Papers, Please!

The Identity Project

Oct 02 2017

FAQ: U.S. government monitoring of social media

Is the U.S. government monitoring social media?

Yes. Since December 2016, all visitors to the U.S. under the “Visa Waiver Program” (VWP) have been asked to identify the social media IDs they use to the Department of State on the online ESTA form. In several recent notices in the Federal Register, and in official statements in response to questions about those notices, the Department of Homeland Security has confirmed that it already searches for and reviews information about individuals from social media.

Why is the U.S. singling out immigrants and visitors for this surveillance?

The U.S. government is targeting foreigners first because they are legally more vulnerable. Under U.S. law, foreign visitors and immigrants have often been held to have fewer rights than U.S. citizens. We don’t think this is the way it ought to be, and we don’t think this is even a correct reading of the U.S. Constitution and the human rights treaties that the U.S. has ratified. But this is often the way that courts have ruled. Most acts of terrorism in the U.S., like most crimes of any sort, are committed by U.S. citizens. Most of those criminals are white, and most of them are Christian, not that this should matter either. In practice, the government knows that it is more likely to be able to get away with surveillance of foreigners — on social media or in any other realm — than with surveillance that targets U.S. citizens equally or that focuses on, say, white Christian nationalist domestic sources of terrorism.

The Federal government also appears to be motivated by a profound xenophobia. It regards foreigners, communications or association with foreigners, and foreign travel as per se suspicious and thus as justifying more intrusive search, seizure, interrogation, interference, etc. Instead, these activities should be seen as the exercise of rights recognized and protected by Federal laws, the First Amendment and other provisions of the U.S. Constitution, and international treaties. As such, they should be specially protected, not subjected to special surveillance.

Does this social media surveillance include U.S. citizens and green-card holders?

Yes. Social media is, by definition, social. It’s about connections and communication between people, not individuals in isolation. Social media networks aren’t defined by national borders. (Except in countries like China where repressive government block access to “foreign” social media to keep their citizens isolated from the thinking of the rest of the world.) Even if only non-U.S. persons are targeted, surveillance of social media will inevitably suck in information about U.S. citizens and permanent residents who are “associated” with foreigners on social media. Whoever you are, that probably includes you. Do you know which of your Facebook “friends” or Twitter followers or the people who post comments on your page are U.S. citizens or permanent U.S. residents, and which of them aren’t? We don’t, and we don’t believe the U.S. government does either. There is no way that government agents, whether human or robotic, could contain social media surveillance to foreigners even if they tried. The rights of U.S. citizens and permanent residents will be collateral damage whenever foreigners are attacked.

Is this limited to people who are suspected of immigration violations or other crimes?

No. What is being practiced already, and what is being expanded, is dragnet social media surveillance. The Department of State is already asking every applicant for admission to the U.S. under the VWP for their social media IDs. The social media surveillance authority claimed by the DHS, and the practices described in its recent notices, are not limited to specific persons of interest. The DHS and other law-enforcement agencies already have the authority to subpoena records from social media service providers if there is probable cause for suspicion that any crime has been committed, including but not limited to criminal violations of U.S. immigration laws. What’s happening now and expanding is additional surveillance of people who are not (yet) under any particularized suspicion.

The U.S. government’s interest in social media can best be understood in the context of other programs of automated suspicionless dragnet surveillance. The NSA collects metadata about the movement of our messages from telephone companies and and Internet service providers. The DHS collects metadata about the movements of our bodies from entry/exit and border crossing logs and reservation records obtained from airlines, Amtrak, and other travel companies. Why not add metadata about our associations and activities on social networks — IDs, posting histories, keywords and tags, social network maps, etc. — to that data lake?

If I’m not doing anything wrong, do I have anything to worry about?

