Papers, Please! – The Identity Project

Jan 16 2026

Know Your Rights as a U.S. Citizen

Immigration and Customs Enforcement (ICE) agents and an assortment of other masked Federal officers are arresting U.S. citizens for not showing ID or “proof” of citizenship on the streets, at traffic stops, and in warrantless door-to-door searches in the Twin Cities.

ICE is planning to station agents to “check documents” on the jetbridges at the Minneapolis-St.Paul International Airport.

With all this happening, we’ve posted a new know-your rights FAQ for U.S. citizens, “Do I have to show ID as a pedestrian, passenger in a car (not the driver, for whom the rules are different), at my home, or at the airport for a domestic flight?” (Also available here as a printable one-page PDF.)

This know-your-rights guide is for U.S. citizens. The law is different for those who aren’t U.S. citizens: U.S. law requires non-U.S. citizens in the U.S. for more than 30 days to register with the U.S. government and carry their papers “at all times”. But there are many other good resources for non-U.S. citizens such as this brochure. We’ve found few other clear guides to the rights of U.S. citizens in situations like those today in Minnesota, in which U.S. citizens are being (illegally) required to prove their right to walk the streets, live peacefully in their homes, or travel within their own country.

This guide is a work in progress. We’ve posted it quickly because the need seems urgent. We welcome suggestions for corrections or changes.

Knowing and asserting your rights protects everyone in our society — including non-U.S. citizens. It shows other people that they have rights too, and shows police that we know we have rights. Rights are not, in and of themselves, a protection. You can’t count on police to respect your rights. But police act differently when people know and assert their rights.

Liberty lives in its exercise. Freedom dies if it’s not used. Know your rights — and use them.

Jan 16 2026

ICE plans immigration checkpoints at domestic airports

Doubling down on the TSA’s illegal scanning of domestic airline reservations for immigration enforcement — first reported here and later confirmed by the New York Times — Immigration and Customs Enforcement (ICE) plans to station its agents on jetbridges to question and “check documents” of travelers boarding flights at Minneapolis-St Paul International Airport (MSP), according to a memo to airport workers leaked by a whistleblower.

Like almost all US airports with scheduled passenger service, MSP is publicly owned and operated. The Metropolitan Airports Commission is governed by a regional board whose members are appointed by the Governor of Minnesota.

The next meeting of the Board of Commissioners is scheduled for this coming Tuesday, January 20, 2026, at 1 p.m. in Room LT-3048A, Terminal 1, MSP Airport. (This location is inside the checkpoint! See instructions at the bottom of this page for public access.)

Minnesotans and others who travel through MSP (it’s a Delta Air Lines hub for flights to and from other places throughout the US) should show up and demand that the Board kick ICE out of all areas of MSP except the customs and immigration inspection areas for arriving international passengers. The airport could also post signs at terminal entrances and jetbridges advising US citizens that they don’t have to show papers or answer questions.

The airports commission and the state of Minnesota have a compelling financial interest in keeping ICE from harassing or kidnapping passengers changing planes at MSP, so that transit passengers won’t start avoiding routes via MSP in favor of other airline hubs.

A Metropolitan Airports Commission spokesman told Fox 9 News that , “Federal regulations provide federal agents with broad access to MSP Airport property. This includes access to … pre- and post-security areas in the terminals.”

We can find no such Federal regulation, nor would there be a statutory basis for one. MSP and other airports are under no obligation to consent to ICE agents’ presence on jetbridges for arriving or departing domestic flights, unless they have a warrant, issued by a judge based on probable cause, to search a specific location. MSP can and should revoke any agreement it has entered into with ICE by which it consented to such an ICE presence.

It’s unclear what authority ICE would claim for access to most airport property without consent of the property owner — the airports commission — or for detention of US citizens who stand mute in response to their questions or requests to show their papers.

In the past, as we’ve testified in other cities, the DHS has lied to public airport operating authorities and the public about the extent of its authority to override local laws.

MSP is a major international airport, and international customs and immigration inspection areas at airports are considered “ports of entry” and the functional and legal equivalent of border crossings. But we know of no court that has applied this doctrine to boarding gates, jetbridges, or passengers on domestic flights between points within the US.

The Twin Cities are more than 100 miles from any international border, so the rest of the airport or the metropolitan region isn’t subject to the claimed border-area exception allowing domestic immigration checkpoints.

