Papers, Please!

The Identity Project

May 10 2017

New long form proposed for (some) applicants for U.S. visas

The Department of State has requested “emergency” approval  from the Office of Management and Budget for a new questionnaire which some applicants for U.S. visas would be required to complete.

The questions on the proposed new “long form” for disfavored visa applicants would include:

  • Travel history during the last fifteen years, including source of funding for travel [how many frequent business travelers would be able to provide a complete and accurate 15-year retrospective itinerary of their travels?];
  • Address history during the last fifteen years;
  • Employment history during the last fifteen years;
  • All passport numbers and country of issuance held by the applicant [for an unspecified time period, so perhaps meaning for your entire life];
  • Names and dates of birth for all siblings;
  • Name and dates of birth for all children;
  • Names and dates of birth for all current and former spouses, or civil or domestic partners;
  • Social media platforms and identifiers, also known as handles, used during the last five years; and
  • Phone numbers and email addresses used during the last five years.

Applicants required to complete this form could include tourists and other short-stay visitors (business, visiting friend and relatives, etc.) as well as applicants for work, student, refugee, or other visas.

As with the “long form” supplemental questionnaire for U.S. citizens applying for passports, some but not all applicants for visas to visit or reside in the U.S. will be required to complete the proposed new form. The State Department says it expects to require about 65,000 people a year, or half a percent of all applicants for U.S. visas, to complete the proposed new long from.

As with the long form passport application, there are no publicly-disclosed standards or procedures for judicial review of decisions by State Department staff to require particular individuals to complete the long form. Those decisions would be “discretionary”, meaning that they would be arbitrary and could be discriminatory.

Most people would be unable to provide complete answers to some of the questions on the long from, or would inevitably leave things out or make mistakes that would provide a basis for denial of their application.  The proposed “discretionary” long form is thus a pretext for arbitrarily selective denial of entry to the U.S., at the whim of State Department staff and/or on the basis of secret pre-crime algorithms, as well as of arbitrarily selective surveillance of certain foreign citizens.

Comments on the “emergency” proposal for this new questionnaire can be submitted to the Office of Management and Budget through May 18, 2017.

Apr 27 2017

Is the TSA checking domestic airline passengers for warrants?

[Entities and data flows involved in decision-making (“vetting”) about travelers. Larger image, PDF with legend.]

The latest annual report on data-mining by the Department of Homeland Security contains a disturbing hint that the TSA may have gotten the ability to include checks for warrants and police “wants” in its “vetting” of passengers on domestic airline flights.

This would turn airline check-in counters and kiosks and TSA checkpoints for domestic air travel into dragnet suspicionless warrant checkpoints.

According to page 16 (page 19 of the PDF) of the newly-released 2016 DHS Data Mining Report, “An annex to this report containing Sensitive Security Information (SSI) about Secure Flight’s use of ATS-P is being provided separately to the Congress.”

What data from ATS, to which the TSA didn’t already have independent access,  is being used by the TSA as part of Secure Flight? For what purpose?

In the diagram above (larger image, PDF with legend), the solid green line shows the transfer of data from the FBI’s “National Criminal Information System” (NCIC) criminal history database to CBP’s “Automated Targeting System” (ATS) for use in “vetting” international airline passengers. The dashed green line shows the newly-disclosed transfer of ATS data to the “Secure Flight” system used by the TSA to “vet” domestic airline passengers. This could allow the TSA to check all domestic airline passengers for warrants and “wants” listed in NCIC, as CBP already has the ability to dos for all international airline passengers on flights to or from the US.

There is no explicit mention in the public portion of the DHS report of TSA use of NCIC data for decision-making (“vetting”) about domestic air travelers. But as the diagram above shows, almost all of the other data contained in ATS is already available directly to the TSA for use in Secure Flight. It’s not clear what data from ATS, other than criminal history data imported to ATS from NCIC, the TSA doesn’t already obtain directly without needing to get it from ATS.

