Oct 16 2023

The TSA wants to put a government tracking app on your smartphone

Today the Identity Project submitted our comments to the Transportation Security Administration (TSA) on the TSA’s proposed rules for “mobile driver’s licenses”.

The term “mobile driver’s license” is highly misleading. The model Electronic Credential Act drafted by the American Association of Motor Vehicle Administrators (AAMVA) to authorize the issuance of these digital credentials and installation (“provisioning”) of government-provided identification and tracking apps on individual’s smartphones provides that, “The Electronic Credential Holder shall be required to have their Physical Credential on their person while operating a motor vehicle.”

So the purpose of “mobile driver’s licenses” isn’t actually licensing of motor vehicle operators, as one might naively assume from the name. Rather, the purpose of the “mobile drivers license” scheme is to create a national digital ID, according to standards controlled by the TSA, AAMVA, and other private parties, to be issued by state motor vehicle agencies but intended for use as an all-purpose government identifier linked to a smartphone and used for purposes unrelated to motor vehicles.

We’ve seen the ways that government-mandated tracking apps on citizens’ smartphones are used by the government of China, and that’s not an example we want the US to follow.

AAMVA’s website is more honest about the purpose and planned scope of the scheme: “The mobile driver’s license (mDL) is the future of licensing and proof of identity.”

As we note in our comments:

The fact that the TSA seeks to require the installation of a government app on a mobile device of a certain type suggests that the government has other purposes than mere “identification”, such as the ability to track devices as well as people. But we don’t know, because we haven’t been able to inspect the source code for any of these apps.

Most of the details of the TSA proposal remain secret, despite our efforts to learn them. So our comments focus on the unanswered questions about the proposal, the deficiencies in the TSA’s “notice”, and the TSA’s failure to comply with the procedural requirements for consideration of proposed regulations and for approval of collections of information from members of the public — which the TSA is already carrying out illegally, without notice or approval, with digital ID apps that state agencies are already installing on smartphones:

By this Notice of Proposed Rulemaking (NPRM), the Transportation Security Administration (TSA) proposes to establish “standards” (which are not included in the NPRM and not available to the public) for a national digital ID to be used by Federal agencies in an unknown range of circumstances for unknown purposes (also not specified in the NPRM, and for which the notices and approvals required by law have not been provided or obtained).

The NPRM, which includes a proposal to incorporate by reference numerous documents which are not included in the NPRM and have not been made available to would-be commenters who have requested them, fails to provide adequate notice of the proposed rule or opportunity to comment on the undisclosed documents proposed to be incorporated by reference. It violates the regulatory requirements for incorporation by reference of unpublished material….

The proposed rule would also implicitly incorporate the Master Specification for State Pointer Exchange Services (SPEXS) published by the American Association of Motor Vehicle Administrators (AAMVA), which is not included or mentioned in the NPRM or publicly available and which AAMVA has actively attempted to remove from public availability….

The NPRM purports to include an analysis, pursuant to the Paperwork Reduction Act (PRA), of “the information collection burdens imposed on the public,” and claims to have requested approval for these information collection from the the Office of Management and Budget (OMB). But both the NPRM and the request for OMB approval omit any mention of the collection of information from individuals that occurs each time a “mobile ID” is “presented” and an app on a mobile device interacts with TSA or other Federal agency devices or servers….

What data fields will be collected when a TSA or other Federal agency device interacts with a mobile ID app on an individual’s device? We don’t know. What code will an individual be required to allow to run on their device, and with what privileges? We don’t know, although this could be critical to the risks and potential costs to individuals if, for example, they are required to allow closed-source code to run on their devices with root privileges.

From which people, how many of them, in what circumstances, and for what purposes, will this information be collected? We don’t know, although all of this is required to be included in an application for OMB approval of a collection of information….

What will individuals be told about whether these collections of information are required? We don’t know this either, although this is a required element of each PRA notice, because the TSA provides no PRA notices to any of those individuals from whom it collects information at its checkpoints, including information collected from mobile IDs.

