Wikileaks publishes CIA reports on travel ID checks

January 12th, 2015

Wikileaks has published two internal briefing documents produced for the use of CIA undercover agents, describing the methods used by airlines and governments to identify international travelers.

Both of these reports were produced as part of the CIA’S previously-unknown CHECKPOINT program of travel ID-related activities:

This product has been prepared by CIA’s CHECKPOINT Identity and Travel Intelligence Program. Located in the Identity Intelligence Center (i2c) within the Directorate of Science and Technology, CHECKPOINT serves the Intelligence Community by providing tailored identity and travel intelligence products. CHECKPOINT collects, analyzes, and disseminates information to help US intelligence personnel protect their identities and operational activities while abroad.

One of the reports, “Surviving Secondary“, describes ID-related “secondary screening” procedures at international airports, with examples from the US, EU, and other countries around the world.  The other report is an overview of, “The European Union’s Schengen biometric-based border-management systems.”

Most of the airline and government profiling and “screening” activities described in the reports, are already well-known.  These include many of the ways that governments obtain and use Passenger Name Record (PNR) and Advance Passenger Information (API or APIS) data derived form airline reservations.

But these newly-released reports also confirm that the CIA (and the other agencies with which the reports have been shared within the US government) are aware of some airline and government activities and some vulnerabilities for travelers which we and others have complained about, but which the US government has not previously acknowledged.

One problem confirmed by the CIA report on secondary screening is that government agencies can, and routinely do, obtain and use PNR, API, and other airline data, without legal authority or due process:

Security services lacking APIS or PNR information may have other arrangements to receive passenger manifests ahead of time. For example, the Airport Police Intelligence Brigade (BIPA) of the Chilean Investigative Police does not routinely obtain advance passenger manifests but can request the information from airlines on an ad hoc basis to search for targets of interest. Strict privacy laws covering Danish citizens extend to all passengers traveling through Copenhagen airport such that the Danish Police Intelligence Service (PET) cannot legally obtain routine access to flight manifests. However, if one of PET’s four cooperative airline contacts is on duty, the service can unofficially request a search on a specific name, according to August 2007 liaison reporting.

Airline data obtained by government agencies through these extrajudicial channels is used for profiling and targeting of searches, questioning, and other adverse actions against travelers.

This practice is illegal in many of the countries where it is routine, but typically occurs without leaving a trace.  Many airline staff are willing to betray their customers’ privacy to government agencies. And because no records are kept of who accesses PNR data, both government agents and their airline collaborators know that they are unlikely to be held accountable unless they confess or are caught in the act.

The persistence of routine “informal”, often illegal, and almost always unrecorded government access to airline data about travelers highlights a crucial issue we’ve been talking about for years: the complete absence of access logging in the architecture of the computerized reservation systems (CRSs) which host airlines’ PNR databases.  CRSs have PNR change logs, but no PNR access logs.

Governments and travelers must demand that CRSs add comprehensive access logging to their core functionality for PNR hosting. That won’t stop the problem. Airline staff will still be able to show government agents printouts or let them look at displays, with only the airline personnel’s  access being logged. But access logs will help, and are an essential first step toward control of PNR data “leakage”.

The CIA report on secondary screening also confirmed that the CIA is aware of the sensitivity and use by European governments (and presumably other governments) of associational information contained in fare basis codes, ticket designators, and travel agency IDs:

April 2007 reporting resulting from a liaison exchange with the Hungarian Special Service for National Security (SSNS) provides insights into factors considered by officers at Ferihegy airport in Budapest, Hungary when examining tickets. Officers check … whether the ticket fare code represents a government or military discount, or whether a government travel agency booked the ticket. Hotel and car reservations are similarly examined for unusual discounts or government affiliation.

Of course, the same PNR data elements and pricing and ticket designators can reveal other, non-governmental, affiliations between travelers and with other individuals and groups. If an airline gives a discount to members of a political organization, trade union, or other group attending a convention or meeting, for example, each PNR and ticket for a member who receives the discount typically includes some unique code.

