Today thirty-four members of the Oklahoma state legislature petitioned the Oklahoma Supreme Court to block the upload of information from all Oklahoma drivers licenses and ID cards to the SPEXS national REAL-ID database operated by the American Association of Motor Vehicle Administrators (AAMVA). The petitioners, led by Sen. Kendal Sacchieri (R-Blanchard), include sixteen members of the Oklahoma Senate and eighteen members of the Oklahoma House of Representatives. They are represented by Oklahoma City attorney Wyatt McGuire. Service Oklahoma, the agency that issues drivers licenses and state ID cards, plans an initial bulk upload of data about all Oklahomans to the SPEXS database over the Presidents’ Day weekend of February 14-16, 2026, unless the upload is blocked by the state Supreme Court or suspended or postponed by Service Oklahoma or Gov. Kevin Stitt. The state legislature convenes for its next session February 2nd, and multiple steps are required before a bill can be enacted. Unless the bulk upload to SPEXS is cancelled or postponed, it will take place just before the legislature can take any action to stop it. We don’t know whether the upload was scheduled deliberately to preempt the possibility of legislative oversight. But we’ve seen the same pattern in other states where governors and/or driver licensing agencies arranged to join the the SPEXS database and the misleading-named “State to State” (S2S) network — in which data is transmitted through AAMVA, not directly between states — just before the start of a session at which the legislature might have questioned or taken action to stop the upload. In Alaska, for example, the Department of Administration carried out its initial bulk upload of state residents’ data to SPEXS over the weekend of January 28, 2017, just days after the start of the legislative session and just before hearings were scheduled on legislation to block the upload. Like many other states, Oklahoma offers residents a choice of a REAL-ID Act “compliant” or “non-compliant” drivers license or state ID card. Many people choose a “noncompliant” license or ID specifically because they want their data kept in-state. Sen. Sacchieri introduced a resolution in the Oklahoma state legislature last year to reaffirm that information about Oklahoma residents who apply for a drivers license or ID that doesn’t comply with the REAL-ID Act may not be sent out of state or to the national REAL-ID database. But that bill didn’t get a vote in 2025, and any action by the state legislature in 2026 won’t take effect until after the planned February 14-16 upload. As the legislators point out in their brief to the state Supreme Court, Oklahoma law, 47 O.S. § 6-110.3a(A)(C), already prohibits sharing personal information about drivers license or ID card applicants except as required by the REAL-ID Act. As the legislators also point out, the Federal REAL-ID Act does not (and cannot) require states to take any action. Whether to “comply” is a choice for each state to make. Once personal information is uploaded to SPEXS, it is out of the state’s control. The Federal government could use a subpoena or other legal process to order AMMVA, as a private entity, to hand over SPEXS data and not to disclose the subpoena to the state. No state that participates in SPEXS can really know whether AAMVA has already chosen or been compelled to hand over data about its residents to Federal agencies, or for what purposes. The thirty-four Oklahoma state legislators joining the petition have asked the state Supreme Court to stay and temporarily enjoin the upload of Okahomans’ data to SPEXS pending consideration of their lawsuit. Their complaint is rooted in the separation of powers and the authority of the legislature: No Oklahoma law authorizes the upload, no funds have been appropriated for it, and it contravenes the intent of the legislature as expressed in current Oklahoma law. The fact pattern in Oklahoma is typical of what has happened in other states that have uploaded their residents’ personal information to SPEXS without advertising their plans or seeking explicit legislative authorization or funding for joining the national database. After we were the first to report on the SPEXS database, AAMVA removed the specifications for the database from their public website, and threatened to sue us to get us to take down the legal copy of the specifications we had posted. AAMVA is a private entity with no legal authority, but it acts like a lawless, rogue government agency. What AAMVA and its Federal and state allies fear most is informed public debate and legislative oversight. We look forward to a ruling by the Oklahoma Supreme Court that will allow the Oklahoma legislature time to exercise oversight over Service Oklahoma and encourage legislators in other states to exercise their rightful authority over state agencies’ relations with AAMVA.