As the TSA itself has argued in litigation, no Federal statute or regulation requires airline passengers to show ID. And hundreds of people pass through TSA checkpoints and board flights without showing ID every day. An accurate submission to OMB, and an accurate PRA notice (if approved by OMB), would inform all individuals passing through TSA checkpoints that ID is not required for passage. But instead of providing OMB-approved PRA notices at its checkpoints in airports, the TSA has posted or caused to be posted knowingly false signage claiming that all airline passengers are “required” to show government-issued ID credentials. Individuals incur substantial costs as a result of these false notices, particularly when individuals without ID forego valuable travel in reliance on deliberately misleading signs that ID is required.

Read More

Oct 09 2023

The difference between stating your name and showing ID

The 11th Circuit Court of appeals has ruled that it is clearly established law that even in a state with a “stop-and-identify” law, and even if police reasonably suspect you of a crime, police may not require you to show ID or arrest you if you refuse to do so.

We don’t think people should be required to identify themselves. Self-identification can amount to self-incrimination, and compelling individuals to answer any question from police or other government agents would violate the Constitutional right not to be compelled to give evidence against oneself. You have the same right to remain silent if police ask, “What is your name?” as you have if you are asked any other question.

Despite this bedrock principle, some states have passed “stop and identify” laws of dubious Constitutionality that purport to require people to identify themselves on demand to any law enforcement officer who reasonably suspects them of a crime.

Even in those states, however, there’s a fundamental difference between being required to state your name verbally and being required to have, to carry, or to show ID credentials.

That distinction was central to the decision of the US Supreme Court in Hiibel v. Nevada, in which the court didn’t reach the question of whether a law requiring suspects to “show” ID would be Constitutional because it found that Mr. Hiibel could have satisfied the Nevada “stop and identify” law by verbally stating, “My name is Dudley Hiibel.”

Other cases in the lower courts since Hiibel have touched on this issue, but until now, none that we are aware of has depended squarely on this distinction between stating your name and showing ID.

The clarity and significance of the 11th Circuit panel’s opinion in Edger v. McCabe makes it worth quoting at length:

The facts of this case are not in dispute, as the entirety of the encounter between Mr. Edger and the police was captured on the police officers’ body-worn and dash cameras….

Mr. Edger is a mechanic in Huntsville, Alabama….. One of Mr. Edger’s longtime clients is Kajal Ghosh, who owns a red Toyota Camry. The Camry is primarily driven by Mr. Ghosh’s wife, who works as a teacher at Progressive Union Missionary Baptist Church. One or
two days before June 10, 2019, Mr. Ghosh called Mr. Edger and reported that the Camry had broken down while his wife was working at the Church. He asked Mr. Edger to fix the car and told him the keys would be waiting for him at the Church’s front office.

On June 10, around 2 p.m., Mr. Edger went to the Church to pick up the keys and to inspect the Camry. He determined something was wrong with either the car’s steering or its tires, and he concluded he would need to come back later with tools to fix the car. That evening, he returned to the Church with his stepson, Justin Nuby, in tow, intending to either fix the Camry on-site or to take it back to the shop for further repairs. Mr. Edger and Mr. Nuby drove a black hatchback to the Church.

After Mr. Edger and his stepson entered the Church’s lot, the Church’s security guard observed them and grew concerned…. At about 8:05 p.m., the security guard called 911 and told dispatch: “I have two Hispanic males, messing with an employee’s car that was left on the lot.”

Police arrived, and the court describes what the video evidence showed as follows:

Mr. Edger continued to work, and the following conversation began:

Officer McCabe: What are y’all doing?

Mr. Edger: Getting the car fixed.

Officer McCabe: Is this your car?

Mr. Edger: Yeah, well, it is one of my customer’s.

Officer McCabe: One of your customer’s?

Mr. Edger: Ghosh Patel, yep. I was over here earlier….

From here, the interaction rapidly escalated:

Officer McCabe:  Alright. Take a break for me real fast and do y’all have driver’s license or IDs on you?

