Archive for the ‘Papers, Please’ Category

REAL-ID Act implementation, enforcement, and resistance

Monday, February 23rd, 2015

Is gradual implementation of the REAL-ID Act cooking us slowly, like frogs who, if the temperature of the water is increased gradually enough, don’t realize that they need to jump out of the pot until it’s too late?

Last month was another of the deadlines set by the Department of Homeland Security for “implementation” and “enforcement” of the REAL-ID Act.  That also makes it time for stepped-up resistance to REAL-ID.

Understanding the meaning of this deadline, and the remaining deadlines to come, requires some background. Below is an overview of what the REAL-ID Act is, how and by whom it will be implemented and enforced, what it means to “comply” with the REAL-ID Act, what we can expect to happen next, and — perphaps most importantly — what we can do, now, to resist it.

The REAL-ID Act of 2005 is a Federal law intended to mandate the creation of a distributed but integrated national database of personal identity records (including birth certificates or alternative “breeder documents” [sic]) linked to state-issued identity credentials. The REAL-ID Act also includes Federal standards for the physical ID cards, including drivers’ licenses or alternative non-driver ID cards, issued by US states and territories. But the real focus is on the database: what data will be included and how it will be normalized and made accessible through a single user query interface.

The Federal government can, and often does, bribe states with Federal funding to do things the way the Feds want. But the REAL-ID Act didn’t include funding for state-level implementation, and was based (like many other DHS programs, such as its multi-billion dollar mandates for modifications to airline IT systems to support surveillance and control of air travelers) on gross underestimates of its cost. In any event, some states strongly opposed the whole idea of a national ID scheme, and would probably have declined to participate even if the Feds had been willing to foot the bill.

The states already manage the issuance of drivers’ licenses and non-driver ID cards, which are most US citizens’ primary government-issued identity credentials.  Setting up a Federally-administered ID credential system would have been vastly more expensive and politically controversial than leaving it to the states.

So the problem for the architects of “REAL-ID” was how to induce all the states and territories to “comply” with goals and standards that would neither be officially binding on the states, nor financed by the Feds.

The workaround for indirect coercion of state governments was to threaten Federal sanctions against individual residents of states that don’t comply with the REAL-ID Act. The sponsors of REAL-ID hoped that these threats would scare voters into lobbying their state legislators’ to bring their states into line with the Feds’ desires.

The REAL-ID Act doesn’t officially “require” states or individuals to do anything.  Its “enforcement” mechanism is a prohibition on acceptance for “Federal purposes” of drivers’ licenses or other ID credentials issued by states or territories that don’t comply with the requirements in the Federal law and the implementing regulations issued by the DHS.

There was still a problem for the DHS and the other backers of REAL-ID, however: How to make the threat of sanctions against residents of “noncompliant” states sufficiently harsh and sufficiently credible to get them to pressure their state governments to comply, without catalyzing a mass movement of grassroots resistance by outraged victims (or potential victims, or their supporters) of those sanctions.

The strategy adopted by the DHS has been to phase in the sanctions very gradually, over a period of many years, starting with those which would have the least significant consequences.  The problem for the DHS is that those threats which are most intimidating are those which would be most likely to provoke blowback against the Feds, and lead to more pressure on Congress to repeal the REAL-ID Act. The result has been a decade-long game of chicken between the DHS and reluctant or resistant state governments.

The DHS won’t (and politically can’t) admit the possibility that states won’t kowtow to its demands. State legislators can’t believe that the DHS would really be able to get away with denying access to Federally-controlled facilities and programs (more on that below) to all residents of noncompliant states, as well as residents of compliant states who are unable and/or unwilling to satisfy the documentary prerequisites for issuance of a REAL-ID compliant ID card.

When states haven’t complied — because they didn’t want to, or because they couldnt’t afford to, or because it was taking longer than expected to develop the infrastructure for the distributed database  — the DHS postponed the deadlines.