Records of arrest warrants in NCIC are often inaccurate, as we have noted before. It’s especially common for the issuance of a warrant to be reported to the FBI for inclusion in NCIC, but for the later cancellation of that warrant not to be reported to NCIC. NCIC contains hundreds of thousands, perhaps millions, of listings for warrants that are no longer valid. Using TSA “vetting” of domestic airline passengers as a suspicionless dragnet for “wanted” individuals would inevitably result in the detention and arrest of many innocent people at TSA checkpoints on the basis of inaccurate NCIC data.

Normally, warrant checks are permissible only on the basis of reasonable articulable suspicion that a person has committed a crime. The current CBP checks of international travelers for warrants, police “wants”, and investigative “lookouts” have been permitted only as part of a judicially-created border exception to the 4th Amendment to the US Constitution. There is no comparable “airport exception” to the 4th Amendment that would allow suspicionless dragnet warrant checks on domestic travelers by the TSA. Travel is not an inherently suspicious activity. It’s the exercise of a Constitutional and human right, and cannot in itself be the basis for warrant checks.

Members of Congress should look closely at the secret annex to the 2016 DHS Data Mining Report, and question the DHS and TSA as to whether they are using, or intend to use, data obtained from NCIC (directly or indirectly through ATS or otherwise) to conduct warrant checks on domestic air travelers.

If any of our readers has information about someone being identified for arrest on an outstanding warrant (valid or invalid) on the basis of TSA “screening”, rather than on the basis of an independent police warrant check based on reasonable suspicion, please let us know.

Apr 21 2017

“Stand up to the corrupt Real ID Act”

[Guest commentary by Rep. Chris Tuck, Majority Leader in the Alaska House of Representatives, published in the Alaska Dispatch News, Fairbanks News-Miner, Juneau Empire, Mat-Su Valley Frontiersman, and Alaska Journal of Commerce]

I am disappointed that the Administration of [Alaska Governor] Walker has given in to the fear tactics and misinformation of the Department of Homeland Security and the Transportation Security Administration by putting forth legislation to make Alaska implement the Federal REAL ID Act and pay for it ourselves. It is my duty to set the record straight and make sure people have the facts they need to defend their rights.

The Department of Administration has been reporting that if we do not agree to comply with REAL ID we will not be allowed to use our state IDs to get through TSA checkpoints or to get on base. In reality there is no existing or proposed federal law or regulation requiring ID to travel at all.

A recent reply to a four-year-old Freedom of Information Act request to the DHS has shown that 77,000 people per year fly without ID, and only 2 percent who try are ever turned away. Not only that, it is the Pentagon and individual base commanders who decide what ID is required to get on base.

The Department of Homeland Security does not have authority over the Pentagon. That is why the DHS instead uses fear tactics and misinformation to try and force REAL ID on the states.

Read More

Apr 19 2017

Fly, Don’t Spy!

Last December, over our formal objections filed with the Department of Homeland Security, US Customs and Border Protection began asking foreign visitors to the US to fill out the online form, shown above, requesting their user names on social media platforms form Facebook to GitHub.

As of then, and as of now, answering this question is still “optional”, although there’s no guarantee that those who decline to respond won’t be denied entry.

However, new Secretary of Homeland Security Kelly has begun speaking publicly about wanting to require foreign visitors to provide CBP not just with their user names but also their passwords for social media and email accounts.

In response, we’ve joined several dozen other organizations in a Fly, Don’t Spy! campaign to oppose “any proposal to require visa applicants, refugees, or other foreign visitors to provide passwords for online accounts, including social media, in order to enter the United States.”

Please add your name to the petition and the coalition mailing list for updates and actions at FlyDontSpy.com, and help spread the word.

More background:

Apr 14 2017

U.S. citizen stranded in South America without a passport

Imagine that you’re a U.S. citizen. You were born in the USA. You’ve never been a citizen of any other country, and you have no birthright to any other citizenship.

Now imagine that you are abroad long enough that your passport begins to approach its expiration date. Naturally, you apply to renew it, leaving plenty of time. You have to surrender your old passport with the renewal application, but of course you expect to get your new passport shortly.

