Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
The Airlines' Other Busy Day
Yap back on the case?
Testing, Testing. Is this Test on?
Shorter WaPo
My Porn Has a Little Machine
Even the folks who make 'em hate 'em
Secret Law News
The Conversation
Richard Clarke Briefing Finally De-Classified
Reporters Committee Rates Alberto Gonzales
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
November 2004 Archives « October 2004 | Main | December 2004 »
November 24, 2004 | The Airlines' Other Busy Day

All 72 domestic airlines complied with a government order and turned over a month's worth of passenger data to the Transportation Security Administration on Tuesday.

The agency wants the records -- which can include credit card numbers, phone numbers and health information -- to test a system called Secure Flight. Currently, passengers are screened by the airlines, which check itineraries against a set of watch lists provided by the government. The TSA hopes to reduce the number of people flagged incorrectly by performing the checks itself using an expanded, centralized terrorist watch list.

Privacy advocates contend that the list-based system is ineffective and that passengers with names similar to suspected terrorists would still be snagged under the new system.

The TSA plans to evaluate the system over the next 90 days in hopes of rolling out the system in the spring.

The full story is here at Wired News.

One of the frustrations of writing news is that you know a lot more than you have space to print.

From the end of the article:

This is not the first time airlines have turned over passenger data to help test an antiterrorism screening system, but it is the first time that the transfers were not secret.

Following successive revelations that JetBlue Airways and American Airlines had secretly turned over passenger data to the government or its contractors, TSA chief Adm. David Stone told Congress in June that five of the nation's largest airlines and two airline reservation centers turned over sensitive passenger data to TSA contractors in 2002.

Those revelations led the TSA to cancel CAPPS II, Secure Flight's more ambitious predecessor.

...

The TSA wanted to use commercial databases to verify passenger identities in the test phase, but Congress blocked it from doing so until the GAO certifies that passenger privacy will be protected.

Two Homeland Security investigations of the earlier data transfers' legality are still ongoing, including one by the department's Inspector General Clark Kent Irvin, who has been one of the TSA's harshest critics.

Two things here. It is unlikely that the TSA will be able to use databases run by Acxiom or Lexis-Nexis to verify identities during the test phase, since the GAO has not started certifying the privacy protections.

And two, Irvin's report will likely be out at the end of December.

As noted here, I've been impressed by Irvin's work as Inspector General.

Here's three grafs that got cut from the end of my story:

Irvin's report is likely to come out sometime within the testing period. The report should have come first, according to Lee Tien, an attorney for the Electronic Frontier Foundation. "There are so many questions about the old transfers that it is amazing to me the government can collect this new data knowing it made so many mistakes in the past," Tien said. "And yet, they are going forward as if nothing happened."
And finally, the TSA (via the Homeland Security privacy office) has still not released documents about CAPPS II, CAPPS II contractors and the possibly illegal data transfers. I filed those Freedom Of Informatioin Act requests over a year ago and received "expedited processing." I'm afraid to know when I would have gotten them if I had not gotten such preferential treatment.


Posted by Ryan Singel at 01:51 PM | TrackBack

November 22, 2004 | Yap back on the case?

I just got another piece of spam Sunday, courtesy of the fine folks at Gratis Internet -- better known to the world as the people who brought the free ipods pyramid scheme to the Internet.

Actually it was not directly from them.

It came from these spammers, who do business as Clear Cool Water and Aim High Solutions.

The funny thing about this email is that it advertises the free ipods site.

Why is that funny?

As you may remember, I signed up with FreeIpods.com to see how the offer worked. I then tried to opt out of their marketing campaign. Gratis Internet's founders Peter Martin and Robert Jewell promised online that they would never sell or share customers' names or email addresses, only that the company would send email on behalf of other companies.

So after I opted out, the emails did not stop. So I contacted TrustE, which certifies Gratis Internet's privacy policy.

TrustE's intrepid Alex Yap took my case on. Many of you are familiar with Mr. Yap's prowess and know that no one is feared more in the spamming community than Senior Compliance Analyst Yap (Elliot Spitzer and Bill Lockyer got nothing on the Yapster, as we like to call him around here.)

Yapster looked into my case and totally made Free Ipods "strengthen and clarify their privacy statement." Damn how that must have hurt.

Now seeing how Yap straightened those guys out, I know he wants to figure out how these other spammers got a hold of Gratis Internet's email list.

Hell, I bet even Robert Jewell wants to know how this other company got his email list, since surely he did not sell it or give it to them in violation of his privacy policy.

But now I have a clue for Yap. See the email advertising the free ipods pyramid scheme sends me to a link that sends me to a link that finally sends me to a link to freeipods.com, but with an affiliate number (P=186) tacked on to the end of the URL. That number makes sure the spammer can get paid from Gratis Internet.

That means, the thief is known to Gratis and Yap can solve this case in two clicks of an optical mouse!

I called Mr. Jewell to let him know I found the thief, but he has yet to return my call. Anyone who wants to help me let him know about the theft can try calling or emailing him (202-595-9123 ext.712. or rob@gratisinternet.com).

I've no doubt Alexander Yap will certainly be on this (if he isn't already!!) and will be sending these spammers to the taxidermist by EOBD.