Mr. Edger: I ain’t going to submit to no ID. Listen, you call the lady right now. Listen I don’t have time for this. I don’t mean to be rude, or ugly, but …

Officer McCabe: Okay. No, you need to—

Mr. Edger: I don’t mean to be—

Officer McCabe: —give me your ID or driver’s license.

Mr. Edger: No. I don’t. Listen, I don’t want you to run me in for nothing.

Officer McCabe: Are you refusing me—are you refusing to give me your ID or driver’s license?

Mr. Edger: I’m telling you that if you will call this lady that owns this car—

In the middle of Mr. Edger’s sentence, as he was attempting to explain the situation to Officer McCabe, Officer Perillat seized Mr. Edger from behind. He led Mr. Edger to the side of the Camry and started handcuffing him. As Mr. Edger protested, Officer Perillat told Mr. Edger: “We don’t have time for this,” and, “You don’t understand the law.” During this time, the video shows that Mr. Edger offered his driver’s license at least three times before the officers could finish handcuffing him. Eventually, the officers managed to handcuff and search Mr. Edger, and then detain him in a squad car. Throughout this process, the officers never asked Mr. Edger or his stepson for their names or addresses….

Mr. Edger was charged with obstructing governmental operations in violation of Alabama Code § 13A-10-2(a)(1). The City of Huntsville dropped all charges relating to this incident. After the dismissal of the charges, Mr. Edger filed a § 1983 civil rights lawsuit, alleging a false arrest in violation of his Fourth Amendment rights against unlawful searches and seizures, as well as a state law false arrest claim….

Turning now to the defendant’s theory that probable cause existed to support Mr. Edger’s arrest because he violated Alabama’s Stop-and-Identify statute, Alabama Code § 15-5-30. The Stop-and-Identify statute allows an Alabama police officer who “reasonably suspects” a crime is being, has been, or is about to be committed to stop a person in public and “demand of him his name, address and an explanation of his actions.” Id.

Mr. Edger argues that he cannot possibly have violated § 15-5-30, because it clearly delineates three things the police may ask him for: his name, his address, and an explanation of his actions. He argues nothing in the statute requires him to produce physical identification, and that Officer McCabe’s question, “Do y’all have driver’s license or IDs on you?” and repeated references to “IDs” were clearly demands for him to produce physical identification of some kind. He notes that physical identification is not one of the three enumerated things that the police may ask for under Alabama law, and that he was never asked for his name or address.

We agree with the district court’s assessment that Mr. Edger did not actually violate § 15-5-30… Section 15-5-30 does not require anyone to produce an “ID” or “driver’s license” as Officer McCabe demanded. Indeed, it does not require anyone to produce anything. Instead, it grants Alabama police the authority to request three specific pieces of information. Here, the video evidence is clear that neither Officer McCabe nor Officer Perillat asked for Mr. Edger’s name or address. Additionally, Mr. Edger’s objection was clearly related to the unlawful demand that he produce physical identification…. Because the Alabama statute, by its plain text, does not permit the police to demand physical identification, the officers lacked probable cause and thus violated Mr. Edger’s Fourth Amendment rights by arresting him….

We hold that the plain text of the Alabama statute is so clear that no reasonable officer could have believed they could arrest Mr. Edger for failing to produce his “ID” or “driver’s license” under § 15-5-30….

[T]he broad background rule is that the police may ask members of the public questions and make consensual requests of them, Florida v. Bostick, 501 U.S. 429, 434–35 (1991) (collecting cases and examples), “as long as the police do not convey a message that compliance . . . is required.” Id. at 435. But the person “need not answer any question put to him; indeed, he may decline to listen to questions at all and may go on his way.” Florida v. Royer, 460 U.S. 491, 497–98 (1983)….

