Friday, 30 April 2004
USA to start searching rail passengers
WASHINGTON, D.C. -- Asa Hutchinson, Under Secretary for Border and Transportation Security at the U.S. Department of Homeland Security; Rear Adm. David M. Stone, Acting Administrator of the Transportation Security Administration; and officials of AMTRAK, MARC [commuter trains], WMATA [Metrorail subway and surface rapid transit trains] and the U.S. Department of Transportation will hold a press conference to announce the Transit and Rail Inspection Pilot (TRIP), a pilot program for screening rail passengers for explosives.
TRIP will evaluate the use of emerging technologies to screen passengers and their carry-on items in a non-climate controlled environment. The pilot program of approximately 30 days is expected to yield important data on customer wait times and screening effectiveness, cost and impact on AMTRAK and MARC operations.
WHO: Under Secretary Asa Hutchinson
Rear Adm. David M. Stone
AMTRAK, MARC, WMATA officialsWHAT: News conference and demonstration of rail screening process
WHEN: Tuesday, May 4, 2004
12:00 Noon
11:00- 11:45 AM media set upWHERE: New Carrollton Train Station
New Carrollton, Md.Due to limited parking and camera space, all television outlets wishing to cover the demonstration will need to call and RSVP to Darrin Kayser at TSA (571) 227-2829. When you RSVP, please let TSA know if you will be going live or plan to send a morning crew. Also note that cable runs will exceed 500 feet. Only those that RSVP prior to 5:00 PM, Monday will be guaranteed space.
Not surprisingly, there's no mention in today's announcement as to the claimed legal basis for the searches, whether the "screening" will also include access by the TSA to Amtrak reservations (for which no Privacy Act notice has been published), or whether refunds will be available to passengers who have already purchased tickets, and entered into contracts of carriage with Amtrak, but who don't "consent" to the new search and/or the transfer of their reservation information to the government.
Under all airlines' conditions of carriage I've ever seen, passengers who decline to consent to search at check-in are entitled to a full and unconditional refund, even if their tickets were otherwise entirely nonrefundable -- refusing to consent to search is actually the easiest way to get a refund for such an airline ticket. But there's not yet any such provision in the Amtrak conditions of carriage, making litigation likely.
Bus and taxi passengers, I suppose, will be next. Stay tuned.
".travel" comment period closes, then is extended
ICANN's comment period on the proposals for ".travel" and other proposed new sponsored top-level Internet domains closed at 11:59 a.m. UTC (03:59 a.m. PDT, 06:59 a.m. EDT) this morning. You can read my comments and the complete index of comments on the .travel application on the ICANN Web site.
A few hours later (following its usually maximally open and transparent process of complete secrecy and surprise), ICANN posted a new notice extending the comment period for another 2 weeks, until 23:50 UTC, 14 May 2004.
It would be, perhaps, too cynical to think that the primary reason for the extension of the comment period was to give the ICANN staff and board members' buddies at IATA, the Tralliance Corp., and the Travel Partnership Corporation a chance to respond to my comments, in order to try to salvage the secret back-room deal between ICANN and IATA on .travel which I've exposed in earlier articles and statements from participants in closed meetings with ICANN.
But given the professed desire of both ICANN and the applicants to complete the application and evaluation process as quickly as possible, the extension of the comment period certainly suggests that things are not going as ICANN planned. (Do they plan?)
In particular, none of the ten applications to sponsor new top-level Internet domain names has prompted comments showing the level of support for the proposals from the interested communities required by the criteria in the request for proposals.
On its face, the lack of supportive comments should be grounds for summary rejection of all the current proposals. Instead, I expect we will see a determined face-saving effort by applicants during the extended comment perior to stuff the comment e-mail boxes with endorsements for their applications from their friends and front groups.
Monday, 26 April 2004
Fare fraud on the Airtrain to JFK Airport
In New York last week for the Travelcom travel marketing, distribution, and technology conference and trade show, I had my first chance to ride the new Airtrain shuttle between the terminals at John F. Kennedy International Airport, the Howard Beach station on the New York City subway's A-train, and the Jamaica station on the Long Island Rail Road.
It was all very comfortable and convenient, even with luggage, but a lot of New York locals, arriving at the Airtrain for the first time, were unpleasantly surprised to find that the former free shuttle bus has been replaced with a US$5 (one-way) train.
That's $5 just from the terminal to the subway (plus $2 for the subway), but that's not what I found most objectionable. After all, $7 from the airport to anywhere in the City, even with total travel time of an hour and a half to or from mid-town Manhattan, is still a considerable improvement over a $35-40, 45-minute or more (depending on traffic) cab ride. And for $21 you can buy a 7-day "Unlimited Rides" MetroCard -- the same MetroCards are used for payment on both the subway and the Airtrain -- so it seems like for only $7 more than a round-trip from the airport by subway and Airtrain, you can get a week of unlimited travel throughout the city.
So I did the math, and I bought the pass, only to find out that the "Unlimited" MetroCard is limited to the subway, and not accepted on the Airtrain at all, even though the only form of payment accepted on the Airtrain is a per-ride MetroCard. If you're still with me, that means the only form of MetroCard not accepted on the Airtain is the so-called "Unlimited" MetroCard. Go figure -- or go complain.
That's false advertising and fraud, and it's a fraud perpetrated by the airport itself, the largest share of whose victims will be first-time visitors, since locals and frequent vistors will learn that in this case "Unlimited" doesn't mean what it implies. How naive we are to think the operators of the airport would be trying to protect arriving visitors against getting ripped off for hidden extra fees for their transportation into the city!
I've written a letter to the responsible parties asking them to end the scam. I'll let you know if I get a response. [See links below to my non-responses.]
Lest this confirm whatever opinion you might have of swindling New Yorkers, let me hasten to remind you that this was the doing of the Port Authority of New York and New Jersey, and that one should never to judge the character of a people or place by the character of government agencies or officers.
On this same visit, I left my mostly full steno pad of notes -- a journalist's most irreplaceable possession, and none of which have I previously lost -- sitting open on the steps of a fountain at the southeast corner of Central Park, at rush hour on a weekday, with thousands of people going by. I came back half an hour later to find my notebook still open to the same page, with even my pen sitting on it undisturbed.
And if that's not enough to restore your faith in New Yorkers, consider this: all this happened on Patriots' Day, after the Red Sox had beaten the Yankees at Fenway, and while I was wearing a Red Sox hat -- than which nothing could be more calculated to provoke hostility in the heart of a New Yorker.
As security expert Bruce Schneier reminds us in the book I'm currently reading, Beyond Fear: Thinking Sensibly About Security in an Uncertain World:
The world is a dangerous place, but it's also a good and decent place. People are good. People are kind. People are nice. Even in the worst neighborhoods, most people are safe.
Even Red Sox fans in Manhattan. Or gringos in Mexico City: a high point of my latest vacation was a Mexican League game at the Foro Sol between the Diablos Rojos de la Ciudad de México and the Piratas de Campeche. (How can a New Englander not like a league with a first-division team called the Lobstermen?) The doormen-cum-taxi-touts at our downtown hotel tried to persuade us it would be too dangerous to take the subway to the game. But it was about as friendly, while still enthusiastically partisan, a sporting crowd as I've ever encountered. And I think we were in less danger getting there than walking from the subway to our house in San Francisco.
