Wednesday, 25 August 2010
Why I'm suing the Department of Homeland Security
[Update: Several readers have asked, “What can I do to help?” See the Identity Project’s FAQ: Edward Hasbrouck v. U.S. Customs and Border Protection for answers to this and other questions about the lawsuit. If you’d like to be kept informed (and to receive other travel news and articles), sign up for my newsletter (see the form in the sidebar) and/or follow me on Twitter. If you’d like to volunteer to help out in other ways, please contact me directly.]
Today the First Amendment Project is filing a lawsuit on my behalf against U.S. Customs and Border Protection (one of the divisions of the Department of Homeland Security) for violating the Privacy Act and the Freedom Of Information Act (FOIA) by refusing to disclose their records of my travels, what they did with my requests for my records, and how they index, search for, and retrieve these travel surveillance records.
According to the complaint in Hasbrouck v. CBP filed today with the U.S District Court in San Francisco:
This complaint concerns the failure to disclose records regarding the warrantless, suspicionless dragnet collection and maintenance of Federal government records of the travel, activities, and other personal information concerning U.S. citizens not accused of any crime….
In November, 2006, Defendant CBP, an agency within the Department of Homeland Security, revealed that it was already operating a system of records — for which, despite the requirements of the Privacy Act, no prior System of Records Notice (“SORN”) had been promulgated — which it labeled the “Automated Targeting System” (“ATS”). According to the SORN, ATS contained records related to international travel by U.S. citizens and others, including complete airline reservations or Passenger Name Records (PNRs), used among other purposes for making “risk assessments” of travelers. In 2007, in his capacity as a member of the news media and a consultant to the Identity Project (“IDP”) on travel-related technical, civil liberties, and human rights issues, Plaintiff Edward Hasbrouck requested copies of his own records pursuant to his right of access under the Privacy Act.
When he received a response which appeared manifestly incomplete and which invoked FOIA exemptions clearly inapplicable to records required to be released pursuant to the Privacy Act, Hasbrouck appealed. Almost three years later, he has received no acknowledgment or response to that appeal.
In October 2009, Hasbrouck tried again, filing a new, broader Privacy Act request to CBP for his own travel-related records from ATS and other CBP systems of records and an accounting of when and to whom they had been disclosed by CBP, a FOIA and Privacy Act request for records concerning what had happened to his 2007 request and appeal, and a FOIA request for general information concerning the indexing, search, and retrieval capabilities of the ATS records system. When Hasbrouck received no response, he appealed the constructive denial of each of these requests. Nine months after making these requests and seven months after making these appeals, he has received no information in response.
I’ve never sued anyone before in my life, or been sued by anyone. It’s not something I want to do, or that I’d do lightly.
So why am I suing the Department of Homeland Security?
I’m suing the government because they gave me no choice. After years of stonewalling, it became clear that the DHS would tell me, and tell the public, nothing about its secret dossiers about us unless forced to do so by court order.
I’m suing the government because of the significance of commercial airline reservations and the DHS “Automated Targeting System” as one of the largest post-9/11 U.S. government surveillance programs, and one of the largest collections of Federal government dossiers about the lives of innocent civilians after the IRS (tax) and Social Security (retirement) databases.
I’m suing the government because of the intimate personal details and the sensitivity of the information contained in airline reservations and the government’s records, which I’m familiar with from 15 years of travel industry experience with airline reservations and from the censored excerpts from its travel dossiers that the DHS has released to some other people who’ve brought them to me for help in understanding their coding and significance: not just credit card numbers and IP addresses but also friends’ telephone numbers, whether two people asked for one bed or two in their hotel room, and what book someone was carrying when they entered the country.
I’m suing the government now, while I still can, because they have already tried to change the rules to exempt much of the information in PNRs from disclosure, and to exempt themselves from any obligation to provide an accounting of what other government agencies, foreign governments, commercial entities, or other third parties they have “shared” this data with. (My requests were all made before these changes to the DHS Privacy Act regulations, so I’m entitled to this information regardless of whether the new rules are upheld.)
I’m suing the government because it’s important for other people to know that the DHS has been lying when they claimed on page 29 of this PDF to the European Union that “all requests for access [to travel records kept by DHS] have been successful and passengers were always given access to their data” despite ignoring my request and appeal, and when they claimed on page 4 of this PDF that “the [DHS] Privacy Office received no reports of misuse of PNR … since 2005”, despite specific formal complaints filed with that office since 2006 by the Identity Project.
I’m suing the government to find out who was responsible for sending my original requests and appeals into a black hole, and whether they were among those requests that were illegally delayed or blocked by high-level political commissars in DHS or the White House.
I’m suing the government because no one else has done so, because foreigners have no right to do so under the U.S. Privacy Act, and because someone had to do it — despite my fear, and my lawyers’ fear, that the government may retaliate against us by putting us on (another?) of their secret lists and/or further interfering with our freedom of movement.
