Archive for the ‘Papers, Please’ Category

DHS adds discrimination by national origin to pre-crime profiling of US visitors

Monday, November 3rd, 2014

Secretary of Homeland Security Jeh Johnson announced this morning that, with immediate effect and with no advance notice or warning, foreign citizens “seeking to travel to the United States from countries in our Visa Waiver Program (VWP) will be required to provide additional data fields of information in the travel application submitted via the Electronic System for Travel Authorization (ESTA).”

The additional questions which have already been added to the newly “Enhanced” ESTA application include:

  • Other Names/Aliases
  • Other Citizenships
  • Parents name(s)
  • National Identification Number (if applicable)
  • U.S. Contact information (email, phone, points of contact)
  • Employment information (if applicable)
  • City of Birth

As discussed in our comments to DHS when it was first proposed, the ESTA is a a travel permission and exit-permit system of dubious legality. Prior application, payment of the ESTA fee (by credit card only, so that CBP has a credit card number on file to link the travel history of each ESTA applicant to a financial history), and receipt of ESTA approval is required by the US before boarding any flight departing from any other country in the world, with the intention of eventually traveling to the USA.

ESTA approval is not a guarantee of admission to the US, and the US has consistently and explicitly claimed that ESTA is solely a travel-permission scheme, not a visa requirement.  (If it were deemed a visa requirement, US citizens would likely be subjected to reciprocal visa requirements to visit VWP countries.)  So the sole purpose of adding questions to the ESTA application form is to add them to the inputs to the pre-crime profiling process that determines whether to allow an applicant to travel to the US for the purpose of applying, on arrival at a US port of entry, for visa-free admission to the US as a visitor.

In other words, the only reason to ask citizens of VWP countries about their other or prior citizenship(s), if any, is for DHS to discriminate between citizens of the same WVP country, in making ESTA permission-to-travel decisions, on the basis of those VWP-country citizens’ prior national origins.

This is a disgraceful act of overt US government bigotry, and all citizens of both the USA and VWP countries should be outraged.  Why should the US think it can treat citizens of, say, the UK or Germany differently on the basis of their national origin, as evidenced by what other countries’ passports they also hold or previously held? Such blatant discrimination against  US citizens on the basis of their national origin would be illegal on its face, although it has been standard illegal operating procedure for the DHS.

DHS claims in its FAQ about today’s ESTA “enhancements” that it can mandate provision of this additional information through a Paperwork Reduction Act (PRA) notice of information collection, without needing to promulgate any new or revised regulations:

Why is DHS doing this under a Paperwork Reduction Act and not a regulation?

The relevant regulatory provision does not list the specific data elements that VWP travelers must provide in order to obtain an ESTA. Instead, the regulation states that “ESTA will collect such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I-94W Nonimmigrant Alien Arrival/Departure Form (I-94W).” Since there are no data elements listed in the regulation, there is no need to update the regulation. The revisions to the ESTA data elements fall under the Paperwork Reduction Act since DHS is amending an information collection (Form I-94W) and not amending a regulation.

The problem with this is that DHS has already added the new questions to the ESTA form, but doesn’t appear to have gotten the necessary approval from the Office of Management and Budget (OMB) for their inclusion.

DHS has a long history of ignoring the PRA and failing to get its forms approved by OMB. The PRA notice in the online ESTA application form refers to OMB approval control number 1651-0111, which was issued September 17, 2014. But the Federal Register notices and other documents submitted to OMB to support that approval don’t appear to have included the new questions added to the form today.

Supreme Court to review Constitutionality of warrantless police access to hotel guest logs

Monday, October 20th, 2014

Today the US Supreme Court agreed to review whether — as was decided en banc by the 9th Circuit Court of Appeals last year — a Los Angeles city ordinance requiring hotel-keepers to identify guests, log their identities and the details of their hotel stays, and open those log books to police inspection at any time, without advance notice, any basis for suspicion, or a warrant or subpoena — is, on its face, in violation of the Fourth Amendment to the US Constitution.

It’s interesting that hotels are the context in which the Supreme Court has chosen to consider service providers’ Fourth Amendment objections to warrantless, suspicionless compelled police access to business transaction metadata about their customers’ identities, locations, and activities at particular times and dates.  The Supreme Court has yet to accept any cases dealing with such objections by telecommunications, air transportation, or internet service providers, despite the essentially similar issues in those industries.