It’s been a decade since the REAL-ID act of 2005 was enacted, and most residents of “noncompliant” states have yet to be subjected to any Federal consequences for not having a REAL-ID card.  The criterion for “compliance” is political obeisance and stated or inferred intent, not action. All states that said they intended eventually to comply were deemed to be “compliant”, and given extensions of time to get with the program in practice. Even some states which enacted state laws prohibiting state agencies from implementing REAL-ID procedures have been “certified” by the DHS to be in “constructive compliance” with the required intent to comply.

Is this DHS certiification wishful thinking? What will these states do as the deadlines approach? That remains to be seen, and depends primarily on what individual residents of those states do.


Hearing March 17th in Denver on “Freedom Flyer” Phil Mocek’s appeal

Wednesday, February 4th, 2015

Oral arguments on “Freedom Flyer” Phil Mocek’s appeal of the dismissal of his Federal civil rights lawsuit against the TSA employees and Albuquerque police responsible for falsely arresting him at a TSA checkpoint at the Albuquerque airport in 2009 have been scheduled for Tuesday, March 17th, in Denver, Colorado.

The 10th Circuit Court of Appeals hearing will be (sort of) open to the public, with caveats as discussed below.

Mr. Mocek was arrested — valid boarding pass in hand — in retaliation for trying to exercise his First Amendment rights to (a) travel by licensed interstate common carrier and (b) film and record what happened when he tried to fly without having government-issued ID credentials in his possession.

Despite the inept efforts of the police to destroy the evidence against themselves (Mr. Mocek’s audio and video recording of his false arrest, which he was able to recover) and their equally inept efforts to lie about what had happened in their written reports and in their testimony at Mr. Mocek’s criminal trial, Mr. Mocek was acquitted by an Albuquerque jury on January 21, 2011, of all of the charges that were trumped up after the fact to try to justify his arrest.

On November 14, 2011, Mr., Mocek sued the TSA, the city of Albuquerque and its police, and the individual TSA employees and police officers responsible for depriving him of his civil rights.

In pre-trial rulings on January 24, 2013 and February 28, 2014, a Federal District Court judge in Albuquerque dismissed all of Mr. Mocek’s complaints against the various Federal government, local government, and individual defendants on the grounds that:

  • The TSA and its employees were not responsible for what happened to Mr. Mocek after they called the police. The TSA swears that its checkpoint staff have no authority to arrest anyone or tell the police to do so. But this issue is now the subject of an explicitly acknowledged dispute between the 4th Circuit (”It is an undoubtedly natural consequence of reporting a person to the police that the person will be arrested; especially in the scenario we have here, where TSA and [airport] police act in close concert”) and the 3rd Circuit (”[I]t seems just as likely that police officers who are summoned by TSA Officials would use their own independent discretion to determine whether there are sufficient grounds to take someone into custody”).
  • The defendants all had “qualified immunity” from liability because the First Amendment right to film and record the actions of the TSA and police at a checkpoint for passengers passing through a publicly-owned and operated airport en route to flights operated by Federally-licensed interstate common carriers was either nonexistent or not “clearly established”.  This makes a mockery, of course, not just of the First Amendment itself but of the entire body of “Freedom Rider” case law concerning the First Amendment rights of interstate common-carrier (bus) passengers passing thrrough publicly and even at privately-owned and operated terminal and transit facilities.
  • The arrest of Mr. Mocek was permissible because the police “had reasonable suspicion to demand that Mocek produce identifying documents, and, upon his failure to comply, probable cause for his arrest.”  This claim fundamentally misconstrues both New Mexico law on ID and key aspects of the Supreme Court’s decision in Hiibel v. 6th Judicial District Court.

Mr. Mocek then appealed to the U.S. Court of Appeals for the 10th Circuit. Written briefs were filed by Mr. Mocek (Appellent/Petitioner) and the original defendants (Appellees/Respondents):

Oral argument before a three-judge panel of the 10th Circuit Court of Appeals is scheduled for Tuesday, March 17, 2015, beginning at 9 a.m., in Courtroom 2 of the Byron White U.S. Courthouse, 1823 Stout St., Denver, CO. Oral argument will probably last no more than an hour, but there are five cases on the same 9 a.m. argument calendar, so people planning to attend should probably allow the whole morning.

