Does CBP have access to domestic Amtrak reservations?

September 23rd, 2015

Documents released to us by Amtrak suggest that since 2012, US Customs and Border Protection (CBP) has had direct access to Amtrak’s reservation system, possibly including access to reservations for Amtrak passengers traveling entirely within the USA.

What do these documents show? And why would an immigration and border patrol agency want access to records of travel by US citizens and other residents within the borders of the US?

Read the rest of this entry »

California Dreamin’

September 15th, 2015

Stumbling into the embrace of the homeland-security state, California’s state legislature has sent to Governor Jerry Brown a bill which, unless the Governor vetoes it by October 11th, will require that:

[T]he Department [of Motor Vehicles] shall require an applicant for an original driver’s license or identification card to submit satisfactory proof of California residency and that the applicant’s presence in the United States is authorized under federal law.

A.B. 1465 is unnecessary, would create severe problems for many Californians, and would discourage both immigrants to the US and residents of other states from moving to California.

As our friend Jim Harper of the Cato Institute has noted, the intent of  A.B. 1465 appears to be to make it easier for the DHS to claim that California is making “progress” toward compliance with the REAL-ID Act.

Why would Californians want that?

The DHS has repeatedly threatened that if states don’t comply with the REAL-ID Act, including connecting their state drivers license and ID databases to the outsourced REAL-ID “hub” operated by the AAMVA, residents of those states won’t be allowed through Federal checkpoints at airports and at entrances to Federal facilities.

But as we discussed here and here and in this presentation at Cato earlier this year, these threats are hollow.

The TSA allows people to fly without ID every day, despite false notices in airports that ID is required.

As for access to federal buildings, the DHS says that “REAL-ID does not apply to … applying for or receiving Federal benefits, … accessing hospitals and health clinics…, or constitutionally protected activities.”

We’re not sure why else ordinary people would want to access most Federal facilities.

Read the rest of this entry »

In the wrong place at the wrong time? You might end up on the no-fly list.

August 28th, 2015

If you exercise your right to travel, will the US government use your past travel as the basis for denying you the right to travel in the future?

Reading between the lines of the redacted public versions of recent filings in one of the ongoing legal challenges to US government no-fly orders, the answer appears to be, “Yes”.

Merely having visited the “wrong” place at the “wrong” time (as subsequently and secretly determined by the precogs who devise the government’s algorithms for predicting future terrorist behavior) can be sufficient to get you put on the no-fly list.

Did you visit Yemen in 2009? Now you might be on the no-fly list — for that reason, and maybe that alone.

Read the rest of this entry »

Laura Poitras sues DHS et al. for records of her airport detentions and searches

July 27th, 2015

Documentary filmmaker Laura Poitras, represented by the Electronic Frontier Foundation, has filed a lawsuit under the Freedom of Information Act (FOIA) against the Department of Homeland Security (DHS), the Department of Justice (DHS), and the Office of the Director of National Intelligence (ODNI, which includes the NSA). The winner of an Oscar and a Pulitzer Prize for her independent journalism, Poitras is seeking the release of records kept by the government about her travels, and about why she has been detained for hours at a time, searched, and interrogated at airports whenever she entered or left the US.

We welcome Ms. Poitras’ lawsuit, and we wish her and EFF all success. But we’ve been down this road before, and the results aren’t encouraging:

