Encrypted RFID passport data intercepted and cracked

A Dutch television news program has commissioned experiments by security research firm Riscure in which radio communications between the RFID chip in a prototype Dutch passport (using the same technology and encryption scheme recently adopted as an international standard and being deployed in USA passports) were intercepted, stored for analysis later at leisure, the password cracked in about 2 hours on a PC, and the digitized fingerprint, photograph, and all other encrypted and plain text data on the RFID chip in the password recovered.

Like the RFID passports scheduled for deployment in the USA by the end of this year (although the date seems to keep slipping due to technical, manufacturaing, and relaibility problems), the Dutch passports use ISO 14443 chips and the "Basic Access Control" encryption scheme, both of which have been adopted by ICAO as global standards and, through laws mandating "compliance" with ICAO standards, incorporated by reference into national laws in the USA and many other countries.

Under the "Basic Access Control" (BAC) scheme, the decryption key is derived from the subset of passport data printed in optically-readable type in the "Machine Readable Zone" (MRZ) at the bottom of the "data page" of the passport. The theory is that the exchange between the reader and the chip in the passport, even if intercepted, can't be decrypted without access to this data (which, unlike the RFID data, would be hard to obtain remotely). The newly-reported Dutch experiment shows that this isn't true: anyone who can eavesdrop on the radio conversation between a "basic access control" RFID passport chip and a legitimate reader can later decrypt it and recover the data.

The attack was made somewhat easier and quicker, in the Dutch case, by patterns in the assignment of passport numbers that form part of the MRZ data and thus the basis of the BAC decryption key. But since the passport cracking and decryption can be performed at leisure, once the encrypted data stream is captured and stored, this would only effect the time required to crack each passport with a given computer, not the basic possibility of doing so.

Neither the "Nieuwslicht" (Newslight) television report (as translated by my Dutch colleague), nor the press release on the Riscure Web site, specify the range at which the radio exchange between the chip in the passport and a reader (such as would be deployed at an immigration checkpoint or airline check-in counter) was intercepted. But another Dutch rearch presentation cited in The Register (UK) suggests that it could be up to 10 meters (30+ feet).

That's far more range than what's necessary for a slight variant of the threat scenario I presented to Frank Moss, director of the the USA State Department's Passport Office, last year at CFP -- and to which he has yet to respond:

Pick out someone who looks similar to the person for whom you want a new identity, follow them up to the counter where their passport's RFID chip is interrogated by a reader, intercept (with e.g. a radio receiver you wheel around in a nondescript suitcase) and store the radio traffic, and use it (once decrypted) to produce a cloned passport or some other forged identity credential. (Strictly speaking, decrypting the data on the RFID chip isn't even essential to making a perfect bitwise clone, although it would help greatly in forging the photo.)

Ironically, in the USA it's diplomats, some of whom were already supposed to have been issued RFID passports by now, who are the first people being placed in danger of remote identification, targetting, identity theft, and impersonation by anyone who intercepts and decrypts their RFID passport data.

The USA government has staked a lot on its push for the ICAO standards, and their incorporation into law in the USA. Willingly or not, many other countries have gone along. The big question now is whether the USA and its allies in ICAO and elsewhere will withdraw their RFID passport plans as fatally flawed, or will make an attempt to salvage them with ineffectual minor repairs -- as the USA already did when it agreed to use BAC, after first proposing to deploy RFID passports that transmit biometric and other data in the clear.

On a related note, I've gotten a lot of e-mail from readers wanting to know how to tell if their new passports have embedded RFID chips. I neglected, unfortunately, to take pictures of the sample RFID passports Moss passed around at CFP. All of them included a distinctive and fairly prominent (but not intuitively obvious as meaning "contains an RFID chip") logo on the cover. The odd thing is that I can't find an image of this logo anywhere on the Passport Office Web site (the only image of the RFID passport is of the inside data page, which contains no RFID indicia, not the outer cover with the RFID logo) or in any of the ICAO documents discussing the proposals for a standard RFID logo. (It's needed so that border guards, immigration officers, and other government agents can distinguish a passport with a defective or disabled RFID chip from a passport that never contained an RFID chip.) The only way for me to interpret the reluctance to have this logo publicized is that the government fears that people who already identify RFID chip numbers as the Satanic "mark of the beast" in the Christian Bible would identify the RFID logo itself as an even more literal "mark" of the beast. But if anyone got a picture of the logo on the cover of Moss' RFID passport at CFP, or can find any other image of the RFID passport logo, please send me a copy, and I'll post it.

(Thanks to Katherine Allbrecht of Spychips.com for being the first to bring the Dutch news to my attention. See her excellent new blog with Liz McIntyre, co-author of the Spychips book, for more news about RFID chips.)

[Addendum, 1 February 2006: See my follow-up article with the RFID passport logo.]

Government subsidies to airlines

There's a discussion on Dave Farber's Interesting-People mailing list about the ways that governments subsidize commercial passenger airlines.

Airlines whine about "regulations" and "freedom of the skies", but it in fact they receive a wide range of subsidies, tax preferences, and other forms of special treatment from Federal, state, and local governments in the USA. (The phenomenon is widespread elsewhere in the world, even if the details vary from country to country.)

How? Let me count the ways (in no particular order):

1. Airports and air trafffic control infrastructure are built and operated by tax-exempt government entities (consider the real estate and other taxes that would be paid by privately owned airports on huge tracts of land in prime urban and suburban locations) with below-market capital costs (tax-exempt government bonds).
   
   
2. Employee training for pilots, mechanics, etc. is provided by the military at no cost to airlines. (Ex-military pilots and mechanics may require additional training and certification for specific civilian aircraft types, but they've already logged thousands of very expensive hours of jet aircraft experience.)
   
