Papers, Please! – The Identity Project

Aug 11 2025

Flock expands pre-crime policing from air travel to road travel

New tools deployed and offered to law enforcement agencies by Flock Safety, the largest US aggregator of automated license plate reader (ALPR) data from both government and private cameras, are moving Flock from data mining into profiling and pre-crime predictive policing. This marks the expansion to road travel of the profiling and predictive policing that was developed and has until now been applied primarily to air travel.

Flock’s data warehouse includes billions of monthly records, each of which links a unique vehicle identifier (license plate number) to a precise date, time, and location. Flock boasts that it is now using artificial intelligence (i.e., more complex algorithms) to identify patterns and “surface” evidence of suspicious activity.

This moves Flock from a surveillance company and provider of investigative tools to a provider of suspicion-generating and predictive tools for “pre-crime” policing. This makes a quantitative difference in degree of intrusiveness and danger, of course, but there’s also a qualitative difference between an investigation based on a lawful pre-existing basis for suspicion, and dragnet surveillance intended to generate a basis for new suspicion (that can in turn be used as the basis for further surveillance, search, seizure, detention, etc.).

Thanks to Jay Stanley for calling attention to these new Flock tools in articles on the ACLU website and and in his own Free Future newsletter.

Aug 05 2025

Higher fees for visitors to the US

Tourists and business visitors to the US from most of the world will have to pay additional fees or post bonds of from $250 to $15,000 per person — over and above the current $185 per person visa fee — under provisions of the One Big Beautiful Bill Act enacted last month and separate regulations under a preexisting law published today in the Federal Register.

The consequences for inbound international tourism as well as travel to meetings and conventions in the US from most of the world are likely to be devastating. Nobody is going to hold a meeting — conference, trade show, academic symposium, etc. — in the US under these rules if they want global participation. If other countries reciprocate, as some probably will, US travelers could be hit with much higher fees when they travel abroad.

The biggest beneficiary of these changes to US laws and regulations is likely to be Mexico, where Cancun is by far the most obvious choice for meeting and convention planners looking for an alternative venue close to the US with more hotel rooms than anywhere in the Americas except Las Vegas, the busiest international airport in Latin America, and more welcoming entry and visa policies than the US for visitors from around the world.

Bonding companies and moneylenders from banks to informal lenders to loan sharks offering to underwrite loans and post bonds for would-be visitors who can’t afford to pay the US visa fees in full are also likely to profit from the new US rules. So will the bounty hunters they will hire to track down and collect from US visitors whose “visa bonds” (and whatever they put up as security for them) are forfeited because they can’t prove to the satisfaction of US authorities that they complied with all of the terms and conditions of entry to and departure from the US — or simply at the “discretion” of US visa officers.

The new US law and regulations establish a three-tier schedule of US fees for short-stay visitors, depending on the citizenship of the traveler:

Citizens of the small number of most US-favored nations in the US Visa Waiver Program will remain eligible to enter the US, after completing an extensive online questionnaire including a list of all their social media accounts, for only a $21 Electronic System for Travel Authorization (ESTA) e-visa fee.
Citizens of countries that are neither especially favored nor disfavored by the US will be required to pay a visa integrity fee of at least $250 (in addition to the visa fee and other visa application requirements). The minimum of $250 is set by law, but the amount can be increased without limit at the discretion of the US Department of Homeland Security (DHS).
Citizens of disfavored countries will be required to post a visa bond of $5,000, $10,000, or $15,000, with $10,000 as the default, before their visa can be issued.

Aug 01 2025

Senate postpones hearing on TSA facial recognition and ID verification

Earlier this week the Senate Committee on Commerce, Science, and Transportation postponed a scheduled hearing on a bill that would limit some uses of facial recognition by the Transportation Security Administration (TSA), while authorizing the TSA to carry out “identity verification” of airline passengers and take mug shots of all those air travelers who don’t show an “approved identification document”.

The original version of the “Traveler Privacy Protection Act” as it was introduced in 2023 would have imposed a straightforward prohibition on use of facial recognition by the Transportation Security Administration (TSA) without explicit Congressional authorization: “The Administrator [of the TSA] may not, for any purpose, use facial recognition technology or facial matching software in any airport unless such use is expressly authorized by an Act of Congress enacted after the date of the enactment of this Act.”

It is, of course, a sign of how far beyond its legal authority the TSA has already gone that Congress would need to consider a bill to explicitly prohibit the TSA from exceeding the authority it has been granted by Congress. But that’s the situation we’re in.