Yes. Activities that are legal in the U.S. may be illegal in other countries, and the U.S. government claims the right to share the fruits of social media surveillance, and the blacklisting and other conclusions drawn from them, with other governments around the world. Activities that are legal today could become illegal tomorrow. People with whom you are associated, but who you may not know and may never have met, may come under suspicion in the future. Any information the government has can be used against you. Things that you say or people with whom you are “associated” on social media say could result in your being assigned a pre-crime predictive “risk score” that leads to your being placed on a government blacklist (“watchlist”) or subjected to other government sanctions, even if you are never suspected or accused of any crime. The algorithmic criteria for blacklisting, the data used as the basis for blacklisting decisions, and the lists themselves are all secret. You know you are on a blacklist only when you are unexpectedly prevented from exercising your right to travel or other rights. Read More

Sep 24 2017

Muslim Ban 3.0 blaimed on ICAO passport standards and “ID management”

Invoking memes that we’ve seen and warned about before under both Democratic and Republican administrations, President Trump has attributed the latest version 3.0 of his “Muslim ban”announced today (proclamation, FAQ, explainer) with the need to comply with ICAO and INTERPOL standards for passport issuance, “identity management”, and data sharing about travelers — as though US immigration and asylum policy should be determined by an international technical body for aviation operations, as though such a body has the authority to override US treaty obligations to freedom of movement and “open skies“, and as though predictive pre-crime profiling based on “biographic and biometric data” can be substituted for judicial fact-finding as a basis for denial of the right to travel.

We hope that seeing the “Muslim Ban 3.0” blamed on ICAO standards will lead human rights advocates to pay more attention to ICAO’s standard-setting role and opaque decision-making process in non-aviation matters such as passports, identity management, and data sharing.

Read More

Sep 19 2017

Amtrak lied to travel agents who questioned ID requirements

The encouraging disclosure in the latest installment of documents released by Amtrak in response to one of our Freedom Of Information Act (FOIA) requests is that some travel agents resisted Amtrak demands that they collaborate in surveillance, profiling, and control of train travelers by entering passport or ID numbers and details in each reservation for cross-border Amtrak travel.

According to an email message to Amtrak from a product manager at Worldspan (one of the major computerized reservation systems), “We have one subscriber [i.e. a travel agency that uses Worldspan] that has checked the Federal Register and is quoting ‘chapter and verse’ that it is not mandated … to provide the data”:

Some travel agents pushed back repeatedly, read the official notices and instructions to travel agents about the rail API program carefully (and correctly), and made a travel agency “policy decision of non-provision” of ID data about their customers:

Kudos to the unnamed travel agencies that refused to help the government spy on their customers and called Amtrak on its lies that this was required.

Read More

Sep 18 2017

TSA says it doesn’t know how to copy files

We’ve gotten used to delays, obstruction, and slander from TSA privacy and Freedom Of Information Act (FOIA) officers. Sometimes it’s hard to tell whether these result from incompetence, under-staffing, lack of diligence, mendacity, malice, or some combination of these and/or other factors.

The latest in these TSA FOIA follies is a letter we got last week from the TSA’s FOIA appeal officer, saying that the TSA doesn’t know how to copy computer files, and doesn’t know the names of any of the files on their computers or any other filesystem information or metadata about those files:

You assert that TSA should be able to reproduce digital files as bitwise copies. TSA does not maintain records in bitwise format nor can we produce records in such a format. Additionally,… the file or filesystem data or metadata from the raw format of the records are not available.

Where does this nonsense come from? Do the officials making these statements really believe them, or expect us to?

Read More

Sep 13 2017

Federal court can review the Constitutionality of Federal blacklists

A Federal judge has ruled that yes, he can review the Constitutionality of Federal blacklists (euphemistically but misleadingly labeled “watchlists”).

That should be an unsurprising finding. But “pre-crime” and predictive policing programs, including decisions to put people on blacklists that are used to control what they are and aren’t allowed to do, have largely operated in secrecy and outside the rule of law.