[T]he Alabama statute is clear. It lists only three things that the police may ask about. This is not an issue of “magic words” that must be uttered. There is a difference between asking for specific information: “What is your name? Where do you live?” and demanding a physical license or ID. The information contained in a driver’s license goes beyond the information required to be revealed under § 15-5-30. Compare Ala. Code § 32-6-6 (“Each driver license . . . shall contain a distinguishing number assigned to the licensee and a color photograph of the licensee, the name, birthdate, address, and a description of the licensee . . . .”), and Ala. Code § 22-19-72 (requiring that there be “a space on each driver’s license . . . to indicate in appropriate language that the [licensee] desires to be an organ donor”), with Ala. Code § 15-5-30 (“A [police officer] may stop any person abroad in a public place whom he reasonably suspects is committing . . . a [crime] and may demand of him his name, address and an explanation of his actions.”).

Further, neither the parties nor our own research can identify any Alabama law that generally requires the public to carry physical identification—much less an Alabama law requiring them to produce it upon demand of a police officer. There simply is no state
law foundation for Officer McCabe’s demand that Mr. Edger produce physical identification

So to summarize, it has been clearly established for decades prior to Mr. Edger’s arrest that the police are free to ask questions, and the public is free to ignore them. It has been clearly established prior to Mr. Edger’s arrest that any legal obligation to speak to the
police and answer their questions arises as a matter of state law. And the state statute itself in this case is clear and requires no additional construction: police are empowered to demand from an individual three things: “name, address and an explanation of his actions.” Ala. Code § 15-5-30. It was thus clearly established at the time of Mr. Edger’s arrest that she could not demand he produce physical identification. And because Officer McCabe’s demands for an “ID” or a “driver’s license” went beyond what the statute and state law required of Mr. Edger, she violated clearly established law. Under this set of facts and these precedents, no reasonable officer could have believed there was probable cause to arrest Mr. Edger for obstructing governmental operations by violating § 15-5-30. And this theory cannot support the grant of qualified immunity to the officers.

We welcome this decision and commend it to the attention of other courts and other cops.

Sep 28 2023

DHS uses travel as pretext for search of researcher and journalist

According to a report by Zack Whittaker on TechCrunch, security researcher, and blogger Sam Curry “was taken into secondary inspection by U.S. federal agents on September 15 after returning from a trip to Japan. Curry said agents with the Internal Revenue Service’s Criminal Investigation (IRS-CI) unit and the Department of Homeland Security questioned him at Dulles International Airport in Washington DC about a ‘high profile phishing campaign,’ searched his unlocked phone, and served him with a grand jury subpoena to testify in New York the week after.”

How did this happen, and what recourse do you have if you are similarly searched?

Sadly, the used of (entirely unrelated) international travel as a pretext for searches of electronic devices and data, including searches or researchers and journalists, is not new.

A TECS Lookout can be used by the DHS or other Federal agencies to flag, watch for, and intercept any “person of interest” whenever they take an international flight to or from the US, regardless of whether there is probable cause for a search warrant.  A TECS Lookout can be set at the request of any Federal law enforcement agency, for any reason.  It’s also no surprise that this loophole for pretextual searches is being used by IRS agents: As we have noted previously, it’s described in detail in the section of the IRS’s manual on techniques for “Locating Taxpayers and their Assets”.

Mr. Curry reportedly said he was later told that the copies of data seized from his phone by Federal agents had been deleted, and the subpoena was withdrawn. But it also appears that, as a blogger, his data was protected from seizure by the Privacy Protection Act, which provides greater protection for many travelers’ data than most other forms of privilege. If Mr. Curry had known to assert his status and rights under the Privacy Protection Act, he would probably be entitled to damages from the agents who searched and seized his data.

Sep 26 2023

Broader challenge to Federal blacklists filed in Boston

In a nationally-significant lawsuit, the Council on American-Islamic Relations (CAIR) has filed the most comprehensive challenge  to date to the US government’s system of arbitrary and extrajudicial blacklists (“watchlists”) used to stigmatize and impose sanctions on innocent people — almost all of them Muslim — without notice, trial, conviction, or any opportunity, even after the fact, to see or contest the allegations or evidence (if any) against them.

