Archive for the ‘Secure Flight’ Category

TSA’s lying “response” to today’s story in the New York Times

Tuesday, October 22nd, 2013

TSA-Pre-Crime

We’re quoted on the front page of today’s New York Times in a story by Susan Stellin, “Security Check Now Starts Long Before You Fly”:

The Transportation Security Administration is expanding its screening of passengers before they arrive at the airport by searching a wide array of government and private databases that can include records like car registrations and employment information….

“I think the best way to look at it is as a pre-crime assessment every time you fly,” said Edward Hasbrouck, a consultant to the Identity Project, one of the groups that oppose the prescreening initiatives. “The default will be the highest, most intrusive level of search, and anything less will be conditioned on providing some additional information in some fashion.”

More:

The TSA refused to say anything to the Times on the record, but published a blog post today (with the misleading title “Expediting Screening for the Traveling Public”) responding to the Times’ story with a succession of lies and prevarications.

We call “bullshit” on the TSA:

  • “We are not using “private databases.”" This is an out-and-out lie, as “Blogger Bob” and the TSA surely know. All TSA pre-secreening systems relie primarily on information from private commercial databases of airline reservations (PNRs). Since there is no requirement for a U.S. citizen to notify the government directly before taking a trip by common carrier, “pre-screening” would be impossible without access to, and reliance on, these private commercial databases. The US government has gone to great effort, through the APIS,  PNR, and Secure Flight regulations and through lobbying for changes to Canadian privacy law and exceptions to European privacy law, to implement requirements for DHS access to this data.  If these databases are no longer “private”, that is only because the TSA and other DHS components have compelled airlines and reservation hosting companies to make this data available to government agencies.
  • “TSA does not monitor a passenger’s length of stay in any location.” The TSA doesn’t always retain the travel itinerary information it compels airlines to provide for domestic travel, but it claims the right to do so for anyone deemed (arbitrarily or according to secret criteria) to be “suspicious” or to “match” an entry on any of the government’s (arbitrary, secret) “watchlists”.  And for international travel, CBP (another DHS component agency) does retain complete PNR data, including travel itineraries, and comprehensive border crossing and entry/exit logs, for all travelers, in its Automated Targeting System (ATS) — and claims the right to “share” all this data with the TSA. (And that doesn’t even begin to consider the NSA’s apparently independent hacking of airlines and reservation systems and potential sharing of PNR and other travel data with DHS.)
  • “We are not using car registrations.” Again, it’s CBP rather than the TSA that is logging license plates and vehicle movements (using cameras near borders and optical character recognition software), linking them to individual ATS records, and using them to generate “risk” scores and watchlist messages — which are then passed on to the TSA.  TSA is using this data, just (slightly) indirectly. According to the latest System Of Records Notice for ATS, published in the Federal Register in 2012, “ATS maintains the official record for … the combination of license plate, Department of Motor Vehicle (DMV) registration data and biographical data associated with a border crossing”.
  • “[W]e rely on the same security information passengers have been required to submit at time of booking for many years…. [T]he info we rely on is the same info that passengers have provided for years when they book their flight.” Actually, we didn’t used to have to provide our ID number, date of birth, or gender in order to make an airline (or Amtrak train, or Greyhound bus) reservation. It used to be possible to hold airline reservations in “dummy” names, or with no names at all. The TSA relies on information that has only been required since the creation of the TSA. And in the past, we “provided” that information, if at all, only to airlines and travel companies. Prior to the creation of the TSA, we never had to provide any information to the government to book a flight.  (Unless we were traveling in a foreign country where a foreign government agency like the Stasi required us to show our ID cards or permission papers to book a flight.)
  • “Anyone who has never traveled outside the United States would not have a passport number on file and would therefore not be subject to the rules that the agency uses to determine risk.” Nonsense. Many people have our passport numbers on file with the TSA because we’ve used our passports as ID for domestic flights.  Many people have no government-issued ID except a passport.  Despite the State Department’s moves to make it more difficult to get a passport, the REAL-ID  law sometimes makes it even more difficult to get a drivers license or other state-issued ID than to get a passport.
  • “We are not expanding the type of information we use.” If that were true, why would the TSA have published formal notices in the Federal Register of new systems of records and new uses for existing systems of records?  They don’t publish these legal notices just for fun. Either (a) the TSA has already been illegally collecting and/or using this data without proper notice, in violation of the Privacy Act (as DHS did for years with the Automated Targeting System), (b) the TSA is doing what is says in the notices it is doing, and collecting and using new information in new ways, or (c) the TSA plans to do so in the future, and wants to be able to say, if someone later complains, “But we gave you fair notice that this was what we were going to do. If you wanted to object, you should have done so back in 2013 when we published that notice.”
  • “[W]e are not using any new data to determine low risk passengers.” Applicants for the TSA’s Pre-Check program — i.e. people who want to be relieved of suspicion-by-default and the associated more intrusive search each time they travel — are being required to provide information that the TSA has never before requested, including fingerprints, other biometric information, and authorization for checks of criminal, financial, and other government and commercial records.  If the TSA isn’t using any of this new data, why is it compiling it? More than likely, this new data is being or will soon be used — and retained for possible additional future uses for an unknown range of purposes.