The Airlines Reporting Corporation — the financial clearinghouse that processes payments between U.S. travel agencies and hundreds of airlines in the U.S. and worldwide — plans to sunset the program through which it has given Federal agencies and an unknown range of other customers access to searchable archives of billions of agency-issued tickets for past and future airline flights. According to a letter (first reported by Joseph Cox of 404 Media) sent by ARC in response to a request by members of Congress to end warrantless access by law enforcement agencies to ticketing data, ARC says its Travel Intelligence Program (TIP) “is sunsetting this year”. ARC’s “TIP” program was first uncovered by Katya Schwenk of Lever News in May 2025, and discussed in more detail here on PapersPlease.org and in a series of follow-up stories by Joseph Cox of 404 Media based on his FOIA requests to agencies that subscribe to TIP. Many of these stories have described ARC as a “data broker”, which is legally correct but somewhat misleading. ARC is a financial clearinghouse that provides its airline and travel agency customers with transaction and payment-processing services. It’s unclear whether the TIP program was devised by ARC as a profit center, or simply as a way to efficiently manage and defray the expense of responding to requests by law enforcement agencies for searches of ticketing records. TIP was always peripheral to ARC’s core business, as is demonstrated by the alacrity with which ARC was willing to end it as soon as it came under criticism from Congress. It’s unlikely that shutting down TIP will have any any material impact on ARC’s bottom line. ARC could have told police and Federal agencies to go away and not come back without a warrant. But while some _travel agencies_ might have preferred that course of action to protect their customers’ privacy, ARC is controlled by airlines, not agencies. And _airlines_ have never prioritized protecting passengers’ privacy or security against police or anyone else. Airlines have largely ignored privacy and data protection laws, even in jurisdictions like Canada and the European Union that have them (unlike the US). And data protection authorities (DPSs), even in jurisdictions that have such agencies (again, unlike the US), have largely let airlines get away with this. When the cops come knocking, the typical response of an airline is, “Please come in! How can we help?” Airlines’ willingness to allow ARC to sell ticketing data is not an anomaly but an indication of the pervasive airline industry culture of collaboration with law enforcement. We can find no record of any airline, anywhere in the world, ever, that has gone to court to challenge government demands or requests for passenger data. It’s unclear what motivated ARC’s decision to pull the plug on police access to ticketing data through TIP. A few members of Congress had complained about TIP, but the odds that Congress would finally enact privacy legislation applicable to airlines remain slight. A more likely explanation may be that publicity about TIP (and inquiries about TIP from local journalists) may have caused some of the airlines that use ARC to process payments for tickets issued by their U.S. agents to fear that DPSs in their home countries might be prompted by the ARC scandal to start asking more general questions about how airlines apply their purported privacy policies to the agents they appoint to execute contracts in their name in other countries such as the US with lax or nonexistent privacy laws. Agencies and contractors in the US, including computerized reservation systems, have always been among of the skeletons in the closet of airline privacy invasion, and could expose airlines to huge liability if foreign DPA’s ever looked behind the curtain at airlines’ agents and contractors — not just ARC — in the US. ARC has a nearly total but insecure monopoly, and can ill afford to give airlines a reason to start looking harder for alternatives. The existential threat to ARC for decades has been wider adoption of direct connections between airlines and travel agencies. Some of the largest airlines have already set up direct connections and settlement with some of the largest online and offline travel agencies. ARC might have decided that the incremental revenue from TIP, and the goodwill that being a willing police informer and collaborator generated with governments, weren’t worth possibly driving away some of its core financial-clearinghouse business. ARC probably assumes that ending the TIP program ends the problem — but it shouldn’t. The TIP program may not have violated any US law, which is why even angry members of Congress could only ask, not demand, that ARC stop selling out travelers to the police. It’s a different story abroad, though. Foreign airlines that participate in the ARC settlement clearinghouse — and not just those that share in ownership of ARC as a joint venture — have been systematically violating the privacy and data protection laws of their home countries for twenty years. They could, and should, be held to account for that history of misconduct. ARC still has data on all the ticketing transactions it processes. It could still be ordered to provide ticketing data to the police, as compuerized reservation systems have been, and could be ordered not to disclose this to the airline, travel agency, or passenger involved in the transaction. The TIP scandal should be the beginning, not the end, of _investigation, exposure, and enforcement action_ against airlines that have been disregarding passengers’ expectations of privacy, willingly and often secretly collaborating with law enforcement agencies, and failing to protect them against stalkers and other everyday threats to their privacy and security.