  • In 2006, Ms. Julia Shearson, Executive Director of the Cleveland Chapter of the Council on American Islamic Relations (CAIR), filed suit pro se against the DHS under the Privacy Act, seeking disclosure of records about why she was detained at gunpoint at the US-Canada border and falsely labeled as a terrorist in government blacklists. Despite years of litigation, Ms. Shearson still hasn’t received any information about why or by whom she was blacklisted as a terrorist, or any confirmation that any of the blacklist entries about her have been corrected.
  • In 2008, Ms. Sophie In ‘t Veld, a Member of the European Parliament from the Netherlands, also represented by EFF, sued the DHS under FOIA for records about her travel from the DHS “Automated Targeting System” (ATS). Although Ms. In ‘t Veld eventually received some excerpts from the DHS dossier about her travels, the pre-crime “risk assessment” scores assigned to her each time she traveled to or from the US were redacted and withheld, as was all information about the algorithms and the information used as the basis for those scores.
  • In 2010, Mr. Edward Hasbrouck, an award-winning travel journalist and a consultant to the Identity Project, represented by our parent organization the First Amendment Project, sued the DHS under both the Privacy Act and FOIA, seeking disclosure of records about himself and his travels from ATS, including risk assessments and rules used for determining them, and information about ATS search and data-mining functionality. Like Ms. In ‘t Veld, Mr. Hasbrouck eventually received some excerpts from the ATS files about his travels, but with all information about risk assessments and risk assessment algorithms redacted and withheld.  While Mr. Hasbrouck’s requests were pending, DHS exempted ATS from all of the access and disclosure accounting requirements of the Privacy Act, and a US District Court judge upheld the retroactive application of those exemptions to unanswered requests that Mr. Hasbrouck had made three years previously.  The judge also upheld the withholding of all information about DHS data-mining capabilities for ATS travel records, without even looking at any of the requested records.
  • In 2011, Mr. David House, a computer programmer associated with the Chelsea Manning (then Bradley Manning) Support Network, represented by the ACLU of Massachusetts, sued the DHS for wrongly searching and seizing Mr. House’s electronic devices and data at the airport when he returned to the US from a vacation abroad.  As part of a settlement of the lawsuit, the government eventually turned over some records from its files about Mr. House and about how the government used its travel surveillance capabilities to target him for his work to publicize Ms. Manning’s case and raise funds for her legal defense.  The records released to Mr. House give a partial picture of how the DHS uses manually-created flags (”lookouts”) to target travelers, but still doesn’t give any information about the algorithms or data inputs used for automated pre-crime profiling and “risk assessment” scores.
  • In 2013, Messrs. C.J. Chivers and Mac William Bishop, two reporters for the New York Times represented by the Times’ in-house legal department, sued the DHS under both FOIA and the Privacy Act for records about why the two journalists were targeted for unusually intrusive searches and interrogations at airports while leaving and returning to the US on reporting assignments for the Times. The Times hasn’t (yet) reported on what, if any, records they have received in response to the lawsuit. We presume that means that the government has yet to disclose any significant new information about its targeting of journalists and their travels. [In response to the lawsuit, DHS did release redacted portions of its TECS and Automated Targeting System (ATS) files about the journalists, including PNR data. But the codes indicating profiling results and reasons for DHS actions as well as some entire pages of ATS records were redacted.]

We’ve been involved as plaintiffs, attorneys, or consultants to plaintiffs and their counsel in all but one of these cases, and we support continued litigation on these issues.

Harassment of journalists and political activists and interference with their right to travel are only part of a bigger picture. Government surveillance and control of travel is a threat to everyone’s rights.  It’s important for the government to disclose what it’s been doing, but it’s equally important to expunge the government’s travel metadata surveillance archives and end the government’s pre-crime profiling and permission-based controls on who it “allows” to travel by common carrier or public right-of-way.

Expert critique of European travel surveillance and profiling plans

July 6th, 2015

Independent legal experts commissioned by the Council of Europe (COE) to assess proposals for surveillance and profiling of air travellers throughout the European Union have returned a detailed and perceptive critique of the proposed EU directive on government access to, and use of, Passenger Name Record (PNR) data from airline reservations.

Before the revelations by Edward Snowden and other whistleblowers about dragnet surveillance of telephone and Internet communications, few people appreciated the nature of the threat to freedom posed by government acquisition and use of PNR data for dragnet travel surveillance.

The expert report to the Council of Europe marks a breakthrough in the “post-Snowden” understanding of the nature and significance of government demands for PNR data. The report reframes the PNR debate from being an issue of privacy and data protection to being part of a larger debate about suspicionless surveillance and pre-crime profiling. The report also focuses the attention of European citizens, travellers, and policy-makers on the decisions made (in whole or in part) on the basis of PNR data: decisions to subject travellers to search, interrogation, or the total denial of transportation (”no-fly” orders).