After almost 20 years in San Francsico, I'm still a native New Englander. And I still hate the Yankees, in a sporting sort of way (whatever that means). But here's something I never thought I'd hear myself say: I love New York.
[Addenda: Replies from the New York Metropolitan Transit Authority (17 May 2004) and the Port Authority of New York and New Jersey (16 June 2004)]
Registered Traveler / Trusted Traveler juggernaut
Business Travel News reports today that the USA Transportation Security Administration is evaluating responses to its request for proposals from private companies to operate a trial version of a Registered Traveller (formerly known as "Trusted Traveller") system at selected USA airports. BTN also reports on several trials of similar systems in other countries as part of the the Simplifying Passenger Travel (SPT)initiative of IATA and other air travel industry groups.
The SPT initiative shows the convergence of industry interests in automated collection of data about travellers, at each point in their journey, for marketing, data mining, and business process automation, with government interests in automated data collection for surveillance and creation of permanent travel history files on each traveller.
But while a survey of corporate travel executives by ACTE found that, as also reported today by BTN , many expressed their willingness to participate in a registered travel program, many of the same survey respondents indicated they were "unaware that TSA would require companies or airlines to submit PNR information for background investigation," an ACTE spokesperson is quoted as saying.
Other companies are trying to sell their own technical systems for similar purposes. I'm quoted in a feature about one of these (using bar codes, showing that more invasive because secretly-readable RFID chips aren't necessary for passenger tracking, but still more useful for surveillance than security) tonight on Minnesota Public Radio: transcript and links , Real Audio stream (4 minutes).
National Radio Project on "Courage Under Fire: Resistance to War"
Twenty years ago this month I was released from the Federal prison camp in Lewisburg, Pennsylvania after "serving" a six-month sentence for "wilfull refusal to submit" to registration with the the USA Selective Service System for a possible draft of soldiers to be sent to fight in Afghanistan on the side of the people the CIA was then training and arming (and who would later come to call themselves the Taliban).
In a very real sense, I was imprisoned by the USA not just for activities supposedly protected by the First Amendment -- the government's stated purpose in choosing targets for its show trials, upheld by the U.S. Supreme Court in a thoroughly confused decision in Wayte v. U.S. (audio of the oral argument as I heard it in the courtroom 6 October 1984), was to indict the "most vocal" nonregistrants, in the mistaken belief that our convictions would most effectively scare less public nonregistrants into signing up -- but also for refusing to agree to fight on the side of the Taliban, and against the values of secularism, women's rights, "Westernization", modernization, and so forth that were then being championed in Afghanistan by the USSR and their occupation forces and the government they installed, in the same way that is now being claimed by the USA occupation forces and the government they have installed. So much for the claim that we ought to trust the USA government to decide for us in which wars, and on which side, to risk our lives and deprive other people of theirs.
At the same time I left prison, my partner's cousin, Eric Muller, was about to leave law school (no jokes about law school as prison, please) for a clerkship with a Federal judge followed by a stint as a Federal prosecutor arguing against criminal appeals like the one I was then still pursuiing.
Who would have thought that of the two of us it would be Eric who would write a book about draft resistance, Free to Die for Their Country: The Story of the Japanese American Draft Resisters in World War II, or that we'd end up good friends who enjoy bouncing ideas off each other even when we don't (as surprisingly often we do) find ourselves on the same side of an issue. Eric's blog, Is That Legal?, is one of the most genuinely thoughtful sources of legal commentary on an Internet often overwhelmed with polemics.
This week Eric and I -- and several people more interesting than either of us -- are featured on Making Contact from the National Radio Project. You can listen to streaming Real Audio or download a high or low bandwidth MP3. (It's a 29-minute program; the segment with Eric is the second and that with me the final third of the program.)
I did write a long account of my own imprisonment, which was published in 1984 in Resistance News . One of these years I might get around to putting it online. In the meantime, for more on my own background, and what draft resistance has to do with travel, see Who Is Edward Hasbrouck? and Why Is He Doing These Things? . For the current status of registration, the draft, and resistance to both, see Who Will Fight This War?, an article I wrote last year, with my mother, Marguerite Helen, for the American Friends Service Committee magazine Peacework.
[Addendum, 28 April 2004: Comments on the show from Eric's and my mutual friend Michael Froomkin: Small World. Good Radio. ]
Thursday, 22 April 2004
"Travel Data and Privacy" forum tonight at CFP
I'll be leading a background and status briefing and strategy session on Travel Data and Privacy tonight, Thursday, 22 April 2004, at the Computers, Freedom, and Privacy conference.
My notes indicate some of what I'll be trying to cover in the briefing, which will be followed by a strategy discussion on how to protect the privacy of travellers and our freedom to travel.
The schedule has been changed to reduce the time for these "Birds-of-a-Feather" sessions from 3 hours to 90 minutes, with the new time from 10:00-11:30 p.m. The location has also been changed to the "Living Room" at the conference venue, the Claremont Hotel and Resort (where Ashby Ave. turns into Tunnel Rd., on the Oakland/Berkeley line).
Most of the CFP conference is open only to paid registrants and press, but I've been told that "BoF" sessions like this are free and open to the public. I apologize for the inaccessibility of the venue by public transport late at night (it is possible to bike up the hill from Ashby or Rockridge BART station), but I hope to see some of you there, beyond just CFP attendees.
Saturday, 10 April 2004
American Airlines confirms reservations used in CAPPS-II tests
American Airlines has finally confirmed that, as I reported last year on my Web site, more than a million archived American Airlines reservation records were turned over to each of four competing teams of contractors working on the CAPPS-II passenger profiling and monitoring system in the summer of 2002.
According to the Associated Press , the American Airlines PNR's were provided to the CAPPS-II contractors -- led by HNC Software, Infoglide Software, Ascent Technology, and Lockheed Martin, as well as to the Transportation Security Administration itself, at the request (but not demand) of the TSA, by Airline Automation, Inc..
Airline Automation processes PNR's for American (whose reservation database is hosted in the Sabre CRS, originally created by American but now independent) and other airlines, mainly mining them to extract ticketing information which is used to enhance airline pricing and yield management. As I've previously reported , Airline Automation retains those PNR's, and used them for experiments in passenger profiling as early as late 2001.
In November 2003, Airline Automation was acquired by Amadeus, the only one of the four major CRS's still owned by airlines and, more significantly in this context, the only one of the four based in the European Union and thus fully subject to EU data privacy laws throughout its operations. (The other three major CRS's -- Sabre, Galileo, and Worldspan -- are all based in the USA.)
I've been pressing Amadeus for comment on Airline Automation's past provision of archived PNR data for CAPPS-II testing, and whether Amadeus would be changing Airline Automation's privacy practices to conform to EU data protection requirements. I've also been pressing Sabre for comment on how the Sabre PNR's from American and other airlines were provided to the CAPPS-II contractors in 2002. I suspect that it's those enquiries that led American to investigate and realize that they couldn't cover up or deny the story forever.
To minimize the immediate fallout, American released the story on Good Friday, when USA stock markets are closed, after the close of business in Washington and after American's own spokespeople had left for the weekend. But this isn't a story that will quickly fade away.
American and Airline Automation are reportedly arguing already about whether American's contracts with Airline Automation for PNR processing did or did not allow Airline Automation to retain copies of the PNR's, and provide them to the government or government contractors.
