“What happens in Vegas, stays in Vegas.”

November 19th, 2014

The U.S. Supreme Court has recognized that under U.S. law, once you have paid for a hotel room, your room is your home and your castle. You are entitled to the same protection against unwanted intrusions in a hotel room as you would be in the same room if you owned it outright as a condo.

As is often the case, however, the law is one thing and business norms are another. The difference is made clear in a fascinating and widely-misreported legal case involving a gambler arrested earlier this year in Las Vegas.

Paul Phua is a Malaysian businessman well known as a high-roller at casinos in Macau and in Las Vegas, where he has played in million-dollar-ante (U.S. dollars) televised poker games.

(Like nearby Hong Kong, Macau is an enclave that was formerly a foreign colony and is a now a “Special Administrative Region” of China.  Macau uses its special status to provide a haven for legal casino gambling, which is generally illegal elsewhere in China. Most Chinese citizens can’t get visas to travel to the US or other countries, but can more easily get permission to travel to Macau from the rest of China. As a result, Macau has become the world’s largest legal casino gambling center: Significantly more money is bet and lost to casinos in Macau than in Las Vegas.)

Paul Phua and his son Darren Phua were arrested in July of this year, during the soccer World Cup, in a residential villa (a 10,000-square-foot hotel suite) at the Caesar’s Palace casino-hotel complex in Las Vegas. Gambling, including betting on the World Cup, is of course legal in Las Vegas. That’s how Caesar’s Palace makes its money, and that’s why the Phuas were there. They have been charged with US Federal crimes, however, for allegedly using the Internet connection from their hotel villa in Las Vegas to send messages to unlicensed sports betting businesses in Macau and elsewhere.

What made the headlines earlier this month, and led to an editorial in the New York Times, was a motion filed by the Phuas’ lawyers arguing that the searches of the Phuas’ villas were unconstitutional.

One of the lawyers on the brief for the Phuas is Tom Goldstein, founder of SCOTUSblog and, among many other cases on his resume, co-counsel for John Gilmore in his petition for certiorari to the Supreme Court in Gilmore v. Gonzales. The brief for the suppression of illegally obtained evidence against the Phuas is one of the best-written piece of legal story-telling we’ve come across in a long time, even down to the legally irrelevant asides. (”Once they left the villas, the first comment of [agents] Lopez and Kung was to agree that the female butler was “pretty hot.” Ex. F., Trans. Disc 3, p. 39, lines 24-25. Turning back to the case, they…”)

The essence of the Phuas’ lawyers’ argument is that FBI agents and Nevada state law enforcement officers repeatedly cut off the Internet service to the Phuas’ villas, waited until the residents of the villas reported the outages, then came into the villas with hidden cameras and recorders but disguised as, and falsely claiming to be, repair technicians working for the hotel.

The police then used the information from these warrantless entries to apply for a search warrant for the Phuas’ villas as well as a another villa occupied by some alleged associates of the Phuas, claiming that the residents of the villas had “consented” to their coming inside.

The legal issue is whether you can be deemed to have “consented” to a search by the police if you let a person into your home who claims to be a repair technician, especially when the only reason you called for service is that the police had turned off your service.

This sounds like something out a comic-book story of surveillance in a tin-pot dictatorship, where the phone in your hotel room stops working (because the secret police have disconnected the line), and then the secret police show up at your door, pretending to be from the telephone company, and pretend to “fix” the phone while installing wiretapping devices.

There’s more to the malfeasance of the FBI and Nevada police in this case. They tried to hide from the judge the fact that they were the ones who had disconnected the DSL lines to the villas, prompting the residents’ service request to the hotel. They also claimed to the judge that the Phuas had been “free to leave” while they were being kept in handcuffs for more than five hours. Since the Phuas weren’t being detained, it wasn’t necessary to read them their rights or allow them to talk to their lawyer, who had shown up outside the villa and was turned away by police.

But what also interests us is the role of the hotel-casino management and staff.