The key difference is that few providers of other services have challenged the government’s demands in court, as hotel owners did in the case now known at the Supreme Court as City of Los Angeles v. Patel.

The Los Angeles hotel registry ordinance mandates exactly the same three essential elements, for example, as the Federal government’s system for outsourced dragnet surveillance and control of air travelers:

  1. Presentment to private service providers of government-issued ID credentials (to enable log entries to be compiled into, linked with, and mined from personal travel history dossiers).
  2. Recording by service providers of transaction metadata including locations, time, date, and customer ID information.
  3. Warrantless, suspicionless, “open book” police root access to these metadata logs at any time.

So far as we know, however, not one airline, travel agency (online or offline), or computerized reservations service (including Google, which now operates an airline reservations hosting service) has challenged any of the government’s dragnet demands for customer transaction, location, chronology, and ID metadata.

In its (successful) argument to the Supreme Court to take the case, the city of L.A. argues that state and local laws mandating identification, logging, and police access to logs of hotel guest information are “ubiquitous”, and that by the logic of the 9th Circuit decision all these laws could be found to be unconstitutional on their face. That’s true. Hotel guests (”outsiders”) have long been deemed per se suspicious persons, and hotel registry laws are among the oldest and most pervasive of (unconstitutional) laws mandating businesses to compile and maintain metadata about their customers’ and their activities and make it available to police, without warrant or suspicion for data mining or gumshoe fishing expeditions. That’s exactly why it’s so important for the Supreme Court to uphold the decision of the Court of Appeals.

The hotel owners challenged only the requirement for warrantless open-book police access to hotel registries, and not the requirements for hotels to maintain such registries or for hotel guest to show ID. That’s still an important challenge, though, and one that goes further than other businesses (certainly further than any other travel businesses) have done to defend their customers’ rights not to treated as suspects.

We continue to commend the hotel owner plaintiffs/respondents in this case for their stand, Other businesses in the travel, communications, and Internet industries could and should bring similar court challenges when they are presented with similar (and similarly unconstitutional) government demands.  They cannot excuse their actions in spying on their customers by saying, “The government made us do it, and we had no choice,” if they never asked a court to rule on whether that “demand” was legally valid.

First challenge to detention & arrest under Arizona “Papers, Please!” law

Sunday, September 28th, 2014

The first lawsuit challenging the legality of a detention and arrest as a consequence of Arizona’s “Papers, Please!” law (SB 1010) was filed this week by the ACLU of Arizona on behalf of  Ms. Maria del Rosario Cortes Camacho.

SB 1070, enacted in 2010, requires Arizona state and local law enforcement officers to make “a reasonable attempt …, when practicable, to determine the immigration status of the person” whenever an officer makes a “lawful contact” with any person “where reasonable suspicion exists that the person is an alien who is unlawfully present in the United States.”

Although portions of the law were found unconstitutional, this part of the law was upheld by the Supreme Court in 2012 on the basis that at least this part of the law could be applied Constitutionally, if and only if it was construed solely as creating an obligation on law enforcement officers to “attempt” to verify immigration status without committing other Constitutional violations in the process.

The Supreme Court declined to presume that this “attempt” would necessarily, or in practice, result in more prolonged detention than would otherwise be permitted, or in arrest that wouldn’t otherwise have been made:

There is a basic uncertainty about what the law means and how it will be enforced. At this stage, without the benefit of a definitive interpretation from the state courts, it would be inappropriate to assume §2(B) will be construed in a way that creates a conflict with federal law…. This opinion does not foreclose other preemption and constitutional challenges to the law as interpreted and applied after it goes into effect.

As we said at that time:

Close reading of the law and the Supreme Court opinion makes clear that the next step for opponents of the law is to test how, in practice, the state of Arizona will answer the questions asked by the Supreme Court: Will people in Arizona be detained, will their detentions be prolonged, or will their releases from custody be delayed (without, in each case, some other lawful basis) merely to check their immigration status?

If any of things happen to people in Arizona, the Supreme Court has explicitly left it open for them to bring new Constitutional challenges to those infringements of human rights.