Rather than defending blacklisting programs or individual blacklisting decisions, the Federal government — under both Democratic and Republican administrations — has consistently argued that it should not be required to disclose, explain or defend these decisions, the identity of the decision-makers, the criteria for their decisions, or the “derogatory” information on which these decisions are purportedly based, either to the people who have been blacklisted or to the courts.

Too often, even sixteen years after 9/11/2001, courts still traumatized by memories and fears of 9/11 have acquiesced to these Executive-branch claims that the conduct of the “war on terror” is exempt from judicial review.

In this context, the decision last week by Judge Anthony Trenga of the U.S. District Court for the Northern District of Virginia, rejecting the government’s motion to dismiss a lawsuit by blacklisted Muslim Americans, is one of the most significant steps to date toward legal accountability for the DHS and its accomplices in the war at home against Americans secretly accused and extrajudicially sanctioned through Federal blacklisting.

The decision comes in a case brought by the Council on American-Islamic Relations (CAIR) on behalf of 24 individuals and as as a class action on behalf of all those who have suffered adverse consequences as a result of arbitrarily and without due process being named on Federal blacklists (“watchlists”) . As we reported when this case was filed last year, it’s the most fundamental challenge to date to the Constitutionality of the entire scheme of DHS and FBI pre-crime blacklists based on secret administrative procedures and algorithms rather than on court orders such as criminal convictions, injunctions, or restraining orders.

Read More

Sep 11 2017

California DMV proposes to “comply” with the REAL-ID Act

On September 1, 2017, the California Department of Motor Vehicles quietly published a notice of proposed regulations that would purportedly allow the California DMV to issue drivers licenses and state ID cards that would be “compliant” with the Federal REAL-ID Act of 2005:

For many years, the California DMV has appeared intent on eventual “compliance” with the REAL-ID Act, regardless of whether that compliance was authorized by the legislature. The current DMV rulemaking proposal to bring California into “compliance” with the REAL-ID Act by administrative fiat is the latest and most significant step along that path, and a disturbing effort to bypass legislative debate.

We encourage all Californians who are concerned about freedom of movement, Federal commandeering of state agencies to function as agents for enforcing Federal restrictions on individual rights, and lack of transparency, oversight and accountability for biometric and ID databases to submit comments opposing the proposed regulations and, if you can make it to Sacramento, to testify at the hearing on October 16th.

Read More

Sep 08 2017

No US passports for “terrorist sympathizers”?

Bills are moving forward in both houses of Congress which, if approved, would mandate the administrative, extra-judicial revocation, non-renewal, and refusal of issuance of a US passport to any US citizen, even if their citizenship is unquestioned and they have been accused of no crime, but “whom the Secretary [of State] has determined is a member of or is otherwise affiliated with an organization the Secretary has designated as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act (8 U.S.C. 1189).”

The proposed legislation would leverage administrative determinations related to immigration (which US courts have allowed to be largely exempted from judicial review insofar as they only affect foreigners who aren’t considered by the US to have the same human rights as US citizens) to impose a categorical ban on certain US citizens leaving or entering the US except at the (standardless, i.e. arbitrary) “discretion” of the Secretary of State.

Since June 1, 2009, US citizens have been forbidden by Federal law and regulations from crossing any border into or out of the US by any means (land, sea, or air) without a passport, passport card, or Federally-approved “enhanced” drivers license. Denial of a passport thus amounts to a categorical ban on leaving or returning to the US. As such,  it is a blatant violation of the rights of US citizens pursuant to the First Amendment “right of the people… peaceably to assemble” and their human rights pursuant to Article 12 of the International Covenant on Civil and Political Rights:

2. Everyone shall be free to leave any country, including his own….

4. No one shall be arbitrarily deprived of the right to enter his own country.

The proposed law would not define how, on what basis, according to what procedures, or using what standard of proof the Secretary of State would make determinations as to membership or other “affiliation” of a US citizen with a blacklisted organization.  To make matters worse, the bills proposing this travel ban for US citizens associated with blacklisted organizations contain no definition of “member” or “otherwise affiliated”.

