The Consumer Travel Alliance feels that this effort is a step in the right direction for airport and airline security. Unlike the whole-body scanners that have not been fully tested, that admittedly cannot detect many explosives in powder form or when hidden in body cavities, and that subject Americans to the indignity of a virtual strip search, ETD provides an acceptable layer of security. It is focused on explosives, it has been tested extensively over years of use, and the method is non-invasive, protecting personal dignity.

The Consumer Travel Alliance emphasizes that this security procedure and the others utilized at airports are not the first line of defense against terrorist activity. The real guts and focus of our nation’s antiterrorist activities must be intelligence gathering and effective coordination between agencies responsible for updating and maintaining our terrorist watchlist.

Policies must be put in place to deal quickly with false positives such as from passengers who may have been fertilizing their lawn or planting shrubs prior to arriving at the airport; for anyone legitimately engaged in hunting, shooting activities or simply striking matches; for anyone taking nitroglycerin
for medical purposes or working with explosives. These are all know to produce false positives. Even a very small percentage of false positives will create a negative perception of these new security procedure.

With all of the privacy concerns being registered regarding the whole-body scanners, we don’t even know if the machines work … we’re just taking the Transportation Security Administration’s (TSA’s) word. And TSA doesn’t really know if these scanners really work and can’t be circumvented.

What we have here, based on fairly basic research, is an expensive new whole-body scanner technology being deployed nationwide by TSA over the howls of numerous privacy groups, without independent testing, using the manufacturers’ claims, all being lead by the former head of the Department of Homeland Security saying, basically, trust us.
(more…)

During a House Committee on Science and Technology, Subcommittee on Technology and innovation hearing last week, Homeland Security Undersecretary Brad Buswell and Dr. Penrose Albright, Principal Associate Director for Global Security at the Livermore National Laboratory, noted that full-blown studies to create what amounts to an artificial dog’s nose are funded and underway.

The dog’s nose is the Holy Grail for bomb detection.
(more…)

Yesterday, the House Science and Technology Committee, Subcommittee on Technology and Innovation held hearings about airport screening research and development. Chaired by David Wu (D-OR), the subcommittee surprisingly focused on passenger acceptance of the of the new technology rather than on technologies themselves.
(more…)

The Obama Administration announced their fiscal year 2010 budget proposal today. Under the administration’s proposal for DHS appropriations, the TSA’s annual budget would increase by more than a billion dollars from 2009 to 2011, with most of that going toward the purchase of “up to 1,000″ new virtual strip-search (”Whole Body Imaging” or, in the latest euphemistic language of the budget, “Advanced Imaging Technology”) machines.
(more…)

Originally published by Edward Hasbrouck on PapersPlease.org.

Already this week the TSA was caught in a lie about what it likes to call whole body imaging (virtual strip search) machines, when the Electronic Privacy Information Center (EPIC) obtained documents showing that, despite TSA claims that “this state-of-the-art technology cannot store, print, transmit or save the image,” the TSA actually requires all of these capabilities — image storage, printing, and transmission — as part of the contract specifications for the body scanners.

But the TSA can’t seem to keep their nose from growing: the post in their official propaganda blog responding to EPIC’s analysis of TSA documents contains even more lies about what they see when they look under your clothes with these machines.

According to the TSA blog, “Below, you will see accurate examples of what our officers see while using advanced imaging technology. Anything else you see is inaccurate.”

Above, we’ve linked directly to the images on the TSA website, exactly as sized and posted by them.

In fact, it’s the images posted by the TSA that are inaccurate and misleading. The actual images seen by the people in the back room (they watch you through your clothes, but you can’t watch them) are: (1) full-screen, not thumbnail-sized like those the TSA posted in their blog, (2) higher-resolution than those on the TSA blog, and (3) capable of being zoomed even larger, on the actual TSA displays, using the magnifying-glass tool in the lower right corner of the TSA-provided thumbnails.

Accurate images are visible in the video below (although even if you click through to the full-screen version the video doesn’t have as high resolution as the displays used by the TSA, especially when they zoom in on areas of the body that attract their interest):

Note also that the video clearly demonstrates that the TSA policy for pat-down searches to be performed by a person of the same gender won’t be applied to the virtual strip-searchers.