[TSA Pre-Crime graphic from Leaksource]

TSA proposes arbitrarily individualized surveillance-based searches

Thursday, October 10th, 2013

TSA-Pre-Crime

In the latest version of TSA’s endless series of “trusted traveler” (or “less mistrusted traveler”) schemes, the agency is currently proposing to impose more intrusive searches on any traveler who doesn’t “voluntarily” enroll in the TSA Pre-Check program and authorize the TSA to create a new permanent file with everything from your fingerprints to any “other information provided by … government agencies or other entities”.

These files would be exempted from the normal requirements of the Privacy Act that records used as the basis for decisions about individuals’ exercise of our rights be made available to us and be limited to information that is sufficiently accurate, complete, and relevant to form a legitimate basis for such decisions.

The proposal is contained in a package of three regulatory filings (one new and one revised “System of Records Notice” and a “Notice of Proposed Rulemaking” proposing Privacy Act exemptions) published last month in the Federal Register.  All three have to be read in combination to appreciate their full implications.

The deadline for public comments on two of these proposals is today, and for the third is tomorrow. We filed consolidated comments today objecting to all three of these proposals:

Read in combination, this new and revised SORN and these proposed regulations describe a system in which an essentially unlimited range of personal information collected from an essentially unlimited range of sources, and known to include inaccurate and irrelevant information, would be (or perhaps already is being) compiled into the “TSA Pre-Check Application Program” system of records.

These records would be used – either according to criteria which are illegally being kept secret, or in an entirely arbitrary manner at the “discretion” of the TSA – to determine who is and who is not deemed “eligible” to exercise the right to travel without being subject to unreasonable searches.

The results of that decision-making would be incorporated into the “Secure Flight” system of records, and used as part of the basis (also either pursuant to secret rules or entirely arbitrarily) for deciding to issue or withhold the issuance of individualized “boarding pass printing results”, including instructions to TSA staff and contractors as to the degree of intrusiveness of the search to which each would-be traveler is to be subjected as a condition of exercising our right to travel.

Maintenance and use of these systems of records in the manner contemplated by these SORNs and the proposed exemptions would violate the 1st, 4th, and 5th Amendments to the U.S. Constitution, the presumption of innocence, due process, the Freedom Of Information Act (FOIA), the Privacy Act, and Article 12 (Freedom of Movement) of the International Covenant on Civil and Political Rights (ICCPR.

These records should be expunged, and the proposed regulations should be withdrawn….

We also point out that the TSA is only pretending to give the required consideration to public comments:

According to the “TSA Pre-Check Application Program” SORN published on September 10, 2013, “The Secretary of Homeland Security has exempted certain records from this system from the notification, access, and amendment procedures of the Privacy Act because it may contain records or information related to law enforcement or national security purposes.”

This claim was, and is, false. As of the date of the SORN, no such exemption had even been proposed: the NPRM proposing such an exemption, and requesting public comments (such as this one) concerning that proposed exemption for consideration by the DHS, was not published until a day later, on September 11, 2013. Even now, the Secretary has promulgated no final rule for such an exemption. Nor could he or she promulgate any such final rule, consistent with the Administrative Procedure Act, unless and until the current period for public comment on the proposed exemption rule has concluded and the comments submitted (including these comments) have been considered by the DHS.

