Thanks for your support!

My heartfelt thanks to everyone who has send their encouragement -- in comments here in my blog, in the Identity Project blog, by e-mail, on Twitter, and by phone -- for the lawsuit on my behalf by the First Amendment Project against the U.S. Department of Homeland Security.

I've written before about how my experiences in Eastern Europe have shaped my sense of the importance of my work against travel surveillance and control. But one comment this week from Poland made the point far better than I ever could:

Thank You, and good luck!

I have come across information on your suit against the US Gov’t and DHS, and the fantastic summary you did. I just felt I should thank You for your effort and bravery.

I just wanted to let You know there are people and organisations all over the world (Poland here, by the way) that see the diffusion of privacy and personal rights and freedoms in America as a very dangerous precedent that might “inspire” other countries (and indeed, often it already does) to follow suit (pun not intended).

I come from a nation that had to fight for independence and freedom many times throughout its history. For 21 years we are finally Free - after almost 200 years of enslavement. I have the distinct privilege to not remember the Polish People’s Republic and the times long gone by (I’m 25), but we all here either remember, or simply know (from history lessons, from relatives, from literature) what Orwellian surveillance was like. We all remember or know about the atmosphere, the Kafka-esque processes of law, the fright… And we remember or know what sacrifices had to be made to be finally Free.

Maybe that’s why ideas like secret lists, internet filtering and similar ideas meet with a decisive public resistance. For now. But if the USA, the country people 15-20 years older than me saw as a symbol of freedom and one of the only allies we had against the USSR, slides down this slippery slope any more, resistance can only become harder.

The more can we admire what You are doing.

Hence, for Your sake, and for the sake of all the people that watch and see what’s going on, I wish you strength and good luck in your fight. In times like these there’s always the need for a single fighter to fight for the principles.

It was like that in the fifties in USA with the McCarthy-ism at its height, when Ed Murrow took a stand.

It was like this in the Big Tobacco suits in early nineties when Brown & Williamson almost destroyed Jeff Wigand’s life when he took a stand.

And many, many times more. There’s a reason the famous Solidarity poster for the June ‘89 elections in Poland was basically a frame from the “High Noon”.

So once more - all the best, and good luck.

I’ll be watching, and with me two Polish NGOs.

Best regards,

Michal "rysiek" Wozniak

Why I'm suing the Department of Homeland Security

Today the First Amendment Project is filing a lawsuit on my behalf against U.S. Customs and Border Protection (one of the divisions of the Department of Homeland Security) for violating the Privacy Act and the Freedom Of Information Act (FOIA) by refusing to disclose their records of my travels, what they did with my requests for my records, and how they index, search for, and retrieve these travel surveillance records.

According to the complaint in Hasbrouck v. CBP filed today with the U.S District Court in San Francisco:

This complaint concerns the failure to disclose records regarding the warrantless, suspicionless dragnet collection and maintenance of Federal government records of the travel, activities, and other personal information concerning U.S. citizens not accused of any crime....

In November, 2006, Defendant CBP, an agency within the Department of Homeland Security, revealed that it was already operating a system of records -- for which, despite the requirements of the Privacy Act, no prior System of Records Notice (“SORN”) had been promulgated -- which it labeled the “Automated Targeting System” (“ATS”). According to the SORN, ATS contained records related to international travel by U.S. citizens and others, including complete airline reservations or “Passenger Name Records”:/articles/PNR.html (PNRs), used among other purposes for making “risk assessments” of travelers. In 2007, in his capacity as a member of the news media and a consultant to the Identity Project (“IDP) on travel-related technical, civil liberties, and human rights issues, Plaintiff Edward Hasbrouck requested copies of his own records pursuant to his right of access under the Privacy Act.

When he received a response which appeared manifestly incomplete and which invoked FOIA exemptions clearly inapplicable to records required to be released pursuant to the Privacy Act, Hasbrouck appealed. Almost three years later, he has received no acknowledgment or response to that appeal.

