EDWARD HASBROUCK. Government Surveillance and Control of Travelers

Similar documents
WHAT IS SECURE FLIGHT? Learn About It

Module 1: One DHS Solution (APIS Pre-Departure and Secure Flight) Section 1: One DHS Solution Briefing August 2007

Secure Flight Passenger Data (SFPD) FAQs

Secure Flight Passenger Data (SFPD) FAQs

Incorporates passenger management, fleet management and revenue/cost reporting

Order Now. ONE Order Pilot

Name Correction Restrictions

Reservations Handbook. Effective 1 June th Edition

Eric Rodriguez. Program Manager, General Aviation. U.S. Customs and Border Protection Headquarters

U.S. Department of Homeland Security Customs and Border Protection (CBP) Transportation Security Administration (TSA)

ICAO/LACAC Regional Facilitation Seminar/Workshop

International Civil Aviation Organization HIGH-LEVEL CONFERENCE ON AVIATION SECURITY (HLCAS) Montréal, 12 to 14 September 2012

AIRLINE RESERVATION SYSTEM DOCUMENTATION KEMARA

November Delta, Northwest To Align Fees, Policies. November Issue

Name Correction Restrictions

LEASING, BUYING AND CHARTERING AIRCRAFT

Passenger Data Exchange THE BASICS

Name Change or Name Correction Restrictions

Solutions. Author, Department Place, Date

US explores catalytic potential of biometrics

Name Correction Restrictions

ATPCO. Intended positioning on the market

Transportation & Public Facilities

API and PNR: IATA s Experience. ICAO Regional Facilitation Seminar 9 Sept 2014 Lima, Peru

Bill Reining EAA 393 Jan. 27, 2010

Jitu Thaker Technical Officer/Facilitation, ICAO

ultimate traffic Live User Guide

Circular 330-AN/189 Civil/Military Cooperation in Air Traffic Management. Sven Halle ICAO- Paris

PELLSTON REGIONAL AIRPORT EMERGENCY CONTINGENCY PLAN

Name Correction Restrictions

PASSENGER DATA SYSTEM. Information for air carriers and stakeholders

Contents. FT/SH/FTSH14.VP ES 2007 iii

2.2 Air Navigation Deficiencies ICAO CAR/SAM AIR NAVIGATION DEFICIENCIES DATABASE SIP. (Presented by the Secretariat) SUMMARY

STOCKTON POLICE DEPARTMENT GENERAL ORDER UNMANNED AIRCRAFT SYSTEM SUBJECT. DATE: November 14, 2017 NO: V-6

JUNEAU INTERNATIONAL AIRPORT (JNU) SECURITY IDENTIFICATION DISPLAY AREA (SIDA) TEST

ADM Policy Ticketing Audit Scope Including But Not Limited To

ACRP Problem Statement No Recommended Allocation: -- ACRP Airport Baggage Handling Opportunity

PRIVACY POLICY 3. What categories of data we process 1. Administrator of personal data 2. How we collect your data

FACILITATION PANEL (FALP)

Caribbean Sky Tours Summary Review of Mexico Airspace and ATC Over-Time Fees

L 342/20 Official Journal of the European Union

SSP progress in Latvia. Overview

Sawasdee Krup. Applications of RFID in Aviation. Symbol RFID Ecosystem Summit. Bangkok May Louis Kirk

Operational Evaluation of a Flight-deck Software Application

ARTICLE 29 Data Protection Working Party

General Aviation Economic Footprint Measurement

Passenger Data Exchange THE BASICS

U.S. Domestic CPDLC-DCL Users Guide. DATA COMMUNICATIONS INTEGRATED SERVICES (DCIS) Harris Corporation

Aviation Security by Robert W. Poole, Jr. Director of Transportation Studies, Reason Foundation

SMARTER BUYING. How to get the most from your air spend

Global Air Traffic Management Forum on Civil/Military Cooperation (Montreal, 19-to 21 October 2009)

July 29-30, 2010 Washington, D.C Procurement Agencies. Coast Guard Agencies

GDS/CRS Booking Policy for Air India Ltd

Executive Summary Revised Form I-9 Teleconference May 07, 2013

FACILITATION PANEL (FALP)

Circular 330-AN/189 Civil/Military Cooperation in Air Traffic Management

Directors, Field Operations Office of Field Operations. Director, Pre Clearance Operations