The report specifically cites the Kafkaesque case of Dr. Rahinah Ibrahim as an example of the way that decisions made on such a basis tend to evade judicial review or effective redress.

The PNR directive under consideration by the European Union would require each EU member to establish a Passenger Analysis Unit (PAU), if it doesn’t already have one. These PAUs would function as new national surveillance and pre-crime policing agencies. Each PAU would be required to obtain PNR data for all air travellers on flights subject to its jurisdiction, “analyze” this data (i.e. carry out algorithmic pre-crime profiling of air travellers using PNR data as one of its inputs) and share the raw PNR data with its counterparts throughout the EU.

The United Kingdom already has such a Passenger Analysis Unit. It’s not clear which, if any, other EU members already have such units, although staff of the US Department of Homeland Security, based in Germany and elsewhere in Europe, already perform similar functions as “advisors” making “recommendations” to their European counterparts regarding the treatment of European travellers, based on US profiling of PNRs and other travel history and surveillance data.

The COE expert report on Passenger Name Records, Data Mining & Data Protection was commissioned by the COE Directorate General Human Rights and Rule of Law, and prepared by Douwe Korff (Emeritus Professor of International Law at London Metropolitan University, Associate at the Oxford Martin School of the University of Oxford, and currently Visiting Fellow at Yale University in the USA) and Marie Georges (independent expert formerly on the staff of the French national data protection authority, CNIL). The report was presented and discussed at a meeting last week of the “Consultative Committee of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (T-PD)”.

According to the introduction to the report:

Much has been said and written about Passenger Name Records (PNR) in the last decade and a half. When we were asked to write a short report for the Consultative Committee about PNR, “in the wider contexts”, we therefore thought we could confine ourselves to a relatively straightforward overview of the literature and arguments.

However, the task turned out to be more complex than anticipated. In particular, the context has changed as a result of the Snowden revelations. Much of what was said and written about PNR before his exposés had looked at the issues narrowly, as only related to the “identification” of “known or [clearly 'identified'] suspected terrorists” (and perhaps other major international criminals). However, the most recent details of what US and European authorities are doing, or plan to do, with PNR data show that they are part of the global surveillance operations we now know about.

More specifically, it became clear to us that there is a (partly deliberate?) semantic confusion about this “identification”; that the whole surveillance schemes are not only to do with finding previously-identified individuals, but also (and perhaps even mainly) with “mining” the vast amounts of disparate data to create “profiles” that are used to single out from the vast data stores people “identified” as statistically more likely to be (or even to become?) a terrorist (or other serious criminal), or to be “involved” in some way in terrorism or major crime. That is a different kind of “identification” from the previous one, as we discuss in this report.

We show this relatively recent (although predicted) development with reference to the most recent developments in the USA, which we believe provide the model for what is being planned (or perhaps already begun to be implemented) also in Europe. In the USA, PNR data are now expressly permitted to be added to and combined with other data, to create the kinds of profiles just mentioned — and our analysis of Article 4 of the proposed EU PNR Directive shows that, on a close reading, exactly the same will be allowed in the EU if the proposal is adopted….

Yet it is obvious (indeed, even from the information about PNR use that we describe) that these are used not only to “identify” known terrorists or people identified as suspects in the traditional sense, but that these data mountains are also being “mined” to label people as “suspected terrorist” on the basis of profiles and algorithms. We believe that that in fact is the more insidious aspect of the operations.

The report develops these key points about government access to and use of PNR data as a suspicionless dragnet surveillance system and as part of predictive pre-crime policing (outside of normal mechanisms for penal sanctions or for review and redress for police action) in detail.

In addition, the report endorses and highlights the point we have been making for many years that because most PNR data for flights worldwide is hosted by, and communicated through, reservation databases accessible from the USA and worldwide without purpose or geographic access limitations or access logs, the USA and other governments can already obtain and use this data, entirely bypassing putative controls on access to PNRs directly from airlines.