Even if boarding areas or jetbridges for domestic flights at airports that handle international flights were held to fall within that exception, case law on border-area immigration checkpoints is clear: U.S. citizens that do not need to have, carry, or show any documents or answer any questions. They must be allowed to proceed after only a “brief” delay unless there is probable cause to believe that they aren’t US citizens. Not showing ID is not probable cause, nor is not answering questions about citizenship or anything else.

The Constitutional rules for stops, searches, or questioning by ICE or any other law enforcement officers on jetbridges are, so far as we can tell, the same as those for pedestrians or passengers in cars (other than drivers) on public rights-of-way:

Police need reasonable articulable suspicion of a violation of the law to stop you at all, even briefly. To protect your rights, ask them, on camera, as soon as they stop you, “What is the reason you are detaining me?”
You don’t have to show any papers.
You have the right to remain silent.
You may not be arrested merely for failure or refusal to have or show ID.
You may not be arrested or detained more than “briefly” without probable cause to believe that you have committed a specific crime.
You have the right to film and record law enforcement officers.

To protect yourself against wrongful arrest based on automated facial misrecognition, keep your mask on as much as possible, especially at boarding gates and on jetbridges.

If you are prevented from boarding a domestic flight at MSP or any other airport because you decline to show papers or answer questions from ICE or other Federal agents, please get in touch.

Jan 15 2026

TSA extorts $45 from each air traveler without REAL-ID

Today the TSA launched a flagrantly illegal new extortion program, TSA ConfirmID, to collect $45 from each airline passenger who wants to fly without showing REAL-ID.

As of today, only the payment platform for this “ID verification” program is operational. If you want to fly without REAL-ID on or after February 1, 2026, a new TSA video instructs you to pay $45 each through the Pay.gov website, bring your receipt to the TSA checkpoint at the airport, “show your receipt to the TSA officer and follow their instructions”.

Payments are accepted by ACH transfer from a bank account, credit or debit card, Venmo, or PayPal.

What will the TSA officer instruct you to do at the checkpoint? The TSA says that:

TSA will then attempt to verify your identity so you can go through security; however, there is no guarantee TSA can do so. Please note: Using TSA ConfirmID is optional. If you choose not to use it and don’t have an acceptable ID, you may not be allowed through security and may miss your flight.

The TSA says that you “may” not be allowed through the checkpoint, not that you “will” not. And the TSA’s FAQ says that, “In the event you arrive at the airport without acceptable identification (whether lost, stolen, or otherwise), you may still be allowed to fly”.

What are the procedures for this “attempt to verify your identity”? What are the criteria for whether or not the TSA will allow you to fly? We don’t know.

A TSA propaganda video released last week falsely claims that, “Everyone knows that when you fly you have to bring a REAL-ID or a passport.” In fact, 200,000 people a day fly without REAL-ID and without a passport. (Any passport of any country is considered REAL-ID.)

It’s unclear what will happen to travelers who show up at TSA checkpoints on February 1st without REAL-ID, or with no ID at all, whether or not they have paid the $45 per person “TSA ConfirmID” fee. See our FAQ about your rights and what might happen.

As we pointed out when the TSA announced this plan in December, no law authorizes this scheme. No law requires airline passengers to have, carry, or show any ID — as the TSA itself has consistently argued, at least to date, when the issue has been raised in court.

The TSA has promulgated no regulations for “TSA ConfirmID”, has published no Privacy Act notice for the information collected from travelers either when they pay the $45 fee or when they go through the TSA checkpoint, and has neither requested nor received approval from the Office of Management and Budget (OMB) for this collection of information, as is required by the Paperwork Reduction Act (PRA).

“TSA ConfirmID” isn’t mentioned in any of the Privacy Act notices for the TSA’s systems of records. Operation of a system of records by a Federal agency without first publishing a proper notice in the Federal Register is a criminal violation of the Privacy Act on the part of the responsible agency employees:

Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000.

Presumably, data collected from individuals who pay the $45 “TSA ConfirmID” fee is passed on to the TSA and stored in some (undisclosed) TSA system of records. The TSA officers and employees responsible for that system of records are, as of today, criminals.

Even the payment platform for the $45 fee is in flagrant violation of multiple Federal laws. The Pay.gov payment site and TSA ConfirmID payment form display no OMB control number, as is required by the PRA.

The Department of the Treasury, which operates Pay.gov, says specifically that:

An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it provides notice of a currently valid Office of Management and Budget (OMB) control number. Among other things, a notice of the expected time burden is required…. Pay.gov provides services to Federal agencies. These services include the posting of agency forms. Required notices that accompany these forms are the responsibility of those agencies.

