Slashdot Mirror
What the DHS Knows About You
Sherri Davidoff writes "Here's a real copy of an American citizen's DHS Travel Record, retrieved from the US Customs and Border Patrol's Automated Targeting System and obtained through a FOIA/Privacy Act request. The document reveals that the DHS is storing: the traveler's credit card number and expiration; IP addresses used to make Web travel reservations; hotel information and itinerary; full airline itinerary including flight numbers and seat numbers; phone numbers including business, home, and cell; and every frequent flyer and hotel number associated with the traveler, even ones not used for the specific reservation."
What?? No shoe size? What's the point of taking off your shoes at the checkpoint then?
When our name is on the back of your car, we're behind you all the way!
This reminds me of the current idea to charge a 10$ entrance fee for foreign visitors. The money is supposed to go into a marketing fund. It's not only borderline schizophrenic to raise a new barrier in order to promote it, it might be even more sinister: that fee can apparently only be paid by credit card. Since 10$ doesn't seem to be enough money to be worth collecting, I'm wondering if getting all the credit card data isn't the real goal.
Or maybe the US wants to finally catch up with the third world in unfriendliness.
Fleur de Sel
Hrmm. I think this was pretty much covered in this past article: http://yro.slashdot.org/story/09/01/06/2238228/A-Peek-At-DHSs-Files-On-You?art_pos=4 Perhaps a different person's records, but basically the same deal, from what I can see so far.
Your full, unencrypted credit card information available in our logs to every DHS employee is necessary for us to fight the evil terrorists.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
If they have that much useless detail on everyone, chances are they won't be able to actually find anything in it. Yay for security through obscurity.
On the other hand, someone's probably going to break in and get all those credit card numbers...
Look at the record detail. You can even see on what CRS it was reserved : 1A. If you reserve everything with the CRS (for example at a travel agency) then ultimately everything is linked and saved there. Then most airline do not bother filtering they just send the whole kludge to the DHS. I commented the same, and yes indeed he blacked the name out, but left the RECORD LOCATOR, which is identifying the person too, if you have access to the CRS system.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
awesome. http://www.torproject.org/
You can read all about the shoe issue in:
"Shoes: Comfortable piece of clothing or The Ultimate Hiding Spot!" (unfortunately nobody RTFA that concluded that they were indeed just comfortable and not a particular good for hiding stuff).
Just imagine the things I could hide in my shoes....and not in my pants/shirt/other. The posibilities are endless.
Since they have your CC number, what would stop them from using it to buy something incriminating? Hey DHS, can't find the missing link? Provide it yourself then!
In theory, practice and theory are the same. In practice, they're not.
If they have that much useless detail on everyone, chances are they won't be able to actually find anything in it
They'll fix the problem by hiring a metric buttload of data mining consultants.
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
If you book with a one-use virtual credit card number, is that what appears on the record? Does it produce all previously used cc numbers too? This looks like just the airline passing on their booking/customer db record, but if it was the actual CC that would be real tin foil hat time.
I'd rather have all the CCTV in the world than giving my entire identity, credit cards and all, to any DHS cocaine addict who happens to need a fix. At least CCTV can't read my passport and credit cards.
I piss off bigots.
...since the site is slashdotted.
Can you copyright your personal data? And then sue the DHS for infringment?
Any business which is retaining credit card numbers and other personal information has to be PCI compliant. What about DHS?
The DHS knows a shitload more about than just my travel records. And I had to pay a shitload of money for the privilege.
I am Slashdot. Are you Slashdot as well?
Welcome to the United Soviet States of America!
Don't go away, we know who you are, we know where you live. :-)
What if Richard Reid had been the Underwear Bomber instead of the show Bomber?
Best Slashdot Co
Now I'm glad I've only ever used offshore booking agents.
Looks like he went Tampa to London via Houston (used to be Intercontinental) and then mysteriously flew from Charles DeGaulle in Paris back to Tampa via Newark. (Hmmmmmm.. what of the missing segment? Hmm? Hmm?!!!)
Seat numbers are clearly visible at the end of each flight segment as well.
The history of every PNR (personal name record) has ALWAYS been tracked by CRS systems.
Looks like the flights he was scheduled for had some schedule changes and his seat had to be changed also.
Certainly does a lot of international travel huh?
Customs and Immigration has always been interested in suspicious behavior though.
