U.S. Government Wants June Passenger Records

danwiz was one of several readers to point out the Associated Press story (carried here by the Boston Globe) which says that that the Transportation Security Administration plans to issue an emergency order requiring that U.S. airlines turn over passenger data for all June 2004 flights to the government within 40 days. "Such data may include credit card numbers, address, telephone number and meal request. Perhaps unrelated to terrorism, the data will be also tested to see if fraud or identity theft can be detected."

Re:Conspiracy

[sam.union]

why was this modded funny? IT IS TRUE! we sleep, they live...

Interesting

[0x0d0a]

Because once you have lost data privacy, you're never, ever going to get it back.

One more database falls to the federal government.

I can't wait until the first person prosecuted or watch-listed because of something he said over an instant-messaging program ("God, Bush is an idiot -- I wish someone would shoot him".) Still no GPG encryption on IM clients (well, other than gabber).

Used to be that you could have an anonymous website, but that's about to go away.

You can't drive without a license (where you get thumbprinted).

You can't fly without all sorts of data about you being logged.

The US government is pushing hard for biometrics in all areas. Biometrics are *terrible* as a traditional authentication system mechanism, since once someone's stolen the secret data (say, hacked one iris reader), you can never invalidate it. However, they're wonderful for monitoring purposes, since people have their "papers" with them wherever they go. They can also be used to tie together databases nicely.

Authoritarianism allowed by the application of computers will be one of the greatest new world problems that we'll have to face. Never before have societies had the ability to crack down, monitor, and ensure precisely compliant behavior on such a large chunk of their population. Can humans function well in such an environment? Is such an environment a good idea?

Re:Interesting

[jaybird144]

You can't drive without a license (where you get thumbprinted).

I'm up to two states now where I've never been thumbprinted to get a license. (Minnesota and Illinois, and Illinois was only a month ago.) The most identifying data I had to give was my SSN.

Re:Comment period

[andreMA]

...Although this claims a public comment period... "Although not required by law" (i.e., we're going to do it anyhow; the comment period is just window dressing)

IM client encryption interoperation

[0x0d0a]

And it's halfway there, but by not using GPG, it means that it can't piggyback off of all the other work that I do to maintain a trust database (I'm not going to maintain a different list of identities of people that I know of for every single program I use -- that's just unreasonable.) Also, it isn't a standard -- nothing interoperates with it. Sure, licq has a method of encrypting messages (actually, might just be SSL instead of full end-to-end encryption -- I'd have to look), gaim has two, jabber clients have at least one). None of them interoperate, so nobody uses them.

If a client did something as simple as taking a random number at the start of each session and sending it to the remote client, and then every message from the remote client had, as a header, a nonce consisting of tuple of a local random number (an increasing sequence number) and the sent-at-session-initiation random number, and then each message was GPG encrypted and signed, you have a standard mechanism that can be used by any client just by feeding the data into GPG -- a *standard* mechanism that every client can support. (The random numbers are necessary to avoid replay attacks -- else I could log someone saying "Sure, I give you authorization to do that" and then use that statement in another conversation. That's not a big deal from an encryption standpoint, but from a signing standpoint, especially as IM is being used in business now, it's serious.)

The point which everyone's missing

[nusratt]

"We are at war. There are people who would like to do us serious harm, and we must keep ourselves alert and not kid ourselves into thinking that religious faith or other statistical data is but a mere coincidence."

I've stopped using all public transport which requires ID, if it also means the potential for data retention or a database search (versus mere inspection of your ID).

All these comments about security versus privacy miss an important point:
strictly speaking, security does NOT require that ANY privacy be sacrificed.
There are alternatives.

Even tin-foil-hat (Ultimate Paranoid) I would be willing to submit to personal searches before boarding -- as exhaustive as needed to ensure that I present no risk -- IF it meant that I didn't have to PERMANENTLY risk any privacy/anonymity by making any info about myself available for recording, etc.

I'd gladly trade momentary personal "dignity", and additional costs and delays, to retain my long-term privacy.

All these "terrorism"-related measures aren't just about security. They're also about the inexorable tendency of large regulatory institutions to become impersonal and concomitantly unconcerned about individual rights, an observation which is part of the bedrock rationale for "anarchists".

Particularly in the case of law-enforcement, people in those institutions drool at the prospect of having an excuse to collect exhaustive data about the entire populace, for reasons and purposes far beyond the prevention of terrorism.

Already started to creep.

[base3]

Perhaps unrelated to terrorism, the data will be also tested to see if fraud or identity theft can be detected.

And in a few years, you'll be denied boarding and arrested after a swipe of your national ID reveals that you have some unpaid parking tickets in Peoria or you're a little behind on your child support payments.

Who else remembers being told about the horrors of Soviet Russia in elementary school, one of which being the internal passport and lack of freedom to travel? Guess what, kids--it's here.