The New York Times editorial, like much of the of the other news analysis, got this backwards:

During the 2014 World Cup, the agents suspected that an illegal gambling ring was operating out of several hotel rooms at Caesar’s Palace in Las Vegas, but they apparently did not have enough evidence to get a court-issued warrant. So they enlisted the hotel’s assistance in shutting off the Internet to those rooms, prompting the rooms’ occupants to call for help. Undercover agents disguised as repairmen appeared at the door, and the occupants let them in. While pretending to fix the service, the agents saw men watching soccer matches and looking at betting odds on their computers. There is nothing illegal about visiting sports-betting websites, but the agents relied primarily on that evidence to get their search warrant. What they failed to tell the judge was that they had turned off the Internet service themselves.

The voluminous court filings (those that are available without charge through RECAP are linked from this copy of the docket sheet) and other news reports about the underlying facts make clear that the actual chain of suspicion and illegal snooping went in the other direction:

Contrary to what the Times suggested, the police didn’t “enlist” the hotel in their investigation. Nor is it true that, as the government implausibly claims in its response to the Phuas’ motion, that the hotel’s “contractor engaged in a private frolic outside of any … relationship with the agents.”  The initiative to invade guests’ rooms came not from the police (as the Times misreported) or the contractor (as the government now claims) but from the hotel.

The hotel initiated the investigation, enlisted the police to spy on its guests, gave the police full access to all the data it had already collected about these guests and all the surveillance tools it had already installed, and provided support without which the police wouldn’t have been able to trick the guests into letting in the cops disguised as Internet repairmen.

Reprehensible (and unconstitutional) as the cops’ actions were in this case, anyone who spends time in hotel rooms ought to be at least as outraged at the hotel’s role in spying on its guests.

Read the rest of this entry »

DHS adds discrimination by national origin to pre-crime profiling of US visitors

November 3rd, 2014

Secretary of Homeland Security Jeh Johnson announced this morning that, with immediate effect and with no advance notice or warning, foreign citizens “seeking to travel to the United States from countries in our Visa Waiver Program (VWP) will be required to provide additional data fields of information in the travel application submitted via the Electronic System for Travel Authorization (ESTA).”

The additional questions which have already been added to the newly “Enhanced” ESTA application include:

  • Other Names/Aliases
  • Other Citizenships
  • Parents name(s)
  • National Identification Number (if applicable)
  • U.S. Contact information (email, phone, points of contact)
  • Employment information (if applicable)
  • City of Birth

As discussed in our comments to DHS when it was first proposed, the ESTA is a a travel permission and exit-permit system of dubious legality. Prior application, payment of the ESTA fee (by credit card only, so that CBP has a credit card number on file to link the travel history of each ESTA applicant to a financial history), and receipt of ESTA approval is required by the US before boarding any flight departing from any other country in the world, with the intention of eventually traveling to the USA.

ESTA approval is not a guarantee of admission to the US, and the US has consistently and explicitly claimed that ESTA is solely a travel-permission scheme, not a visa requirement.  (If it were deemed a visa requirement, US citizens would likely be subjected to reciprocal visa requirements to visit VWP countries.)  So the sole purpose of adding questions to the ESTA application form is to add them to the inputs to the pre-crime profiling process that determines whether to allow an applicant to travel to the US for the purpose of applying, on arrival at a US port of entry, for visa-free admission to the US as a visitor.

In other words, the only reason to ask citizens of VWP countries about their other or prior citizenship(s), if any, is for DHS to discriminate between citizens of the same WVP country, in making ESTA permission-to-travel decisions, on the basis of those VWP-country citizens’ prior national origins.

This is a disgraceful act of overt US government bigotry, and all citizens of both the USA and VWP countries should be outraged.  Why should the US think it can treat citizens of, say, the UK or Germany differently on the basis of their national origin, as evidenced by what other countries’ passports they also hold or previously held? Such blatant discrimination against  US citizens on the basis of their national origin would be illegal on its face, although it has been standard illegal operating procedure for the DHS.

DHS claims in its FAQ about today’s ESTA “enhancements” that it can mandate provision of this additional information through a Paperwork Reduction Act (PRA) notice of information collection, without needing to promulgate any new or revised regulations:

Why is DHS doing this under a Paperwork Reduction Act and not a regulation?