“Identification” is required to enter the courthouse, but there don’t appear to be any published rules as to what constitutes sufficient ID. According to Local Rule 57.4 (”Security”):

On request of a United States marshal, court security officer, federal protective service officer, or court official, anyone within or seeking entry to any court building shall produce identification and state the nature of his or her business. Failure to provide identification or information shall be grounds for removal or exclusion from the building.

Photography, audio or video recording, or broadcasting are prohibited anywhere inside the courthouse (not just in courtrooms).  Cameras and recording or broadcasting devices that lack any other functions are barred form the courthouse. Cell phone, laptops, and other electronic devices are allowed in the courthouse, and may be used (silently and without photography or audio or video recording or broadcasting) in the courtroom, subject to these rules of the 10th Circuit Court of Appeals and of the U.S. District Court for the District of Colorado, which manages the building in which both courts are located.

There’s more information in our FAQ’s about the original events and Mr. Mocek’s false arrest and eventual acquittal on criminal charges and about Mr. Mocek’s ongoing Federal civil rights lawsuit which is the subject of this appellate hearing.

We’ll be in Denver on March 17th to observe and report on this hearing and to show our continued support for Mr. Mocek. We invite you to join us inside and/or outside the courthouse, and/or to help pay off Mr. Mocek’s debts for the costs of defending himself against the original false criminal charges.

Wikileaks publishes CIA reports on travel ID checks

Monday, January 12th, 2015

Wikileaks has published two internal briefing documents produced for the use of CIA undercover agents, describing the methods used by airlines and governments to identify international travelers.

Both of these reports were produced as part of the CIA’S previously-unknown CHECKPOINT program of travel ID-related activities:

This product has been prepared by CIA’s CHECKPOINT Identity and Travel Intelligence Program. Located in the Identity Intelligence Center (i2c) within the Directorate of Science and Technology, CHECKPOINT serves the Intelligence Community by providing tailored identity and travel intelligence products. CHECKPOINT collects, analyzes, and disseminates information to help US intelligence personnel protect their identities and operational activities while abroad.

One of the reports, “Surviving Secondary“, describes ID-related “secondary screening” procedures at international airports, with examples from the US, EU, and other countries around the world.  The other report is an overview of, “The European Union’s Schengen biometric-based border-management systems.”

Most of the airline and government profiling and “screening” activities described in the reports, are already well-known.  These include many of the ways that governments obtain and use Passenger Name Record (PNR) and Advance Passenger Information (API or APIS) data derived form airline reservations.

But these newly-released reports also confirm that the CIA (and the other agencies with which the reports have been shared within the US government) are aware of some airline and government activities and some vulnerabilities for travelers which we and others have complained about, but which the US government has not previously acknowledged.

One problem confirmed by the CIA report on secondary screening is that government agencies can, and routinely do, obtain and use PNR, API, and other airline data, without legal authority or due process:

Security services lacking APIS or PNR information may have other arrangements to receive passenger manifests ahead of time. For example, the Airport Police Intelligence Brigade (BIPA) of the Chilean Investigative Police does not routinely obtain advance passenger manifests but can request the information from airlines on an ad hoc basis to search for targets of interest. Strict privacy laws covering Danish citizens extend to all passengers traveling through Copenhagen airport such that the Danish Police Intelligence Service (PET) cannot legally obtain routine access to flight manifests. However, if one of PET’s four cooperative airline contacts is on duty, the service can unofficially request a search on a specific name, according to August 2007 liaison reporting.

Airline data obtained by government agencies through these extrajudicial channels is used for profiling and targeting of searches, questioning, and other adverse actions against travelers.

This practice is illegal in many of the countries where it is routine, but typically occurs without leaving a trace.  Many airline staff are willing to betray their customers’ privacy to government agencies. And because no records are kept of who accesses PNR data, both government agents and their airline collaborators know that they are unlikely to be held accountable unless they confess or are caught in the act.