Despite complaints, including ours, both US and European officials have denied that ticket designators and similar codes in PNRs can reveal sensitive associational data.  Now we know that this information is already being used by European governments, and that the CIA is aware of these uses.  There’s no more excuse for pretending that these data elements are innocuous or that they can be “shared” without risk to travelers.

“CAPPS IV”: TSA expands profiling of domestic US airline passengers

January 9th, 2015

Under color of a vestigial provision of Federal law related to an airline passenger profiling program that was discontinued more than four years ago, and applying the name of that program (and attempting to apply the same legal mandate) to an entirely new scheme, the TSA is adding a new, additional layer of passenger profiling to its pre-crime system for domestic airline flights within the United States.

The existence and TSA-mandated implementation of the new so-called “Computer-Assisted Passenger Prescreening System (CAPPS)” was first disclosed publicly in an obscure posting this Monday on the DHS website and an equally obscure notice published the same day in the Federal Register.   According to both documents, the new CAPPS scheme has been under development since at least 2013, in secret collaboration between the TSA, the inter-departmental National Counterterrorism Center (NCTC), airlines, and private contractors.

What was the old CAPPS? What is the new CAPPS? And what does this mean for the rights of travelers?

Answering these simple-seeming questions requires understanding the history of government-mandated airline passenger profiling in the US and the shell game of labels that the government has applied to profiling schemes, as well as careful parsing of this week’s abstruse and uninformative (to the uninitiated) official notices.

Read the rest of this entry »

DHS proposes ID and search rules for passengers on ocean-going ships

December 11th, 2014

In a Notice of Proposed Rulemaking (NPRM) published yesterday in the Federal Register, the Coast Guard has proposed that all so-called “cruise ship” ports be required to carry out airport-style searches (”screening) and check identity credentials of all embarking and disembarking passengers and any other visitors entering the port.

Entities responsible for the operations of large passenger vessels and ports are already required to submit “security” plans to the Coast Guard. Because those current plans are filed in secret, it’s not entirely clear how the  proposed requirements differ from current practices.

According to the NPRM, the Coast Guard’s guidelines for complying with the current regulations, in addition to various other supporting documents, were included in the rulemaking docket. We’ve confirmed with the docket office, however, that the Coast Guard never provided any of the supporting documents for posting on Regulations.gov or over-the-counter availability at the docket office. Presumably, a corrected notice with a new due date for comments will be published in the Federal Register once these documents are made publicly available.

From the summary in the NPRM, it appears that the main proposed changes are new requirements for port operators to:

(a) Screen all persons, baggage, and personal effects for dangerous substances and devices in accordance with the requirements in subpart E of this part;

(b) Check the identification of all persons seeking to enter the facility in accordance with §§ 101.514, 101.515, and 105.255 of this subchapter….

The difference in “screening” practices contemplated by the proposed rules seems to be that they would be more standardized than at present, more like those at airports, and would be required to enforce a Coast Guard “prohibited items” list.  Although the list of items prohibited from aircraft is designated as “Sensitive Security Information”, the Coast Guard has included a tentative list of items proposed to be prohibited from cruise ship cabin baggage in the proposed rules. At the same time, the proposed rules would provide that:

The Prohibited Items List does not contain all possible items that may be prohibited from being brought on a cruise ship by passengers. The Coast Guard and the cruise ship terminal reserve the right to confiscate (and destroy) any articles that in our discretion are considered dangerous or pose a risk to the safety and security of the ship, or our guests, and no compensation will be provided.

Cruise ship passengers are already required to “present personal identification in order to gian entry to a vessel [or port] facility,”  but it isn’t clear how or by whom this is supposed to be enforced. The propsoed rules would create a new obligation for port operators to check passengers’ ID credentials.

