Sunday, 12 December 2004

Congress enacts comprehensive travel surveillance law

This Tuesday, 7 December 2004, as its final act before adjourning until after newly-elected members take office in January, the lame-duck Congress of the USA gave final approval for the creation of a comprehensive system of government credentialling, tracking, and control of domestic and international travellers, as part of the so-called "Intelligence Reform and Terrorism Prevention Act of 2004".

I've written previously about some of the proposals that preceded enactment of this legislation. But despite talk of "compromise" between the House and Senate, the amended bill as finally approved, and as expected to be signed into law by President Bush with a few days, includes provisions for travel surveillance far worse than those in any of the versions originally introduced months ago in Congress.

The conference committee report giving the final text of the bill, and revealing for the first time some of the most objectionable last-minute additions and amendments, wasn't published by the House and Senate (you can download the same document from either) until 7 December 2004, the date of the final Congressional votes, precluding any meaningful public (or even Congressional) scrutiny or input.

The rules for Congressional consideration of the final version of the bill permitted only the most limited debate. But some of the strongest criticism was directed at the travel identification, surveillance, and control provisions, particularly the denunciation of the bill by Rep. Ron Paul (Republican of Texas), brought to my attention by Wendy Grossman in The Inquirer [UK]:

The federal government should never be allowed to demand papers from American citizens, and it certainly has no constitutional authority to do so.... Domestic travel restrictions are the hallmark of authoritarian states.... Those who are willing to allow the government to establish a Soviet-style internal passport system because they think it will make us safer are terribly mistaken. Subjecting every citizen to surveillance and screening points actually will make us less safe, not in the least because it will divert resources away from tracking and apprehending terrorists and deploy them against innocent Americans! Every conservative who believes in constitutional restraints on government should reject the authoritarian national ID card and the nonsensical intelligence bill itself.

What exactly does the new law say about travel? It's hundreds of pages long, and includes a mishmash of disparate provisions, many of which have nothing to do with terrorism prevention and most of which have in common only the sloppiness of their drafting.

The portions of the new law establishing the travel credentialling, tracking, and control system are mainly contained in Section 4012 ("Aviation Security -- Advanced Airline Passenger Prescreening"), 4071 ("Maritime Security"), 5301-5304 ("Visa Requirements"), and 7201-7220 ("Terrorist Travel"), as follows:

Section 4012 begins with a clause that requires testing of a new airline passenger prescreening system to begin by 1 January 2005. This appears to override the previous statutory precondition of a report by the GAO which hasn't been completed, and almost certainly won't be by the end of 2004.

The conditions the law places on such a system, however, would appear to prohibit the deployment of the Secure Flight scheme currently planned by the Transportation Security Administration (TSA). Under the new law, the TSA must "ensure that there are no specific privacy concerns with the technological architecture of the system." Whether or not the TSA thinks it has responded to those concerns is irrelevant: the statutory criteria is whether they exist, as clearly they do for "Secure Flight".

Since the concerns raised by hundreds of comments on the "Secure Flight" proposal aren't going to disappear, the TSA will remain prohibited from deploying it. The mandate of the new law for a prescreening system about which there are no such concerns is, if one takes the law at face value, a mandate for the TSA to abandon "Secure Flight", go back to the drawing board, and come up with a new prescreening system that isn't based on identification and surveillance.

I presume that, unless compelled to do so by legal action, the TSA will ignore the plain meaning of this section, and treat the new law as a mandate to deploy "Secure Flight" in spite of the fact that there are, and will remain, "specific privacy concerns with the technological architecture of the system."

Next, Section 4012 (a)(1) of the act adds the following language to the U.S. Code for domestic airline flights within the USA:

49 U.S.C. (j)(2)( C )(iv) PASSENGER INFORMATION --

Not later than 180 days after the completion of the testing of the advanced passenger prescreening system, the Assistant Secretary [of Homeland Security for the Transportation Security Administration], by order or interim final rule --

(I) shall require air carriers to supply to the Assistant Secretary the passenger information needed to begin implementing the advanced passenger prescreening system; and

(II) shall require entities that provide systems and services to air carriers in the operation of air carrier reservations systems to provide to air carriers passenger information in possession of such entities, but only to the extent necessary to comply with subclause (I).

The TSA has already demanded this information (and, so far as is known, been given it) for "Secure Flight" testing, and claimed that it had legal authority to enforce such a demand. And the new law creates separate obligations for airlines (clause I) and for computerized reservation systems (clause II), despite the unwillingness of the TSA to discuss the role of the CRS's,and claims by the CRS's that the data demands applied exclusively to airlines and did not implicate the CRS's.

In effect, the inclusion of this new language is an admission that the TSA's previous demands for passenger name record (PNR) data from airlines and CRS's lacked any basis in prior law, but required new law, and an admission that active collaboration by the CRS's is necessary in order for the government (or any other third party) to obtain information from the PNR databases hosted by the CRS's on the airlines' behalf.