More information and the complaint filed today in Hasbrouck v. CBP are available from the Identity Project (PapersPlease.org), along with links to news reports about the case.
[Update, via Tnooz: “A CBP spokeswoman declined to comment on the particulars of Hasbrouck’s suit, citing his privacy concerns. The CBP spokeswoman added that passengers ‘voluntarily’ give airlines permission to collect their travel data and personal information, and the CBP culls that information and performs a risk assessment for possible enforcement action. In an interview, Hasbrouck said it’s false that passengers freely give airlines the right to collect personal information because … if travelers withhold that information from airlines or travel agencies they may not be able to board a plane or leave the country…. He also warns that U.S.-based GDSs and travel agencies should be aware that if they go along with such data requests that they could be risking legal action by European individuals or governments and could face substantial liabilities. ‘This should be a wake-up call to travel intermediaries in the U.S. that they can’t escape liability for [releasing] personal information when they are part of the conveyor belt,’ Hasbrouck says.”]
[Heise.de: US-Burgerrechtler klagt auf Herausgabe von Flugpassagierdaten]
[FutureZone @ ORF.at: Passenger Name Records / Flugdaten: “US-Heimatschutz belugt EU” Portions of the the PNR showing root access to the Galileo CRS by DHS/CBP, mentioned in the ORF article, were reproduced on page 5 of the Identity Project’s initial report on our research into ATS records. This was a real PNR for a real person obtained from DHS/CBP. The traveller went from the USA (SFO) to Berlin (TXL) on United Airlines. She stayed six days in Berlin. Then she went from Berlin to Prague to London on Czech Airways (IATA code “OK”). Then she stayed for another 6 days in London. Then she returned from London to SFO on United. The flights on Czech Air were entirely within the EU. They did not connect to or from flights to or from the US, or on a US airline. The PNR shows that travel agent issued a separate ticket, and a separate fare, for the Czech Air flights — they weren’t on same ticket with the United flights. But the travel agent followed standard travel agency procedures and made all the reservations for the entire journey in the same CRS, in this case Galileo (the CRS used by United). When DHS pulled the PNR, they didn’t just pull the portion on United, but pulled the entire travel agency PNR, including the flights on Czech Air. This confirms that DHS had root access to Galileo, not just access through United, since United would not have been able to see the details of the Czech Air flights and ticket. Detailed questions based on this article were asked in the Austrian Parliament on 14 October 2010.]
[SF Weekly, Department of Homeland Security Sued Over Secret Traveller Files: “J. Edgar Hoover might have been proud.” Follow-up: Travel writer Edward Hasbrouck sues Homeland Security over travel data.]
[My interview with the travel (“reisen”) section of Zeit: “In dieser Datenbank steht, wer mit wem schlaft” (“This database is available, who is sleeping with whom”). One commenter on Twitter summed it up even better: “Du fliegst - Du bist Terrorist. Die USA weiss, mit wem du schlafst und welches Buch du liest.” (You fly - You are a terrorist. The U.S. knows who you sleep with and what book you read.”) The incidents involving European citizens on Paris-Mexico flights that were forbidden to overfly the US are discussed here and here.]
[SG.hu: A legiutasok szemelyes adatait koveteli a legitarsasagoktol az amerikai kormany]
[Follow-up from Futurezone @ORF.at: PNR: Massive US-Intervention im EU-Parlament. Compare what is being said to Members of the European Parliament by the US diplomats and lobbyists with my testimony to the EP in Brussels earlier this year, and the formal comments of the Identity Project to the DHS on the illegality of the ESTA scheme.]
[Further fallout in Europe, with questions being asked of the European Commissioner, again from Futurezone @ORF.at: Grundzuge des neuen PNR-Abkommens (“Daten-Wild-West verhindern”)]
[BoingBoing: Travel author sues DHS to make it obey the law with its vast traveller databases]
Link | Posted by Edward on Wednesday, 25 August 2010, 08:00 ( 8:00 AM)Best of luck.
Posted by: Ben, 25 August 2010, 09:08 ( 9:08 AM)GO EDWARD!
Posted by: Matt W, 25 August 2010, 11:09 (11:09 AM)
Edward,
You're right about this one too in the current "1984" world. Pls be careful, though. Keep up the good work!
Best,
Posted by: Anonymous, 25 August 2010, 13:17 ( 1:17 PM)you are so cool!
Posted by: moe, 25 August 2010, 22:43 (10:43 PM)
Good work, Edward!
Louise
Posted by: Louise Lacey, 26 August 2010, 16:46 ( 4:46 PM)Glad to see courage has not disappeared from this planet just yet.
Good luck sir.
Posted by: Alex, 28 August 2010, 08:52 ( 8:52 AM)Ed, thanks for keeping it honest for us, sorry you had to file but as usual it takes an intelligent balance of opinions for the global system to function.
Cw
Cheers to you! They don't have a higher power and its very obvious the way they treat you. They need some accountability. Good luck.