The report specifically directs the attention of European officials to testimony by Edward Hasbrouck of the Identity Project at a European Parliament hearing in 2010 (hearing agenda and witness list, slides, video):

“Europe” must also examine the highly credible claims by Edward Hasbrouck … that the USA has been systematically violating previous agreements, and is still systematically by-passing European data protection law, by accessing the CRSs used in global airline reservation systems hosted in the USA to obtain full PNR data on most flights, including most European flights (including even entirely intra-European ones), outside of any international agreements….

[W]e believe that the supposed safeguards against such further — dangerous — uses of the data are weak and effectively meaningless, both in their own terms and because, as Edward Hasbrouck has shown, the USA can in any case obtain access to essentially all (full) PNRs, through the Computerized Reservation Systems used by all the main airlines, as described next.

Read the rest of this entry »

Supreme Court finds L.A. hotel guest surveillance law unconstitutional

June 23rd, 2015

The Supreme Court has found unconstitutional on its face a Los Angeles ordinance requiring operators of hotels and motels to demand specified personal information from and about each guest and their behavior (date and time of arrival and departure, license plate number of the vehicle in which they arrived, etc.), log this travel metadata, and make this log (”guest register”) available for warrantless, suspicionless inspection by police at any time, under penalty of immediate arrest and imprisonment of the hotelier, without possibility of judicial review before complying with a demand for inspection.

The Supreme Court rejected the contention that hotels are so instrinsically dangerous as to justify their treatment as a “closely regulated industry” subject to inspection (i.e. search) without probable cause: “[N]othing inherent in the operation of hotels poses a clear and significant risk to the public welfare.”  By implication, this is a significant rebuff to post-9/11 (and pre-9/11) arguments that travel or travelers are per se suspicious, and to claims that there is or should be some sort of travel (or travel industry) exception to the Fourth Amendment.

And lest anyone be tempted to say that travel services providers with legally-imposed duties to accommodate the public are somehow different when it comes to the applicability of the Fourth Amendment, the Supreme Court also found that, “laws obligating inns to provide suitable lodging to all paying guests are not the same as laws subjecting inns to warrantless searches.”  The same logic, of course, would appear to apply to common carriers, who are obligated by law to provide transportation to all paying passengers.

The ruling by the Supreme Court in Los Angeles v. Patel upholds an en banc decision last year by the 9th Circuit Court of Appeals in a lawsuit first brought seven years ago by hotel owners Naranjibhai Patel and Ramilaben Patel and by the Los Angeles Lodging Association, an association of Indian-American proprietors of the sort of budget hotels that might, if allowed to do so by the government, provide accommodations of last resort to people without government-issued ID credentials who would otherwise have to sleep on the streets or under bridges.

We again commend Messrs. Patel and the LA Lodging Association for doing the right thing and standing up for their customers, even as small business owners highly vulnerable to police harassment and retaliation for questioning authority.

The Supreme Court ruling addresses only the rights of hotel owners, not those of hotel guests, and does noting in itself to establish a right to obtain lodging without having or showing government-issued permission papers. Nor does it address the requirement for hotels to monitor and log their guests’ identities and activities — only the requirement to make those logs available to the government without any possibility of prior judicial review of government demands for access.

As others have noted, and as we discussed in relation to the 9th Circuit’s decision and the Supreme Court’s decision to review it, much of the logic of this decision is equally applicable to other dragnet travel surveillance schemes involving compelled compilation, retention, and government access to travel metadata held by third parties (in this case, hotels) rather than by travelers themselves.

But as we have also noted before, this remains the only case we are aware of in which any of those travel companies — not just hotels but also airlines and other types of travel companies– have gone to court to challenge government demands for information about their customers.

Especially in light of this decision by the Supreme Court, it should be apparent that there’s an Achilles heel for the government to the “third-party” doctrine that individuals have no standing to challenge government demands for information  provided to and held by third parties, because that information is owned by those third parties and not by the individuals to whom it pertains:  As this case makes clear, those third parties — not just hotels but also airlines and others — do have standing to challenge these demands, and have a good chance of success if they persevere.

