Jan 07 2019

Amtrak thinks it’s OK to spy on passengers because it makes the trains run on time

Buried in the final 500-page PDF file of redacted and munged e-mail messages released by Amtrak in December 2018 in response to a FOIA request we made in 2014, we got the first hint at an answer to one of the questions that originally prompted our request:

What did Amtrak  think was its legal basis for requiring passengers to show ID and provide other information, and for handing this data over to DHS components and other police agencies for general law enforcement purposes?

When US Customs and Border Protection (CBP) asked Amtrak to start transmitting passenger data electronically, it described this as a request for “voluntary” cooperation, noting that while the law requires airlines to collect and transmit this data to CBP, “these mandates do not currently extend to land modes of transportation” (as they still don’t today).

Despite this statement from CBP, someone at Amtrak came up with a way to describe the changes to Amtrak’s systems and procedures to require ID information in reservations for all international trains, and to transmit this data to CBP,  as “required by the U.S. Department of Homeland Security (DHS)” and as “being mandated by the US Border Inspection Agencies [sic].”

In 2004, an Amtrak technology manager was asked, “Do you know if such a [Federal] mandate [to collect information about passengers] exists, or is Amtrak not obliged to participate in this program?”

The unnamed Amtrak IT manager’s response was that:

By statute, the federal government … in cooperation with Amtrak “shall maintain, consistent with the effective enforcement of immigration and customs laws, en route customs inspections and immigration procedures for international intercity rail passenger transportation that will (1) be convenient for passenger; and (2) result in the quickest possible international rail passenger transportation.” 49 USC 24709.

In other words,someone at  Amtrak thinks it’s not merely permitted but required by this provision of Federal law to implement whatever level of intrusiveness of data collection and data sharing will make international trains run more quickly.

It’s arguable, to say the least, whether Congress intended this law as a mandate for ID credentials or data collection, whether collection of passenger data prior to ticketing actually expedites international trains (compared to, as used to happen, conducting customs and immigration  inspections onboard while trains are in motion), or whether demands for ID and passenger information are consistent with the clause of this section requiring that measures taken be “convenient for passengers”. But someone at Amtrak seems to have interpreted this statute as such a mandate, and represented it as such to other Amtrak staff and contractors.

Are there any limits to what information or actions Amtrak would think is required of passengers on international trains, if  that would keep US and Canadian border guards from stopping or delaying trains at the border for customs inspection?

Questions about whether Advance Passenger Information (APIS) was required had been asked not only within Amtrak but by Amtrak-appointed travel agencies, as was relayed to Amtrak by a product manager  for the “Worldspan by Travelport” reservation system:

There’s no indication in the documents we received as to whether this Worldspan subscriber, or any other travel agency, was given any answer to this question.

Notably, no legal basis whatsoever for requiring ID from passengers on domestic trains was mentioned anywhere in the records we’ve received from Amtrak. Nor were any records released that related to Amtrak’s privacy policy, or the legal basis for it, although such records were covered by our request.  We’re still following up with Amtrak on this and other issues, and will file administrative appeals if necessary.

As part of Amtrak’s response to a separate FOIA request, however, we’ve received a redacted copy of Amtrak’s internal directive to staff regarding passenger ID requirements. According to this document, Amtrak stopped requiring passengers to show ID in order to buy tickets as of October 25, 2017.  But no records related to this change, or the reasons for it, were released in response to our request.

Amtrak train crews are supposed to check ID of a randomly selected 10% or 20% of passengers. In our experience, however, Amtrak staff rarely require any passengers to show ID.

Although Amtrak is a Federal government entity, Amtrak’s of list of acceptable ID is much more inclusive than the list of ID that comply with the REAL-ID Act. Amtrak’s list of ID acceptable for train travel includes, among other acceptable credentials, any ID issued by a public or private middle school, high school, college, or university, and drivers’ licensed issued by US states and territories to otherwise undocumented residents.

Amtrak even accepts a “California state issued medical marijuana card“, which doesn’t have the cardholder’s name, only their photo. We’ll leave it as an exercise to our readers to figure out what relationship Amtrak thinks there is between being eligible for medical cannabis and being eligible for Amtrak train travel.

The most reasonable inference is that someone at Amtrak has decided that Amtrak should make a show of requiring ID, but that others at Amtrak don’t really want to turn away travelers without ID. Perhaps they recognize that travellers who don’t have or don’t want to show ID are a valuable Amtrak customer demographic.

