Papers, Please!

The Identity Project

Jun 07 2010

Another Paris-Mexico flight barred from US airspace

Despite being a party to international aviation and human rights treaties guaranteeing free passage through international airspace, the US government claims the right to require prior government permission (granted or withheld in secret, without due process, judicial review, or publicly disclosed standards) not just for travel to or from the USA but for transit through US airspace — even on nonstop flights that aren’t scheduled to land in US territory.

Most such overflights of the US between other countries are to and from Canada, where US control and surveillance of overflights have provoked continuing controversy and opposition.

Of the handful of other airline flight paths between other countries that cross over  US territory, the Paris-Mexico route continues to generate most of the — increasingly bizarre — incidents of US refusal of permission to overfly the US.

Read More

Jun 06 2010

UK government admits it was becoming authoritarian. Can the USA do the same?

The new UK coalition government has announced its initial Programme for Government, including a plan of action on civil liberties including, “We will scrap the ID card scheme, the National Identity register and the ContactPoint database, and halt the next generation of biometric passports.”  Talk is cheap, but Bill 1 (text, explanatory notes) already introduced by the new government would repeal the UK national ID card scheme in mid-rollout.

It’s an important precedent even though, as some have already noted, the repeal would be limited to UK citizens.  Foreigners residing in the UK — including citizens of other members of the European Union, who have the right by treaty to live and work anywhere in the EU — would remain subject to a similar ID card requirement under a separate law that is not (yet) proposed for repeal.

Two aspects of the new UK government’s action seem especially significant as examples for the USA:

One, the government is making this plank of its platform a priority for action only because they perceived it as an issue that citizens and voters were prepared to act on, through noncompliance with orders to enroll in the national ID scheme and/or at the ballot box.  The government is following, not leading, UK public opinion and votes. The US government is unlikely to abandon its national ID schemes — in whatever guise they are cloaked — unless US citizens and voters demonstrate a similar commitment to direct action against them.

Two, the new UK government has admitted much more than that “mistakes were made” or that policies need to be changed:

The Government believes that the British state has become too authoritarian, and that over the past decade it has abused and eroded fundamental human freedoms and historic civil liberties. We need to restore the rights of individuals in the face of encroaching state power, in keeping with Britain’s tradition of freedom and fairness.

If the closest allies of the USA can make such an admission, and act on it, is there still a chance for the Obama Administration to make the same bravely honest admission, and take the same sort of straightforward action to scrap authoritarian measures like REAL-ID and the whole system of travel surveillance and control?

We aren’t holding our breath for fundamental change, either in the UK or the USA.  At least in principle, however, the new UK government has paved the way for what needs to be done.  It’s up to the people to see that they follow through, and that the US government follows suit.

May 28 2010

Wanna buy a prepaid SIM card? “Papers, please!”

S. 3427, a bill introduced in the Senate this week by Senators Charles E. Schumer (D-NY) and John Cornyn (R-TX),  would require would require ID “verification” as a prerequite to buying a prepaid cell phone or SIM card.

The seller or reseller of the phone or SIM card would be required to collect your personal information (including name, address, date of birth, and for online sales your Social Security number) and all unique identifiers of the phone or SIM card including the including the EMEI or other serial number and the assigned phone number.

For in-person sales, you would have to show government-issued ID credentials in a form to be determined later by the Attorney General.  For online or other non-face-to-face sales, you would also have to provide “Any other personal identifying information that the Attorney General finds, by regulation, to be necessary for purposes of this section.”

The bill would place no limits on the amount or intrusiveness of the information the Attorney General could demand, as long as it is spelled out in regulations.  And there’s nothing in the bill to stop the AG from making the verification requirements so onerous as to amount to a de facto ban on online or mail order sales of prepaid SIM card or cell phones, as Ken Grunski —  president of Telestial.com, a leading US-based online source of prepaid SIM cards and cell phones for international travelers — immediately picked up on when we sent him a copy of the bill:

The level of verification that the bill requires is critical to e-commerce providers … because they can only verify an identity to a certain extent online. For example, if the bill just required that the billing address match the shipping address, we can do that easily. But if the bill requires a state or country issued identity card, we can’t do that online. You are essentially saying that the product can’t be sold online anymore, because you can’t verify the identity of the person making the purchase.

It really opens up all types of questions, like what types of impositions would that take on the e-commerce companies and why only SIM cards and prepaid cell phones? This could lead to regulation of all types of telecom products – or anything that puts out a transmission signal.

Read More

May 23 2010

“Freedom Flyer” Phil Mocek to go on trial June 14th in Albuquerque

[UPDATE: The trial which was scheduled to begin June 14, 2010 has been postponed. Check our FAQ about the case or the court calendar for further updates as soon as they are available.]