1. Fly to South America and pay cash for your ticket? Expect to be stopped at re-entry
2. Didn't eat your meal on the way back from Central or South America? Expect to be stopped at re-entry
3. Fly international more than twice a month? Expect to be stopped at re-entry
It's good ole profiling at it's best and there's nothing you can do about it. It's a "national security" issue. I speak from experience. I have been stopped 30 consecutive times on international flights. Every flight I ever took until that passport was renewed.
I worked for a large company post-9/11 with fingers in most major industries, including a significant presence in travel (whether you knew it or not). Part of the data collection they did was essentially building profiles of everyone, including all of the information this guy obtained. The government couldn't legally collect the data, but being a private corporation, this place could. Naturally collecting all of that is really only useful for spying on people, so there was never any real doubt as to what happened to it. The rabbit hole goes a fair bit deeper into what you do and how that information is linked, and that was all just at this one company.
I am SOOO going to figure out a way to live with some privacy.
Done nothing wrong, then you have nothing to hide and worry aboot...
WAIT !!?? credit card number and expiry date ? wtf !!??
Since when did it become acceptable to monitor everybody in case on is a terrorist instead of only the potential suspects ?
How on earth this level of incompetency and waste of ressources is considered state of the art ?
How does the Govt. having this information help the govt. stop terrorism? Anyone?
...which explains all the meanings of the data?
so how does having a credit card help my corpse?
Exactly what I was thinking. They had no idea what was going to happen before 9/11 and it is pretty obvious why when you look at stuff like this. Invasion of privacy and a wasted effort all at the same time.
What do you bet we have no recourse when they inevitably release all this credit card data to crooks ?
http://en.wikipedia.org/wiki/PCI_DSS
Oh, yeah. The rules are different if you're the government than if you're a regular company.
The so-called wall that supposed to built to keep illegal immigrants out of our country and away from our jobs does just as good a job at keeping US in! You're not going to get out of this country if they don't want you to.
The eternal struggle of good vs. evil begins within one's self.
looks like the site is down due to capacity.
Here is the Google cache of the site http://tinyurl.com/nrt7rm
When you get pulled over and they ask you questions where did you go, with whom did you stay, whats your relationship to them - then they all record that into their computers so later you get harassed by some 20 year old highschool drop out in telling you all that information before you go to USA just to show off how much they know about you.
By the way, does one has to answer those personal questions to enter USA if you ARE US citizen?
Do they flag:
kosher = maybe friend
halal = terrorist
vegan = hippie scum
I've actually heard people respond to revelations like this by saying, "If you're not doing anything wrong, why are you worried about the government having this information?" I then ask "Really? Well, tell me all about your sex life..no?..are you engaging in some perversion?" or "How much money have you got in the bank?...Why won't you tell me? Are you laundering money for drug dealers?" I don't know which is worse, these clowns prying into our lives or our wonderful Congress sitting there and letting them do it. Big Brother is taking over faster than you doublethink.
Perhaps I'm out of the loop but I don't see anything here that's outrageous.
It looks like CBP received a dump of your PNR from the airline, period. Any data that's stored in that PNR will be transmitted when it's dumped. Whoopty-fookin-do. It's the AIRLINE that has all this information to begin with.
As for the CBP internal records it makes sense they would track when/where your passport shows up. I know my passport details have either been manually entered or scanned in and out of most countries I've been in. (Or a backend transmittal occurred from the airline to passport control in that country to indicate I was departing)
Whilst the "big brother" connotation of this is troubling it is not as if CBP went out and GATHERED all this information on its own from various sources. They ask the airline for a dump of the PNR, the airline gives it to them. Since you booked everything into one PNR they got it all.
If anything here the airline is not taking appropriate steps to safeguard your data. I'd bitch at them before I'd get worked up with DHS. (Not saying I wouldn't get worked up with DHS too but I'd start at the source of the data)
Too bad most of the sheeple will just yawn and pick their noses when they're told about this. People with enough sense to be nervous about this level of government intrusion into the lives of law-abiding citizens will be laughed at.
And if I hear one more idiot say, "If you aren't doing anything wrong, what are you worried about", I'm going to invite the cowardly moron to move to Communist China, where he'll feel right at home.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
My wife and I travelled to Russia and they required visa's as well. If you don't speak Russian, it'll cost you about $250/person to get them.
I for one welcome ... oh wait, this is for real?
This is great! I was going to apply for a green card soon and I believe you have to list every time you've entered and left the US. I'll just put through an FOIA request and the government can do the work for me!
Or do you not own your credit card? It's as much yours as a piece of paper with your address printed on it is personal.
looks like TFA has been slashdotted...