The lawsuit, Khairullah et al. v. Garland et al., was filed last week in Federal District Court in Boston on behalf of twelve Muslims from Massachusetts and other states who have been stopped, prevented from traveling to, from, or within the US by air, harassed, delayed, interrogated, threatened, strip-searched, had all the data on their electronic devices copied, detained at gunpoint, denied permits, and had banking and money-transfer accounts summarily and irrevocably closed, among other adverse consequences:

Plaintiffs, along with over one million other people, have been placed by Defendants on the federal terrorist watchlist. Defendants claim the power to place an unlimited number of people on that list and, as a result, subject them to extensive security screening, impose adverse immigration consequences on them, and distribute their information to thousands of law-enforcement and private entities, which then use it to affect everyday interactions like traffic stops, municipal permit processes, firearm purchases, and licensing applications.

Congress has never statutorily authorized the creation, maintenance, use, or dissemination of the Terrorist Screening Dataset, its subsets like the Selectee List and No Fly List, the Quiet Skies and Silent Partner systems, or any other rules-based terrorist targeting lists.

WHEREFORE, Plaintiffs requests this Honorable Court grant declaratory and injunctive relief….

The complaint includes a depressingly thorough, detailed, and diverse litany of incidents of interference with normal life, especially with normal travel.

One US citizen plaintiff now abroad has been effectively exiled because the US government won’t allow any airline to transport him back to the US from overseas.

The effects of blacklisting can last for life. Because the US government continues to stigmatize “formerly” blacklisted individuals and flag them to its own agents and third parties including foreign governments, some of the plaintiffs continue to suffer these consequences despite having purportedly been “removed” from US “watchlists”.

Because the US government’s blacklisting algorithms incorporate explicit guilt-by-association criteria, some plaintiffs have had their friends, family members, and colleagues targeted for adverse treatment solely on the basis of having “associated” (an act protected by the First Amendment to the Constitution) with a blacklisted person.

As the complaint explains:

[B]ecause Defendants consider being a relative, friend, colleague, or fellow community member of a TSDS [Terrorist Screening Dataset] Listee “derogatory information” supporting placement on the watchlist, Muslim communities are subjected to rapidly-unfolding network effects once one member is watchlisted. One nomination, even if grounded in probable cause or a preexisting criminal conviction, can quickly spiral into Defendants classifying nearly every member of an extended family or community mosque as a suspected terrorist.

A similar lawsuit, also brought by CAIR, led a Federal District Court judge in Virginia to rule in 2019 that the Federal blacklisting system was unconstitutional. But that ruling was overturned in 2021 in a strikingly poorly-reasoned opinion by the 4th Circuit Court of Appeals.

The new lawsuit has been brought in a different circuit (the 1st Circuit), and the new complaint includes more recent information — including the disclosure of the no-fly and “selectee” lists — and arguments to bolster the case and counter the claims made by the 4th Circuit judges.

Lawsuits like this take years to be resolved, but we’ll be watching this one closely.

Sep 04 2023

Transit payment systems and traveler tracking

Last week 404 Media published a report by Joseph Cox on how the New York Metropolitan Transit Agency’s website can be used as a remote stalking tool: anyone who knows a credit card number that was used to purchase or add value to an OMNY transit farecard could view a historical log of the last seven days of trips taken using the card, including the dates, times, and locations where the card was read at subway entrances or boarding buses.

Less than 24 hours after this report was published, this “feature” was removed from the MTA website.

But that doesn’t solve the problem.

The main problem with the MTA payment system — and similar systems in other cities — isn’t that anyone could access your trip history by typing in your credit card number (which every waiter you ever bought a meal from with that credit card has access to,  and every domestic violence abuser in your household also knows).

The real problem is that the MTA transit system is building a permanent database of all your trips, period. The MTA is still logging transit passengers’ movements, and those logs are still available to the MTA itself, police, anyone the MTA chooses to share them with, or anyone who hacks into the TSA’s records.

If the MTA didn’t collect this data in the first place, there would be no way for anyone to abuse it.

