Papers, Please! – Page 48 – The Identity Project

Sep 29 2013

How the NSA obtains and uses airline reservations

A front-page report in today’s New York Times based on documents leaked by NSA whistleblower Edward Snowden confirms that the NSA, like the DHS, uses airline reservation data as part of its profiling and social network analysis of US citizens and foreigners. Today’s report also raises new questions, and suggests some answers, as to how the NSA obtains and uses this airline data.

The Times’ report today on NSA social network analysis mentions that:

The [NSA] can augment the communications data with material from public, commercial and other sources, including … passenger manifests…, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners….

[T]he N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith“.

In their most basic form, passenger manifests list each passenger individually and do not indicate which passengers were traveling together. At a minimum, either “Advance Passenger Information” (API) data, some other source of “enhanced” passenger manifest data, or complete Passenger Name Records (PNRs) would be needed to identify which passengers on a given flight had reservations in the same PNR (a single PNR can contain the reservations for an entire party or group traveling together) and thus who “travelsWith” whom.

We’ve long known that the DHS collects API and PNR data about US citizens and foreigners alike, compiles this data in its Automated Targeting System and Secure Flight databases, and mines this data both to target individuals (including journalists and activists) and for social network analysis (correlating e.g. telephone numbers and airline reservations) to identify and target new suspects on the basis of their association with current suspects (i.e. as a suspicion-generating or guilt-by-association system).

A typical PNR like the one shown above (from a DHS Automated Targeting System dossier; click the thumbnail for a larger image) includes a timestamped IP address (line 5 of the “remarks” in the example above), email address, home address, credit card number, mobile phone number, etc., so it can readily be correlated with Internet, communications, and financial records.

The NSA would presumably have been interested in flights worldwide, including flights within parts of the world far from the USA, while the DHS claims to collect PNR data only for flights to, from, within, or via the US. But we know that the DHS can, and sometimes does, collect PNR data about flights elsewhere.

As we reported in 2007, and as was mentioned in a front-page story in the Washington Post based on our research, ATS records released by DHS in response to our requests (you can request your own ATS file using the forms here) confirmed that the DHS already had “root” access to the computerized reservation systems (CRSs), so that the DHS could retrieve any PNR in those CRSs, even if it didn’t include any US flights.

The “smoking gun” confirming DHS root access to CRSs was this PNR for someone who traveled from San Francisco to Berlin (TXL) on United Airlines and a United/Lufthansa codeshare flight, stayed in Berlin for six days, continued from Berlin to London (LHR), stayed in London for another six days, and then returned to SFO on United:

The portion of the journey from Berlin to London via Prague was on Czech Airlines (OK), an airline which does not (and did not then) fly to, from, or via any point in the US. Additional details in the PNR showed that a separate ticket was issued for the OK flights, which did not connect to flights to or from the US. A CRS user with a United Airlines user ID and privileges would not have been able to see these flights. Only a user with an ID from the travel agency that made these reservations, or a user with “root” privileges (such as a user with an ID from the CRS company), would have been able to see all of the data that the DHS was able to see and import into ATS.

So could the NSA have obtained its copies of PNR and/or API data from DHS, or by using the root-user credentials that CRS companies had provided to the DHS? Maybe. Since neither DHS nor the CRSs keep logs of who accesses their respective copies of PNR data, there’s no way to know for sure except through leaks or the testimony of whistleblowers.

But we suspect that the NSA has some way to obtain PNR and/or API data independent of the DHS.

Sep 17 2013

How airline reservations are used to target illegal searches

One of the most detailed pictures to date of how the US government uses airline reservations to target illegal searches is provided by documents released recently by the US government as part of an agreement to settle a lawsuit brought by David House, an activist with the Pvt. Manning Support Network.

Mr. House was detained and searched and had his electronic devices confiscated and copied by DHS personnel at O’Hare Airport as he was re-entering the US after a vacation in Mexico in 2010.

The government learned of Mr. House’s travel plans through their systems for real-time monitoring and mining of airline reservations:

The ACLU analysis of the documents released to Mr. House, and reports by the New York Times and the Associated Press, focus on the DHS seizure and copying of the data from Mr. House’s electronic devices. An article in Mother Jones highlights the technical ineptness of the government’s attempts to analyze the data seized from Mr. House. (It took DHS “experts” more than a month, for example, to realize that a portion of the data dump from Mr. House’s netbook was a Linux partition.)