I think the point that highlights why this is all security theater is the note at the way bottom of the record which says Private Jet Travel was not included in the documentation. It seems this is a hole in their security model that will never be plugged.
Support the 30 Hour Work Week!!!
The US already collects vasts amount of information as part of the visa application process for any foreign national, all paid by the applicant.
This is the result of federal statute, not some evil recent regulation.
Federal law requires that immigration costs be funded by the immigrant rather than the U.S. Taxpayer. On the one hand, it is very off-putting to many potential immigrants. On the other hand, one must ask why American citizens should be forced to pay the immigration costs of some non-citizen to which the U.S. owes no obligation and has yet to receive any benefit from. It also serves as a valuable tool for weeding out those who could never afford to go in any case.
And, as to Chile, it's noteworthy that U.S. citizens arriving in Chile are charged a reciprocal tourist visa fee of exactly that $131 as well. Chile believes in reciprocity, and that's fine - Chile's a great place to live and visit. I've lived there myself.
That and because Dave Ramsey is frickin' awesome like Chuck Norris.
Yet another reason the DHS should be disbanded. You know, beside the half-billion other reasons. The RIAA treats their customers this way, and it got them everylasting scorn and loss of a non-trivial amount of their customer base. The government treats their customers this way (let's face it, we're no longer citizens, we're customers), and there is absolutely nothing we can do. If we speak out, we're labelled as "unamerican", and subject to a host of more intrusive measures, from which we also have no recourse. Habeas corpus be damned! Fourth amendment be damned!
I refuse to get on a plane in the US until they're gone... so that means I'm probably not going to fly again in my lifetime.
Stainless steel RFID-blocking passport holder: http://www.thinkgeek.com/homeoffice/gear/a7a2/
I piss off bigots.
News for paranoid cynics.
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
Going to? You speak as if it is a FUTURE event. I aready have all your credit card info, and everything else as well. Muhahah.
wake up and hold your nose
Stories, generally posted by Americans, about UK CCTV schemes are often accompanied by text that states more or less explicitly, "Oh, those freedom-hating Brits! Thank God it doesn't happen here." Yet when the Americans implement even worse systems they (for some reason) don't choose to blame the entire nation for them.
It would be nice if posters could direct their ire to the place where it belongs, namely the people responsible for these policies, rather than the citizenry as a whole.
I piss off bigots.
And charge the bill for cleanup :)
I read all of the none Americans gripping about America and all this procedures. Yet, back in the 70 and 80, Germany, Spain, France, Israel, etc. had issues with terrorists and implemented FAR FAR harsher procedures. When traveling through Germany, you would see uzis on police. Do the wrong thing and they were all over you. And that was in West Germany, not East (my understanding is that it was even worse there). Heck, if you live in various areas of Mexico, India, China, etc, you still see guards running around and grab you if you LOOK wrong at them, or if you are the wrong color (literally).
I prefer the "u" in honour as it seems to be missing these days.
http://74.125.113.132/search?q=cache:mi8ChwGUUkUJ:philosecurity.org/2009/09/07/what-does-dhs-know-about-you+http://philosecurity.org/2009/09/07/what-does-dhs-know-about-you&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a
Are they keeping track of the fact that the woman using the companion ticket discount and accompanying me isn't really my wife?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Suppose that they only want people willing to go through x amount of bullshit in submission to authority...
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
2. Don't use air travel ever.
Since all this foolishness started I've saved a lot of money I would have been spending as a tourist and I don't get harassed by goons because I carry a Swiss Army knife in my pocket. Not to mention the chances of my falling from the sky in pieces is now zero.
Typo-Man, arch-nemesis of Preview-Boy.
Best Slashdot Co
This information is not fully correct. As mentioned before, the screenshot comes from the airline reservation system or one of GDS ( Global Delivery System) screens. Airlines only rely traveler names, gender and birth dates to DHS to improve upon passenger verification process, and no credit card information is stored.
GDS systems keep this information for up to 6 months from your travel for historical records
Any rational person knows that!
Sure, Bush's bunch created DHS, but Obama's crew is keeping it alive and well. Do the democrats get a free pass for inheriting a mess even if they choose to do nothing or make it more onerous?
I'm not suggesting a "democrats" tag be added, but that whoever tagged it "republicans" needs to think more clearly about the trend of *all* administrations over the past few decades instead of pointing fingers at whichever face of the Party they like least.
Your brain is not a computer.
Oh that is too funny. Big Brother knows *everything*.