The shame is on larger travel companies with deeper pockets for going along with government surveillance of their customers and guests without question, and leaving it to highly vulnerable small businesses with fewer resources to challenge this dragnet travel surveillance scheme.

In the wake of the Supreme Court’s decision in L.A. vs. Patel, there’s more reason than ever for travelers to demand that all travel companies make public, contractually binding commitments, in their tariffs or terms of service, not to disclose information about their customers to the government without challenging those demands and without seeking to notify their customers of those demands.

Will the REAL-ID Act deny you access to Federal facilities?

June 22nd, 2015

As we’ve noted in our previous commentaries on the REAL-ACT in this blog and in our recent presentation at the Cato Institute, there are two components to the threats against individual residents of “noncompliant” states (and territories and the District of Columbia) that are being used by the DHS to try to induce reluctant state governments to incorporate their state drivers license and ID databases to the distributed national REAL-ID database by connecting them to the contractor-operated REAL-ID hub:

  1. Threatened denial of common carrier airline transportation to individuals who present drivers licenses or other ID credentials issued by noncompliant states; and
  2. Threatened denial of access to (certain) Federal facilities to these individuals.

The first of these threats appears to be hollow. The TSA has consistently argued, when demands for ID from air travelers have been challenged in court, that no ID credentials at all are required to fly.

The TSA claims the right to subject any traveler to more intrusive search and interrogation, without probable cause, and may use this arbitrary power against residents of states that don’t comply with the REAL-ID Act. But the TSA appears to realize that it has no legal authority for outright denial of air travel to people who don’t have, or decline to carry or show to the TSA or its contractors, government-issued ID credentials, REAL-ID Act compliant or not.

With respect to its threat to deny access to Federal facilities, the DHS (in its usual fashion of rulemaking by press release) has posted an announcement on its website that this will be implemented in phases determined by the “Federal Security Level” (FSL) assigned to individual facilities.

But what are the facilities, if any, to which these levels have been assigned, and to which individuals with ID from noncompliant states will therefore be denied access? We’ve filed a series of Freedom of Information Act requests to find out.

The responses to our FOIA requests suggest that this prong of the REAL-ID Act enforcement cattle prod is, to mix metaphors, a paper tiger. We’ve been unable to find any Federal facility to which such an FSL has actually been assigned.

Read the rest of this entry »

More on Amtrak passenger data requirements

June 21st, 2015

Amtrak has released a third batch of records (1st interim response, 2nd interim response) in response to our Freedom of Information Act (FOIA) request for information about Amtrak’s collection and “sharing” with the US and Canadian governments of information about Amtrak travelers on international routes between the US and Canada:

  1. Amtrak-FOIA-29OCT2014-signed.pdf (note that this file is actually in .doc format, and is not a copy of our request, as the filename might imply, but a collection of responsive records)
  2. date of birthAM.doc
  3. Function summary.doc
  4. IDPFOIARequest.pdf (another collection of responsive records, beginning with a list of all of Amtrak’s cross-border routes including both trains and Amtrak feeder buses)
  5. Regression User testing 9222305 (4).doc
  6. TheIdentityProject_InterimResponse3.pdf (cover letter from Amtrak’s FOIA office accompanying the interim response)
  7. wspBORDER.doc

The files with “.doc” filenames all appear to be from Amtrak’s IT department, and relate to the implementation by Amtrak of requirements for inclusion of passenger ID data desired by the US government in each Amtrak reservation for travel across the US-Canada border. As we have noted previously, this “requirement” was imposed internally and “voluntarily” by Amtrak, and was not a requirement of any law, regulation, or order from any other US or Canadian government agency.  It remains unclear from the records released to date whether anyone in Amtrak’s IT department was aware that this was solely an Amtrak requirement and not an externally imposed obligation.