The false claim that “The Secretary of Homeland Security has exempted certain records from this system from the notification, access, and amendment procedures of the Privacy Act”, when in fact the Secretary has not done so, appears to be intended to mislead individuals about what rights we have, and to dissuade us from attempting to exercise our rights.  In addition, by stating the outcome of the current exemption rulemaking as a fait accompli, it constitutes prima facie evidence of bad faith in the consideration of public comments. It is not enough for an agency to accept submissions of comments from the public to the circular file, after making a decision. An agency must give genuine consideration to public comments before deciding whether to finalize, modify, or withdraw a proposed rule.

You can read our complete comments here. You can submit comments at Regulations gov (here, here , and here) but your comments won’t be processed or visible online until after the DHS Privacy Office re-opens.

[TSA Pre-Crime graphic from Leaksource]

“Travel Surveillance, Traveler Intrusion” at the Cato Institute

Saturday, March 30th, 2013

Edward Hasbrouck of the Identity Project will be speaking at a free, public forum on Travel Surveillance, Traveler Intrusion from noon-1 p.m. EDT next Tuesday, 2 April 2013, at the Cato Institute in Washington DC (with a live webcast):

Travel Surveillance, Traveler Intrusion

[photo by kind permission of Jeramie D. Scott]

Video from the Cato Institute (recommended)

Video from C-SPAN

C-SPAN video on Youtube

Audio podcast (listen while viewing the slides)

Slides and notes (PDF)

Featuring Edward Hasbrouck, Journalist, Consumer Advocate, Travel Expert, and Consultant, The Identity Project (PapersPlease.org), Author of the book and blog, The Practical Nomad; and Ginger McCall, Director, Open Government Program, Electronic Privacy Information Center; moderated by Jim Harper, Director of Information Policy Studies, Cato Institute.

The United States government practices surprisingly comprehensive surveillance of air travel, amassing data about the comings and goings of all Americans who fly. Travel expert Edward Hasbrouck has been researching travel surveillance for many years. His findings reveal a stunning level of government surveillance, control of the traveler, and intrusion into commercial travel IT systems.

By April 2, the Transportation Security Administration will have begun a public comment process on its policy of putting travelers through imaging machines that can see under their clothes. Ginger McCall of the Electronic Privacy Information Center has been handling the litigation that prompted the D.C. Circuit Court of Appeals ruling requiring it to do so, and she will assess the proposed regulation and her renewed efforts to bring the TSA within the law.

If you can’t make it to the Cato Institute, watch this event live online at www.cato.org/live.

The Cato Institute asks that you pre-register if you plan to attend in person, but that’s just so they have an estimate of the expected attendance.

Hasbrouck will be presenting examples of what he found in his files when he sued the DHS for its records of his travels, what other travelers have found in theirs, and how the DHS obtains and uses this information to track us and to control who is allowed to travel.

As part of the same program, Ginger McCall of EPIC will be discussing the TSA’s proposed “rules” to require all air travelers to submit to virtual strip-searches. You have 90 days, until 24 June 2013, to tell them what you think of their proposal. (On the form to submit comments to the TSA, note that all of the fields except your comment itself are optional.) You can find some ideas for what to say in our previous article about the rulemaking.

There will be a live webcast, for those who aren’t in DC.

If you’d like to follow along, you can download the slides from Hasbrouck’s presentation as a PDF file.

[Update: C-SPAN broadcast the event live. Streaming video is available from the Cato Institute event archives (recommended), the C-SPAN archives, or on Youtube. The C-SPAN and Youtube camera angles don't show the slides which illustrate Hasbrouck's talk, so we recommend watching the Cato version and/or downloading the slides to follow along with the talk on C-SPAN. If you want to find out what's in the file about you in the DHS "Automated Targeting System", you can use the forms here. We would welcome a chance to review the government's response, if you get one, and help you interpret it.]

Travel blogger kicked off plane by pilot for taking photo of… seatback?

Saturday, March 2nd, 2013

Frequent flyer and travel blogger Matthew Klint was recently kicked off a United Airlines flight from Newark to Istanbul after a flight attendant saw him take a picture of the back of the seat in front of him, and reported him to the pilot. The pilot told Mr. Klint, “You are not flying on this flight…. We’ll call the police if we have to.”