The relevant regulatory provision does not list the specific data elements that VWP travelers must provide in order to obtain an ESTA. Instead, the regulation states that “ESTA will collect such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I-94W Nonimmigrant Alien Arrival/Departure Form (I-94W).” Since there are no data elements listed in the regulation, there is no need to update the regulation. The revisions to the ESTA data elements fall under the Paperwork Reduction Act since DHS is amending an information collection (Form I-94W) and not amending a regulation.

The problem with this is that DHS has already added the new questions to the ESTA form, but doesn’t appear to have gotten the necessary approval from the Office of Management and Budget (OMB) for their inclusion.

DHS has a long history of ignoring the PRA and failing to get its forms approved by OMB. The PRA notice in the online ESTA application form refers to OMB approval control number 1651-0111, which was issued September 17, 2014. But the Federal Register notices and other documents submitted to OMB to support that approval don’t appear to have included the new questions added to the form today.

Amtrak admits passenger profiling but not DHS collaboration

October 30th, 2014

(Excerpt from DHS "TECS" travel history log showing API data extracted from the reservation for a passenger on Amtrak (carrier code 2V) train 69 from Penn Station, New York (NYP) to Montreal (MTR). "QYRSLT" redacted by DHS (at left on second line from bottom ) is result of pre-crime risk score query to DHS profiling system. Click on image for larger version.)

Amtrak has admitted to profiling its passengers, while improperly withholding any mention of its transmission of railroad passenger reservation data to DHS for use in profiling and other activities.

In response to a Freedom Of Information Act (FOIA) request from the ACLU, Amtrak has disclosed profiling criteria that Amtrak staff are instructed to use as the basis for reporting “suspicious” passengers to law enforcement agencies.  As the ACLU points out in an excellent analysis in its “Blog of Rights”, pretty much everyone fits, or can be deemed to fit, this profile of conduct defined as “indicative of criminal activity”.

It’s suspicious if you are unusually nervous — or if you are unusually calm. It’s suspicious if you are positioned ahead of other passengers disembarking from a train — or if you are positioned behind them.

Normal, legal activities are defined as suspicious: paying for tickets in cash (Amtrak and Greyhound are the common carriers of last resort for the lawfully undocumented and unbanked), carrying little or no luggage (how many business day-trippers on the Acela Express are carrying lots of luggage?), purchasing tickets at the last minute (also the norm for short-haul business travelers), looking around while making telephone calls (wisely keeping an eye out for pickpockets and snatch thieves, as Amtrak police and notices in stations advise passengers to do), and so forth.

“Suspicion” based on this everyone-encompassing profile is used to justify interrogations and searches of Amtrak passengers, primarily for drugs but also for general law-enforcement fishing expeditions.  Suspicion-generation is a profit center for Amtrak and its police partners: The documents obtained by the ACLU from Amtrak include agreements with state and local police for “equitable sharing of forfeited assets” seized from passengers or other individuals as a result of such searches.

The ACLU requested, “procedures, practices, agreements, and memoranda governing the sharing of passenger data with entities other than Amtrak, including but not limited to… other… federal… law enforcement agencies;” and, “Policies, procedures, practices, agreements, and memoranda regarding whether and how passenger data is shared with any law enforcement agency.”

But Amtrak’s response included no records whatsoever concerning the provision of passenger data obtained from Amtrak reservations to DHS or any other government agency.

We know that DHS obtains information from Amtrak about all passengers on all international Amtrak trains.  DHS has disclosed this in public reports, and we have confirmed it from DHS responses to FOIA and Privacy Act requests.  The example at the top of this article is of a DHS “TECS” travel history log showing Advance Passenger Information (API) data extracted from a record in Amtrak’s ARROW computerized reservation system for a passenger traveling on Amtrak (carrier code 2V) train number 69 in the outbound direction from the US (”O”) from Penn Station, New York (station code NYP) to Montreal (MTR). The entry in the “QYRSLT” column redacted by DHS is the result for this passenger and trip of the pre-crime risk score query to the DHS profiling system.

Read the rest of this entry »

Supreme Court to review Constitutionality of warrantless police access to hotel guest logs

October 20th, 2014

Today the US Supreme Court agreed to review whether — as was decided en banc by the 9th Circuit Court of Appeals last year — a Los Angeles city ordinance requiring hotel-keepers to identify guests, log their identities and the details of their hotel stays, and open those log books to police inspection at any time, without advance notice, any basis for suspicion, or a warrant or subpoena — is, on its face, in violation of the Fourth Amendment to the US Constitution.