Posted by Ryan Singel at 10:40 AM | TrackBack

November 19, 2004 | Testing, Testing. Is this Test on?

Secure Flight has not even been test flown yet, and already the Europeans and the ACLU are questioning it.

That's to be expected, of course, but even the airlines are still pondering their options, even though they only have until Tuesday to turn over their passenger databases to the TSA.

Mostly the airlines are worried about bad publicity and having to pay to integrate their databases with the governments.

It's no small IT task. There are approximately 2 million passenger trips a day domestically and people have to be cleared at the last minute if they purchase a ticket at the counter. How will this be resolved? Your guess is as good as mine at this point.

It also remains very unclear from the TSA's explanations of how the centralizing of the check will actually reduce the number of false positives.

The only way that could work is if 1) they get more biographic information from a potential traveler and 2) have a way to verify that information.

Leslie Miller of the AP has the latest.

Posted by Ryan Singel at 06:49 PM | TrackBack

November 19, 2004 | Shorter WaPo

This guy just told Milbank, Pincus, O'Harrow and Priest to write shorter stories.

Washington Post Executive Editor Leonard Downie Jr. (that guy), also promoted Philip Bennett, assistant managing editor for foreign news to the paper's No. 2 position earlier this month.

In an effort to win new readers, Downie said Post reporters will be required to write shorter stories. The paper's design and copy editors will be given more authority to make room for more photographs and graphics.

The paper will undergo a redesign to make it easier for readers to find stories. It is considering filling the left-hand column of the front page with keys to stories elsewhere in the paper and other information readers say they want from the paper, which they often consider "too often too dull," Downie said.

"Newspapers should be fun and it should be fun to work at one," Bennett said.

That's according to Frank Ahrens story in the Washington Post today.

Ahrens would have added that Downie and Bennett's drive to turn the best newspaper in the country into a tabloid with pop-up diagrams and scratch-and-sniff restaurant reviews comes at a particulalry precipitous moment for journalism and the country, but his piece was edited for length by a copy editor, who, to Bennett's credit, was definitely having a lot of fun at work yesterday.

Posted by Ryan Singel at 02:49 PM | TrackBack

November 19, 2004 | My Porn Has a Little Machine

The Internet is creating a generation of porn addicts, who will stop at nothing to get their fix-on.

That according to a Senate hearing I wrote about for today's Wired News (though the story came out late, entirely due to my negligence).

"The internet is a perfect drug delivery system because you are anonymous, aroused and have role models for these behaviors," Layden said. "To have drug pumped into your house 24/7, free, and children know how to use it better than grown-ups know how to use it -- it's a perfect delivery system if we want to have a whole generation of young addicts who will never have the drug out of their mind."

Pornography addicts have a more difficult time recovering from their addiction than cocaine addicts, since coke users can get the drug out of their system, but pornographic images stay in the brain forever, Layden said.

Jeffrey Satinover, a psychiatrist and advisor to the National Association for Research and Therapy of Homosexuality echoed Layden's concern about the internet and the somatic effects of pornography.

"Pornography really does, unlike other addictions, biologically cause direct release of the most perfect addictive substance," Satinover said. "That is, it causes masturbation, which causes release of the naturally occurring opioids. It does what heroin can't do, in effect."

The internet is dangerous because it removes the inefficiency in the delivery of pornography, making porn much more ubiquitous than in the days when guys in trench coats would sell nudie postcards, Satinover said.

Full story here.

There's no doubt the Internet has revolutionized the distribution of porn or "erototoxins."

My friend Craig used some of his salary back in the dot.com days to buy himself his first new computer, but laughingly called it his "porn machine."

But should we really be talking about "pornography addiction" or is it simply a subset of compulsive/obsessive disorders?

Here's what the gracious Ms. Carol Queen of Good Vibrations had to say:

Many psychologists and most sexologists find the concepts of sex and pornography addiction problematic, said Carol Queen, staff sexologist for the San Francisco-based, woman-owned Good Vibrations.

Queen questioned the validity of the panel for not including anyone who thinks "pornography is not particularly problematic in most people's lives."

Queen acknowledges she can name people who have compulsive and destructive behavior centered on pornography, but argues that can happen with other activities, such as gambling and shopping.

Queen also criticized the methodology behind research showing that pornography stimulates the brain like drugs do, saying the research needs to take into account how sex itself stimulates the brain.

"There's no doubt the brain lights up when sexually aroused," Queen said.

Queen too would like to see more money devoted to research on sex, but thinks it is unlikely that researchers on either side of the divide are likely to receive large grants any time soon.

UPDATE:

The FinkFile has more on erototoxins.

Posted by Ryan Singel at 12:22 PM | TrackBack

November 19, 2004 | Even the folks who make 'em hate 'em

The government's plan to issue passports with RFID chips in them has drawn the ire of privacy advocates (see my Wired News story here) for lax security and now even one of the companies involved admits the standards being used are woefully inadequate, according to this article by AP reporter, Ellen Simon.

On the latest passports, the agency has "taken a 'keep it simple' approach, which, unfortunately, really disregards a basic privacy approach and leaves out the basic security methods we would have expected to have been incorporated for the security of the documents," said Neville Pattinson, an executive at Axalto North America, which is working on a prototype U.S. electronic passport.

