Dec 17 2019

Airports of the future: surveillance by design

As we’ve seen in the ongoing debate over biometric identification of travelers at Sea-Tac Airport, and as we’ve seen before elsewhere, airlines and government agencies want to pretend that each of their initiatives to identify and track travelers is a discrete, limited project, not part of any common agenda for government and commercial surveillance.

Don’t believe a word of this soothing blather. These measures are part of a conscious, deliberate, and (in their internal communications) explicit plan to deploy pervasive, integrated common-use infrastructure and data sharing for government and commercial identification and tracking  purposes throughout airports and each step of an air traveler’s journey. The airline/airport/government consensus is on surveillance by design, not privacy by design.

Here’s our latest glimpse at the real thinking behind the curtain of propaganda: The leading provider of communications and IT infrastructure and services for air transportation has a guest commentary of end-of-the-year predictions for “airports of the future” on an industry news site:

Airports of the future: SITA’s 10 predictions for the next decade
by Benoit Verbaere, business development director, SITA
Passenger Terminal Today, December 12, 2019

Air transport IT provider SITA has unveiled 10 bold predictions about the technology shaping how passengers will move through the airport of the future. Benoit Verbaere, business development director, SITA, predicts major change in almost every aspect of the airport experience….

Security will be integrated into a frictionless journey.

Over the next decade, going through security will mean walking along a corridor…. Passengers and their bags will be recognized automatically as they go through automated checkpoints. Hard checkpoints will be replaced by sensor corridors….

In future airports, risk will be constantly assessed by specialist artificial intelligence (AI), using the passenger’s digital identity…. [G]overnments… will use automated collaborative systems to approve – or, in some cases, not approve – the various steps of the journey….

Everything will have tags: people, bags and cargo. And they will be tracked throughout their entire journey, whatever mode of transport they are using…

The airport will be highly connected.

Our new era of connected airports will be driven by increasingly cheap sensors, less dedicated hardware and new data lakes, fed by every device….

Across every single journey, there are 10 or more different entities that are responsible for making the trip a reality. The only way to collect all the data to make this journey seamless is through close collaboration between everyone working at an airport: the airport itself, airlines, government agencies, ground handlers, restaurants, and shops. We also need collaboration across the entire ecosystem of connected airports….

The fast and frictionless journey to, and through, the airport will make some current revenue streams, for example, parking, weaker or obsolete. Airports will, therefore, need to find new ways to augment the travel experience to replace them. Personalization will be the key….

The future of airports lies in connected, highly-intelligent and efficient operations that offer passengers …  frictionless travel and rich, personalized experiences. Today’s … operational silos will dissolve, resulting in data sharing.

Is this point of view an outlier? No, just the opposite: SITA is jointly owned by airlines, and its agenda expresses its owners’ common agenda and the industry consensus.

SITA is a unique airline joint venture created by its airline owners to provide shared, common-use communications and IT infrastructure and services. SITA messaging has been for decades, and remains, the industry standard for reservations and operational communications between airlines, airport operators, contractors, and — increasingly — government agencies. Today most SITA messages are sent and received by ‘bots, via APIs, or through e-mail gateways, but airline and airport operations staff still have SITA addresses on their business cards along with, or instead of, e-mail addresses.

None of these predictions are new or considered controversial by airlines, airport operators, government agencies, and service providers including SITA and its competitors. Nor is this vision seen as dystopian — those who hold these views see the ability of governments and commercial entities to track each passenger in real time, and to seamlessly share data about travelers identities and movements between airlines, airports, and government agencies, as their utopia.

If we do not resist its implementation, this vision will be the future of travel.

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More

Dec 03 2019

Seattle Port Commission to consider rules for airport facial recognition

We’ll be in Seattle on December 10, 2019, to give public comments (see our detailed written testimony submitted in advance) at a meeting of the Port of Seattle Commission concerning a proposed resolution on use of facial recognition by airlines at the Seattle-Tacoma International Airport (SEA).