As with the definition of “prohibited items”, the definition of acceptable ID credentials is defined for air travel only in secret (SSI) TSA Security Directives and/or Standard Operating Procedures, but is defined publicly in Federal regulations for cruise ships.

The NPRM would leave the definition of acceptable ID unchanged. In addition to government-issued ID credentials, the regulations specifically provide for the acceptance of ID issued under thre authority of, “The individual’s employer, union, or trade association”, as long as it is laminated, includes a current photo, and baears the name of the issuing authority.

By its plain language, this regulation allows any self-employed person to issue their own self-signed personal ID credentials for access to port facilities.

That’s not inappropriate, since many self-employed contractors need to enter ports for business reasons.

In practice, most cruise lines enforce (with or without legal authority) ID requirements more stringent than those in Federal regulations. But we’d be interested in hearing from anyone who has presented self-signed ID credentials, in accordance with these regulations, for purposes of entry to a port or to board a cruise ship.  Some cruise lines alloow guests onboard while ships are in port, such as friends seeing off passengers. So you might be able to experiment without being a passenger yourself.

Read the rest of this entry »

Dept. of Justice guidance against profiling exempts borders and “screening”

December 10th, 2014

The US Department of Justice has issued new Guidance for Federal Law Enforcement Agencies Regarding the Use of Race, Ethnicity, Gender, National Origin, Religion, Sexual Orientation, or Gender Identity.

“This Guidance … reaffirms the Federal government’s deep commitment to ensuring that its law enforcement agencies conduct their activities in an unbiased manner” — except at and near borders and coastlines and during any activity labelled “screening”.

According to a footnote, “This Guidance… does not, create any right … enforceable … against the United States, its departments, agencies, instrumentalities, entities, officers, employees, or agents, or any person, nor does it create any right of review in an administrative, judicial, or any other proceeding.”

And in a huge exception hidden in the same footnote:

[T]his Guidance does not apply to interdiction activities in the vicinity of the border, or to protective, inspection, or screening activities.

Most of the US population lives “near” (within 100 miles of) a border or seacoast, and the ACLU’s “Blog of Rights” has a good analysis of the what’s wrong allowing racial and other profiling at and near US borders.

On a daily basis, however, more people are stopped and subjected to “administrative” searches as part of TSA and other Federal “screening activities” than are stopped at border and near-border checkpoints. These are the searches that are labelled as “screening”, rather than searches, by the TSA and other agencies that don’t want to admit that these searches are subject to the 4th Amendment.

The DOJ guidance is applicable to all Federal law enforcement officers, not just DOJ personnel.  It includes TSA and other DHS officers everywhere except when they are in the vicinity of the border or carrying out “screening activities.” (Most TSA checkpoint staff aren’t law enforcement officers, despite their badges and their job title of “officer”, but some other TSA employees are.)  So this exception isn’t about the DOJ not having jurisdiction over employees or contractors of the DHS or other agencies. The job of the DOJ includes interpreting Federal law for all executive agencies.

The only reason these activities were exempted from the DOJ guidelines is because the DHS argued successfully, to the DOJ and in whatever White House or other inter-agency process led to the issuance of the guidelines, that racial and other profiling was a proper element of its border, near-border, and “screening” activities — not an accident, oversight, or something DHS is trying to reduce or eliminate.

That should be no surprise, since the DHS has made explicit that it now profiles all air travelers as a part of so-called “screening”, and has added questions about profiling critieria such as national origin to its forms for would-be border crossers.  But it’s yet another indication of the belief by the DHS that it is above the law and exempt from the norms of justice that apply to the rest of the government.

US Supreme Court asked to clarify limits of TSA searches

December 5th, 2014

Are the Transportation Security Administration’s (TSA) administrative checkpoint searches limited to those “no more extensive nor intensive than necessary, in the light of current technology, to detect the presence of weapons or explosives” as required by the Ninth Circuit, or may the TSA conduct more extensive searches as allowed in this case by the Eleventh Circuit?