It’s interesting that hotels are the context in which the Supreme Court has chosen to consider service providers’ Fourth Amendment objections to warrantless, suspicionless compelled police access to business transaction metadata about their customers’ identities, locations, and activities at particular times and dates.  The Supreme Court has yet to accept any cases dealing with such objections by telecommunications, air transportation, or internet service providers, despite the essentially similar issues in those industries.

The key difference is that few providers of other services have challenged the government’s demands in court, as hotel owners did in the case now known at the Supreme Court as City of Los Angeles v. Patel.

The Los Angeles hotel registry ordinance mandates exactly the same three essential elements, for example, as the Federal government’s system for outsourced dragnet surveillance and control of air travelers:

  1. Presentment to private service providers of government-issued ID credentials (to enable log entries to be compiled into, linked with, and mined from personal travel history dossiers).
  2. Recording by service providers of transaction metadata including locations, time, date, and customer ID information.
  3. Warrantless, suspicionless, “open book” police root access to these metadata logs at any time.

So far as we know, however, not one airline, travel agency (online or offline), or computerized reservations service (including Google, which now operates an airline reservations hosting service) has challenged any of the government’s dragnet demands for customer transaction, location, chronology, and ID metadata.

In its (successful) argument to the Supreme Court to take the case, the city of L.A. argues that state and local laws mandating identification, logging, and police access to logs of hotel guest information are “ubiquitous”, and that by the logic of the 9th Circuit decision all these laws could be found to be unconstitutional on their face. That’s true. Hotel guests (”outsiders”) have long been deemed per se suspicious persons, and hotel registry laws are among the oldest and most pervasive of (unconstitutional) laws mandating businesses to compile and maintain metadata about their customers’ and their activities and make it available to police, without warrant or suspicion for data mining or gumshoe fishing expeditions. That’s exactly why it’s so important for the Supreme Court to uphold the decision of the Court of Appeals.

The hotel owners challenged only the requirement for warrantless open-book police access to hotel registries, and not the requirements for hotels to maintain such registries or for hotel guest to show ID. That’s still an important challenge, though, and one that goes further than other businesses (certainly further than any other travel businesses) have done to defend their customers’ rights not to treated as suspects.

We continue to commend the hotel owner plaintiffs/respondents in this case for their stand, Other businesses in the travel, communications, and Internet industries could and should bring similar court challenges when they are presented with similar (and similarly unconstitutional) government demands.  They cannot excuse their actions in spying on their customers by saying, “The government made us do it, and we had no choice,” if they never asked a court to rule on whether that “demand” was legally valid.

“Travelers, say bon voyage to privacy”

October 17th, 2014

We talked at length with Watchdog investigative reporter Dave Lieber for his column in today’s Dallas Morning News: Travelers, say bon voyage to privacy.

Lieber hits the nail on the head by calling out how few travelers realize that the U.S. government is keeping a permanent file of complete mirror copies of their reservations:

Did you know that when you buy an airline ticket and make other travel reservations, the government keeps a record of the details?

If airlines don’t comply, they can’t fly in the U.S., explains Ed Hasbrouck, a privacy expert with the Identity Project who has studied the records for years and is considered the nation’s top expert.

Before each trip, the system creates a travel score for you…. Before an airline can issue you a boarding pass, the system must approve your passage, Hasbrouck explains….

The idea behind extensive use of PNRs [Passenger Name Records], he says, is not necessarily to watch known suspects but to find new ones.

Want to appeal? “It’s a secret administrative process based on the score you don’t know, based on files you haven’t seen,” Hasbrouck says….

Hasbrouck says: “You can’t keep files on everybody in case you want some dirt on them. That’s what J. Edgar Hoover did. We’ve been through this before in this country. Think of all the ways those files targeted innocent people and were misused. People’s lives were destroyed on the basis of unfounded allegations.

“Do we want to go back to that?”

For those whose curiosity has been piqued, here are links to more about this issue:

The FAQ, What’s in a Passenger Name Record (PNR)?, includes links to examples of PNR data, templates to request your travel history and PNR files from DHS, and information about our lawsuit against DHS to try to find out what files it has about us and how it has used and “shared” them.