   
3. Air traffic control and other services to airlines are provided by the government. (Airlines will claim that they pay for this in user fees, but that ignores the taxes that would be paid on private ATC infrastructure, and the artificially depressed labor costs: As government employees, air traffic controllers and many other civil aviation workers are forbidden to strike, enabling the government unilaterally to impose below-market wages.)
   
   
4. Airlines are paid all the time, even when their aircraft aren't being used, for agreeing to make their planes available on demand to the government as part of the Reserve Air Fleet . But the times when they are needed -- times of war -- are generally times of reduced civilian air travel, when they would otherwise be idle. And when the "Reserve Air Fleet" is used, airlines are paid market rates for government charters.
   
   
5. Government funding for military aircraft subsidizes production and operation of civilian aircraft: Manufacturers of aircraft and associated equipment pay nothing for knowledge transfers from government-funded military aircraft research and development, prototyping, testing, maintenance experience, etc. to civilian aircraft. Military aviation provides critical support for economies of scale and continuity of operations for manufacturers of aircraft, support equipment, and related services during cyclical declines in civilian aircraft demand. Many civilian aircraft types are sold directly to the military, and these sales are often essential to enlarging production runs to the break-even point.
   
   
6. Airlines have a statutory exemption from Federal anti-trust law to allow them to participate in IATA "traffic conferences" to fix standard "industry fares".
   
   
7. Under the preemption clause of the Airline Deregulation Act of 1978, airlines are exempt from state and local truth-in-advertising and other consumer protection laws. (This wouldn't matter if the Federal government enforced similar rules, But, as state Attorneys General have pointed out , the Feds allow many practices that enhance airline profits but would be forbidden under state and local fraud laws.)
   
   
8. Airlines based in the USA are protected by Federal law from all foreign competition: No airline based anywhere else in the world is allowed to carry passengers between points in the USA, and no foreign entity is allowed to own more than 25% of the voting stock in any airline based in the USA. This applies even to US colonies: It's illegal to buy a through ticket on a foreign airline between Guam and the mainland USA via e.g. Seoul, Taipei, or Tokyo (even though travel agents occasionally issue such tickets by mistake), no matter how much cheaper that would be than a ticket on Continental Micronesia, the only USA airline with service between those places. You have to buy 2 separate tickets, and claim and re-check your luggage at the transfer point. Under "Buy American" rules, all travel funded, even in part, by the US government must be on a US-flag airline, no matter how much more it costs than a foreign-flag competitor. Where, as is often the case, there is often only one US-flag airline serving a given destination, this gives them a de facto monopoloy on government-funded travel, a large and often high-revenue (last minute business travel by government contractors, etc.) portion of the traffic on some routes.

If airlines really want to be free of government regulation and oversight, they first should have to agree to give up their government subsidies and special privileges and protections.

Court says Google's distribution of "cached" Web pages is "fair use"

In the first legal test of Google.com's storage and redistribution of "cached" copies of Web pages -- even if the page has deliberately been removed from the original site, for example because a time-limited publication license has expired -- a Federal District Court in Nevada has ruled that this is a "fair use", and not copyright infringement:

Author (and attorney) Blake Field sued Google.com for infringing copyrighted worked published on Field's personal Web site:

The parties do not dispute that Field owns the copyrighted works subject to this action. The parties do dispute whether by allowing access to copyrighted works through "Cached" links Google engages in volitional "copying" or "distribution" under the Copyright Act sufficient to establish a prima facie case for copyright infringement.

Field does not allege that Google committed infringement when its "Googlebot," like an ordinary Internet user, made the initial copies of the Web pages containing his copyrighted works and stores those copies in the Google cache.

Instead, Field alleges that Google directly infringed his copyrights when a Google user clicked on a "Cached" link to the Web pages containing Field’s copyrighted works and downloaded a copy of those pages from Google’s computers. [citations omitted]

The Court ruled that Google had an "implied license" to store, copy, and redistribute Field work, as a result of Field's failure to take affirmative action to inform Google that he didn't want Google to copy his work!

Field remained silent regarding his unstated desire not to have "Cached" links provided to his Web site, and he intended for Google to rely on this silence. Field could have informed Google not to provide "Cached" links by using a "no archive" meta-tag or by employing certain commands in a robots.txt file. Instead, Field chose to remain silent knowing that Google would automatically interpret that silence as permission to display "Cached" links.

In analyzing this purported "implied consent", the Court claims that "any site owner can disable the cache functionality for any of the pages on its site in a matter of seconds". It's taking me a couple of hours to add the newly-required tag to every page of my Web site through a "noarchive" meta-tag in the HTML. But the Court assumes, wrongly, that (1) copyright in all works on a Web page is owned by the same person (the "noarchive" tag applies equally to an entire page), and (2) that she who owns the copyright controls the HTML, which is almost never true of work licensed for Web publication from freelancers who own the copyrights.

The Court also presumes that it is beneficial for any work to be available from Google's "cache". The possibility that the copyright holder might no longer wish the work to be available -- either because of the expiration of a time-limited Web publication license, or for other reasons of personal choice -- and that its non-availability from the original site might be deliberate, is never considered.

In light of this decision, freelance writers who want to grant time-limited rights to Web publication (so that they can re-sell a work, or charge for renewal or extension of the license) will need to add clauses to all future license agreements requiring the inclusion of a META NAME="ROBOTS" CONTENT="NOARCHIVE" tag in the HTML code of all Web pages on which the work appears. And messy disputes are likely to erupt with respect to requests by writers and other copyright holders to add such headers to work already on the Web, to which they had not intended to grant Google free reproduction rights in perpetuity.