Read More

Jan 04 2019

Issues for the revitalized Privacy and Civil Liberties Oversight Board

With its recent revival, the Federal government’s Privacy and Civil Liberties Oversight Board (PCLOB) has a chance to take a fresh look at how far the USA has gone since 9/11 in implementing a combination of “pre-crime” policing (à la Minority Report) and “social credit scoring” integrated with commercial service providers (à la China) as a means of control of what people can and cannot do, and where they can and cannot go.

The PCLOB didn’t have a quorum since early 2017, and was down to only one member. But three new members were confirmed in October 2018. An Executive Director – who may end up with longer-term influence than the members of the Board, especially given that the new members weren’t appointed and confirmed until just three months before one of their terms is scheduled to end – is currently being hired. Civil libertarians able to obtain a security clearance and willing to relocate to DC are encouraged to apply.

>What should the PCLOB focus on, with its limited time and resources? The PCLOB is an advisory committee with neither legislative nor prosecutorial authority. The best use it can make of its limited mandate is to ask hard questions and raise issues that Federal agencies won’t otherwise acknowledge or address.

The TSA and DHS were created in haste after 9/11 without consideration of the privacy and civil liberties implications of their new activities, many of which have never been explicitly approved by Congress. The reactivation of the PCLOB after the latest hiatus is a chance to take a fresh look at the big picture of what these agencies are doing, and what this means for privacy and civil liberties. It might be tempting to focus on “emerging” threats, but the first priority should be to assess the DHS surveillance and control systems that are already in place:

  1. Conversion of state licensing of motor vehicle operators into a national ID system. More than a decade after Congress enacted the REAL-ID Act of 2005, we are entering the endgame of DHS efforts to pressure states into participating in an outsourced, privately-operated, national ID database created to enable compliance with the REAL-ID Act. SPEXS already includes records sourced from states about more than 50 million Americans, but is not subject to any direct government control and has never been the subject of any publicly-disclosed review of its implications for privacy and civil liberties.

  2. Mass surveillance and permission-based predictive control of movement and travel. Congress has never debated whether air travelers should be required to identify themselves,whether the government should keep histories of innocent citizens’ movements (compiled from commercial airline reservations for common carrier travel, license plate readers for travel by private vehicle, and facial recognition for pedestrian movement), or whether existing judicial mechanisms for restricting the right to travel and movement through injunctions or restraining orders should be replaced with secret, extrajudicial administrative prior restraint and similar orders. How has travel been transformed from a right to a privilege exercised only by government permission? How does this implicate the 1st Amendment right to assemble and the right of freedom of movement recognized by international human rights treaties? How widely, and with what implications for privacy and civil liberties, has the precedent set by real-time “pre-crime” predictive control of travel expanded to other activities and transactions?

  3. Suspicionless dragnet administrative searches. Today, the most common hands-on interaction between a Federal agent and a person not suspected of any crime is a TSA pat-down. But there’s never been any comprehensive review of the legality or the implications for privacy and security of the proliferation of suspicionless administrative searches since the creation of the DHS and TSA: security theater in airports, warrantless searches at internal checkpoints (domestic airports, CBP roadblocks on roads that don’t cross the US border, and attempts to claim the right to impose searches on the public in other forms of transportation.

There’s much more that we and others could say about each of these issues, if the PCLOB choses to consider them. But the first challenge for the PCLOB is whether it will tackle these big-picture issues.

Jan 03 2019

Plaintiff in first no-fly trial wins another appeal on attorneys’ fees and government lawyers’ bad faith

Fourteen years to the day after she discovered she was on the no-fly list when she was arrested at SFO, and five years after her legal victory in the first trial of a challenge to a government no-fly order (a Pyrrhic victory as she has still been denied a visa to return to the US), Dr. Rahinah Ibrahim won a third decision in her favor in the same case in 9th Circuit  Court of Appeals yesterday, this time en banc and on the issue of reimbursement by the government of Dr. Ibrahim’s attorneys’ fees and costs.

Read More

Jan 02 2019

Who’s paying for the national ID database?

As part of a flurry of overdue year-end responses to our Freedom Of Information Act (FOIA)  requests, we’ve gotten some curious messages about Federal government funding for SPEXS, the national database of drivers’ license and state ID-card data being created — with no apparent consideration of its impact on privacy and civil liberties — to enable states to comply with the Federal REAL-ID Act of 2005.

The DHS continues to claim that SPEXS isn’t a Federal database: “REAL ID does not create a federal database of driver license information.” But we know that much of the funding for the SPEXS database and the “State-To-State” (S2S) system of which it is a component has come from Federal grants laundered through grants to states and then reassembled by the American Association of Motor Vehicle Administrators (AAMVA) to pay the contractors building and operating the database and network.