That is exactly what is now happening in Cortes v. Lakosky. According to the complaint, Ms. Cortes had applied for a special category of U.S. visa for certain victims of mental or physical abuse. That application was eventually granted, and Ms. Cortes lawfully remains in the U.S.   But when she was stopped and cited for minor, non-criminal traffic violations (which did not, in themselves, provide a basis for arrest), a Pinal County Sheriff’s deputy demanded evidence of her legal presence in the U.S., basing that demand on SB 10170.

Ms. Cortes actually had a copy of her pending visa application in the glove compartment of her car, but the sheriff’s deputies didn’t want to look at it. Rather than citing her on the spot and letting her go on her way as soon as that was done, the Instead, they detained her, handcuffed her, transported her in custody to an office of the Border Patrol, and turned her over to Border Patrol agents who held her for five more days.

No criminal charges and no allegations of illegal presence or other immigration law violations were ever filed against Ms, Cortes.  The sole basis for the prolongation of Ms. Cortes’ detention, her arrest, and her transportation to the Border Patrol office was an (unwarranted) suspicion of unlawful presence in the U.S.

The complaint seeks damages from the sheriff’s deputies, in their individual capacities.

GAO audit confirms TSA shift to pre-crime profiling of all air travelers

Monday, September 22nd, 2014

A Congressional hearing last week on the so-called “Secure Flight” system for “screening” domestic air travelers confirmed that the TSA has completed a shift from blacklist and whitelist matching to a comprehensive real-time pre-crime profiling system that assigns each air traveler a  “risk assessment” score on the four-step scale we’ve previously described and which is illustrated above in the latest GAO report.

Redacted versions of three audit reports on Secure Flight by the Government Accountability Office (1, 2, 3) were made public in conjunction with GAO testimony at the hearing.  According to one of those reports, “Secure Flight” started out as a blacklist and whitelist matching system:

Since implementation began in January 2009, the Secure Flight system has identified high-risk passengers by matching SFPD [against the No Fly List and the Selectee List, subsets of the Terrorist Screening Database (TSDB), the U.S. government’s consolidated watchlist of known or suspected terrorists maintained by the Terrorist Screening Center, a multiagency organization administered by the Federal Bureau of Investigation (FBI)…. To carry out this matching, the Secure Flight system conducts automated matching of passenger and watchlist data to identify a pool of passengers who are potential matches to the No Fly and Selectee Lists. Next, the system compares all potential matches against the TSA Cleared List, a list of individuals who have applied to, and been cleared through, the DHS redress process.

But that’s not how it works any more. According to the same GAO report:

Since January 2009, the Secure Flight program has changed from one that identifies high-risk passengers by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. Specifically, Secure Flight now identifies passengers as high risk if they are matched to watchlists of known or suspected terrorists or other lists developed using certain high-risk criteria, as low risk if they are deemed eligible for expedited screening through TSA Pre-Check — a 2011 initiative to preapprove passengers for expedited screening — or through the application of low-risk rules, and as unknown risk if they do not fall within the other two risk categories. To separate passengers into these risk categories, TSA utilizes lists in addition to the No Fly and Selectee Lists, and TSA has adapted the Secure Flight system to perform risk assessments, a new system functionality that is distinct from both watchlist matching and matching against lists of known travelers.

We’ve said from the start that Secure Flight would not be limited to “list matching” and would assign risk scores to all travelers. Now that’s been confirmed by GAO auditors.  When the TSA talks about “risk-based screening”, what they mean is “pre-crime profiling” of all air travelers — part of a larger pattern of “predictive” pre-crime policing through surveillance and profiling.

The diagram at the top of this article shows what the GAO says the current “Secure Flight” profiling process, and its consequences, look like. Note the references to “risk assessments” and “rules-based lists”, although in fact these are real-time scoring systems and there are no publicly-disclosed “rules”.

(more…)

LA police lie about whether you have to show them ID

Thursday, September 18th, 2014

Last week a Los Angeles police officer detained the movie actress Danielle Watts and told her, “I have every right to ask for you ID…. You do not have a right to say ‘No’…. Somebody called, which gives me the right to be here, so it gives me the right to identify you by law.”

In the aftermath, the Los Angeles Police Protective League (LAPPL) has posted a false and misleading so-called “public service announcement” on the subject of Providing ID To Police Officers.

What happened to Ms. Watts, and what is our reading of the case law on these issues?

(more…)

“I don’t want a unitary, unfakeable identity.”