If you don’t like the decision of the Secretary of State, the bill would provide you with a “Right of Review” entitling you to a hearing before … the  Secretary of State.

Substitute “Communist” for “terrorist” in the proposed legislation, and it becomes clear that these bills would recreate the worst of the guilt-by-association witch-hunting of the MyCarthyist and other Red Scares.

Commie sympathizer? No passport for you! Terrorist symp? No passport for you!

Read More

Aug 01 2017

Biometric entry/exit tracking of US citizens

We were invited to a briefing session today at U.S. Customs and Border Protection (CBP) headquarters: “an information sharing session and open dialog …  with external privacy stakeholders” to discuss “recent enhancements to CBP’s biometric exit initiatives” and “CBP’s implementation plans for a biometric exit system“.

Although we weren’t able  to make it to Washington for today’s meeting, we have many questions about CBP’s ongoing (and illegal, as discussed below)  photographing of the faces of US citizens entering the US, and the agency’s plans to expand the current (also illegal) trials of exit photography to include most or all US citizens leaving the country.

We look forward to another chance to quiz CBP officials about these programs and their (lack of) legal basis. More importantly, we hope that members of Congress and the public will ask hard questions about these programs if regulations or legislation are proposed that would purport to authorize them.

We share the general concerns raised by others about the use of biometric information such as facial photos (mug shots) for suspicionless dragnet surveillance of any travelers. The right to leave any country is explicitly guaranteed by international treaty (Article 12 of the ICCPR) as a human right independent of citizenship.

But we find it especially objectionable — and likely to be illegal — that CBP is extending these surveillance schemes to US citizens. Here are some of the issues: Read More

Jul 20 2017

Fact-checking the FAQs on ID to fly

In May and June of 2017, several new FAQs about “requirements” for travel on common-carrier airlines were posted on TSA.gov and DHS.gov:

Statements about current and future ID “requirements” similar to those on these websites have also appeared on official signs in some airports.

It should go without saying that neither government websites nor informational signs in airports create legal rights or obligations or can be relied on as authoritative statements of the law.

Federal law is contained in the US Constitution, international treaties duly ratified by the US in accordance with the US Constitution, the US Code, and US Public Laws. Federal regulations are contained in the Code of Federal Regulations. The Freedom of Information Act requires that binding Federal agency rules, regulations, and orders of general applicability be published in the Federal Register.

If you want to know what the law says, you need to read the law, not press releases from government agencies or anyone else (including us!).

This is especially important with respect to the TSA, since the TSA website and TSA signs in airports have for years included statements about ID requirements to fly that have been disclaimed by TSA witnesses testifying under oath and by TSA lawyers arguing before Federal courts.

So what is the TSA saying now about ID to fly? Is it true? And is it legal?

The TSA’s latest public statements are more accurate than some of the agency’s previous press releases about ID to fly, and may (although we can’t really tell, given the absence of fomal proposals or published rules) accurately describe the changes the TSA intends to implement. But major questions remain about the legality of both current and possible future ID practices at TSA and contractor checkpoints at US airports.

Read More

Jul 16 2017

CBP is taking mug shots of US citizens who leave the country

US Customs and Border Protection (CBP) has expanded its photography of the faces of all non-US citizens entering or leaving the US (under the “US-VISIT” program) to add mug shots of US citizens leaving the country, starting with all passengers on a daily flight on United Airlines from Washington Dulles Airport (IAD) to Dubai, U.A.E. (DXB).

This exit photo scheme is part of a larger program of biometric traveler tracking for which CBP and DHS recently opened an entire new database management and airport procedures simulation facility.

US citizens have the legal right not to submit to this mass surveillance and travel control scheme. But as with your right to fly without ID, CBP notices at airports won’t tell you that. You need to know your rights and be prepared to assert them.

Read More