In October 2009, Hasbrouck tried again, filing a new, broader Privacy Act request to CBP for his own travel-related records from ATS and other CBP systems of records and an accounting of when and to whom they had been disclosed by CBP, a FOIA and Privacy Act request for records concerning what had happened to his 2007 request and appeal, and a FOIA request for general information concerning the indexing, search, and retrieval capabilities of the ATS records system. When Hasbrouck received no response, he appealed the constructive denial of each of these requests. Nine months after making these requests and seven months after making these appeals, he has received no information in response.

I've never sued anyone before in my life, or been sued, by anyone. It's not something I want to do, or that I'd do lightly.

So why am I suing the Department of Homeland Security?

I'm suing the government because they gave me no choice. After years of stonewalling, it became clear that the DHS would tell me, and tell the public, nothing about its secret dossiers about us unless forced to do so by court order.

I'm suing the government because of the significance of commercial airline reservations and the DHS "Automated Targeting System" as one of the largest post-9/11 U.S. government surveillance programs, and one of the largest collections of Federal government dossiers about the lives of innocent civilians after the IRS (tax) and Social Security (retirement) databases.

I'm suing the government because of the intimate personal details and the sensitivity of the information contained in airline reservations and the government's records, which I'm familiar with from 15 years of travel industry experience with airline reservations and from the censored excerpts from its travel dossiers that the DHS has released to some other people who've brought them to me for help in understanding their coding and significance: not just credit card numbers and IP addresses but also friends' telephone numbers, whether two people asked for one bed or two in their hotel room, and what book someone was carrying when they entered the country.

I'm suing the government now, while I still can, because they have already tried to change the rules to exempt much of the information in PNR's from disclosure, and to exempt themselves from any obligation to provide an accounting of what other government agencies, foreign governments, commercial entities, or other third parties they have "shared" this data with. (My requests were all made before these changes to the DHS Privacy Act regulations, so I'm entitled to this information regardless of whether the new rules are upheld.)

I'm suing the government because it's important for other people to know that the DHS has been lying when they claimed (page 29 of the PDF) to the European Union that "all requests for access [to travel records kept by DHS] have been successful and passengers were always given access to their data" despite ignoring my request and appeal, and when they claimed (page 4 of the PDF) that "the [DHS] Privacy Office received no reports of misuse of PNR ... since 2005", despite specific formal complaints filed with that office since 2006 by the Identity Project.

I'm suing the government to find out who was responsible for sending my original requests and appeals into a black hole, and whether they were among those requests that were illegally delayed or blocked by high-level political commissars in DHS or the White House.

I'm suing the government because no one else has done so, because foreigners have no right to do so under the U.S. Privacy Act, and because someone had to do it -- despite my fear, and my lawyers' fear, that the government may retaliate against us by putting us on (another?) of their secret lists and/or further interfering with our freedom of movement.

More information and the complaint filed today in Hasbrouck v. CBP are available from the Identity Project (PapersPlease.org).

[Update, via Tnooz: "A CBP spokeswoman declined to comment on the particulars of Hasbrouck’s suit, citing his privacy concerns. The CBP spokeswoman added that passengers 'voluntarily' give airlines permission to collect their travel data and personal information, and the CBP culls that information and performs a risk assessment for possible enforcement action. In an interview, Hasbrouck said it’s false that passengers freely give airlines the right to collect personal information because ... if travelers withhold that information from airlines or travel agencies they may not be able to board a plane or leave the country.... He also warns that U.S.-based GDSs and travel agencies should be aware that if they go along with such data requests that they could be risking legal action by European individuals or governments and could face substantial liabilities. 'This should be a wake-up call to travel intermediaries in the U.S. that they can’t escape liability for [releasing] personal information when they are part of the conveyor belt,' Hasbrouck says."]

