Papers, Please!

The Identity Project

Dec 06 2022

TSA argues for impunity for checkpoint staff who rape travelers

[Jonathan Corbett argues on behalf of Michele Leuthauser]

Two years ago, at least a dozen women on a Qatar Airways flight to Sydney were ordered off the plane at Doha Airport in Qatar and subjected to forced vaginal examinations.

Australia made diplomatic protests, as both the airline and the airport are controlled by the government of Qatar. The Qatari government issued a public apology and said that, “Those responsible for these violations and illegal actions have been referred to the Public Prosecution Office.” Last month, just before the start of the World Cup soccer tournament in Qatar, some of the women filed a lawsuit in an Australian court  against the airport operator and the airline.

If you think that this couldn’t happen in the USA, or that the victims would fare better with government authorities and in the courts in the USA than in Qatar, think again.

Today a panel of judges of the 9th Circuit Court of Appeals heard oral argument in San Francisco in a lawsuit (Michele Leuthauser v. USA) brought by a woman who complained that a Transportation Security Administration staff person pushed their finger into her vagina — i.e., raped her — in 2019 after they ordered her into a back room at the airport in Las Vegas for a “pat-down” after she went through a whole-body imaging  machine.

It’s bad enough to require that, if anything “anomalous” is spotted on the images taken by  the “virtual strip-search” machine, you have to go through a hands-on strip search. It’s another thing to turn that into a body cavity search involving groping and penetration.

Local police who were standing by refused to take a complaint from Ms. Leuthauser. Traumatized and unable to face TSA checkpoints again, she lost her job, which required frequent air travel. Eventually, after her claim against the US government for damages was administratively denied, she sued the TSA employees and the US government for damages.

Unlike the government of Qatar, however, the US government hasn’t apologized, said that what happened was illegal (or would be illegal if the complaint is proven to be true), or referred the TSA checkpoint staff for investigation and possible prosecution.

The TSA hasn’t even tried to dispute the truth and factual accuracy of the complaint.

Instead, the TSA has argued that, even if all of the allegations in Ms. Leuthauser’s complaint are true, the TSA and its employees have absolute impunity. Regardless of what “torts”, even rape, TSA checkpoint staff commit against travelers, the government claims that Federal courts have no jurisdiction to hear lawsuits or consider claims against them.

One might think that “sovereign immunity” would be a doctrine invoked by, say, the Qatari monarchy to dismiss lawsuits against the Emir. But in this case, it’s being invoked by the US government to exempt the TSA and an accused TSA rapist from any legal accountability.

Read More

Dec 05 2022

DHS resets the clock on its threat to stop flyers without ID

 

Soccer fans have been noticing unusually large amounts of stoppage time added on to extend the final whistle in many of this year’s World Cup matches. But FIFA and World Cup referees have nothing on the US Department of Homeland Security when it comes to extending the end of the game of REAL-ID chicken that the DHS has been playing with air travelers.

Just a few months after adding a countdown clock to its website to add artistic verisimilitude to its threat to start “enforcing” a nonexistent law prohibiting flying without ID, the DHS has set that clock back by two more years.

The change announced today — only the most recent in a seemingly endless series of postponed empty REAL-ID threats — again postpones, but does not withdraw, the DHS threat to start preventing people without ID from traveling by airline within the US.

The DHS says it plans to promulgate another set of amendments to its regulations implementing the REAL-ID Act of 2005, postponing “enforcement” of the REAL-ID Act at airports until May 7, 2025. Conveniently for current Federal officials, that punts the problem of how to respond to the inevitable resistance to an attempted ban on flying without ID into the next Presidential administration.

Today’s press release from the DHS says, in part:

Under the new regulations, beginning May 7, 2025, every traveler 18 years of age or older will need a REAL ID-compliant driver’s license or identification card, state-issued enhanced driver’s license, or another TSA-acceptable form of identification at airport security checkpoints for domestic air travel.

We  doubt, however, that the revised regulations will contain any such provision. None of the previous versions of the REAL-ID regulations contained any provision requiring air travelers to identify themselves, and any such regulatory provision would exceed the implementing authority granted to the DHS by the REAL-ID statute.