There’s a link from the payment page to a Privacy and Security Policy, but the linked page doesn’t mention the Privacy Act, the PRA, or an OMB control number.

Since the TSA hasn’t chosen to follow the law or disclose any of its plans, the only way to figure out the de facto “rules” is to reverse engineer them from travelers’ experiences.

If you show up at a TSA checkpoint on or after February 1st without REAL-ID, or with no ID, please let us know whether or not you paid the “TSA ConfirmID fee” and what happened to you at the cehckpoint..

Keep a copy and/or take a photo or screenshot or any printed or online forms you are asked to fill out. If the forms or user interface pages don’t include a valid OMB control number, you can legally ignore them without penalty.

Are you allowed to fly without REAL-ID? With no ID? Without paying the “TSA ConfirmID” fee? If you are prevented from flying, who stops you? What do they say is the basis for their action?

You have the right to film and record at TSA checkpoints. Please share your experiences so we can better inform future flyers without ID or without REAL-ID.

Jan 14 2026

US wants direct access to police databases worldwide

The US government is seeking direct access to police databases in other countries, as a condition of inclusion in the US Visa Waiver Program (VWP). Citizens of countries in the VWP are allowed to enter the US for limited short visits under the without having to apply or pay for standard visas to the US. So inclusion in the VWP is a valuable incentive the US can use to pressure other countries to make other concessions to the US.

The US says that any country not agreeing to a so-called Enhanced Border Security Partnership (EBSP) giving the US government access to its domestic police database by the end of 2026 will be expelled from, or not admitted to, the VWP.

The first EBSP agreement was signed in September 2025 between the US and Bahrain. The European Union authorized EBSP negotiations with the US in December 2025, despite concerns raised in September 2025 in an opinion by the European Data Protection Supervisor. EBSP negotiations are ongoing between the US and other countries in the VWP.

There’s been almost no discussion in the US of the EBSP negotiations or agreements. None of these agreements have been submitted to the US Senate for ratification as treaties.

The most detailed reporting about EBSP has come from Europe and has been based on documents from European governments. This presentation at the 39C3 conference earlier this month in Germany by Matthias Monroy gives a good overview of what’s known and the questions that remain.

Labeling these agreements “partnerships” implies reciprocity. But most criminal investigations in the US are carried out by state or local police and aren’t included in any national database. The NCIC database hosted by the FBI is an index to records of arrests, convictions, and court orders such as warrants, but doesn’t identify people who are being investigated but for whom no warrant has been issued. As a result, EBSP agrrements will give US authorities access to much more information about foreigners in countries with entralized police record-keeping than foreign governments will get about people in the US.

The announcement of the signing of the USA-Bahrain EBSP agreement says that it “facilitates the automated exchange of biometric data between Bahrain and DHS”. The EBSP agreements thus provide a self-justifying pretext for integration of the US government’s biometric databases, in order to make them available to foreign police.

US data will be made available not just to democratic foreign governments but to ones like Bahrain — a repressive regime in which the hereditary monarch rules by decree. The US says that data sharing pursuant to the EBSP will “safeguard both countries”, but Bahraini dissidents and asylum seekers probably won’t see it that way. Once data is disclosed by the US to foreign authorities, there’s no way for the US to control, or even to know, how or against whom it’s used, or with which other repressive regimes it’s shared.

Jan 02 2026

Collection of biometrics from anyone “associated” with a foreigner

As part of an array of proposals and rules issued by components of the US Department of Homeland Security to collect a widening array of biometric information and systems from widening categories of individuals, US Citizenship and Immigration Services (USCIS) is proposing a new rule that would authorize collection of any form of biometric information or samples from anyone, including US citizens, “encountered” by USCIS or “associated with” any applicant for admission to the US, US residency, or US citizenship.

The proposed rule would give USCIS blanket authority, at its discretion, to order any such individual to report to any location worldwide specified by USCIS, and to submit to collection of facial images (“digital image, specifically for facial recognition”), fingerprints, palm prints, iris scans, retinal scans, voice prints, and/or DNA samples.

Underlying the proposal is an implicit but impermissible assumption that merely to “associate” with foreigners is sufficiently suspicious to create probable cause for a search.

