Papers, Please!

The Identity Project

Sep 07 2011

“Why should I care about PNR?”

Our guest post for European travelers at NoPNR.org:

Why should I care about PNR?

More for our European readers about PNR data and how it is used by governments:

What can Europeans do?

Sep 06 2011

BART planning further interference with common-carrier services

BART Citizen Review Board meeting (photo by dave id, indybay.org) [BART Citizen Review Board meeting, September 2, 2011 (photo by dave id, indybay.org)”]

We testified again last week at a poorly-publicized and sparsely-attended meeting of BART’s Citizen Review Board held late Friday afternoon at the start of the holiday weekend.

The main topic on the agenda was BART’s shutdown of wireless phone and data service in the BART transportation system during protests against shootings of passengers by BART Police, on which BART’s elected Board of Directors had requested the advice of its newly-appointed Citizen Review Board. Read More

Sep 02 2011

Update on our complaints of human rights treaty violations

As we’ve noted previously, we’ve been complaining for years that DHS and Department of State actions to restrict and control travel violate the freedom of movement guaranteed by international human rights treaties ratified by the U.S. (as well as, of course, the right to assemble guaranteed  by the First Amendment to the U.S. Constitution).

We’ve made formal complaints of these violations to the DHS and to the State Department.

Executive Order 13107 requires all Federal agencies to designate a single point of contact for such complaints, and to respond to them. But we’ve received no response to any of these complaints.

To find out what (if anything) has been done with our complaints, or to whom (if anyone) they have been assigned, we had to file FOIA requests with both the DHS and the State Department.

The DHS office for Civil Rights and Civil Liberties (CRCL) responded promptly to our FOIA request. But other than the order from Secretary Chertoff designating the CRCL as responsible for coordinating DHS compliance with human rights treaties and responding to complaints (which wasn’t issued until September 11, 2006, almost five years after the creation of the DHS, they could find no record that the DHS had ever done anything to act on complaints of human rights violations. There were no records of any meetings at which the subject was on the agenda, no records of complaints (except our own, which was only properly docketed, five years late, after we made a formal Privacy Act request to correct the record), no logs or reports of such complaints, no instructions to DHS component agencies as to how to handle such complaints, and no organizational chart on which anyone was identified as responsible for responding to such complaints.

We’re looking forward to a meeting which the CRCL has agreed to later this month in Washington to discuss how they might finally begin to fulfill their responsibilities under international human rights treaties, particularly with respect to complaints of violations.

The State Department has been even less responsive. They have ignored repeated requests to identify who, if anyone, the Secretary of State has designated as the officer who is supposed to be responsible for responding to complaints like ours of human rights treaty violations. Months have passed, and we’ve received no response whatsoever to our FOIA request and no estimate of when, if ever, they expect to give us an answer.

In an effort to try everything possible way to get the information to which we are entitled without a lawsuit, we’ve asked the FOIA ombudsmen at the new Office of Government Information Services to help mediate our FOIA request to the Department of State as well as several of our years-old unanswered FOIA requests to the TSA. We’re waiting to see if they can persuade these agencies to comply without our having to sue them. We’ll keep you posted.

Aug 25 2011

BART doesn’t understand the duties of a common carrier

Yesterday the Bay Area Rapid Transit district (BART) held its first public discussion of BART’s recent actions to shut off wireless telephone and data service in parts of the BART system, and to close certain BART stations on the approach of certain groups of individuals, in order to prevent the use of those communications and transportation services and facilities by certain unnamed individuals and/or organizations (to wit, people seeking to express their opposition to various BART practices) who BART thought might, at some future time, use those communications and/or transportation facilities to commit some unspecified crime(s).

These actions by BART exemplify the post-9/11 focus of unconstitutional “pre-crime” police tactics on extra-judicial police control of access to transportation providers and other common carriers.

The following is a slightly extended and updated version of the testimony (video clip) given by Edward Hasbrouck of the Identity Project at yesterday’s public hearing (more) before BART’s elected Board of Directors at their Oakland, California, headquarters:

Edward Hasbrouck testifying to BART's Board of Directors

The Identity Project is part of the First Amendment Project, based here in Oakland but active nationally on civil liberties and human rights issues related to freedom of travel, movement, and assembly.

We are concerned that both BART’s selective denial of access to cellular phone and data service, and BART’s selective denial of access to transportation services, reflect a disturbing failure to understand what it means to be a “common carrier”.

As a common carrier, BART is required to provide transportation to all would-be passengers, just as a telecommunications common carrier is required to transport all would-be customers’ messages. A common carrier simply has no authority to refuse service to selected customers. That’s true regardless of what you think about who they are, where they are going, the content of their messages, the ideas or opinions they express, the reasons for which they are using your services (or those of other common carriers or third parties), or their future intentions. Read More

Aug 16 2011

Hearing in our lawsuit against DHS postponed until September 15th

The hearing in our Privacy Act and FOIA lawsuit against the Customs and Border Protection division of DHS, previously scheduled for August 25, has been postponed by the court until Thursday,  September 15, 2011, 1:30 p.m. in Federal court in San Francisco.