Wednesday, August 27th, 2014

Dan Geer’s keynote speech at the Blackhat security conference earlier this month (video, transcript) included an important discussion of the often-misunderstood “right to be forgotten” and the larger context of why it matters: the threat posed by compelled identification, and how we can defend ourselves against that threat:

Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified.  No more — what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative?  If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control.  If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself…

The Obama administration’s issuance of a National Strategy for Trusted Identities in Cyberspace [NSTIC] is a case in point; it “calls for the development of interoperable technology standards and policies — an ‘Identity Ecosystem’ — where individuals, organizations, and underlying infrastructure — such as routers and servers — can be authoritatively authenticated.”  If you can trust a digital identity, that is because it can’t be faked…. Is having a non-fake-able digital identity for government services worth the registration of your remaining secrets with that government?  Is there any real difference between a system that permits easy, secure, identity-based services and a surveillance system? Do you trust those who hold surveillance data on you over the long haul, by which I mean the indefinite retention of transactional data between government services and you, the individual required to proffer a non-fake-able identity to engage in those transactions?  Assuming this spreads well beyond the public sector, which is its designers’ intent, do you want this everywhere?…

I conclude that a unitary, unfakeable digital identity is no bargain and that I don’t want one.  I want to choose whether to misrepresent myself.  I may rarely use that, but it is my right to do so.  If that right vanishes into the panopticon, I have lost something and, in my view, gained next to nothing. In that regard, and acknowledging that it is a baby step, I conclude that the EU’s “Right to be Forgotten” is both appropriate and advantageous though it does not go far enough.  Being forgotten is consistent with moving to a new town to start over, to changing your name, to a definition of privacy that turns on whether you do or do not retain the effective capacity to misrepresent yourself…. A right to be forgotten is the only check on the tidal wave of observability that a ubiquitous sensor fabric is birthing now, observability that changes the very quality of what “in public” means….

There’s more: video, transcript.

Mr. Geer’s comments help answer one of the questions we are most frequently asked: What’s Wrong With Showing ID?

(more…)

Sai v. TSA: A case study in TSA secrecy

Tuesday, August 19th, 2014

Time and time again, the TSA has acted as though its middle name was “secrecy” rather than “security”.

Case in point: Sai v. TSA.

There’s a lot at issue in this case, but here are some of the problems with the TSA that it has exposed:

Sai poses no threat to aviation security. He has an unusual but recognized medical condition, attested to by documentation from his doctor that he carries when he travels, for which he needs ready access to liquids.  The TSA is required by law to accommodate such medical disabilities, as it easily could.  TSA press releases claim that travelers are allowed to bring medically necessary liquids through TSA checkponts in any quantity.

But TSA employees at airport checkpoints at Logan Airport in Boston and the TSA contractors who staff the checkpoints at San Francisco International Airport have, among other improper actions, seized Sai’s medical liquids, denied him access to his medical liquids while detaining him, and refused to allow him to pass through checkpoints or travel by air unless he abandoned his medical liquids.

While detaining Sai, TSA employees and contractors have conducted searches unrelated to weapons or explosives (but directly related to activities protected by the First Amendment), including reading through and copying documents Sai was carrying.

The TSA has never tried to claim that any of these actions were justified by “security” concerns. Instead, the TSA has responded to Sai’s requests for information, administrative complaints, and eventual federal lawsuit solely on the basis of secrecy, when it has responded at all, arguing that it isn’t required to divulge anything about what it has done, why, or whether it is justified.

The TSA claims to practice “layered security,” but Sai’s saga shows how the TSA actually practices “layered secrecy” to shield its activities from public and judicial accountability.

(more…)

Another brick in the (falling) REAL-ID wall

Wednesday, August 13th, 2014

July 21, 2014 marked “Phase 2″ of implementation of the REAL-ID Act.

What does this mean, and does it matter?

As of July 21, drivers’ licenses and other state ID credentials issued by US states or territories that haven’t been certified by the DHS to comply with the REAL-ID Act cannot be accepted by Federal agencies for access to ID-controlled “restricted” areas of Federal facitlties (”i.e., areas accessible by agency personnel, contractors, and their guests”).