The Court draws an analogy with "time shifting" of television broadcasts as fair use, which seems to suggest that in this Court's mind time-limited Web publication licenses might not be considered enforceable. It's common for a writer, photographer, or artist to authorize publication of an article both in a printed periodical and online for a specified period of time, 30 days or six months for example, after the publication date of the print edition. An untold number of such licenses, or at least their enforceability, have thus been cast into question.

I certainly have never intended the absence of "noarchive" tags on my Web site, or other Web sites on which my work is published, to imply a license to Google.com or anyone else to redistribute them. Rather, it has been my understanding (and, in fact, still is my understanding), that copyright law in the USA and most other countries requires an explicit and affirmative grant of license to authorize commercial for-profit reproduction such as Google's "cache". The Court's conclusion that if a Web site doesn't include a "noarchive" tag, the copyright holder(s) (and not the creator of the HTML, who usually isn't the same) "chose to permit such links to be displayed" just isn't true. And I include the following explicit notice in the HTML code of every page on my Web site:

META NAME="COPYRIGHT" CONTENT="copyright Edward Hasbrouck [year], all rights reserved. Mirroring, caching, syndication, and/or archiving of this Web site for purposes of redistribution, or any commercial use including the reproduction of any portion of this Web site on pages including advertising or self-advertising, is expressly forbidden, except with the prior express written permission of the copyright holder. If you received this file from a server outside the Hasbrouck.org domain, you have received an unauthorized and copyright infringing bootleg copy. Please report copyright violations to Edward Hasbrouck, copyright@hasbrouck.org."

I've pointed out repeatedly in the past that Google's distribution of "cached" copies of Web pages is the most unambiguously infringing of Google's activities . I can only hope that this decision, and the false factual assumptions behind it, are overturned.

[Addendum, 28 January 2006: This article has prompted some interesting private correspondence with John Levine , who is the author of several excellent books including The Internet for Dummies and who testified as an expert witness for Google in its defense against Field's lawsuit. It's also being discussed on one of the mailing lists for members of the National Writers Union , in which my attention was called to this 1995 NWU position paper, Authors in the New Information Age: A Working Paper on Electronic Publishing Issues . For those of you just coming across this thread, there's more in my earlier articles in the Writing and Publishing category of this blog.]

USA Court of Appeals ruling on airline ID requirements

Yesterday the U.S. Court of Appeals for the 9th Circuit, here in San Francisco, released its decision in Gilmore vs. Gonzales , the federal lawsuit challenging the secret USA Federal "security directive" which requires ... well, we still don't know what it actually requires, even after the court reviewed it in camera (secretly, in chambers) and used it as part of the basis for its decision against would-be air traveller John Gilmore.

There are many things wrong with the decision -- some of which will, I hope, be raised in future lobbying, litigation, and direct action by the newly-formed Identity Project .

The 9th Circuit Court decision reflects all of the misunderstandings of the facts, the law, and the applicable Supreme Court precedents that I pointed out in my report on the oral argument last month before the 3-judge panel that issued yesterday's ruling.

The judges misunderstandings were compounded by their decision to jump from an appeal, motions, and oral argument concerning standing and jurisdiction to a decision on the facts and the merits , without there ever having been any discovery, hearing, cross-examination, or fact-finding proceeding of any sort, either before the District Court or before the Court of Appeals. The only factual evidence considered by the Court of Appeals, so far as I can tell, was evidence about the USA government defendants' (purported) policies, submitted and reviewed by the judges secretly, after the oral argument, and unable to be reviewed, rebutted, or cross-examined by Gilmore or his lawyers.

Some of the Circuit Court's confusion is understandable, in the absence of any record of a fact-finding proceeding. For example, in describing the "facts" of the case, the Circuit Court says first that Gilmore "was not allowed to fly ... because he refused to present identification to Southwest Airlines when asked to do so," but later bases its decision in part on the quite different "fact" that "Gilmore refused to allow his bag to be searched by hand and was therefore barred from flying." It's unclear from the limited record whether he was denied transportation because he wouldn't present ID, or because he wouldn't submit to a more intrusive search. But that's a material factual dispute which should have gone to trial, not something that should have been presumed (or ignored) by the Court of Appeals.

Compounding this error, the Court of Appeals claims in its decision that a notice reading "PASSENGERS MUST PRESENT IDENTIFICATION" gave adequate (and accurate?) notice of a policy which, so the Court of Appeals concludes (on the basis of its in camera inspection of documents submitted by the government defendants) did not require that passengers present ID credentials, but allowed them the alternative of submitting to a more intrusive search if they wanted to fly without presenting ID. Either the "notice" is inaccurate, or the Court mis-states the law. In either case, the Court's conclusion -- that such a notice stating categorically that something is required provides "adequate" notice that it isn't required -- is indefensible.

Throughout its opinion, the Court of Appeals fails -- as it failed during oral argument -- to recognize the distinction made by the Supreme Court last year in Hiibel vs. Nevada , and which should have been decisive in Gilmore vs. Gonzales, between the permissible request for (verbal) self-identification and the impermissible demand for the production and display for inspection of tangible credentials or evidence of identification (i.e. search). The opinion, revealingly, never even attempts to define what it, or the secret regulations, or the airlines in their actual practices, variously mean by the vague and ambiguous term "identification". And the Court in its opinion -- again, as at oral argument -- repeatedly confuses asking for identification with demanding identification or imposing sanctions for not providing it.

Assuming that the Supreme Court won't choose to hear a further appeal, many issues remain for future litigation.

On 4 July 2002, at the time of the events that gave rise to Gilmore vs. Gonzales, the "conditions of carriage" included in the published tariffs of most airlines -- including Southwest and United, the two at issue in the lawsuit -- were silent with respect to passenger identification. And a large proportion of airline tickets were still paper tickets.