But as discussed below, more is revealed by these documents about DHS access to, and use of, airline reservations.

The documents released to Mr. House may also help explain how David Miranda, the domestic partner of journalist Glenn Greenwald, was detained and searched last month while changing planes at Heathrow Airport in London.

And in that context, they may also suggest an explanation for why Mr. Miranda was detained and searched in the UK, and Mr. House in the US, but Mr. Greenwald himself has not been detained or similarly searched when he travels to the US.

Sep 10 2013

9th Circuit considers Constitutionality of ban on Internet anonymity

Last year, we reported on a Federal district court hearing on the Constitutionality of portions of the law enacted by California’s Proposition 35, which requires California residents who have been convicted of certain sex-related crimes to register with the local police, annually and within 24 hours of any addition or change, for the rest of their lives, “A list of any and all Internet identifiers established or used by the person [and] A list of any and all Internet service providers used by the person… For purposes of this chapter, (a) “Internet service provider” means a business, organization, or other entity providing a computer and communications facility directly to consumers through which a person may obtain access to the Internet…. (b) “Internet identifier” means an electronic mail address, user name, screen name, or similar identifier used for the purpose of Internet forum discussions, Internet chat room discussions, instant messaging, social networking, or similar Internet communication.”

The challenge to this portion of the law, being argued by Electronic Frontier Foundation and the ACLU of Northern California on behalf of as-yet-anonymous clients who would be subject to this registration requirement, is a crucial test of the right to anonymity on the Internet.

It’s easy to say, “This only affects sex offenders.”

But restrictions on First Amendment rights are always imposed first on the most stigmatized groups of people, whether the villians du jour are serial killers, perverts, Communists, or Jews. Once they are accepted by the public as applied to those disfavored classes, these measures can gradually be expanded until everyone has to register with the government, carry government-assigned credentials identifying them and/or their group affiliation (Star of David, pink triangle, etc.), or comply with other restrictions that have come to be accepted as merely “administrative” rules for how they can exercise their rights, and are no longer considered substantive restrictions on rights.

Judge Thelton Henderson of the U.S. District Court for the Northern District of California had issued a temporary restraining order prohibiting the state form enforcing this part of the law. Following the hearing we reported on, Judge Henderson converted that order into a preliminary injunction. Both the state of California, and the sponsors of the ballot initiative (as “intervenors” in the court case) appealed to the Circuit Court before the District Court could resolve the issue of whether to make the injunction permanent.

Today a three-judge panel of he 9th Circuit Court of Appeals heard arguments on whether to let the preliminary injunction remain in force while the District Court proceedings continue.

Today’s hearing focused on whether the provisions of Prop. 35 requiring registration of Internet service providers and “identifiers” chill the exercise of free speach and are overbroad, i.e are not “narrowly tailored” to restrict no more activity protected by the First Amendment than is necessary. (The vagueness of the terms “Internet service provider” and “Internet identifier” was raised in the briefs, but barely mentioned at argument.)

Early in the hearing, Judge Jay Bybee observed that, “We’re living in a post-Snowden world now, where we all have to wonder whether all of our communications are being monitored by the NSA.” It was an intriguing suggestion of how much judicial attitudes may have been reshaped by the actions of whistleblowers.

The law’s proponents argued that free speech would not be chilled because under the law the police would have only limited authority to make Internet identifiers public.

But Michael Risher of the ACLU pointed out that chilling effects result primarily from fear of official retaliation — such as by the police. Police don’t have to make registration information public to use it themselves against people who say things they don’t like.

“A registrant who wants to criticize the local police department in comments on a local newspaper’s website, but doesn’t want to face retaliation, will be chilled if they know that their identifier is on file with those local police…. Among the reasons for protection of anonymous speech is to protect against this sort of official retaliation.” It’s easy for the police to make life hard for a registered sex offender, Risher pointed out.

The law’s defenders had a particularly hard time justifying the breadth of the registration requirement, which they conceded applied (at least as the law is written) to screen names or accounts used to post comments on websites from the New York Times to eBay, and to people whose crimes had nothing to do with the Internet.