The persistence of routine “informal”, often illegal, and almost always unrecorded government access to airline data about travelers highlights a crucial issue we’ve been talking about for years: the complete absence of access logging in the architecture of the computerized reservation systems (CRSs) which host airlines’ PNR databases.  CRSs have PNR change logs, but no PNR access logs.

Governments and travelers must demand that CRSs add comprehensive access logging to their core functionality for PNR hosting. That won’t stop the problem. Airline staff will still be able to show government agents printouts or let them look at displays, with only the airline personnel’s  access being logged. But access logs will help, and are an essential first step toward control of PNR data “leakage”.

The CIA report on secondary screening also confirmed that the CIA is aware of the sensitivity and use by European governments (and presumably other governments) of associational information contained in fare basis codes, ticket designators, and travel agency IDs:

April 2007 reporting resulting from a liaison exchange with the Hungarian Special Service for National Security (SSNS) provides insights into factors considered by officers at Ferihegy airport in Budapest, Hungary when examining tickets. Officers check … whether the ticket fare code represents a government or military discount, or whether a government travel agency booked the ticket. Hotel and car reservations are similarly examined for unusual discounts or government affiliation.

Of course, the same PNR data elements and pricing and ticket designators can reveal other, non-governmental, affiliations between travelers and with other individuals and groups. If an airline gives a discount to members of a political organization, trade union, or other group attending a convention or meeting, for example, each PNR and ticket for a member who receives the discount typically includes some unique code.

Despite complaints, including ours, both US and European officials have denied that ticket designators and similar codes in PNRs can reveal sensitive associational data.  Now we know that this information is already being used by European governments, and that the CIA is aware of these uses.  There’s no more excuse for pretending that these data elements are innocuous or that they can be “shared” without risk to travelers.

DHS proposes ID and search rules for passengers on ocean-going ships

Thursday, December 11th, 2014

In a Notice of Proposed Rulemaking (NPRM) published yesterday in the Federal Register, the Coast Guard has proposed that all so-called “cruise ship” ports be required to carry out airport-style searches (”screening) and check identity credentials of all embarking and disembarking passengers and any other visitors entering the port.

Entities responsible for the operations of large passenger vessels and ports are already required to submit “security” plans to the Coast Guard. Because those current plans are filed in secret, it’s not entirely clear how the  proposed requirements differ from current practices.

According to the NPRM, the Coast Guard’s guidelines for complying with the current regulations, in addition to various other supporting documents, were included in the rulemaking docket. We’ve confirmed with the docket office, however, that the Coast Guard never provided any of the supporting documents for posting on or over-the-counter availability at the docket office. Presumably, a corrected notice with a new due date for comments will be published in the Federal Register once these documents are made publicly available.

From the summary in the NPRM, it appears that the main proposed changes are new requirements for port operators to:

(a) Screen all persons, baggage, and personal effects for dangerous substances and devices in accordance with the requirements in subpart E of this part;

(b) Check the identification of all persons seeking to enter the facility in accordance with §§ 101.514, 101.515, and 105.255 of this subchapter….

The difference in “screening” practices contemplated by the proposed rules seems to be that they would be more standardized than at present, more like those at airports, and would be required to enforce a Coast Guard “prohibited items” list.  Although the list of items prohibited from aircraft is designated as “Sensitive Security Information”, the Coast Guard has included a tentative list of items proposed to be prohibited from cruise ship cabin baggage in the proposed rules. At the same time, the proposed rules would provide that:

The Prohibited Items List does not contain all possible items that may be prohibited from being brought on a cruise ship by passengers. The Coast Guard and the cruise ship terminal reserve the right to confiscate (and destroy) any articles that in our discretion are considered dangerous or pose a risk to the safety and security of the ship, or our guests, and no compensation will be provided.

Cruise ship passengers are already required to “present personal identification in order to gian entry to a vessel [or port] facility,”  but it isn’t clear how or by whom this is supposed to be enforced. The propsoed rules would create a new obligation for port operators to check passengers’ ID credentials.