According to these records, Amtrak began requiring a date of birth in the reservation, before a ticket could be issued, for each passenger on any international route, including infant passengers, beginning in November or December of 2000. (There are some inconsistencies in the dates in different records.)  Beginning in July or August 2005, Amtrak began also requiring a nationality and passport or other ID number in each such reservation, as part of Amtrak’s “voluntary” participation in the DHS “Advanced Passenger Information System” (APIS) also used by airlines.

These records include the formats used by Amtrak sales agents working directly in Amtrak’s own “ARROW” reservation system, as well as the formats used by travel agents making Amtrak reservations through each of the four major CRSs/GDSs: Amadeus, Galileo, Sabre, and Worldspan.  Amtrak’s software testing staff noted the complexity of these formats (which is indicative of how burdensome they are for the travel agents who have to learn and use them) and the likelihood of errors by travel agents. The Amtrak records include information provided to travel agents and travelers, describing these “requirements” but giving no clue that these requirements were voluntarily self-imposed by Amtrak itself.

The files linked above are posted here exactly as we received them by email from Amtrak’s FOIA office. The filenames are not indicative of the actual file contents, and some of the filename extensions don’t correspond to the file formats. One of the “.pdf” files, for example, is actually in MS-Word “.doc” format (also readable in Libre Office among other programs) rather than in PDF format.

We requested that all records found in digital form be released as bitwise copies of the files as found in Amtrak’s filesystems, but some of the files we received appear to be derivative, modified versions of copies of the original files, in some cases in completely different formats.

Most of the the records responsive to our request that we believe are likely to exist have not yet been released. Amtrak is continuing to process our request, and we expect further responses.

US again takes people off “no-fly” list to try to evade judicial review

June 16th, 2015

Four days before a Federal judge was scheduled to hear arguments in a lawsuit brought by four Muslim US citizens who were placed on the US government’s “no-fly” list to try to pressure them into becoming informants for the FBI, the government has notified the plaintiffs in the case that all of them have been removed from the no-fly list.

The plaintiffs in Tanvir v. Lynch are continuing to press their claims, as are other US citizens challenging their placement on the no-fly list in retaliation for declining to inform on their friends, families, communities, and fellow worshippers.  But we expect that, as has been its pattern, the government defendants will now try to get the case dismissed as “moot“.

So far as we know, every other instance in which the US government has told anyone whether or not they are or were on the no-fly list, or that they have been removed from that list, has come after the victims of these no-fly orders have challenged them in Federal court.

Either (1) the government never had any reason to think any of these people posed a threat to aviation, but never bothered to assess the basis, if any, for belief that they posed such a threat until faced with the imminent need to defend their blacklisting to a Federal judge. Or (2) the government genuinely (although mistakenly and without any adequate basis) believed that they posed a threat, but saw the possibility of judicial review of no-fly decisions as a greater threat to the standard operating procedures of the TSA, DHS, and FBI. Or (3) both of the above.

We’ll take Door Number 3, if you please.

If your travel history is “suspicious”, is that cause for search?

June 12th, 2015

If the file about you the DHS has compiled from airline reservations, license-plate readers, and other travel surveillance data sources is deemed “suspicious”, does that constitute probable cause for a search of your home and business or seizure of your possessions?

That question has arisen in  the case of Albuquerque antique gun collector and dealer Bob Adams, argued in May 2015 and currently awaiting a decision by the 10th Circuit Court of Appeals in Denver.

On January 23, 2013, Mr. Adams’ home and business was raided by a SWAT team including DHS and other Federal and state agencies.  Various of his possessions, including his collection and inventory of firearms, were seized, damaged, and/or destroyed in the raid. On November 4, 2013, after Mr. Adams had filed suit to recover his property, he was indicted for various technical violations of Federal laws relating to firearms imports and dealer licensing and reporting.