The REAL-ID Act restricts what ID credentials a Federal agency can accept, in circumstances where ID is required by some other Federal law or regulation. But neither the REAL-ID Act nor any other current or proposed Federal law or regulation requires travelers to show any ID to pass through Transportation Security Administration checkpoints or board domestic flights within the US — as the TSA itself has argued whenever ID to fly has become an issue in court.

It should go without saying that one doesn’t have to take a “flying test” to obtain a drivers license. A drivers license is not a permit to fly, and possession (or not) of a valid drivers license is entirely unrelated to entitlement to travel by common carrier. The REAL-ID Act has done nothing to make flying safer, any more than preventing people without ID from flying would make flying safer. The only real impact of the REAL-ID Act  has been the creation of an (outsourced, privately held, opaque and uncontrolled) national ID database  (SPEXS) aggregated from state and territorial driver’s license records.

By the time the two more years of added “stoppage time” runs out on the DHS threat clock, twenty years will have passed since the REAL-ID Act was rushed through Congress in post-9/11 panic, without debate and with hardly time for legislators to read the bill.

Time is running out on the REAL-ID Act. It’s time for Congress to admit that the REAL-ID Act was wrong from the start, has enabled the creation of a de facto national ID database  overwhelmingly opposed by the American public, and should be repealed.

Nov 23 2022

The airport of the future is the airport of today — and that’s not good.

(video; slides)

[Facial recognition at each step in airline passenger processing. Slide from presentation by Heathrow Airport Holdings Ltd. to the International Civil Aviation Organization (ICAO) Traveler Identitification Program symposium, October 2018]

Today, the day before Thanksgiving, will probably be the busiest day for air travel in the USA since the outbreak of the COVID-19 pandemic in early 2020.

If you are flying this week for the first time in three years, what will you see that has changed?

Unfortunately, many of the most significant changes made during the pandemic are deliberately invisible — which is part of what makes them so evil.

During the pandemic, largely unnoticed, the dystopian surveillance-by design airport of the future that we’ve been worried and warning about for many years has become, in many places, the airport of today.

While travelers were sheltering in place during the COVID-19 pandemic, airports have taken advantage of the opportunity to move ahead with expansion and renovation projects. While passenger traffic was reduced, and terminals and other airport facilities were operating well below capacity, disruptions due to construction could be minimized.

A characteristic feature of almost all new or newly-renovated major airports in the U.S. and around the world is that they are designed and built on the assumption that all passengers’ movements within the airport will be tracked at all times, and that all phases of “passenger processing” will be carried out automatically using facial recognition, as shown in this video from a technology vendor, Airport of the Future:

[Stills from 2019 vendor video, Airport of the Future.]

In the airport of the future, or in a growing number of present-day airports, there’s no need for a government agency or airline that wants to use facial recognition to install cameras or data links for that purpose. As in the new International Arrivals Facility at Sea-Tac Airport, which opened this year, the cameras and connectivity are built into the facility as “common-use”  public-private infrastructure shared by airlines, government agencies, and the operator of the airport — whether that’s a public agency (as with almost all U.S. airports) or a private company (as with many foreign airports).

Read More

Oct 04 2022

ICAO expands travel tracking and control through RFID passports

The triennial general assembly of the International Civil Aviation Organization (ICAO) is underway in Montreal for its first session since the outbreak of COVID-19, with speakers at its opening plenary last week including US Secretary of Transportation Pete Buttigieg.

It’s been many years since the US delegation to an ICAO meeting has included a Cabinet member. Secretary Buttigieg’s presence brought greater public attention than usual to the ICAO general assembly and related side events.  Unfortunately, news reports have focused on what Secretary Buttigieg said (mainly his comments about Taiwan) rather than on what ICAO is actually doing.

Despite its ostensibly limited role as a specialized international organization with a mandate to administer aviation treaties — a role which would make it logical for the US delegation to be headed by the Secretary of Transportation — police in the US and other ICAO members have coopted ICAO into functioning as a policy laundering venue for imposition of surveillance mandates on all travelers, whether or not they travel by air.