Read More

Dec 17 2018

Do you need ID to get OFF a plane?

We’ve reported on several legal challenges to demands for ID as a condition of boarding airline flights.

But what about demands for ID after such a flight, as a condition of disembarking or leaving the airport at your destination?  Is such a demand legal? Must you comply?

The first court case we are aware of to raise this issue began when DHS law enforcement officers from US Customs and Border Protection (CBP) blocked the only exit from a Delta Airlines plane when it arrived at its gate at JFK Airport in February 2017 after a flight from San Francisco, and required passengers to show ID before they were allowed to leave the plane.

Several passengers, represented by the ACLU, sued the DHS, the CBP and the responsible officials, supervisors, and front-officers in Federal court for the Eastern District of New York, which covers Brooklyn, Queens (where JFK Airport is located) and Long Island.

The plaintiffs in the lawsuit, originally Amadei v. Duke and now Amadei v. Neilsen, complain that the demand for ID violated their 4th Amendment right to be free from unreasonable searches and seizures. They also complain that the DHS policy or practice of demanding ID from some passengers disembarking from domestic airline flights was adopted without complying with the due process requirements of the Administrative Procedure Act (APA).

The first significant — although far from final — ruling in the case came on December 13, 2018. The District Court rejected government motions to dismiss the complaint. Judge Nicholas Garaufis found that the passengers had raised sufficiently credible allegations of violations of the 4th Amendment and the APA to entitle them to their day in court.

Read More

Dec 12 2018

The Department of “Mother, May I?”

[Federal Probation System Form PROB-37, “Permission To Travel”. Note that even as used for probationers, this form is illegal: It lacks the required OMB approval, OMB control number, and Paperwork Reduction Act notice.]

Have all travelers become convicted criminals subject to court supervision, who have to apply in advance for permission from the government every time they want to travel?

And does the US government have extraterritorial jurisdiction over travel worldwide?

Apparently so, at least in the eyes of the Department of Homeland Security.

Case in point: The National Vetting Center (NVC).

The NVC was established pursuant to President Trump’s February 2018 executive order NSPM-9. The “vetting” in the name is what President Trump has referred to as “extreme vetting” of immigrants and non-US citizens visiting or transiting the US. The first use of the NVC will be to “vet” citizens of countries in the US Visa Waiver Program applying for ESTA permits (online visas) to travel to the US.

The NVC is an inter-departmental body coordinated by a DHS component, US Customs and Border Protection (CBP), and this week the DHS has published a Privacy Impact Assessment (PIA) and released a redacted version of the  Implementation Plan for the NVC.

Here’s how the DHS describes the purpose and role of the NVC:

Every day, the U.S. Government determines whether to permit individuals to travel to and enter the United States…  and consider other actions…. The U.S. Government has developed several different processes and procedures to evaluate an individual’s suitability for access to the United States or other travel- or immigration- related benefits against information available to the U.S. Government (generally referred to as “vetting”)….Creating, maintaining, and facilitating the operation of that process is the primary mission of the NVC.

As even this summary self-description shows, the NVC is founded on a fundamental disregard for human and Constitutional rights.

Read More

Dec 03 2018

Smile, travelers! You’re on candid DHS cameras.

The Department of Homeland Security has posted the latest update to a series of Privacy Impact Assessments attempting to whitewash the invasions of privacy and human rights inherent in a comprehensive system of automated facial identification of travelers.

The latest PIA reveals more than the DHS has previously admitted about the nature and scope of its planned use of automated facial ID technology.

The DHS plans to use image data aggregated from commercial surveillance systems operated by airlines and airports, as well as DHS cameras, including non-obvious cameras, to identify air travelers (including both domestic and international travelers), international ferry and cruise passengers, and travelers crossing US land borders in vehicles or on foot.

Automated identification of travelers based on facial images would be used as the basis for who is, and who is not, allowed to travel, based on travel histories and algorithmic “risk assessments” that form the US counterpart of, and predecessor to, China’s control of  travel and other activities through facial recognition and “social credit” scoring.

The latest PIA makes a variety of claims about how the risks to privacy and human rights inherent in this scheme will purportedly be “mitigated”. Some of these “reassurances” are implausible, while others are already contradicted by the facts on the ground. And none of them would cure some of the ongoing violations of Federal law in current DHS practices.

Read More

Nov 21 2018

REAL-ID database still lacks basic protections

[As of August 2017, this was one of the two highest priorities for the SPEXS/S2S governance committee — but still unresolved.]

