Papers, Please!

The Identity Project

Feb 04 2009

Amtrak police arrest participant in Amtrak photo contest

On December 21, 2008, Amtrak police arrested a photographer taking pictures on a public platform at Penn Station in New York … in response to an Amtrak photo contest calling for the public to submit photos of Amtrak trains.

We had heard about this story before, but now the Colbert Report has the story including an interview with the photographer, Duane Kerzic, and a reenactment of the incident, in the form of a great parody of the new Homeland Security USA “reality” show.   Kerzic’s own Web site includes his own description of what happened and actual photos before and after his arrest (including his injuries from the police).

Full episodes of the “real” Homeland Security USA are available in a peculiar streaming video format on the ABC television Web site.  (The player will only work if it thinks you are running Windows XP or Vista, but you can get it to work in Linux by using Firefox for Windows in the Wine environment.)

Episodes of the show broadcast to date, and available online, include such incidents as the warrantlesss “dump” of the data in a cell phone carried by a person trying to enter the U.S. from Canada, and their (and their companions’) being refused entry to the US based on a phone number in the cell phone believed to match a number associated with an entry for a different person on the no-fly list.  All without any hearing or involvement by a judge, of course, and without their being told anything about the data in the no-fly list entry used as the basis for refusing to allow them into the U.S.

Feb 03 2009

Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

Read More

Jan 15 2009

Recent developments in the USA in travel data

(Comments of the Identity Project at a workshop on “What’s on the agenda in the USA and Canada?” at the annual conference on Computers, Privacy, and Data Protection, Brussels, 16-17 January 2009)

Two major issues have emerged in the last year in relation to personal data about travel: (1) The overall goal of the government of the USA in its various policy initiatives on “travel security” has become increasingly clear. The USA is seeking to establish a global norm that:

  1. Government-issued identity credentials should be required for all forms of travel, domestic and international.
  2. All travel transactions should be recorded in a lifetime “travel history”.
  3. Pre-departure government permission should be required for all travel (based on the identity credential and the associated historical dossier), particularly for air travel or international travel.

Read More

Jan 06 2009

“We Will Not Be Silent” on JetBlue Airlines

Showing that they haven’t lost their ability to waste their stockholders’ and the taxpayers money by violating travelers’ rights, JetBlue Airlines and two TSA officials have paid $240,000 to a JetBlue passenger who they forced to cover up the message on his t-shirt as a condition of allowing him to fly home from New York to California.

Raed Jarrar, an Iraqi-American who works for the Nobel Peace prize-winning American Friends Service Committee, was prevented by both JetBlue and the TSA from boarding the plane until he covered up his shirt, which said “We will not be silent” in both English and Arabic.

JetBlue previously had to apologize to its customers for turning over its entire historical PNR database of records about everyone who had ever taken a JetBlue flight to a military contractor working on a profiling scheme linked to the Total Information Awareness program, prompting lawsuits by several groups of passengers.

Perhaps now that the TSA has settled with Mr. Jarrar, we can once again safely wear the “Suspected Terrorist” buttons that got John Gilmore and his traveling companion kicked off a British Airways flight in San Francisco.

Jan 05 2009

“The Department of Homeland Security in Action”

Just in time for the launch tomorrow night (Tuesday, Jan. 6th) of the the new DHS “reality” television show, Michael Yon has a timely post about an aspect of DHS reality that the “embedded” television production crews probably won’t show us: Border Bullies: The Department of Homeland Security in Action. Read the whole story. The devil is in the details of how Michael’s friend was treated on arrivial in the USA (en route to spend money as a tourist at Disneyworld), but here are a few snippets:

While the U.S. Immigration officer named Knapp rifled through all her belongings, Aew sat quietly. She was afraid of this man, who eventually pushed a keyboard to Aew and coerced her into giving up the password to her e-mail address. Officer Knapp read through Aew’s e-mails that were addressed to me, and mine to her. Aew would tell me later that she sat quietly, but “Inside I was crying.” She had been so excited to finally visit America. America, the only country ever to coerce her at the border. This is against everything I know about winning and losing the subtle wars. This is against everything I love about the United States. We are not supposed to behave like this. Aew would tell me later that she thought she would be arrested if she did not give the password….

Knowing that Homeland Security officers are creating animosity and anxiety at our borders does not make me feel safer. How many truly bad guys slip by while U.S. officers stand in small rooms and pick on little women?…

I had intended to show Aew a bit of my country. But it’s taking a little while for her to get over her discomfort at being in America. She was treated better in China. So was I.

Dec 24 2008

Weekly DHS propaganda hour on prime-time broadcast TV

Giving new meaning to the epithet, “security theater”, the hit Australian reality-television show Border Security has been franchised to the USA in the form of Homeland Security USA.

The weekly hour-long “reality” program is scheduled to begin Tuesday night, January 6th, 2009, on ABC.  Having seen the Australian predecessor, we can hardly wait to see how the DHS, with its growing focus on spin control and image management, wants to be seen.