Since then, paper tickets have been phased out entirely by some airlines, and in large part by others, in favor of electronic tickets which have many drawbacks for travellers but advantages for airlines. Electronic tickets give airlines an excuse, independent of government-imposed security/surveillance directives, to try to identify passengers to enforce the rules long included in their tariffs that tickets are not transferable from one person to another. Whether that is sufficient legal justification for demanding what sort of evidence of identity from passengers will be, so far as I can tell, a case of first impression.

While Gilmore vs. Gonzales has been pending, most airlines based in the USA, and some based elsewhere in the world, have added clauses to their conditions of carriages requiring passengers to, in the language that most have adopted, "provide positive identification" on demand. (Demand by whom is not specified, so it isn't clear if this refers to demands by the airline, the government, or either.) Whether inclusion of these clauses in the tariffs of airlines or other common carriers is contrary to the "common carrier" clause of the USA Airline Deregulation Act of 1978, or parallel laws for other common carriers (railroads, ferries, bus lines, etc.), or the assembly clause of the First Amendment to the Constitution of the USA, remain to be tested in future litigation. (See my advice here in case you are ever refused transportation by an airline or other common carrier.)

From the start, I expected that Gilmore vs. Gonzales (originally filed as Gilmore vs. Ashcroft prior to the change of Attorneys General, if you are searching for the earlier history of the case) would be decided on the basis of the airlines' terms and conditions, as interpreted in light of the common carrier laws and the assembly clause of the 1st Amendment. But given how badly the 9th Circuit panel botched this case, perhaps it's best that it didn't touch on any of these issues, leaving them too as questions of first impression for some other, future court that will, perhaps, be a bit more diligent in its factual and legal inquiries.

New excuse for travel surveillance: medical quarantine

Public comments are due by 17:00 (5 p.m.) Washington time (GMT - 5) next Monday, 30 January 2006, on the latest proposal from the USA government for mandatory surveillance of travellers' movements.

I've been puzzling for weeks about how to respond.

The current proposal (70 Federal Register 71892-71948, 30 November 2005) comes from the USA Centers for Disease Control, a generally competent and benign technical division of the Department of Health and Human Services. I can't tell if the CDC sincerely believes that a police state is necessary to prevent the spread of epidemic diseases (the example of China might cast doubt on such an argument), or if other government entities with interests in surveillance are merely using the more recent fear of epidemic -- just as they have been using the fear of terrorism since 11 September 2001 -- as an excuse for similar mandates to the travel industry to collect, and give the government, comprehensive logs of travellers' movements.

Along with the proposed regulations, the CDC published several fact sheets on its claimed "legal authority for isolation and quarantine", but little or no justification for the proposed "Passenger Information" rules (proposed 42 CFR 70.4). Those rules look remarkably similar to those previously proposed -- under a completely different rationale -- by the Transportation Security Administration (TSA) as part of its CAPPS-II and "Secure Flight" airline passenger "screening" (surveillance) schemes.

Under the CDC proposal, each airline (whether based in the USA or elsewhere) operating domestic or international flights to or from any of the 67 airports in the USA designated by the FAA as large or medium "hubs", would be required to (a) solicit from each traveller or family group, and (b) pass on to the government, the following information about each passenger:

1. Full name (first, last, middle initial, suffix);
2. Emergency contact information;
3. E-mail address;
4. Current home address (street, apartment #, city, state/province, postal code);
5. Passport number or travel document number, including the issuing country or organization (in the case of foreign nationals only);
6. Names of traveling companions or group;
7. Flight information;
8. Returning flight (date, airline number, and flight number);
9. At least one of the following current phone numbers (in order of preference): mobile, home, pager, or work.

The CDC claims this will cost US$793.8 million. I suspect that this seriously underestimates both the value of the additional waiting time for travellers in slower check-in lines, and the implications of space limitations on airports' ability to add more check-in counters or kiosks. And it will come on top of Department of Homeland Security regulations that have already -- by the Department's own estimate -- imposed a billion US dollars in unfunded mandates to build surveillance functionality into airline reservation systems. Just as the USA has, under the Communications Assistance to Law Enforcement Act (CALEA), required the telecommunications industry to hard-wire surveillance capabilities into its infrastructure.

On their face, the proposed regulations are in direct violation of the USA Privacy Act, in two respects:

First, the Privacy Act provided that Federal agencies shall "maintain no record describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity". Clearly the records to be collected under this proposal would describe how individuals exercise their First Amendment right to assemble. While the CDC attempts to derive implicit authority for the proposed regulations from its authority to order medical quarantines, it does not claim any explicit statutory authority.

Second, the Privacy Act requires each agency to "collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs." It's unclear, as discussed below, exactly what sanctions may be imposed on the basis of passenger information, but it appears that they could include, at a minimum, loss of various rights, benefits, and privileges due to the imposition of quarantine restrictions.

Airlines will be required to solicit this information when passengers check in. Since all such passengers will also be required to be "screened" by TSA personnel at departure airports, there is no apparent reason why any information desired from the CDC could not be solicited from them directly by TSA staff as they are screened, rather than by airline personnel. The CDC proposal does not even purport to offer any justification for outsourcing the solicitation of this information to the airlines.

About all I can say in favor of the CDC proposal is that it could be dramatically worse, again in two significant respects:

One, "Information collected solely in order to comply with this regulation may only be used for the purposes for which it is collected." This is in marked contrast to the CAPPS-II, Secure Flight, and APIS schemes, under which airlines and other travel companies are (or would have been, or would be) free to use or sell, without passengers' knowledge or consent, personal information provided to them by passengers under government order.