Requirements for airlines to send passenger data to the government, and receive individualized (per-passenger, per-flight) permission from the government before issuing a boarding pass, are contained in two separate sets of DHS regulations: Secure Flight for domestic flights and the Advance Passenger Information System (APIS) for international flights. (More about the APIS regulations.)

The system of “pre-crime” profiling and assigning scores to all air travelers was discussed in recent government audit reports and at a Congressional hearing last month, and in a front-page story in the New York Times, in which we were quoted, last year.

There’s a good overview of the government’s travel surveillance and control process in a talk by Edward Hasbrouck of the Identity Project that was broadcast on C-SPAN</a> last year. The slides from that talk include diagrams of the system and examples of PNR data and other government files about travelers.

“Jetsetting Terrorist” confirms DHS use of NSA intercepts

October 16th, 2014

We’ve been reading the Jetsetting Terrorist blog (highlighted last week by Boing Boing) to see what we can learn from the anonymous author’s chronicles of his experiences traveling on commercial airlines, within the U.S. and internationally, after being convicted of a nonviolent misdemeanor criminal offense the U.S. has since defined as “terrorism”:

Since 2009, I’ve been on the TSA’s “terrorist watch list” [because] years ago I was convicted of an activist-related property crime.  The government deemed it “terrorism.” My “weapon of mass destruction” was a small tool purchased at a hardware store for under $30. My crime resulted in a loss of profits to several businesses. No one was injured. And it wasn’t even a felony.

Some of what the Jetsetting Terrorist describes is unsurprising, such as the inconsistency and unpredictable of the TSA’s “There are no rules” operational practices (a/k/a, “We make up the rules as we go along”, or “The rules are whatever we say they are today”). Or the confusion of TSA and airport checkpoint contractor staff, accustomed to carrying out crude profiling on the basis of race, religion, and national origin, when they receive instructions to treat a white-skinned hipster techie U.S. native like the Jetsetting Terrorist as a second-class citizen.  We’ve heard many accounts like these from other travelers about the TSA’s real-world Standard Operating Procedures, as distinct from those contained in the secret written manuals for TSA staff and contractors.

Beyond that, several things stand out from our reading of the Jetsetting Terrorist blog:

  1. Anyone could be subjected to the same treatment as the “Jetsetting Terrorist”. Millions of people in the U.S. have been convicted, at some point in their lives, of some nonviolent property crime or other nonviolent misdemeanor.  There are no limits to what crimes the government can retroactively define as “terrorism”, and courts have enforced few constraints on what additional burdens, restrictions, and prohibitions can retroactively be imposed — by law or by extrajudicial administrative fiat — on anyone who has ever in their life been convicted of any crime.  Once someone has a criminal record, they are considered to “deserve” whatever they later get when additional administrative infirmities are later piled on to their long-ago-completed judicially-imposed sentence.  And it’s not just people convicted of crimes later defined as “terrorism”. Where will it end? “First they came for the terrorists.  Then they came for the drug dealers…. Then they came for you and me.”
  2. So-called “watchlists” are really blacklists. The word “watchlist” is an Orwellian euphemism which the government uses to minimize its infringement of the rights of people on these lists. Properly speaking, a “watchlist” implies a list used to target surveillance, and the consequences of being on a “watchlist” are limited to being watched, i.e. surveilled. A bad thing, but very difference from the consequences of being on a blacklist, on the basis of which the government actively interferes with one’s movements, lays hands on one’s body (calling genital groping by another minimizing euphemism, “patdown”), and rips open one’s luggage to paw through one’s possessions.
  3. DHS pre-crime profiling is not binary, and can lead to many levels of consequences. Most travelers  naively assume that unless you are “on the no-fly list”, there are only three levels of pre-crime “risk scores” and consequent levels of intrusiveness of DHS action against you at airports: the TSA Pre-Check line, the “normal” (in the post-9/11 sense of “normal”) screening line, and the “secondary screening” line for those “selectees” who get “SSSS” printed on their boarding passes. But as the experiences reported by the Jetsetting Terrorist remind us, not all “selecteees” are selected for like treatment.  As was made public in a government filing in the first no-fly trial last year, each entry on the “selectee” list is assigned a numeric “handling code”. The range of handling codes and their meanings remains secret, but while some “selectees” merely get the full monty (”enhanced patdown”), others like the Jetsetting Terrorist are prevented from proceeding through TSA checkpoints until the checkpoint staff phone the FBI to report their itinerary and get permission for them to travel. In the case of the Jetsetting Terrorist, everyone on the same plane is subjected to an additional guilt-by-proximity ID document check and luggage inspection at the gate, at the entrance to the jetway.
  4. DHS components are among the “customers” for NSA electronic surveillance. On a recent international trip, the Jetsetting Terrorist spent time, while he was abroad, with a friend from the US: “My friend went back one day before me. We didn’t arrive together. We didn’t leave together. We don’t live anywhere near each other. Separate itineraries, everything. But a few hours before I was to leave for the airport, I get an email. Customs got her. Details were sparse, but she said they’d detained her for over an hour, asked her a thousand questions, took her computer in the back room, and asked her about me. A lot about me.  What’s most interesting: Somehow, they knew we were traveling together. This could not be gleaned from airline records. In fact, it could only have been learned of from electronic surveillance.”  Assuming these facts are accurately reported, we agree. (The Jetsetting Terrorist blog is anonymous and unverifiable. But we have no reason to doubt its legitimacy.)  This isn’t the first report of DHS employees questioning a US citizen about information that could only have been obtained from surveillance of electronic communications: that’s part of the basis for an ongoing  lawsuit in federal court in Indiana.  We continue to believe, as we said when  we reported on that case earlier this year, that it’s more likely that the DHS is one of, and possibly the most frequent, “customer” and user of information obtained from the illegal NSA electronic communications dragnet than that the DHS is running its own parallel illegal surveillance scheme on the same scale.

The Jetsetting Terrorist is looking for help finding a way to film and/or record his interactions with the TSA, in spite of being separate from his belongings while he is being searched and interrogated.  Since he plans to distribute these recordings publicly, they would be protected from search (as would his other work product documents and data) by the federal Privacy Protection Act, 42 USC 2000aa.  Most journalists aren’t aware of this law.  But it has important implications at airports, and protects anyone with an intent to distribute information publicly — not just full-time professional journalists.

U.S. citizen sues the State Department for a passport

October 14th, 2014

A Yemeni-American U.S. citizen sued the U.S. State Department today, asking a federal court in Michigan, where he lives, to order the State Department to issue him a U.S. passport.

Ahmed Nagi was naturalized as a U.S. citizen twenty years ago.  In May of 2013, after his previous U.S. passport expired, Mr. Nagi applied to renew his passport. He went in person to the State Department’s Passport Office in Detroit, and paid the $60 extra fee for “expedited” passport renewal service.

Normally, a U.S. citizen who applies in person at a Passport Office on an expedited basis — especially if they have been issued a U.S. passport previously, and are applying for a renewal rather than a first-time passport — can pick up their new passport within a couple of days, even the same day if they have evidence of imminent planned international travel.

Mr. Nagi, however, is still waiting for a new passport, sixteen months after he submitted his application. In response to repeated inquiries, Mr. Nasgi and his lawyers have been told only that his passport application is still “pending”. The State Department has used the impossible-to-complete “long form” as a pretext to hold up processing of some disfavored passport applications, but hasn’t asked Mr. Nagi for any additional information or told him anything about why his application hasn’t been approved.

In the meantime, Mr. Nagi is legally prohibited from leaving the USA without a passport.

The U.S. government appears to have decided that there is no legitimate reason for any U.S. citizen to visit Yemen, whether as a tourist or to visit friends or relatives. In a blatant case of discrimination on the basis of national origin, all U.S. citizens of Yemeni birth or ancestry are being treated as presumptively terrorists and subject to de facto travel restrictions, even if they haven’t individually been placed on any U.S. government blacklists.  Hundreds of U.S. citizens are currently stranded in Yemen, unable to leave Yemen or return to the U.S., because the U.S. Embassy in Sana’a has been systematically seizing the passports of any Yemeni-Americans who go to the embassy to request consular services as U.S. citizens.