But there are other, more serious, questions:
- Why have the TSA and the Department of Homeland Security continued to deny -- even in the face of specific questions by myself and others about these particular 2002 tests -- that any real PNR's were used in CAPPS-II testing? Have they been lying, or has their oversight been inadequate? (European Union and other countries´authorities should ask particularly hard questions about whether the TSA and DHS are capable of honesty and effective self regulation on privacy.)
- What other airlines' PNR's were used in the 2002 CAPPS-II tests? (As I reported last year, people who were involved in the tests have told me that multiple airlines's PNR's were used.) Will those other airlines, Airline Automation, the TSA, and/or the CAPPS-II contractors come forward and acknowledge what they did with travellers' personal information, now that American has begun to 'fess up?
- What will Amadeus do now to bring its Airline Automation subsidiary into compliance with EU law?
- Most importantly, what will the USA Congress do to investigate the growing travel reservation privacy scandal, and to enact privacy protections for travel data to prevent it from recurring?
Ironically, I got the news that American had confirmed my reports about PNR usage in 2002 CAPPS-II tests as I was on my way out the door to the airport to catch an American Airlines flight, and I'm writing this in one of the American terminals at their hub in the Dallas/Ft. Worth airport while changing between American planes (blogging over an infrared connection from my Psion netBook to a GPRS mobile phone, about which I'll have more in a future article).
I'll be back in the USA on the 18th of April, and hope to talk about these issues with many of you at the session on travel and privacy CFP the following week.
[More from the Electronic Frontier Foundation: TSA and CAPPS II -- Anatomy of a Cover Up]
Friday, 9 April 2004
The Amazing Race 6 auditions in San Francisco tomorrow
Last-minute news that The Amazing Race will be holding auditions in San Francisco tomorrow, Saturday, 10 April 2004:
Hello Amazing Race fans! ... We thought we'd give you an advanced scoop that CBS 5 will be conducting a Bay Area Casting Call for Amazing Race 6, this Saturday!
Here's the scoop:
CBS 5 will be holding a local casting call for the next season of The Amazing Race (6) on Saturday, April 10th from 10am-2pm at Sports Basement -- in the Presidio across the street from Crissy Field. Sports Basement will be giving special coupons for everyone brave enough to audition! For directions, check the Sports Basement Web site . If you think you and your friend have what it takes, please click here for the eligibility requirements and an application.
See you on Saturday!
It appears that the application form is the same as the one for the previous season.
I'll be landing in Mexico City tomorrow morning during the auditions (I'm on vacation next week, and will be back in the USA for the Travelcom and Computers, Freedom, and Privacy conferences the following week), so I'll have to miss the fun. If anyone does go to the audition, please post your comments and observations.
Wednesday, 7 April 2004
Google's "Gmail" tempting, but dangerous
Web-based e-mail has become the international traveller's primary mode of communication with friends, family, and business associates back home and around the world. And a common problem is that travellers don't receive important messages because their e-mail boxes have filled up between stops at cybercafés, so no new messages can be accepted.
So Google's launch this week of a beta test of a Gmail "free" e-mail service with a gigabyte of storage per mailbox, so that "you'll never need to throw anything away again", looks especially tempting to travellers.
But there's a catch (as there usually is when a for-profit company offers something "free"). Several catches, actually, some of them sufficiently serious that, as a consumer advocate for travellers, I've joined 28 other leading national and international consumer and privacy advocates in a joint letter -- available from the World Privacy Forum (PDF) and the Privacy Rights Clearinghouse (text/html) -- urging Google to revamp the Gmail service and its policies.
Google's purpose in offering to archive larger volumes of e-mail is to be able to earn more money from advertisers for the ads they will show you each time you read your e-mail on their Web site. Advertisers pay much more per viewer for ads that are shown to people who might actually be interested in the advertised product. By scanning their archives of your messages for key words each time you read your mail, they will be able to show you ads readed to the words in your e-mail. Google hopes that the higher prices they can charge advertisers for these "targetted" ads will offset the additional cost of the storage and scanning needed for the targetting.
But it order to target the ads it shows you as narrowly, and profitably, as possible, Google's privacy policy for Gmail permits them to keep copies of all your messages for as long as they like, even after you have deleted them or closed your Gmail account. So even if you can't read your old messages, Google can still read them, and will still have them available if the government asks for them.
Google claims that they don't currently "intend" to have humans read Gmail archives, or share them with its other business units. Under Google's current plans, only robots will be used to scan your messages and select macthing ads. But intentions aren't promises, and like most privacy policies, Google's "policy" isn't a legal commitment. As the letter from myself and other consumer advocates says, "In a nation of laws, Google needs to make its promises in writing."
Google's policy on sharing Gmail user information with the government is even more troubling: Google reserves the right to provide personal information (including complete e-mail archives) "to satisfy any ... governmental request."
The difference between "request" and "order" is crucial": All Google's policy means is that Google will wait until the government asks for your mail archives before they turn them over. But Google can give any government agency or officer anything they ask for, without the need for them to go to court or get an order requiring Google to turn it over. And Google doesn't have to tell you if they've turned over all your e-mail to the government for the asking. A meaningful privacy policy should provide that personal information will be given to the government only in response to a court order requiring it.
Under the USA Patriot Act, of course, a "national security order" compelling the disclosure of information can be issued without the need to go before a judge, and can include a "gag order" forbidding the recipient of the letter from disclosing what information they have provided to the government. That means claims by Google, or anyone else, that they never reveal customer information can't be believed: As long as the Patriot Act remains on the books, such claims could be government-ordered lies.
The only way to be sure that your personal information isn't available to the government for the asking is to ensure that all copies of it are deleted. But that's exactly what Google won't let you do with Gmail.
But if you can't rely on Google to delate your Gmail messages when you want them to, neither can you rely on Gmail to keep your messages as long as you'd like.
You get what you pay for: Like any other operator of a "free" (advertiser-supported) e-mail service, Google reserves the right to discontinue the service and/or close any individual account any time they feel like it.
By far the most common e-mail problem for travellers is losing their archive of e-mail addresses because it was stored on the server of a company that went out of business or, for any reason or no reason, closed their account or deleted their messages. I once lost touch with some good friends for almost a decade because their ISP went out of business, taking with it the e-mail message from me that was their only copy of my address, and their e-mail address that was the only way I had to contact them on the other side of the world. And I hear stories like this constantly from other travellers.
Giant searchable in-boxes will, as they are intended, prompt people to rely on Google's servers as the sole archive of their e-mail messages.
Losing a megabye of Hotmail messages can be problematic (as I mentioned, the worst loss is typically the loss of the addresses, rather than the actual message content -- travellers also regularly lose address books stored on PDA's or cell phones that break or are lost or stolen and haven't been backed up while travelling), but losing a gigabyte of Gmail, perhaps including the only copies of your digital travel photos, could be a much greater disaster.
You can't back up your e-mail over the Web except by laboriously forwarding each message to another mailbox, which no one remembers to do religiously. In order to back up your e-mail, you need to be able to acces your mailbox with some standard mail client or protocol from another computer.
Neither Google's Gmail, Microsoft Hotmail, nor Yahoo Mail permits you to access your mailbox by any standard protocol. Why should they? They make their money through advertising, and unless they insert ads into your messages (which they also do) they can only show you ads -- "targetted" or otherwise -- with your messages when you view them on their Web site.