“If I open an account so I can sell my bicycle on Craigslist, do I have to report that?”, Judge Bybee asked.

When counsel for the intervenors tried to justify the requirement for registration of Internet identifiers (but not pseudonyms used for other sorts of communications) by claiming that “sex crimes are moving to the Internet”, Judge Mary Schroeder shot back, “So is shopping. So what?”

We’re relatively optimistic that this panel of the 9th Circuit will allow the District Court’s preliminary injunction to remain in force. But it’s still up to the District Court to make that injunction permanent.

Sep 06 2013

Why did the NSA hack an airline reservation system (when CBP already has root access)?

The latest revelations about NSA attacks on encrypted electronic communications include this sentence buried in an article in yesterday’s New York Times (first noted today by the travel news website Skift):

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

It’s no surprise that the U.S. government was and is interested in monitoring airline reservations in real time as well as in mining historical airline reservation records.

But why did the NSA feel it was necessary to hack into airline and computerized reservation system (CRS) messaging, when the U.S. Customs and Border Protection division of DHS already had root access to reservations for flights worldwide stored in any of the four largest CRSs (including Amadeus, the only one not based in the USA), and was already extracting copies of all reservations that include flights to, from, via, or over the U.S. and compiling them into tits Automated Targeting System (ATS)?

Was the government interested in some airlines (who were these three?) that didn’t use one of the big four CRSs to host their reservations?
Was the government afraid that some airline or CRS (which one?) might pull the plug on CBP access, or restrict it to reservations for flights that actually touch the USA?
What was it about airline and CRS messaging that interested the NSA? For what NSA purpose was the content of PNRs insufficient?

Whistleblowers, especially with airlines or CRSs or their contractors and suppliers, we need your help! If you know what was up with the NSA’s hacking of airline and CRS messaging, leave a comment or get in touch.

Sep 05 2013

How the TSA treats FOIA requesters it doesn’t like

The more we learn about the TSA’s handling of our Freedom Of Information Act (FOIA) requests, the uglier it gets. The latest chapter in the TSA’s vendetta against us is described in a FOIA appeal we filed this week.

The DHS, which of course includes the TSA, has long had a department-wide policy requiring special political approval — and often delay — of all FOIA requests from media, watchdog, or activist individuals or organizations, which we know included requests from The Identity Project.

In addition, we have now obtained less redacted versions of internal TSA and DHS email messages (which were officially released to us only with the most incriminating portions blacked out) showing that the TSA’s Chief Privacy Officer engaged in a campaign of character assassination intended to persuade TSA FOIA staff that individuals associated with The Identity Project are lunatics and liars and hold particular opinions and beliefs as a result of which we and our requests should be ignored or not taken seriously.

In the libelous internal TSA email message reproduced above, TSA Privacy Officer Peter Pietra had this to say about Edward Hasbrouck, a consultant to The Identity Project who has filed many of our FOIA requests (and asked questions of Mr. Petra and filed other FOIA requests for records related to Mr. Petra’s work):

Ed is crazy as a loon, and as rude and belligerent at [sic] Bill says…. He misrepresents any interaction you have with him, so be wary (even where there is video that contradicts his version of events). He also thought 9/11 was a govt conspiracy because the FBI investigated it instead of the NTSB.

This message was distributed to TSA FOIA officers including those involved in processing our FOIA requests. And it was sent — the TSA itself later found — with the intention of influencing their decisions.

Even if Mr. Hasbrouck held these opinions and beliefs (which he doesn’t — the allegations about his opinions and beliefs are pure fabrications by TSA staff), who we are or what individuals associated with our organization think or believe is irrelevant to our entitlement to access government records pursuant to FOIA.

Attempting to induce FOIA staff to base FOIA processing or decisions on their opinions of the requesters’ beliefs is among the most serious forms of possible misconduct by officials responsible for compliance with FOIA.

If there’s anything worse, it’s withholding requested government records in order to cover up offical misconduct. But that’s exactly what happened when we requested the email message above.