[Heise.de: US-Bürgerrechtler klagt auf Herausgabe von Flugpassagierdaten]

[FutureZone @ ORF.at: Passenger Name Records / Flugdaten: "US-Heimatschutz belügt EU" Portions of the the PNR showing root access to the Galileo CRS by DHS/CBP, mentioned in the ORF article, were reproduced on page 5 of the Identity Project’s initial report on our research into ATS records. This was a real PNR for a real person obtained from DHS/CBP. The traveller went from the USA (SFO) to Berlin (TXL) on United Airlines. She stayed six days in Berlin. Then she went from Berlin to Prague to London on Czech Airways (IATA code “OK”). Then she stayed for another 6 days in London. Then she returned from London to SFO on United. The flights on Czech Air were entirely within the EU. They did not connect to or from flights to or from the US, or on a US airline. The PNR shows that travel agent issued a separate ticket, and a separate fare, for the Czech Air flights -- they weren’t on same ticket with the United flights. But the travel agent followed standard travel agency procedures and made all the reservations for the entire journey in the same CRS, in this case Galileo (the CRS used by United). When DHS pulled the PNR, they didn’t just pull the portion on United, but pulled the entire travel agency PNR, including the flights on Czech Air. This confirms that DHS had root access to Galileo, not just access through United, since United would not have been able to see the details of the Czech Air flights and ticket.]

[SF Weekly, Department of Homeland Security Sued Over Secret Traveller Files: "J. Edgar Hoover might have been proud."]

US-DOT revising airline consumer protection rules

Your chance to be heard: The U.S. Department of Transportation is currently inviting public comments on a variety of proposed changes to the DOT's consumer protection rules.

I've been severely critical of the DOT's lax enforcement of its existing consumer protection rules, and its failure to address the key regulatory issues for airline ticket purchasers.

The current DOT rulemaking continues to ignore what I consider the most important issues that the DOT ought to be addressing, as the sole regulatory or enforcement agency with authority to protect travellers in the USA against fraudulent and deceptive airline advertising and other practices. But it is nonetheless a significant set of half-steps forward, albeit on issues I consider of largely secondary importance for the DOT's "Aviation Consumer Protection and Enforcement Division". Until the Obama Administration, this office within DOT was still controlled by holdovers from the Reagan Revolution: devout believers in deregulation and "free markets" who have actively obstructed any meaningful oversight of airlines' deceptive practices. Any genuine aviation consumer protection initiative form DOT is vast progress, brought about only by public pressure such as that being applied by the Consumer Travel Alliance (with which I work as a policy analyst).

Under pressure from the airlines, DOT last week extended the public comment period on the proposed rules, which was originally scheduled to end today, until 23 September 2010. You can make comments either directly to the DOT at Regulations.gov under docket DOT-OST-2010-0140 (the best way to ensure your comments are considered by the DOT), or you can submit comments informally and indirectly at RegulationRoom.org, a project of the Cornell University Law School which is collecting public suggestions nand votes and will combined them into joint comments submitted to DOT by the Cornell project.

Tell the DOT this is a good first step, but not nearly enough. If you want ideas, I've identified some key omissions from the proposed rules in my comments submitted today to DOT, and some other priority issues for DOT action in previous articles.

Mexicana Airlines is bankrupt

One of Mexico's largest airlines, Mexicana ("Compañía Mexicana de Aviación") filed for bankruptcy protection from its creditors (including ticket holders) in both Mexico and the USA on 3 August 2010.

For now, Mexicana is still operating some flights, despite having had some of its planes repossessed, shortly before the bankruptcy filings, for non-payment of leasing fees.

Unlike most airlines that are operating in bankruptcy, Mexicana is not selling any new tickets, at least for now. That might seem an odd way to return to profitability, but apparently it's intended to put pressure on Mexicana workers, serving as a (costly) threat to liquidate the company and eliminate their jobs entirely if they don't agree to even greater cuts in wages and benefits.

My updated FAQ About Airline Bankruptcies is focused on airlines and ticket sales in the USA. Laws, including, bankruptcy and consumer protection laws, vary from country to country, and I'm not a lawyer. But even if Mexicana resumes selling tickets, I recommend strongly against buying tickets on any bankrupt airline.