According to one of Mr. Nagi’s attorneys, Lena Masri of the Council on American-Islamic Relations, “The federal government has routinely delayed the processing of passport applications for Muslims of Yemeni origin for an indefinite period of time.”  By keeping passport applicants in indefinite limbo, the State Department hopes to exercise a “pocket veto” of passport issuance and international travel, without issuing formal decisions denying passport applications that would be subject to judicial review.  “This lawsuit will challenge the federal government’s unchecked practice of denying these individuals their constitutionally-protected right to travel without affording them their right to due process of law.”

Argentina takes lead in Latin American air travel surveillance

September 30th, 2014

Argentina has promulgated regulations which will require operators of all flights in or out of the country to send copies of both Advance Passenger Information (API) and Passenger Name Record (PNR) data for each passenger and crew member to the government before any flight departs.

The new regulations are to be fully implemented within six months, and apply to all international flights including charters and general aviation as well as airlines.

This may seem surprising. Argentines remember the Dirty War and the ways that government dossiers about individuals were compiled and misused by the dictatorship. Argentina has been considered one of the leaders among Latin American governments in enacting legal protection for personal data. Argentina was the first country in Latin America to be certified by the European Union as providing adequate protection for personal data.  But things can be different in practice than in theory.

The excuses offered by Argentine officials for this ratcheting-up of travel surveillance are typically examples of (1) laundering of travel surveillance and control policies through international organizations and (2) use of “because terrorism and drugs”  as a pretext for measures actually intended and used for general law enforcement, tax collection, other government revenue generation, etc.

According to the regional English-language Latin American Herald Tribune:

Cabinet chief Jorge Capitanich and Tourism Minister Enrique Meyer on Friday rebuffed criticisms of a rule obliging airline operators to answer a questionnaire of 32 queries about passengers on international flights, ranging from their identity to their seating preferences to how many suitcases they carry.

Capitanich … said the questionnaire does not constitute an additional control on passengers.

“The requisites for trips abroad now are no different from what they were before – the database has simply been unified to comply with international regulations,” he said during his daily press conference.

The tourism minister also said that, … “In fact, the passenger has no say in this matter, they’re measures that the International Civil Aviation Organization is requiring of all countries,” he told Argentine radio.

In fact, no “international regulations” require the collection, retention, or provision to governments of any of this data — only rules of specific countries such as the USA and now Argentina.  The ICAO white paper on transfers of PNR data to governments, Document 9944, is explicitly a set of nonbinding “guidelines” suggesting how PNR transfers should be carried out, if they are required by specific countries.

And according to Argentina’s English-language newspaper of record, the Buenos Aires Herald:

The government said that the information will be used in the fight against “drug trafficking, international terrorism, human trafficking and illegal migration.”

Other observers immediately suggested that the real purpose of the new regulations is to control the outflow of hard currency prompted by the growing disparity between the official and black-market exchange rates of the Argentine peso, along with fears of further devaluation, another currency freeze, or more bank failures.

By taking a conspicuous leading role in adopting travel surveillance and control measures that the US has been trying to globalize (with little success until now, particularly in Latin America) as part of the “war on terror”, and labeling them as “counter-terrorist” measures, Argentina may be hoping to curry favor with the US and perhaps gain diplomatic capital that Argentina can use in negotiations with the US regarding Argentina’s default on its sovereign debt.

First challenge to detention & arrest under Arizona “Papers, Please!” law

September 28th, 2014

The first lawsuit challenging the legality of a detention and arrest as a consequence of Arizona’s “Papers, Please!” law (SB 1010) was filed this week by the ACLU of Arizona on behalf of  Ms. Maria del Rosario Cortes Camacho.

SB 1070, enacted in 2010, requires Arizona state and local law enforcement officers to make “a reasonable attempt …, when practicable, to determine the immigration status of the person” whenever an officer makes a “lawful contact” with any person “where reasonable suspicion exists that the person is an alien who is unlawfully present in the United States.”

Although portions of the law were found unconstitutional, this part of the law was upheld by the Supreme Court in 2012 on the basis that at least this part of the law could be applied Constitutionally, if and only if it was construed solely as creating an obligation on law enforcement officers to “attempt” to verify immigration status without committing other Constitutional violations in the process.