The US Department of Homeland Security (DHS) is threatening to step up enforcement of Federal laws that require each foreign citizen present in the US for more than 30 days — even as a tourist or other visa-free visitor — to register with the US government and “at all times carry with him and have in his personal possession” the registration certificate issued by the US government. These laws are not new, but they have rarely been enforced. Until the creation by the DHS in March 2025 of a new registration procedure, there was no practical way for many foreigners to comply. This was especially true for Canadian citizens who can stay in the US for six months at a time without a visa and without being registered by US authorities at land border crossings. These laws and others like them that place foreigners under special suspicion and surveillance should be repealed, not revived. They are a threat to the freedom of foreigners in the US and, to the extent that other countries reciprocate, a threat to the freedom of US citizens traveling abroad. We shouldn’t always have to carry government-issued papers to prove who we are, whether we are in the country of our citizenship or any other. Human rights, including rights to freedom of movement, should not depend on citizenship. The Alien Registration Act (currently codified at (8 USC §1301-1306) was enacted in 1940 as part of a bill more often referred to as the Smith Act. The bundling together of restrictions on dissident speech and association with requirements for registration and tracking of all foreigners reflects the xenophobic assumption that foreign ideas, associations, and individuals are presumptively suspicious and potentially subversive. Similarly xenophobic assumptions underlie the Foreign Agents Registration Act (FARA), which requires almost impossibly burdensome registration, reporting, and labeling of informational materials produced or funded by foreigners. Portions of the Smith Act were eventually found unconstitutional, but have largely been left on the Federal statute books along with the alien registration requirement. There have been fewer challenges to the Constitutionality of FARA, but it too remains on the books. Violations of the the registration and other provisions of the Smith Act or FARA carry potentially substantial criminal penalties for those singled out for prosecution. Laws like this that are widely and often unknowingly violated and rarely but selectively enforced are inherently vulnerable to weaponization against the demons _du jour_. How many foreign tourists on Waikiki or Miami Beach are carrying their alien registration certificates in waterproof pouches over their bikinis or board shorts, or know that failure to do so is a crime? How many US citizens would want to be subject to reciprocal requirements when they travel outside the US? Standard advice to tourists and other travelers anywhere is to carry only copies of your passport and any separate entry card or visa, not the hard-to-replace and valuable-to-thieves original documents. Leave the originals in a secure place in your hotel or lodging whenever possible. Typical of this advice is the State Department wallet card of Smart Travel Tips send out with every new US passport: _[“Safeguard your passport. While overseas, carry *copies* of your passport ID page and foreign visa with you at all times.”]_ Why should foreigners in the US be required to do differently than US citizens are advised by the US government to do when they are traveling abroad, and put themselves at unnecessary extra risk of loss, damage, or theft of vital immigration documents? The Alien Registration Act has quirks that cast doubt on its purpose or fitness for purpose. The law requires all foreigners to carry evidence of registration on their person at all times, but doesn’t require them to _show_ these papers to police. Police or immigration enforcement officers need some independent basis to search a suspected foreigner for their immigration papers. There’s no statutory requirement for foreigners to have, carry, or show passports, only registration papers. Foreigners, especially asylum seekers including those who are stateless, can lawfully be admitted to the US without passports. Thousands of comments were submitted to the DHS in response to the new alien registration regulations promulgated this year. Almost all of the commenters objected to the registration requirement, not just the new registration procedures. The revival of the Alien Registration Act as a tool for tracking, intimidation, silencing, expulsion, or imprisonment of disfavored foreigners should be a sign that it’s time to repeal this law and all of the vestiges of the Smith Act as well as FARA.