What can you do about all this? Here's my advice:
- If you want to store and search archives of your e-mail messages, do so on your own computer or one controlled by someone you know well and trust to protect your privacy.
- If you store any information (address book, vital documents, e-mail messages) on someone else's server, especially a Web service, make sure there is a way to back up your data, and use it regularly, without fail. I keep multiple encrypted copies of my e-mail archives (more than the gigabyte Gmail allows) and PDA and cell phone memory backups in secure locations physically separate from my devices or primary servers.
- Find and use an e-mail service that is accessible with a standard POP and/or IMAP e-mail client, and download your e-mail regularly to someplace you can back it up and keep it secure -- don't let it accumulate on the server. Most ISP's offer both Web-based and POP/IMAP access to the same mailbox.
So what if it's not free? Is US$5-10 a month too much to pay to spare yourself and your correspondents from having ads inserted in each of your messages, and being able to keep your mail secure? - Most importantly, in the current state of the law in the USA: If you care about your privacy, don't use Web or data storage services based in, or contolled from, the USA.
Data stored in the USA has, in general, no legal privacy protection, and is particularly vulnerable to secret seizure by the government under the Patriot Act, without a warrant or court order. If you care about data privacy, keep your data in a country that respects the international norms, such as Canada or any of the countries (25, as of 1 May 2004) of the European Union.
I use Altern.org, a free and ad-free Web-mail service, also accessible by POP or IMAP, that's based in France (yes, the user interfcae is in French) and has a strong record of defending its users' privacy and anonymity. My Web site, blog, e-mail list server, and primary e-mail server (including Web, POP, and IMAP access) are all in a hosting facility in Canada. On the Internet, it makes little functional difference where servers are located, and Web and e-mail hosting (like travel and almost everything else) are currently cheaper in Canada than in the USA anyway.
There are lots of alternatives without the drawbacks of Gmail, Microsoft Hotmail, or Yahoo Mail. What have you got to lose but Big Brother looking over your shoulder?
More Europarl opposition to giving airline data to the USA
Further communications I've received from European Parliament sources in Brussels confirm that, in addition to the vote of the LIBE committee reported here yesterday, two other Europarl committeees also voted this week to oppose the draft agreement to allow PNR data from the EU to be transferred to the USA government. Three committtees are now officially on record against the proposal, reflecting the clear weight of opinion among most Members of the European Parliament (MEP's).
The Committee on Foreign Affairs, Human Rights, Common Security and Defence Policy (AFET), to which the proposed agreement was referred for an advisory opinion, voted that it "calls on the Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, as the committee responsible, to reject the conclusion of the agreement." That recommendation is now included as a concurrence to the recommendation of the LIBE committee against the agreement, which goes before the Europarl plenary session from 19-22 April 2004.
And the Committee on Legal Affairs and the Internal Market (JURI) voted this week to recommend to the President of the European Parliament, MEP Pat Cox of Ireland, that he initiate legal proceedings in the European Court of Justice, on behalf of the Parliament, to obtain from the Court an opinion on the compatibility of the draft agreement with the European Community Treaty.
The President's decision on how to proceed is expected before the Europarl adjiourns for the summer at the end of this month.
Tuesday, 6 April 2004
TSA requests proposals for "Registered Traveller" program
The USA Transportation Security Administration has published a Request For Proposals (MS-Word format) for a "Registered Traveller" pilot program to be conducted for 90 days beginning in June 2004, involving 5,000-10,0000 "voluntarily" registered travellers and domestic USA flights from 3-5 airports.
Participants would have their biometric information (fingerprints and/or iris scans -- images of the unique patttern of blood vessels in the eye) recorded in a privately-run but government-controlled database, undergo a security check by the government, and be issued a "token or credential" in or on which their biometric information is stored in machine-readable form.
The technology of the "token or credential" isn't specified, but would most likely be a remotely and secretly readable radio-frequency identification (RFID) chip.
RFID chips are being pushed as an interoperable standard by the USA Government Smart Card Interoperability Specification (GSCIS) and by all those (except, of course, travellers themselves) with an interest in tracking and logging travellers' movements, including the proposed worldwide ICAO biometric/RFID passport standard and the worldwide airline/airport joint Simplifying Passenger Travel initiative, the goal of which is for travellers all to have a single credit-card sized integrated RFID/biometric registered traveller/trusted traveller/frequent traveller/e-ticket/boarding pass/baggage check/electronic payment card. For more on these, see the biometric and RFID references from ICAO's Machine Readable Travel Documents working group, which meets next in Montréal on 17-21 May 2004, and thoe documents for the meeting of IATA's Passenger Reservations Committee (RESCOM), which is likely to be attended by some of the same delegates when it meets the following week, 25-26 May 2004 in Washington, DC.
The program was originally conceived of (mainly as a way to appease business travellers complaining about security delays, and airlines concerned that those delays might lead them to drive or take Amtrak instead of flying) as a "trusted traveller" program -- which makes sense only if one abandons the presumption of innocence and treats all travellers as presumably untrusted and "suspect".
The name was changed (although not the essentials of the concept) to avoid the implication that registered travellers would be "trusted" and thus would automatically bypass security screening. That wouldn't do: the TSA thinks no one can be trusted. Registered travellers will stilll be treated with suspicion -- they just won't be treated quite as supiciously as unregistered travellers.
The program will be "voluntary", but once travellers have the "choice" of registering and having all their movements logged, in exchange for avoiding the longer, slower, and more immediately intrusive "unregistered traveller" screening lanes, the treatment of the unregistered will likely be made sufficiently unpleasant, or at least sufficiently slow, that few who qualify for registration won't "choose" it. And if you don't want to register, you'll still be able to travel (for now, at least), as long as you show up at the airport three or four hours before your flight.
The "Registered Traveller" RFP states that, "information pertaining to individuals gathered under any resulting contract shall only be disclosed in accordance with the terms of the Privacy Act".
No Privacy Act notice has yet been issued for the "Registered Traveler Pilot Database" (RTPD) required as part of the pilot project, so we can expect one to be published sometime between now and the start of personal data collection in June 2004. As with CAPPS-II, the critical element may not be what the government is or isn't allowed to do with the data, but how long it can be retained, and what airlines and other private companies are allowed to do with data collected from the same system.
If airlines can install their own readers alongside those of the government, read the same RFID chips, correlate them with reservations (as they almost certainly will be required to do for passenger-bag matching and checks of no-fly and selectee lists), keep the data indefinitely, and provide it to the government in response to a "national security letter" under the Patriot Act, , secretly and without a court order, restrictions on the government's own retention of registered traveller tracking data will have little effect.
But you'll doubtless be reassured to learn that, "Volunteers for this summer's pilot program will not be charged for participating."
Europarl committee recommends against PNR data sharing with USA, biometric passports
The European Parliament's Committe on Citizens' Freedoms and Rights, Justice and Home Affairs ("LIBE Committee") today voted to recommend that the Europarl not approve a draft agreement between the European Community and the USA on the processing and transfer of PNR data by airlines to the USA Department of Homeland Security, as proposed by the Council of the European Commission.
In a strengthening amendment (thanks to Statewatch for the documents) the LIBE Committee voted to add that it, "Calls on the Council to refrain from concluding this agreement until the Court of Justice has delivered its opinion on the compatibility with the [European Community] Treaty".