Today the Identity Project and Fiat Fiendum, Inc., filed comments objecting to this proposal for warrantless, suspicionless searches as unconstitutional and contrary to US treaty obligations pursuant to the International Covenant on Civil and Political Rights:

U.S. Citizenship and Immigration Services (USCIS) component of the Department of Homeland Security (DHS) is proposing to “expand its routine biometric collections to include individuals associated with immigration benefit requests or other requests or require[d] collection of information…. DHS is proposing to revise 8 CFR 103.16 to require that any applicant, petitioner, sponsor, beneficiary, or individual filing or associated with a benefit request, other request, or collection of information, to include U.S. citizens, U.S. nationals, and lawful permanent residents, and without regard to age, must submit biometrics, unless DHS otherwise exempts the requirement.”

These individuals would be required to submit to intrusive searches at U.S. borders and ports of entry and exit, at places outside the U.S., and at places in the interior of the U.S.

These searches and collections of biometric information and samples would include facial photography (“mug shots”), fingerprinting, iris and retina scans, voice samples, and DNA samples, on a dragnet basis for all applicants or “associates” of applicants or at the “discretion” of USCIS, rather than on the basis of warrants, probable cause, or individualized suspicion.

The NPRM does not mention the Constitutional rights or human rights treaties it implicates, much less justify the proposed rules as Constitutional or permitted by treaty.

The proposed searches would be unconstitutional and violate U.S. treaty obligations.

Warrantless, suspicionless searches, solely on the basis of citizenship, immigration status, exercise of the right to freedom of movement, and/or “association” with other individuals, would violate the First and Fourth Amendments to the U.S. Constitution and U.S. obligations as a party to the International Covenant on Civil and Political Rights (ICCPR).

The proposed rule should be withdrawn.

Thousands of comments, almost all objecting to the proposed rule, are still being docketed. Once they are docketed, you can find all of the comments on this proposal here.

Dec 10 2025

CBP wants all visitors to install and use its smartphone app

Permisisons requeste by ESTA Android app

[Permissions requested by ESTA Android app. Why does CBP want to be able control your flashlight?]

By a notice published today in the Federal Register, US Customs and Border Protection (CBP) is requesting approval not only to make all foreigners visiting the US without visas submit a comprehensive set of biometric identifiers (“face, fingerprint, DNA, and iris”) but to do so by installing and using a closed-source CBP smartphone app that requires permission to access Wi-Fi scanning and network data; take photos and video; access any fingerprint, iris scan, or other biometric sensors, and even turn on and off your flashlight.

Each visitor to the US under the Visa Waiver Program (VWP), for which the fee has recently been raised from $21 to $40 per person, would be required to submit, in advance, through this smartphone app, identifiers for all social media accounts they have used in the last five years.

Each visitor would also be required to submit what CBP calls “High Value Data Elements”. According to the notice:

The high value data fields include:

a. Telephone numbers used in the last five years;
b. Email addresses used in the last ten years;
c. IP addresses and metadata from electronically submitted photos;
d. Family member names (parents, spouse, siblings, children);
e. Family number telephone numbers used in the last five years;
f. Family member dates of birth;
g. Family member places of birth;
h. Family member residencies;
i. Biometrics—face, fingerprint, DNA, and iris;
j. Business telephone numbers used in the last five years;
k. Business email addresses used in the last ten years.

CBP thinks that the average visitor could compile and enter all of this data (typing on a smartphone) in 22 minutes, including the time needed to contact each of their siblings and children to find out their five-year history of addresses and phone numbers.

Welcome to the 2026 World Cup!

Applicants for US visas are already required to provide a much more extensive set of personal data, including biometrics and identifiers for all social media accounts they have used. So this proposal, if approved, would expand collection of biometrics, social media identifiers, and the additional “high value data elements” to almost all foreign visitors to the US, with or without visas. The only remaining exception, which CBP doesn’t mention, is for asylum seekers who may have no documents and who require no pre-approval.

We continue to oppose warrantlesss, suspicionless compelled disclosure of social media or biometric identifiers or other information as unconstitutional and a violation of the human rights of travelers. And we oppose any requirement to provide this information in advance, when it could be collected on arrival in the US, when visitors apply for admission.

Dec 05 2025

TSA Confirm.ID: TSA plans to charge air travelers without ID or without REAL-ID $3B a year in extra fees for extra questioning

Since scare tactics haven’t gotten everyone in the U.S. to sign up for REAL-ID or show ID whenever they fly, the Transportation Security Administration (TSA) is turning to extortion through the threat of a new $45 fee to fly without “acceptable” ID.