The hearing will still be held before Judge Richard Seeborg (Courtroom 3, 17th Floor), U.S. District Court for the Northern District of California, Phillip Burton Federal Building and U.S. Courthouse, 450 Golden Gate Ave. (between Polk and Larkin, near Civic Center), San Francisco, CA.

The public is welcome to attend the oral argument, although the guards at the entrance to the courthouse require visitors to show government-issued ID and submit to search to be admitted to the courthouse. (See also the court’s information for journalists and the local court rules for electronic devices in the courthouse.)

Aug 12 2011

Grassroots European opposition to US access to airline reservations

An almost-unprecedented campaign of pan-European grassroots lobbying and activism has emerged this summer in opposition to US access to PNR (Passenger Name Record) data from European airline reservations.

During the European Parliament’s summer recess, people from throughout the EU have been sending postcards from their holiday travels to the members of the European Parliament’s LIBE (civil liberties) Committee, urging MEPs to vote against the proposed EU-US agreement that would grant immunity from EU data protection law to both European and US companies that give the US Department of Homeland Security access to PNR data collected in Europe.

It’s a clever way of mobilizing grassroots action and popular pressure on a travel-related issue during the peak summer holiday travel period, when Parliament itself is on holiday along with most of the European travelers concerned about US access to airlines’ records of their travels.

Direct popular lobbying of MEPs is rare at any time of year. Each member of the US Congress receives hundreds or thousands of letters and dozens of constituent visitors in their offices each day, but a visit from a constituent is a once-a-month event, if that, for a typical MEP’s office in Brussels.  Despite widespread dislike of many decisions taken by the EU institutions, and growing power of the EU relative to that of individual EU members, grassroots European campaigning remains almost entirely focused on national issues and national legislatures.

An equally-rare demonstration and other networking and activist events on this and related issues are being planned as part of Freedom Not Fear 2011 in Brussels on September 17-19, 2011.

We congratulate our European colleagues for taking the issue of US travel surveillance to the people and to the streets, and we urge our European supporters to join these campaigns.

Jul 30 2011

Our reply to DHS claims that travel dossiers are exempt from the Privacy Act

Our reply brief and a supporting declaration were filed yesterday in Hasbrouck v. CBP, our Privacy Act and Freedom of Information Act (FOIA) lawsuit seeking records from and about the DHS “Automated Targeting System” of individualized government dossiers about each of the the millions of international travelers to and from the USA, including US citizens.

ATS includes complete copies of airline reservations (“Passenger Name Records” or PNRs), as well as a “risk assessment” for each would-be traveler that is used to decide whether or not to give the airline permission to transport them into, out of, or through the airspace of the USA. As Mr. Hasbrouck’s supplementary declaration supporting our latest reply brief explains:

Tens of thousands of travel agencies, airline offices, and offices of other travel companies around the world, and a million or more individual employees and contractors of these companies, have access through CRSs [Computerized Reservation Systems] or otherwise to PNR databases and the ability to enter data in PNRs. PNRs thus can, and do, contain an unlimited quantity and variety of data originating with numerous third parties around the world, some of it in the form of unstructured free text. CBP requires that, in all cases where a PNR contains a flight between a point in the U.S. and a foreign point, or overflying U.S. airspace, the entirety of the PNR — including the free-text general remarks and whatever other data has been entered by anyone with access to the PNR — must be made available to CBP for import into ATS.

PNRs can contain information about aspects of a journey other than air transportation, such as hotel reservations and other travel services, even in what are considered in travel industry jargon to be “air-only” PNRs. Information about these other travel services can be included in the “OSI” (Other System Information), and “SSR” (Special Service Request) elements of the PNR. For example, in reviewing records from ATS released to another requester by CBP, I have seen a PNR for two people, for whom the airline had reserved a hotel for an involuntary overnight layover, which included an SSR entry with a code showing whether a room with one bed or two had been requested for those two travelers. This is a normal and expected example of standard travel industry practices.

The SORNs [System Of Records Notices, required by the Privacy Act] for ATS specifically mention OSI, SSR, and “General Remarks” 10 among the “Categories of Information in the [ATS] System” and among the types of data derived from PNRs and included in ATS. “OSI” entries can be used by travel agency or airline staff with access to PNRs to enter, and to send to airlines, arbitrary free-text messages. “Remarks” in PNRs are intended to be used for an unlimited range of free-text data entry. This information can — and in some cases does — include remarks about the personal foibles of the traveler (to assist other travel agency or airline staff in dealing with the traveler), and/or derogatory descriptions of interactions with customer service staff. Travelers do not normally see the PNRs that contain information pertaining to them, and do not know or control what information has been entered about them.