The TSA’s Chief FOIA Officer and FOIA Public Liaison, Yvonne Coates, redacted the libelous portions of the message on the grounds that they were part of the decision-making process (even though she knows that making FOIA decision on the basis of who we are or what we believe is forbidden by FOIA) and that disclosure of these portions of the message “would injure the quality of future agency decisions by discouraging the open and frank policy discussions between subordinates and superiors”:

The dismal track record of DHS and TSA noncompliance with FOIA began with the creation of these agencies during the Bush administration, and has continued during the Obama administration. Our FOIA requests (like those of other requesters) have routinely been delayed or lost. Responses have been incomplete, improperly and excessively redacted, and almost always months or years later than the deadlines in the law.

Aug 30 2013

International travel by air is a Constitutional right

In a preliminary ruling in a lawsuit brought by the ACLU three years ago on behalf of a group of people who have been prevented by the U.S. government from traveling by air, a Federal judge in Oregon has found (1) that international air travel is a Constitutional right, and (2) that a categorical ban by the government on the exercise of that right can only be issued in accordance with due process.

Those shouldn’t be surprising findings. But given that the U.S. government has never sought to follow normal legal procedures by asking a court to issue a no-fly injunction against an individual, and that none of the goverment’s extrajudicial administrative no-fly orders has ever been reviewed on its merits by any court, the latest ruling by District Judge Judge Anna Brown in the case of Latif et al. v. Holder is an important step toward bringing DHS controls on travel within the rule of law.

The ruling is the latest in a series of decisions which have finally begun to uphold the right of travelers to due process and juducial review of the restrictins on their movements. The decison in the Oregon no-fly case echoes similar findings in the past year by the 4th Circuit Court of Appeals in the case of Gulet Mohamed and by the 9th Circuit and the District Court for the Northern District of California in the case of Rahinah Ibrahim.

Aug 22 2013

California considers “enhancing” drivers licenses with radio tracking beacons

California’s legislature is considering a bill to authorize adding radio tracking beacons to drivers licenses and state non-driver ID cards.

Each such card would broadcast a unique tracking number which could legally be intercepted by anyone with a suitable radio transceiver within range, and which would be linked to a national DHS database of drivers license, state ID card, and citizenship information.

The tracking beacons are designed to allow the tracking numbers on ID cards carried by travelers in motor vehicles to be read from outside their vehicles as they approach or pass through checkpoints.

Independent academic studies of actual ID cards issued by other states, using the same standards proposed for use in California, have found that they can sometimes be read from more than 50 yards away.

S.B. 397 has already been approved by the California Senate, and is now under consideration in the Assembly. Because it has been amended by the Assembly, it will need to be reconsidered by the Senate (to decide whether to accept the Assembly amendments) if and when it is approved by the Assembly.

To date, S.B. 397 has been largely unopposed in the California legislature, and it is likely to be approved unless legislators start hearing a groundswell of opposition from their constituents.

What excuse is being offered for this scheme? And what’s its real purpose?

Aug 19 2013

White House approves new “long forms” for some passport applicants

After a year-long “review”, the White House on August 12, 2013, approved the State Department’s proposed new “long form” questionnaires for some (unspecified) subset of applicants for US passports:

Form DS-5513, “Supplemental Questionnaire to Determine Entitlement for a U.S. Passport”:

Form DS-5513 as approved (OMB Control Number 1405-0216)
Supporting Documents for Form DS-5513 (click on “all” at top of page for more details)

Form DS-5520, “Supplemental Questionnaire to Determine Identity for a U.S. Passport”:

Form DS-5520 as approved (OMB Control No: 1405-0215)
Supporting Documents for Form DS-5520 (click on “all” at top of page for more details)

In approving these forms, the Office of Management and Budget (OMB) ignored overwhelmingly public outrage at these questionnaires, which ask such questions as:

List all your parent(s) residences one year before your birth.
Parent(s) place of employment at the time of your birth (Dates of employment, Name of employer, Address of employer).
Did your mother receive medical care while pregnant with you and/or up to one year after your birth? (Name of hospital or other facility, Address, Name of Doctor, Approximate dates of appointments).
Please provide the names (as well as address and phone number, if available) of persons present at your birth such as medical personnel, family members, etc.
Please list any schools, day care centers, or developmental programs you attended from birth to age 18 in or outside of the United States.
Please list all of your permanent residences inside and outside of the United States starting with your birth until age 18.

