Jun 22 2018

Arguments for and against TSA Form 415

We’ve finally begun receiving records from the TSA of how the public responded to the TSA’s proposal in 2016 to start requiring travelers to show ID in order to fly.

Since 2008, TSA and contractor staff at airport checkpoints have been demanding that some travelers who do not have ID, do not show ID to checkpoint staff, or show ID that is initially deemed “unacceptable” fill out and sign TSA Form 415, “Certification of Identity”, and answer questions about the information in the (secret) file about them maintained and made available to the TSA by the commercial data broker Accurint.

Before any Federal agency such as the TSA starts collecting information from the public, whether verbally or through a written form, the agency is required to obtain approval for the “information collection” from the Office of Management and Budget (OMB).

The TSA has never requested or obtained approval for any version of Form 415. But in 2016, the TSA gave notice that it intended to seek OMB approval for Form  415, and accepted comments on that proposal from the public by email. After submitting our own objections to the TSA’s proposal, the Identity Project made a Freedom Of Information Act (FOIA) request for the complete administrative record related to the TSA’s contemplated request.

The TSA has not yet actually submitted a request to OMB for approval of Form 415, but has continued to use it illegally without OMB approval.

In May 2018, we received a heavily redacted version of the TSA’s procedures for “ID verification” including use of Form 415.

Now we’ve received a first partial set of excerpts from the “administrative record” related to the TSA’s proposal, consisting mainly of comments submitted by the public.

Most of the comments were from civil liberties and human rights organizations opposed to the TSA’s proposal, including the Identity Project, the Cyber Privacy Project,  the Constitution Alliance, and the Electronic Privacy Information Center.

But the TSA also received comments questioning the TSA proposal from at least one state government, and a single frighteningly revealing comment urging the TSA to use even more intrusive measures to track people who try to fly without “acceptable” ID.

Read More

Jun 19 2018

Coding Amtrak’s collaboration with US Customs and Border Protection

We’ve received and posted the latest installment in a continuing trickle of responses to a Freedom of Information Act request  we made in 2014 for records related to Amtrak’s collaboration with US and foreign law enforcement and “border control” agencies.

The most recent batch of records released by Amtrak consists mainly of email correspondence between Amtrak IT staff responsible for supporting ticket sales through travel agencies  (most of which occur through computerized reservation systems), programmers with Amtrak’s in-house ARROW  reservation system, and Amtrak’s technical contacts at  the four major CRSs used by travel agencies: Sabre, Apollo, Worldspan, and Amadeus.

Most of these exchanges relate to Amtrak’s decision in 2005 to start feeding information about all passengers on cross-border (USA-Canada and Canada-USA) Amtrak trains to US Customs and Border Protection, and to require all passengers on these trains to provide Amtrak with passport or travel document info to pass on to CBP.

This was not required by any US law or regulations,  but was a voluntary decision by Amtrak. Some travel agents complained about this, but we’ve still seen no indication that they were given any answer about why Amtrak was doing this or what travelers or travel agents who didn’t want to provide this information could do. Amtrak’s own programmers were falsely told that this was required by order of CBP.

The messages we have received show that requiring travel agents to enter names and details of ID documents in PNRs for Amtrak travel created in the CRSs, and getting this information to flow through in standardized form to ARROW records and transmissions to CBP, proved more difficult than had been expected.

Read More

Jun 08 2018

“Governance” of the REAL-ID database

[Attendance at the most recent face-to-face (F2F) meeting of the AAMVA S2S Governance Committee, Milwaukee, WI, March 22, 2018]

We’ve been trying for years to find out who is really in charge of the national ID database being created to enable states that choose to do so to comply with the  Federal REAL-ID Act of 2005.

The national ID records system includes the SPEXS database and the S2S data network and system of central-site applications. S2S, including SPEXS, is operated by AAMVA (a non-governmental non-profit organization whose members are the directors of state driver licensing agencies) and Clerus Solutions (a for-profit  private contractor most of whose executives are revolving-door former staff of AAMVA).

But who is setting policy? Who decides what information from state drivers’ license and ID records is included in the central “pointer” database? Who decides what other entities are able to retrieve, mine, or otherwise obtain or use these records?