Our reply brief also notes that:

Acknowledging the sensitivity of the data in PNRs, Canadian and European Union laws require that private entities that control or host PNRs allow individuals to inspect their own PNRs and obtain information about how they are used. However, U.S. law contains no such requirement.

The focus of our latest arguments is on the government’s claim that — after receiving Mr. Hasbrouck’s Privacy Act request and his appeal of the government’s failure to respond — CBP had the right to issue new regulations retroactively exempting itself from any obligation to respond to the pending request or appeal, to provide Mr. Hasbrouck any of the ATS or other records about him and his travels, to provide him with any accounting of the disclosures of those records to third parties, or to correct inaccurate records or expunge irrelevant ones. As our brief notes:

The retroactive application of the ATS and BCIS exemptions is especially egregious in this case where the processing of Hasbrouck’s Privacy Act requests was completed by CBP’s Office of Intelligence and Operation Coordination on April 2, 2009, but was then sat on for 17 months until after the exemption rules were finalized.

We also contest CBP’s failure to search for Mr. Hasbrouck’s records, in response to his request, in the same way they would if they were searching for records about him as a suspected terrorist. And we contest their refusal to disclose even the records about Mr. Hasbrouck that they admit to having found.

The next step in the case will be oral arguments on the cross-motions for summary judgment on Thursday, August 25, September 15, 2011, 1:30 p.m., before Judge Richard Seeborg (Courtroom 3, 17th Floor), U.S. District Court for the Northern District of California, Phillip Burton Federal Building and U.S. Courthouse, 450 Golden Gate Ave. (between Polk and Larkin, near Civic Center), San Francisco, CA. [Note revised hearing date of September 15th.]

It’s unlikely that any decision will be announced on the spot at the oral argument. Judge Seeborg will most likely take the written submissions and oral arguments under advisement, and issue an initial decision on the motions for summary judgment some weeks or months later. (There is no mandatory deadline for most Federal judicial decisions.)

The public is welcome to attend the oral argument, although the guards at the entrance to the courthouse require visitors to show government-issued ID. See the specific rules for electronic devices in the courthouse and additional rules and information for journalists.

Jul 25 2011

Mexico-Barcelona flight barred from overflying the U.S.

The U.S. government has yet again ordered a foreign airline, transporting foreign citizens between foreign countries, not to transport a specific foreign  passenger through U.S. airspace between foreign points.

Yet again, U.S.  authorities did this not through legal process and a judicial order such as an injunction, but through an extrajudicial administrative order to the airline.

Yet again, as with previous Air France flights between Paris and Mexico City, the “no-overfly” order was given to Aeromexico (this time for a Mexico City-Barcelona nonstop) only after the plane was in the air — this time forcing it to return to Mexico for lack of enough fuel to detour south around Florida and U.S. airspace.

And yet again, as with journalist Hernando Calvo Ospina and European Parliament legislative aide and policy analyst Paul Emile Dupret, the latest incident involved someone who appears to have been barred from U.S. airspace on the basis of their ideas rather than their actions: Mexican citizen and academic Raquel Gutiérrez Aguilar.

Gutiérrez is an author, independent journalist, activist, and professor of social sciences and humanities at BUAP (Benemérita Universidad Autónoma de Puebla) in Puebla, Mexico.

Gutiérrez tells the story in her own words in an open letter (original in Spanish; English translation) posted on a new blog she has started for discussion of her own and similar cases, “Los Non Gratos“. There’s also an analysis of the incident and its significance by law professor and expert in international human rights Craig Scott on OpenDemocracy.org.

Secret U.S. no-fly orders against passengers have also provided the basis for Air Canada to deny passage on flights whose flight plans included alternate airports in the U.S. at which they might have landed if diverted in an emergency, even if they planned neither to land in nor overfly the U.S. The legality of those decisions by Air Canada, under applicable Canadian law and international treaties to which Canada is a party, remains in doubt.  In one case, they prevented a U.K. citizen (and Muslim) from returning home from Canada to the U.K., even though his permission to remain in Canada was expiring. In a second case, they caused the reverse problem, preventing a Canadian citizen (and Muslim) from returning home from Germany to Canada, even though his permission to remain in Germany was expiring.  And in yet a third case, they prevented a U.K. citizen (and Muslim, and former prisoner released from Guantanamo and never charged with any crime in the U.S., U.K., or Canada) from coming to Canada for a speaking tour, even though no objection to his visa-free entry to Canada as a U.K. citizen had been raised by Canadian immigration officials.