Bankruptcy is your final warning that an airline could be shut down and liquidated at any time, by order of the bankruptcy courts. if that happens, you are likely to lose everything you paid for your tickets. You might be able to get some of the taxes back, but even that is uncertain, at least in the USA, according to information one of my readers recently received (see the comments) from the U.S. Department of Transportation.

Washington Post: "Secure Flight may be making your privacy less secure"

I'm quoted today as spokesperson for the Identity Project (PapersPlease.org) in the Washington Post in a story by Christopher Elliott about how airlines are able to use personal information -- collected under government duress for the TSA's Secure Flight passenger surveillance and control scheme -- for the airlines' own marketing and other purposes:

[A]irlines see an opportunity to "maximize the marketing and other commercial value of this government-coerced informational windfall,"asserted Edward Hasbrouck, a consultant to the Identity Project, a privacy advocacy organization for travelers. And drawing a fine line between data collected for Secure Flight and information gathered for other purposes, such as frequent-flier program account information, may allow them to do that.

"It renders meaningless any restrictions on which of this data is retained, or for how long, by the government itself," Hasbrouck added.

"Could it be that the information we give airlines doesn't belong to anyone or, worse, isn't regulated by anyone?" Elliott asks.

A good question -- and "privacy" may be the least of the problems with Secure Flight, as discussed in my testimony on behalf of the Identity Project (quoted from, in part, in the Post story) at the TSA's only public hearing on Secure Flight, the more detailed written comments submitted to the TSA by the Identity Project, and IDP's FAQ about Secure Flight.

Are air travel taxes refundable even if the airfare isn't?

I've gotten several questions from readers recently (one from a traveller and another from a travel agent) about this section of my FAQ About Changes to Flights and Tickets:

If you don't actually fly, regardless of the reason and regardless of whether the fare is refundable, you are always entitled to a full refund of all the taxes included in the price of your airline ticket. Taxes are due and payable only if you actually fly. Airlines act as tax collectors, but they are supposed to hold the taxes in escrow until you actually travel, when the pay the government(s). In practice, unless you demand a refund of the taxes, most airlines routinely steal the taxes they have collected on unused tickets at nonrefundable fares. And more and more airlines fail to provide a breakdown of the taxes and surcharges included in ticket prices, so it can be hard to tell how much of what you have paid is tax (payable to one or another government only if and when you travel) and how much is "fuel" or other "surcharges" that actually are part of the fare, and are always kept by the airline. The only way to find out, and to keep the airlines from stealing your rightful tax refund, is to submit your tickets for a refund of the taxes whenever you aren't able to use them -- even if the fare is nonrefundable. If the airline won't accept your refund claim, report them to the relevant government agencies as tax cheats and thieves.

Who are "the relevant government agencies", readers ask, and how can they make a complaint if an airline refuses to refund the taxes that they collected with the sale of a nonrefundable but unused ticket?

It varies depending on where you bought the tickets and/or what country's laws apply to the sale, but in the USA the primary agency with jurisdiction over the sale of airline tickets is the US Department of Transportation.

As I discuss in the "Practical Nomad" books, the Department of Transportation has two levels of complaint:

• Informal complaints can be made to the DOTAviation Consumer Protection Division (ACPD), but the DOT isn't required to do anything more than count them, and rarely does anything more than to refer them to the airline.
  
  
• Formal complaints requesting enforcement can be made to the Aviation Enforcement & Proceedings section of the Office of the General Counsel of the DOT.

The DOT tends to steer complaints into the "informal" channel, since that makes them easier to ignore. In either case, but particularly if you want your complaint to be acted on, you may want to state specifically that "This is a formal complaint and formal request for regulatory enforcement action by the Department of Transportation against [airline] for the following unfair and deceptive practices, in violation of 49 U.S.C. 41712:..."

If you want to up the pressure on DOT to act, you could add something like, "I request that this complaint be entered as a formal complaint in the DOT rulemaking and regulatory docket, and that, in addition to enforcement action and sanctions for this specific incident, the DOT issue regulatory guidance clarifying that failure to refund transportation taxes, when the transportation for which they would have applied is not used, constitutes an unfair and deceptive practice."