Can anyone with some smarts spy on your unencrypted passport? Pattinson says yes.

Under the standards, information on the chip could be picked up by someone who wires a briefcase with a reader, then swings it within inches of a passports, Pattinson said. Over a greater distance, an interloper could eavesdrop on border control devices reading the passports, he said.

"There's no security built into it," said Barry Steinhardt, director of the technology and liberty program, at the American Civil Liberties Union. "This will enable identity theft and put Americans at some risk when they travel internationally."

And of course, the funniest thing in the whole sad business is that those who are unlucky enough to get one of these passports but wants to protect their privacy would do well to take the tin-foil hat off their head and put it on their passport.

One rudimentary way to protect electronic passports from identity thieves is to wrap them in tinfoil, which blocks radio waves. A single size Doritos bag would do the trick. Protecting border control agents' readers with a metal shield would protect against eavesdropping.

The International Civil Aviation Organization and State Department say they're looking at more organized methods.

The State Department won't start issuing these to regular Joes and Janes until sometime next year. I for one plan to get a new passport before then and that sucker will remain valid for another ten years. And it doesn't need a tin-foil hat.

Posted by Ryan Singel at 12:07 PM | Comments (1) | TrackBack

November 19, 2004 | Secret Law News

Stephen Aftergood, the seemingly indefatigable researcher behind the Secrecy Project at the Federation of American Scientists, has a fantastic piece in Slate today about secret laws and the Transportation Security Administration.

I've written about the abuse of the "Sensitive Security Information" designation here on this blog and for Wired News, mainly in regards to John Gilmore's legal challenge to the airline identification requirement. (Exhibit A, B, C.

Aftergood lays out how this abuse got started with a "little-noticed passage in the Homeland Security Act of 2002 expanded the scope of SSIs to prohibit disclosure of information that 'would be detrimental to the security of transportation.' This change in wording ushered in an expansive new interpretation of SSI. A May 2004 Federal Register notice spelled out 16 categories of information that may now be designated as SSI. These include not only airport security plans (as before) and threat assessments, but also records of security inspections and investigations, names of security personnel, and training materials. More problematically, "security directives" such as the one that Chenoweth-Hage requested are exempt. And for good measure, the 16th category is a catch-all exemption for "other information" that TSA may at its discretion determine should be withheld."

The government continues to contend that they do not have to reveal the rule requiring airlines to ask for identification, since that would reveal a law enforcement technique designed to stop hijackings.

That's akin to not telling visitors to the United States that they need a visa and a passport, because those are law enforcement techniques designed to stop illegal immigration.

Difference there is that this is your government refusing to admit what you already know. If you want to fly, you better bring identification or be prepared to spend a couple of hours being searched and trying to talk your way on to a plane/

Additionally, the government argues that citizens have to lodge challenges to any security directives in the appeals court, not the district court. What that means, is that there can be no finding of fact. You challenge the rule, the government maybe shows the rule to the judge (but not you), and then the judge rules. You can't bring in evidence or engage in discovery. That's a sham.

Not only that it is flatly absurd, unbecoming of a democracy and an abuse of the SSI designation. Folks in the government know that as well, but they won't say it publicly.

They should start speaking out.

Secret law is dangerous, regardless of what you think of the validity or usefulness of the hidden law.

Posted by Ryan Singel at 11:52 AM | TrackBack

November 17, 2004 | The Conversation

Over at the redesigned Defense Tech, SSN pal Noah Shachtman recently wrote about the Army's new counter-insurgency field manual.

That led to a wooly discussion in the new forums (the old version of Defense Tech did not have comments). The back and forth included comments from the manual's author, Jan Horvath.

Which in turn led to this cool online interview about the manual's relevance to Fallujah.

Once again, congrats to Noah on the new site.

And hail to the richness of the blog world, which I have long lurked in, but only recently fully joined.

Posted by Ryan Singel at 11:15 PM | TrackBack

November 17, 2004 | Richard Clarke Briefing Finally De-Classified

As some might recall, a number of senators criticized Richard Clarke after his public testimony before the 9/11 Commission, saying he was contra.

From a Knight Ridder story in April:

Don't expect to read anytime soon what Richard Clarke said two years ago about the Bush administration's efforts against terrorism, despite Republican requests to declassify his testimony in an effort to discredit him.

Behind closed doors Clarke gave an exhaustive, 10-year overview of counterterrorism with details, names and other sensitive information that the CIA and White House have consistently refused to release, say three people who heard the testimony or read it later.

"Knowing what he said, it's going to be very difficult to declassify much of that testimony," said Eleanor Hill, staff director of the congressional investigation into the Sept. 11, 2001, attacks.

On June 11, 2002, Clarke was the leadoff witness before the joint inquiry on Capitol Hill. His testimony took six hours and filled 191 pages.

Republicans complain that Clarke's testimony then is very different from his recent criticism that Bush did not focus on terrorism before the Sept. 11 attacks. Some Democrats who have read both see no inconsistencies.

At the time of his public testimony, he had already resigned from the National Security Council and he was harshly critical of the Bush Administration's handling of anti-terrorism prior to 9/11.

He took much heat after Fox News released a Bush Administratioin anti-terrorism backgrounder he had given to reporters, which many said contradicted his sworn testimony.