The LIBE Committee recommendations now go before the Europarl plenary session later this month in Strasbourg.
During the same meeting today, the LIBE Committee also decided to delay until fall 2004 making any recommendation on a proposal to require digitized biometrics, such as digital photos or fingerprints, on EU passports. The proposal cannot take effect without the Europarl's non-binding consultative report. So unless the committee's decision to delay the report is overturned by the Europarl plenary, which has only one more sitting this month before it recesses for the summer, the decision to delay the report will preclude approval of the biometric passport proposal until the fall.
Transportation Worker Identification Credential (TWIC)
This month the USA starts its next round of prototype testing of the Transportation Worker Identification Credential (TWIC), a secretly and remotely readable RFID/biometric ID card which 12 million or more workers in the passenger and freight transportation industry and in the vicinity of transsportation facilities will eventually be required by the government to obtain, carry, and use for access to their workplaces.
Most of us are, for most of our lives, workers as well as consumers, but somehow workers are often thought of as "others", not as ourselves, and entitled to less than equal rights.
Under existing legal doctrines in the USA, we have fewer privacy and free-speech rights in our workplaces than at most other times. Since we have so little vacation in the USA (for more on that, and how to change it, see here and here), many of us spend the majority of our waking hours on the job. Workplace levels of privacy rights and civil liberties are thus the real norm of how free we are (or aren't), not the exception.
The TWIC program is a threat to us all, not just to transportation workers, and especially those of us who travel -- which means especially those of you likely to be reading this blog.
The earliest description of the TWIC program I've been able to find is a 23 January 2002 draft Concept Paper prepared by the "Credentialing Direct Action Group" (CDAG), which was created by the Department of Transportation after 11 September 2001. These portions of the authority of the DOT were later reorganized into the Department of Homeland Security as part of the TSA.
According to the CDAG "Functional Requirements" document:
The focus of the CDAG's solution was on workers in the transportation system, while achieving sufficient flexibility to accommodate future needs to address identification of users of the transportation system.
In other words, the TWIC program was conceived and planned from the start as a prototype for mandatory identification and personal tracking systems that could eventually be imposed on travellers ("users of the transportation system").
The first round of TWIC testing last year involved airport and maritime facilities in the Delaware River and Bay (PA/NJ/DE) and Los Angeles and Long Beach (CA) areas. The next round of tests will involve up to 100,000 workers in those locations as well as at deepwater ports throughout the state of Florida in a Federal/state partnership prompted by a Florida law mandating a single credential for access to all the state's ports. Concerned that tourists worried about cruise port security might take their vacation dollars elsewhere, Florida has chosen to sell out the civil liberties of its own citizens working on the docks, in order to pander to the "Homeland Security" fears of out-of-state visitors.
The general idea behind the TWIC is that all transportation workers throughout the USA, including workers at air and sea ports and public transit facilities, highway and railroad and pipeline workers, truckers, and operators of any vehicle carrying passengers for hire, would have their biometric data recorded in a central database and be issued a single machine-readable card which would be used to control access to all transport factilities and vehicles. Presumably the "biometric" data would consist of digital photographs and fingerprints, although that hasn't been spelled out, most likely because the TSA hasn't wanted to face the backlash from announcing that it wants to fingerprint all taxi, truck, and bus drivers, road and rail and longshore workers, etc.
Regardless of any use or effectiveness for access control, the TWIC program seems to have been designed to maximize its potential for surveillance and monitoring of workers' movements, in keeping with its development by an industry/government partnership (not, as it might have been and as was suggested by workers' organizations, by an industry/government/worker partnership).
One of the locations in which the TWIC prototype was tested was an International Longshore and Warehouse Union (ILWU) union hall in Southern California, according to both a TSA stakeholder brief (25 December 2003) on the TWIC project and a 2 March 2004 presentation by the TSA to the Ship Operations Cooperative Program, "an industry-government partnership to enhance the U.S. maritime industry".
Members and officiers of other ILWU locals who I have told about this have been unaware, and shocked, that this had happened. It's unclear if union officers were aware that the goverment was controlling and logging who entered their union hall, whether -- and if so, why -- they gave their permission, and whether Federal labor laws may have been violated if it was done without the union's knowledge and consent.
The Privacy Act notice for the TWIC database (68 Federal Register 495007-49509, 18 August 2003) purports to place some restrictions on how the government can use the TWIC records of workers fingerprints, photos, and movements.
But by their nature RFID tags can be secretly read from up to 6 feet (2 meters) or more away, and employers are free to place (or hide) their own readers wherever on their facilities they want to monitor who passes within range, and when.
Since the TWIC cards are required to comply with the public Government Smart Card Interoperability Specification (GSCIS), anyone who gets within range with a reader (a fist-sized box costing a few hundred dollars) will be able to read and log the unique number on each card.
Use of the RFID chips ("smart cards") in general, and the GSCIS format in particular, also maximizes the potential for government mission creep. While the TSA tested prototypes of TWIC cards using alternate technologies (magnetic strips, two-dimensional printed bar code blocks, etc.) that can't be secretly or remotely read, and thus have much less potential for abuse, it's clear from the 23 January 2002 draft Concept Paper that the real intent from the start was to use "SmartCards" (RFID chips) -- precisely because they would facilitate expansion of the program and its uses:
General Concepts:
1. The Card:
- SmartCard technology would be used to manage the information on the card as a means of controlling access to that information and as a means of ensuring the integrity of the information.
- The SmartCard architecture will incorporate, to the maximum extent practicable standards, which allow maximum interoperability across hardware and software platforms. This will facilitate use of the card both domestically and for international enforcement regimes.
- The TWIC would incorporate a reliable and standard biometric (to be determined by the Transportation Security Administration)....
- The TWIC would incorporate GSA Smart Card Interoperability.
All this goes directly against what transport workers had clearly stated in the official comments to the government on the TWIC pilot program by the Transportation Trades Department, AFL-CIO (TDD), the ILWU, the International Longshoremen's Association (ILA), and the International Brotherhood of Teamsters (also available here in alternate format with a list of the members of the TDD):
[W]e believe it is imperative that provisions for TWIC be promulgated that prohibit employers from using the TWIC card or system for other than the designated purpose, namely the positive identification of port workers and visitors. The regulations should specifically prohibit employers from utilizing TWIC as a means for employee discipline and other labor-management issues, including collective bargaining.
As long as workers are required by government order to carry TWIC cards that contain secretly and remotely readable RFID chips with unique identifiers, and as long as employers or others are free to place RFID readers wherever they like and use the data however they like, limitations on the government's direct use of TWIC data will have little value to workers.
It remains to be seen how the deployment of TWIC radio tracking tags will be challenged by transport workers. But in resisting and opposing TWIC, they are standing up for the freedom to move without government tracking of all workers and travellers -- on and off the job -- and they desrve our fullest solidarity. The first people to be subjected to this tracking are transport workers, but the government and industry are already on record that all of us who travel will be the next to be "chipped".
Class-action lawsuit challenges USA "No-Fly" list
The American Civil Liberties Union today filed a Federal class action lawsuit seeking a declaratory judgement against the USA Transportation Security Administration (TSA) and the USA Department of Homeland Security (DHS) that their "maintenance, management, and dissemination of the No-Fly List are unconstitutional under the Fifth and Fourth Amendments" to the Constitution of the USA.