There is still no way to find out whether there’s a record about yourself in the national REAL-ID database, or what information that record contains, or to correct it. This has been recognized as a priority by the state officials who indirectly “govern” the contractors who operate the database. But years have passed, and nothing has been done to address the problem, even as the database has grown to include information about more than 50 million US residents.

How has this been allowed to happen?

The most significant requirement for US states and territories that choose to comply with the Federal REAL-ID Act of 2005 is participation in the national ID database, SPEXS.

But while SPEXS has been developed to enable state submission to Federal requests, development and operation of the SPEXS has been outsourced to the American Association of Motor Vehicle Administrators, a nominally-private nonprofit corporation, and a for-profit AAMVA contractor, Clerus Solutions. Neither AAMVA nor Clerus Solutions are directly subject to any Federal or state government transparency laws.

Federal funding for SPEXS from the DHS has been laundered through grants to states, keeping the Feds at arms length from AAMVA, Clerus Solutions, or any direct oversight of, or accountability for, SPEXS. We have requested DHS records of these grants, but the DHS has yet to produce them. Just today — well after the deadline for the DHS to respond to our request  — we got a message  claiming that the FOIA office to which our request has been referred isn’t sure what we want, and asking us to “clarify” our request.

In the meantime, the main sources of information about the build-out of SPEXS into a comprehensive national database of drivers licenses and state-issued ID cards have been responses to requests to state driver licensing agencies (DLAs in AAMVA-speak) under state public records laws.  If you want to request these records from your state DLA, here’s a 2017 list of state points of contact for participants in SPEXS and the AAMVA subcommittee for privatized “governance” of SPEXS.

This list is part of the latest batch of records released by the Wisconsin Department of Motor Vehicles (the first participant in SPEXS) in response to a  request under that state’s open records law.

Among other details, these records confirm that as recently as August 2017, AAMVA still had not  agreed on any procedure by which an individual could find out whether there is a record about them in the SPEXS database, or what information it contains. No system for handling access or correction requests had been established, even though by that time the SPEXS database contained information about 50 million people.

We asked AAMVA’s Chief Privacy Officer about this in early 2016. Nothing was done. Members of the S2S/SPEXS governance committee were polled in 2017, and identified this as one of their two highest priorities. Still, another year later, nothing has been done. Read More

Nov 14 2018

OIG confirms State Dept. broke its own rules when it seized US citizens’ passports

A report released earlier this month by the State Department’s Office of Inspector General confirms that, as we and others began reporting in 2013 and 2014, State Department staff  “failed to comply with relevant procedures intended to safeguard the rights of U.S. citizens” when they summarily seized or retained the passports of US citizens who sought consular assistance at the US Embassy in Sana’a, Yemen.

Because of incomplete and inconsistent record-keeping and shifting stories told to OIG investigators by State Department staff, the OIG was unable to determine how many US citizens were improperly deprived of their passports, or for how long.

The consequences for these Yemeni-American US citizens were especially dire because many of them were seeking to leave Yemen to escape the escalating civil war and foreign military interventions in Yemen (some of which were backed by the US and its allies).

Without passports, these US citizens were unable to travel legally from Yemen  to other countries, or to return to the US. They were forced either to remain in increasingly war-torn and dangerous Yemen, or use dangerous illegal means of transport to escape.

The de facto policy of the US Department of State as early as 2013 — even before the inclusion of Yemen in the 2017 Muslim ban executive orders — appears to have been to define anyone with Yemeni ancestry, regardless of citizenship, as an enemy of the US, and to use all available legal or illegal methods to deny them US passports. Typical tactics included putting applications by Yemeni-Americans for new or renewal passports into indefinite limbo, and indefinitely retaining US passports presented to consular officials at the US Embassy in Sana’a.

Typically, no formal decision that would be readily subject to judicial review was made. Even when a passport was revoked or an application for a passport was denied, the affected citizen often wasn’t notified until months or years later.

Several lawsuits were brought challenging the denials and delays in issuing, renewing, or returning passports. At least one case led to a  court order for the return of a US passport seized in Sana’a. But the government was able to evade judicial review of most of its passport denials and seizures by reversing its decisions and dropping charges or issuing delayed passports once its victims lawyered up and made it to US courts.

Despite the fairly scathing  report by the OIG, there’s no indication that any of the responsible State Department officials — either at the embassy in Yemen or making policy and directing practices from the US — have lost their jobs, much less been prosecuted, for conspiring to deprive US citizens of their fundamental rights, in circumstances where the ability to exercise those rights could be a matter of life and death.