Inexplicably, there's no requirement for airlines to destroy the data, even after they've turned it over to the government and when they are supposedly forbidden in perpetuity to use it for any other purpose. And there's nothing in the proposal about any system of monitoring or enforcement of airline compliance with this section. That means vigilance by passengers, in perpetuity, will be required to ensure that airlines don't misuse this data.

Two, the proposed regulations would impose an obligation on airlines to "solicit" information from passengers, but do not impose any obligation on passengers to respond in any way to such solicitations of information, and would not authorize, much less require, airlines to impose any sanctions or deviate from their obligation as common carriers to transport qualified passengers who are unable (e.g., they don't have an e-mail address) or unwilling to respond to airlines' solicitations of information for the CDC.

I have no confidence, unfortunately, that airlines will respect that distinction. The CDC rule parallels the security directive which requires airlines to solicit identity credentials from all passengers (and to identify to the TSA as "selectees" for more intrusive "secondary screening" those who are unable or unwilling to produce and display such credentials), but imposes no obligation on passengers to respond to that solicitation of credentials. Despite their lack of legal authority, and in direct contravention of their obligations as common carriers, airlines have nonetheless frequently chosen to refuse transportation to those who can't or won't display ID credentials. And both the airlines and the TSA systematically lie to the public about the content of the regulations, such as through TSA printed posters in every airport falsely claiming that passengers are required to display ID credentials on demand.

So I expect that airlines will probably misrepresent the CDC rules to passengers as requiring passengers to answer the questions which, in fact, airlines will be required to ask, but passengers will be fully entitled, without penalty, not to answer. And I suspect that litigation will be necessary to defend the right to travel without responding to the CDC-mandated questions, especially if airlines add this requirement (as they have recently been adding the requirement to produce ID credentials) to their conditions of carriage, in contravention of their obligations as common carriers and under the First Amendment.

If you are ever denied transportation by an airline, ask them for a copy of their conditions of carriage, which they are required to have available at every check-in counter. Ask them to tell you under which specific clause of the conditions of carriage you are being denied transportation. Try to get them to put that in writing, preferably either on airline letterhead over the signature and legibly printed name of the station manager for the airline at that airport, or as part of a complete printout of your passenger name record (PNR), in which the reason you were denied transportation, citing the specific clause of the conditions of carriage, has been entered. (If you made your reservations from Canada, the European Union, or certain other countries, you are entitles to see what's in your PNR. But not, unfortunately, if you made your reservations in the USA.) If the airline balks at giving you reasons, point out that your eligibility (or not) for a refund of your ticket is dependent on the reasons and the clause of the conditions of carriage under which you were denied transportation. So you need documentation of the reasons for their denial, in order to establish your refund claim. (If the airline refuses to transport you because you refuse to consent to being searched, you are entitled to a full and unconditional refund, even if your ticket would otherwise have been entirely nonrefundable. Presenting yourself at the airport, and refusing to consent to search, is perhaps the most foolproof way to obtain a refund of an otherwise nonrefundable ticket.) The airline cannot refuse to transport you, except as provided by specific terms of their published conditions of carriage, without grave liability under the common carrier clause of the Airline Deregulation Act of 1978.

[Addendum, 15 February 2006: Check the airline's current condiitons of carriage before you try this: Northwest Airlines has changed its rules to deny refunds to people who are refused transportation becuase they won't "provide identification" or permit themselves and their belongings to be searched.]

I hesitate to submit comments on the CDC rules, lest they modify them to impose on travellers a purported obligation to respond to airlines' requests for additional personal information. But they are certainly objectionable. If you choose to submit comments, you can send them by e-mail to qrulepubliccomments@cdc.gov until 17:00 (5 p.m.) Washington time (GMT - 5) next Monday, 30 January 2006.

[Addendum, 2 February 2006: Comments were submitted at the deadline by Privacy Activism and the Privacy Rights Clearinghouse and by the Electronic Privacy Activism Center , both raising, inter alia, the need to make explicit in the regulations that travellers don't have to answer the CDC questions, and cannot be denied passage or otherwise penalized for declining to answer. Also worth looking at are the airlines' comments on the cost and difficulty of modifying their information technology and business processes to comply: Qantas ("onerous ... entirely separate database ... substantial cost and effort ... increased processing time at checkin and the gate (for transfer passengers) ... ongoing operational impacts ... arduous"), British Airways ("unreasonable -- and in some cases impossible -- burdens on air carriers ... completely new data-base ... huge economic burden ... disruption at departure airports ... potential inconsistencies with international law"), Virgin Atlantic ("serious implications ... entirely new databases ... considerable operational problems ... additional time at check-in ... adding to passenger queues").]

Snail-mail from ICANN

I received a strange e-mail message today from Nicole Bihari, executive assistant to ICANN General Counsel and Corporate Secretary John Jeffrey, forwarding (by e-mail) a PDF file of a scanned image of a letter supposedly sent to me today by snail-mail.

Why ICANN chose this particular kludge of a mode of communication wasn't explained, but since the letter hasn't yet been posted on the ICANN Web site (it probably will be after ICANN reads this article), I'm posting a copy here .

Mr. Jeffrey's latest letter suggests that ICANN's Board of Directors intends -- if ICANN ever follows through on its purported promise to allow an independent review of their lack of openness and transparency -- to disclaim any responsibility for the actions of ICANN's staff, as a way to evade the jurisdiction of the independent review panel.

More immediately, Mr. Jeffrey refuses to take any action on my request for independent review, claiming that my request "does not meet the guidelines required by the ICDR procedures and therefore cannot be considered a formal IRP request sufficient to forward to the ICDR."

It's difficult, of course, to comply with procedures that don't exist. Mr. Jeffrey's latest letter acknowledges receipt of my latest e-mail message to him, but entirely fails to acknowledge or respond to what my message said: ICANN hasn't ever properly designated the ICDR or anyone else as its independent review provider (IRP), and has no properly-adopted procedures for independent review, as it is required to have.