The revised version of the bill put forward in 2024 as an amendment to the Federal Aviation Administration reauthorization act and reintroduced as a standalone bill in 2025 would authorize use of facial recognition by the TSA for “confirmation of the identity of a passenger before admittance to the sterile area of the airport,” provided travelers are given notice that being photographed is voluntary and that the TSA “does not subject passengers who choose the opt-out option to discriminatory treatment, additional screening requirements, less favorable screening conditions, or other unfavorable treatment.”

The revised bill would also mandate that the TSA, “for each passenger who chooses the opt-out option, performs identity verification using an approved identification document and without collecting any biometric information from such passenger… The [opt-out] option … does not apply with respect to a passenger— (i) who does not provide an acceptable form of identification at a security checkpoint; and (ii) whose identity the Administrator may need to verify through alternative measures to enter the sterile area.”

This bill would thus impose a new obligation on the TSA to carry out “identity verification”, leaving it ambiguous what (if anything) is required of travelers. But as we noted when this revised language was first introduced last year, despite the ambiguity in the bill, it would for the first time create at least an arguable statutory basis for the TSA to claim — as it undoubtedly would claim, in a shift from its consistent admission to date in court that no law or regulation requires air travelers to show any ID — that airline passengers are required to identify themselves in some fashion, either through an approved ID document or facial recognition.

Jul 30 2025

Palantir breaks new ground in algorithmic surveillance and control

One of the biggest beneficiaries of the expansion of the homeland-security industrial complex since the second inauguration of Donald Trump has been Palantir. Shares of Palantir stock have doubled in value since Trump’s re-election.

Both the Department of Defense and the Department of Homeland Security have expanded their contracts with Palantir for data aggregation, data mining, algorithmic profiling, predictive “pre-crime” policing and preemptive war, and automated decision-making.

But is Palantir just doing more of what it has been doing since at least the first Trump presidency? Or is it (also) doing something new? We think it’s doing both.

Palantir is one of the prime contractors being paid to carry out President Trump’s executive order for the integration, mining, and use for decision-making throughout the Federal government of information about individuals held by any Federal agency, regardless of what agency originally collected it or for what purpose. Trump’s executive order seeks to define “purpose limitation” — one of the fundamental principles of fair information practices — out of existence, at least as applied to the Federal government.

Working with and for the Department of Government Efficiency, Palantir has been central to this Federal government-wide effort to abolish “data silos”. Palantir is reportedly building aggregated databases and platforms for analysis and decision-making about both immigrants and foreign visitors and US citizens.

The expansion of Palantir’s activities has, unsurprisingly, made Palantir a focus of renewed protest.

Some of Palantir’s expansion is just more of more of what it was already doing. In particular, Palantir pioneered natural-language queries for mining of complex datasets and complex algorithms for identification of patterns in data long before either of those processes came to be labeled “artificial intelligence”. Now it’s applying these tools to a wider range of data and decisions. But the fundamental dangers remain the same. As the algorithms and the volume of data ingested become sufficiently large and complex, it becomes impossible to attribute a decision to any specific item of data or rule, or to exercise human oversight or judicial review of that algorithmic decision.

Meanwhile, Palantir’s expanded work for the US government has broken new ground, or broken through barriers, in several ways:

Expansion from the Departments of Defense (DOD) and Homeland Security (DHS) to all components of the Federal government;
Expansion from people and activities with some foreigners or foreign travel or trade to all US citizens; and
Expansion from decisions about air travel and entry to the US to all types of Federal government decisions about what individuals are or aren’t allowed to do.

The impact of all of these changes is to normalize pervasive suspicionless surveillance — collection, retention, and integration of data about movements, activities, and transactions — and permission-based extrajudicial government control as the defaults.

While this is an expansion of previous government intrusions on individual freedom of movement and action, it’s also a fundamental conceptual shift from the assumption of an “airport exception” to the US Constitution or a “non-US citizen exception” to Constitutional or human rights, to a permission-based regime of government surveillance and control applied to all individuals and all activities within reach of US government power.

In the conceptual framework that underlies Trump’s executive order on “data silos” and Palantir’s work to build an omniscient and omnipotent “artificial intelligence” platform, there are no limits to the scope of individuals or activities to which it is applied.

The DHS data lake is now a US government-wide data ocean in which we all swim, all the time, and in which Palantir is constantly monitoring and choosing which fish to corral or catch.