The proposed fee and the modified “ID verification” program it would pay for are being described by the TSA as a fait accompli. But even if they were authorized by Congress and Constitutional — which we don’t think they are — they have several months-long procedural hurdles to clear before they could legally be put into effect, and even then they would face the possibility of litigation by travelers, states, airlines, and perhaps others.

$3 billion dollars a year in extra fees for extra questioning of flyers

In its latest round of rulemaking by press release, the TSA has issued a series of procedurally irregular announcements indicating that the agency plans a new fee-based procedure for air travelers without “acceptable” ID, including those presenting ID that the TSA deems not to comply with the REAL-ID Act and those who don’t have or don’t show any ID at all:

A notice published by the TSA in the Federal Register on November 20th said the fee for flying without ID or without REAL-ID would be $18 per person for each ten-day period.
A second notice published on December 3rd, just two weeks later, announced that “based on review and revision of relevant population estimates and costs… and a revised methodology… TSA recalculated overall costs and determined that the fee necessary to cover the costs of the TSA Confirm.ID program is slightly more than $45.”

The drastic revision of the cost estimate and fee, so soon after the initial announcement, suggests that the initial estimate was sloppy, rushed, or both, and perhaps that the entire new program is being hastily implemented, may not yet be clearly defined, and may fit the definition of agency action that is “arbitrary, capricous, an abuse of discretion, or otherwise contrary to law”. Any such action is liable to be “set aside” by the courts on the basis of the Administrative Procedure Act (APA).

According to a press release posted on the TSA website on December 1st, “Currently, more than 94% of passengers already use their REAL ID or other acceptable forms of identification.” That’s only one percentage point higher than the 93% compliance the TSA announced after the first few weeks of REAL-ID “enforcement” in May 2025. These largely unchanged numbers suggest that the TSA is making little progress in persuading more travelers to sign up for a national-ID scheme or show their papers at TSA checkpoints.

Based on the current rate of roughly three million people a day passing through TSA checkpoints, 6% of whom don’t show ID the TSA deems “acceptable” (or don’t show any ID), 180,000 people a day would be assessed the proposed new $45 fee. That would generate $8.1 million a day, or $2.96 billion a year, in new revenue for the TSA.

The TSA’s initial notice claimed that currently “taxpayers pay[] for an individual’s identity verification services provided by TSA”. But each airline passenger already pays a fee of $5.60, collected by the airline, each time they pass through a TSA checkpoint at an airport.

This “9/11 Security Fee” was imposed when the TSA was created, and is supposed to cover the TSA’s costs of searching air travelers. Air travelers, not taxpayers, pay for the TSA to grope, interrogate, and delay us. Charging a fee for this “benefit” is like charging a “police user fee” to be pulled over in a traffic stop, even if no violation is found and no citation is issued.

Dec 03 2025

Airlines Reporting Corp. says it’s ending sales of ticket data to police & Feds

The Airlines Reporting Corporation — the financial clearinghouse that processes payments between U.S. travel agencies and hundreds of airlines in the U.S. and worldwide — plans to sunset the program through which it has given Federal agencies and an unknown range of other customers access to searchable archives of billions of agency-issued tickets for past and future airline flights.

According to a letter (first reported by Joseph Cox of 404 Media) sent by ARC in response to a request by members of Congress to end warrantless access by law enforcement agencies to ticketing data, ARC says its Travel Intelligence Program (TIP) “is sunsetting this year”.

ARC’s “TIP” program was first uncovered by Katya Schwenk of Lever News in May 2025, and discussed in more detail here on PapersPlease.org and in a series of follow-up stories by Joseph Cox of 404 Media based on his FOIA requests to agencies that subscribe to TIP.

Many of these stories have described ARC as a “data broker”, which is legally correct but somewhat misleading. ARC is a financial clearinghouse that provides its airline and travel agency customers with transaction and payment-processing services.

It’s unclear whether the TIP program was devised by ARC as a profit center, or simply as a way to efficiently manage and defray the expense of responding to requests by law enforcement agencies for searches of ticketing records.

TIP was always peripheral to ARC’s core business, as is demonstrated by the alacrity with which ARC was willing to end it as soon as it came under criticism from Congress. It’s unlikely that shutting down TIP will have any any material impact on ARC’s bottom line.