Read More

Aug 24 2023

Border and airport searches for “privileged” information

Most people think of communications between attorneys and their clients as being among those having the highest level of legal “privilege” against compelled disclosure to the government.  And it is widely believed that the US lacks a Federal “shield law” protecting journalists against being forced to reveal confidential sources.

The assumptions are, in some situations and with respect to certain information, well founded. But a recent Federal decision by the 5th Circuit Court of Appeals has belied those assumptions and created a situation — at least in the 5th Circuit — in which attorney-client communications have significantly less protection at borders and ports of entry than information in the possession of journalists and others involved in communicating information to the public.

This makes it more important than ever for all travelers — including lawyers who assume that the information in their possession is best protected under the attorney-client privilege, and individuals who don’t think of themselves as journalists — to be familiar with the protections of the Federal Privacy Protection Act of 1980 (42 US Code §2000aa), and to proactively assert their protected status and their rights under this law if their data or devices are searched or seized

Here’s what was decided in this recent case about attorney-client communications, and what protections travelers still have pursuant to the Privacy Protection Act:

Read More

Aug 02 2023

Challenges to mandatory facial recognition for air travel

[US Senator Jeff Merkley films the signage and what happens when he opts out of facial recognition at the TSA checkpoint at Reagan National Airport]

Attempts by airlines, airports, and government agencies to make facial recognition mandatory for air travel, while pretending that it is “optional” or based on “consent”, are being challenged in both the United States and the European Union.

In the US, the Transportation Security Administration continues to tell Congress and the public that it is “testing” facial recognition and that mug shots are optional for air travel.

But Senators continue to question whether, as the TSA claims, this is really a “field demonstration” or actually a phased rollout,  and whether, “Providing this information is voluntary.”

The latest in a series of increasingly skeptical letters to the TSA from groups of US Senators was sent in February of this year, asking questions including these:

  • How are travelers notified of their right to opt-out of facial recognition?
  • What are the effects on a traveler who chooses to opt-out of facial recognition?
  • Under TSA’s current system, do travelers who choose to opt-out face any additional consequences or additional screenings, pat-downs, interrogations, or even detention, beyond what they would have encountered at a non-facial recognition airport?

If the TSA provided these Senators with any answers, they haven’t been made public. But it seems likely that any response from the TSA was unsatisfactory, since a month after this letter was sent, some of these same Senators and others, along with members of the House of Representatives, reintroduced a bill (S. 681 and H.R. 1404) first introduced in the previous session of Congress that would outlaw use of facial recognition by Federal agencies except with explicit statutory authorization which the TSA lacks.

The “Facial Recognition and Biometric Technology Moratorium Act of 2023” has yet to be considered by either the House or the Senate. But in the meantime, Senator Jeff Merkley (D-OR)has been opting out of facial recognition when he flies home to Portland, filming what happens at the TSA checkpoint, and posting the videos on YouTube.

TSA policies are expressed in “standard operating procedures” (SOPs) for checkpoint staff that the TSA refuses to make public. So except to the extent that the SOPs have been leaked or inadvertently released by the TSA itself, this sort of observation-based reverse engineering is the best available evidence of de facto TSA policies and procedures.

On his first tests of TSA signage and practices, Sen. Merkley found that there were no signs at the TSA checkpoint at Reagan National Airport telling travelers that mug shots were optional.   After he posted video of the lack of signage, some signs were added — but with notices about facial recognition buried in fine print and not next to the mug shot cameras.

TSA staff told Sen. Merkley that opting out of TSA mug shots would result in “significant delay” in his passage through the TSA checkpoint, and detained him (although seemingly only briefly), contrary to what the TSA claims is supposed to happen.

In his latest video posted this week, Sen. Merkley encourages air travelers to film the signage or lack of signage at TSA checkpoints and what happens when they opt out of facial recognition:

Know that you can refuse to use facial recognition technology at the airport and you should be easily accommodated by an agent checking your physical ID….

You ARE allowed to take photos and videos at a security checkpoint.