Are state governments really in control of their residents’ data once it is uploaded to the central site (outsourced to Microsoft as a cloud hosting provider)? Or is Is the US Department of Homeland Security, AAMVA, or Clerus Solutions in the driver’s seat?

Documents we’ve recently received in response to a request to the state of Alaska under that state’s public records law don’t answer many of our questions, but shed more light on on this little-known, aggregated, privately-held database of personally identifying information obtained from state records that already contains data about roughly 50 million US citizens and residents.

We also received explicit confirmation from the minutes of a June 2017 meeting (p. 64 of this PDF file) that AAMVA staff and state driver licensing officials expect that participation in S2S and SPEXS will be added to the criteria used by the DHS to determine whether to certify or re-certify states as “compliant” with the REAL-ID Act: The latest batch of records we received (see related records released to us earlier here) is a disordered jumble bundled into a single PDF file. Below are some of the other noteworthy details, with references to page numbers in this PDF file:

Read More

May 29 2018

More stupid questions for applicants for U.S. visas

The list of questions asked of applicantas for U.S. visas goes on for page after page, including:

  • Do you belong to a clan or tribe?
  • Are you or have you ever been a drug abuser or addict?
  • Are you coming to the United States to engage in prostitution or unlawful commercialized vice?
  • Do you seek to engage in espionage, sabotage, export control violations or any other illegal activity in the United States?
  • Are you a member of a terrorist organization?
  • Have you ever participated in genocide?
  • Have you ever been directly involved in the coercive transplantation of human organs or bodily tissue?
  • Have you ever committed torture?
  • Have you ever engaged in the recruitment or the use of child soldiers?
  • Are you coming to the U.S. to practice polygamy?
  • Are you a member of the Communist party?

Some of these questions are pointless. How many people have been denied admission to the U.S. because they volunteered that they were terrorists, torturers, or genocidists?

Others of these questions are vague, irrelevant, and/or intrusive.

Unfortunately, the list of questions asked of would-be travelers to the U.S. has grown ever longer, under both Democratic and Republican administrations.

In 2016, questions about social media identifiers were added to the online application for the Electronic System for Travel Authorization (ESTA), a sort of short-form electronic visa used by tourists and some short-stay business visitors from most-favored countries.

Now those same questions are being added to the printed and  online forms used by all other applicants for any type of visa to visit, transit, or immigrate to the U.S.

Today the Identity Project and five other national civil liberties and human rights organizations — Government Information Watch, Cyber Privacy Project (CPP), American-Arab Anti-Discrimination Committee (ADC), Restore the Fourth, Inc., and National Immigration Law Center (NILC) — filed comments with the Department of State objecting to this questioning as unconstitutional and contrary to international human rights treaties and Federal laws.

Read More

May 24 2018

DHS aggregating commercial biometric data and position logs

The DHS is proposing to expand its biometric identification and surveillance programs, and its collaboration with commercial entities in biometric-based surveillance, with the creation of a new database of “External Biometric Records” (EBR). EBR would include (1) biometric identifiers (such as facial photos, iris scans, fingerprints, DNA profiles, etc.) and (2) logs of the location, date, and time where each image or biometric sample is created.   EBR records would be aggregated from commercial sources, and available for use by all DHS components and sharing  with other Federal, state, local, and foreign entities.

The DHS is also proposing to exempt EBR from most of the requirements of the Privacy Act, including the right of individuals to find out what information about them is in the database and to what other government agencies or third parties it has been disclosed.

Today we filed comments, together with four other national civil liberties and human rights organizations — Government Information Watch, the Cyber Privacy Project (CPP), Restore the Fourth, Inc., and the National Immigration Law Center (NILC) — objecting to the DHS proposals as unconstitutional and contrary to Federal law.

Read More

May 20 2018

Who’s in charge of the REAL-ID database?

The state of Alaska has sent us a whopper of a “the records you have requested do not exist” response to one of our attempts to find out about government oversight (or lack thereof) of the private contractor operating the national ID database created to implement the REAL-ID Act of 2005.

Here’s what’s happened and why it’s significant:

One of the key goals and consequences of the REAL-ID Act is a national database of information about every drivers license or ID card issued by any of the states and territories that have chosen to “comply” with the (optional for states) Federal law.