Border Security for Air Transport in the Pacific

UNIVERSITY PARK AIRPORT EMERGENCY CONTINGENCY PLAN

e-airportslots Tutorial

DATA APPLICATION CATEGORY 25 FARE BY RULE

Aviation ICT Forum 2014

REGULATION NUMBER 66/2015 REGARDING UNSCHEDULED INTERNATIONAL NON-COMMERCIAL AND COMMERCIAL AIR

Concur Travel: User Supplied Hotels

IATA s Facilitation Priorities in the region

UN SC Resolution 2178 and passenger data exchange

IMPACT OF EU-ETS ON EUROPEAN AIRCRAFT OPERATORS

AGREEMENT. The Department of Civil Aviation of Bosnia and Herzegovina represented by its Directors General, hereinafter referred to as DCA,

INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE. (Dakar, Senegal, 20 22nd July 2011)

A Proposed Strategy Coordinated Clearance Point of Departure Determination Provided To The Can/US Border Perimeter Vision Initiative

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 1 August /08 LIMITE CRIMORG 124 AVIATION 162 DATAPROTECT 55

Concur Travel: View More Air Fares

JUNEAU INTERNATIONAL AIRPORT (JNU) RESTRICTED AREA TEST

Regional Seminar/Workshop on CMA and SAST

Intent to Request Revision From OMB of One Current Public Collection of. Information: Certified Cargo Screening Standard Security Program

A collaboration for safety from Flight Data Services and IATA. World leading flight data analysis service

GOL Airline s Debit Memo Policy

Management System for Flight Information

(Japanese Note) Excellency,

Concur Travel: Post Ticket Change Using Sabre Automated Exchanges

2018 PSO Profile Highlights and Tips. December 18, :00 3:00 PM

OVERVIEW OF THE DISPUTE SETTLEMENT MECHANISMS IN ICAO

ICAO Annex 9 : Facilitation Structure and Amendment 26

Surveillance and Broadcast Services

DEFINITIONS DEFINITIONS 2/11/2017 REQUIREMENTS AND LIMITATIONS OF DRONE USE IN FORENSIC ACCIDENT RECONSTRUCTION

Advisory Circular. Land Use and Jurisdictional Issues at Aerodromes

MIS 0855 Data Science (Section 006) Fall 2017 In-Class Exercise (Day 27-28) Visualizing Network

FACILITATION PANEL (FALP)

Security Needs Of The Transport Sector: Athens International Airport

IACRA Procedures Starting an 8710 and Getting Affiliated with OU Aviation

Seminar on USOAP Continuous Monitoring Approach (CMA) and State Aviation Safety Tools (SAST)

Statement of Edward M. Bolen President General Aviation Manufacturers Association

AIRSAW TF Status Report

ICAO Traveller Identification Programme (TRIP) Implementation Roadmap for Member States

Enhancing Aviation Security through Identity management

7 Ways Facial Recognition Can Unlock A Secure, Frictionless and Personalized Travel Experience COURTESY OF A SINGLE, UNIFIED BIOMETRIC KEY

OFFICIAL D.O.T. EMERGENCY CONTINGENCY PLAN

Report to the Business Administration Committee

etix issuance for group travel

Traveller identification management

Transcription:

EDWARD HASBROUCK Government Surveillance and Control of Travelers The Brennan Center for Justice (NYU School of Law) 1 of 30

Surveillance of Travel vs. Surveillance of Communications 1. Movements of people vs. movements of messages 2. CALEA vs. enforced modifications to travel IT systems ($2B+ since 9/11 in costs to travel industry) 3. Suspicionless dragnet capture & retention of data 4. Legality of communications vs. travel surveillance 5. How the government uses this data 2 of 30

Government Surveillance and Control of Travelers 1. ID requirements ("Papers, Please!") 2. ID-linked "Personal Travel History" 3. "Permission To Travel" control system (based on identity and ID-linked history) 4. Default is "NO" 3 of 30

Travel Dataveillance: 3 partially overlapping sets of data required by DHS for each air traveler (depending on whether flight is domestic or intl.) 1. "Advance Passenger Information System" (APIS) data 2. "Passenger Name Record" data 3. "Secure Flight Passenger Data 4 of 30

Domestic vs. International: different names for systems and datasets, same essential content and functions International Travel: "Advanced Passenger Information System" (APIS) data "Passenger Name Record" (PNR) data accessed & "ingested" Domestic US Travel: Secure Flight Passenger Data (SFPD) PNR data accessible to TSA but not usually "ingested" TSA "Secure Flight" CBP "Automated Targeting System (ATS) 5 of 30