Rather than “faciliating” travel, ICAO’s Facilitation Programme is increasingly devoted to facilitating government control of travel. This includes a new ICAO standard, as discussed below, to enable global blackballing of travelers disfavored by any ICAO member country.

So far as we can tell, no representative of a data protection authority or a ministry primarily responsible for protection of human rights or civil liberties has been included in any country’s ICAO delegation or appointed to any ICAO technical working group.

But that hasn’t stopped ICAO from issuing mandates, under the purported authority of aviation treaties but directly contrary to human rights treaties, for the creation of a new surveillance and pre-crime profiling agency in every ICAO member, and for deployment and use of passports containing remotely-readable RFID chips.

ICAO’s lack of expertise in this non-aviation policy area makes it exceptionally vulnerable to capture — and indeed it has been entirely captured — by a malign convergence of interest between proponents of government  surveillance and control of travel and a travel industry which has been given a free ride for its shared use of government surveillance infrastructure and information for its own business process automation.

Here’s the bad news about what’s happening at ICAO with RFID passports:

Read More

Sep 22 2022

Freedom to travel to get an abortion

[Arrows indicate populations of states where abortion is, or is likely to become, illegal, and directions and distances to the nearest states where abortion is legal. Note that some of the routes shown are more likely to be followed than others, since abortion is more or less heavily restricted in some states where it is shown on this map as legal. Diagram by Bloomberg News based on data from the Guttmacher Institute.]

Increasing variations between state laws related to abortion are prompting an increase in the already large numbers of women who travel across state lines to obtain abortions.

For women in many states, bans on abortion are making the right to interstate travel an essential prerequisite to the right to obtain an abortion.

Both anti-abortion vigilantes and state laws criminalizing actions related to abortion, including facilitating abortion-related travel, are prompting women seeking abortions as well as those who support abortion rights to think about how to protect abortion travelers and their supporters against identification, surveillance, stalking, harassment, or legal sanctions.

In this context, the right to anonymous travel has acquired new importance and urgency. If you’ve wondered, “Why would anyone want to travel anonymously?” now you know one of the reasons.  But what’s needed is “right to travel” legislation, not just “privacy” legislation. Current Federal “privacy” bills would do little to protect abortion travelers.

What are the patterns of abortion-related travel? How could state authorities or private vigilantes identify or track the travels of these women — whether they drive or take buses, trains, planes, or automobiles? What, if anything, can women traveling across state lines to obtain abortions do to protect themselves against being identified, tracked, and potentially prosecuted or subjected to retaliation, harassment, or other sanctions?  What could the Federal government do to protect these women’s right to travel, and to do so privately and safely?

As discussed in detail below, the possibilities for technical self-defense against threats to the right to travel are limited. Congress needs to act to include protection for the right to travel — regardless of the purpose for which you  travel — in any abortion rights legislation.

Read More

Sep 19 2022

CBP aggregates and disseminates travel data from warrantless searches

A series of revelations in recent months have highlighted a pattern of misuse by US Customs and Border Protection (CBP) of data about travelers and their activities.

Information obtained without a warrant or probable cause under a under a variety of exceptions to the Fourth Amendment (including administrative searches and mug shots at airports, border searches, and “consent” to collection of location information by private third parties) has been aggregated, indexed, and made available for search and retrieval by other CBP staff, other law enforcement agencies, and foreign governments.

Use of the fruit of this surveillance of travelers hasn’t been limited to the government agency that first obtained it from travelers or commercial third parties, or to the purpose that purportedly allowed CBP to obtain it without warrant or probable cause. No access logs are maintained for some of these databases of travel surveillance data, so it’s impossible to audit how they have been used.

Here’s some of what CBP has been up to with its travel surveillance databases:

Read More

Sep 16 2022

Countdown to a crackdown on flying without ID

The Department of Homeland Security has added a Countdown to REAL ID Enforcement at airports to its website. But questions remain as to what this really means, despite our best efforts to find out.