This “SPEXS” database includes both compliant ID documents and “noncompliant” IDs issued to people who think they have opted out of being included in the national ID system. There are currently about 50 million records in this national ID database.

The SPEXS database is operated as part of the “S2S” system by a for-profit contractor to AAMVA, a “private” nonprofit corporation whose voting members are the directors of state driver licensing agencies (“DLAs” in AAMVA-speak).

According to AAMVA and officials of participating states, S2S including SPEXS is “governed” by an AAMVA subcommittee created in 2017 and consisting of representatives from DLAs in each state that has added its residents’ ID data to the SPEXS database. We don’t yet know how much actual authority the SPEXS governing body has, or how it exercises that authority.

SPEXS became a focus of attention in Alaska last year after we pointed out in testimony to the state legislature that the Alaska Department of Motor Vehicles had uploaded information about all Alaska drivers’ licenses and state IDs to SPEXS shortly before seeking legislative approval for the state to take actions to comply with the REAL-ID Act.

Read More

May 14 2018

Senators say US citizens shouldn’t have to submit to airport mug shots

Senators Mike Lee (R-UT) and Ed Markey (D-MA) have sent another joint letter to Secretary of Homeland Security Kirstjen Nielson renewing their objections to requiring US citizens to submit to mug shots (“facial recognition”) as part of a DHS “biometric exit” program for identifying and tracking international travelers departing from US airports and seaports.

The letter sent last Friday is a follow-up to an earlier letter six months ago, in which the Senators told the DHS that such a requirement for US citizens is “facially unauthorized”:

Most crucially, while Congress has repeatedly voted to authorize biometric entry-exit scanning of foreign nationals, it has never authorized biometric exit screening for U.S. citizens. In fact, Congress has pointedly neglected to authorize DHS to use the program on U.S. citizens for any purpose. Additionally, while airport infrastructure may not be conducive to separate boarding procedures for U.S. citizens and non-citizens, convenience should not be placed above congressionally mandated requirements. We are concerned that the use of the program on U.S. citizens remains facially unauthorized.

Read More

May 08 2018

TSA releases redacted ID verification procedures

Five years after we requested them under the Freedom Of Information Act, the TSA has released a redacted copy of its Identity Verification Call Center (IVCC) procedures for interrogation and “screening” of people who show up at TSA checkpoints without ID or with ID the TSA initially deems unacceptable.

Most of these people — 98% of them, according to summaries and logs eventually released to us by the TSA in response to our FOIA request — are eventually “allowed” by the TSA or TSA contractors to exercise their right to travel by common carrier, but only after being put through the TSA’s identity verification procedures.

The TSA’s Standard Operating Procedures for travelers without ID or with initially unacceptable ID include requiring them to complete and sign an (illegal) TSA Form 415, “Certification Of Identity” (COI), and playing a pointless game of 20 questions by telephone with the ID Verification Call Center to see if the traveler’s answers to questions match the information in the files secretly maintained by a commercial data broker, the Accurint division of LexisNexis (part of Reed Elsevier).

In 2013, we asked the TSA for its records of what happens to people who try to fly without ID or with ID that the TSA or its contractors initially deem unacceptable. As part of the same request, we asked for related email messages and policies.

The TSA dragged its feet for years, gradually releasing a trickle of redacted and scanned page-view images of derivative reports, but none of the email messages or reports.

A year ago, the TSA declared its munged partial response “complete”. We filed an administrative appeal, and six months later, the TSA’s appeal officer partially upheld our appeal and remanded our request for a further search for email messages and policies.

After eight more months, we’ve finally received a redacted image of the 2013 version (the version in effect when we first made our request) of the TSA’s ID Verification Call Center “Standard Operating Procedures”.

By the time the TSA finally looked for the email messages on which some of the reports were based, after our appeal was upheld, those messages had all been deleted:

No email messages pertaining to the responsive records were located. The email account utilized to prepare and distribute the TSOC reports was centralized into the National Transportation Vetting Center email account, and all emails created during that time associated with the TSOC reports already released to you have been deleted.

Ultimately, the  ID Verification SOP leaves the final decision on whether a would-be airline passenger is allowed to travel to the standardless discretion of the TSA staff person in charge for each airport, the Federal Security Director (FSD) or their designee.