The first step toward actually being able to refer my request to an IRP -- as ICANN has promised to do -- would be for ICANN to begin the process of designating an IRP and developing procedures for independent review. There's no mention in Mr. Jeffrey's meesage of any of these issues, or of any such actions.

My request for independent review remains pending, and ICANN remains in breach of its bylaws and its contractual commitment to the USA Department of Commerce to provide a mechanism for independent review of its compliance with its self-imposed procedural rules.

For good measure, Mr. Jeffrey throws in a bold-faced threat that if I actually attempt to (which I haven't), and am permitted to, register a ".travel" domain name, that will deprive me of any "interest" in ICANN decision on ".travel, and any right to independent review of that decision. It's a typical corporate capitalist attitude that only understands commercial interests and uses of the Internet, and can't imagine that I (or anyone else) would have any interest in ".travel" as a journalist, a traveller, or anyone other than a seller of travel services.

I'll be responding to Mr. Jeffrey, and ICANN, shortly.

In the meantime:

Tralliance Corp., ICANN's delegate to run the ".travel" franchise, has posted an unusual admission -- even before the completion of Tralliance's phased roll-out of the new domain name -- that even the travel "industry" (the only organization or interest group allowed to register ".travel" domain names) has doubts both about the value of ".travel" and about Tralliance as its operator.

The memo is prominently linked from the Tralliance home page and appears to be directed at potential ".travel" registrants:

[A] spirited discussion has developed surrounding the value of .travel and the viability of its success. The .travel critics have spoken.... There are those who allege that .travel is just a money grab by a couple of opportunistic entrepreneurs.

Presumably this last line refers to Michael Egan and Edward Cespedes, principals of Florida-based tour operator Certified Vacations , who as "E & C Capital Partners II, LLLP" hold convertible notes redeemable for a controlling interest in TheGlobe.com/Voiceglo.com, of which Tralliance Corp. is a wholly-owned subsidiary. Yes, ".travel" is now controlled by the owners of one Florida tour operator. No wonder the rest of the travel "industry" has doubts about whose interests it serves.

The further implication is that ".travel" registrations are lagging far behind Tralliance's rosy predictions -- as have registrations in the rest of the sponsored top-level domains now up for renewal, including ".aero" for the airline industry.

ICANN is currently soliciting comments on whether the ".aero" franchise to trade association SITA should be renewed, or on what terms. (What, if anything, ICANN will do with those comments is another question.) Comments can be sent to aero-renewal@icann.org through 4 February 2006; the one comment and one piece of spam received to date are posted here on the ICANN Web site.

[Addendum, 19 January 2006: More from John Levine on the lack of interest by potential travel industry registrants in ".aero" and ".travel".]

USA government goal: Gather and use "Travel Intelligence"

At a joint news conference today in Washington, DC, USA Secretary of Homeland Security Michael Chertoff and Secretary of State Condoleezza Rice announced a joint vision to "Develop and use 'Travel Intelligence' before travelers arrive" in the USA (and after, it appears from the descriptions of the planned programs).

It's not clear that this newly-announced "vision" is anything really new, but it is the most explicit acknowledgement yet of the USA government's intention to create a comprehensive system of surveillance of travellers , wherever they go and by whatever means they travel.

While today's announcement brought out the common surveillance and travel control purposes behind a wide range of initiatives by both federal government Departments (Homeland Security and State), including "An Enhanced Partnership with the Private Sector", it failed to mention the extent to which the transportation industry is being compelled by the government to spend billions of dollars to build surveillance capabilities into its infrastructure -- just as has the communications industry under laws like the Communications Assistance to law Enforcement Act (CALEA), and over similarly strong industry protests at these unfunded mandates.

(Neither the communications nor transportation industry, unfortunately, has stood up for their customers against these surveillance mandates on privacy or civil liberties grounds. Industry has objected only on the basis of their own financial interests, making it easy for government to buy their support by giving them free use for their marketing and other commercial purposes of the data coerced from their customers by government order.)

The one seeming "concession" today was the announcement that a new alternative identity credential would be made available to those wishing to cross the USA-Mexico and/or USA-Canada borders without a passport. The USA government has thus "backed down" from its previously-adopted requirment for all border crossers to have passports by 2008. The new " biometric passport card" will supposedly be cheaper than a regular passport, but there's no indication that it will be any easier to obtain, less susceptible to government or commercial misuse for surveillance, or in any other way less of a burden on travellers than a standard passport.

U.S. war resisters in Canada; "Omega" art exhibit in S.F.

A new 28-minute video on war resisters from the USA-Iraq War in Canada, and the debate now going on (in the context of Canada's national elections) on whether to grant them refuge in Canada, is now available in full online as streaming video in seven segments (plus links to supplemental video and other resources) from the National Film Board of Canada Web site, or for purchase on DVD or videotape from the War Resisters Support Campaign [Canada].

"Let Them Stay: Voices of U.S. War Resisters in Canada" is directed at a Canadian audience, but people in the USA should watch it as well, especially if you haven't heard or seen first-hand testimony from those who have taken part in fighting the U.S. war against Iraq -- and have opted out.