Both the search warrant and the indictment were based, in part, on allegations by Federal law enforcement officers regarding the records of Mr. Adams’ international travel history in the DHS Automated Targeting System (ATS). In an affidavit supporting the application to a Federal magistrate for the search of Mr. Adams’ home and business, “Special Agent” Frank Ortiz of the New Mexico Attorney General’s Office claimed that ATS records showed that Mr. Adams had repeatedly flown to Canada without having return flight reservations to the US, and had subsequently re-entered the US as a passenger in a private car.  This, agent Ortiz opined (based on his purported “expertise” in interpreting such data) was evidence of a pattern of suspicious behaviour characteristic of Mr. Adams’ alleged modus operandi for unlawful firearms imports.

(There’s a long but generally undisclosed history of airlines “voluntarily” giving police access, without warrants, to PNR data, and of police using it as the basis for interrogations and searches.)

The Federal judge to which the criminal case against Mr. Adams was assigned first upheld the search warrant but then, on reconsideration, ordered all the evidence obtained from the search suppressed, on the basis of other materially false statements, made in apparent bad faith, in Agent Ortiz’s affidavit. The government, which would have no case against Mr. Adams without that evidence, has appealed that ruling to the 10th Circuit Court of Appeals.

The ruling by the District Court, the arguments to the Court of Appeals, and most of the publicity about the case have focused on questions related to firearms.  But what concerns us are the issues related to ATS and its use as a surveillance and suspicion-generating system.

First, ATS data is neither accurate nor complete, and should not be relied on. For example, even experts may be unable to tell, from a particular PNR, whether or not it corresponds to actual travel or issuance of a ticket. (Mr. Adams says some of the DHS records of flights he allegedly took to Canada don’t correspond to flights he actually took, which is an inevitable consequence of the DHS orders to airlines to transmit copies to DHS of all reservations for such flights, including reservations that were unticketed and/or cancelled.) And license plate readers and the associated optical character recognition systems are, of course, subject to an unknown but substantial percentage of errors. (Mr. Adams says he has never traveled in some of the private vehicles in which ATS records that he crossed the US-Canada border.) Most importantly, the DHS has itself exempted ATS from the requirements of the Privacy Act for accuracy and completeness, on the basis of a claim that it is necessary to include inaccurate and incomplete data. Having done so, the government should be “estopped” from suggesting that any court or jury rely on this data.

Second, if the purpose of the ATS dragnet of warantless, suspicionless travel surveillance is to develop or support suspicions of criminal activity, that is a general law-enforcement purpose that goes far beyond the scope of permissible administrative searches or seizures of personal information incident to air travel or for purposes of aviation security.

Third, the evidence presented to the court in support of the application for a search warrant, to the grand jury in support of the indictment, and to Mr. Adams as part of pre-trial discovery, appears to have included only excerpts from TECS records (entry/exit logs which are one of the components of ATS), but not the complete TECS records, and none of the Passenger Name Record (PNR) data also included in ATS.  Full TECS records would include indications of the source of the data, and PNRs might well have made clear whether airline reservations had actually been ticketed and used, or had been cancelled as Mr. Adams claims.

It seems likely that the complete contents of the ATS records about Mr. Adams’ travel, including full TECS records and all PNR data, constituted potentially exculpatory evidence known to, and in the possession of, the government, which it was required to disclose to the defense pursuant to the decision of the Supreme Court in Brady v. Maryland.

More generally, it would seem that a complete ATS file for any involved individual, including complete TECS and PNR data, would constitute potentially exculpatory evidence in virtually any prosecution in which international travel might be relevant: smuggling, facilitating unlawful immigration, etc. It would be almost impossible for the government to know in which cases such data might support an alibi, support or undermine the credibility of a witness, or support or refute some other testimony or claim. If the government doesn’t proactively produce this material (as it is required to do), defense attorneys should object to this as a violation of the Brady doctrine, and/or specifically include it in routine discovery motions.  (We are available to assist defense counsel in interpreting such disclosures, and/or in explaining to courts how they could be exculpatory.)

Having carried out this extensive (although unreliable) surveillance of travelers, DHS appears to be using it selectively, introducing only those excerpts, in those cases, which it thinks it can spin as suspicious — and not mentioning other portions of these files that might refute these or other government allegations.  We wonder how many other criminal prosecutions this has tainted.