Jul 08 2025

The dangers of identity databases

After a white-supremacist hacker got access to digital records of old applications for admission to Columbia College and passed them on to the New York Times, the Times reported that in 2009 Zohran Mamdani checked boxes identifying his national origin and ancestry as African-American (he is a US citizen — an American — and was born in Uganda — the country in Africa where his paternal ancestors had lived for generations) and Asian (his mother was born in India, where her ancestors had lived for generations).

Questions have since been raised by Liam Scott in the Columbia Journalism Review and others as to the use in a news story of data obtained illegally by an unnamed third party with an unmentioned political bias, and by Dan Froomkin at Presswatchers.org and others as to whether these truthful factual 2009 statements by Mr. Mamdani are newsworthy. The Times has responded to some of these questions in a follow-up article.

But we have other questions that we haven’t seen asked elsewhere. These are questions not for Mr. Mamdani or the Times but for Columbia University:

Why does Columbia still have this information about an unsucessful 2009 applicant for admission in its records?
Even if there was some reason to retain these records, why were they accessible online, with or without whatever passwords or access restrictions were circumvented by a hacker to obtain them?
Now that this incident has made the potential for misuse of records like this apparent, what are Columbia and other institutions and entities with similarly dangerous data doing to expunge it?

At a time when naturalized US citizens, including but not limited to Mr. Mamdani, are being threatened with denaturalization followed by detention and/or expulsion to overseas death camps, and when pogroms are being carried out by masked armed gangs snatching people off the streets on the basis of perceptions of national origin, these are questions for anyone in charge of a database with a field for citizenship, race, or national origin.

Mr. Mamdani had good reason to apply to Columbia, even if his application may have been a long shot, since as the child of a tenured Columbia professor he would have been entitled to free tuition if admitted. But whatever purpose Columbia may have had in 2009 for asking applicants for admission to its colleges to categorize their national origin by continent, that purpose was completed when Mr. Mandani’s application was rejected.

The lesson of this teachable moment is that personally identified information, even information about attributes and activities that were lawful at the time and that were collected for innocent purposes, has the inherent potential for weaponization against innocent individuals — sometimes by unforseen actors in unforseen ways — as long as it is retained. It’s happened before in the US, as when census data on national origin was used to round up Japanese-Americans and send them to concentration camps, and could happen again as long as data like this is collected and retained.

Columbia may claim that it retained this data in case it might have needed it to defend agaisnt potential litigation by unsuccessful applicants. But the statute of limitations for any such litigation related to 2009 admission decisions would have passed years ago.

Columbia may claim that, having collected this data, it retained it for research purposes. But there’s been no indication that it made any attempt to even semi-anonymize this data. And would possible future research use justify retention of information that could endanger past applicants for admission?

Under Canadian or European data privacy law, retaining this data when it was no longer needed for the purposes for which it was collected would be illegal.

This data was collected for the purpose of making admissions decisions in 2009. If there was some adequate justification for retaining this data for possible future use when it was unquestionably no longer useful for that original purpose — which we doubt there was — it could have been stored on an air-gapped device or media, such as a backup tape or disk locked in an archival vault.

But even that would pose the danger of government-compelled disclosure.

Imagine that you were the director of a business or institution in Germany in 1933. Imgaine that — at a time when it when German Jews still had all the rights of German citizens — you had compiled information about your employees’, students’, customers’, or suppliers’ “nationality” or “race” as indicated on their ID cards, including which Germans were identified as Jewish.

When the government began to redefine German Jews as not German citizens, deny them rights, and exclude them from more and more categories of employment, wouldn’t it have been your moral duty to expunge those records identifying Jews? Then you could truthfully say, if the government demanded to know which of your employees were (under Nazi laws) illegally employed non-citizens, that you had no records of who was a Jew.

The best way to avoid misuse of personal data is not to collect it. If it has been collected, and especially if it is no longer needed for the purpose for which it was collected, the best way to mitigate the risk to the individuals to whom it pertains is to expunge it.

Columbia has no excuse. Nor do other institutions in the same position. No law required Columbia to collect this information about Mr. Mamdani and an untold number of others. No law requires Columbia to retain it. Now Columbia knows, as it should have known all along, how this information can be weaponized.

Columbia and its peers in both the public and private sector should expunge these records — now, before even more damage is done to Mr. Mamdanai and millions of other naturalized US citizens and other immigrants.