What — if anything — will really change at Transportation Security Administration checkpoints when this countdown clock runs out on May 3, 2023?

Nothing in the law will change on that date. The REAL-ID Act of 2005 established criteria for which ID credentials can be “accepted” by Federal government agencies, in circumstances where individuals are required by Federal law or regulations to possess and/or show some evidence of their identity. But the consistent position of the DHS and TSA in litigation has been that no law or regulation requires air travelers to possess or show any ID. And the REAL-ID Act did not create any new requirement to have or show ID to fly.

Since the REAL-ID Act applies only to which IDs are accepted from those who choose to show ID to fly, it should have no effect, now or at at any date in the future, on those who don’t have, or choose not to show, ID to fly. They still have the right to fly without ID — as more than a hundred thousand people do every year — subject at most to a more intrusive administrative search of their person and baggage.

The “deadline” announced by the DHS and TSA might indicate plans for new regulations that would impose a requirement for air travelers to have or to show ID. But no such regulations have been proposed or included in DHS or TSA agendas of planned rulemaking.

Despite the lack of any apparent legal authority, however, it appears from the latest extrajudicial DHS and TSA rulemaking-by-press-release that these agencies plan to begin preventing anyone from flying without ID on or after May 3, 2023, on unknown grounds.

The following statement now appears on the DHS and TSA websites:

What happens if I show up without a valid driver’s license or state ID?

Starting May 3, 2023, every traveler will need to present a REAL ID-compliant license or an acceptable form of identification to fly within the U.S. Passengers who do not present an acceptable form of identification will not be permitted through the security checkpoint.

This would be a major change, with no legal basis, from current practice or any previously disclosed DHS or TSA plans.

Read More

Aug 22 2022

“Sobriety checks” of motorists as pretext for ID checks

In a disturbing decision, a 3-judge panel of the the 9th Circuit Court of Appeals has upheld the arrest of a driver who who refused to show ID on demand of police at what was purportedly a “sobriety” checkpoint for motorists in Vallejo, California.

All charges against the driver, David P. Demarest, were dismissed before Mr. Demarest filed his Federal lawsuit against the police. The 9th Circuit opinion didn’t address whether any conviction would have withstood Constitutional scrutiny. But the 9th Circuit dismissed Mr. Demarest’s complaint against the police and the city of Vallejo for violating his civil rights by demanding that he show ID at a “sobriety” checkpoint without a warrant or probable cause to believe that he had committed any crime, and arresting him when he declined to show ID.

The tortured reasoning of the decision, Demarest v. City of Vallejo, No. 20-15872, decided August 16, 2022, hinges on the dubious and self-serving claim by the police that their “intent” wasn’t to use the “sobriety” checkpoint for general law enforcement purposes, that ID checks are an objectively permissible purpose for a checkpoint as long the subjective intent of the police wasn’t to operate a general law enforcement dragnet (as in fact it almost certainly was),  and that the ID checks only minimally delayed most motorists beyond the delay that would have been occasioned by sobriety checks.

The decision notes that drivers were required only to show “facially valid” drivers licenses, which were not checked for outstanding wants or warrants.But that is treated only as evidence of whether or not the checkpoint was intended for general law enforcement purposes, and not as necessary dispositive of whether the ID demand was Constitutional:

The non-law-enforcement nature of the license checks in this case is especially clear, the City [of Vallejo] concededly did not use the license checks to conduct on-the-spot warrant checks. Cf. United States v. Bernacet, 724 F.3d 269, 271, 273–74 (2d Cir. 2013) (addressing a license checkpoint in which officers ran licenses through multiple databases, including a “criminal history database”). The mere request to produce a facially valid license is a relatively modest additional intrusion on the liberty of a motorist who has already been properly stopped at a checkpoint.

In the case cited in this portion of the 9th Circuit opinion, U.S. v. Bernacet, the 2nd Circuit upheld criminal history and warrant checks of drivers, using a system that queries  multiple databases including the FBI’s error-ridden NCIC, at a warrantless, suspicionless motor vehicle checkpoint.