We’ve written previously about the arrest of Phil Mocek at a TSA checkpoint at the airport in Albuquerque last November. Mr. Mocek had a valid ticket on Southwest Airlines (“You are now free to move about the country”), and was attempting to get to his flight. Like the “Freedom Riders” of the 1960s on interstate buses, Mr. Mocek sought to exercise his Federally and Constitutionally-guaranteed right to travel, but was arrested by local police for alleged violations of state and local laws and ordinances.

So far as we can tell, this is the first time someone in the USA has been arrested or charged with a crime for attempting to exercise their right to travel by air without showing ID or answering questions about themselves or their trip, or for photography or audio or video recording at a TSA checkpoint.

Mr. Mocek is now scheduled to go on trial starting June 14th on charges of violating four state and local ordinances carrying a total maximum sentence of 15 months in jail.  (The charges could still be dropped, and the trial could be rescheduled.  We’ll post an update in this blog and in our FAQ about the case if we learn of any change in the schedule.)

Read More

May 20 2010

Is “SPOT” a reasonable basis for suspicion or surveillance?

Today the Government Accountability Office released a detailed report on the TSA’s “Screening Passengers by Observation Techniques” (SPOT) program, providing considerably more detail than the TSA itself has ever provided, confirming the lack of any evidence that the program has spotted any terrorists, and suggesting implicitly that the DHS has been keeping yet another set of illegal records about innocent travelers.

We’ve followed the SPOT program since its existence was first revealed in 2004, and we’ve been detained, interrogated, and subjected to more intrusive search ourselves after being picked out by SPOT “Behavior Detection Officers”.  (Fancy language for, “They didn’t like our looks, so they harassed us and gave us a thorough shakedown.”)

The SPOT program is the TSA’s attempt to adopt Israeli-style passenger profiling based on appearance and behavior (isn’t that supposed to be un-American, or at least illegal?), and now has a budget of more than $200 million a year.  As shown in the diagram above from the GAO report, more than 150,000 people have been subjected to more intrusive search or interrogation as a result of being fingered by BDOs as “suspicious” or allegedly fitting the (secret, of course, this being the TSA) SPOT appearance and behavior profile.  In 14,000 cases, police were called and passengers detained for “investigation”, typically including a police demand for, and logging of, their ID.

The GAO report serves mainly to confirm the obvious: There is no scientific evidence that the SPOT program has identified any actual would-be terrorists, or provides any legitimate basis for suspicion of those it singles out: Read More

May 20 2010

Statistics on UK travel surveillance and control

It’s tempting to think that ID and PNR-based travel control systems don’t “work” as anti-terrorist measures (they obviously work as surveillance measures and as general law enforcement dragnets, as do house-to-house searches) solely because of the incompetence of the TSA and DHS. Could they be more effective elsewhere, if better implemented?  That seems to be the view of some sectors of center-right opinion in Europe, where the EU continues to consider a mandate for members states to set up their own “Passenger Analysis Units” to decide who to allow to fly, even while the the European Parliament has defined strict standards that they would have to meet.

Newly-reported data from the UK, however, suggests the UK PNR scheme — the most developed and extensive in the EU to date — has all the same problems as the US one. This suggests that the defcst are in the concept, not the details of its execution, and calls in question whether any PNR scheme is likely to likely to be able to meet the Europarl’s criteria for acceptability.

Read More

May 18 2010

USA presses travel surveillance and control agenda at ICAO

The International Civil Aviation Organization (ICAO) has been holding another round of meetings this week at its headquarters in Montreal.  As we predicted, the US delegation has been pressing its vision of an integrated and standardized global system of surveillance and control of air travel, in which government access would be built into airline reservation systems (think, “CALEA for CRSs and PNR data”, worldwide) and government permission would be a prerequisite to boarding any flight on what used to be considered a “common carrier” required to transport all comers.

It’s hard to know what’s going on at ICAO meetings if you aren’t there (think of other international bodies like the WTO and WIPO), and no privacy or civil liberties group was in attendance. But outsiders can get some sense what’s in ICAO’s pipeline from its own recently-published Vision 2020 10-year plan and from the working papers submitted by participants in last week’s sessions of the facilitation panel, including these:
Read More

May 18 2010

TSA still has no answers to key questions about “Secure Flight”

The procedures and timeline for implementation of the TSA’s Secure Flight scheme for identity-based surveillance and control of airline passengers are spelled out not in laws or published regulations but in secret Security Directives to airlines.  So we noted with considerable interest this report today by travel journalist Charlie Leocha of a relatively rare public appearance by the head of the Secure Flight program (emphasis added below):

Paul Leyh, TSA Director Secure Flight Program, claimed that all U.S. airlines will be enrolled in Secure Flight within a month and that all foreign carriers will be working in the program by the end of 2010.