As with the definition of “prohibited items”, the definition of acceptable ID credentials is defined for air travel only in secret (SSI) TSA Security Directives and/or Standard Operating Procedures, but is defined publicly in Federal regulations for cruise ships.

The NPRM would leave the definition of acceptable ID unchanged. In addition to government-issued ID credentials, the regulations specifically provide for the acceptance of ID issued under thre authority of, “The individual’s employer, union, or trade association”, as long as it is laminated, includes a current photo, and baears the name of the issuing authority.

By its plain language, this regulation allows any self-employed person to issue their own self-signed personal ID credentials for access to port facilities.

That’s not inappropriate, since many self-employed contractors need to enter ports for business reasons.

In practice, most cruise lines enforce (with or without legal authority) ID requirements more stringent than those in Federal regulations. But we’d be interested in hearing from anyone who has presented self-signed ID credentials, in accordance with these regulations, for purposes of entry to a port or to board a cruise ship.  Some cruise lines alloow guests onboard while ships are in port, such as friends seeing off passengers. So you might be able to experiment without being a passenger yourself.


DHS adds discrimination by national origin to pre-crime profiling of US visitors

Monday, November 3rd, 2014

Secretary of Homeland Security Jeh Johnson announced this morning that, with immediate effect and with no advance notice or warning, foreign citizens “seeking to travel to the United States from countries in our Visa Waiver Program (VWP) will be required to provide additional data fields of information in the travel application submitted via the Electronic System for Travel Authorization (ESTA).”

The additional questions which have already been added to the newly “Enhanced” ESTA application include:

  • Other Names/Aliases
  • Other Citizenships
  • Parents name(s)
  • National Identification Number (if applicable)
  • U.S. Contact information (email, phone, points of contact)
  • Employment information (if applicable)
  • City of Birth

As discussed in our comments to DHS when it was first proposed, the ESTA is a a travel permission and exit-permit system of dubious legality. Prior application, payment of the ESTA fee (by credit card only, so that CBP has a credit card number on file to link the travel history of each ESTA applicant to a financial history), and receipt of ESTA approval is required by the US before boarding any flight departing from any other country in the world, with the intention of eventually traveling to the USA.

ESTA approval is not a guarantee of admission to the US, and the US has consistently and explicitly claimed that ESTA is solely a travel-permission scheme, not a visa requirement.  (If it were deemed a visa requirement, US citizens would likely be subjected to reciprocal visa requirements to visit VWP countries.)  So the sole purpose of adding questions to the ESTA application form is to add them to the inputs to the pre-crime profiling process that determines whether to allow an applicant to travel to the US for the purpose of applying, on arrival at a US port of entry, for visa-free admission to the US as a visitor.

In other words, the only reason to ask citizens of VWP countries about their other or prior citizenship(s), if any, is for DHS to discriminate between citizens of the same WVP country, in making ESTA permission-to-travel decisions, on the basis of those VWP-country citizens’ prior national origins.

This is a disgraceful act of overt US government bigotry, and all citizens of both the USA and VWP countries should be outraged.  Why should the US think it can treat citizens of, say, the UK or Germany differently on the basis of their national origin, as evidenced by what other countries’ passports they also hold or previously held? Such blatant discrimination against  US citizens on the basis of their national origin would be illegal on its face, although it has been standard illegal operating procedure for the DHS.

DHS claims in its FAQ about today’s ESTA “enhancements” that it can mandate provision of this additional information through a Paperwork Reduction Act (PRA) notice of information collection, without needing to promulgate any new or revised regulations:

Why is DHS doing this under a Paperwork Reduction Act and not a regulation?

The relevant regulatory provision does not list the specific data elements that VWP travelers must provide in order to obtain an ESTA. Instead, the regulation states that “ESTA will collect such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I-94W Nonimmigrant Alien Arrival/Departure Form (I-94W).” Since there are no data elements listed in the regulation, there is no need to update the regulation. The revisions to the ESTA data elements fall under the Paperwork Reduction Act since DHS is amending an information collection (Form I-94W) and not amending a regulation.