This will be the first time that any operator of a US airport has publicly considered any policies to govern use of facial recognition by airlines or on airport property.

The public authorities that operate almost all major US airports have a key role to play in oversight of traveler surveillance systems deployed on their premises by their tenants.

Read More

Dec 02 2019

DHS plans to require mug shots of U.S. citizen travelers

Buried in the latest Fall 2019 edition of an obscure Federal bureaucratic planning database called the Unified Agenda of Regulatory and Deregulatory Actions is an official notice from the U.S. Department of Homeland Security (DHS) that:

To facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition … DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure [to or from the U.S.].

According to the “Unified Agenda”, the DHS plans to publish a “Notice of Proposed Rulemaking” (NPRM) in approximately July 2020 to make mug shots mandatory for U.S. citizens leaving  or returning to the U.S.

The laws cited in the “Unified Agenda” as providing the statutory basis for the proposed rule pertain to searches of aliens (non-U.S. citizens) and the obligation for U.S. citizens entering or leaving the U.S. to have U.S. passports (a requirement of questionable and largely untested Constitutionality). It’s not obvious how the DHS will twist this into purported authority to require mug shots of all U.S. citizens who travel internationally.

The DHS has already given notice of its intention to solicit bids for systems to capture photos of all air travelers, including U.S. citizens, and is working with airlines and airports on schemes to share the photos, so that airlines and airports will be able to use data collected under government coercion for their own commercial business-process-automation and price-personalization purposes.

In November 2019, the U.S. Customs and Border Protection (CBP) component of DHS declared that its “test” of facial recognition on travelers crossing the US-Mexico border on foot had become a “permanent fixture” at certain pedestrian border crossings.

Meanwhile, the DHS continues to try to reassure travelers by claiming that U.S. citizens can and will be able to opt out of being photographed at airports or land border crossings — even though we continue to get reports, as we have told DHS officials directly, from travelers who were told by U.S. Customs and Border Protection officers and/or by line-minders at airports and borders that photography is mandatory .

Can you opt out? All current statutory and regulatory provisions for biometric entry and/or exit are explicitly applicable only to non-U.S. citizens. They provide no legal basis for photography of U.S. citizens leaving or returning to the U.S. But current law also provides no guarantee of a right for U.S. citizens to opt out, and no specification of procedures for opting out or for redress for U.S. citizens who aren’t allowed to opt out. That will all become moot if the DHS succeeds in promulgating regulations requiring all travelers to submit to mug shots, the courts uphold them, and travelers acquiesce.

Just say no.

Nov 21 2019

What will the REAL-ID Act mean for Californians?

Steve Gordon, Director of the California Department of Motor Vehicles

The director of a $9 million state publicity campaign to persuade Californians that they will be “turned away at the TSA checkpoint” if they try to fly without ID and that “you will need to show federally-compliant identification in order to board a domestic flight within the U.S.” admits that he knows you can fly without any ID, and he’s flown without ID himself.

That admission by Steve Gordon, Director of the California Department of Motor Vehicles (DMV), came following a hearing in Los Angeles yesterday at which we also testified (written testimony, video starting at 1:10:23) before the California Assembly Budget Subcommittee responsible for oversight of the DMV.

California DMV Director Gordon said the DMV has an “overall budget north of $9 million” for an “awareness and motivational campaign” in all media — billboards, online keyword advertising buys , etc. — to “drive people to action” to apply for REAL-ID cards.

Gordon said that the DMV had changed its message from “You can apply for either a REAL-ID ‘compliant’ or ‘noncompliant’ drivers license or ID card” to, “You should get a REAL-ID card,” because it was “too confusing” to tell people they have a choice.