ARC could have told police and Federal agencies to go away and not come back without a warrant. But while some travel agencies might have preferred that course of action to protect their customers’ privacy, ARC is controlled by airlines, not agencies. And airlines have never prioritized protecting passengers’ privacy or security against police or anyone else.

Airlines have largely ignored privacy and data protection laws, even in jurisdictions like Canada and the European Union that have them (unlike the US). And data protection authorities (DPSs), even in jurisdictions that have such agencies (again, unlike the US), have largely let airlines get away with this.

When the cops come knocking, the typical response of an airline is, “Please come in! How can we help?” Airlines’ willingness to allow ARC to sell ticketing data is not an anomaly but an indication of the pervasive airline industry culture of collaboration with law enforcement. We can find no record of any airline, anywhere in the world, ever, that has gone to court to challenge government demands or requests for passenger data.

It’s unclear what motivated ARC’s decision to pull the plug on police access to ticketing data through TIP. A few members of Congress had complained about TIP, but the odds that Congress would finally enact privacy legislation applicable to airlines remain slight.

A more likely explanation may be that publicity about TIP (and inquiries about TIP from local journalists) may have caused some of the airlines that use ARC to process payments for tickets issued by their U.S. agents to fear that DPSs in their home countries might be prompted by the ARC scandal to start asking more general questions about how airlines apply their purported privacy policies to the agents they appoint to execute contracts in their name in other countries such as the US with lax or nonexistent privacy laws.

Agencies and contractors in the US, including computerized reservation systems, have always been among of the skeletons in the closet of airline privacy invasion, and could expose airlines to huge liability if foreign DPA’s ever looked behind the curtain at airlines’ agents and contractors — not just ARC — in the US.

ARC has a nearly total but insecure monopoly, and can ill afford to give airlines a reason to start looking harder for alternatives. The existential threat to ARC for decades has been wider adoption of direct connections between airlines and travel agencies. Some of the largest airlines have already set up direct connections and settlement with some of the largest online and offline travel agencies. ARC might have decided that the incremental revenue from TIP, and the goodwill that being a willing police informer and collaborator generated with governments, weren’t worth possibly driving away some of its core financial-clearinghouse business.

ARC probably assumes that ending the TIP program ends the problem — but it shouldn’t. The TIP program may not have violated any US law, which is why even angry members of Congress could only ask, not demand, that ARC stop selling out travelers to the police. It’s a different story abroad, though.

Foreign airlines that participate in the ARC settlement clearinghouse — and not just those that share in ownership of ARC as a joint venture — have been systematically violating the privacy and data protection laws of their home countries for twenty years. They could, and should, be held to account for that history of misconduct.

ARC still has data on all the ticketing transactions it processes. It could still be ordered to provide ticketing data to the police, as compuerized reservation systems have been, and could be ordered not to disclose this to the airline, travel agency, or passenger involved in the transaction.

The TIP scandal should be the beginning, not the end, of investigation, exposure, and enforcement action against airlines that have been disregarding passengers’ expectations of privacy, willingly and often secretly collaborating with law enforcement agencies, and failing to protect them against stalkers and other everyday threats to their privacy and security.

Dec 02 2025

Has the TSA added immigration enforcement to “Secure Flight”?

Arrest warrants have never been disclosed to be part of the Secure Flight algorithm used by the Transportation Security Administration (TSA) to process information about each domestic US airline passenger and decide whether to send the airline a Boarding Pass Printing Result (BPPR) authorizing the airline to issue a boarding pass or take other action.

But at least three incidents have made the news in the last month that together suggest that the TSA may have added immigration orders to the Secure Flight ruleset, turning US airports and domestic flights into traps for unwitting foreign citizens.

On October 29th, Marta Brizeyda Renderos Leiva, a citizen of El Salvador, was arrested by agents of the Department of Homeland Security (DHS) at Salt Lake City International Airport while on her way to a flight to visit relatives in Maryland.
On November 20st, Any Lucia Lopez Belloza, a citizen of Honduras who came to the US as a small child and is now a freshman scholarship student at Babson College in Wellesley, MA, was arrested at Logan International Airport in Boston when she tried to check in for a flight to Austin, TX, to surprise her parents with a Thansksgiving visit. (On November 21st a Federal judge in Boston issued an order prohibiting the government from transferring Ms. Lopez Belloza out of Massachusetts or the US while her petition for a writ of habeas corpus was pending. The government ignored the court order and deported her to Honduras on November 22nd.)
On November 22nd, Prof. Vahid Abedini of the University of Oklahoma, an Iranian citizen, was arrested by DHS agents at the Will Rogers International Airport in Oklahoma City while on his way to an academic conference in Washington, DC.