That release gave credence to charges by Republican senators, including Senate Majority Leader Bill Frist (R-Tennessee), that Clarke's public testimony was far different from the private briefing given to the first investigation of 9/11, which was undertaken by the Select Committee on Intelligence.

That, however, could not be verified since the testimony was never declassified and made public.

According to OMB Watch, the testimony was declassified in June 2004, but Senate Select Intelligence Chairman Pat Roberts (R-Kansas) blocked its release.

That has changed.

The testimony is here (.pdf).

Having just speed-read the document, a few things about possible contradictions come to mind.

Clarke gave this briefing as a member of the executive branch. He defends the actions taken by the NSC and the deputies committee in 2001. One could hardly expect an employee of the executive branch to say anything differently to Congress.

But notably, he does not defend the Bush administration vociferously -- nor is he questioned very closely about it.

But when talking about the Clinton administration, he has little but praise for the executive branch:

If 9/11 hadn't happened, I think historians could go back - historians in the year 2020 could go back and look at what the Clinton administration did in 1998 and 1999 and 2000 and say, boy, were those guys overreacting.

In hindsight, you can seeds of his later testimony.

I'm sure that others will take this up in much more detail (and a lot more vinegar).

But his testimony is fascinating and if you have the time, it is worth reading. There's some great stuff in there about the NSA's collection abilities, about the fights between the CIA and the Pentagon about special forces, about domestic intelligence gathering, about the dangers of Hezebollah and Iran, about the need for a domestic intelligence agency and about rendering and torture of terrorism suspects.

How much of it is true and unbiased? I don't know.

But here's two interesting tidbits:

Senator Bayh: Is there any evidence based upon your experience, Mr. Clarke, linking the Iraqi Government and al Qaeda in any significant way?

Mr. Clarke: No.

and two,

After 9/11 several companies that engage in commercial marketing and commercial marketing databases came to the FBI with information about the hijackers, information that actually amazed the FBI that such information existed, information about how many times they received Federal Express deliveries or United Parcel deliveries, where those deliveries were, where they had account at Mail Boxes, Etc.

It turns out that while the government is not Big Brother, the private sector really is; and the marketing firms, the commercial marketing mail order firms and other credit agencies and related organizations have much more information about us than the government does.

And under the Attorney General guidelines and other rules the Justice Department prohibits, or has until now prohibited, the FBI and other people from accessing that kind of data. And that kind of data - telephone records, credit card records, what deliveries occurred when - does reside in the databases of large commercial enterprises.

Clarke seems to be conflating some kinds of data (I feel fairly certain that marketing firms do not have telephone records -- set me straight if I'm wrong).

He also seems to be overstating the prohibitions on the feds use of data aggregators (which the FBI used way before 9/11). He later goes on to say that prior to 9/11, probable cause is necessary to get this data (which was true for some data for criminal investigations, but the standard was even then much lower for intelligence gathering).

Still, there's much of interest in the badly scanned, but mostly unredacted, document.


Posted by Ryan Singel at 06:16 PM | TrackBack

November 17, 2004 | Reporters Committee Rates Alberto Gonzales

Those who file FOIAs and for those who value transparency/openness in the government should take a quick look at The Reporters Committee for Freedom of the Press's evaluation of the "likely impact of Attorney General nominee Alberto Gonzales on press freedoms and the public's right to know."

What does the group conclude?

On Executive Privilege:

Alberto Gonzales has been an active defender of what is best described as a quasi-executive privilege, invoked repeatedly by the Bush administration in attempts to keep government information from public scrutiny. Gonzales believes that the executive branch's effectiveness hinges on the president's ability to communicate confidentially with his advisers without fear that they will later testify about those conversations.

On the First Amendment:

Online legal research shows that during his brief tenure on the Texas Supreme Court, Gonzales authored some 13 opinions, none of which apparently concerned First Amendment issues. Gonzales joined the majority in upholding the rights of the media -- while in some cases also declining to adopt increased protections recognized in other jurisdictions -- in all four Texas Supreme Court decisions involving free press or freedom of information issues that were published during his tenure.

Gonzales also wrote a lengthy concurring opinion in another First Amendment-related case, in which he explained why punishing the unknowing violation of Texas campaign-spending laws did not offend free speech -- while adding that the laws' "cumbersome and complicated" reporting requirements, if challenged in future cases, might violate the First Amendment.

On Guantanamo detainees:

On Jan. 25, 2002, Gonzales sent President Bush a now infamous memorandum regarding applicability of the 1949 Geneva Conventions prisoner-of-war guidelines to the conflict with al-Qaida and the Taliban.

In the memo -- which was not made public until Newsweek broke a story on it more than two years later -- Gonzales advised Bush that detainees in U.S. custody in Afghanistan and Iraq do not qualify as prisoners of war.

"In my judgment, this new paradigm renders obsolete Geneva's strict limitations on questioning of enemy prisoners and renders quaint some of its provisions," the Gonzales memo reads in part.

On Freedom of Information Act requests:

In October 2001, Attorney General John Ashcroft, following the pattern of previous new administrations, issued a memorandum designed to give guidance to government Freedom of Information Act officers. Gonzales is not likely to revoke or modify the directive.