Read More

Oct 22 2019

9th Circuit upholds “no-fly” procedures & criteria

A 3-judge panel of the 9th Circuit Court of Appeals has upheld the government’s procedures and criteria for issuing “no-fly” orders against a complaint that the criteria (which are essentially “pre-crime” criteria based on predictions of future bad actions) are too vague to provide fair notice of what actions might lead to a “no-fly” order, and that the procedures do not provide the degree of procedural due process (notice of the accusations, an opportunity to see the evidence and cross-examine witnesses, etc.) required by the Constitution.

While the 9th Circuit panel left open the possibility of a challenge to the substantive grounds for a specific no-fly order, it upheld the government’s effort, in mid-litigation, to change the procedures for no-fly orders to keep challenges to no-fly orders out of U.S. District Courts and preclude any trial or adversarial or judicial fact-finding in such cases.

The 9th Circuit panel found that no-fly orders issued by the TSA under the current revised procedures are excluded from the jurisdiction of U.S. District Courts. TSA no-fly orders can be “reviewed” by a Circuit Court of Appeals only on the basis of a self-serving “administrative record” created by the TSA, and on the basis of a deferential standard that presumes the validity of the TSA’s fact-finding. The 9th Circuit panel did not address the Constitutionality of the applicable jurisdiction-stripping law, 49 U.S.C. § 46110, which is currently being challenged in the 1st Circuit in Sai v. Pekoske (originally Sai v. Neffenger).

The decision announced yesterday in Kashem v. Barr may be the worst appellate court decision against freedom of travel since the 2006 decision by the 9th Circuit Court in Gilmore v. Gonzales.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More

Sep 04 2019

US government blacklisting system is unconstitutional

In an opinion issued late today in Alexandria, VA, US District Court Judge Anthony Trenga has upheld the complaint by 23 victims of US government blacklisting that the system pursuant to which the government has designated them as “suspected terrorists” on the basis of secret algorithms applied to secret datasets, without notice or an opportunity to contest any allegedly “derogatory”  information, does not provide those who are stigmatized, and whose stigmatized status is broadcast to tens of thousands of law enforcement and other government agencies and private entities around the world, with the procedural due process required by the US Constitution.

This decision is one of the most fundamental victories for the rule of law since 9/11.

According to today’s opinion, it is undisputed that the DHS and FBI define anyone who has been arrested or charged with an offense related to terrorism as a “known” terrorist, even if they have been acquitted of that charge.  In other words, the DHS and FBI think that what is “known” is what they believe, not what judges or juries have found the facts to be. That presumption that by definition their secret judgements are more reliable than judicial fact-finding pretty much sums up why this decision is correct, why it is so important, and why it should be upheld if, as seems a near certainty, the government appeals.

None of the plaintiffs have even been arrested, much less convicted, for any criminal offense, terrorist or otherwise. The plaintiffs include, among others, several infants whom the government has apparently blacklisted as “suspected terrorists”. But even though the government will neither confirm nor deny that anyone is or is not, or has or has not been, included in the “Terrorist Screening Database” (TSDB), the court found that the plaintiffs have demonstrated sufficient basis for their belief that they have been blacklisted.

The government calls this database and decsion-making system a “watchlist”, but it is really a blacklist intended and used to determine adverse consequences for individuals.

The “No-Fly List” is only a subset of the TSDB, and not being allowed to fly is only a subset of the consequences of blacklisting detailed in the plaintiffs’ submissions to the court and the government’s admissions during discovery and depositions. The TSDB is used as the basis for a plethora of decisions, as the plaintiffs have experienced, from whether to have them arrested at gunpoint when they try to cross land borders  to whether to interrogate them for hours about their religious beliefs, seize their electronic devices for copying and forensic analysis of the data stored on them, deny them public or private-sector jobs, or close their bank accounts and deny them other fincial services.

The government’s use of secret criteria, secret datasets, and guilt by association as the basis for secret decisions — communicated to tens of thousands of other decision-makers, but not to those who have been blacklisted —  resembles the worst of McCarthyism, just with “terrorist sympathizer” or (literal) “fellow traveler” substituted for “Communist  sympathizer” or (ideological) “fellow traveler”.