Closer to home, a forthcoming art exhibit at Intersection for the Arts in San Francisco, Battle Emblems , will focus on the creation and use of graphic symbols of social movements, including the "omega" symbol of draft resistance as well as the peace sign, the "theta" of the ecology movement, the womens symbol, the pink triangle, the raised fist, the IWW ("Wobbly") globe, and the rainbow flag of LGBT liberation. I'm loaning several omega pieces from my draft resistance archives, including photos from Resistance News, Fred Moore's silkscreened rainbow omega "Don't Register" poster, and a print of Carlos Cortez' woodcut IWW poster, Draftees of the World, Unite! You have nothing to lose but your generals! (which was also used in Resistance News and on National Resistance Committee leaflets). Also on exhibit will be rarely-shown posters from Michael Rossman's All Of Us Or None archive, and new work by locals artists using these symbols. The opening reception is Wednesday, 1 February 2006, 6 p.m. at Intersection for the Arts , 446 Valencia Street (between 15th and 16th Streets) in the Mission District. I hope to see some of you there. The exhibit will be on view from 1 February through 25 March, Wednesdays through Saturdays, noon-5 p.m.

MovableType on Yahoo Web hosting

This is not a blog about blogging, or a blog about blogging technology. Please skip this article unless you are interested in both. I've posted the information below solely as an aid to other bloggers, potential bloggers, and people who work with blogging software:

I've been experimenting with trying to migrate my Web site, including this MovableType (MT) blog, to "Yahoo Small Business" Web hosting. (For privacy's sake, I would still keep my mail server separately in Canada.)

I've been looking for a new hosting provider, and there are reasons to tryYahoo Web hosting. Of course the press release and advertisements from SixApart and from Yahoo make it sound so simple.

Unfortunately, the Yahoo MT installation and configuration process seems to be set up for a newly-registered domain name and a new MT installation to contain a new blog. There is as yet no migration guide from Yahoo or SixApart.

It would be premature to draw any conclusions, but here are a few notes for others who may be considering or attempting MT migration to Yahoo:

As soon as you sign up for Web hosting for a domain with Yahoo, Yahoo will add the domain to its DNS servers, including a locked CNAME entry assigning "mail.domain.tld" to Yahoo's mail servers. You can't use other DNS servers. You can change the MX records to use any mail server(s), but you can't put it at "mail.domain.tld". (Why? I don't know. It took me six rounds of e-mail back and forth with yahoo support to find out that this is their policy, not a bug.) Yahoo also requires a wildcard CNAME record for any subdomains you haven't explicitly defined, mapping "*.domain.tld" to Yahoo's servers."

Since Yahoo's DNS is immediately active, and can't be disabled (unlike Plesk or most other Web hosting control panels that have switches to enable/disable DNS and mail services), mail from within Yahoo will immediately start being blackholed by Yahoo's mail servers until you either set up addresses on Yahoo's mail servers or change the MX records.

The current general MT release is MT 3.20010; the Yahoo MT customization is MT version 3.20011. So don't be alarmed that Yahoo MT runs the "MT version upgrade" script if you import a new MT blog database from anywhere other than Yahoo. (This adds some extra Yahoo tables to the database.)

Yahoo's Web hosting control panel (but not any of the advertising by SixApart or Yahoo) identifies MT on Yahoo as "beta". MT on Yahoo is not yet reliable. It's sometimes very fast, sometimes excruciatingly slow, and sometimes doesn't respond at all. Rebuilds sometimes fail silently; I haven't yet been able to complete a rebuild of my largest blog.

I have support tickets open with both SixApart and Yahoo, and they seem to be trying hard to resolve the migration and deployment issues. I remain hopeful that once Yahoo MT it is out of beta, it will be faster and more reliable and scaleable than other MT platforms. But it's still in beta.

Yahoo says they do not support MT, and that support for MT on Yahoo is available only from SixApart. But existing MT support licenses from SixApart are not valid for MT on Yahoo, as below (although thus far SixApart has been trying hard to help me anyway). Be aware that if you migrate your MT installation to Yahoo, you won't get the support from SixApart for Yahoo's MT installation that you may be entitled to under any existing license:

Subject: Response to Movable Type support ticket 'migration to Yahoo'
From: Movable Type Support
Date sent: Wed, 11 Jan 2006 08:59:55 -0800 (PST)

This bug [MT rebuilds fail silently] was identified and fixed prior to the Yahoo launch, but a code freeze had to be enforced at a certain point prior to launch, so that fix was not there when that freeze was enforced. We're working with them on a timetable for when they plan to implement the updated code, but ultimately, it is under their control as to when that will happen.

On behalf of both Six Apart and Yahoo, I'd like to apologize for the frustration you've experienced due to this issue, and assure you that we are working with Yahoo to get the updates implemented as soon as possible.

I also do need to let you know that your current Movable Type license does not include support for your Yahoo hosted installation, as they are separately licensed products. We will be offering a support package specifically for Yahoo!MT clients who wish to receive personal support from Six Apart for that version. (We do have it available for purchase now if you're interested in adding it to your account, it's just that the purchase process is a little rough around the edges currently - so if you are interested in that, please do let us know and we'll work with you to make the purchase.)

[Addendum, 18 January 2006: SixApart continues to try to help me, despite continuing to say that my MovableType license doesn't entitle me to support for MT hosted by Yahoo. SixApart has distributed a patch for one of the most widely-reported bugs in the MT customization for Yahoo. Unfortunately, it doesn't help with my problems. And I've been contacted directly by Jay Allen of SixApart in response to my posting a version of this article to the MT developers network mailing list. According to Jay Allen:

"A big goal in our integration with the Yahoo Small Business offering was to provide the fastest and most enjoyable Movable Type experience on the web. If this is not the case, we obviously want to investigate. At this point, we are not aware of ANY performance issues on YSB [Yahoo Small Business hosting]. If you can isolate the problems you're having so that we can reproduce them, we will address them immediately.... We will be launching a support package for Yahoo Small Business Movable Type users. It would have been launched weeks ago had we not stumbled into some issues that needed to be solved first. Suffice it to say, this is a very high priority for us. I will also check with our team to see about transferral of licenses for existing MT customers who switch over to Yahoo. We'll iron out those details before we launch the support package but we definitely want all of our paying customers to have the support they paid for."]