Although the attorney general typically sets FOI policy for the federal government, the memorandum of guidance has not historically been changed within an administration with a switch in the attorney general. Ashcroft's guidance refuted his predecessor Janet Reno's direction that where discretion could be used agencies should make information available unless they could point to some harm that the disclosure would cause. Ashcroft instead assured agencies that the Justice Department would defend the use of exemptions.

There's much more in the report (including a discussion of Gonzales's involvement in the Valerie Plame investigation), though it is not especially lengthy.

Posted by Ryan Singel at 11:56 AM | TrackBack

November 17, 2004 | RFIDs Are For Kids

A Texas school district is requiring its 28,000 students to wear RFID badges so that the district can track when the kids get on or off school buses, according to Matt Richtel's article in The New York Times. The school system spent $180,000 on the system.

Similar efforts are underway in other school districts, including one in Buffalo, New York using RFID to track student attendance.

Backers say it is for the children.

Advocates of the technology said they did not plan to go that far. But, they said, they do see broader possibilities, such as implanting RFID tags under the skin of children to avoid problems with lost or forgotten tags. More immediately, they said, they could see using the technology to track whether students attend individual classes.

Mr. Weisinger, the head of transportation at Spring, said that, for now, the district could not afford not to put the technology to use. Chief Bragg said the key to catching kidnappers was getting crucial information within two to four hours of a crime - information such as the last place the child was seen.

"We've been fortunate; we haven't had a kidnapping," Mr. Weisinger said. "But if it works one time finding a student who has been kidnapped, then the system has paid for itself."

Actually, the district is not just fortunate for not having a kidnapping -- it is statistically normal.

Kidnappings are rare events, especially those perpetrated by non-family members (at most 300 cases nationwide a year, but I think that number is severely inflated). And nothing in this program will help to stop such kidnappings, since all the badges will do is tell a parent when a child left school or got off a bus.

Every year, about a half a million kids run away and about 125,000 are kicked out of their house.

Somehow that however does not lead to public policy changes (more school therapists and counselors, for one).

Maybe that's because most school counselors are not as sexy as cutting-edge technology to keep the big bad wolf from abducting the cute white blond kid.

Nor do counselors or intervention groups have the side benefit of increasing school administrators' control over their charges.

Posted by Ryan Singel at 09:56 AM | TrackBack

November 16, 2004 | Ridge Resigns?

CNN and others are reporting that Homeland Security Secretary Tom Ridge is resigning.

This would not come as much of a surprise, since there has been talk for a while that he wanted to step down to make more money (if I remember correctly it was something about having two kids in college).

Possible successors include Asa Hutchinson, the Undersecretary for Border and Transportation Security.

Back in the late 1990's when Al Qaeda cells were planning attacks against the country, Hutchinson was a Republican Congressman from Arkansas.

In fact during that time, Hutchinson, a former prosecutor, served as one of the trial managers for Clinton's impeachment in 1999.

From a Washington Post article just prior to the trial in the Senate:

For the most part, the managers tend not to worry about such criticism, serene in their belief that the evidence requires the removal of the president. Indeed, they have delved into the perjury and obstruction-of-justice case against Clinton with vigor.

Hutchinson has mounted a timeline and charts on the walls of his Longworth Building office; he has even interviewed possible witnesses on his own, in the event the Senate ultimately permits live testimony.

In his final statement (all of which were closed to the public until after the voting), Hutchinson said:

It seems to me that throughout this long drama, many have sought to put Ken Starr on trial or the House managers on trial. Was Ken Starr on a vendetta or was he just doing an unpleasant job? Whichever, we have to deal with the facts and the evidence. Did the House managers, as we have heard from the President's counsel so often, 'want to win too much?' Frankly, both sides wanted to win, both sides were fervent in their presentations, and I'm glad we didn't hear half-hearted arguments. A vigorous prosecution and defense is the basis of a successful adversarial system. What we are doing is important.

He simultaneously served on the House Select Committee for Intelligence.

Posted by Ryan Singel at 12:55 PM | TrackBack

November 15, 2004 | We are all Chuck Yeager

On Friday, the TSA sort-of announced that it was going to order the nation's airlines to turn over a month's worth of data to the government so that it could test the newest version of a proposed airline passenger screening system.

The final rule (.pdf) ordering the airlines to provide data on all June 2004 domestic flights will be issued formally on Monday by the Transportation Security Administration. The airlines must comply by Nov. 23.

The TSA announced in late September its intention to order all 72 domestic airlines to turn over the passenger records -- which can include credit card numbers, phone numbers, addresses and health conditions -- in order to stress-test a centralized passenger screening system called "Secure Flight."

Currently, passengers are screened by the airlines, which check itineraries against a set of watch lists provided by the government.

The TSA hopes to reduce the number of people flagged incorrectly by performing the checks itself using data fed to it by the airlines and a centralized terrorist watch list.

Over 500 citizens and organizations commented on the order, most expressing opposition to the planned test and the system itself. Civil liberties advocates strongly opposed the order, citing privacy concerns and the proposed use of commercial credit databases to verify passengers' identification.

The airline industry's response, published after the comment period officially ended, was less visible, but was not much more supportive than most of the other comments. The airlines prefaced their criticism by saying they wanted to work with the TSA, but went on to contend that the order would be expensive and would force them to choose between complying with an American anti-terrorism program or rejecting European privacy laws -- which could potentially prevent them from flying there.