Perhaps unfortunately, Mr. Klint didn’t insist that the police be called, or call them himself, leaving him dealing with United Airlines’ public relations department rather than with legal authorities.

As a frequent flyer and blogger, Mr. Klint at least able to get  the airline to talk to him, after the fact. But what can an ordinary traveler do in such a situation?

We talked about this last year in articles on Does an airline pilot have the right to refuse to let you fly? and  What can you do if an airline pilot won’t let you fly? But it bears repeating:

Under Federal law, as common carriers, airlines must transport all would-be passengers willing to pay the applicable fare in their published tariff and comply with their published conditions of carriage. Not to do so is a serious violation of their duties.

If an airline refuses to allow you to fly, for any reason other than a violation of published laws, regulations, or conditions of carriage, you can and should make a formal complaint against the airline to the Department of Transportation.

A pilot can order you off the plane only if the pilot genuinely believes that you pose a hazard to the safe operation of the flight, in which case the pilot is required to log and report this safety incident.

If a pilot orders you off the flight for some other reason, or without logging and reporting his or her action as a safety incident, you can and should report the pilot to the FAA.

We’ve offered our support to Mr. Klint, should he wish to pursue a legal challenge to the actions of the airline and pilot against him.

TSA updates its “notice” of Secure Flight records

Sunday, December 2nd, 2012

The TSA published a revised System of Records Notice in the Federal Register on November 19th, updating its disclosures of what information about our “travel histories” it collects, retains, and uses through its Secure Flight program for airline passenger surveillance and control.

The new notice is both better and worse than it might appear at first glance. The new “Secure Flight” SORN describes some disturbing TSA practices that were not explicitly disclosed in the previous “Secure Flight” SORN published in 2008.

In particular, the new SORN discloses that if you are turned down or predetermined to be ineligible for the TSA’s “Pre-Check” or other “Registered Traveler” (a/k/a “Possibly Slightly Less Mistrusted Traveler”) programs, you can be placed on a new watchlist, as a result of which logs of your air travel will be retained by the TSA for 99 years. That’s especially problematic because applicants for the Pre-Check program aren’t told that being turned down could leave them worse off than if they had never applied, and subject to lifetime TSA air travel monitoring and itinerary logging.

Bad as this is, however, it isn’t really a change in what data TSA claims the right to collect, or how long it claims the right to retain and use it. These practices were already covered under “catch-all” clauses of the prior SORN, which are retained in the revised SORN, and that actually purport to authorize a much wider range of even worse practices.

Specifically, the “Secure Flight” SORN already disclosed that “Secure Flight” records might contain:

Records obtained from the TSC [Terrorist Screening Center] of known or suspected terrorists in the TSDB [Terrorist Screening Database] and records regarding individuals identified on classified and unclassified governmental watch lists

There’s no definition or limitation on the sources or purposes of these additional “watch lists”. But it’s clear from the description quoted above that these are watch lists other than those of suspected terrorists: lists of people who are to be watched, and whose air travel itineraries are to be logged for life, for (secret, unrestricted) reasons other than that they are suspected of terrorism. (more…)

How Australia profiles travelers: A look inside the “black box”

Tuesday, November 13th, 2012

At a “Big Data” conference in Sydney earlier this month, the head of Australia’s traveler tracking and profiling office (his actual title — we are not making this up — is “Director Intent Management & Analytics“) gave an  unusually revealing presentation (PDF) [also here] about the nature of the government’s travel data warehouse and how it is used to predict the “intent” of travelers to and from Australia.

Klaus Felsche of the Australian Department of Immigration and Citizenship (DIAC) didn’t mince words, referring explicitly to “data mining”, “risk scoring”, and “profiling” systems and algorithms, although lamenting that DIAC doesn’t (yet) have access to social media profiles or some data from other Australian  government agencies.

The US government has rarely used the words “scoring, “profiling”, or “data mining” with respect to its warehousing and use of Passenger Name Records (PNRs) and other travel data.  Most of the architecture, as well as all of the rules and algorithms, have been withheld from public disclosure, even when we have requested this information under the Privacy Act, FOIA, and/or through foreign governments and airlines that have allowed PNR data subject to their jurisdiction to be fed into these data warehouses and data-mining systems.