The Algorithmic Justice League is also collecting reports from travelers about facial recognition at TSA checkpoints, including signage and consent (or the lack thereof).

It’s a sad day when a member of the US Senate has to enlist the help of members of the public to find out whether a Federal agency is lying to Congress and the public about its practices.  But the TSA has earned our mistrust and that of Congress. We commend Sen. Merkley for his skepticism and for judging the agency by what it does and not what it says.

Meanwhile, in the European Union, a complaint has been brought against the airline Ryanair for requiring either facial images or earlier check-in from certain passengers.

While this complaint has been made under EU law, it’s significant as the first complaint against an airline anywhere in the world, so far as we know,  for requiring for requiring passengers to provide mug shots or imposing additional burdens on those who opt out.

As we’ve noted before, there’s a malign convergence of interest between airlines, airport operators (public or private), and law enforcement agencies in tracking and control of air travelers. In practice, it’s often impossible to tell whether cameras — including those used for automated facial recognition — are being operated by the airline, the airport, or the police, or are part of a common-use shared surveillance-as-a-service infrastructure. In such cases, there’s no meaningful distinction between a requirement for passenger mug shots imposed by a common carrier that shares photos with the government and a mug shot requirement imposed and carried out directly by a government agency.

The complaint against Ryanair under EU law also has implications for US travelers and US airlines. Most major US and international airlines operate flights, sell tickets, and/or collect personal information in the EU and are thus subject, in at least some of their operations, to EU data protection laws. If they can respect their European customers’ rights, they could — and should — afford their US customers those same rights.

Jun 26 2023

9th Circuit rejects TSA claim of impunity for checkpoint staff who rape travelers

Last December, we attended and reported on oral argument before the 9th Circuit Court of Appeals in a case in which the Transportation Security Administration (TSA) argued that TSA checkpoint staff have absolute immunity from lawsuits for assault, even sexual assault or rape, committed against travelers they are “screening”.

We’re pleased to report that today the 9th Circuit panel of judges rejected the TSA’s claim of impunity. The three judges found unanimously that the Federal Tort Clams Act (FTCA) allows lawsuits against the TSA for damages caused by checkpoint staff who assault travelers. The 9th Circuit thus joins every other Circuit Court of Appeals (the 3rd, 4th, and 8th) to have addressed this issue in a published opinion.

The case decided today by the 9th Circuit will now return to the U.S. District Court in Las Vegas for much-belated consideration of the claim against the TSA and its officers. The precedent set by today’s decision will apply throughout the 9th Circuit, the largest of the Federal judicial circuits, including all of the states on the West Coast.

Kudos to Jonathan Corbett, Esq., who has represented the plaintiffs in each of these cases.  Coals for Christmas to the TSA for continuing to argue for impunity for its staff to one Circuit Court after another, despite the growing weight of precedent against the agency and, perhaps more importantly, the moral repugnance of arguing that any agents of the government should be entitled to assault or rape members of the public with impunity.

Jun 13 2023

98% of names on U.S. travel blacklist are Muslim

98% of the names on the U.S. government’s travel blacklists, including all of the top 50 names that appear most frequently on those lists, appear to be Muslim, according to a statistical analysis commissioned by the Council on American Islamic Relations (CAIR).

This analysis of the so-called “watchlist” (a euphemism for “blacklist”) is included in a report released this week in conjunction with the annual Muslim Advocacy Day on Capitol Hill organized by the US Council of Muslim Organizations (USCMO).

When the U.S. government’s “No-Fly list” and “Selectee list” were made public earlier this year, we were the first to point out that more than 10% of the entries on the No-Fly list (174,202 of 1,566,062) contain “MUHAMMAD” in either the first or last name fields, in addition to those entries with other spellings of Muhammad.

CAIR’s latest report goes into more detail:

CAIR has studied more than 1.5 million entries on a 2019 version of the FBI’s list, provided to us by a Swiss hacker who found them online after a regional air carrier accidentally posted them to the public internet. One scroll through it reveals a list almost completely comprised of Muslim names. In fact, more than 350,000 entries alone include some transliteration of Mohamed or Ali or Mahmoud and the top 50 most frequently occurring names are all Muslim names….