Does the U.S. government think that journalists, scholars, and government staff are likely to conduct telepathic terrorist psy-ops against the U.S. from 30,000 feet if they are allowed to pass through our airspace?  Or that if the bureaucrats at the DHS are genuinely afraid of this, the proper procedure for judging this risk shouldn’t be to present the evidence, if any, to a judge, in an adversary proceeding in which the person being adjudged can hear the charges and evidence against them, be heard in their own defense, and be entitled to due process including a presumption of innocence.?

As U.S. citizens, we extend our apologies for the actions of a U.S. government that doesn’t represent us in taking such actions, our commitment to continue our work to end such U.S. government lawlessness, and our offer of any assistance we can provide (limited though that is likely to be) to Ms. Gutiérrez and any others similarly situated and seeking explanations and redress.

Jul 18 2011

DHS reply to our arguments for release of travel records

Late last Friday night, lawyers for U.S. Customs and Border Protection (one of the divisionS of the DHS) filed their reply to our motion for summary judgment in Hasbrouck v. CBP, our lawsuit under the Privacy Act and Freedom Of Information Act (FOIA) seeking release of PNR data and other information from and about the CBP “Automated Targeting System” (ATS) and other records of the travel of innocent US citizens neither accused nor suspected of any crime.

We’ve added CBP’s latest pleadings and self-serving (and often false) declarations to our posted documents from the case.

Our legal responses are due to be filed with the court by July 29th, followed by oral argument before Judge Seeborg of the U.S. District Court for the Northern District of California in San Francisco on August 25th.

In the meantime, the government’s latest filings raise disturbing new legal and factual claims:

First, CBP’s main response to our Privacy Act arguments is to claim the authority (a) to delay action indefinitely on Privacy Act requests (“The Privacy Act contains no provisions addressing processing procedures or deadlines”, they say), and (b) to promulgate new Privacy Act exemption rules applicable retroactively to pending requests and appeals, even ones made years earlier.

If these arguments are accepted by the courts, the result would be that the Privacy Act cannot be relied on to provide any guarantee of “rights” with respect to future access to personal information. Whenever an agency receives any request it doesn’t want to fulfill — for access to records about an individual, for an accounting of disclosures of those records, or for correction of inaccurate records — the agency could simply delay acting on the request (without even needing any reason or excuse for the delay) while it promulgates a new rule retroactively exempting the system of records from the requirement to act on the request.  Or the agency could simply delay action indefinitely, effectively denying the request without the need for any formal exemption, denial, or statement of reasons.

Anyone considering relying on the Privacy Act, or on the (current) rules for any particular system of records, should be aware that this is now officially the DHS interpretation of the Privacy Act.

Second, CBP claims (paragraph 11) that the “audit logs” of access to ATS records (including PNR data) were not likely to contain any information responsive to our requests because they are “neither intended nor designed to be used to generate reports to memorialize the terms used [to] search for records.”

CBP thus appears to be admitting that — despite the claims in its Privacy Impact Assessment and reports to the European Union that “ATS retains audit logs for all user access”, those audit logs show only who logged in to the ATS system, not what PNR data they retrieved.

Apparently, once an “authorized” user logs in, they can retrieve any PNR — of a politician, of a celebrity, of their personal enemy, or of anyone else — without any record being kept of which PNRs they have retrieved.

The absence of logs showing which PNR data is retrieved, when, and by whom make a mockery of any reliance on these logs as proving or disproving whether CBP misuses its access to PNR data.

We’ve often said in the past that the absence of access logs for access to PNR data held by commercial computerized reservation systems makes it impossible for those CRSs to comply with EU or Canadian privacy law. But we’ve taken at face value CBP’s claim to maintain logs of access to the copies of PNR data in CBP’s ATS database.

Now we know that there are no meaningful access logs — logs showing which PNRs are retrieved when, and by whom — for ATS either.  There is thus no way for anyone to know who has retrieved your PNR data, when, or from what other countries, and no way for anyone to carry out any meaningful audit of compliance with policy restrictions on access.

Jul 15 2011

Appeals Court rules TSA rules require prior notice and public comment

Today a three-judge panel of the U.S. Court of Appeals for the D.C. Circuit unanimously ruled that the TSA deployment of virtual strip-search machines is subject to the requirements of the Administrative Procedure Act for formal notice and an opportunity for public comment before it is put into effect.

[T]he TSA has advanced no justification for having failed to conduct a notice-and-comment rulemaking. We therefore remand this matter to the agency for further proceedings. Because vacating the present rule would severely disrupt an essential security operation, however, … we shall not vacate the rule, but we do nonetheless expect the agency to act promptly on remand to cure the defect in its promulgation.

The ruling came in a lawsuit by EPIC based on a petition for rulemaking in which the Identity Project had joined.

The logic of the decision would appear to apply equally to other requirements imposed on travelers at TSA checkpoints, including any mandate for travelers to identify themselves:

Read More