The problem with this is that DHS has already added the new questions to the ESTA form, but doesn’t appear to have gotten the necessary approval from the Office of Management and Budget (OMB) for their inclusion.

DHS has a long history of ignoring the PRA and failing to get its forms approved by OMB. The PRA notice in the online ESTA application form refers to OMB approval control number 1651-0111, which was issued September 17, 2014. But the Federal Register notices and other documents submitted to OMB to support that approval don’t appear to have included the new questions added to the form today.

Supreme Court to review Constitutionality of warrantless police access to hotel guest logs

Monday, October 20th, 2014

Today the US Supreme Court agreed to review whether — as was decided en banc by the 9th Circuit Court of Appeals last year — a Los Angeles city ordinance requiring hotel-keepers to identify guests, log their identities and the details of their hotel stays, and open those log books to police inspection at any time, without advance notice, any basis for suspicion, or a warrant or subpoena — is, on its face, in violation of the Fourth Amendment to the US Constitution.

It’s interesting that hotels are the context in which the Supreme Court has chosen to consider service providers’ Fourth Amendment objections to warrantless, suspicionless compelled police access to business transaction metadata about their customers’ identities, locations, and activities at particular times and dates.  The Supreme Court has yet to accept any cases dealing with such objections by telecommunications, air transportation, or internet service providers, despite the essentially similar issues in those industries.

The key difference is that few providers of other services have challenged the government’s demands in court, as hotel owners did in the case now known at the Supreme Court as City of Los Angeles v. Patel.

The Los Angeles hotel registry ordinance mandates exactly the same three essential elements, for example, as the Federal government’s system for outsourced dragnet surveillance and control of air travelers:

  1. Presentment to private service providers of government-issued ID credentials (to enable log entries to be compiled into, linked with, and mined from personal travel history dossiers).
  2. Recording by service providers of transaction metadata including locations, time, date, and customer ID information.
  3. Warrantless, suspicionless, “open book” police root access to these metadata logs at any time.

So far as we know, however, not one airline, travel agency (online or offline), or computerized reservations service (including Google, which now operates an airline reservations hosting service) has challenged any of the government’s dragnet demands for customer transaction, location, chronology, and ID metadata.

In its (successful) argument to the Supreme Court to take the case, the city of L.A. argues that state and local laws mandating identification, logging, and police access to logs of hotel guest information are “ubiquitous”, and that by the logic of the 9th Circuit decision all these laws could be found to be unconstitutional on their face. That’s true. Hotel guests (”outsiders”) have long been deemed per se suspicious persons, and hotel registry laws are among the oldest and most pervasive of (unconstitutional) laws mandating businesses to compile and maintain metadata about their customers’ and their activities and make it available to police, without warrant or suspicion for data mining or gumshoe fishing expeditions. That’s exactly why it’s so important for the Supreme Court to uphold the decision of the Court of Appeals.

The hotel owners challenged only the requirement for warrantless open-book police access to hotel registries, and not the requirements for hotels to maintain such registries or for hotel guest to show ID. That’s still an important challenge, though, and one that goes further than other businesses (certainly further than any other travel businesses) have done to defend their customers’ rights not to treated as suspects.

We continue to commend the hotel owner plaintiffs/respondents in this case for their stand. Other businesses in the travel, communications, and Internet industries could and should bring similar court challenges when they are presented with similar (and similarly unconstitutional) government demands.  They cannot excuse their actions in spying on their customers by saying, “The government made us do it, and we had no choice,” if they never asked a court to rule on whether that “demand” was legally valid.

First challenge to detention & arrest under Arizona “Papers, Please!” law

Sunday, September 28th, 2014

The first lawsuit challenging the legality of a detention and arrest as a consequence of Arizona’s “Papers, Please!” law (SB 1010) was filed this week by the ACLU of Arizona on behalf of  Ms. Maria del Rosario Cortes Camacho.