The show boasts of the “full cooperation” of all DHS departments, without which it couldn’t be produced — and, therefore, who it can’t afford to offend if it wants to continue.

Dec 24 2008

DHS admits problems in disclosing travel surveillance records

On Friday, December 19th, the Privacy Office of the U.S. Department of Homeland Security released A Report Concerning Passenger Name Record Information Derived From Flights Between The U.S. and the European Union.

This is a very important report for both US and European travelers, but not for the reasons the DHS claims:

The authors of the report conclude that DHS handling of Passenger Name Record (PNR) data is in compliance with both US law (particularly the Privacy Act) and the DHS-EU agreement on USA access to, and use of, PNR data related to flights between the EU and the USA.

In fact, the report contains multiple admissions that support exactly the opposite conclusion: The DHS has complied with neither the agreement with the EU, nor US law (especially, but not only, the Privacy Act), in its use of PNR data concerning US citizens as well as Europeans and other foreigners.

The DHS has legal obligations to US citizens and residents under the Privacy Act, and commitments to travelers from the EU under the PNR agreeement, to allow individuals timely access to PNR data about them held by the DHS. According to the report:

DHS policy allows persons (including foreign nationals) to access and seek redress under the Privacy Act to raw PNR data maintained in ATS-P.

Despite this, the DHS Privacy Office has now reported that:

  1. Requests for PNR data have typically taken more than a year to answer — many times longer than the legal time limits in the Privacy Act and Freedom of Information Act: “The requests for PNR took more than one year to process.”
  2. When individuals have requested “all data” about them held by the DHS, often they have not been given any of their PNR data: “If an individual requests ‘all information held by CBP’ the FOIA specialist generally does not search ATS because PNR was not specifically requested.”
  3. Because of this, the vast majority of requesters who should have received PNR data did not: “The PNR specific requests are a small percentage of the total requests based on the statistics provided to the Privacy Office, but if ATS-P were searched in all cases in which an individual asks for ‘all information held by CBP,’ the percentage would increase more than seven [sic]”
  4. PNR data has been inconsistently censored before it was released: “The requests for PNR … were inconsistent in what information was redacted.”
  5. A large backlog from the initial requests for PNR data remains unanswered, more than a year later: “Management noted that they have been understaffed and are bringing on new staff to reduce the backlog and period of time it takes to respond to requests. Additionally, management stated that part of the delayed response was due to the large number of requests initially submitted for PNR.”

To understand the full meaning and significance of the report, let’s quickly review the history of US government use of PNR data:

Read More

Dec 18 2008

Maryland Seeks to Change License Policy on Immigration In Order to Implement REAL ID System

Maryland’s governor and transportation secretary have announced that they will seek legislation to change the state’s long-standing policy on driver’s license registration and require proof of legal residence before issuing the cards to state residents. Maryland is hoping to make this change as it begins implementing the federal REAL ID national identification system. The governor had rejected a previous proposal for a two-tier system that would have allowed the issuance of a lower-tier license to individuals unwilling to show such proof.

According to the Maryland Motor Vehicle Association’s site, REAL ID implementation means that. “Effective January 1, 2010, individuals applying for a new license will be required to show documentation to prove that they are in the United States legally.” Driver’s license applicants will have to show “Documents such as Social Security Card, U.S. Birth Certificate, U.S. Naturalization of Citizenship, Valid U.S. Passport, Valid Foreign Passport with Visa, U.S. Permanent Residency Card” or other documents to prove their legal presence in the United States.

We have previously detailed the many privacy and security problems that arise from requiring such documentation for a state driver’s license, but let’s focus on the immigration issue that Maryland is attempting to address. Read More

Dec 18 2008

DHS extends travel permission requirements for international visitors and general aviation

Continuing its “lame-duck” promulgation of rulings that will tie the hands of the new Presidential administration — or at least delay any efforts to reform DHS rules by requiring a new rulemaking process, or legislation, before they can be withdrawn — the DHS has published two new rules that will extend requirements for individualized pre-departure DHS permisison to international visitors seeking to enter the USA under the Visa Waiver Program (VWP) and to passengers and crew on international general aviation, private, non-scheduled, and non-airline flights to and from the USA:

Read More

Dec 18 2008

US-EU agreement to disagree

Over the weekend Stewart Baker of the DHS posted an entry in the DHS “Leadership Journal” blog entitled U.S. and EU Agree on Data Protection Principles.  Readers unfamiliar with the “back story” might conclude from this — as Baker and the DHS no doubt hope they will — that some sort of formal negotiations have been concluded, and that the USA and the European Union have actually worked out their differences on privacy and data protection.

Not so at all.  Many details remain unclear, as has been typical of DHS international diplomacy. All the meetings of the previous so-called “EU US High Level Contact Group on information sharing and privacy and personal data protection” occurred in secret.  But the joint statement by a new group of selected officials from US and EU executive agencies, released as an attachment to Baker’s blog post, indicates essentially the same impasse remains as existed when the “High Level Contact Group” made its final report in May 2008:

Read More