Now try to imagine that the State Department puts your passport renewal application into limbo — for almost three years (and still counting). Your application for a new passport is neither granted nor denied, so there is no explicit “decision” to appeal administratively or challenge in court.

Without a passport, you are trapped in whatever country you happened to be in when you applied to renew your passport. No other country is likely to let you in without a passport, nor will any airline let you on an international flight without a passport — not even to return to the USA.

If your visa or permission to remain in that country as a foreigner expires, or if you get into any situation in which you are you are required to show your passport, you are liable to be arrested and thrown into detention or deportation proceedings.

You keep going back to the U.S. Consulate to find out what is happening with your passport application. They tell you they don’t know. They suggest that you go to the end of the line by withdrawing your still-pending application, and starting over — putting your new application at the back of the years-long queue.

Eventually they get tired of putting you off, and order you — a native born sole U.S. citizen — to leave the U.S. Consulate, and not to darken their door again under pain of arrest. Arrest for what violation of what country’s laws, they don’t say.

You try to find a lawyer to hire, but this is outside the expertise or experience of any U.S. lawyer, and none wants to take on your case.

Is this a realistic scenario? Yes.

We’ve heard from more than one person in this situation — and not just the Yemeni-Americans we wrote about a few years ago.

Meet Daniel Bruno, man without a passport:

I was born in Manhattan…. I have a birth certificate…

In May of 2014, I walked into the US Embassy in Buenos Aires with my perfectly valid US passport that was due to expire in six months. I filled out the renewal forms, paid the fees, was interviewed and dismissed by Vice Consul Creaghe. I never had a US passport again because they would not renew it.There is, of course, much more to this story,… but the bottom line is that according to them, Americans have no right to a passport, no right to a nationality document and no right to return to the US… and I know this is illegal.

BTW, let me mention that I’m not wanted for a crime, back taxes, child support, etc….

I am actively seeking constitutional and civil rights lawyers who want to help me defend the rights of all of us.

We’ve met Daniel Bruno in person, and all of the documentation we’ve seen — both from him and from the State Department in response to a Privacy Act and FOIA request we helped him file — supports his account of his bureaucratic ordeal. (The State Department has provided only a partial response, which does not yet include any of the records from the consulate in Buenos Aires.) Is Mr. Bruno now an expatriate? Or has he been effectively exiled by the USA?

We aren’t able to represent Mr. Bruno. But if you are, or you know a lawyer who is, we’ll be happy to put you in touch.

Apr 13 2017

Yes, you can fly without ID

On average, 77,000 people each year — more than 200 a day — pass through TSA checkpoints to board airline flights in the USA without showing ID.

Ninety-eight percent of the would-be travelers who show up at TSA checkpoints without ID are allowed to board their flights. Only two percent are turned back.

The average time spent by the TSA “Identify Verification Call Center” in questioning each traveler without ID has been between seven and nine minutes.

Show up at the airport with no ID (or with ID that isn’t considered “acceptable” by the TSA), and there’s a 98% chance that you will be allowed to fly without ID, after an average of 7-9 minutes of additional questioning and a pat-down (which you would have gotten anyway if you didn’t consent to “virtual strip search” imaging) and search of your carry-on bags.

All this is according to internal TSA logs and summary reports on each person who tried to fly from 2008 (when the TSA started using its current procedures and form for people who fly without ID) through 2011. These reports were finally released to us, after four years of TSA foot-dragging, in response to a Freedom Of Information Act request we made in 2013.

So much for the false claims the TSA, the DHS, and their collaborators at state licensing agencies are making that people who live in states that don’t comply with the REAL-ID Act won’t be allowed to fly without “acceptable” ID.

It doesn’t matter whether your ID is “compliant” or “acceptable”. You can fly with no ID at all, and hundreds of people do so every day after what is typically only a brief delay.