Jun 27 2025

Supreme Court upholds Texas demand for ID for Web browsing

In its worst decision ever on demands for ID, the Supreme Court today upheld a Texas law that requires all visitors to some websites to provide the site operator with evidence of their identity and age.

In an opinion by Justice Thomas, six Justices found that requiring ID for age verification as a condition of viewing certain websites only “incidentally” burdens the rights of adults.

The majority reasons backward from the presumed legitimacy of ID requirements in other contexts, such as buying tobacco, that (A) weren’t at issue in this case, and (B) more importantly, don’t involve the exercise of First Amendment or any other rights:

Requiring proof of age is an ordinary and appropriate means of enforcing an age-based limit on obscenity to minors. Age verification is common when laws draw age-based lines, e.g., obtaining alcohol, a firearm, or a driver’s license…. Applying the more demanding standard of strict scrutiny would call into question all age-verification requirements, even longstanding in-person requirements.

As the dissent by Justice Kagan (on behalf of herself and Justices Sotomayor and Jackson) points out, this amounts to deciding on the desired outcome, and then adapting the criteria (in this case, the level of scrutiny applied to the law) to produce that result.

In rebuttal to the dissent on this point, the majority opinion wrongly claims that in-person demands for ID are “uncontroversial” and have never been challenged in court:

Finally, the dissent claims that we engage in “backwards,” results-oriented reasoning because we are unwilling to adopt a position that would call into question the constitutionality of longstanding in-person age-verification requirements. Not so. We appeal to these requirements because they embody a constitutional judgment—made by generations of legislators and by the American people as a whole—that commands our respect. A decision “contrary to long and unchallenged practice… should be approached with great caution,” “no less than an explicit overruling” of a precedent. Payne v. Tennessee, 501 U. S. 808, 835 (1991) (Scalia, J., concurring). It would be perverse if we showed less regard for in-person age-verification requirements simply because their legitimacy is so uncontroversial that the need for a judicial decision upholding them has never arisen.

But that’s not all that’s wrong with this law and this decision upholding it.

The decision and the dissent concern themselves primarily with what level of scrutiny should apply to age-verification laws. They don’t mention the distinction between “age” and “identity”, or the impact of the law on people who don’t have ID — a crucial issue raised in a friend-of-the-court brief by the Electronic Frontier Foundation and others.

For those without government-issued ID or a sufficiently detailed profile with a commercial data broker, “age-verification” amounts to a categorical bar to access to certain Web content.

As we’ve noted previously, “Regardless of whether it would be possible to set up a system by which individuals could provide evidence of age without individually identifying themselves, that’s not how any of the schemes currently being legislated or implemented will work in practice. In order to verify their age, each Internet user will be required to provide a unique digital personal identifier…. Age verification for adult content is a stalking horse for comprehensive content-based and personalized government control of Internet access.”

The Texas law applies to any “commercial entity that knowingly and intentionally publishes or distributes material on an Internet website”, which appears to include both the publisher and the hosting provider.

There’s no way for the publisher or provider of hosting services for a website to know which visitors to the site are located in Texas. To satisfy the Texas law, web publishers and hosting providers worldwide will either have to require ID from all visitors regardless of their location, or try to identify which visitors to the site are located in Texas, and block them or selectively require them to provide ID.

Because the law applies to both publishers and “distributors” (web hosting providers), hosting providers will be not only allowed but required to pass on identifying and location-tracking information about all visitors to site publishers, with no restrictions on how publishers or hosting providers can use, disclose, or or sell this data. The law could, but doesn’t, restrict use of this data to age verification, or restrict its disclosure or sale. Nor does the law restrict the ability of these companies to share this data with governments or to keep secret from individuals how or with whom data about them has been shared.

Some companies will welcome this as a pretext for commercial surveillance they already carry out and would love an excuse to universalize. If anyone objects to publishers’ or hosting providers’ commercial exploitation of visitor identity and location information, they now have the perfect excuses: “Everybody does it” and “The government made us do it.”

Jun 26 2025

Asymmetric demands for ID

Recent events have focused attention on the asymmetry of police demands for ID:

Government agents demand that ordinary citizens provide evidence of our identity, even when we are exercising rights — such as traveling by common carrier — that don’t depend on our identity. But those same government agents typically refuse to provide the same sort of evidence of their identity, even when they are asserting claims to authority that depend on their identity and status as law enforcement officers.