After a white-supremacist hacker got access to digital records of old applications for admission to Columbia College and passed them on to the _New York Times_ , the _Times_ reported that in 2009 Zohran Mamdani checked boxes identifying his national origin and ancestry as African-American (he is a US citizen — an American — and was born in Uganda — the country in Africa where his paternal ancestors had lived for generations) and Asian (his mother was born in India, where her ancestors had lived for generations). Questions have since been raised by Liam Scott in the _Columbia Journalism Review_ and others as to the use in a news story of data obtained illegally by an unnamed third party with an unmentioned political bias, and by Dan Froomkin at Presswatchers.org and others as to whether these truthful factual 2009 statements by Mr. Mamdani are newsworthy. The _Times_ has responded to some of these questions in a follow-up article. **But we have other questions that we haven’t seen asked elsewhere. These are questions not for Mr. Mamdani or the _Times_ but for Columbia University:** 1. **Why does Columbia still have this information about an unsucessful 2009 applicant for admission in its records?** 2. **Even if there was some reason to retain these records, why were they accessible online, with or without whatever passwords or access restrictions were circumvented by a hacker to obtain them?** 3. **Now that this incident has made the potential for misuse of records like this apparent, what are Columbia and other intitutions and entities with similarly dangerous data doing to expunge it?** At a time when naturalized US citizens, including but not limited to Mr. Mamdani, are being threatened with denaturalization followed by detention and/or expulsion to overseas death camps, and when pogroms are being carried out by masked armed gangs snatching people off the streets on the basis of perceptions of national origin, these are questions for anyone in charge of a database with a field for citizenship, race, or national origin. Mr. Mamdani had good reason to apply to Columbia, even if his application may have been a long shot, since as the child of a tenured Columbia professor he would have been entitled to free tuition if admitted. But whatever purpose Columbia may have had in 2009 for asking applicants for admission to its colleges to cateogrize their national origin by continent, that purpose was completed when Mr. Mandani’s application was rejected. The lesson of this teachable moment is that personally identified information, even information about attributes and activities that were lawful at the time and that were collected for innocent purposes, has the inherent potential for weaponization against innocent individuals — sometimes by unforseen actors in unforseen ways — as long as it is retained. Columbia may claim that it retained this data in case it might have needed it to defend agaisnt potential litigation by unsuccessful applicants. But the statute of limitations for any such litigation related to 2009 admission decisions would have passed years ago. Columbia may claim that, having collected this data, it retained it for research purposes. But there’s been no indication that it made any attempt to even semi-anonymize this data. And would possible future research use justify retention of information that could endanger past applicants for admission? Under Canadian or European data privacy law, retaining this data when it was no longer needed for the purposes for which it was collected would be illegal. This data was collected for the purpose of making admissions decisions in 2009. If there was some adequate justification for retaining this data for possible future use when it was unquestionably no longer useful for that original purpose — which we doubt there was — it could have been stored on an air-gapped device or media, such as a backup tape or disk locked in an archival vault. But even that would pose the danger of government-compelled disclosure. Imagine that you were the director of a business or institution in Germany in 1933. Imgaine that — at a time when it when German Jews still had all the rights of German citizens — you had compiled information about your employees’, students’, customers’, or suppliers’ “nationality” or “race” as indicated on their ID cards, including which Germans were identified as Jewish. When the government began to redefine German Jews as not German citizens, deny them rights, and exclude them from more and more categories of employment, wouldn’t it have been your moral duty to expunge those records identifying Jews? Then you could truthfully say, if the government demanded to know which of your employees were (under Nazi laws) illegally employed non-citizens, that you had no records of who was a Jew. The best way to avoid misuse of personal data is not to collect it. If it has been collected, and especially if it is no longer needed for the purpose for which it was collected, the best way to mitigate the risk to the individuals to whom it pertains is to expunge it. Columbia has no excuse. Nor do other institutions in the same position. No law required Columbia to collect this information about Mr. Mamdani and an untold number of others. No law requires Columbia to retain it. Now Columbia knows, as it should have known all along, how this information can be weaponized. Columbia and its peers in both the public and private sector should expunge these records — now, before even more damage is doen to Mr. Mamdanai and millions of other naturalized US citizens and other immigrants.