Oddly, the lawsuit doen't raise the question of the constiitutionality of the No-Fly List under the clause of the First Amendment protecting "the right of the people... peacably to assemble". Given that "to travel" is, in most cases, "to assemble" -- the majority of journeys by air are acts of assembly with business associates, fellow participants in business and organizations meetings and conventions, and/or friends and relatives -- such acts of travel are acts of assembly directly protected under the assembly clause of the First Amendment.
Today's complaint was filed in Federal District Court in Seattle, WA, on behalf of seven named plaintiffs (click on the thumbnail photos for statements by each of the named plaintiffs) including a member of the USA military on active duty, a retired Presbyterian minister, and staff members of both the ACLU itself and the American Friends Service Committee (a pacifist organization which previously received the Nobel Peace Prize). The lawsuit seeks certification as a class action on behalf of "all those who have been or will be subject to interrogations, delays, enhanced searches, and/or detentions as a result of having a name identical or similar to one on the Non-Fly List." The named plaintiffs include a "David Nelson" (one of many who have reportedly suffered as a result of the inclusion of that name on the No-Fly List) and a "Mohamed Ibrahim" (a name probably more common in the world than "John Smith").
The inclusion of an active-duty member of the military in those singled out for detention and more intrusive search under the government's own No-Fly List procedures raises particularly disturbing questions about the ability of the military itself, and the government in general, to tell "friend" from "foe" in cases where the consequences of misidentification might be more severe, even deadly, such as "friendly fire".
In November 2003, in response to an ACLU lawsuit under the Freedom of Information Act, the FBI and the TSA released 94 pages of heavily expurgated documents concerning the "No-Fly" and "permanent selectee" [for secondary security screening] lists. But as the ACLU analysis of the documents points out, all they really show is that the government still has no coherent process for creating, maintaining, or administering the lists.
The Electronic Privacy Information Center (EPIC) has also sued the TSA under the FOIA for information about the No-Fly List. But today's action is the first legal challenge to the list itself.
Since the government hasn't revealed how names are placed on the No-Fly List, there's no way to know whether any of the names on the list correspond to those of people who are genuinely so dangerous that they shouldn't be allowed to travel on common carriers. As common carriers, airlines are legally obligated to accept all passengers paying the published tariff and complying with their conditions of carriage as filed with the government.
But there are legal procedures, already in existence, for dealing with people known to be violent, dangerous, and likely to carry out attacks in particular public places.
Tens of thousands of times each year in the USA, victims of stalking and domestic violence go to court, present evidence, and obtain injunctions against those shown to be sufficiently dangerous (to the court's satisfaction, after an adversary evidentiary hearing) forbidding them from being present or travelling, even on public rights-of-way, within a certain distance of the complainants or their homes or workplaces.
Once such a restraining order is issued by a judge, there are established legal standards as to the level of particularized suspicion and evidence required before someone suspected of being in such a place in violation of a court's restraining order can be detaineed, questioned, or forced to produce evidence of their identity. The circumstances in which identification or evidence of identity can be demanded in a public place is currently before the USA Supreme Court in Hiibel v. Nevada, in which the police claimed that their demand that Hiibel identify himself was in response to a report of possible domestic violence.
More people are killed each year in the USA by stalkers and domestic abusers subject to protective injunctions by their victims than were killed by airline terrorists in 2001. That's an ongoing problem that calls for creative responses by all of us. But the presence in public places, on public rights of way, and on common carriers of people believed to pose a danger to others is not new, and does not call for new, extra-judicial, and unconstitutional measures such as the No-Fly List.
The TSA claims that only a few thousand names are on the No-Fly and permanent selectee lists, so the task of presenting those names, and the evidence against them, to courts and obtaining injunctions against them -- on the basis of particularized suspicion, judicial determinations, and adversary evidentiary hearings -- would be much simpler, easier, and less costly than the current cost of legal proceedings for restraining orders in stalking cases. It would also be much less costly that the billion dollars or more that it would cost to build the CAPPS-II airline passenger profiling system.
More important, use of established legal standards and procedures for obtaining and enforcing court orders restraining people's presence in airport terminals and gate areas, or travel by common-carrier airlines, would greatly reduce the infringement on our right to travel and our First Amendment right to assemble.
[Addendum, 6 April 2004: The ACLU has added a form to their Web site for people who may have been selected for secondary screening or other disparate treatment on the basis of the No-Fly List or "selectee" list, and who may be part of the class of people affected by the class action lawsuit, to report their experience. This supplements the ACLU's ongoing collection through a separate form of reports of racial profiling and discriminatory treatment in air travel. The ACLU has also set up a Web form to send a fax or e-mail message to the largest USA-based airlines asking them not to participate in passenger profiling either through the No-Fly and selectee lists or through CAPPS-II.]
Monday, 5 April 2004
Labor Tech 2004 denounces surveillance of travellers and transportation workers
I spent the weekend at the Labor Tech 2004 conference on labor and technology at Stanford University, where I spoke about the surveillance of travel and transportation workers (more on those issues in a separate article) as part of a panel on the surveillance of workers.
International labor and technology activists participating in Labor Tech 2004 included several from Asia and Latin America who had been enrolled in the US-VISIT program (fingerprinted, photographed, and had a dossier created, to be kept for life, on their biometric and biographic travel history) as a condition of entry to the USA. Some had even been criticized by fellow activists in their own countries for attending the conference in the USA in spite of boycotts against travel to or through the USA being organized in protest of US-VISIT.
Economic analysis of US-VISIT has focused on how many billions of dollars a year in spending by inbound international tourists the the USA will lose to other, more governmentally welcoming, destination countries they will go to instead.
But business and convention revenues will be lost as well: US-VISIT will increasingly prompt organizers of international conferences and business meetings to hold them in Canada, where international visitors face fewer visa and entry and exit hassles, instead of the USA. Hotel rates and other convention costs are currently so much lower in Canada that meeting planners will soon realize that even events solely for attendees from the USA can be held more cheaply in Canada than the USA. The result is that what is supposedly a "Homeland Security" measure for the USA will shift billions of dollars in business travel spending, by people from the USA, to Canada.
At the closing plenary on Sunday, 4 April 2004, participants in Labor Tech 2004 voted unanimously to adopt the following, among their resolutions:
Resolved, that Labor tech 2004 opposes the surveillance of workers and supports the freedom of workers to travel and assembly.
Specifically, Labor Tech 2004 calls for a halt to:
- Fingerprinting and photographing of visitors to the USA, including our sisters and brothers travelling to this conference, under the US-VISIT program;
- Requiring transportation workers to be fingerprinted and photographed and to carry a secretly and remotely readable Transportation Worker Identification Credential (TWIC); and
- Extending these programs to travellers within the USA through the CAPPS-II program and RFID/biometric passports.
Sunday, 4 April 2004
The Amazing Race 5 broadcast dates scheduled
Tentative broadcast dates and times in the USA for the upcoming fifth season of the reality television show about travel around the world, The Amazing Race, have reported been set by CBS-TV for Tuesday nights from the 4th of July through Labor Day this summer.
CBS hasn't officially confirmed the planned schedule (probably because broadcast dates and times are always subject to change), but Variety reports that "The Amazing Race 5" will premiere on CBS-TV in the USA from 9:30-11 p.m. EDT/PDT (8:30-10 p.m. CDT/MDT) on Tuesday, 6 July 2004, immediately following the "Big Brother 5" premiere. Subsequent episodes of "The Amazing Race 5" will run Tuesdays from 10-11 p.m. EDT/PDT (9-10 p.m. CDT/MDT), also immediately following "Big Brother 5."