There are some other curious statements between the redactions in the version of the  ID Verification SOP released to us by the TSA.

According to the SOP:

Under these procedures, passengers are required to produce acceptable identification to a TSA Screening Representative (TSR) before proceeding to the security checkpoint. Passengers who do not produce acceptable identification and who fail to assist TSA personnel in adequately identifying their identity will be denied entry.

There is no indication of the legal basis, if any, for this TSA claim that airline passengers have an affirmative duty to  “produce acceptable identification” or “assist TSA personnel in adequately identifying their identity”, or what the basis would be for denial of passage.

The SOP also contains a bizarre assertion in section 2.5.9 of the SOP that the COI form (TSA Form 415), which travelers without ID or with unacceptable ID are required to complete and sign, is “Sensitive Security Information” (SSI) which is “not to be circulated to the public” and which passengers must surrender to checkpoint or TSA staff on demand. The SOP doesn’t say how this form could be held to constitute SSI.

TSA Form 415 has already been made public in response to another of our FOIA requests, and the Paperwork Reduction Act requires that forms used to collect information from the public be published for comment before they are approved.

In 2016, after using Form 415 and its unnumbered predecessor illegally for years, the TSA published a notice that it planned to apply for approval of this form (to which we objected). But the TSA has yet to apply for, much less receive, the approval it would need before using this form.

Apr 30 2018

Is your drivers license or state ID in the national REAL-ID database?

One of the major goals of the REAL-ID Act of 2005 was to create, and to pressure state governments to participate in, a national database of drivers’ licenses and state-issued ID cards.

The REAL-ID Act requires that, “To meet the requirements of this section, a State shall … Provide electronic access to all other States to information contained in the motor vehicle database of the State.”

In practice, the only available or affordable way for a state to comply with this part of the REAL-ID Act is to participate in the “State-to-State” (S2S) data sharing system operated by AAMVA and built by an AAMVA contractor, Clerus Solutions. AAMVA says that, “For those states … choosing to comply with REAL ID… the Department of Homeland Security has indicated that participation in S2S will be required for the state to be REAL ID compliant. This is because… the law and regulations governing REAL ID include requirements for state licensing agencies to connect their databases.”

Despite its name, which might be taken as implying that it is merely a messaging system, S2S relies on a centralized national database, “SPEXS”, which contains a record for each  drivers’ license  or ID card issued by any participating state or territory.

The DHS has been certifying states and territories as “compliant” with the REAL-ID Act, without regard for whether they have complied with this provision of the Federal law.

But that begs the question of how many states have uploaded information about how many of their residents to the national database in order to comply with the REAL-ID Act.

Are records of drivers’ licenses and ID cards issued by your state or territory already included in the national database? If not, when will they be?

Read More

Apr 27 2018

DHS still using American Samoans as “REAL-ID” guinea pigs

When last we checked in on the status of DHS threats to harass residents of states and territories that haven’t been sufficiently “compliant” with the REAL-ID Act of 2005, the focus was on the territory of American Samoa.

The REAL-ID Act applies to the District of Columbia and five US territories as well as to the fifty US states. American Samoa is the most distant from the US mainland and one of the smallest in population of these US territories, and is the only place subject to the REAL-ID Act whose native-born residents are not US citizens. There are only two scheduled airline flights a week between American Samoa and any other US state or territory.

Perhaps for these reasons, the DHS in its infinite wisdom unreviewable discretion chose to make American Samoa the test of its threats to “enforce” the REAL-ID Act.

Every other state or territory was either certified as sufficiently compliant with the REAL-ID Act (even though few of them are) or given an extension of time to show a more compliant attitude. But the DHS invoked its REAL-ID “nuclear option” on American Samoa, announcing that  effective February 5, 2018, “a driver’s license or ID issued by American Samoa (AS) will no longer be an acceptable document to board a federally-regulated commercial aircraft.” Air travelers showing ID cards issued by the government of American Samoa are subject to additional “ID verification” and/or “screening” (searches).

So how has the DHS effort to make an example out of American Samoa fared? And what can other states and territories learn from this example?

Basically, (1) the sky didn’t fall, and (2) the DHS blinked (again). The message to other states is that they shouldn’t be panicked into “compliance” by empty DHS threats.

Read More