Over the years, we have received a trickle of incident narratives, which have been helpful in understanding how the TSA deals with people who show up without ID and what data the TSA uses to make judgments about travelers. But these narratives are for exceptional incidents in which travelers were not quickly “verified” and allowed to proceed. The annual summaries (2008, 2009, 2010, 2011) were only released as the 14th and last batch of responses to our request. (The TSA illegally substituted PDF files of page images for the original spreadsheet or table files, making them much larger files and harder to tabulate. We will be appealing the TSA’s substitution of less-useful newly-created files for the originals, and failure to produce the files in their original format as we requested.)

We remain concerned, of course, about the 2% of would-be fliers without ID who are wrongly prevented from exercising their right to travel by air. The percentage is small (again, just 2% of the people who show up at TSA checkpoints with no ID or without “acceptable” ID), but it still comes to more than 1500 people a year, throughout the USA, whose rights are violated. States should not only say “no” to compliance with the REAL-ID Act, but start preparing now to defend their residents’ freedom of travel and to ask Federal courts to enjoin the DHS and TSA from any interference with that right.

Mar 21 2017

Alaska and the REAL-ID Act

We’ll be testifying (by teleconference) at hearings today in the Senate State Affairs Committee (3:30 p.m. ADT) and House State Affairs Committee (5:30 p.m. ADT) of the Alaska State Legislature on three state bills related to Alaska’s response to the Federal REAL-ID Act of 2005:

  1. SB34: Implementation of the federal REAL ID Act of 2005
  2. HB74: Implementation of the federal REAL ID Act of 2005
  3. HJR15: Encouraging repeal of the REAL ID Act of 2005

In 2008, shortly before the REAL-ID Act was scheduled to take effect (the DHS has repeatedly postponed that discretionary “deadline” as politically and practically unfeasible, most recently until 2020) the Alaska State Legislature enacted a state law prohibiting any state spending to implement the REAL-ID Act.

Now, in respond to Federal threats to interfere with Alaskan residents’ freedom of movement if the state government doesn’t upload information about all state license and ID-card holders to a national ID database, the state legislature is considering bills to authorize that spending and implementation.

It makes no sense for Alaska to call for repeal of a disliked Federal law of dubious Constitutionality, and simultaneously to authorize state spending to comply with that law, without first getting the courts to rule on whether the (unfunded) mandate for state action or the threatened sanctions against state residents are Constitutional.

As we say today in our written testimony to members of the House and Senate State Affairs Committees:

Alaska HJR15 is an important statement of support by the Alaska State Legislature for efforts in Congress to repeal the REAL-ID Act. But Alaskans and the State of Alaska cannot, and should not, merely sit back and wait for Congress to act.

No Federal law or regulations requires air travelers to show any ID. People fly without ID every day. But the TSA has indicated that it intends to propose regulations, revise TSA Standard Operating Procedures, and/or issue Security Directives to air carriers to require air travelers to show ID acceptable to the DHS in order to fly.

This threat poses a special danger to Alaskan residents, especially those in communities and locations not connected to the North American road network, and/or who rely on air transportation for access to essential and emergency services.

Unless and until this threat is withdrawn, Alaskan state authorities including the office of the Attorney General of Alaska should be preparing to defend any Alaska residents whose rights are interfered with by Federal agents.

And rather than waiting to intervene until after Federal agents start denying Alaska residents access to essential air transportation, the state should, as soon as it is ripe for adjudication, initiate litigation to prevent interference with residents’ rights.

It makes no sense for your state to capitulate, as these bills would have it do, in response to threats of Federal action action whose Constitutionality has yet to be tested.

It would be premature for Alaska to abandon its long-standing and well-founded opposition to the REAL-ID Act in response to DHS threats to interfere with the rights of state residents as a sanction for state noncompliance with the REAL-ID Act, while:

  1. A Federal ID credential, a passport card, is available to any U.S. citizen who qualifies for a REAL-ID compliant state ID, and can be used for any purpose for which a compliant state ID can be used as well as for surface travel to Canada;
  2. Legislation to repeal the REAL-ID Act or significantly mitigate the dangers of creating an uncontrolled national ID database is pending in Congress;
  3. No Federal statute or regulation requires air travelers to show any ID to fly, and residents of Alaska and other states continue to fly every day without ID;
  4. No regulations have been proposed that would require anyone to show ID to fly;
  5. No court has considered whether it would be Constitutional to require air travelers or passengers of other common carriers to show ID;
  6. Compliance with the REAL-ID Act would create special problems for Alaskan residents, especially residents of communities not accessible by road;
  7. The lack of alternatives to air transport gives Alaska a uniquely strong legal basis to challenge any Federal attempt to impose an ID requirement for air travel;
  8. More populous states that are manifestly not in compliance with the statutory criteria for REAL-ID Act database access have not been similarly threatened; and
  9. No court has ruled on the legality of the DHS arbitrarily exercising “discretion” to restrict the rights of residents of some noncompliant states but not others.

We urge the Alaska State Legislature to reject SB34 and HB74, stand firm in your opposition to the REAL-ID Act, and prepare to defend the Constitutional rights of Alaskans and all Americans to freedom of travel and movement, including by air.

Mar 15 2017

Palantir, Peter Thiel, Big Data, and the DHS

San Francisco and Silicon Valley are among the centers of opposition to President Trump and his fascism, especially as it relates to restrictions on movement, border controls, immigration, and asylum.

Bay Area technology companies and their better-paid classes of employees like to think of themselves as building a better world that reflects the distinctive values that have attracted dreamers and futurists to this region  from across the country and around the world. But some of these companies are key developers and providers of “big data” tools for the opposite sort of “Brave New World“.

On Saturday, Edward Hasbrouck of the Identity Project was invited to speak to an ad hoc group of picketers outside the Pacific Heights mansion of Palantir Technologies founder and Trump supporter Peter Thiel (photo gallery from the SF Chronicle, video clip from KGO-TV; more photos from the East Bay Express).

As Anna Weiner reported in the New Yorker (“Why Protesters Gathered Outside Peter Thiel’s Mansion This Weekend“):

David Campos, a former member of the San Francisco board of supervisors, who emigrated from Guatemala, in 1985, stood on the brick stoop and raised a megaphone. “The reason we’re here is to call upon the people who are complicit in what Trump is trying to do,” he said. Clark echoed the sentiment. “If your company is complicit, it is time to fight that,” she said. Trauss, when it was her turn, addressed Thiel, wherever he was. “What happened to being a libertarian?” she asked. “What happened to freedom of movement for labor?”

Edward Hasbrouck, a consultant with the Identity Project, a civil-liberties group, took the stand, wearing a furry pink tiger-striped pussyhat. “The banality of evil today is the person sitting in a cubicle in San Francisco, or in Silicon Valley, building the tools of digital fascism that are being used by those in Washington,” he said. “We’ve been hearing back that there are a fair number of people at Palantir who are working really hard at convincing themselves that they’re not playing a role — they’re not the ones out on the street putting the cuffs on people. They’re not really responsible, even though they’re the ones who are building the technology that makes that possible.”

It’s easy to rationalize the creation of technological tools by saying that they can used for good as well as evil. But you can’t separate the work of tool-making from the ways those tools are being used. Palantir workers’ claims to “neutrality” resemble the claims made in defense of IBM and Polaroid and when they were making and selling “general purpose” computers, cameras, and ID-badge making machines to the South African government in the 1970s. None of this technology and equipment was inherently evil. But in South Africa, it was being used to administer the apartheid system of passbooks and permissions for travel, work, and residence.

The same goes for “big data” today. To understand what’s wrong with the work being done by Palantir for the US Department of Homeland Security, it’s necessary to look not just at what tools Palantir is building but at how and by whom they will be used; not just at the data tools but at the datasets to which they are applied, the algorithms they use, and the outcomes they are used to determine.

Read More

Mar 06 2017

Asylum seekers and the right to travel

“If you have a current valid visa to travel, we welcome you. But unregulated, unvetted travel is not a universal privilege.” (US Secretary of Homeland Security John Kelly, March 6, 2017)

Taking his words literally, Secretary Kelly got it half right. But fundamentally, he got it all wrong, in his statement today on the #MuslimBan 2.0 Executive Order signed today by President Trump. (Here’s a redlined comparison with the #MuslimBan 1.0 Executive Order which it replaces.)