This is the first and perhaps most significant of the questions presented to the US Supreme Court by a petition for certiorari in the case of Jonathan Corbett v. TSA, et al. The petition as filed last month was rejected on trivial procedural grounds, but is being resubmitted and should appear shortly on the Supreme Court’s voluminous docket of pending petitions.

This is an important case because almost the only limit on TSA searches which the courts have recognized has been the requirement that they be limited to searches for weapons and explosives, and that TSA checkpoints not be used as pretexts for general law enforcement dragnets.

In press releases and blog posts, the TSA has claimed that it has broader authority to detain, search, and interrogate travelers about matters unrelated to weapons, explosives, or transportation security. In practice, TSA checkpoint staff and contractors routinely rifle through wallets, read and copy books and papers, and search for any evidence that might create a suspicion of any criminality. But even while upholding the legality of these searches in specific cases, courts have continued to uphold, at least in theory and rhetoric, the principle that searches at TSA checkpoints are “limited”.

So far as we can tell, the decision by the 11th Circuit in Corbett v. TSA is the first appellate opinion explicitly to approve the use of TSA checkpoints for a broader general (warrentless and suspicionless) search of all travelers for evidence of any sort of potential crime.

Read the rest of this entry »

Dude, where’s my FOIA?

December 4th, 2014

We’ve heard from numerous people over the years who have requested the files about their travel being kept by US Customs and Border Protection (CBP), or made other Freedom of Information Act requests to DHS component agencies, but who have never gotten any response. Letters to and from the DHS often get lost in “security screening” or wind up in the dead letter office.

In response to a lawsuit we brought, DHS and CBP claimed that they had no record at all of one of our FOIA and Privacy Act appeals, and no record of the existence of the person who had signed the receipt for our certified letter.

And we’ve seen letters sent in response to FOIA requests made years previously, asking requesters to confirm that they still wanted the information they had requested — as though government agencies could presume that theIr own delays had caused requesters to lose interest or abandon their requests.

Unfortunately, we aren’t alone: These turn out to be standard FOIA operating procedures for the DHS and other agencies.

A recent joint letter from more than a dozen organizations that work to promote government transparency points out that it is illegal to “close” a FOIA request because of the passage of time (i.e. the agency’s own delay in responding) or because a requester doesn’t “reconfirm” that they want they records they requested. The signers of the letter report that:

FOIA requesters have reported frequently encountering improper administrative closures across a variety of federal agencies. We are including evidence of several examples…. One particularly troubling instance of administrative closure arose from a request that the Electronic Privacy Information Center (“EPIC”) made to the TSA….

Other FOIA requesters, including some of the undersigned requesters, have received similar letters. We have attached letters by the DHS, DOJ, EPA, and State…. In meetings with transparency advocates, the Department of Justice’s Office of Information has publicly stated that it supports this practice.

The signers of the joint letter request an investigation of this illegal practice by the Office of Government Information Services (OGIS), which has been assigned with oversight responsibility as FOIA ombudsman.

A recent report by auditors from  the Government Accountability Office reveals more malfeasance:

According to CBP officials… First, approximately 11,000 FOIA cases that were improperly closed in 2012 had to be reopened and reprocessed. Second, after its reorganization, a new manager found a stack of boxes containing 12,000 paper requests from 2012 that had never been entered into their processing system.

According to the GAO report, “The officials stated that CBP subsequently cleared all of these requests.” But even if that’s true, who knows how many tens of thousands of additional FOIA requests may have been lost or “improperly closed”.

If you made a FOIA request to DHS, CBP, or any other DHS component, but haven’t received a response, you should ask the agency to which you submitted your request to inform you of the status of your request. By law, each agency must have in place a telephone or online system to provide status information on all pending FOIA requests, including an estimated date for completion of agency action on each request. If they don’t, you can complain to OGIS (for free and without a lawyer), or take the agency to court.