Speaking at U.S. Travel Association’s Pow Wow conference to encourage foreign tourism, Leyh noted that TSA is about to complete their mission of … performing the [watchlist] matches prior to allowing passengers to board….

The system sounds simple, however, there were significant IT hurdles to be overcome. Expanded data field requirements for online travel agents such as Expedia, Travelocity, Orbitz and Priceline were more complex than originally thought. The new data collection by brick and mortar travel agents meant internal profile systems to accommodate the storage of this very valuable and confidential information had to be developed…

Foreign journalists attending the press conference asked whether there is a judicial process to use should the normal DHS TRIP process not result in having your name cleared. Leyh didn’t have an answer for that question….

Leyh didn’t have an answer about privacy issues regarding the GDS [Global Distribution Systems, also known as Computerized Reservation Systems], airline reservation systems or travel agents who are allowed to keep all passenger information indefinitely and who fall under no privacy legislation.

Leyh may not have had answers today, but the TSA can’t avoid those questions forever, especially when they are being raised from abroad.  Last month, the European Parliament voted to include both judicial review of no-fly orders and a review of US government access to CRS/GDS data in its conditions for any agreement to give the DHS access to data about passengers on flights between the EU and the US.

May 17 2010

Three Strikes?

Having been passed over for appointment to head the Drug Enforcement Administration, Deputy FBI Director John S. Pistole today got the booby prize as President Obama’s third-choice nominee to head the Transportation Security Administration.

For those who haven’t been keeping score, retired spymaster and Army General Robert A. Harding withdrew his name from nomination in response to questions about overbilling and cronyism in contracts between his security consulting firm and his former military comrades. Obama’s first choice, former Las Angeles airport cop Erroll Southers, withdrew earlier after apparently lying to Congress about his having used his police connections improperly to get derogatory information from supposedly restricted police files about his estranged wife’s lover.

We have the same questions for Mr. Pistole as we’ve had for the previous nominees for TSA administrator.

As of now, the TSA is still being run on auto-pilot by caretakers from the previous administration.  Unfortunately, we don’t see anything in Mr. Pistole’s official biography as a career cop, or the President’s statement about his nomination (which mentions only a desire to “stengthen” screening at airports, and says nothing about strengthening civil liberties or human rights) to suggest any likelihood of improvement in TSA policies.

May 17 2010

What happens when you “show” ID?

It’s tempting to think that when you show a business or government agency your identity credentials, all that happens is an ID “check”.  They verify that your ID is genuine, and that it shows that you are in a category of people who are authorized to cross a border, buy alcohol, operate a motor vehicle, or whatever.  And then you’re on your way.

What’s wrong with this?  Demands for ID are wrong, but what’s also wrong with this picture is that, increasingly often, this isn’t all that’s happening.

A new product announcement shows how much more than “verification” is sometimes going on behind the scenes.  A press release from Uveritech announces their new North American franchise to distribute a document authenticator made by L-1 Identity Solutions, the prime contractor for producing US drivers licenses as well as many countries’ passports.

L-1’s website describes the desktop device as, “A combined hardware and software product that automatically authenticates a wide range of documents, including passports, visas, immigration cards, driver’s licenses and military ID cards.”  But the product description shows that it performs much more than mere “authentication”, including scanning, optical character recognition (conversion of the image of the document to text), and reading of RFID chips in passports, enhanced drivers’ licenses, and other documents, as well as:

  • “Automatically Cross Reference Smartchip data in the MRZ [Machine Readable Zone].
  • “Collect and organize data and images from document transactions through the configurable options in the embedded relational database….
  • “Print and/or send … executable files with the images….
  • “Seamlessly integrate with any existing government or commercial network infrastructure, (i.e. Australian Customs, ABN AMRO, Brazilian Border Police.)”

So what’s being advertised under the rubric of “authentication” is actually automated capture of information about you (not just the visible data but also the machine-readable data in the magnetic stripe, lines of OCR type, and/or RFID chip, using L-1’s expertise in document and data formats derived from its role as government contractor ), conversion of this information about you to standardized digital format, loading of this data into an embedded relational databases, and “seamless[] integrat[ion]” of that database “with any existing government or commercial network infrastructure”.

Still feeling sanguine that it’s “just a quick check” of your ID, after which you can be on your way without further concern for future repercussions as long as you’ve been allowed to pass?

Read More