The “threat analysis” component of US travel control systems like Secure Flight has remained an unexplained “black box” whose operations are part of the magical secret sauce that justifies the government in enforcing  whatever its oracle decrees.  In this diagram — the most detailed yet provided by the TSA — it’s the red box at right center.

So we are grateful to Mr. Felsche of the Australian DIAC for providing a clearer picture of what data governments are archiving about us and our travels, and how they are using it.  Just remember, as you study his presentation, that:

  1. “Targeting” — the one euphemism that still permeates Mr. Felshe’s presentation — means search, seizure, interrogation, and prohibition of travel. In other words, deprivation of fundamental rights, to a greater or lesser degree depending on whether it means mere delay and intrusion or whether it means being confined by a no-fly order to the island of Australia for the remainder of one’s natural life.
  2. Australia is a relatively small country in population and (as his presentation makes clear) computing resources available to this component of the government.  Presumably, what’s being done with travel data by DIAC is only a subset of what is being done by the DHS, and perhaps in the European Union.

DHS Scrooge says U.S. citizen can’t come home for the holidays to see his ailing mother

Tuesday, November 6th, 2012

In the latest episode in the increasingly bizarre but all too real saga of standardless secret administrative no-fly orders from the DHS to airlines, prohibiting the transportation back to their home country of US citizens,  Oklahoma native Saadiq Long is being prevented from returning home to the US to spend the holiday season with his terminally ill mother.

Long is a US citizen and an honorably discharged veteran of the US Air Force, never charged with any crime in the US or any other country, who has been living and working as an English teacher in Qatar for the last several years.  He’s also a convert to Islam, which shouldn’t be relevant but probably is.

When he learned of his mother’s illness back home in Oklahoma, he made reservations and bought tickets from KLM for flights from Qatar to the US for what might be a last visit with his mother.

Less than 24 hours before his scheduled departure from Qatar in May, KLM told Mr. Long that the airline (and all others serving the US) had been forbidden from allowing him to board any flight to the US.

Mr. Long has been trying ever since to find out why the government of his country has forbidden all airlines from transporting him, or to find a way to get those orders rescinded. But to date, the DHS has maintained its position that it will neither confirm nor deny whether it has issued any no-fly orders with respect to any specific person, much less the basis (if any) for such orders.

KLM explicitly informed Mr. Long that it had received a no-fly order from the DHS. So in theory, KLM would be required by Dutch data protection law to disclose that order to Mr. Long on request. That wouldn’t tell Mr. Long why he had been banned form returning to his country (the DHS probably didn’t share the reasons for its order with the airline), but would prevent the DHS from claiming in court that whether Mr. Long has been prohibited form flying is a state secret.

Given KLM’s poor track record when individuals have requested KLM’s records of its communications with governments, and the Dutch data protection authority’s poor track record of enforcing the law, it’s hard to predict whether KLM would comply with a request from Mr. Long for all orders or communications pertaining to him between KLM and the US government.

Mr. Long is being assisted by the Council on American-Islamic Relations (CAIR), which has led the struggle for judicial review of no-fly orders. CAIR staff attorney Gadeir Abbas, the leading advocate for US citizens exiled by no-fly orders, told Glenn Greenwald that, “Every few weeks I hear of another Muslim citizen who cannot return to the country of which he is a citizen.”

[Update: Mr. Long was again denied boarding by KLM in Qatar on November 8, 2012.]

Government Surveillance of Travelers

Wednesday, October 3rd, 2012

For those attending today’s discussion of Government Survelliance of Travellers and the DHS “Automated Targeting System” (ATS) at the Brennan Center for Justice at NYU School of Law, or those who can’t make it but are interested in the topic, here are the slides from the presentation by Edward Hasbrouck of the Identity Project (PapersPlease.org), and links to additional references:

Today’s event is open to the public, so please join us if you are in New York and free at mid-day.