If you want models, here's a sample of a formal complaint to the DOT against an airline and links to follow-ups by the airline, the DOT, and the complainant.

Before you make a formal complaint to the DOT, I would recommend that you try to get the airline to put its refusal to refund the taxes in writing. Write to the airline formally advising them that you have not used and will not use the ticket(s) in question, and demanding a refund of the taxes.

If pressed, airlines might try to argue that the taxes are on the "sale" of transportation, rather than its "use". But that's bogus: The sale of an unused ticket isn't a sale of "transportation". Whatever "services" an airline may have sold you in the form of an unused nonrefundable ticket, they didn't include "transportation" if you never got on a plane.

[Update: See the comments below for a letter one of my readers received from the DOT adopting this position, at least for some of the taxes on tickets for domestic air travel within the USA. I have updated my FAQ's accordingly.]

In theory, you could also make a "whistleblower" complaint to the IRS of tax fraud by the airline, which I suspect would be unlikely to succeed but which could, at least in theory, lead to your being awarded any unpaid tax collected as a result of your tip.

Whatever you do, let me know in the comments or by e-mail how it goes.

I'm less familiar with the laws in other jurisdictions, but at least in Canada the law and the way to get it enforced are clear. In 2004, the Canadian Transport Agency upheld a complaint (see under "Reimbursement for Taxes and Surcharges") against the airline "Jetsgo" for refusing to refund taxes and fees on an unused ticket: "While the traveller acknowledged that the amount he paid for the base fare was non-refundable, he submitted that Jetsgo had wrongfully withheld numerous taxes, fees and security charges that should not have been applied since he had not travelled.... The Agency concluded that, by refusing to refund the non-fare portion of the ticket, Jetsgo had not applied the terms or conditions of carriage in its domestic tariff, which was contrary to the Air Transportation Regulations and directed Jetsgo to reimburse the traveller."

Travel Bloggers Show in Orlando, 11-14 September

I'll be in Orlando, Florida, 11-14 September 2010 as one of the featured speakers at the inaugural Travel Bloggers Show being organized in conjunction with the large annual travel trade show sponsored by the American Society of Travel Agents (ASTA).

I'll be giving a pair of presentations on relations between travel bloggers and travel publicists and marketers: one session for travel bloggers on Working with travel marketers and p.r. agencies, and a reciprocal session for travel agencies, suppliers, and p.r. agencies on How to work with travel bloggers.

It's an exciting opportunity to talk with the larger national travel industry and travel blogger communities about some of the issues I discussed as part last month's Bay Area Travel Writers (BATW) panel on the Ethics and Etiquette of Travel Writing.

Relationships between travel bloggers, marketers, and publicists have been sometimes contentious and often complicated by mutual misunderstandings, as I know from having worked on both sides. According to Chris Russo, president and chair of ASTA:

What was once limited to a divide between editorial and advertising has not only grown but shifted in nature, with both sides often assuming the worst about the other. Both bloggers and PR/marketing professionals have a vested interest in learning to work together. I think these seminars will really make a positive difference in understanding what each group has to offer, what each group needs and how to best fulfill those needs. If you’re a travel blogger or work in travel marketing or PR, you owe it to yourself to attend.

There's lots more on the program at both events. More details to come -- but sign up soon!

I look forward to seeing old friends like Chris Elliott as well as many new faces at the Travel Bloggers Show. Because of underwriting by the sponsors of the travel trade show -- one of the largest in the country -- the cost is nominal beyond that of getting to Orlando. I've been in Orlando twice in the last year, and it remains one of the most affordable major metropolitan areas for hotels in the USA, second only to Las Vegas. And there will be opportunities for attending travel bloggers to assuage your journalistic and/or anthropological curiosity about the Orlando area's theme parks and other attractions.