Once again this season, I'll be providing weekly commentary on the travel lessons of each episode. This season, one of my special correspondents spotted and tracked the race through their home town near its conclusion, and I'll be including their guest commentary and links to exclusive high-quality photographs of the racers and the production crew in action, when that episode is broadcast.
There's been no report of planned broadcast times in Canada, where "The Amazing Race" has had much larger market share than in the USA -- not surprising given how much larger a proportion of Canadians travel overseas, compared to people in the USA, and in spite of resentment across Canada of the exclusion of Canadians from eligibility to apply for the cast of "The Amazing Race" (which is limited to citizens of the USA).
As for the cast of "The Amazing Race 5", Associated Press reports from her hometown in Pennsylvania that Alison Irwin, a member of the cast and runner-up on last year's "Big Brother 4", and her "boyfriend", Donny Patrick, will appear as one of the 11 two-member teams of contestants on TAR 5.
This isn't the first time some members of the cast of contestants have bypassed the elaborate open (to USA citizens) application process for "The Amazing Race". In each of the previous seasons, I've been told, some of the teams have been chosen for the cast without even having applied; invited to apply by casting scouts for CBS and/or the TAR production company;or selected after applying to particpate in different reality shows, such as "Survivor".
David from The Amazing Race 4" described his invitation process like this when we talked in September 2003, following the conclusion of the TAR 4 broadcasts:
EH: Did you originally apply [for TAR 4], or did they approach you?
David Dean: They approached us. We were actually out one night, and these two girls walked up to Jeff and I and asked us if we were interested in being in "Survivor", and we said, "No, not really." And they said, "Well, what about 'The Amazing Race'?" And so we asked them to tell us more about that. [We] ended up auditioning and going through that process. But we sort of got expedited through that process, because of the fact that they approached us and we didn't do the video or anything like that.
EH: Didn't do a video at all?
David Dean: No. Well, we started to, but then I just said, "You know, we don't have time to do it, so if you need us to do a video, forget it." They were like, "No, no, no, just come in for the audition."
EH: Had you ever watched any of the previous seasons at all... before they came up to you and said, "Would you want to be on "The Amazing Race"? Did you even know what it was about?
David Dean: No, I don't think I did.
I hope you'll all be travelling, this (northern hemisphere) summer as always. But if not, tune in 6 July 2004 for your next fix of travel television "reality", and check back here the next day for for the armchair travel quarterbacking.
Friday, 2 April 2004
USA wants to extend fingerprinting and photographing to all visitors except Canadians
The USA Department of Homeland Security (DHS) and Department of State today joined in asking Congress to expand the requirement for fingerprinting and digital mug shots of foreigners entering or transitting the USA to include even those travellers who aren't required to have visas under the "Visa Waiver Program" (VWP) by 30 September 2004.
Current USA law requires anyone wishing to enter or transit the USA under the Visa Waiver Program after 26 October 2004 to have a machine readable biometric passport in whatever format is adopted by ICAO as a standard.
It's been apparent for months that iuusing new passports for citizens of all VWP countries so quickly would be prohibitively expensive, even if all the countries the USA has allowed to participate in the VWP were willing to replace all their passports to satisfy USA demands. (The USA doesn't plan even to start issuing passports for USA citizens of the type it wants to require for foreign visitors until at least some time in 2005.)
The DHS and Department of State said today that they plan to propose that Congress extend the deadline for VWP countries to issue machine-readable biometric passports for 2 years, until 26 October 2006. But the "tradeoff" for being so generous as to allow their citizens to use the same passports to travel to or through the USA that they already use in the rest of the workld (and that the USA uses for its own citizens) will be to subject them to fingerprinting and digital mug shots each time they enter, leave, or transit the USA.
Today's announcement made no mention of any changes to the requirements for Mexican and Canadian citizens travelling to or through the USA unde two other programs from the VWP.
Most Mexicans travelling to or from Europe or Asia (like most travellers between Europe or Asia and the rest of Latin American) have to change planes in the USA, and the USA abolished all facilities for transit without visa as part of the implementation of the US-VISIT program.
Mexico has never been included in the "Visa Waiver Program". Fingerprinting and photographing of Mexican citizens arriving or transitting by air is already required by the USA, and must be expanded to Mexico-USA land border crossings by 31 December 2004 unless the law is changed. Some Mexican citizens have already been fingerprinted, photographed, and investigated by the USA in order to obtain special "laser visas", and President Bush has said that he will propose legislation to exempt holders of "laser visas" from being fingerprinted and photographed again on each visit, as long as they enter by land, don't stay in the USA for more than 3 days at a time, and don't go more than 25-75 miles into the USA. But that legislation hasn't been introduced yet, and wasn't mentioned in today's announcement.
Canadians have been allowed to enter the USA without visas under a separate set of rules from the Visa Waiver Program. Since no proposed change in their treatment was mentioned in today's announcement, they would presumably remain the sole exception to the fingerprinting and photogrpahing requirements -- further angering Mexicans at their unequal treatment as "partners" with the USA and Canada in the North American Free Trade Agreement.
Thursday, 1 April 2004
Parliament rejects mandate for airlines to give European governments access to reservations
Applying the same standard to mandatory handovers of airline passenger data to European Union governments that it had applied a day earlier in its vote rejecting mandatory access to PNR data by the USA government, the European Parliament today voted to reject a Spanish proposal that would require airlines operaitng within the EU to provide "Advance Passenger Information" to the government of the destination country when each flight departs.
The Spanish proposal was ostensibly intended as a measure to reduce illegal immigration, but the Europarl resolution rejecting found that, "It is doubtful whether the proposal in its present form can make a useful contribution to reducing illegal immigration."
The proposal rejected by European Parliament had earlier this week been approved by the Council of Ministers of EU members, leading to some erroneous reports that the EP had applied a double standard to intra-European and EU-USA flights and government demands for passenger data. In fact, the EP took a consistent view in rejecting both, sending a clear signal to Spain, to the USA, and to ICAO (where Spain and the USA were the sponsors of two proposals to extend worldwide the PNR and API standards and mandates they had previously proposed for the EU).
As with the proposed "agreement" with the USA, the status of the Spanish proposal for intra-European flights remains complicated and uncertain following today's Europarl vote.
But whatever happens next, it's clear that European legislators have given in neither to panic at the risk of terrorism and illegal immigration, nor to intense lobbying by the USA, and have remained unwilling to sell out their consituents' freedom.
ICAO session concludes early after finalizing passport and reservation standards
The International Civil Aviation Organization (ICAO) Facilitation Section meeting in Cairo adjourned today, a day earlier than scheduled, after a session with little controversy between the delegates and, it would appear from the early adjournment, little serious debate or discussion on the issues raised by the privacy, civil liberties, and data protection organizations that weren't represented in the delegations.
According to Mr. Denis Gagnon, spokesperson for ICAO at its headquarters in Montréal, "Biometrics on passports have been under study by ICAO since at least 1997." But to the best of Gagnon's knowledge, no privacy or civil liberties organization or agency has ever been consulted by ICAO or invited to attend an ICAO meeting. Nor, so far as Gagnon knows, did any of the government delegations to the just-concluded ICAO session include any representatives of those governments' privacy or data protection authorities.