EPIC has now filed another FOIA lawsuit against the TSA for failing to disclose what the images look like. Notably, the EPIC complaint filed in court today confirms that our experience with the ongoing TSA FOIA black hole wasn’t an isolated incident. EPIC’s request for expedited FOIA processing was made on July 2, 2009 — more than six months ago — and referred to the TSA by the DHS on July 16, 2009. On July 31, 2009, EPIC filed an administrative appeal of the constructive denial of its request. An expedited request should have been acted on within 10 days, and an appeal within twenty days. But to date, according to the complaint, the TSA has made no response whatsoever to either the request or the appeal. In our experience, this is typical of the TSA’S complete contempt for the FOIA law.

We aren’t reassured by the TSA’s further claim in the same blog post that, “These machines are not networked, so they cannot be hacked.” Apparently they’ve never heard of an inside job, or anyone hacking a computer from the keyboard. (Security hint to the TSA: The keyboard is the easy way way, compared to having to carry out an attack over a network.) That just reconfirms that the TSA’s threat model is grossly deficient and that they aren’t really even trying to rein in the temptations (can you say, “naked celebrity pix”?) that the virtual strip-searchers inevitably will face.

Finally, the TSA is still saying that “Use of advanced imaging technology is optional to all passengers.” What they don’t say is that your other “option” will be to submit to a full manual pat-down, regardless of whether you would have set off the metal detector. So if the alternative to a virtual strip-search is a non-virtual strip search, can someone explain to us how that’s a “choice” that should make us more willing to submit to either option?

If we have to be exposed to the TSA, maybe we should just expose ourselves when we get to the airport.

P.S. We forgot to mention the TSA claim that no 8-year-old is on the no-fly list, debunked today in the New York Times. Maybe 8-year-old Mikey Hicks isn’t on a watch list, but his name is, and the effect is the same: He can’t fly without getting the 3rd degree. What did that entail? We can’t show you. The TSA demands the right to look (and feel) under your clothes, but they wouldn’t let Mikey’s mother take pictures of how he was frisked.

I listened attentively to President Obama’s presentation and the discussions with Janet Napolitano, Director of Homeland Security, yesterday and sadly, I heard no different rhetoric. This speech by President Obama could have been delivered by President Bush, however, Bush would have thrown the word “terrorism” into the mix.

Americans have heard the same speeches coupled with the same knee-jerk band-aid responses that won’t make anyone safer, but will complicate travel.
(more…)

This post was first published by Edward Hasbrouck on www.papersplease.org.

There are no legally binding rules (other than those provided by the federal Privacy Act, the U.S. Constitution, and international human rights treaties, all of which the TSA routinely ignores) specifying the limits of TSA authority at checkpoints, what you do and don’t have to do, and which questions you have to answer or orders you have to obey.

So the traveling public, and public interest organizations like the Identity Project with which I work as a consultant on travel-related civil liberties issues, have been reduced to trying deduce the de facto “rules” from the TSA’s internal procedures manuals and directives to its staff, using the Freedom of Information Act (FOIA) — to the extent that we’ve been able to find out what documents to ask for by name, and that the TSA has been willing to release them, usually in incomplete and censored (“redacted”) form.

Now the TSA has done travelers a favor by posting an unredacted version of the document of which only portions of an earlier version were previously released in response to our FOIA requests, and the complete current version of which is the subject of one of our current FOIA requests: the TSA’s “Screening Management Standard Operating Procedures (SOP)”.

In posting the document on a federal government website (fbo.gov, for “Federal Business Opportunities”) as part of the public specifications for bidders on a TSA contract, the TSA added red outlines highlighting certain portions of the PDF document, and coded black rectangles to overlay them as a separate layer of the PDF file. But they left the complete text and images unredacted, so that they could be selected, cut, and pasted into a text editor from any PDF reading software. The Identity Project has posted a copy with the black blocks removed, but the red highlights and everything else retained, so you can see what portions the TSA might have been trying (ineptly) to hide. (Despite false TSA claims that it “was immediately taken down from the Web site”, as of yesterday the original version was still available on the same government site, although at a slightly more obscure URL.)

If, like me, you were hoping to learn the non-rules for TSA checkpoints and “screening” (search and interrogation), the Screening Management SOP is disappointing. It’s mostly about bureaucratic procedures for checkpoint supervisors. There’s been a lot of excessive commotion about whether its posting was a security breach or provides a “road map for terrorists” (it doesn’t), but little attention is being paid to some more significant things it reveals.