Travel by asylum seekers isn’t a universal “privilege”. It’s a universal right.

Much can, and no doubt will, be said about other aspects of today’s Executive Order. Most of our comments on #MuslimBan 1.0 apply equally to #MuslimBan 2.0, which will continue to be enforced (illegally) primarily by airline and travel agency staff at ticket offices and check-in counters at foreign airports.

But as defenders of the right to travel and of the rights of refugees and asylum seekers, we want to make sure that Secretary Kelly’s denial of the existence of these rights doesn’t go unchallenged:

Read More

Feb 27 2017

What should you to do if you are asked for your password at a US airport or border?

Our work is cited in an article today by Kaveh Waddell in The Atlantic, “How Long Can Border Agents Keep Your Email Password? Some data gathered from travelers going through customs can stay in a Homeland Security database for 75 years.

The article in The Atlantic highlights several recent incidents in which international travelers have been asked or ordered to tell US Customs and Border Protection inspectors the passwords to their electronic devices and/or online accounts. As in many encounters with law enforcement officers or other government agents, the distinction between a request and a command at an airport or international border is often unclear.

In one of these incidents, a Canadian would-be visitor to the US provided CBP with the password to his phone, but balked at providing the password to his accounts with LGBT dating apps and websites. He forfeited his ticket, and left the US “preclearance” site at the airport in Vancouver without boarding his intended flight to the US. A month later, when he tried again to fly to the US, carrying the same phone with the password unchanged, he found that CBP had recorded his phone password in their permanent file about him in the CBP “TECS” lifetime international travel history database.

This sort of data collection and data retention is wrong, but it’s also routine and should be expected.

For more than a decade, since DHS first disclosed the existence of its “Automated Targeting System” database, we’ve been providing forms you can use to request the files about you from TECS and other government databases, helping travelers interpret the (redacted and incomplete) responses from CBP, and reporting on what we’ve seen in the responses and how these dossiers are used in pre-crime profiling and control of who is “allowed” to fly and how they treated when they fly.

We’ve sued to obtain our travel records from CBP and information about how these databases are mined and shared by CBP and other government agencies.

After ignoring our requests for three years, DHS exempted the system from most of the requirements of the Privacy Act, including limits on data retention, when the agency realized we were about to sue.

Any disclosure to us of the government’s permanent files about our travel is now a matter of “discretion”, not a right, if we are US citizens, and expressly forbidden by an Executive Order of President Trump for anyone other than US persons.  As we told The Atlantic:

“Any limits would have to be derived directly from the Constitution or international treaties, not from statutes or regulations,” said Edward Hasbrouck, a travel expert and consultant to The Identity Project. “I am not aware of any case law limiting retention of this sort of data.”

Here’s what our experience and our research confirms: CBP officers are not your friends, and their job is not to help you. They are law enforcement officers. Their job is to find evidence of violations of the law, and/or reasons to deny you entry to the US. Anything you say to them can be retained and used against you at any time in the future, just like anything you say to any other law enforcement officers. You should expect that anything you have with you, anything you say, and anything you do at an international border, airport, or CBP checkpoint can and will be recorded. That information can and will be retained by DHS for the rest of your life. You could be questioned about it in any future encounter with CBP or other law enforcement or government agents, even many years later, and have it used against you or anyone else in court at any time, perhaps in ways you could never anticipate.

We’ve seen all sorts of information — irrelevant, inappropriate, and potentially subject to derogatory interpretations or giving rise to guilt by association — in CBP travel dossiers. We’ve been questioned at a US border crossing, years later, about completely inconsequential and legal events at another airport years earlier, because those were being recorded in the TECS database even during primary screening on a routine entry to the US by a US citizen.

What can you do, and what should you do, if you are asked to tell CBP agents any of your passwords?

We agree with all the lawyers consulted by The Atlantic: US citizens should not voluntarily provide passwords to US border guards or inspectors at airports.

Read More