Each of these individuals was unaware that there was an immigration order for their arrest or deportation. And there is no apparent basis or methodology for DHS to have known when and where to intercept them at airports other than matching of airline reservations and immigration enforcement orders — something never previously disclosed.

The Feds could have learned of planned domestic air travel by searching records of tickets settled through the Airlines Reporting Corp. (ARC) clearinghouse under a program that was exposed earlier this year and is supposedly now set to “sunset” by the end of this month. But that wouldn’t have enabled the Feds to block the issuance of boarding passes, as reportedly happened in some of these recent cases.

At any time, there are millions of records of arrest warrants in the FBI’s National Crime Information System (NCIC) database. Many of these are inaccurate or out of date, such as long-since-quashed bench warrants for failure to appear in traffic court or pay fines on time. Local courts often report to NCIC when warrants are issued, but fail to report when they are cleared. Hundreds of people are arrested every day after traffic stops when local police run check on motorists and find warrants listed in NCIC.

Three million people a day travel by air in the US, sixty times as many as are stopped on the roads by local police. If every domestic airline reservation were checked against NCIC for outstanding warrants, thousands of domestic travelers would be arrested at US airports every day. That simply doesn’t happen. So far as we can tell, at least until the last month, you could be wanted for murder and fly back and forth across the US without ever being stopped — just as you can walk down the street without being required to identify yourself or subjected to a warrant check without probable cause to suspect you of a crime.

This is as it should be. The US Constitution rightly prohibits general warrants or all-purpose law enforcement checkpoints or searches without individualized probable cause.

Earlier this month we noted the unusual arrest of UK citizen and political commentator Sami Hamdi at San Francisco International Airport on October 26th when he went to check in for a domestic flight to the next stop on his US speaking tour. At the time, we speculated that perhaps the government had added Mr. Hamdi to its no-fly or “selectee” lists as a suspected terrorist. We already know that these lists are part of the Secure Flight ruleset. Now we wonder whether Mr. Hamdi’s treatment was an early case of the expansion of Secure Flight from a system ostensibly used for aviation security to a more general police dragnet.

We’ve been getting tips for years that some officials of the TSA, DHS, and other law enforcement agencies want to check all airline passengers for outstanding warrants. That would be technically straightforward. Once an algortithmic checkpoint is in place, it’s relatively easy to add new list-based or attribute-based rules to the algorithm. And the TSA has also wanted all-purpose authority for searches, seizures, and detention.

In court, though, the TSA to date has always pretended that warrantless Secure Flight “vetting” and warrantless administrative searches of airline passengers are used solely to identify people and things that are demonstrably dangerous to aviation. Using Secure Flight for immigration enforcement would require a completely new legal rationale, and would open the door to even wider use of airports as general law enforcement checkpoints.

In addition, the most recently-disclosed version of the TSA’s internal staff directive for disclosure of Secure Flight Data (SFD), issued sometime after January 20, 2025, says that:

SFD shall not be shared for purposes of ordinary law enforcement or tracking the movement of an individual who is not a potential or confirmed match to a watch list…. TSA will only respond to a written request for SFD by a law enforcement agency when there is a nexus to terrorism, transportation security, or national security for individuals not listed on the consolidated and integrated terrorist watch list. Exceptions to this policy may be granted on a case-by-case basis where an exigent threat to life or a similar extraordinary circumstance suggests that disclosure is warranted.

Routine use of Secure Flight for general law enforcement (warrant checks) or immigration enforcement would either violate this policv or have required a change in policy.

We welcome any information that can shed light on what’s really happening.

Please let us know of you hear of other immigration or criminal arrests at airports that appear to have been based on matching of domestic airline reservations with NCIC data.

Dec 01 2025

USCIS is trying to make a list of all U.S. citizens

U.S. Citizenship and Immigration Services (USCIS), a Federal agency whose mandate is to administer naturalization and derivative citizenship for those not born as U.S. citizens, has been trying — without the public notice required by law for such a database — to construct a national ID registry of all U.S. citizens including natural-born U.S. citizens.

This process began in April and May of 2025 with a ten-fold expansion of the USCIS “Systematic Alien Verification for Entitlements Program” (SAVE) database to add records about hundreds of millions of native-born U.S. citizens to those already in the system about tens of millions of naturalized citizens and immigrants.