Here’s what I and the Identity Project think is really significant about this document, and its release, and what we’re doing next:

1. Little, if anything, in the Secreening Management SOP is really so sensitive as to justify withholding it from the public, particularly when disclosure is specifically requested under FOIA (as it has been by the Identity Project). Because the unredacted version posted by the TSA includes the portion provided (in more effectively redacted form) in response to our previous FOIA request, it’s possible to see exactly what was withhold. Here are those pages, dealing with ID checking, as posted on fbo.gov and as provided in response to our previous FOIA request. Among the more obvious redactions, for example the TSA blacked out the phrase “appears to be tampered with” from the sentence, “If the ID lacks the required Federal, State, or local government, airport, or aircraft operator ultraviolet or micro printing security features, contains inkjet dots, or appears to be tampered with, the ID is suspect.” Would any terrorist likely to be successful in bypassing TSA security really be surprised, or benefit in planning their attack, to learn that TSA agents are instructed to be suspicious of documents that appear to be tampered with? We think not. Most of the other attempted redactions similarly fall short of the criteria for exemption from disclosure in response to FOIA requests, and call into serious question whether the TSA is complying with FOIA. We look forward to receiving a similarly complete and unredacted copy of the latest version of the Screening Management SOP and its updates in response to our current request. The TSA is still sending FOIA requests into a black hole, denied our request for expedited processing and denied our appeal of that denial, and has failed to respond by the deadline for even a non-expedited request. We’ve now appealed that “constructive denial” of our request. (Ironically in light of the fact that they had already posted it themselves on the Web, one of the reasons the TSA gave for denying our request for expedited processing was that even in whatever redacted form they might release it, “The Screening SOP … cannot be posted on your website for public viewing as you intend.”) The TSA is required to act on this appeal, and to produce the documents we originally requested, within 20 business days, or we will have exhausted our administrative remedies and be entitled to file suit for violation of FOIA and to force them to release the documents.
2. The procedures are blatantly discriminatory and in apparent violation of Federal law, the U.S. Constitution, and Article 12 of the International Covenant on Civil and Political Rights (ICCPR), a treaty ratified by and binding on the USA. One of the portions the TSA tried to hide is as follows: “If the individual’s photo ID is a passport issued by the Government of Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen, or Algeria, refer the individual for selectee screening unless the individual has been exempted from selectee screening by the FSD [Federal Security Director, i.e. most senior TSA supervisor for the airport] or aircraft operator.” Some discrimination at borders and against foreigners based on national origin may be legal, if reprehensible, under U.S. law (although it may not satisfy the standards for compliance with the ICCPR), but as applied to dual U.S. citizens or to permanent U.S. residents (green-card holders) from these countries traveling within the USA, this practice clearly constitutes illegal discrimination on the basis of national origin, which the TSA specifically claims not to engage in. Of course, disclosing this will do nothing to “aid terrorists”, since citizens of these countries already know that they are routinely and systematically “selected” for more intrusive interrogation and search on the basis of their national origin. We look forward to seeing both private litigation and internal government enforcement action by the DHS Office of the Inspector General and TSA Office of Civil Rights and Liberties against the TSA and the officials responsible for these clearly illegal and blatantly discriminatory procedures.
3. The Screening Management SOP for TSA supervisors reveals the existence of separate “Checkpoint Screening” and “Checked Baggage Screening” SOPs for front-line screeners, TSA screening FAQs, and several other related documents we didn’t know about before. We’ve immediately filed a new FOIA request for these additional documents, and will of course post whatever we receive in response on the Identity Project website at PapersPlease.org.
4. The TSA is claiming that “The version of the document that was posted was neither implemented nor issued to the workforce. In fact, there have been six newer versions of the document since this version was drafted.” But a side by side comparison of the comparable portion of this version with the excerpt provided to the Identity Project in response to our previous FOIA request shows that while the pagination differs slightly, the version number, date, and text are identical. And the version on fbo.gov was part of a legally-mandated process for ensuring a fair and open competition among potential bidders for TSA contracts. We didn’t ask for any specific version, and the TSA disclosed this one to us in January 2009, and posted it on fbo.gov in March 2009. Why did the TSA post this version, or provide it to us, if if had never been implemented and had already been revised? Were they trying to mislead potential bidders, mislead us, mislead the public, or all of the above? And were the TSA FOIA staff who sent us this version aware of the attempt at deception in which they were playing a part? Or was this version actually implemented, at least at one time, and the TSA is lying in its latest press releases about what happened? We hope to find out more as soon as the TSA provides us with the current version, including all updates, in response to our latest pending FOIA appeal of their failure to act on our request.

Originally published by Edward Hasbrouck on his blog.