CAIR shared the leaked list with statistical experts for review to determine what percentage of the list is Muslim. The expert analysis of the people on the list—approximately 1.5 million entries—indicates that more than 98% of all records in the watchlist identify Muslims.

In its report and at the press conference announcing its findings, CAIR called out the lack of any legislative basis for secret blacklists, the difficulty of challenging secret decisions in court, and the failure of Congress to exercise its oversight responsibilities:

Congress did not give the FBI this authority. There is no law that made the watchlist…. But neither the FBI nor any other government agency should have a secret list. They’ve abused the one that they have now, and there is no such thing as a good, lawful kind of secret government list made available to hundreds of thousands of government actors. It is time to bring this practice to a close.

CAIR and other advocates for the civil rights of Muslim Americans are making this issue a priority in their meetings with members of Congress this week. We hope that their efforts will help prompt members of Congress to reintroduce and enact the Freedom To Travel Act or include it in other omnibus legislation.

Jun 12 2023

TSA misstates the case law on ID to fly

During an online panel last week hosted by the Cato Institute, TSA Privacy Officer Peter Pietra made some bold but false claims (starting at 18:05) about the case law on ID to fly:

Patrick Eddington, Cato Institute: I’m trying to understand if there is in fact a statutory basis for TSA to essentially say, “If you don’t show us an ID, you’re not getting on that airplane.”

Peter Pietra, TSA Privacy Officer: … I know that there was a case… where John Gilmore — Gilmore vs. Gonzales, I think was the case — did challenge ID requirements, and the 9th Circuit upheld them…. The one … case that I’m aware of being brought resulted  in upholding TSA’s ability to require ID.

But as Mr. Pietra and the TSA should know, that’s not what was decided in Gilmore v. Gonzales.

Based on pleadings submitted to the court ex parte and under seal by the TSA, the 9th Circuit found that the TSA’s “identification policy” did not require passengers to show ID credentials in order to fly, but provided an alternative of a more intrusive search:

The identification policy requires airline passengers to present identification to airline personnel before boarding or be subjected to a search that is more exacting than the routine search that passengers who present identification encounter….

Gilmore had a meaningful choice. He could have presented identification, submitted to a search, or left the airport. That he chose the latter does not detract from the fact that he could have boarded the airplane had he chosen one of the other two options.

Neither Mr. Gilmore nor his lawyers saw or had any chance to rebut the claims made to the 9th Circuit judges by the TSA in its secret submissions. But the court’s description of the TSA’s identification policy as not requiring passengers to show ID, but allowing a more intrusive search as an alternative, was based entirely on the TSA’s own claims.

Having gotten the court to uphold its policy by representing that policy to the court as not requiring passengers to show ID, the TSA can’t now claim that the court’s decision “upheld” a policy requiring passengers to show ID — a policy the TSA specifically disclaimed in that litigation. The TSA told the 9th Circuit in its sealed, ex parte filings that pursuant to its policy Mr. Gilmore could have flown without ID if he had submitted to a more intrusive search, and the 9th Circuit decided the case on that basis.

Neither the 9th Circuit panel in Gilmore v. Gonzales, nor any other court, has reached the question of whether a requirement for airline passengers to show ID to fly has any statutory basis or would be Constitutional, much less upheld such a requirement

Mr. Pietra went on to suggest that, if the Constitutionality or statutory basis for requiring airline passengers to show ID were in question, the issue would have been litigated. But that ignores the fact that, when Mr. Gilmore tried to litigate exactly this issue, the TSA evaded the issue by denying to the court that it had a policy requiring ID to fly.

We continue to believe that both the TSA’s de facto efforts to require ID to fly, and any TSA policy to require ID to fly, lack a statutory basis and are unconstitutional. We hope that passage of the Freedom To Travel Act will clarify this issue and make it possible for those who are prevented from flying without ID to obtain redress through the courts.