European court to rule on legality of air travel surveillance

December 2nd, 2014

The European Parliament has voted to refer a proposed agreement between the European Union and Canada concerning transfers from the EU to Canada of Passenger Name Record (PNR) data about air travelers to the European Court of Justice (ECJ) for the court’s opinion on whether the agreement is consistent with EU treaties and the EU Charter of Fundamental Rights.

This action might easily — and correctly — be dismissed as narrow, technical, evasive of legislators’ responsibility to consider the propriety and legality of their own actions (and to reject proposals outright if they think they would violate treaties or fundamental rights), and of no direct relevance to the US.

But this could, nevertheless, prove to be a significant setback to the efforts of the US “homeland-security” and surveillance establishment, and its allies in Europe and Canada, to globalize the PNR-based system of surveillance and control of travelers that has been put in place in the USA since 9/11.

Canada requires all international airlines to hand over passenger data to the Canadian government, and passengers on flights to, from, within, or overflying Canada are “vetted” against both Canada’s own no-fly list and the US government’s no-fly list.  Canadian data privacy law has been amended twice since 9/11 to allow cross-border transfers of data about airline passengers.  But while those requirements have some domestic support in Canada, they have been enacted somewhat reluctantly by the Canadian Parliament, mainly in order to avoid interference by the US with the large fraction of flights to, from, and within Canada that routinely pass through US airspace.  There has been opposition by some Members of the Canadian Parliament, by the Privacy Commissioner of Canada, and by Canadian NGOs such as the International Civil Liberties Monitoring Group / Coalition pour la surveillance internationale des libertés civiles.

There’s been extensive discussion of the issue of government access to airline PNR data in Europe as well, including by the European Parliament and by NGOs such as EDRi and NoPNR.

In April of 2012, the European Parliament approved — over objections from a  substantial minority of MEPs — an “agreement” to permit transfers of PNR data to the US.  But European opinion on this issue has shifted significantly since between then and this month’s debate on the EU-Canada PNR agreement, as a result of (1) Edward Snowden’s revelations about NSA spying, (2) growing recognition of the parallels between surveillance of communications metadata and surveillance of travel metadata, and (3) the ruling in April of 2014 by the ECJ that an EU directive mandating retention and government access to  communications, internet, and transaction metadata violates European law and fundamental rights.

The ruling by the ECJ has voided the EU data retention directive. The hope is that the EU-Canada PNR agreement will be the second domino to fall, with the EU-USA PNR agreement next in line.

Judge insists on right to review “no-fly” order

December 1st, 2014

Four years after the US government put Gulet Mohamed on its “no-fly” list, Mr. Mohamed is still waiting for his day in court. But he hasn’t given up, and he’s getting slowly closer to the first judicial review of the merits of a no-fly order.

Here’s some quick background and then an update on his recent legal travails:

Mr. Mohamed, a US citizen of Somali ancestry, was 18 years old and visiting family members in Kuwait when the US put him on the no-fly list.  When his visa expired, he ended up in a Kuwaiti immigration prison, where between sessions of torture he was interrogated by FBI agents who told him (as they have told other US citizens on the US no-fly list) that he would be allowed to go home to the US only if he became an FBI informer.

Eventually Mr. Mohamed was able to contact his family in Virginia, and they found him a lawyer from the Council on American-Islamic Relations. Faced with an order from U.S. District Court Judge  Anthony Trenga to show cause why the court shouldn’t issue an injunction prohibiting the government from interfering with Mr. Mohamed’s right to return to the US, the government let him fly back to the US, and then tried to get the court to dismiss his complaint as “moot”. But that initial attempt to get Mr. Mohamed’s case thrown out of court was unsuccessful, as were a series of motions and appeals by the government during the last four years on the grounds of standing, jurisdiction, and “state secrets”.

(The portion of the court docket freely available through PACER is here, and our previous reports on the case are here.  The most thorough coverage of recent legal developments has been by Steven Aftergood of the Federation of American Scientists’ Project on Government Secrecy.)