Because Federal agencies typically issue their own ID credentials to their own employees and regular contractors, this will mostly affect occasional visitors to Federal facilities. NASA, for example, which has facilities in states that have not been certified by DHS as sufficiently compliant, has issued this advice to would-be visitors:

Effective July 21, 2014, the implementation of Phase II of the Real-ID Act (2005) restricts the use of state ID from non-compliant states (including New York) as an acceptable form of identification for federal facilities (including NASA GISS). If you are intending to visit GISS and only have a standard drivers license from a non-compliant state, please ensure that you have a second form of ID (passport, military ID, etc.) to avoid unnecessary complications.

It isn’t clear from this notice, or others we’ve seen, what these “unnecessary complications” will amount to. Visitors with ID credentials from non-compliant states will, presumably, be treated as visitors without “valid” state ID credentials, but that begs the questions of whether or on what basis they will be allowed entry after additional scrutiny or some form of alternate ID verification, allowed entry but only if escorted by staff and not allowed unescorted, or denied entry entirely.

In its eseence, the REAL-ID Act was intended to mandate the creation of a distributed national identity card system. The key “compliance” requirement for states and territories is participation in a linked, distributed database of ID-card and biometric information about all ID cardholders nationwide.

The intent of the Federal law is to force states to particpate in (and absorb the cost of) this scheme, sparing the Feds the costs and hassle of issuing national ID cards and providing (implausible) deniability as to whether it’s a “national ID” at all: “See, it’s not a ‘national’ ID card. It’s still issued by your state.”

But since the Feds probably don’t have jurisdiction over state issuance of drivers’ licenses or state ID cards, the REAL-ID Act relies on threats, rather than direct orders, to extort compliance by states resistant to registering their citizens and residents in a national ID database.

(more…)

US government’s witchhunting manual made public

Monday, July 28th, 2014

The Intercept has published the March 2013 edition of the US government’s Watchlisting Guidance. This 166-page document, previously kept secret as Sensitive Security Information (SSI), provides standardized but not legally binding “guidance” to Federal executive agencies as to how, on what basis, and by whom entries are to be added to or removed from terrorism-related government “watchlists”, and what those agencies are supposed to do when they “encounter” (virtually or in the flesh) people who appear to match entries on those lists.

The Intercept didn’t say how it obtained the document.

The “Watchlisting Guidance” is the playbook for the American Stasi, the internal operations manual for a secret political police force.  As such, it warrants careful and critical scrutiny.

Most of the initial reporting and commentary about the “Watchlisting Guidance” has focused on the substantive criteria for adding individuals and groups to terrorism watchlists.  Entire categories of people can be added to watchlists without any basis for individualized suspicion, as discussed in Section 1.59 on page 26 of the PDF.

These criticisms of the watchlisting criteria are well-founded. But we think that there are at least as fundamental problems with what this document shows about the watchlisting procedures and the watchlist system as a whole.

(more…)

The rights of migrants, refugees, and asylum seekers

Sunday, June 1st, 2014

At the invitation of the U.N. Office of the High Commissioner for Human Rights (OHCHR), we’ve submitted the following recommendations concerning the right to freedom of movement as it relates to migrants, refugees, and asylum seekers at ports, airports, borders, and checkpoints:

As an NGO primarily concerned with the right to freedom of movement, the Identity Project (PapersPlease.org) welcomes the invitation and opportunity to provide this information to the Office of the High Commissioner for Human Rights, for your use in preparing your report to the General Assembly concerning the human rights of migrants while in transit, including in ports and airports and at borders and checkpoints.

We are pleased that Resolution A/RES/68/179, as adopted by the General Assembly on 18 December 2013,  “Reaffirm[s] that everyone has the right to freedom of movement and residence within the borders of each State and the right to leave any country, including his or her own, and to return to his or her country,” in accordance with Article 12 of the International Covenant on Civil and Political Rights (ICCPR).

Unfortunately, that right, and in particular the right to leave any country, is routinely and systematically violated. These violations have especially grave consequences for asylum seekers who are prevented from fleeing countries where they are experiencing, are at risk of, and/or have a well-founded fear of persecution.

Airlines routinely prevent refugees and asylum seekers from boarding flights on which they seek to depart from countries where they are being persecuted.  In many of these cases, these refugees and asylum seekers would be eligible for admission and asylum on arrival in other countries, if they were allowed to travel to places of refuge.

(more…)