The effect of this decision is to invite police to demand ID at “sobriety” checkpoints.

For what it’s worth, the decision in Demarest v. Vallejo does not mention, and by its logic seems to leave intact, the 2019 decision of another 9th Circuit panel that passengers in motor vehicles, as distinct from drivers, cannot be required to show ID at checkpoints without individualized probable cause to believe that they have committed a crime.

[Update: “Demarest’s lawyer David M. Helbraun told the Vallejo Sun that he thought the court made a bad decision ‘because the city admitted it was not using the checkpoint to catch unlicensed drivers.’ Helbraun further said that then-Lt. Michael Nichelini said ‘under oath that the reason they were asking to see drivers licenses was to impress on drivers the authority of the police. That’s not a permissible purpose under the Fourth Amendment, and we are considering our options to appeal further,’ he added.” A “further appeal” would likely mean a petition for rehearing en banc by the 9th Circuit.]

Jun 21 2022

European Court ruling on air travel surveillance

The highest court of the European Union ruled today that an EU mandate for dragnet surveillance of travelers through government access to airline reservations might be permissible under EU law — but only under conditions that governments of EU member countries, and the US government, may be unable or unwilling to meet.

In 2016, the EU enacted a directive requiring each EU member state to enact a law requiring airlines to hand over copies of passenger name records (PNRs) to the government, and establish a new surveillance agency to profile travelers based on this PNR data.  This EU PNR Directive was modeled on US law and on the extrajudicial practices — never tested against the provisions of international human rights treaties, which generally can’t be invoked in US courts — of the US Department of Homeland Security.

The Belgian “Ligue des droits humains” (LDH) filed a lawsuit in the Belgian Constitutional Court challenging the law enacted in Belgium to implement the EU PNR Directive as contrary to multiple provisions of Belgian and EU law.

Before deciding the questions of Belgian law, the Belgian court requested a preliminary ruling from the Court of Justice of the European Union (CJEU), the highest EU court, as to whether the EU PNR Directive is consistent with fundamental EU human rights law.

In today’s ruling (press release and summary in English, full text of judgment in French, provisional translation of judgment in English), the CJEU finds that the EU PNR Directive is not, on its face, invalid — but only if it is implemented and applied in accordance with a long list of conditions specified by the CJEU in its decision.

Governments of EU member states may be unable or unwilling to comply with all of those conditions.

The decision by the CJEU addresses the implications and validity of the EU PNR Directive both as a mandate for suspicionless dragnet surveillance and as a mandate for control of travel, in which PNR data is used as the basis for profiling and other actions.

Of the many conditions set by the CJEU, we find this one on secret law, secret evidence, and judicial review among the most significant. According to the court’s press release:

[T]he Court also stresses that the competent authorities must ensure that the person concerned can  understand the operation of the predetermined assessment criteria and programs applying those criteria, so that it is possible for that person to decide with full knowledge of the relevant facts whether or not to exercise his or her right to judicial redress. Similarly, in the context of such an action, the court responsible for reviewing the legality of the decision adopted by the competent authorities as well as, except in the case of threats to State security, the persons concerned themselves must have had an opportunity to examine both all the grounds and the evidence on the basis of which the decision was taken, including the predetermined assessment criteria and the operation of the programs applying those criteria.

In cases where EU governments act on “recommendations” from the US government to restrict travel to, from, or within the EU, the EU authorities nominally responsible for these actions may not know what evidence (if any) or algorithms for the basis for US recommendations. And the US may not be willing to share that information with EU governments, especially if EU law might require EU governments to disclose that information to European judges, much less to individuals who are “targeted” on the basis of US recommendations.

The court case now returns to the Belgian courts, but it  seems likely that changes to the laws implementing the EU PNR Directive in Belgium and most if not all other EU member states will be required to conform these laws to the conditions laid down today by the CJEU. Another round of litigation in EU member states and perhaps again in the CJEU is likely to be needed to determine whether amended laws have met those tests. Stay tuned!