Gagnon says, probably quite correctly, that ICAO evaluated the RFID and biometric passport requirements, and the proposals for standardization of PNR and "Advanced Passenger Information" (API) data and their sharing with governments, solely on the basis of ICAO's mandate to facilitate "efficiency" and "security".
"ICAO is a technical standards-setting body, and efficiency and security are ICAO's mandate from governments," Gagnon says.
But aside from whether RFID and biometric passports will actually increase anyone's security, there's a larger question: If ICAO's mandate isn't to consider anything other than efficiency and security, who's responsibility is it to consider other factors like civil liberties? Universal tattooing of people with numbers corresponding with those on implanted RFID chips might be efficient and, by some measures, secure, but that doesn't mean that it would be good public policy.
If ICAO considers that its mandate forbids it from considering the implications for civil liberties of its technical standards, what does ICAO think is the proper forum in which those issues should be considered? And who should decide whether, on these and other grounds, ICAO's technical recommendations for efficiency and security shoiuld or should not be adopted as public policy?
"I know what you're getting at, and that's a very interesting question," Gagnon told me. He promised to try to get an answer to that question from ICAO officials at the Cairo meeting, and I'll be interested to hear where they think their critics should turn.
Today's announcement from ICAO of the conclusion of the Cairo session said that it had agreed to recommend that all countries begin including machine-readable digitized photos on passports by 2010 -- a compromise between earlier dates desired by the USA and some European countries seemingly more interested in surveillance, and later dates preferred (to delay the greater cost of producing the new passports) by less wealthy countries.
In a disturbing hint at the potential for abuse of these biometric passports, ICAO say, "This makes possible rapid comparison, either one-to-one with the person and document, or one-to-many using a database to positively identify an individual."
Today's announcement was unclear on what exactly had been agreed regarding the proposals by the USA for standarization of PNR and API data to facilitate government access to passenger information, and didn't mention RFID (which had been proposed as the standard method of storing the digitized facial image and/or otyher biometric identifier) at all. I hope to have more details of the decisions on these issues tomorrow.
RFID chips to be used to track airline passengers and baggage
At a panel on "RFID In the Airline Industry" at the RFID Journal Live! Executive Conference which concluded yesterday in Chicago, USA government and airline speakers announced major steps toward the widespread deployment of RFID (radio-frequency identification) chips for tracking of both passengers and baggage within the USA, according to two reports here and here by Bob Brewin in Computerworld.
The announcement of the plans for use of RFID chips in airline boarding passes to track passengers movements through airports in the USA and for "more tests of RFID chips in baggage tags" at USA airports coincides with ICAO's consideration of proposed standards which would mandate use of RFID chips for international air travellers by requiring them to be included in all new passports.
The result would be to give RFID chips a central role worldwide in "the conversion of travel systems into a global infrastructure of surveillance", as forecast earlier this week in a joint letter from privacy, civil liberties, and consumer orgnizations questioning the planned uses of RFID and biometrics in travel documents.
As I reported in November, McCarran International Airport in Las Vegas has already contracted for comprehensive use of RFID chips in all baggage tags beginning this year. And Brewin has written extensively in Computerworld about previous smaller-scale RFID baggage tag tests by Delta and other airlines in the USA and abroad.
What's different about the tests by Delta Air Lines, according to the latest report on the conference presentation by Delta manager for baggage planning and development Pat Rary, is that, "Delta will write information to the RFID bag tags at the request of the Transportation Security Administration, which has backed both tests, Rary said. That information will include the flight number, passenger name and what Rary called a 'license plate' -- a serial number that identifies each bag."
On the same panel, Anthony "Buzz" Cerino, communications security technology lead at the TSA, reportedly said that the TSA plans its own tests of RFID baggage tags "later this year".
Plans and initiatives to use RFID chips in consumer products have come under widespread criticism from privacy, consumer, and civil liberties advocates and organizations, and Delta itself became the target of a consumer boycott for vounteering its passengers' reservation data for tests of the CAPPS-II airline passenger profiling and monitoring system. One might think that Delta would have learned their lesson about the extent to which Delta passengers value the privacy of their travel records. But apparently not.
Personally identifiable baggage details in airline databases (number of pieces, weight, time and place of check-in, routing, destination, and, if insured or hazardous, detailed descriptions of the contents) are clearly the sort of personal information which is subject to the USA Privacy Act if maintained in a database controlled by the TSA or another Federal agency.
But there's been no Privacy Act notice, either in the Federal Register or provided to passengers checking bags with or to Delta, that their baggage records could wind up in a database contructed at the TSA's behest. So the TSA's role in both rounds of RFID bagage tag testing with Delta, as well as the tests the TSA plans on its own, raise serious questions of possible Privacy Act violations. Those questions should immediately be added to the agendas of the Congressional and other ongoing investigations of the TSA's privacy practices.
The TSA's newly reported interest in using RFID chips in boarding passes for participants in a possible "trusted traveller" or "registered traveller" program, in order to enable them to "know people's whereabouts" as they move through airports (a useless suggestion from any bon fide security perspective, since a would-be terrorist could easily give their boarding pass to a decoy, abandon it, and/or steal someone else's) raises even more serious privacy and surveillance concerns.
In testimony before Congress last month, TSA Acting Administrator david Stone reportedly called the trusted/registered traveller program a "high priority with us and one we're eager to move forward with."
But that can't begin -- at least not without the certainty that it would be shut down by the courts -- until after the TSA publishes a Privacy Act "System of Records Notice" for the traveller registration database, and conducts a privacy impact assessement on the program. Presumably, those will be either the first tasks for incoming TSA Chief Privacy Officer Lisa Dean or the next tasks for DHS Chief Privacy Officer Nuala O'Connor Kelly.
Remotely-readable RFID chips have been chosen over less-invasive and less easily-abused technologies (such as magnetic strips and 2-dimensional bar codes, which are already commerically available for encoding biometric identifiers on baggage tags) for the Transit Worker Identification Credential (TWIC), the first prototypes of which are being delivered this month to workers at Florida ports, and which up to 12 million workers thoughout the USA will eventually be required to carry.
Magnetic stripes and 2-dimensional bar codes were also considered, but are also being passed over, by ICAO in its search for a supplement to the current optical character recognition (OCR) standard for machine-readable passports.
RFID chips have unique privacy problems and potential for abuse, since the data stored on them can be read not only remotely but also secretly. And the trusted traveller program, which was originally intended to assuage the concerns of business travellers about possibly being caught up in the heightened scrutiny given "untrusted" travellers (what happened to the presumption of innocence?) now seems to be getting some of its strongest opposition from precisely those business travellers.
It remains to be seen whether, and how, the TSA will proceed with a trusted/registered traveller program, and how it will justify RFID tagging in its Privacy Act notice and privacy impact assessment for the trusted/registered traveller program.
But if the USA government is insisting on RFID chips in each piece of baggage, each airport worker (through TWIC), and each international passenger (through ICAO's addition of RFID to its machine-readable passport standard), its not surprising that they would want to seize any excuse (such as the trusted/registered traveler program) to be able to use RFID chips to track domestic passengers as well.
Unless, of course, they plan to require implanted RFID chips as identification tokens for travellers.