The proposed forms were slightly (but not significantly) revised by the State Department during the review by OMB. But there are still no publicly-disclosed guidelines for which passport applicants would be sent one or both of these “long forms”. We requested this information from the State Department more than two years ago under the Freedom of Information Act (FOIA), but the State Department has not yet responded to our request. (This is, we’ve been told, typical of the State Department’s failure to comply with FOIA deadlines.) The most reasonable inference is that the new forms are designed to be impossible to complete, so as to provide a pretext to deny you a passport if the State Department doesn’t like your looks (or your opinions, or whatever).

The State Department has also ignored our formal complaint that these conditions for passport issuance violate U.S. obligations as a party to the International Covenant on Civil and Political Rights, and our FOIA request for any records of what (if anything) was done with that complaint.

OMB declined our written request to meet with them to discuss our objections to the proposed forms. OMB policy is to meet with groups interested in its reviews of proposed regulations, but it doesn’t apply that policy to its reviews of proposed “information collections”.

In the course of the review by OMB, the State Department admitted that, as we had already reported, it has already been using these forms illegally. According to the latest State Department submission to OMB:

The DS-5520 has been created to correct a procedure that may have been inconsistent with the Paperwork Reduction Act (PRA)…. Field offices have, in the past, sent the applicant a letter containing a questionnaire asking for the supplemental information. The Department has become aware of this procedure and is now seeking OMB approval to rectify the oversight….

The DS-5520 is a new collection based on the previously internal Information Request Letter (IRL) titled, “Supplemental Identification List”. To estimate the number of respondents per year, therefore, the Department ran a report using our Management Information System (MIS) to determine the number of these IRLs filed in 2011 by every passport agency and acceptance facility. The results revealed that in 2011, 54,723 letters were filed along with the DS-11.

Until the forms were approved (as they now have been) by OMB, the Paperwork Reduction Act (PRA) prohibited the State Department from denying anyone a passport or imposing any other penalties for failure or refusal to fill out these forms.

Now that these forms have been approved, objections to the denial of a passport on the basis of failure to complete these forms (or to do so to the satisfaction of the State Department) will have to be based on other grounds than the PRA. These objections may be more fundamental, but may also be more difficult to establish in administrative or judicial proceedings.

If you are a US citizen but are denied a US passport because you are unable or unwilling to answer these questions, or you are prevented from entering or leaving the USA because you don’t have a passport, we’d like to hear from you.

Jun 18 2013

Our comments on the TSA’s virtual strip-search machines

Today the Identity Project filed our comments on the TSA’s proposed rules to require travelers to submit to “screening” using virtual strip-search machines (“Advanced Imaging Technology” in TSA-speak.

You have until next Monday, June 24, 2013 to submit your own comments.

Here’s the introductory summary of our comments:

Regulations of the Transportation Security Administration (TSA) at 49 CFR § 1540.107 currently require would-be air travelers to “submit to screening”, but neither define nor limit the meaning of “submit” or “screening”. Under this NPRM, the TSA proposes to add a new paragraph (d) to § 1540.107, which would authorize the TSA to include “screening technology used to detect concealed anomalies without requiring physical contact with the individual being screened” as part of the “screening” to which would-be passengers must “submit” (those terms remaining otherwise undefined and unlimited).

The proposed rule would require travelers to submit to virtual strip-searches and/or manual groping of their genitals, as a condition of the exercise of their right to travel by air by common carrier.

The Identity Project objects to the proposed rule on the following grounds:

1. The TSA fails to recognize that travel by air by common carrier is a right, not a privilege to be granted or denied by the government or subjected to arbitrary or unjustified conditions. As a condition on the exercise of a right, a requirement to submit to searches or other aspects of “screening” is subject to strict scrutiny. The burden is on the TSA to show that the current and proposed requirements will actually be effective for a permissible purpose within the jurisdiction of the TSA, and that they are the least restrictive alternative that will serve that purpose. The TSA has not attempted to asses the proposed rule according to this standard, and has not met this burden.

2. The TSA errs in claiming that, “Individuals … are not included in the definition of a small entity” in the Regulatory Flexibility Act (RFA). Nothing in the statutory definition of “small entities” excludes individuals, and in fact many individual travelers affected by the proposed rule are “small entities” as that term is used in the RFA. The TSA must publish and allow comment on a new RFA analysis that takes into consideration the impact of the proposed rule on individuals in their capacity as “small entities”. If the TSA fails to do so, OMB must disapprove the proposed rule, pursuant to the RFA.