Section 4012 (a)(2) for international flights requires the issuance within 60 days of "a notice of proposed rulemaking that will allow the Department of Homeland Security to compare passenger information for any international flight to or from the United States against the consolidated and integrated terrorist watchlist maintained by the Federal Government before departure of the flight."

But unlike the preceding section on domestic USA flights, this section makes no mention of any requirement for airlines or CRS's to turn over any passenger data. At least for data collected in the European Union, and pertaining to international flights, airlines and CRS's thus remain obligated by EU law, without conflict under the newly-clarified USA law, to refuse to turn over any PNR data without the passengers' consent.

That leaves it up to citizens or residents of the EU to initiate complaints and request enforcement action by their national data protection authorities and (under the EU Code of Conduct for CRS's) with the European Commission, against both airlines and CRS's that have turned over information about them, without their consent, for "Secure Flight" testing.

Notably, neither the sections on domestic nor international flights mention any oblication on travellers (or other people making reservations) to provide names or other information, leaving unmodified the provisions of current law requiring airlines to operate as "common carriers" and transport all qualified passengers.

Section 4012 (b)(2)(B) requires a report including "a discussion of the implications of applying those [no-fly and automatic secondary screening selectee] lists to other modes of transportation", making explicit an agenda -- previously only hinted at -- to convert the "no-fly" and other watch lists into what are referred to later in the act as "no-transport" lists.

Not waiting for that report, Section 4071 requires the use of these lists within 6 months for "screening " of all cruise ship passengers.

Section 5301 extends the requirement for a personal inteview with a U.S. embassy or consular officer to all applicants for non-immigrant visas to visit the USA (including tourist visas and transit visas) between the ages of 14 and 79, regardless of how far from any consulate or embassy of the USA they reside, or any other cost or hardship the requirement may impose. Presumably, the effect will be to make non-citizens less likely to visit the USA, thus increasing the USA imbalance of payments and decreasing international understanding by and of the USA.

Section 7201 (e) requires the Director of National Intelligence to "significantly increase resources and personnel to the small classified program that collects and analyzes intelligence on terrorist travel." This is the first explicit acknowledgement I've seen of a federal travel surveillance program. There is no indication as to whether it is limited to international travel or non-citizens of the USA, or whether it includes (classified) military surveillance of domestic travel within the USA by USA citizens.

Section 7204 (b)(2)(B) requires the President of the USA to attempt to negotiate an international agreement to "establish and implement a real-time verification system of passports and other travel documents with issuing authorities", i.e. an integrated global identification database accessible to all governments worldwide.

Section 7211 ("Birth Certificates" or, as they are referred to elsewhere in the act, "Breeder Documents"), Section 7212 ("Drivers Licenses and Personal Identification Cards"), and Section 7313 ("Social Security Cards and Numbers") together mandate the creation of a system of "enumeration at birth", lifetime identity tracking, and presentation of Federally standardized identification credentials for all government purposes.

Even before that national ID number and ID card scheme can be put into effect, Section 7220 requires the establishment of "minimum standards for identification documents required of domestic commercial airline passengers for boarding an aircraft", thus making clear that the purpose of the "ID" scheme is actually not just identification, or even surveillance, but control of who is, and who is not, allowed to travel within the USA. So much for that Southwest Airlines slogan, "You are now free to move about the country." (Not, of course, that human rights or Constitutional guarantees were ever, or should be, merely privileges granted by commercial entities.)

The government has already been claiming, in its response to the Gilmore vs. Ashcroft and Frontier Travel vs. TSA lawsuits, that they have the right to require identification credentials, and determine who can and who can't travel, through secret directives that aren't subject to meaningful judicial review.

While this section of the new law is, as Representative Paul pointed out in Congress, manifestly unconstitutional, at least it is now explicit, public, and subject to more straightforward challenge. And it is, in effect, yet another admisison that the TSA's previous actions have been unsupported by any law, even an unconsitutional law.

Finally, Section 8404 reinstates and extends for one more year, through 19 November 2005, the deceptively reassuring but in practice likely to be largely useless to travellers provisions of Federal law for holders of tickets on airlines that have gone out of business.

Other USA-based airlines flying the exact same route (if there are any, which in many cases there aren't) will once again for the next year be required to carry holders of tickets on bankrupt airlines for at most US$25 per flight (i.e up to US$100 for a round trip journey with a change of planes in each direction), if space is available (which it might not be for weeks, especially to, from, or via hub airports previously dominated by the bankrupt airline), if they can prove they had tickets (which most holders of electronic tickets won't once the bankrupt airline's reservation database is no longer accessible).

For more on what to do if you already have, or are thinking of buying, tickets on an airline that is already bankrupt or might be liquidated, see my updated FAQ on Airline bankruptcies and my previous discussion of this topic in my blog.

Link | Posted by Edward on Sunday, 12 December 2004, 20:23 ( 8:23 PM) | TrackBack (1)
Comments
Post a comment









Save personal info as cookie?