Information about a new category of individuals (native-born U.S. citizens) was added to SAVE from new sources including Social Security and state drivers’ license records.

The Privacy Act requires prior notice in the Federal Register of the categories of individuals, information, and sources of personal data in Federal databases. To deter Federal officials or employees form keeping secret databases about the citizenry, the Privacy Act makes the maintenance of such a database of personal information without proper notice a crime on the part of the responsible Federal officials and employees.

USCIS converted the SAVE database about immigration and naturalization into a comprehensive database about all U.S. citizens without the required notice.

Six months later, in response to a lawsuit led by the League of Women Voters, USCIS published a notice of the changes to the SAVE system, with the notice to take effect today unless the changes are rescinded in response to public comments. But USCIS has kept the the revised SAVE system in operation, illegally, during the comment period.

In our comments submitted today to USCIS, the Identity Project points out that the ongoing maintenance of the revised SAVE system without proper notice has been a crime on the part of the responsible Federal officials and employees.

We also argue that “the revisions to the SAVE system of records exceed the statutory authority of USCIS and violate multiple provisions of the Privacy Act.”

According to our comments:

The statutory mandate of USCIS is to carry out various functions with respect to naturalization and derivative citizenship. No statute requires USCIS to carry out any function whatsoever with respect to natural-born U.S. citizens, or to collect information about them. Nor does any statute require any agency to maintain a national registry of U.S. citizens.

Even if Congress were to authorize a national ID registry, “records of Social Security numbers and account information and state drivers’ license records would not be ‘relevant or necessary’ to accomplish that purpose”:

Pursuant to the U.S. Constitution, an individual born in the U.S. acquires U.S. citizenship by birth. In the absence of a valid renunciation of citizenship — which would be executed and recorded by the Department of State, not by USCIS, the Social Security Administration (SSA), or state drivers’ license agencies — the sole fact that is relevant or necessary to ascertain their U.S. citizenship is the fact of their birth in the U.S., not whether they have a Social Security number or drivers’ license, much less any other information in SSA or drivers’ license records.

What is the relevance of whether someone has a Social Security number to whether they are a U.S. citizen? Non-U.S. citizens can and routinely do (and in many cases must) have Social Security numbers and accounts. What is the “relevance” of whether an individual has a driver’s license to whether they are a U.S. citizen? Many states can and do issue driving permits to non-U.S. citizens, on the basis of their demonstrated competence to operate motor vehicles safely rather than on the basis of citizenship. Neither the Social Security Administration nor state driver licensing agencies are authoritative adjudicators of U.S. citizenship, and neither of them has any need, for any of their official purposes, to ensure that whatever information about U.S. citizenship they may incidentally collect and maintain is either accurate or up to date.

Will anyone who doesn’t have a drivers’ license be presumed not to be a U.S. citizen?

A “citizenship” registry constructed in garbage-in, garbage-out fashion by aggregating state drivers’ license records that have nothing to do with citizenship will inevitably be incomplete, inaccurate, and unfit for the purpose of judging citizenship, eligibility to vote, or eligibility for other Federal programs.

Finally, we call out USCIS for violating the provision of the Privacy Act that requires information that is to be used to determine eligibility for Federal programs (the stated purpose of the SAVE citizenship database) to be collected directly from the individuals to whom it pertains:

The Privacy Act at 5 U.S.C. § 552a(e)(2) also requires that, “Each agency that maintains a system of records shall… (2) collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual’s rights, benefits, and privileges under Federal programs.”

None of the additional information in the revised SAVE system would be collected directly from the subject individuals, as required by this provision, although all of it could be.

If USCIS wants to create a registry of all U.S. citizens (and if a valid law has authorized it to do so, which it has not), USCIS must “to the greatest extent practicable” sign individuals up directly for that registry, first providing them with the notices required by the Privacy Act.

You can submit your own comments here through midnight EST tonight, December 1, 2025.

Given that the criminals at USCIS responsible for maintaining the SAVE system ignored the law when they expanded it into a national ID registry, kept it in operation for six months before publishing a proper notice of what they were already doing, and have kept it in operation in its illegally revised and expanded form during the comment period, we have little hope that they will now come to their senses and rescind the changes, much less that they will be prosecuted for their criminal violations of the Privacy Act.

We wish all success to the League of Women Voters and their partners in their ongoing litigation against the unlawful transformation of this immigration and naturalization system into a national database of aggregated (mis)information about all U.S. citizens.