3. In the absence of any definitions of “submit” or “screening”, the current and proposed rules are unconstitutionally vague and overbroad. Travelers subject to the rules can’t tell what is prohibited or what is required as a condition of travel by air by common carrier, or which actions at TSA checkpoints are and aren’t subject to TSA civil penalties. The rules reach a significant amount of protected conduct by denying the right to travel to a significant number of individuals who pose no threat to aviation.

The proposed rule should be withdrawn, and the practices it would purport to authorize should be suspended. If the proposed rule is not withdrawn by the TSA, it should be rejected by the Office of Management and Budget (OMB) for failure to include the analysis required by the RFA. The TSA should open a notice-and-comment rulemaking to define “submit” and “screening”, as those terms are used in 49 USC § 44901, 49 CFR § 1540.107, and 49 CFR § 1540.109, with sufficient specificity to enable prospective travelers to know what actions are required and what actions are proscribed.

You can see all 5,000+ comments submitted to the TSA here.

Jun 15 2013

4th Circuit Court of Appeals upholds right to judicial review of no-fly order

In an important victory for judicial review of no-fly orders, the 4th Circuit Court of Appeals has rejected the government’s motion to dismiss the case brought by Gulet Mohamed, overturned the transfer of the case from the District (trial) Court to the Court of Appeals, and sent the case back to the District Court for consideration of the merits of Mr. Mohamed’s complaint.

Gulet Mohamed is truly the poster child for what’s wrong with secret administrative no-fly decision-making. A native-born U.S. citizen of Somali-American ancestry, Mr. Mohamed was placed on the U.S. “no-fly” list as a teenager, while visiting relatives in Kuwait, as a way to pressure him to become an FBI informer as the only way to get “permission” from the U.S. government to return home to the USA.

When his visa expired, Mr. Mohamed was imprisoned for violation of Kuwaiti immigration law, then tortured by his Kuwaiti captors — at the behest, he plausibly alleges, of the U.S. government.

Kuwait eventually tried to deport Mr. Mohamed back to the U.S., but the U.S. government refused to let him on a flight home, and he was taken back to his cell.

Finally Mr. Mohamed smuggled out a message to his family, and they obtained a lawyer for him in the U.S. He was allowed to return home the day before the U.S. government had been ordered to show cause justifying the denial of Mr. Mohamed’s right of return — after which the government tried to get his case dismissed as moot.

But Mr. Mohamed remains on the no-fly list, so far as he knows (although for unknown reasons). He has continued to pursue his lawsuit against those responsible for his detention and torture and the denial of his right to travel.

As in other cases, the U.S. government has sought to avoid judicial review of the basis for no-fly orders.

The U.S. government has argued that trial courts cannot hear these cases, and that courts of appeals are limited to a review of the TSA’s “administrative record”. But the TSA doesn’t decide what names to place on the no-fly list. The FBI-controlled Terrorist Screening Center (TSC) makes those decisions, based on “nominations” from itself and various other agencies. A review of the TSA’s “administrative record” would be limited to confirming that the TSA received a no-fly listing from the FBI (as part of the secret Terrorist Screening Database, TSDB), and prevented the person named in that listing from boarding a flight. Nothing in the TSA’s records identified the basis for the TSC’s no-fly designation.

In an unpublished order issued May 28, 2013, the 4th Circuit Court of Appeals became the second Court of Appeals (following the 9th Circuit’s rulings in the case of Rahinah Ibrahim) to reject the government’s theory. The 4th Circuit ruled that there was neither sufficient provision for administrative review by the TSA of the no-fly order against Mr. Mohamed, nor a clear indication that Congress intended to preclude District Court trials in cases like this.

The next step, we expect, will be for the government to invoke the “state secrets” doctrine to try to get the case dismissed. But as in Dr. Ibrahim’s case, the fact of Mr. Mohamed having been denied the right to travel and to return to the U.S. can be established without the need to introduce any evidence obtained from the U.S. government.

We look forward to someday seeing a trial on the merits of a U.S. government no-fly order.