Read More

Aug 30 2019

3rd Circuit finds TSA checkpoint staff conduct “searches” and can be sued for misconduct

By a vote of 9 to 4, the 3rd Circuit Court of Appeals has found that TSA checkpoint staff are “officers or employees” of the Federal government who “execute searches… for violations of Federal law”, and therefore that the US government is subject to private lawsuits for damages for  certain intentional torts by TSA “screeners” including “assault, battery, false imprisonment, false arrest, [and] malicious prosecution.”

The decision by the judges of the 3rd Circuit following rehearing en banc in the case of Pellegrino v. TSA reverses an earlier decision by a three-judge panel that would have given impunity to checkpoint staff for even the most egregious violations of travelers rights.

The language of the Federal Tort Claims Act and its applicability to TSA checkpoint staff are clear. The TSA’s strained attempt to exempt checkpoint staff from FTCA lawsuits should never have gotten this far.

But the TSA’s highest priority, ahead of protection of transportation safety or security, has always been the protection of itself and its  activities against judicial review.

Any lawsuit against the TSA or anyone associated with it is regarded by the agency as an existential threat to its assertion of unlimited discretion to define, by its own secret internal procedures, which people, possessions, and activities are and aren’t allowed at TSA checkpoints — as if the conduct to date of the TSA and its minions had earned the  agency the entitlement to expect and demand that travelers defer to its good judgement and self-restraint. The TSA doesn’t want to have to respond to allegations of misconduct by its employees, contractors, or law enforcement or industry “partners”. Nor does it want to have to explain or defend its actions in court. It wants all such cases dismissed out of hand.

In order to intimidate travelers into submission to its unlawful orders with a show of purported authority, while keeping itself above the law, the TSA’s takes a two-faced position that was its comeuppance in the en banc decision in Pellegrino v. TSA.

TSA checkpoint employees wear blue police-type uniforms and badges that identify them as Transportation Security “Officers”, while even the rent-a-cop contractors who staff TSA checkpoints at SFO and some other airports wear similar uniforms and badges prominently emblazoned with “TSA” insignia. They present themselves to travelers as though they were police, and they claim police-type (or even greater) powers to demand obedience to their orders and to search travelers and their personal property.

But the TSA always refers to these searches by the euphemism of “screening”, to avoid the obvious implication that as “searches” they are subject to the 4th Amendment to the US Constitution. In court, the TSA claims that these aren’t the “searches” meant by the provision of the FCTA which refers to officers or employees who “execute searches”.

In some cases, the TSA claims the right to search documents, papers, currency, and electronic data, which can’t possibly pose a direct threat to aviation safety or security, notwithstanding special statutory protection for many such items, “if criminal activity  is suspected” and even if the suspected crimes are unrelated to aviation safety or security.

But when its actions are challenged, the TSA claims that its searches are not conducted for general law enforcement purposes and thus are exempt from the FCTA provisions intended to hold those who conduct such searches legally accountable for torts (violations of civil rights) against individuals.

The 3rd Circuit judges took due note of these self-contradictory TSA claims, and of the consequences that would follow from accepting them as a basis for TSA impunity:

Consequences of Our Ruling

Before concluding, we note the implications of the choice before us. If TSOs [Transportation Security Officers] are not “investigative or law enforcement officers” under the proviso, then plaintiffs like Pellegrino are left with no avenue for redress. We have
already held (and correctly so) that TSOs are not susceptible to an implied right of action under Bivens for alleged constitutional violations, see Vanderklok, 868 F.3d at 209, so a Tort Claims Act action is the only remaining route to recovery. Without recourse under that Act, plaintiffs like Pellegrino will have no remedy when TSOs assault them, wrongfully detain them, or even fabricate criminal charges against them.

We look forward to seeing at least some TSA checkpoint staff found liable for damages for these sorts of actions in the wake of the 3rd Circuit’s en banc decision in Pellegrino v. TSA.