The whole Wired News article from Friday is here.

But on Friday, the airline industry's lobbying group, the Air Tranport Association, seemed to back off those criticisms in a public statement attributed to the group's CEO James C. May.

We are studying the final order. As a general matter, we look forward to working with the Transportation Security Administration on this test phase of Secure Flight. We continue to support the concept of Secure Flight, which promises to deliver a higher level of protection and fewer hassles for travelers. U.S. airlines have long-standing concerns that center on privacy and operational issues. We hope that many of the issues will be successfully addressed during the test phase of Secure Flight. It's important to strike a balance between the security of airline passengers and their privacy. This is one of the reasons that U.S. carriers are enthusiastic supporters of the Registered Traveler program, which is designed to get people through airports faster.

Edward Hasbrouck has an impassioned rebuttal to the portions of the order responding to comments submitted.

I disagree with Edward's belief that the order is "is clearly illegal, since the GAO report is required before the TSA can test any passenger identification system using commercial databases such as PNR's (Passenger Name Records)."

He is referring to limitations included in the 2005 Homeland Security Appropriations bill.

Those include:
Section 522 (a) prohibits the TSA from implementing Computer Assisted Passenger Prescreening System (CAPPS II) or Secure Flight or other follow on successor programs until the Government Accountability Office has reported to Congress that the system is effective, not overly invasive and has a redress system. (This is essentially the same requirement imposed on CAPPS in 2003, and the GAO reported last February that CAPPS II failed 7 of the 8 tests.)

and

522 (d) which reads "None of the funds provided in this or any previous appropriations Act may be utilized to test an identity verification system that utilizes at least one database that is obtained from or remains under the control of a non-Federal entity until TSA has developed measures to determine the impact of such verification on aviation security and the Government Accountability Office has reported on its evaluation of the measures."

Edward takes that language to mean that the TSA is using airline records to test an identity verfiication system. I do not believe that was the Congressional intent. Instead they were aiming at limiting the use of commercial data warehousers, such as Acxiom and Lexis-Nexis, to verify personal information in airline reservations.

Though the TSA has said it wants to whether commercial databases will help with "Secure Flight," the GAO is not likely to issue a report until March. "Secure Flight" testing is supposed to be finished and evaluated by then.

One other noticeable item in the appropriations bill: Congress flatly barred the use of link analysis programs to assign risk to people who are not on a watchlist.
Section 552 (c) reads "None of the funds provided in this or any previous appropriations Act may be utilized to develop or test algorithms assigning risk to passengers whose names are not on government watch lists."

This means no link analysis leading to educated guesses about peoples' terrorist score or color-coding.

That means no ONRA for airline passengers -- at least not the ONRA of Ben H. Bell.

Posted by Ryan Singel at 03:10 PM | TrackBack

November 11, 2004 | HazMat = Hazardous Matthew?

Starting next year, an estimated 2.7 million truckers who haul hazardous materials will pay around $100 a piece for their background screening. They may get more for their money than they expect.

The $105 fee, proposed in the Federal Register on Nov. 10, covers the cost of collecting fingerprints, an FBI screening and a "threat assessment fee."

Currently the "threat assessment" is limited to checking names and DOB against terrorist watch lists.

But in '05, the TSA looks to be expanding the check to use commercial, intelligence and international databases to determine a trucker's terrorist score, even if the person does not appear on a watchlist.

I do not know, but assume this is the same link-analysis process the TSA wanted to use to screen every airline passenger.

The problem comes when someone disputes the assessment.

With a name-based system, it is relatively easy (though not perfect), to prove that you are not the David Nelson they want.

But when you lose your HazMat license because a computer system decided you are risky based on whether you live with or near someone in an intelligence database, how can you contest it?

The TSA can not tell you why (that would reveal investigative method) or tell you who in your life made them suspicious (compromising an intelligence operation).

While the technological promise of link-analytics (.pdf) is great for law enforcement and intelligence, it's less clear that it is appropriate technology to use to make decisions about someone's right to travel or to work.

Posted by Ryan Singel at 02:49 PM | TrackBack

November 11, 2004 | Red Cross fires Ted Kennedy

A coalition of non-profits filed suit Wednesday to stop a federal regulation that strong-arms 10,000 charities into checking their employees against a secretive watchlist in order to continue getting donations from government employees.

Here's the New York Time's Stephanie Strom's piece on the lawsuit.

The Combined Federal Campaign, an annual charity drive for federal employees and military personnel that raised $250 million for thousands of nonprofit groups last year, has required participating charities to certify that they do not employ anyone on the watch lists since October 2003.

"This is coming right in the middle of their campaign, which may raise serious doubts among government employees about how their money is being administered," said Anthony D. Romero, executive director of the A.C.L.U.

Nonprofit organizations have struggled over the last two years to interpret and comply with the provisions of the USA Patriot Act and other regulations intended to stop the flow of money to terrorists.

Foundations and other grant-making organizations that send money abroad responded first, setting up elaborate systems to check recipients against the lists and adding language to their agreements that required beneficiaries to certify that money would not be used to promote terrorism, employ terrorists or otherwise support nefarious activities.