The last time we reported on Mohamed v. Holder, in September of this year, the government was still trying to persuade Judge Trenga to reverse his prior rulings and dismiss Mr. Mohamed’s case on the ground’s that, “There is no fundamental right to international travel.” The government was also asking Judge Trenga to reconsider his order that the government must allow him to review the allegedly secret evidence in camera before he decides whether it is, in fact, properly designated as “state secrets” and if so, whether he can decide the case without relying on any legitimately “secret” evidence.

In October, the government handed over the allegedly “secret” evidence to Judge Trenga (but not to Mr. Mohamed or his lawyers), while continuing to argue that it shouldn’t be required to do so.  After in camera review of the allegedly secret documents, Judge Trenga ruled that the case could go forward without the need to decide whether they were actually state secrets: “None of the documents are so related to plaintiff’s procedural due process claims as to prevent either the plaintiff or the defendant from presenting or defending against those claims without the use of any of these documents…. The state secrets privilege is a judicially created rule of evidence, not a doctrine of sovereign immunity or non-justiciability.”

Faced with the imminent prospect of a decision on the merits of Mr. Mohamed’s claim that he was denied due process of law when the government secretly ordered airlines not to transport him, the government asked for a “do-over”: a three-month postponement of the court case and a “remand” to the FBI to give the government time to develop a revised set of extrajudicial administrative “no-fly” decision-making procedures, and to subject Mr. Mohamed to this “kangaroo court version 2.0.”  This is essentially the same request that the government has made in another no-fly case, Latif v. Holder, in which U.S. District Judge Anna Brown has already found that the plaintiffs’ rights were violated.

According to Mr. Mohamed’s response, the government’s request for a do-over is, in effect, yet another attack on the authority of the court to order redress for violations of the Constitution by Federal agencies:

Defendants’ assertion that “the only appropriate result” of a ruling in Plaintiffs’ favor on their substantive claims would be a remand order to “apply new procedures in reaching a new substantive decision,” … misconstrues the nature of Plaintiffs’ claims and implies that the only remedy for a substantive due process violation is further agency proceedings. That is not the case. If, as Plaintiffs’ request, the Court finds that Defendants violated Plaintiffs’ substantive due process rights by placing them on the No Fly List, the Court plainly has the authority to order Plaintiffs to be removed from the List.

On November 20th, Judge Trenga denied the government’s motion for postponement and “remand”. That leaves Mr. Mohamed’s claims that his rights were violated on schedule for briefing, argument, and decision on their merits by Judge Trenga.

We look forward to seeing Mr. Mohamed finally, after four years of government obstruction and foot-dragging, receive his day in court, perhaps some time in early 2015.

“What happens in Vegas, stays in Vegas.”

November 19th, 2014

The U.S. Supreme Court has recognized that under U.S. law, once you have paid for a hotel room, your room is your home and your castle. You are entitled to the same protection against unwanted intrusions in a hotel room as you would be in the same room if you owned it outright as a condo.

As is often the case, however, the law is one thing and business norms are another. The difference is made clear in a fascinating and widely-misreported legal case involving a gambler arrested earlier this year in Las Vegas.

Paul Phua is a Malaysian businessman well known as a high-roller at casinos in Macau and in Las Vegas, where he has played in million-dollar-ante (U.S. dollars) televised poker games.

(Like nearby Hong Kong, Macau is an enclave that was formerly a foreign colony and is a now a “Special Administrative Region” of China.  Macau uses its special status to provide a haven for legal casino gambling, which is generally illegal elsewhere in China. Most Chinese citizens can’t get visas to travel to the US or other countries, but can more easily get permission to travel to Macau from the rest of China. As a result, Macau has become the world’s largest legal casino gambling center: Significantly more money is bet and lost to casinos in Macau than in Las Vegas.)