SB 1070, enacted in 2010, requires Arizona state and local law enforcement officers to make “a reasonable attempt …, when practicable, to determine the immigration status of the person” whenever an officer makes a “lawful contact” with any person “where reasonable suspicion exists that the person is an alien who is unlawfully present in the United States.”

Although portions of the law were found unconstitutional, this part of the law was upheld by the Supreme Court in 2012 on the basis that at least this part of the law could be applied Constitutionally, if and only if it was construed solely as creating an obligation on law enforcement officers to “attempt” to verify immigration status without committing other Constitutional violations in the process.

The Supreme Court declined to presume that this “attempt” would necessarily, or in practice, result in more prolonged detention than would otherwise be permitted, or in arrest that wouldn’t otherwise have been made:

There is a basic uncertainty about what the law means and how it will be enforced. At this stage, without the benefit of a definitive interpretation from the state courts, it would be inappropriate to assume §2(B) will be construed in a way that creates a conflict with federal law…. This opinion does not foreclose other preemption and constitutional challenges to the law as interpreted and applied after it goes into effect.

As we said at that time:

Close reading of the law and the Supreme Court opinion makes clear that the next step for opponents of the law is to test how, in practice, the state of Arizona will answer the questions asked by the Supreme Court: Will people in Arizona be detained, will their detentions be prolonged, or will their releases from custody be delayed (without, in each case, some other lawful basis) merely to check their immigration status?

If any of things happen to people in Arizona, the Supreme Court has explicitly left it open for them to bring new Constitutional challenges to those infringements of human rights.

That is exactly what is now happening in Cortes v. Lakosky. According to the complaint, Ms. Cortes had applied for a special category of U.S. visa for certain victims of mental or physical abuse. That application was eventually granted, and Ms. Cortes lawfully remains in the U.S.   But when she was stopped and cited for minor, non-criminal traffic violations (which did not, in themselves, provide a basis for arrest), a Pinal County Sheriff’s deputy demanded evidence of her legal presence in the U.S., basing that demand on SB 10170.

Ms. Cortes actually had a copy of her pending visa application in the glove compartment of her car, but the sheriff’s deputies didn’t want to look at it. Rather than citing her on the spot and letting her go on her way as soon as that was done, the Instead, they detained her, handcuffed her, transported her in custody to an office of the Border Patrol, and turned her over to Border Patrol agents who held her for five more days.

No criminal charges and no allegations of illegal presence or other immigration law violations were ever filed against Ms, Cortes.  The sole basis for the prolongation of Ms. Cortes’ detention, her arrest, and her transportation to the Border Patrol office was an (unwarranted) suspicion of unlawful presence in the U.S.

The complaint seeks damages from the sheriff’s deputies, in their individual capacities.

GAO audit confirms TSA shift to pre-crime profiling of all air travelers

Monday, September 22nd, 2014

A Congressional hearing last week on the so-called “Secure Flight” system for “screening” domestic air travelers confirmed that the TSA has completed a shift from blacklist and whitelist matching to a comprehensive real-time pre-crime profiling system that assigns each air traveler a  “risk assessment” score on the four-step scale we’ve previously described and which is illustrated above in the latest GAO report.

Redacted versions of three audit reports on Secure Flight by the Government Accountability Office (1, 2, 3) were made public in conjunction with GAO testimony at the hearing.  According to one of those reports, “Secure Flight” started out as a blacklist and whitelist matching system:

Since implementation began in January 2009, the Secure Flight system has identified high-risk passengers by matching SFPD [against the No Fly List and the Selectee List, subsets of the Terrorist Screening Database (TSDB), the U.S. government’s consolidated watchlist of known or suspected terrorists maintained by the Terrorist Screening Center, a multiagency organization administered by the Federal Bureau of Investigation (FBI)…. To carry out this matching, the Secure Flight system conducts automated matching of passenger and watchlist data to identify a pool of passengers who are potential matches to the No Fly and Selectee Lists. Next, the system compares all potential matches against the TSA Cleared List, a list of individuals who have applied to, and been cleared through, the DHS redress process.