Domestic charities with no overseas operations were slower to understand the effects of the regulations, apparently thinking that they applied just to organizations with overseas activities. The domestic groups have been somewhat taken aback by demands from some of their financial backers that they use the lists to police their employees and, in some cases, refused to acquiesce.

Now, keeping federal employees from inadvertently giving money to a group with a nice sounding name that funds terrorism is good policy.

But requiring small charities to check the names of their employees against terrorism watchlists?

For those interested, here's one of the lists the charities are supposed to use. It's the OFFICE OF FOREIGN ASSETS CONTROL's SPECIALLY DESIGNATED NATIONALS AND BLOCKED PERSONS list. It is 166 pages long (.pdf).

That's absurd.

The government can't even figure out how to do this with airline passengers without incorrectly snagging people named David Nelson or Ted Kennedy.

How are charities supposed to do this, especially when lists include names such as Manuel Diaz, a name shared by hundreds across the country including the mayor of Miami?

It's not just the civil libertarians who are opposed. The National Council of Nonprofit Associations says the rule "threatens core American democratic values that are fundamental to the role and tradition of the nonprofit sector."

Their policy position continues on to say:

[T]he process of matching an employee or potential employee to a name that appears on the lists is unreliable. In addition to violating associational rights, charities may be required to ask questions that violate privacy rights and existing labor laws of employees and potential employees. For example, birthdays often appear as one of the identifying characteristics on the lists. It is illegal for an employer to request such information from a potential employee. Third, some of the listings include only a name with no other identifying information. Given that many of these names are common Arab and Hispanic surnames, concerns have arisen that the lists may encourage prejudicial hiring if charities do not to hire individuals with names similar to those that appear on the published lists.

Posted by Ryan Singel at 02:12 PM | TrackBack

November 10, 2004 | Hunches Hunches

The ACLU of Massachusetts is suing to stop a homeland security pilot project in Boston that encourages screeners and cops to use hunches and suspicious behavior to apprehend terrorists.

As I wrote last month, when the program first came to light, there are some very interesting legal questions about the program, regardless of one's take on the usefulness or appropriateness of the program.

If a police officer questions a passenger, and does not like their answers or encounters a person who won't answer the questions, what are they to do?

Can they themselves prevent the passenger from proceeding to their plane? from leaving the airport?

Can they tell a screener not to let the person board?

If so, what authority are either of them invoking?

According to the press release, the ACLU is suing since one of its own was singled out by officers:

The lawsuit was filed on behalf of King Downing, the National Coordinator of the ACLU's Campaign Against Racial Profiling, who was approached by law enforcement officials after arriving at Logan Airport on October 16, 2003 to attend a meeting on racial profiling in Boston. Upon arriving at the airport, Downing, an African-American who wears a short beard, left the gate area and was making a phone call in the public terminal when he was stopped by a state police trooper who demanded that he produce some identification. When Downing declined to do so without knowing the basis for the request, he was first told that he would have to leave the airport. However, when he attempted to leave the terminal building, Downing was stopped again, surrounded by four troopers and told that he was being placed under arrest for failing to produce identification. When Downing finally agreed to produce his driver's license, the troopers then demanded to see his airline ticket. Downing was told by the police that he could be barred from the airport if he did not cooperate. After the police inspected Downing's identification and travel documents, he was allowed to leave. No charges were ever filed against him.

"This is a dangerous extension of police power," said Downing. "I was stopped and held for no legal reason by armed State Police troopers. I was told I could not leave unless I proved who I was and why I was at the airport, and that if I did not cooperate, I would be arrested or banned from the airport. This is racial profiling, and not the action of a government that stands for freedom and the rights of all its people."

Still, I wonder why did Downing show the police his airline ticket if he thought they didn't have a right to see it? I mean, he's an ACLU lawyer, right?

Here's why clearing up these questions is important:

Behavioral profiling has been used as the basis for stopping passengers since 2002 when Massport announced that State Police troopers at Logan Airport were being trained by an outside security consultant. The procedures were subsequently incorporated into the state police "Behavior Assessment Screening System" used at Logan and other locations. It was recently reported that B.A.S.S. is being used as a model by the Transportation Security Administration, which will soon launch a similar program nationwide, entitled SPOT ("Screening of Passengers by Observation Techniques").


Update: Edward Hasbrouck argues with my questioning of why Downing showed his airline ticket to the police, writing that it is "pretty obvious why an African-American man -- even an ACLU staff lawyer -- surrounded by Mass. troopers would hand over his papers, once he was told that he was already under arrest and explicitly threatened that he would otherwise be 'going downtown', rather than trying to stand on his rights. On the street, or in the airport, a bar card is no match for guns and clubs."

No doubt, Edward has a good point and I did not mean to impugn Downing.

That said, my point was really that the suit would be even more interesting in terms of clarifying the authority of the police to demand someone's plane ticket, if Downing had actually been arrested for not turning it over.

I'm not so sure it is illegal for the police to claim to have powers they do not have.

In lieu of an arrest, that (along with the related question of whether or not he was actually detained at the airport until he produced the ticket) seems to be one of the two main legal issues in the lawsuit. (The other being, of course, whether the hunch system is simply racial profiling by another name.)