Masked, armed gangs dressed in the mismatched assortment of military-surplus clothing that characterizes “militias” in failed states are snatching people off the streets of US cities and towns and taking them away in unmarked vehicles, some with no license plates.

Meanwhile, elected politicians and their family members were recently assassinated in their homes by a masked individual in a police-like costume who arrived in a police-like vehicle with flashing blue lights.

The law doesn’t require us to obey the orders, or refrain from defending ourselves or others against, anyone who claims to be an officer of the law. But as the law stands, whether we submit or resist, we do so at our own peril.

Any kidnapper or home invader could, and some do, stencil “POLICE” on their body armor and shout “Police!” before breaking down doors or dragging people away. Rent-a-cops often dress and carry gear designed to make them appear as much like police as possible. Convincing movie-prop badges are available online or in costume and fetish shops.

In these circumstances, verifying the identity and claim to authority of people who might or might not be police can be a matter of life or death. If they aren’t police, and we go along, we could lose our chance at self-defense or escape. But if they are police, they might shoot us if we try to resist, escape, or help others to do so. If we survive the initial encounter, we might be charged with assaulting an officer — a charge that often leads to beatings or worse by police and jailers, even before a defendant makes it to trial.

18 US Code § 111 makes it a Federal felony to “forcibly assault, resist, oppose, impede, intimidate, or interfere with” any Federal law enforcement officer. But what if you can’t tell if an apparent kidnapper or home invader is a Federal law enforcement officer? And what evidence of their identity and status is sufficient to establish their authority and your duty not to resist or impede them?

Jun 18 2025

Closing the escape route from the USA to Canada

The governments of both Canada and the US are threatening or testing measures to further close off the Canadian border as the escape route of last resort for those fleeing the US.

Representatives of a coalition of more than 300 refugee rights, civil liberties, gender justice, and migrant advocacy groups came to Parliament Hill in Ottawa today to speak out against Bill C-2, the “Strong Borders Act” introduced by the new Liberal government of Canada. They called for withdrawal of Bill C-2 as a “dangerous shift toward Trump-style anti-immigrant policies and attacks on the rights and freedoms of all residents” of Canada.

Despite its name, Bill C-2 is predominantly a surveillance bill, not a border bill. It would authorize a wide range of seizures of digital devices and data, location tracking, compelled assistance of communications and cloud services providers in extracting and providing the government with data from and about their customers and users, and conversion of requests from the US and other foreign governments into orders legally enforceable in Canada, among a wide range of other Big Brother tactics. Bill C-2 appears to be inspired by, but goes well beyond, the most invasive surveillance practices of the US government.

Bill C-2 is first and foremost a threat to Canadians’ freedom and an attack on the Canadian Charter of Rights and Freedoms. But it’s also a dire threat to the right to leave the US and to the ability of people in the US to exercise, if need be, their right to asylum.

As it pertains to the border, the most significant changes that Bill C-2 would make in Canadian law would be to close most of the few remaining legal pathways for refugees or asylum seekers, especially those fleeing the US, to enter or remain in Canada.

Jun 05 2025

New travel blacklist aims to expand US travel surveillance

Late yesterday President Trump proclaimed a new ban on entry to the US or issuance of new US visas to citizens of twelve countries, and ordered drastic restrictions on entry or issuance of visas to citizens of seven others.

The US has long sought to globalize its surveillance and control of travelers.

In the past, the US has held out the carrot of possible admission to the US Visa Waiver Program (VWP) to induce governments of favored countries to share information about their citizens with the US. Citizens of countries in the VWP are eligible to enter the US for limited stays and purposes with a simpler, cheaper ESTA rather than a full US visa.

Now the US is using the stick of a travel ban to induce governments of disfavored countries similarly to cooperate, under duress, with US demands that they serve as foreign agents of the US government in identifying, tracking, and collecting and sharing information about their citizens. The countries subject to this new form of transactional, sanctions-based “diplomacy” are those which are unlikely ever be admitted to the VWP.

This latest US travel ban isn’t exclusively limited to countries with mostly-Muslim populations like the series of travel bans proclaimed by President Trump during his first administration, but was immediately denounced as “transparently racist”.

In addition to its direct effects on the right to travel, freedom of association, and the rights of asylum seekers, the new travel ban appears to be intended as a tool to pressure foreign governments to collaborate with the US in surveillance of their citizens, thereby weaponizing US travel controls to expand extraterritorial US surveillance outsourced to foreign governments.