Controlled flight into terrain

Independence Air shut down its flight operations last week. Its planes, which were leased, have been repossessed by their owners, and its remaining assets are being liquidated under the supervision of the U.S. Bankruptcy Court.

As I've noted previously:

Independence Air had a business plan as hopeless as the worst of dot-com's: "Let's charge lower fares than our competitors, while using the most fuel-inefficient planes with the highest possible operating costs per available seat mile (small "regional" jets)."

Independence Air is the largest USA-based airline to go out of business since 1992, but other much larger airlines in the USA are already bankrupt, are continuing to lose money, and could follow suit.

Caveat emptor.

Independence Air's shutdown is being praised as a model of "orderly" liquidation, but even in the best such cases, its ordinary travellers, and ordinary airline ex-employees, who are left holding the bag. (Perhaps an inappropriate figure of speech, as I've learned.)

Indpendence Air asked for, and got, an order from the bankruptcy court authorizing -- but not requiring -- refunds to customers holding unusable tickets, if there is money available and if the airline's managers chose to do so. So if you have tickets on Independence Air for future travel, and it's too late (more than 60 days after the purchase) for a credit card chargeback, run -- do not walk -- to request a refund, before the money runs out.

A few Independence Air employees have been kept on to carry out the liquidation, and to protect the value of the assets in its possession -- such as leased airplanes -- until their sale or return to their owners.

Not surprisingly, given that passengers weren't represented at the bankruptcy hearing, no such concern was shown for passegenrs' property, such as misdirected and delayed baggage, in the airline's possession after its final flights.

A reader sent this account of the scene at Independence Air's erstwhile hub, Dulles Airport near Washington, DC, the day after its final flight:

After FLYi misplaced five pieces of our luggage on Thursday (shutdown day) I returned to Dulles yesterday (Friday, 6 Jan.) to get it. I found a locked baggage office, no one available at FLYi terminals or check-in counters, and piles of luggage in front of the United Airlines baggage office. Other airline baggage personnel told me they had collectively stacked this luggage when Independence people left their jobs, and piles of unattended luggage, Thursday evening.

Risking arrest, I eventually got one of the FLYi shutdown staff from a back office to let me into their luggage room. I found a pile of FedEx forms on the desk, but the FLYi employee told me the baggage people worked only a couple hours in the morning, shipped (only) SEVEN pieces by FedEx, and would not ship more. There were perhaps 20 more pieces in the room (including a few of mine). He said these would be "returned to headquarters."

I searched thru the piles at United without finding mine but saw pieces with Independence tags.

Bottom line is that people's luggage stranded at Dulles will probably go to the dump (certainly after being scavenged) unless owners go there and get it. This could be true at other FlyI destinations as well.

BTW, the FLYi employee who FedEx'd the seven bags said he kept no receipts.... Also, FLYi's hardcopies of luggage claims were collected alongside other things headed for the dumpster.

L.A. Times on airline vouchers

Sometimes, those airline vouchers are like a lump of coal (Jane Engle, Los Angeles Times Sunday travel section, 25 December 2005):

If you get bumped off your flight, help might -- or might not -- be at hand. As always, the devil is in the details.

Home for the holidays? If the past is any guide, some fliers won't make it because blizzards or other emergencies grounded their jet-fueled sleighs or because overbooking bumped them from their flights.

Many of these strandees will garner goodies for their troubles: airline vouchers for free seats, hotels, meals and more.

But you'd better watch out for the fine print. Otherwise you'd better not pout if you don't get what you want....

That's because vouchers nearly always carry restrictions.

You may have to redeem flight coupons in person or by phone, incurring a fee. Or they may be good only for certain fares or categories of seats. They may expire after a year. A hotel may refuse to accept a voucher or, especially during weather delays, run out of rooms.

"Vouchers often aren't worth what they seem at first glance," said Edward Hasbrouck, the author of "The Practical Nomad" books who works with Airtreks .com , a San Francisco-based travel agency.

You may be better off bargaining for cash, experts say — if you can get it.

And bargain you will, under a curiously unregulated free-for-all bidding that airlines employ to entice you to relinquish your seat on overbooked flights. Negotiating for a hotel or meal voucher if your flight is delayed by weather or other causes — not a given — is equally unregulated...

Hasbrouck agreed that it's usually better to go for the cash than the ticket voucher because at least you have something in hand. Don't expect to get more than $400 on a domestic flight, though, because that's the most the airline may owe a bumped passenger under DOT rules.

Beyond that, it's all negotiable. Seats on long or infrequent flights may be worth more. Hasbrouck said he once saw a passenger awarded $300 plus a hotel voucher plus a business-class seat for being bumped from a flight from Kuala Lumpur, Malaysia, to Los Angeles.

A caution for the holidays: Don't be too eager to give up your seat. Full flights may mean you won't get to your destination in time.

Before taking a flight voucher, ask these questions:

• What type is it? Most coupons have a dollar limit, but some may be good for any flight, with a few restrictions.
• When does it expire? A year is typical. Pin it down: Do you need to book by then? Travel by then?
• How do you redeem it? Ideally, you can do it online for free. If not, ask for extra money to cover the $10 or $15 fee that is typically charged when you book by phone or in person.
• Is it subject to blackout dates or other restrictions? If so, you may not be able to use it when you want.
• Is it transferable? That is, can anyone use it, or just you?

Friday the 13th?

I've run into far more complications than I expected in moving my Web site, and may be moving it yet again, but things are (mostly) working. If you find any bugs,or haven't gotten a response to a recent e-mail message, please let me know about them.

I hope to catch up on a backlog of news in the next few days.