Posted by Ryan Singel at 01:20 PM | TrackBack

November 09, 2004 | The No-Fly Lawsuit (a.k.a How to Get Off the List by Getting More On It)

Edward Hasbrouck has the goods on the no-fly lawsuit brought by the ACLU in Washington State.

The government filed a number of documents, some in secret, some public. The secret ones include a number of security directives to airlines. The public ones include the forms used by the TSA Ombudsman in the process of trying to help those caught by the no-fly and selectee lists for having a name similar or the same as the person actually put on the list.

Here's those docs (.pdf).

The process works like this: you contact the TSA ombudsman at 571.227.2383 (or 571.227.1449) or by email at ombudsman@dhs.gov. You explain what's happening to you and if they think you are being snagged because of your name (and not because you bought one-way tickets or paid with cash or made a last minute reservation), they send you a Passenger Identity Verification Form.

You fill that out and give them your office phone, SSN, address, place of birth, height, hair color, etc.

You also have to provide them with copies of 3 of the following:

1. Passport
2. Visa (no, not your credit card)
3. Certified Birth Certificate (if you need one of these you go online and order one from the state you were born for $15 bucks or so)
4. Naturalization Certificate
5. Voter Registration Card
6. Driver's License
7. Government Identity Card
8. Military Card

Then you get those notarized.

(Note that having three of these is a pain in the ass, especially for anyone who is not registered to vote or does not have a passport.)

After they get this, they do some sort of identity authorization, primarily based on your social security number. I assume that Lexis-Nexis or Acxiom or Choicepoint is used.

Then if you are lucky, you and your information gets put on a list of people cleared off the list. This get-off-the-list list is then sent to the airlines. From then on you should bring at least two forms of identification and the airlines are supposed to clear you faster.

Posted by Ryan Singel at 01:04 PM | Comments (2) | TrackBack

November 08, 2004 | The Cubicle Wall

Dozens of CIA employees are now working with FBI agents in Joint Terrorism Task Forces to help them conduct domestic intelligence operations, according to this USA Today piece by Kevin Johnson.

Remember that there has been much talk about breaking down the wall between intelligence gathering and criminal investigations and between the FBI and the CIA.

Officials at both agencies say the deployment, which pairs CIA officers with FBI agents in the bureau's offices to assist with terror-related investigations, also represents the CIA's broadest association with federal law enforcement since the CIA was created after World War II.

The CIA was created to gather foreign intelligence and is prohibited by law from participating in intelligence-gathering operations against U.S. citizens. It also has no law-enforcement powers. Intelligence and FBI officials say that the CIA officers are not involved in criminal investigations.

CIA agents have been assisting FBI agents by giving them access to intelligence databases so that the FBI can see if subjects of domestic terrorism investigations have links to international terrorism suspects or organizations.

The ACLU is wary.

"The location of these CIA officers definitely gives me pause," says Ann Beeson, associate legal director at the American Civil Liberties Union. "We have been very concerned about the growing surveillance power of the government through these task forces. We still know very little about these task forces. It would be very troubling if the CIA were to be involved in a broader surveillance operation."

Beeson is correct. The CIA was created explicitly to work outside the country and to limit its operations to non-U.S. persons.

Kicking a hole in the wall between the FBI and the CIA may prove to be useful and necessary, but do not think it is without risk.


Posted by Ryan Singel at 01:47 PM | TrackBack

November 04, 2004 | No-Fly Lawsuit

The ACLU's class action challenge to the no-fly list had its first day in court today in U.S. District Court, Western District of Washington at Seattle, as its lawyers fought against a government motion to dismiss the case. The government argues the case has no merit and it is filed in the wrong court.

From their press release:

The ACLU lawsuit, which was filed on April 6, asks the court to declare that the No-Fly lists violate airline passengers' constitutional rights to freedom from unreasonable search and seizure and to due process of law under the Fourth and Fifth Amendments. The ACLU is also asking the TSA to develop satisfactory procedures that will allow innocent people to fly without being treated as potential terrorists and subjected to humiliation and delays.

The individuals named in the class-action lawsuit are:
* John Shaw, 75, a retired Presbyterian minister, from Sammamish, Washington;
* Michelle D. Green, 36, a Master Sergeant in the U.S. Air Force;
* David Nelson, 35, an attorney from Belleville, Illinois;
* David C. Fathi, 41, a senior staff attorney with the ACLU National Prison Project in Washington, D.C.;
* Mohamed Ibrahim, 51, a coordinator for an immigrants' rights project with the American Friends Service Committee in Philadelphia;
* Alexandra Hay, 22, a student at Middlebury College in Vermont; and
* Sarosh Syed, 27, a graduate student at Georgetown University in Washington, DC.

The government is arguing that the District court has no jurisdiction and that if the lawsuit has any merits, it should be filed in the appeals court first. They successfully used this argument to have the Northern California District Court dismiss John Gilmore's challenge to the identification requirement.

I was not able to get to the hearing today, so it is hard to say how receptive the judge was to this argument.

The TSA is also arguing that the no-fly list, the selectee list and the procedures that airlines must follow to enforce the lists are SSI (sensitive security information). This classification means that the government will refuse to disclose (.pdf) this information in open court.

The ACLU's page on the lists is here.

Posted by Ryan Singel at 09:54 AM | TrackBack

Powered by
Movable Type 3.2