“Automated Targeting System” briefing 10/3 at the Brennan Center

Saturday, September 22nd, 2012

Identity Project consultant and policy analyst Edward Hasbrouck will give a brown-bag lunch presentation on the DHS “Automated Targeting System” and government surveillance and control of travelers on Wednesday, October 3, 2012, 12:30 - 2 p.m., at the Brennan Center for Justice, New York University School of Law, 161 Avenue of the Americas (6th Ave.), 12th Floor, New York (in SoHo, 1/2 block from the Spring St. station on the C and E subway lines).

Hasbrouck will give an introduction to the DHS “Automated Targeting System” (including examples of data from ATS records obtained through Privacy Act and FOIA litigation), its role in US government surveillance and control of travelers, and the civil liberties and human rights issues it raises.

The “Automated Targeting System” (ATS) is one of the largest of post-9/11 warrantless dragnet surveillance programs.  Built at a cost of more than $2 billion in government-mandated changes to commercial travel IT systems, to which DHS now has root access, ATS “ingests,”  archives, and mines complete mirror copies of all international airline reservations (”passenger name record“) data for travel to, from, or via the US. ATS records include where, when, and with whom you traveled; your IP address; what credit card was used; whether you asked for a kosher or halal meal; and whether you and your traveling companion asked for one bed or two in your shared hotel room.

While little known or debated in the US, ATS has been at the center of intense disputes with the European Union and Canada over US demands for access to travel reservation data from other countries.

Edward Hasbrouck works with the Identity Project on travel-related civil liberties and human rights issues. An award-winning travel journalist, blogger, and author, he also has 15 years of travel industry experience in airline reservations technology and travel agency  operations. Hasbrouck has testified before the TSA as well as the European and Canadian Parliaments on issues related to government access to airline reservations, and was the plaintiff in a recently-concluded Privacy Act and FOIA lawsuit seeking ATS records about himself as well as information about ATS data-mining capabilities.

The event is free and open to the press and the public.

European Parliament approves PNR agreement with the US. What’s next?

Wednesday, April 25th, 2012

MEPs picket outside the plenary chamber to ask their colleagues to say "No" to the PNR agreement with the US. (Photo by greensefa, some rights reserved under Creative Commons license, CC BY 2.0)

Last week — despite the demonstration shown above (more photos here) by Members of the European Parliament as their colleagues entered the plenary chamber for the vote — the European Parliament acquiesced, reluctantly, to an agreement with the US Department of Homeland Security to allow airlines that do business in the EU to give the DHS access to PNR (Passenger Name Record) data contained in their customers’ reservations for flights to or from the USA. (See our FAQ: Transfers of PNR Data from the European Union to the USA.)

The vote is a setback for civil liberties and the the fundamental right to freedom of movement, in both the US and Europe.

But the vote in the European Parliament is neither the definitive authorization for travel surveillance and control, nor the full grant of retroactive immunity for travel companies that have been violating EU data protection rules, that the DHS and its European allies had hoped for.

Many MEPs voted for the agreement only reluctantly, in the belief (mistaken, we believe), that it was “better than nothing” and represented an attempt to bring the illegal US surveillance of European travelers under some semblance of legal control.

Whatever MEPs intended, the vote in Strasbourg will not put an end to challenges to government access to airline reservations and other travel records, whether in European courts, European legislatures, or — most importantly — through public defiance, noncooperation, and other protests and direct action.

By its own explicit terms, and because it is not a treaty and is not enforceable in US courts, the “executive agreement” on access to PNR data provides no protection for travelers’ rights.

The intent of the US government in negotiating and lobbying for approval of the agreement was not to protect travelers or prevent terrorism, but to provide legal immunity for airlines and other travel companies — both US and European — that have been violating EU laws by transferring PNR data from the EU to countries like the US.  The DHS made this explicit in testimony to Congress in October 2011:

To protect U.S. industry partners from unreasonable lawsuits, as well as to reassure our allies, DHS has entered into these negotiations.

But because of the nature of the PNR data ecosystem and the pathways by which the DHS (and other government agencies and third parties outside the EU) can obtain access to PNR data, the agreement does not provide travel companies with the full immunity they had sought.

Most of the the routine practices of airlines and travel companies in handling PNR data collected in the EU remain in violation of EU data protection law and subject to enforcement action by EU data protection authorities and private lawsuits by travelers against airlines, travel agencies, tour operators, and CRS companies in European courts.

Why is that?

(more…)