Paul Phua and his son Darren Phua were arrested in July of this year, during the soccer World Cup, in a residential villa (a 10,000-square-foot hotel suite) at the Caesar’s Palace casino-hotel complex in Las Vegas. Gambling, including betting on the World Cup, is of course legal in Las Vegas. That’s how Caesar’s Palace makes its money, and that’s why the Phuas were there. They have been charged with US Federal crimes, however, for allegedly using the Internet connection from their hotel villa in Las Vegas to send messages to unlicensed sports betting businesses in Macau and elsewhere.

What made the headlines earlier this month, and led to an editorial in the New York Times, was a motion filed by the Phuas’ lawyers arguing that the searches of the Phuas’ villas were unconstitutional.

One of the lawyers on the brief for the Phuas is Tom Goldstein, founder of SCOTUSblog and, among many other cases on his resume, co-counsel for John Gilmore in his petition for certiorari to the Supreme Court in Gilmore v. Gonzales. The brief for the suppression of illegally obtained evidence against the Phuas is one of the best-written piece of legal story-telling we’ve come across in a long time, even down to the legally irrelevant asides. (”Once they left the villas, the first comment of [agents] Lopez and Kung was to agree that the female butler was “pretty hot.” Ex. F., Trans. Disc 3, p. 39, lines 24-25. Turning back to the case, they…”)

The essence of the Phuas’ lawyers’ argument is that FBI agents and Nevada state law enforcement officers repeatedly cut off the Internet service to the Phuas’ villas, waited until the residents of the villas reported the outages, then came into the villas with hidden cameras and recorders but disguised as, and falsely claiming to be, repair technicians working for the hotel.

The police then used the information from these warrantless entries to apply for a search warrant for the Phuas’ villas as well as a another villa occupied by some alleged associates of the Phuas, claiming that the residents of the villas had “consented” to their coming inside.

The legal issue is whether you can be deemed to have “consented” to a search by the police if you let a person into your home who claims to be a repair technician, especially when the only reason you called for service is that the police had turned off your service.

This sounds like something out a comic-book story of surveillance in a tin-pot dictatorship, where the phone in your hotel room stops working (because the secret police have disconnected the line), and then the secret police show up at your door, pretending to be from the telephone company, and pretend to “fix” the phone while installing wiretapping devices.

There’s more to the malfeasance of the FBI and Nevada police in this case. They tried to hide from the judge the fact that they were the ones who had disconnected the DSL lines to the villas, prompting the residents’ service request to the hotel. They also claimed to the judge that the Phuas had been “free to leave” while they were being kept in handcuffs for more than five hours. Since the Phuas weren’t being detained, it wasn’t necessary to read them their rights or allow them to talk to their lawyer, who had shown up outside the villa and was turned away by police.

But what also interests us is the role of the hotel-casino management and staff.

The New York Times editorial, like much of the of the other news analysis, got this backwards:

During the 2014 World Cup, the agents suspected that an illegal gambling ring was operating out of several hotel rooms at Caesar’s Palace in Las Vegas, but they apparently did not have enough evidence to get a court-issued warrant. So they enlisted the hotel’s assistance in shutting off the Internet to those rooms, prompting the rooms’ occupants to call for help. Undercover agents disguised as repairmen appeared at the door, and the occupants let them in. While pretending to fix the service, the agents saw men watching soccer matches and looking at betting odds on their computers. There is nothing illegal about visiting sports-betting websites, but the agents relied primarily on that evidence to get their search warrant. What they failed to tell the judge was that they had turned off the Internet service themselves.

The voluminous court filings (those that are available without charge through RECAP are linked from this copy of the docket sheet) and other news reports about the underlying facts make clear that the actual chain of suspicion and illegal snooping went in the other direction:

Contrary to what the Times suggested, the police didn’t “enlist” the hotel in their investigation. Nor is it true that, as the government implausibly claims in its response to the Phuas’ motion, that the hotel’s “contractor engaged in a private frolic outside of any … relationship with the agents.”  The initiative to invade guests’ rooms came not from the police (as the Times misreported) or the contractor (as the government now claims) but from the hotel.