Posted by: JackStraw, 30 August 2010, 09:50 ( 9:50 AM)Good luck. Need ppl like you to stand up and fight for all our rights.
Posted by: Benny Blanco, 3 September 2010, 04:58 ( 4:58 AM)Thank You, and good luck!
I have come across information on your suit against the US Gov't and DHS, and the fantastic summary you did. I just felt I should thank You for your effort and bravery.
I just wanted to let You know there are people and organisations all over the world (Poland here, by the way) that see the diffusion of privacy and personal rights and freedoms in America as a very dangerous precedent that might "inspire" other countries (and indeed, often it already does) to follow suit (pun not intended).
I come from a nation that had to fight for independence and freedom many times throughout its history. For 21 years we are finally Free - after almost 200 years of enslavement. I have the distinct privilege to not remember the Polish People's Republic and the times long gone by (I'm 25), but we all here either remember, or simply know (from history lessons, from relatives, from literature) what Orwellian surveillance was like. We all remember or know about the atmosphere, the Kafka-esque processes of law, the fright... And we remember or know what sacrifices had to be made to be finally Free.
Maybe that's why ideas like secret lists, internet filtering and similar ideas meet with a decisive public resistance. For now. But if the USA, the country people 15-20 years older than me saw as a symbol of freedom and one of the only allies we had against the USSR, slides down this slippery slope any more, resistance can only become harder.
The more can we admire what You are doing.
Hence, for Your sake, and for the sake of all the people that watch and see what's going on, I wish you strength and good luck in your fight. In times like these there's always the need for a single fighter to fight for the principles.
It was like that in the fifties in USA with the McCarthy-ism at its height, when Ed Murrow took a stand.
It was like this in the Big Tobacco suits in early nineties when Brown&Williamson almost destroyed Jeff Wigand's life when he took a stand.
And many, many times more. There's a reason the famous Solidarity poster for the June '89 elections in Poland was basically a frame from the "High Noon": http://en.wikipedia.org/wiki/File:W_samo_poludnie_4_6_89-Tomasz_Sarnecki.jpg
So once more - all the best, and good luck.
I'll be watching, and with me two Polish NGOs.
Posted by: Michal "rysiek" Wozniak, 3 September 2010, 18:45 ( 6:45 PM)You're quite brave. Best wishes for you.
Posted by: Anonymous, 8 September 2010, 02:31 ( 2:31 AM)I wholeheartedly agree with what you're doing. I travel for a living, so numerous times each month, I'm confronted by inconvenience and assault upon my freedoms from the DHS. Often, the experiences leave me furious. And I, too, am a member of the NWU, so I believe in the importance of standing up for human rights and freedom of information.
At the same time, I'm an airline pilot subject to annual, recurrent security training. From what I see there, I realize that there are two sides to the story. I see clearly and specifically that to publish information about security is often to provide essential assistance those whose intent is to harm.
So, from these opposite perspectives, I know two things: 1) given power, some (government) people will abuse it, and 2) there absolutely are people out there whose intent is to harm, even to destroy innocent people. How we balance freedom and safety, I don't know, but I do know that every writer has responsibility not only to protect freedom but also to avoid doing harm. And what I know from my profession is that the line between the two is considerably more fine than is generally understood. For that reason, I don't agree that all DHS records be available to the public, but I do fervently believe that a close check be kept on the DHS's use of power.
Posted by: Withheld, 10 September 2010, 10:29 (10:29 AM)Go, Edward!
Posted by: Sean, 14 October 2010, 00:48 (12:48 AM)Thank you for fighting for our freedom. How can I help you?
Posted by: Eli, 14 October 2010, 09:17 ( 9:17 AM)Submitted to reddit
http://www.reddit.com/r/reddit.com/comments/dr8zp/travel_author_sues_us_department_of_homeland/
Congrats on your lawsuit! As much as I'd like to say that I can't believe that it's come to this, unfortunately I can. If this was purely a domestic issue then I'd say that while you're right, you simply don't stand a chance to prove that in court. However, it is abundantly clear that current practices clearly violate EU policy, and I don't see how those will possibly stand up in court. I wholeheartedly agree that the "we're just following orders" excuse from airlines and GDS's is doomed to failure, and sooner or later one of them is going to have to take a stand against the DHS in order to avoid having to defend themselves against the EU.
Good luck, and be sure to always give yourself at least an extra hour to get through security from now on.
Thanks very much on behalf of all of us who travel frequently and widely. As a US citizen with permanent residence in the EU it is frightening to see how willing my country seems to be to use its muscle to push around innocent people and countries. As Franklin said, "Those who are willing to sacrifice essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
Posted by: Sarah, 4 March 2011, 01:01 ( 1:01 AM)What's the latest on your lawsuit? I live close to the border, and every time I leave the USA,I get treated like a criminal. (They know who I am cause I been going across since 1965.) Have you and your attorney considered a class-action lawsuit?
Posted by: Sherm, 23 August 2013, 08:19 ( 8:19 AM)