The Supreme Court declined to presume that this “attempt” would necessarily, or in practice, result in more prolonged detention than would otherwise be permitted, or in arrest that wouldn’t otherwise have been made:

There is a basic uncertainty about what the law means and how it will be enforced. At this stage, without the benefit of a definitive interpretation from the state courts, it would be inappropriate to assume §2(B) will be construed in a way that creates a conflict with federal law…. This opinion does not foreclose other preemption and constitutional challenges to the law as interpreted and applied after it goes into effect.

As we said at that time:

Close reading of the law and the Supreme Court opinion makes clear that the next step for opponents of the law is to test how, in practice, the state of Arizona will answer the questions asked by the Supreme Court: Will people in Arizona be detained, will their detentions be prolonged, or will their releases from custody be delayed (without, in each case, some other lawful basis) merely to check their immigration status?

If any of things happen to people in Arizona, the Supreme Court has explicitly left it open for them to bring new Constitutional challenges to those infringements of human rights.

That is exactly what is now happening in Cortes v. Lakosky. According to the complaint, Ms. Cortes had applied for a special category of U.S. visa for certain victims of mental or physical abuse. That application was eventually granted, and Ms. Cortes lawfully remains in the U.S.   But when she was stopped and cited for minor, non-criminal traffic violations (which did not, in themselves, provide a basis for arrest), a Pinal County Sheriff’s deputy demanded evidence of her legal presence in the U.S., basing that demand on SB 10170.

Ms. Cortes actually had a copy of her pending visa application in the glove compartment of her car, but the sheriff’s deputies didn’t want to look at it. Rather than citing her on the spot and letting her go on her way as soon as that was done, the Instead, they detained her, handcuffed her, transported her in custody to an office of the Border Patrol, and turned her over to Border Patrol agents who held her for five more days.

No criminal charges and no allegations of illegal presence or other immigration law violations were ever filed against Ms, Cortes.  The sole basis for the prolongation of Ms. Cortes’ detention, her arrest, and her transportation to the Border Patrol office was an (unwarranted) suspicion of unlawful presence in the U.S.

The complaint seeks damages from the sheriff’s deputies, in their individual capacities.

What happens if you fit the DHS profile even though you aren’t a threat?

September 26th, 2014

In a self-assessment published this week by the DHS on the integration of DHS programs for surveillance, profiling, and control of airline passengers (the TSA’s Secure Flight for domestic flights and the CBP’s Automated Targeting System for international flights), the DHS says it is reducing to 15 years the length of time for which DHS will retain logs of people who were singled out for special treatment as “matches” on the basis of (secret) DHS profiling algorithms, but who were “ultimately determined not to be a threat.”

The DHS will still keep its TECS log entries for the trip itself, and will be able to retrieve a new copy of your PNR (airline reservation record) from the airline or CRS (database hosting company) at any time, even if DHS has deleted its previous mirror copy or copies.  But the DHS will purge its record of having wrongly flagged you as a suspect if you’ve stayed out of trouble for the subsequent 15 years:

Records created about an individual associated with a confirmed or possible match to a watchlist that require additional analysis in the ATS case management module ATS-Targeting Framework (TF) will be retained for 15 and seven years respectively in ATS if the individual is ultimately determined not to be a threat. However, COP information maintained only in ATS that is linked to a specific case or investigation will remain accessible for the life of the law enforcement matter to support that activity and other enforcement activities that may become related. In addition, CBP may include information in TECS on individuals who may need additional scrutiny.

The DHS privacy impact self-assessment confirms that the DHS has shifted from blacklist/whitelist matching to real-time profiling and scoring as its methodology for making fly/no-fly and “intrusiveness of search” decisions.  The self-assessment also makes explicit that the reason for long-term retention by DHS of mirror copies of the commercial airline records is to enable subsequent pre-crime data mining:

It is over the course of time and multiple visits that a potential risk becomes clear. Travel records (including historical records), are essential to assist CBP officers with their risk-based assessments of travel indicators and identifying potential links between known and previously unidentified terrorist facilitators. Analyzing these records for these purposes allows CBP to effectively identify suspect travel patterns and irregularities.