The hotel initiated the investigation, enlisted the police to spy on its guests, gave the police full access to all the data it had already collected about these guests and all the surveillance tools it had already installed, and provided support without which the police wouldn’t have been able to trick the guests into letting in the cops disguised as Internet repairmen.

Reprehensible (and unconstitutional) as the cops’ actions were in this case, anyone who spends time in hotel rooms ought to be at least as outraged at the hotel’s role in spying on its guests.

Read the rest of this entry »

DHS adds discrimination by national origin to pre-crime profiling of US visitors

November 3rd, 2014

Secretary of Homeland Security Jeh Johnson announced this morning that, with immediate effect and with no advance notice or warning, foreign citizens “seeking to travel to the United States from countries in our Visa Waiver Program (VWP) will be required to provide additional data fields of information in the travel application submitted via the Electronic System for Travel Authorization (ESTA).”

The additional questions which have already been added to the newly “Enhanced” ESTA application include:

  • Other Names/Aliases
  • Other Citizenships
  • Parents name(s)
  • National Identification Number (if applicable)
  • U.S. Contact information (email, phone, points of contact)
  • Employment information (if applicable)
  • City of Birth

As discussed in our comments to DHS when it was first proposed, the ESTA is a a travel permission and exit-permit system of dubious legality. Prior application, payment of the ESTA fee (by credit card only, so that CBP has a credit card number on file to link the travel history of each ESTA applicant to a financial history), and receipt of ESTA approval is required by the US before boarding any flight departing from any other country in the world, with the intention of eventually traveling to the USA.

ESTA approval is not a guarantee of admission to the US, and the US has consistently and explicitly claimed that ESTA is solely a travel-permission scheme, not a visa requirement.  (If it were deemed a visa requirement, US citizens would likely be subjected to reciprocal visa requirements to visit VWP countries.)  So the sole purpose of adding questions to the ESTA application form is to add them to the inputs to the pre-crime profiling process that determines whether to allow an applicant to travel to the US for the purpose of applying, on arrival at a US port of entry, for visa-free admission to the US as a visitor.

In other words, the only reason to ask citizens of VWP countries about their other or prior citizenship(s), if any, is for DHS to discriminate between citizens of the same WVP country, in making ESTA permission-to-travel decisions, on the basis of those VWP-country citizens’ prior national origins.

This is a disgraceful act of overt US government bigotry, and all citizens of both the USA and VWP countries should be outraged.  Why should the US think it can treat citizens of, say, the UK or Germany differently on the basis of their national origin, as evidenced by what other countries’ passports they also hold or previously held? Such blatant discrimination against  US citizens on the basis of their national origin would be illegal on its face, although it has been standard illegal operating procedure for the DHS.

DHS claims in its FAQ about today’s ESTA “enhancements” that it can mandate provision of this additional information through a Paperwork Reduction Act (PRA) notice of information collection, without needing to promulgate any new or revised regulations:

Why is DHS doing this under a Paperwork Reduction Act and not a regulation?

The relevant regulatory provision does not list the specific data elements that VWP travelers must provide in order to obtain an ESTA. Instead, the regulation states that “ESTA will collect such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I-94W Nonimmigrant Alien Arrival/Departure Form (I-94W).” Since there are no data elements listed in the regulation, there is no need to update the regulation. The revisions to the ESTA data elements fall under the Paperwork Reduction Act since DHS is amending an information collection (Form I-94W) and not amending a regulation.

The problem with this is that DHS has already added the new questions to the ESTA form, but doesn’t appear to have gotten the necessary approval from the Office of Management and Budget (OMB) for their inclusion.

DHS has a long history of ignoring the PRA and failing to get its forms approved by OMB. The PRA notice in the online ESTA application form refers to OMB approval control number 1651-0111, which was issued September 17, 2014. But the Federal Register notices and other documents submitted to OMB to support that approval don’t appear to have included the new questions added to the form today.