The Consumer Travel Alliance, the Consumer Federation of America, and the Center for Financial Privacy and Human Rights have joined me in comments filed today with the Federal Trade Commission asking the FTC to “include the category of travel data in your agenda for action to protect the privacy of information concerning consumers.” According to our comments:

Personally identifiable information about consumers collected in relation to their reservation, purchase, and use of transportation and travel services is one of the the largest, most sensitive, most intimately revealing, most systematically computerized, most widely dispersed, most globally accessible, and most potentially subject to abuse categories of consumer data. But unlike other categories of consumer data recognized as having special characteristics that warrant special protections and special regulatory attention, there is no sector-specific privacy legislation applicable to travel data in the USA.

This is the first time that national consumer and privacy organizations have explicitly called for recognition of personal information about our travel as a category of consumer data deserving of greater attention and protection. While most of the discussion about travel data since 11 September 2001 has concerned its use by governments, I actually first began working on travel privacy as a consumer privacy issue. That’s the context in which I discussed it The Practical Nomad: How to Travel Around the World (published in February 2001) and in my warnings about what might happen to these commercial records in the event of bankruptcies of travel companies. And I remain at least as concerned about misuse of travel records by commercial entities as by governments.

The consumer and privacy organization join me in calling for a coordinated approach to ensure that travel data privacy doesn’t continue to “fall… through the jurisdictional cracks between multiple … agencies.” We outline the privacy threats posed by the ways travel data is stored, disseminated, and used, and the ways that consumers’ expectations of privacy are routinely violated both by travel industry business practices and by current laws and regulations. And we list some of the most important first steps to protect travellers’ privacy, including:

* Clarification of privacy jurisdiction and harmonization of privacy rules, particularly between the FTC and the Department of Transportation regarding the privacy policies and tariffs of common carriers (airlines, Amtrak, buses, ferries, mass transit operators, etc.).
* Protection of personal information provided to travel companies in response to government orders, or as a condition of transportation on Federally-licensed common carriers.
* Protection of personal information in mixed systems of government data, common-carrier data, and other commercial travel data.
* Reform of the bankruptcy laws to protect personal information (including travel records) from being sold without consumers’ consent.
* Reform of the counter-factual legal assumptions in US contract law as to what uses of travel and other data by commercial entities consumers intend to authorize.
* Protection of travel information stored, transmitted, aggregated, and provided to governments and third parties by Computerized Reservation Systems (CRS’s), also known as Global Distribution Systems (GDS’s): “The FTC can and should tackle the privacy problems of CRS’s/GDS’s immediately.”

No one likes to sit near someone with the sniffles or a cough on the plane, but what about the very real prospect of your seatmate having swine flu? If current airline policies continue, those who have flu-like symptoms and heed the Centers for Disease Control warning to “stay home and avoid travel for 7 days” will face hundreds of dollars in airline fees and penalties. How many will still fly despite their illness and the chance of spreading it?

An unprecedented national effort is being waged to limit the impact and spread of the H1N1 flu (swine flu) virus. Millions of vaccine doses are now being distributed across the country, health care workers are being inoculated en masse, government workers have new medical leave policies, schools are being closed and the head of the Centers for Disease Control (CDC) warned, “We have not had a flu season like this in at least 50 years.”

Neither the airlines nor the Department of Transportation (DOT) have made a meaningful response to this pandemic as it sweeps the country. Basic common sense tells us that airplane flights — putting large groups of people in a small, contained space — will facilitate the spread of this virus.

So far, the airline industry’s sole response has been to remove pillows and blankets from many aircraft. Plus, spokespersons for the airlines have said, “If you are sick, stay home.” Yet, our airlines are actually punishing passengers who choose to not fly when infected. The airlines can and should change policy to help slow the spread of H1N1.

Airline passengers have to pay change fees of as much as $150 for domestic flights and $250 for international flights when they opt to change a flight. Then, they are required by the airlines to pay the difference between the original price paid for their flight and the current airline price. (When comparing the cost of an advanced-purchase ticket with the cost of a flight leaving next week, that difference can be dramatic. In fact, it can be up to four times as much or more.)

Getting more people with flu symptoms to comply with the CDC’s suggestion about travel when ill with the flu would be greatly facilitated by the airlines allowing passengers with a health professional’s letter indicating that they have or may have H1N1 to be allowed to reschedule their trip at no additional cost.

Just think of the difference airlines could make in limiting the spread of H1N1 by being proactive and making these changes immediately. But, absent any changes in policy by the airlines, the DOT, in consultation with the CDC, should get in gear and mandate that the airlines eliminate their change and cancellation rules that punish passengers for being good citizens.

During this flu season, swine flu shouldn’t fly. Dropping the airline penalties will help make this happen.