(For business and family reasons, I expect to be on the East Coast -- including Boston, New York, and Washington as well as Orlando -- for most of the fall. Let me know if you are interested in hosting a travel workshop, book talk, or other event while I'm there.)

Google buys ITA Software (Part 3: What's it mean for travellers?)

Monday in Part 1 I discussed the origins of ITA Software, the air travel pricing and reservation software company bought this month by Google for US$700 million. Yesterday in Part 2 I tried to explain what ITA Software actually does (and doesn't) do. Today in Part 3, below, I'll get to the meat of the matter and the question readers have been asking: How is this deal likely to affect travellers?

As I've been saying, "Google's purchase of ITA Software is likely to be a bad thing for travellers." For the why's and how's, read on:

Google buys ITA Software (Part 2: What does ITA Software do?)

Yesterday in Part 1 I told some of the history of ITA Software, the air travel pricing and reservation software company bought this month by Google for US$700 million.

Today I'll discuss ITA Software's strengths, weaknesses, and strategic approach to the airfare puzzle (Part 2, below). Tomorrow I'll finish up by describing how ITA Software's acquisition by Google might affect travellers (Part 3).

You may wonder why I go into such detail about what ITA Software does, or why Google is buying them for US$700 million. But as I said yesterday, "Google's purchase of ITA Software is likely to be a bad thing for travellers", and the technical background below is necessary to understand why:

Google buys ITA Software (Part 1: The back story)

At the start of this month Google announced its purchase of ITA Software -- if the antitrust division of the USA Department of Justice, and/or the Department of Transportation, decide the deal won't restrain trade by giving Google any sort of monopoly -- for US$700 million in cash.

Even for Google, this is a major purchase, and there's been lots of attempted analysis of how it will affect the financial fortunes and who the winners and losers will be among competitors of Google and/or ITA Software -- a task complicated by most investors' and even financial analysts' ignorance and misunderstandings of the travel technology infrastructure, which has led to considerable debate and confusion as to what business ITA Software is in, and with whom they compete.

The best of the industry analysis has been in online trade journals TheBeat.Travel (paid subscribers only) and Tnooz (public; check more recent articles for continuing coverage). As Tnooz was perhaps the first to point out, Google itself made clear when it announced the deal that it saw ITA Software as part of a layer of technology intermediaries consisting mainly of the Computerized Reservation Systems or Global Distribution Systems (CRS's/GDS's): Sabre, Amadeus, and Travelport's Galileo and Worldspan divisions. But because CRS/GDS companies are generally invisible in their intermediary role (and currently all [except one] owned by groups of private equity investors, so they need not report publicly on their finances or operations), few analysts outside the travel tech industry know how to interpret the implications of Google's decision to invest $700 million in this sector.

[Correction: An anonymous commenter on Slashdot points out that stock Amadeus, one of the four major CRS's, began trading publicly on Spanish stock exchanges on 29 April 2010. In my linked article about CRS's, I had mentioned that such a public offering was pending, but hadn't noted the IPO. The largest fraction of Amadeus stock continues to be held by private equity firms, however.]

Frankly, I'm not at all sure Google itself understands what ITA Software does (and doesn't) do, and what they are getting for their money. But that's getting ahead of myself, and largely irrelevant unless you are considering investing in Google or the travel industry.

The missing element in the discussion to date, and the question I've been getting from readers, is, "What will this deal mean for travellers?"

The short answer is that it is likely to be a bad thing for travellers, not because it will give any company a monopoly over anything it doesn't already dominate but because it is likely to exacerbate the trend toward personalized and less transparent pricing of airline tickets (and other travel services) and the de facto disappearance of key consumer protection principles embodied in the definition of a common carrier and the requirement for a published tariff applicable equally to all would-be customers complying with the same rules.

The long answer starts with the largely unreported back story of ITA Software's origins, as a predicate to understanding how its acquisition by Google might affect travellers. I'll tell that story in the extended article below, and explore what ITA Software actually does and the implications for travellers in Parts 2 and 3 tomorrow and Wednesday.