Documents newly released to us by the TSA strongly suggest that the TSA has been lying about whether people are “allowed” by the TSA to fly without showing ID, and that decisions about whether to allow travelers to fly without ID are being made arbitrarily, on the basis of irrelevant and unreliable commercial data and/or at the “discretion” of individual field-level TSA staff.  The TSA documents also show that, at least for the limited sample of data initially released, the “false-positive” rate of watch-list matches is 100%.

The TSA has for many years been contradicting itself, both in word and in deed, as to whether travelers are required show government-issued (or any other) ID credentials in order to fly, or whether it is possible to fly without ID.

TSA signs at airports say that passengers are “required” to show ID. But the TSA has repeatedly told courts at all levels — from in camera (secret) submissions to the 9th Circuit Court of Appeals in Gilmore v. Gonzales in 2006 to public testimony of the TSA’s witness in the (unsuccessful) state court frame-up of Phil Mocek in Albuquerque in 2011 — that these and other official TSA notices to passengers are false, that ID is not required to fly, and that the TSA does have (secret) “procedures” that allow people to fly without having or showing ID.

The TSA’s actions are equally bipolar.  People who say they have lost their ID cards or had them stolen are “allowed” to fly every day.  But people who the TSA deems (for secret or not-so-secret reasons, or completely arbitrarily) to  be”suspicious” or “uncooperative” are routinely subjected to retaliation and summary sanctions including denial of  their right to travel.  Mr. Mocek, for example, was both prevented from boarding the flight for which he had a valid ticket, and falsely arrested by local police at the behest of TSA staff, when he tried to fly without ID and to document the process that the TSA claimed would have allowed him to do so.

What’s the real story? From our close reading of the available evidence, it appears that:

1. There are no publicly-disclosed “rules” (and probably not even any unambiguous secret rules) defining what is or is not permitted or required of travelers at TSA checkpoints, or what conditions the TSA imposes on the exercise of the right to travel by air.
2. The TSA claims to have the legal authority, and in practice exercises actual power, to determine who to allow to fly, and who not to allow to fly, in an entirely secret, standardless, and arbitrary manner, at its sole discretion, which discretion is often delegated to front-line TSA staff.

How does this work in practice? We are just beginning to find out.

In 2009, in response to one of our requests under the Freedom of Information Act (FOIA), the TSA gave us a redacted (censored) version of the section on Travel Document and ID Checks from the TSA’s “Screening Management SOP” (Standard Operating Procedures) manual.  An unredacted version of this SOP, including this section, was later inadvertently posted by the TSA on a public Federal government website.

In response to our follow-up FOIA request, the TSA also eventually released the latest (as of 2013) version of TSA Form 415, “Certification of ID”, which some travelers without ID credentials are asked to complete. We also received documents indicating that the TSA has not received the regulatory approval from the Office of Management and Budget (OMB) that would be necessary if completion of this form were to be mandatory, or if any sanctions (such as denial of passage) were to be imposed for declining to fill it out.

So far as we can tell, the release to us of the Travel Document and ID Checks section was the only time any portion of any TSA SOP has been released in response to a FOIA request. In response to our subsequent requests, the TSA has claimed that all its SOPs — including updated versions of the section it released to us and the one it posted on a public website — are “Sensitive Security Information” (SSI) exempt from FOIA.

In 2013, however, the TSA included in its response to another of our FOIA requests an e-mail message discussing and quoting a portion of an “ID Verification Report” on how many people had tried to fly without ID and what had happened to them.  We immediately filed another FOIA request for all these reports, which we have now been told the TSA has been preparing daily since 2008.

After almost two years, the TSA has finally made its first interim 4-page release of one purportedly “representative” example of these daily reports.  The TSA estimates it will take another 6 months to “process” (i.e. censor) and release the rest of these reports and the related records about them that we requested.

On May 6, 2014, according to the sample report, there were 175 calls by TSA checkpoint staff (and, we presume, TSA checkpoint contractors at airports like SFO where checkpoint searches and interrogation are outsourced) to the  “Identity Verification Call Center” (IVCC).  The report is on TSA letterhead with the address of TSA headquarters, but there is no indication of whether the IVCC is operated by the TSA itself or a private contractor.

Of the 175 calls, 25 were for “process assistance”, perhaps from checkpoint staff who didn’t know what they were supposed to do if would-be travelers showed up without ID.   There were 21 “Watch List Calls”, but none of them resulted in “Watch List Check Matches”  — apparently, 100% were false positives.  The Secure Flight requirement for airline passengers to provide their date of birth when they make reservations was supposed to cut down on  false positives, so it’s not clear why the rate is still so high. Perhaps what are being reported as “Watch List Calls” include calls based on profiling, and not just on ID-specific blacklists?  We look forward to learning more when we receive the instructions for preparing and categorizing data on these reports.

The remaining 129 calls would appear to have involved would-be travelers without ID credentials or with ID deemed unacceptable by checkpoint staff.  Of these, 120 were apparently “verified” by the process that travelers have been describing since 2008: IVCC staff pose questions by phone based on the file about the traveler maintained  by a commercial data aggregator, and decide whether the answers match those on file.

Of the nine remaining would-be air travelers with “unverified identities” according to the IVCC, six were allowed to travel and three were denied access to their flights.  The IVCC report included summaries of each of these cases.

The passenger described above was denied passage from Las Vegas to Miami because he or she “was unwilling to provide identifying information” — i.e., for exercising their right to remain silent in response to warrantless, suspicionless, administrative interrogation by TSA staff and/or IVCC contractors.

This passenger was kept off a flight from Detroit to Houston because the IVCC check of commercial data found a record “lacking identifying information”.  Does this mean that if you don’t have a file with Acxiom or  whatever other data broker the IVCC is relying on, or the data broker doesn’t have enough information about you to satisfy the TSA, you are an “un-person” not entitled to exercise your Constitutional and statutory right to travel by common carrier?

This passenger was deemed “unverified” by the IVCC because the commercial database check found a record “with inconsistent responses such as Other Residents… and Names of Neighbors”.  Do you know the names of your neighbors? Do you know who Acxiom thinks are your neighbors, or thinks live at the same address as you?  In the USA, we aren’t required to register with the police when we change our residence. And an identity thief who has obtained and memorized the data in Acxiom’s file about us is more likely to be able to give answers that match that file than we are.

But this passenger was allowed to fly from Philadelphia to Chicago, despite the insufficiently detailed or inconsistent profile of their cohabitants and neighbors in commercial databases.   That decision was made by the “Federal Security Director” (FSD), the head TSA staffer for the Philadelphia airport.  In another cases, the decision to allow an “unverified” passenger to fly was made by the Deputy Assistant FSD as “FSD Designee”.

There’s no indication as to how a TSA duty officer at an airport is supposed to decide whether or not to allow such a person to fly.  It’s difficult to see any way they could make such a decision other than what they think of the person’s appearance — i.e., the crudest sort of profiling.  The basis (if any) for the decision by the FSD or their designee wasn’t considered worth including in the IVCC report, although whether the incident had attracted “media attention” was always required to be reported.

The key takeaway is that the TSA wrongly regards air travel as a privilege, not a right, permission for which is required from the TSA and can be granted or denied by individual TSA staff in their “discretion”.

There’s no mention in the IVCC report of the “Certification of ID” form. This suggests that completing TSA Form 415 may be an additional requirement or request made to those whose identity is “verified” by the IVCC based on commercially brokered data, but that mere self-identification is not sufficient for TSA permission to travel.

[Follow-up: Analysis of later release by the TSA of summary tallies for 2008-2011]