

Everything will have tags: people, bags and cargo. And they will be tracked throughout their entire journey, whatever mode of transport they are using…

The airport will be highly connected.

Our new era of connected airports will be driven by increasingly cheap sensors, less dedicated hardware and new data lakes, fed by every device….

Across every single journey, there are 10 or more different entities that are responsible for making the trip a reality. The only way to collect all the data to make this journey seamless is through close collaboration between everyone working at an airport: the airport itself, airlines, government agencies, ground handlers, restaurants, and shops. We also need collaboration across the entire ecosystem of connected airports….

The fast and frictionless journey to, and through, the airport will make some current revenue streams, for example, parking, weaker or obsolete. Airports will, therefore, need to find new ways to augment the travel experience to replace them. Personalization will be the key….

The future of airports lies in connected, highly-intelligent and efficient operations that offer passengers …  frictionless travel and rich, personalized experiences. Today’s … operational silos will dissolve, resulting in data sharing.

Is this point of view an outlier? No, just the opposite: SITA is jointly owned by airlines, and its agenda expresses its owners’ common agenda and the industry consensus.

SITA is a unique airline joint venture created by its airline owners to provide shared, common-use communications and IT infrastructure and services. SITA messaging has been for decades, and remains, the industry standard for reservations and operational communications between airlines, airport operators, contractors, and — increasingly — government agencies. Today most SITA messages are sent and received by ‘bots, via APIs, or through e-mail gateways, but airline and airport operations staff still have SITA addresses on their business cards along with, or instead of, e-mail addresses.

None of these predictions are new or considered controversial by airlines, airport operators, government agencies, and service providers including SITA and its competitors. Nor is this vision seen as dystopian — those who hold these views see the ability of governments and commercial entities to track each passenger in real time, and to seamlessly share data about travelers identities and movements between airlines, airports, and government agencies, as their utopia.

If we do not resist its implementation, this vision will be the future of travel.

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More