May 30 2025

US State Dept. says silence or anonymity on social media is suspicious

A cable yesterday from Secretary of State Marco Rubio, first reported by Nahal Toosi and Eric Bazail-Eimil of Politico, directs US embassies and consulates to “conduct a complete screening of the online presence of any nonimmigrant visa applicant seeking to travel to Harvard University for any purpose.”

The cable implies that the main although not the exclusive focus of this special scrutiny of each Harvard-associated visa applicant’s “online presence” will be the content of their social media accounts.

In the cable, Rubio told US consular officers who decide whether to grant or deny visa applications that “the lack of any online presence, or having social media accounts restricted to ‘private’ or with limited visibility, may be reflective of evasiveness and call into question the applicant’s credibility.” In such cases, consular officers are instructed to:

Inform the applicant that his case is subject to review of his online presence, request that the applicant set all of his social media accounts to “public,” and remind him that limited access to or visibility of social media activity could be construed as an effort to evade or hide certain activity. Consular officers must then refer the cases to the Fraud Prevention Unit (FPU).

Neither silence on social media, nor choosing to speak and associate anonymously, pseudonymously, or privately on social media, can Constitutionally or consistent with international human rights treaties be considered “suspicious” or “evasive”.

This directive was issued by Secretary of State Rubio without completing the ongoing process to obtain approval for the collection of social media account information on visa application forms, as required by the Paperwork Reduction Act. That multi-step approval process was initiated in early March of this year with a Federal Register notice announcing a 60-day public comment period that closed in early May.

The Identity Project, joined by Privacy Times and Government Information Watch, was among more than a thousand organizations and individuals who submitted comments, almost all of which opposed the proposed collection of social media identifiers.

The government has not yet completed its review of these comments, or taken the next step of submitting its request for approval of the collection of social media identifiers to the Office of Management and Budget (OMB).

In our comments, we noted some of the reasons visa applicants might reasonably fear that revealing acts of speech and association on social media that are legally protected in the US might place them in grave jeopardy in the countries in which they reside:

We cannot overstate the significance of anonymity or pseudonymity as a potentially life-or-death matter for social media users, most especially for dissidents, victims of discrimination, and those living under the jurisdiction of repressive regimes or otherwise in fear of persecution. Anonymous or pseudonymous speech, publication, and assembly are the only forms of dissident speech, publication, or assembly that are possible under some repressive regimes.

Activities which are protected by the First Amendment, including some which advance U.S. interests in freedom and democracy, are subject to legal sanctions in many other countries.

Capital crimes in Saudi Arabia, for example, include blasphemy against the state religion, disparagement of members of the royal family or the institution of hereditary absolute monarchy, trafficking in prohibited mind-altering substances including alcoholic beverages, and private sexual activity between consenting adults of the same gender in their home.

Saudi Arabia is a U.S. ally with which… U.S. agencies might be expected to share information obtained through this collection of information – including information that could identity Saudi Arabian citizens or residents who have perpetrated these “crimes”. As a result, this collection of information could subject these individuals, including pro-democracy activists, to sanctions in Saudi Arabia ranging from public whipping to beheading.

Even if this compelled disclosure of information were lawful – which we believe it isn’t – it would be bad public policy. The possibility of anonymous and pseudonymous discourse is an essential element of an open marketplace of ideas, and plays a particularly important role in the places where identifiable speakers and speech are subject to the greatest repression.

Anonymous and pseudonymous speech and publication have a long and honorable tradition in the U.S., going back to the anonymous authors and publishers of anti-monarchist handbills in the British colonies of North America and the pseudonymous authors of the Federalist Papers. Today, these works would probably be published on social media, and “Publius” – the pseudonym used by the authors of the Federalist – would probably be a social media identifier rather than a name printed on the title pages of a series of pamphlets.

Anonymity and pseudonymity are especially critical for social media users, whose speech can be, and sometimes is, held not only against themselves but against any or all of their social media “friends”, friends-of-friends, associates, contacts, and/or commenters.

The “special vetting” of visa applicants identified as intending to visit Harvard — students, faculty, staff, guest speakers, patients coming to the US for treatment at Harvard hospitals, attendees at Harvard conferences and symposia, etc. — is described as “a pilot for expanded screening and vetting of visa applicants. This pilot will be expanded over time.”

Rather than being expanded, this directive should be rescinded and the “pilot” ended.