Originally posted at the ACLU of Northern California's blog, Bytes and Pieces
The Transportation Security Administration (TSA) set off a minor firestorm in the blogosphere over its new ID policy,which went into effect this past Saturday. At least one passenger has reported that he was asked which political party he is registered to vote for, as part of TSA's new authentication process.
TSA's new rules relate to passengers who attempt to fly without ID -- itself a relatively rare occurrence. According to TSA, of the 2 million people who fly every day, approximately 300 do not show ID.
Many of these have lost or forgotten their identity documents, but in some cases, these passengers have ID, and refuse to do so, citing their belief that US citizens have the right to travel without showing papers to government agents. The most famous of these activists is John Gilmore, who took his case to the 9th Circuit Court of Appeals back in 2006. While Gilmore lost his case, the court did at least confirm TSA's policies (which had been a secret up until then), which were that passengers could fly without ID if they were willing to undergo a more stringent level of security screening.
Fast forward two years, and TSA has now changed the rules -- In a way that seems to clearly target Gilmore and other activists. Passengers who refuse to show ID citing their rights not to do so will be denied boarding. Passengers who claim to have lost or forgotten their ID, will be permitted to fly, after going through an even more extensive security check than before.
Security experts have blasted TSA's decision as "security theatre" -- that is, a decision done for show, which does nothing to improve security. On the legal front, GW Law Professor Dan Solove has also chimed in, stating that he thinks that the new rules "may runafoul of the First Amendment."
While the new policy just went into effect on Saturday, details of the new security process are already leaking out. One traveler sent a detailed report to the Consumerist blog. Highlights include:
"So you know how the new TSA regulations went into effect yesterday, where you can only fly without ID if you "cooperate" with the TSA? Well, it turns out you also have to take a test about your personal life. They call up a service to administer it, and the last question they asked was which political party am I registered under (I correctly answered "democrat" and they still let me on board)."
"Finally satisfied that I didn't have ID, Laurie took my boarding pass and went away. She came back a few minutes later having photocopied it, and also had an affidavit that she requested I sign. It asked for my name and address, and stated in small print at the bottom that I did not have to fill it out, but if I didn't I couldn't fly. It also said that if I choose to fill it out and then provided false info, I would be in violation of federal law."
After filling out the affidavit, Laurie called a service to verify my address. The service needed me to then correctly answer three questions about myself, which Laurie relayed to me. The first was my date of birth, the second was a previous address (which I only got right on my second try), and the third was "You are registered to vote. Which political party have you registered with?" I got all three right, and only then did Laurie clear me to go through security."
TSA quickly responded to the allegations on its own official blog. TSA head honcho Kip Hawley issued the following statement:
"It's unequivocally not our policy to use political, religious, or other sensitive personal topics as identity validation. If it happened, it was wrong and will not be repeated."
Unlike in other past controversies, this is not one where TSA can merely blame a poorly trained screener or a badly written policy. In this case, the screener relayed the questions to the passenger that were asked by whomever was on the other end of the phone. This may be a private contractor, or it may be TSA's national counter-terrorism ops center. In either case, the problem here is more systemic, and frankly, speaks volumes about the fact that this change in policy was rushed out, with no public comment period.
We applaud TSA for taking rapid action to ensure that no more passengers are asked for their political affiliation. However, we believe that this minor controversy is merely the tip of the iceberg -- and that problems with this new policy may go far deeper. If the TSA is relying on private databases, the same types of databases which are riddled with errors and cause invalid and false information to end up on credit reports, how can this information possibly be used as a reliable securityindicator? Furthermore, if the information is publicly available, a terrorist could also look up correct answers to the expected questions before arriving at the airport.
TSA needs to thoroughly re-examine this new ID policy. It needs a full privacy impact assessment (as it has done for other projects) and an opportunity for public comment so that the agency can develop a plan that ensures that due process, privacy, and free speechrights are being properly respected at all levels of the system.