But that’s not how it works any more. According to the same GAO report:

Since January 2009, the Secure Flight program has changed from one that identifies high-risk passengers by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. Specifically, Secure Flight now identifies passengers as high risk if they are matched to watchlists of known or suspected terrorists or other lists developed using certain high-risk criteria, as low risk if they are deemed eligible for expedited screening through TSA Pre-Check — a 2011 initiative to preapprove passengers for expedited screening — or through the application of low-risk rules, and as unknown risk if they do not fall within the other two risk categories. To separate passengers into these risk categories, TSA utilizes lists in addition to the No Fly and Selectee Lists, and TSA has adapted the Secure Flight system to perform risk assessments, a new system functionality that is distinct from both watchlist matching and matching against lists of known travelers.

We’ve said from the start that Secure Flight would not be limited to “list matching” and would assign risk scores to all travelers. Now that’s been confirmed by GAO auditors.  When the TSA talks about “risk-based screening”, what they mean is “pre-crime profiling” of all air travelers — part of a larger pattern of “predictive” pre-crime policing through surveillance and profiling.

The diagram at the top of this article shows what the GAO says the current “Secure Flight” profiling process, and its consequences, look like. Note the references to “risk assessments” and “rules-based lists”, although in fact these are real-time scoring systems and there are no publicly-disclosed “rules”.


LA police lie about whether you have to show them ID

Thursday, September 18th, 2014

Last week a Los Angeles police officer detained the movie actress Danielle Watts and told her, “I have every right to ask for you ID…. You do not have a right to say ‘No’…. Somebody called, which gives me the right to be here, so it gives me the right to identify you by law.”

In the aftermath, the Los Angeles Police Protective League (LAPPL) has posted a false and misleading so-called “public service announcement” on the subject of Providing ID To Police Officers.

What happened to Ms. Watts, and what is our reading of the case law on these issues?


“I don’t want a unitary, unfakeable identity.”

Wednesday, August 27th, 2014

Dan Geer’s keynote speech at the Blackhat security conference earlier this month (video, transcript) included an important discussion of the often-misunderstood “right to be forgotten” and the larger context of why it matters: the threat posed by compelled identification, and how we can defend ourselves against that threat:

Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified.  No more — what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative?  If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control.  If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself…

The Obama administration’s issuance of a National Strategy for Trusted Identities in Cyberspace [NSTIC] is a case in point; it “calls for the development of interoperable technology standards and policies — an ‘Identity Ecosystem’ — where individuals, organizations, and underlying infrastructure — such as routers and servers — can be authoritatively authenticated.”  If you can trust a digital identity, that is because it can’t be faked…. Is having a non-fake-able digital identity for government services worth the registration of your remaining secrets with that government?  Is there any real difference between a system that permits easy, secure, identity-based services and a surveillance system? Do you trust those who hold surveillance data on you over the long haul, by which I mean the indefinite retention of transactional data between government services and you, the individual required to proffer a non-fake-able identity to engage in those transactions?  Assuming this spreads well beyond the public sector, which is its designers’ intent, do you want this everywhere?…

I conclude that a unitary, unfakeable digital identity is no bargain and that I don’t want one.  I want to choose whether to misrepresent myself.  I may rarely use that, but it is my right to do so.  If that right vanishes into the panopticon, I have lost something and, in my view, gained next to nothing. In that regard, and acknowledging that it is a baby step, I conclude that the EU’s “Right to be Forgotten” is both appropriate and advantageous though it does not go far enough.  Being forgotten is consistent with moving to a new town to start over, to changing your name, to a definition of privacy that turns on whether you do or do not retain the effective capacity to misrepresent yourself…. A right to be forgotten is the only check on the tidal wave of observability that a ubiquitous sensor fabric is birthing now, observability that changes the very quality of what “in public” means….

There’s more: video, transcript.

Mr. Geer’s comments help answer one of the questions we are most frequently asked: What’s Wrong With Showing ID?