I am becoming gerund, destroyer of verbs.
what WE THE PEOPLE know about *IT*. See, they work for us. Not the other way around. Ah, whats the use. The second revolution will revamp the government in many ways. Many of these buffoons will have to find regular jobs like the rest of us schmucks and get on normal healthcare, not the gold standard bullshit they refuse to get rid of even IF they're proposing so-called "reformed" healthcare.
DHS and the rest of the government need to watch it. They're on thin ice with the people.
Have to call and pay for an appointment then pay the application fee.
Now if you are traveling under the visa waiver program you just show up, but if you need a visa or aren't from a VWP country its the same thing for Germany and the USA.
Bring back the old version of slashdot.
Privacy issues such as these have no relationship to Republicans' shortlist of talking points and are therefore totally uninteresting to them.
Well, maybe if you say that the government can use the data to see who's using tax havens, you could wedge the whole "ZOMG THE GUBMINT IS GOING TO TAX ME (OR MORE IMPORTANTLY OUR WEALTHY CORPORATE OVERLORDS) TOO DEATH!" paranoia in there...
"When information is power, privacy is freedom" - Jah-Wren Ryel
a fair portion of eastern seaboard rail lines are owned by freight companies so they don't have plans to upgrade their rails for higher speed. We have higher speed trains, but they can only run at higher speeds from NYC to boston even though they provide "high speed" service to Washington DC as well. The rest of the system is only rated for around 80mph.
Oddly enough we were doing around 100mph on the same corridor 100 years ago or so.
Bring back the old version of slashdot.
On a European high-speed train, it's 8 relaxing, uninterrupted hours during which you can get some serious work done, walk around, get a coffee, or a meal in the restaurant. For a realistic comparison, you have to add a 1 hour commute to the airport, 2 hours of wait before the plain actually takes off, 1 hour for the commute from the airport to the place you finally want to be...makes altogether 6.5 hours during which can't get anything done, because you get pushed around from one waiting area to another, have to take off your clothes, get pushed into some small space where you can't actually move at all or stretch your legs, etc. Obviously the benefits just become more overwhelming as you talk about shorter distances (which are typical for Europe).
Radiation-proof passport wallet. Ba-da-bing, ba-da-boom.
I piss off bigots.
I piss off bigots.
Anybody here remember COINTELPRO and how the govt literally attacked people and groups in order to silence them? Sure some groups might have deserved the extra scrutiny, but many didn't. What is to keep the government from using this information for attacks on people? What if your Joe Hoffman, and suddenly your supposedly a victim of identity theft? Instead of touring the protest circuit, your trying to figure out how to pay off the credit card cartels?
I know this might seem like an exaggeration, but how much power are we really comfortable in our government having? How much do we trust it to really do the right thing? Is this trust based on truth or our wishful thinking?
Just some thoughts.
Did anyone read/find the article cited? "An error occurred while loading http://www.philosecurity.org/ Unknown host www.philosecurity.org" rws
I believe that they live in Washington DC. Or, perhaps now live in Texas.
Just one more reason to book flights, hotels, etc in separate bookings. Why give more information than you need to? For that matter, just create the booking then cancel it within the appropriate time and call another directly. Misinformation works for you too.
"Growing old is inevitable; growing up is optional."
BTW, can someone post a list of vendors of virtual temporary credit cards? A search on the Web didn't lead to much last time. This would obviously be something very useful for Internet purchase safety, if anything (tired of vendors who don't even encrypt account passwords). Why oh why isn't that service more pervasive?
It's a service that comes with your real credit card. For instance, I have a Citibank-branded MasterCard, and if I log in to the citicards.com website there's a menu item somewhere that lets me generate extra card numbers with various restrictions (only usable at one merchant, $$ limit, time limit, only usable once).
Thanks Tim. It seems to me though this is tied to the bank, isn't it? Several people here have mentioned Citi in the US, but I don't think many other banks offer this. A few years ago PayPal had an attempt at such a service but for some reason they scraped it away.
If you want to request your own records, do so ASAP: Even while stalling on responses to pending requests and appeals -- some unanswered after almost 2 years -- the DHS has recently moved to exempt more of this data from disclosure or requirements for accuracy, relevance, etc. Even more Privacy Act exemptions for PNR's and other "Automated Targeting System" data are pending, and could be finalized at any time. BTW, if you travelled to, from, or via the EU, or on an EU-based airline, or made reservations or bought tickets in the EU or through an EU-based company, or if your reservations were stored in the EU-based CRS Amadeus, you also have the right to request your travel records from these travel companies.