This is how the DHS thought it would work, but the reservations data ecosystem isn't structured like this. 6 of 30

Most airlines don t host their own PNRs. They outsource this to a third-party Computerized Reservation System (CRS) or "Global Distribution System" (GDS). 7 of 30

8 of 30

9 of 30

Because most of the CRSs are based in the USA, data is routinely stored in the USA and accessible to the DHS from US companies even for journeys within other parts of the world. 10 of 30

The CRSs are the original globally-accessible "cloud". 11 of 30

Secure Flight Business Model OTSR / TSA-OI Traveler Inquiry Form (TIF) Redress Redress Control Number CBP Cleared List Via TSA-OI Public Travel Information -- Advance Passenger Information System ( APIS) Reservation Aviation Booking Entities Boarding Pass Reservation APIS Data (International ) s as P Aircraft Operators Subject Data TSA TTAC Border Enforcement Passenger Data & Gate Passes Message format will include all data elements needed by TSA and CBP Matching Results DHS Router Secure Flight Service Center Secure Flight es ss Pa e t a G & ic) ata es t r D om e g (D en Watch List Matching Preliminary Review Required (PRR) Matching Results SFA CSA Perform Identity Analysis Call Authentication & Routing TSA-OI RFA ing tch Ma TSA-OI RFA Disposition lts su Re TSA-OI Analyst Routes messages to and from Aircraft Operators Perform Threat Analysis Corporate Security Office Law Enforcement Encounter Information Watch List TSC-Refer for Action (RFA) TSC-RFA Disposition TSC Nomination & Data Integration Unit (NDIU) Call Center Request Law Enforcement Encounter Law Enforcement Encounter Information TSOU Coordination with other agencies and Law Enforcement 12 of 30

13 of 30

ATS records include passengers on all flights that overfly US territory, even if they don't land in the US. What would happen if Cuba wanted the reservations of everyone who overflies Cuba? 14 of 30

Contents of ATS records 1. TECS index (international entry/exit log since 1992) 2. TECS detail page(s) including secondary inspection notes for each entry or exit 3. Complete copies of PNRs for all international air travel to, from, via, or overflying US territory 4. "Risk assessments" and rules used to generate them 5. Pointers to external databases (govt. & commercial) 15 of 30

My ATS file includes records of my international travel since 1992. The first SORN (Federal Register notice) of the existence of ATS was in 2006. 16 of 30

There can be a TECS detail page with free-text notes for each border crossing even if nothing illegal or suspicious was found. 17 of 30

No penalty issued. But my apple and bread are in my permanent ATS file with CBP. 18 of 30

This ATS record contains APIS data for a train trip from New York to Montreal, obtained by CBP from Amtrak's reservation system. 19 of 30

This ATS record describes a crossing of the USACanada border by private car. Current ATS records include the license number of the vehicle, obtained from automated license plate readers. 20 of 30

CBP washed my shoes and made a note about it in my permanent ATS dossier. 21 of 30

You attended a computer conference? You claim to be a computer software entrepreneur? That goes in your permanent file. 22 of 30

What book are you reading? You read about drugs? About your rights? That goes in your permanent file. 23 of 30

Guilt by association? The only contact information in this 2007 PNR from my ATS file is the home telephone number of a friend. 24 of 30

This PNR from my ATS file includes my timestamped IP address, so even a dynamic IP address could be identified. 25 of 30

This PNR from my ATS file with CBP includes the details of my travel by train between Paris and Brussels. 26 of 30

This PNR from my ATS file with CBP includes the details of my travel by bus between Strasbourg and Frankfurt. 27 of 30

The OK (Czech Air) flights were on a separate ticket, and did not connect to flights to or from the US. UA would not be able to see these flights in the CRS only a CRS user with "root" access would be able to see them. OK does not fly to the US. 28 of 30

Other data in PNRs Hotel reservations (How many beds did you and your traveling companion ask for in your hotel room?) Special meals (Kosher? Halal?) and special service requests (medical conditions? physical disabilities?) Reservations and special service requests for tours, cruises, ground transport, and other travel services Billing codes (Which client did a lawyer bill this trip to?) Discount codes (What organization are you associated with? What convention are you attending?) 29 of 30

EDWARD HASBROUCK "The Practical Nomad" edward@hasbrouck.org +1-415-824-0214 http://www.hasbrouck.org The Identity Project: http://www.papersplease.org 30 of 30

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback