Ars Editor Learns Feds Have His Old IP Addresses, Full Credit Card Numbers

mpicpp writes with the ultimate results of Ars's senior business editor Cyrus Farivar's FOIA request. In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested, the United States Customs and Border Protection (CBP) turned over only basic information about my travel going back to 1994. So I appealed—and without explanation, the government recently turned over the actual PNRs I had requested the first time.

The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.

Big Brother

[fizzer06]

He is a nosy bastard.

Re:Big Brother

My Big Brother is also my Uncle Sam. Does that make me inbred?

Re:Big Brother

You aren't related to Ma Bell are you?

Re:Big Brother

no, it means your brother's kids are going to be inbred

Re:Big Brother

[c6gunner]

The funny thing is, fulfilling his FOIA request is probably the first time anyone in government actually looked at his data.

Re:Big Brother

[DocSavage64109]

If you consider his info being nicely stored and indexed in various databases as not being looked at. I'm rather impressed at how easily they can run reports on this much disparate information.

this is news?

[turkeydance]

is there a surprise "twist" ending?

Re:This is news?

full Credit card numbers is not just basic Info, imagine a data breach.

Re:This is news?

[NicBenjamin]

Because most of the time the airline blacks out most of the Credit Card before sending it to the Feds. In theory the Fed're only supposed to have the last four digits, because that should be enough (when combined with name and expiration date) to identify the card.

This is actually a pretty typical story on this issue. The Feds collect data that can be very useful in searching for terrorists, but they don't actually look at it much. They do a computer search, and most of it will never come up. So the airline sent them more then it should, and maybe somebody noticed, but nobody cared. So it got sent to his file folders (both electronic and physical). Then he FOIA'd the info, and since nobody FOIA's the info they had no procedure to respond to the FOIA, so he got it in a ridicuklous way (two batches, the first batch of which he had not asked for, and the second batch seems to have been totally unexpected).

If you think privacy rights are incredibly important, and are sincerely worried that Obama isn't enforcing them better, it's terrifying that a federal Agent could have stolen his CC info. And it's even more terrifying that there's no bureaucrat in charge of purging irrelevant info (like his CC number).

If you're me, and you take a more philosophical view of the whole issue, you note that a bureaucrat in charge of looking at his info would have looked at his info. Said info was highly unlikely to leak from the TSA to anyone else unless a) they had probable cause due to some investigation, or b) some enterprising agent decided to go over his file and verify it. Federal agencies just don't share information with each-other the way privacy purists imagine in their nightmares, rather they horde it and then exaggerate the info-horde's usefulness in powerpoints demanding an increased budget.

Re:This is news?

How do you think all those companies let you pay without re-entering payment info?
They store your credit card number.
Sure it sucks if they get hacked or whatever, but that's the way it is.
They whole idea that you can use someones credit card just by knowing some numbers is stupid anyway.

Re:This is news?

[linearz69]

Why wouldn't they have this info?

Why should they?

The retaining of 8 years worth of data is the biggest problem here. What is the value of 8 year old Credit Card numbers? You'd figure after 8 years they'd know who tried to light that shoe on fire....

So yes, it's News.... unless you work for an intelligence contractor or agency and knew about this already.

Re:This is news?

[beelsebob]

No one should ever be keeping your credit card number without your explicit permission.

Re:This is news?

[Luckyo]

Untick "keep my credit card information for future payments". In vast majority of the cases, that means company doesn't keep your info after payment has been received.

Re:This is news?

[mattwarden]

So, do you believe abuses like those described here do not happen as a regular course of business: "NSA Employees Routinely Pass Around Nude Photos Obtained Via Mass Surveillance" http://www.zerohedge.com/news/...

I find that naive. Now, do I care? Not really. But I understand why some people might, and I don't consider that privacy purity.

Re:This is news?

[NicBenjamin]

Talk about a non sequitir.

Let's say I admitted that Snowden was right about the NSA and naked pictures, why would that imply anything about a completely different agency and text files? I can see how a bored NSA agent might get a kick out of a nudey that looked kinda like Natalie Portman (or even a nudie of Natalie Portman) and show it to other bored NSA Agents, but this is a text file. It's a very boring text file. It says some guy took a flight. He spoke English. It mentioned his preferred meal.

And we can actually be quite sure it was not widely shared at the TSA, because if it had been some asshole would have stolen his Credit Card number.

Re:This is news?

[mattwarden]

Yes, non sequitur indeed. I'm sure government abuses of power are limited to the NSA.

Re:This is news?

[Antique+Geekmeister]

> And we can actually be quite sure it was not widely shared at the TSA, because if it had been some asshole would have stolen his Credit Card number.

Except that they're available, in bulk, to whoever administers that database. And a theft or loss of a backup of that database is hideously unlikely to ever be reported, for "national security reasons" but also to reduce bureaucratic business. And given the history of federal agency personal and political fraud against private citizens, especially politically active citizens, it verifies that they have far too much data, far too easily accessed, available at whim for whatever purpose is desired.

Just because "it's boring text" does not mean it's not incredibly useful for political espionage or frame-ups. Please, do not try to claim that it "wouldn't happen here" The abuse of confidential federal information to harass political opponents certainly _has_ happened here, in the McCarthy hunt for Communits, with the Committee to Re-Elect the President in Nixon's presidential reign whose failures cost Richard Nixon his presidency, and with the Valerie Plame affair during George W. Bush's presidency.

The collection and aggregation of "uninteresting" private information or "metadata" represent risks to political careers and private liberty that will not cease simply because "who would care" or "it's dull". It's hardly dull to be able to use someone's personal information and credit card data to track the nature, times, and location of _every purchase_, and have warrant free monitoring of travels and personal business. And there is, effectively, no oversight of such access because it's the NSA: they operate under a tremendous shroud of national security that prevents rational oversight of such sensitive information.

Re:This is news?

[camg188]

"reuse your stored credit card information for future payments"
is what they really mean.

Re:This is news?

[NicBenjamin]

So your argument is that if government agents abuse power one way it is clear, beyond all doubt, with no actual investigation necessary, they abuse power all other ways?

That is the definition of a non sequitir.

Re:This is news?

[NicBenjamin]

You realize Hoover never had access to any non-FBI database? Neither did HUAC at al. And there are plenty of Federal databases besides the FBI. In another thread I mentioned three that are actually a lot more dangerous, and a lot older, then anything we're talking about: the Census, Social Security, and the IRS. Neither the CREEPs nor the Plame Scandal involved the use of a Federal database. Plame was not even a database at all. Rove was talking to a random guy about her husband, and he mentioned the CIA connection. The CREEP did not abuse any Federal databases, it tried to steal information that could not be added to those databases (like reports from the shrink of a guy who pissed Nixon off).

I'll note here you haven't managed to quote the only actual example of a Federal database being used against US Citizens (Japanese internment).

So while I will agree, that in theory this database could be used by a future Hoover, I will also point out that it is quite useful in numerous actual law enforcement situations. Terrorism actually exists, even tho we like to pretend it no longer counts just because almost all the victims are black Africans. I disagree with much of the war on drugs, but the drug runners are not nice people. Both groups use the US Air network, and if there's any pattern to their usage we can't find that out unless it's recorded somewhere. Given that the US Government is pretty consistent in it's evils (they tend to involve totally ignoring the Constitution to get new data, and/or abuse minorities; using data from existing data sources just isn't the MO), the long-term risk of them abusing old data is quite low. Call it 5%.

So we have a database, that will be useful in numerous perfectly legitimate law enforcement operations, and a small risk of it leading to bad things. You're free to conclude any risk is too much, but I think that risk is fine.

Re:This is news?

[mattwarden]

Governments abuse their power. I did not come to this conclusion from this incident. This incident is yet another example of innumerable examples in history. You think this new scenario is an exception based on... I don't know what.

Re:this is news?

[Concerned+Onlooker]

The surprise twist ending is when we end up with an authoritarian regime because too many people just sighed and said, "this is news?" any time something that should outrage us happened.

Re:This is news?

You realize Hoover never had access to any non-FBI database? Neither did HUAC at al. And there are plenty of Federal databases besides the FBI. In another thread I mentioned three that are actually a lot more dangerous,

You''ll forgive me if I find the argument that there are other more serious risks within the federal government to be not particularly reassuring.

I disagree with much of the war on drugs, but the drug runners are not nice people. Both groups use the US Air network,

Your explicit expansion of the war-on-terrorism to the war-on-drugs is disheartening.

Re:This is news?

[flyneye]

All this info, just lying around, in case they need it. They wanna see what kind of home improvement crap I bought, what brand of tortilla chips I eat, where I gas up at, when I occasionally call on the phone, perhaps they'd like a scratch n sniff X-ray of my colon before I had a polyp removed. Maybe they'd like to hear the last obnoxious joke I told with the punchline of Hillary carrying Obamas two headed love child to term before marinating it in jalepeno barbeque sauce.

I'm pretty boring, and I hate and distrust the charlatans misusing the government, like any other human on the planet. But it's nice to see that one day they will have spent everything I ever paid in taxes on hardware to store my unused trivia.
LOL, yeah Omama is gonna PROTECT us from terrorists and is busily doing everything he can think of with that baseball sized head of his. Him n his Repubmocrat buddies gonna start a PROGRAM to look into what could help and appoint a commitee to get a feel for what the Corporations would agree to and talk about a solution and it's effect on the economy, while appeasing the voters.
(Ever listen to the words of DEVOs "Mongoloid"? Kinda applies to the whole shithouse load of them, doesn't it?)

Re:This is news?

[flyneye]

Anyone who believes that, go stand on your head in the corner and be counted.

Re:this is news?

You're welcomer.

Re:This is news?

[NicBenjamin]

Government abuse their power, therefore every government agency you can possibly imagine abusing it;'s power in any way will eventually abuse it's power in exactly that way?

That's not logic. It's projection.

Re:This is news?

[Antique+Geekmeister]

The Nisei were a wholesale incarceration, and was quite public. I was referring more to illegal acts in living memory. The other acts involved the abuse of private information, held in federal hands. It doesn't have to be in a database. The extent of the data and its ease of access _expand_ the risk, not reduce it.

> So we have a database, that will be useful in numerous perfectly legitimate law enforcement operations, and a small risk of it leading to bad things

The "risk" is real. I'm afraid that its abuse is inevitable with so much data concentrated behind closed doors, without any judicial review or enforceable consequences for its misuse.

Re:This is news?

[SeatcheInpericulisau]

I'm concerned about NSA's incompetetence of storing all this personal data about everyone. What happens when China, Russia, or some criminal organization hacks the NSA? Actually, I mean, WHEN it occurs. You gotta wonder if the NSA actually works for the USA.

Re:This is news?

[chentiangemalc]

Don't worry the data will be safe in NSA's hands, as far as I know they've never had any data breaches/leakages before...

Re:This is news?

[davester666]

why does the gov't have it? it's not like I'm going to phone them to book another flight.

Re:This is news?

[Sique]

Every institution abuses their power. Governments are just the scape goats U.S. Americans like to butcher. Other countries have banks, other big corporations or the neighbouring country to beat at. Stop blaming the government for all failures, or at least start distributing your blame more fairly.

Re:this is news?

Vote your heart when it comes to elections, even if statistically speaking, the candidate is going to lose. If enough people stopped voting for the lesser of two evils, and for someone whom they really want to be elected, I wonder what will happen?

Re:This is news?

[gl4ss]

..why would the feds have it? it's not basic info to store of your citizens really.

also storing credit card numbers while rampant in the industries is also something feds shouldn't be having and furthermore it's not something any credit card processing business should be doing ether(payment processor 'gateways' excluded, it's all in the rules if you start processing cc payments.. even if you do recurring charges you as a charger company don't actually need to store the full card data).

Re:This is news?

Its a safe bet that if Snowden was able to get the data, loads of other people have been able to get it too - its just that they kept their mouths shut.

Re:This is news?

It's not a data breach if they authorize it!

Re:this is news?

For that to work there has to be candidate that you want to be elected. Often elections are a case of vote for the least bad candidate. It would be good if there was a mandatory "None of the Above" option which could be used for the electorate to positively indicate their dislike of all the candidates' policies.

Re:This is news?

[Richard_at_work]

Actually most get a token from their payment provider and store that for future use - only the very large sites which have their own merchant accounts and card provider systems will store the card details.

In the UK, most card providers require you to enrol into something called "3D Authentication", which sets up a password for your card - when you make a payment online, you put in your card details, billing address etc, and then you are asked for three digits from your 3D Authentication password. The way in which this works is its handled directly by the bank, not the payment provider or the vendor website - the payment provider returns a response saying "3D Auth required, go here to complete..." and you redirect your user to that website, they do the additional authentication, the bank then sends a result back to you, and you send that on to your payment provider.

Re:This is news?

[TheRaven64]

The problem is in your phrasing of it as 'government abuses'. In the most part, it's not 'the government', as a monolithic entity acting based on policy that is abusing the power, it's individuals whose abuses are enabled by the government's programs. There's a political split over whether you can trust 'the government', but both sides agree that you probably can't trust an underpaid civil servant with a napoleon complex.

Re:This is news?

How do you think all those companies let you pay without re-entering payment info?

By complying with Federally-mandated PCI standards and storing your cached payment info securely, that's how.

Oh yeah, and not printing it out unencrypted on a fucking spreadsheet when someone asks for it. Yeah, that too.

Re:this is news?

[ArcadeMan]

You guys are stuck with a stupid two-party system, all you can do is vote for the lesser of two evils.

Re:this is news?

[nabsltd]

You guys are stuck with a stupid two-party system, all you can do is vote for the lesser of two evils.

The solution is obvious: vote Cthulhu

Re: this is news?

We don't want the wrong lizard to win.

Re:This is news?

[ArhcAngel]

Yeah, our banks don't have that but our cable providers do if you want to watch streaming video from ABC, CBS, NBC or HBO GO.

Re:This is news?

PCI standards are not federally mandated. they are VISA and Mastercard mandated. there is no law behind them...however they can stop doing business with you if you don't comply with them.

Re:This is news?

[gmhowell]

'In living memory'? Ask George Takei what he remembers from his childhood.

Re:this is news?

[Stan92057]

Yes Its imperfect, but there is no where else on this planet I would rather live.

Re:this is news?

[lonecrow]

Have you ever tried anywhere else? You might be surprised to learn that the USA is not the only democracy on earth, and also not the one with the most liberty.

Re:This is news?

[ahodgson]

I think it's safer to say that most human beings will eventually abuse any power given to them. Since governments are run by human beings, it's also safe to say that all governments abuse their power. That's why the US Constitution tried so hard to limit government scope and power. Unfortunately, since governments abuse their power, and sheeple want "someone" to take care of them and protect them, those protections have been whittled away, anyway, but it was a good effort.

Re:this is news?

Indeed. I'm Canadian and I've thought about moving to Switzerland, Norway or The Netherlands.

Re:This is news?

[oldmac31310]

They will need your credit card information to make you pay for your rendition flight.

Re:This is news?

[TheCarp]

Exactly. The old adage never was "Corrupt people get into power" it is, "power corrupts". It is not a matter of getting out corrupt people out of power because, it was never the who that was the problem, always the power you were giving them that creates the corruption.

Re:This is news?

[Luckyo]

I believe it for a very simple reason. In most cases it will say so in site's TOS that they will not keep it should I tell them not to do so.

I find it very hard to believe that a site selling me goods would take a risk of getting hit by a contract breach and all the negative PR that would follow it just to keep my credit card information on file.

Re:This is news?

[NicBenjamin]

That's not precisely what he said. What he said was that because one institution failed one precise way (passing around nudey pictures) a second would fail a completely different and totally unrelated way. it's totally illogical, and frankly is basically the raving of a fanatic.

Your own line of logic succeeds as logic, but logic only works if the assumptions are right. You're assuming that human frailty cannot be compensated for in institutional design. This is false. British Parliament is designed to be bickering factions who can barely agree on a Prime Minister, so that's what it is. But it actually has the power to do almost anything by simple majority vote. All British Civil Rights protections, the Queen, the status of the House of Lords, etc. can be done away with by majority vote. The Courts too.

Federal agencies are very well designed from an information security perspective. They could, in theory, share information like motherfuckers, but they don't. TSA won't get credit for an FBI bust unless TSA ensures the FBI shares credit, so TSA is not gonna let the FBI read their file on you without orders from someone they can't ignore. Since TSA can;t actually bust down your door and arrest you (that would be an FBI job), that ensures that it's unlikely for them to pass info to the FBI that would result in you being oppressed in meatspace unless you actually deserved to be oppressed: ie: you're smuggling Giant Snails.

Re:This is news?

[NicBenjamin]

So you prefer the risk of massive law infringement, including invasive species smuggling, drug running, and terrorism, to a 5% risk that somebody who shouldn't know about Natalie Portman's meal choices finds out whether she's keeping Kosher? No operation on the scale of COINTELPRO could come from the TSA, because the TSA doesn't have the resources to pull it off.

Hell, given what we know about how actual Federal Agencies work banning this database won't increase privacy. It will simply decentralize privacy violations. You get a lot more "random searches" of brown people when the local cops have to ask each individual brown person whether they're a Patriotic American who believes in Jesus, George Washington, and killing King George rather then simply being able to bring it up on their computer.

Re:This is news?

[NicBenjamin]

You're worried about the wrong agency. This is a TSA database.

Re:This is news?

[mattwarden]

What is the point of your distinction? The entire philosophy behind small government is that it is completely idiotic to distrust people to do the right thing and try to solve it by giving people a shitload of unnatural powers. Your distinction seems to imply you do not understand why people argue against giving government power.

Re:This is news?

[mattwarden]

I know it must be difficult to get a real world perspective from your mom's basement, but in the real world generalizations have an actual function. Particularly when you are deciding whether or not a government agency should get new important powers that could be abused, knowing that government agencies tend to abuse their power is a useful generalization.

Re:This is news?

[Antique+Geekmeister]

> So you prefer the risk of massive law infringement, including invasive species smuggling, drug running, and terrorism, to a 5% risk that somebody who shouldn't know about Natalie Portman's meal choices finds out whether she's keeping Kosher? No operation on the scale of COINTELPRO could come from the TSA, because the TSA doesn't have the resources to pull it off.

I'm afraid that's a straw man argument. It's not been shown that the massive metadata gathering on USA citizens has been effective against any of those. Where are the convictions? NSA data gathering, in fact, is not supposed to be applied to domestic communications. It's far more useful, and demonstrably so, for internal political abuse. Look at the history of the Stasi for examples of how decades of broad information gathering can be used against moral, law abiding citizens.

Decentralizing the databases, spreading them out, is actually a good goal. Broad, flexible databases with large amounts of data are much easier to steal, and much easier to abuse, than smaller, isolated systems. That's a harsh lesson from decades of security work. And "random searches" are much safer than having it all stored in a central database where it can, and it _will_ be used for political and personal abuse.

Re:this is news?

See, the above is what happens when you have people voting with their hearts.

What we need is people voting with their brains. Unfortunately that's not going to happen.

You're getting a 2 Party system only because
1) Most people actually want one of the two parties.
2) The rest don't vote at all or try to "game" the system but the politicians are better at playing the game.

Truth is in many cases the corporate interests aren't in conflict with the people's interests. So the politicians can give both what they want at the top of their list. Most corps don't give a damn about gay marriage or abortion. That's why you have the various new marijuana laws and various abortion or no abortion laws. And most voters don't care about patent or copyright laws. So the corp get that stuff from the winning candidates ( they sponsor whoever might win).

More privacy isn't at the top of the list yet (but seems like it's moving up, and that's why some politicians are doing some stuff to make the masses happy - like cutting funding for searching through databases - they hope the masses don't figure out that searching is cheap ;) ).

Re:This is news?

[flyneye]

How about "The check is in the mail", "Money back guaranteed" and " I'll only put the head in" ?

Re:This is news?

[Luckyo]

Wouldn't know. Haven't ever used checks (we use direct bank payments around here), and if it says "money back guaranteed" then it usually means it. At least as far as I've ever ran into it when shopping. Never had problems getting my money back.

Not going to even bother with the sex jokes. Judging from your sayings, you come from US, and talking to you puritans about healthy sex life is like talking to a somali about woman's right not to be mutilated.

Re:This is news?

[NicBenjamin]

Dude, I'm not talking about the NSA. I'm talking about one specific TSA database. I'm specifically avoiding talking about the NSA because that's all anyone talks about on Slashdot today.

The specific database in this case is the one that includes all the information your airline has about you.

And this particular database has a lot of arrests. Just about any time a TSA agent finds contraband (which can be anything from illegally imported animals to drugs to bombs) he did it partly because this particular database told him something that didn't quite check out when the arrestee went through security.

This is actually exactly the kind of decentralized database you say you want law enforcement to have. It's targeted for one very specific legal use, it's quite effective at getting bad guys. Abusing would be extremely complicated because TSA has no motive to share any of this information with literally anyone, and it lacks the capacity to do anything more nefarious then hassle innocent people at the security line of the airport. Moreover the data just isn't that interesting.

Re:This is news?

[NicBenjamin]

More projection. Unlike you I got a full-time job and an apartment all of my own.

And your logic still doesn't follow. You're trying to prove that one very specific abuse of this data (Guys sharing it with each-other) is inevitable. Your only real example of them doing so is has a motive that is totally irrelevant to a text file about airline tickets.

In other words your generalization is so broad it's meaningless. For example every cop has a gun. This means that he could theoretically go out and kill the local First Grade Class. By your generalization it's totally inevitable this will happen at some point, which in turn means we should disarm the police.

Most cops have cars. These could be misused in some unlikely, and totally destructive way, such as a mass campaign by Cleveland Height PD to run down the entire Kindergarten class at recess. therefore, per your generalization, it is inevitable that the Cleveland height PD will eventually try to run down the entire kindergarten class at recess, and Cleveland Heights cops should walk.

One of the first things you learn when you leave your mom's basement, and start dealing with the real world, is that people do bad things when they have a motive to do said bad things. These particular abuses are unlikely because there's no emotional payoff to killing small children.

By the same token, the emotional payoff from reading a supremely boring text file about a supremely boring plane trip is completely different then the payoff of seeing a good nudie, therefore the fact agents at a completely different agency shared nudies had no bearing on whether TSA guys will share travel documents.

Re:This is news?

[mattwarden]

> You're trying to prove that one very specific abuse of this data (Guys sharing it with each-other) is inevitable.

No I didn't, you half-wit. All this time I assumed you were intelligent enough to process a simple point. It seems I have assumed too much.

Re:This is news?

[flyneye]

Yes, cynically, in the U.S. these phrases would be a sarcastic indication of your naiivete'.
The rest you have indicated on your own.

Re:This is news?

[Luckyo]

Clearly because I don't come from a culture where ripping people off is considered not only socially acceptable, but actually encouraged, I'm naive.

Or perhaps you're naive in assuming that us people in the Nordics need to be as careful shopping at home as we are when we shop in a country with culture like yours.

Re:this is news?

[Stan92057]

Sorry I didn't reply sooner for some reason this reply from slasdot was in the spam folder...strange never happened before.. That's said

Im 56 I've been around. There is 1 country I would consider moving too IF I had too and that is Canada. There are NO European country's I would like to move to or live or even visit. That's my personal choice based on 56 years of life. The first 5 I have no recollection of lol

Re:This is news?

[NicBenjamin]

Then what are you trying to prove? Seriously. You have given one example of abuse of government data. It's a truly shitty example. It has no relevance to the topic at hand.If I was writing your side of the debate for you I would not have used it because nobody would believe anyone would be quite that dumb. But apparently you are. Congratulations.

Please lay off the insults. Your insults are worse then your logic you silly-faced son of a moose-fucker. And because you don't really have an imagination, I will spell it out for you: that was a yo mamma joke.

Re:this is news?

I disagree.

Voting the lesser of two evils isn't voting one's heart. It's trying to use one's brain to pick a less-bad candidate rather than a candidate they truly want.

Corporate interests are in conflict with people's interests. Net neutrality is one good example. I think corporations will give money to both sides, so regardless of whoever wins, they got a puppet in Congress. Although, I'm sure the more-likely-to-win candidate will get more money.

Re:This is news?

[mattwarden]

if we both think the other is too dumb to process simple English, then perhaps we have come to mutual agreement that this is a waste of time

Re:This is news?

[flyneye]

Nope , you're naiive because "ripping off people" is universal in all cultures and is only defeated at an individual level. Crack a newspaper or a history book open. Surprise, you don't live in Utopia. So making sweeping statements about your culture also makes you look retarded.

Re:This is news?

[Luckyo]

As noted, you are indeed naive in your assumption that acceptability of ripping people off is universal in all cultures.

QED.

Re:This is news?

[NicBenjamin]

I don't think you're too dumb to process it.

I just don't believe you're emotionally capable of separating your desire to crush NSA databases from other government databases. Your inability to clearly articulate a potential abuse for this database, particularly any potential abuse that outweighs it's usefulness as a tool to cut down on smuggling endangered species/drug running/etc. is evidence of that point.

Re:This is news?

[mattwarden]

It's pretty hilarious to watch you put me into boxes I don't belong. I could give two shits about NSA's databases and whether The Google is reading my email. I'm writing this from a Chromebook for chrissakes. I'm just pointing out that you are incredibly naive with regard to government abuses of power. But once you acknowledge that it does and will continue to happen, you still have the option of saying "who cares?"

Re:This is news?

[NicBenjamin]

So you think I'm not acknowledging the government abuses power? I have done that quite a few times. It's just that, unlike you, I'm not basing this entirely on a theory I read in a SciFi book about the UK or Russia, or an 18th-century apologist for slavery's ridiculous claim that he cared about freedom. Note that last sentence? It was an acknowledgement of governmental abuse of power.

My argument is based on the actual track record of abuses the US government has done. This database is a lot less dangerous then almost any other for two reasons:

1) It belongs to the TSA, who don't really have the capacity to go out and oppress people themselves, and are never gonna turn over their information to people who do (ie: th FBI, Border Patrol, etc.). It just doesn't happen.

2) It doesn't contain much sensitive information. The info it contains is a lot less sensitive than the info Census and Social Security have on you, so even assuming that Federal agencies start leaking like sieves and reporting likely Jews to the KKK they probably aren't gonna bother searching for the guy who tried the kosher meal this one time in 2009.

Re:This is news?

[mattwarden]

Why do you keep further explaining your viewpoint unsolicited? I am not interested. It comes off as highly defensive and whiny.

Re:This is news?

[NicBenjamin]

I'm explaining my position because you keep restating yours. Last time I checked the international sign that one was participating in a debate was that one kept restating one's position in response to the other person's position.

If you want to end an internet debate, that's as easy as not getting laid. Simply stop trying to get the last word in.

Re:This is news?

[mattwarden]

i stopped restating my position many replies ago when i moved on to insulting you

Re:This is news?

[NicBenjamin]

Protip: Any statement that starts with "I just pointed out" is a restatement of your position.

Hopefully next time you'll be able to switch from debating to insults better, you nabob-faced cogswillet.

This is news?

This is just basic customer information.
Why wouldn't they have this info? Storing it takes up a couple hundred bytes per passenger.

Data sent to airlines

[bunyip]

The Travelocity guy avoided telling the whole story. They do provide relevant information, but if the government has the PNR with all the remarks in it, then it likely came from Travelocity or Sabre.

Travel agencies and 3rd-party web sites, such as Travelocity. put all this encoded stuff into the remarks section of the PNR, it's all that "H-" stuff. When the PNR is sent to the airline, NONE of the remarks are transmitted. The airline doesn't receive your IP address, for example. Seat numbers, phone and contact information are transmitted in Special Service Request (SSR) and/or Other Service Information (OSI) fields. One major exception is that Travelocity and AA share the same PNR when booking AA.

Now, the airlines have to send a whole bunch of data about you to the TSA to get clearance for you to board. Look up Secure Flight / APIS / AQQ and you can learn a little bit about it.

A.

Re:Data sent to airlines

> then it likely came from Travelocity or Sabre.

!bing!

I think it is entirely reasonable to believe that the TSA (and other agencies) get a complete dump of everything that goes into Sabre. It is too tempting of a data chokepoint for the government not to have appropriated a direct line into it. They probably get a real-time feed out of it.

yawn

The new shell company for just this problem was already in the works, and the spam data has already been transferred.

They never made their money providing service, they made their money effectively blackmailing people to get their "domain squatted" domains back. Half a dozen companies like this tried to hire me in the middle of the dotcom boom, and they're not changed a bit except that now they have to change company names faster.

The Stasi & Stripes

[Blue+Stone]

The government has files on everyone (or nearly everyone); people never suspected of, or implicated in, any crime.

How is this different from what the Stasi did?

Re:The Stasi & Stripes

"The Lives of Others (German: Das Leben der Anderen) is a 2006 German drama film, marking the feature film debut of filmmaker Florian Henckel von Donnersmarck, about the monitoring of East Berlin by agents of the Stasi, the GDR's secret police. It stars Ulrich Mühe as Stasi Captain Gerd Wiesler, Ulrich Tukur as his superior Anton Grubitz, Sebastian Koch as the playwright Georg Dreyman, and Martina Gedeck as Dreyman's lover, a prominent actress named Christa-Maria Sieland."

http://en.wikipedia.org/wiki/The_Lives_of_Others

Re:The Stasi & Stripes

The stasi was german (=> nazi) and socialist, therefore evil. The government is protecting us from terrorists, therefore a hero. But to make sure everyone shares the right opinion about these matters lets trace those who oppose tracing. They can have only one reason: hiding even more crimes. crimes can be done by even the most infant looking people. lets make sure we also trace the babies. It is already great that parents film their babies pee into their pants -> this can give lots of information about their later personal aspects, which is most important for investigation in the case they try to steal something from the kiosk when they are grown, which should be penalized by death by injection of previously untested overdoses, only escape is convertion into a mule and blaming the neighbours of most horrific crimes.

And never forget: stasi didn't cooperate with US agencies, which makes it suspective of hiding crimes also.

Re:The Stasi & Stripes

Because 'Murica has better propaganda and dumber citizens.

Re:The Stasi & Stripes

These artists make sex like dandies if you need bugs everywhere to know they are banging.

Re:The Stasi & Stripes

Thing is, people thing this is a new thing.

There has been recordkeeping going back thousands of years, with varying degrees of accuracy.
The digital world just makes it easier to record things so some dude can throw your information through some algorithm and see if it flags you as a possible threat. And this, despite the fact that the algorithms themselves are horribly inaccurate at the best of times since they heavily depend on exposure to actual events being correlated to records, which isn't exactly easy to do. (not to mention that it still isn't even that accurate with said information because it still depends on the human mind, which there is no average for, no matter what shitty psychologist, psychiatrist, neurologist or others states.)

God forbid the days when a supposed AI is used to correlate data and make decisions.
Woops, already beaten.

Re:The Stasi & Stripes

[danomatika]

How is this different from what the Stasi did?

It's *alot* easier now?

Re:The Stasi & Stripes

the way i seem to understand it, the nazi's viewed the jewish people as an existential terrorist threat.

i really don't see your point.

a list is a list is a list
esp. when you're keeping tabs on others.

my neighbor is a terrorist, he lights firecrackers without my permission. i keep tabs on him out my window.
the guy behind me? he's a terrorist too, he **says** he works midnights but ... i don't know about that.

Re:The Stasi & Stripes

How is this different from what the Stasi did?

They were at least honest about the fact that they were doing it. Also, I don't think it was unconstitutional in Germany, so it wasn't the government acting rogue like we have now.

Re:The Stasi & Stripes

[linearz69]

How is this different from what the Stasi did?

The Stasi needed "electricians" to install bugs. We now buy the bugs and install them ourselves.

Re:The Stasi & Stripes

[NicBenjamin]

Uhh...

What country doesn't have a file on all it's residents? Seriously.

Just think about all the files the US Government has had since the late 18th century. the Census had very good clues to everyone's religion, generally actually had a line for ethnicity, etc. During the first Libertarian-=Conservative period of dominance in the Judiciary the IRS had a database on exactly how much everyone made. A few years later the New Deal added a database on how much everyone makes that's updated every time you get a check. All three of these have more information, and more personal information then the TSA database. Both the IRS and the Social Security database could be used to steal a lot more from you then a single Credit Card.

Re:The Stasi & Stripes

In fact east germany had a democratic constitution, most likely due to pressure from the americans directly after the war, so that the soviets don't errect a communist dictature (same in all eastern european countries). The americans failed, but the constitution was democratic. The only truly democratic votes were at the end of the DDR. The voted parliament then declared to join west germany.
Second thing to know: west germany still had claims on east germany, thinking it was one country. This was also the reason why people who fled over the wall quickly got west german papers. If you argument this way, stasi was unconstitutional, even if you say that the right for privacy was created by the bundesverfassungsgericht much later. This however didn't change the fact that the stasi officers still had their ranks and even got their pension. There weren't nürnberg processes after the reunification.

Re:The Stasi & Stripes

Yes, I also recommended this film.

Re:The Stasi & Stripes

Protip: Recognizing the machinery that ensures history will repeat is not insightful. The point is not that all the countries are doing this. It's that it costs us a lot in terms of money and privacy and security to do so, and ensures the countries demise. Snowden showed that a measly government contractor can get access to more data than anyone is comfortable with, and if he can get it then all our "enemies" spies can too. Thus collection of such data is treasonous, by definition.

protip: "Everyone else was doing it, so I thought I'd do it too," or "I was just following orders," doesn't excuse the crime, especially not war crimes against humanity.

Re:The Stasi & Stripes

[fustakrakich]

How is this different from what the Stasi did?

Our government acts with the full consent of the governed.

Re:The Stasi & Stripes

[NicBenjamin]

Protip: If every country, including Germany, has files on its individual citizens, then arguing "files on your individual citizens is just like the Stasi" is ridiculous. It's literally like saying "The Stasi paid their agents, all US Government employees must be uncompensated!"

Seriously. How the fuck would Germany enforce it's income tax if it didn't have a file on every German who has income?

If you were talking about the actual contents of the database you might have an argument particularly if you focused on the NSA databases which are fucking scary, but this "They have a database with lots of people in it, therefore they are going to MURDER ALL!!" argument is just fucking stupid. If it had any relation to reality the entire fucking world would hacve been murdered back in the 17th century when European monarchs figured out that they could enforce there will via pen and paper databases. The Chinese would have been gone long before then.

Re: The Stasi & Stripes

It was a BofA credit card in the first place. Those guys are f-ing NAZIs. If you're nieve enough to trust them with your information in the first place who cares if the government has it. I doubt for the average person the FBI is going to be able screw them much harder then BofA ever will.

Re:The Stasi & Stripes

[Sir+Holo]

How is this different from what the Stasi did?

It's not.

There is a quote from a former Stasi guy (East-German secret police) regarding the Snowden leaks of NSA capabilities: "We could only have dreamed of having such powers."

Re:The Stasi & Stripes

So? Every fucking person whose job it is to ferret out "bad guys", regardless of nationality or whether they are government intelligence agents all the way down to mall security guards, would say the same fucking thing. People who look for "bad guys" want all the info they can get. This is just breathless hyperbole that someone runs to a former Stasi guy for a quote.

Re: The Stasi & Stripes

Whats this shit got to do with freedom?

Re:The Stasi & Stripes

[hoggoth]

I hereby revoke my consent.

Re:The Stasi & Stripes

I know of a man from Eastern Germany. He was a father, a worker, and a lay clergyman over a congregation of about 4 people, and that's it. When the wall fell, it was discovered that the German secret police had an entire ROOM of binders full of information on him. He was a complete nobody. It was considered a violating and dizzying revelation, the amount of scrutiny and surveillance they kept on him. Now, Dianne Feinstein (D-CA) thinks that should be the case for everyone in a Free Country. She will still get 75% of the vote when she runs for office again.

Required quote from Casablanca

[sandbagger]

Major Strasser: We have a complete dossier on you: Richard Blaine, American, age 37. Cannot return to his country. The reason is a little vague. We also know what you did in Paris, Mr. Blaine, and also we know why you left Paris.
[hands the dossier to Rick]
Major Strasser: Don't worry, we are not going to broadcast it.
Rick: [reading] Are my eyes really brown?

Re:Required quote from Casablanca

Round up the usual suspects!

PCI Compliance?

... the feds store personal financial data at rest unencrypted ? That's nice to know.

Re:PCI Compliance?

Feds don't have to worry about PCI compliance because they don't conduct credit card transactions. Even if they were compromised and all of the CC data was stolen can you imagine Chase actually suing them for damages?

North Korea and USA - freedom haters.

[abrahamOH]

When two totalitarian countries spy on its citizens data collection should not surprise anyone.
Remember in Asia it it North Korea. In North America it is USA.
Two regimes that hate any signs of freedom.

Re:North Korea and USA - freedom haters.

[Mister+Liberty]

Not correct.
You can have a certain --even high-- degree of freedom, and still be under more or less total control.
The latter is the program that has been initiated quite some time ago.
Those in power, a minuscule pertentage of the population, need to consolidate that power. How you
do that? By gaining total control over the masses
It's so simple it could've been a conspiracy -- if it weren't for the sheer number oif stories like these
popping up every day, and then some.
Get organized!

Re:North Korea and USA - freedom haters.

> Two regimes that hate any signs of freedom.

To be fair, there's no evidence that data collection is somehow a sign against freedom (which is how you have framed it). It is historically accurate that totalitarian regimes keep a lot of data on its citizens...but how much does the chinese/nk govt have on random farmer? Probably not very much. The data collection aspect is as likely a sign of totalitarianism as technological efficiency. So I'm sure your viewpoint sounds like you would wear a sandwich board on the highway if you believed the tinfoil hat worked.

I'm Shocked!!!

Ok, not really. Though I would be shocked if I found out that anyone else was shocked by this.

Re:I'm Shocked!!!

[TWX]

Yeah, I remember a movement several years ago to try to swamp them with too much information. The problem with this approach is that it doesn't account for ever-increasing storage density combined with a need to replace end-of-life equipment periodically, essentially guaranteeing that they'll never run out of space.

Re:I'm Shocked!!!

plus;
They can statistically analyze the data, and differentiate the chaff from the signal.

This isn't news

[GrandCow]

Really, is there anyone out there (reading this site) that doesn't know that you have no privacy anywhere anymore?

The actual question is: what are you going to do about it?

Re:This isn't news

not care, learn their cutesy wootsy bullshit (put fed keyloggers on cnc and watch hilarity ensue) , and slap their ass with the fucking bill until im physcially restrained.

Re:This isn't news

The shocking part is that it is continuing because Obama can't stop it. When the Bush crime family ruled, they wrote their edicts in such a way that subsequent Presidents cannot overturn them. That is the problem. Obama has fought hard for years to change things, but he legally can't with the Republican ScROTUS overruling every decision he has tried to make. It is Bush's fault things are like this, and it is his fault nothing can change.

Re:This isn't news

[Impy+the+Impiuos+Imp]

The Supreme Court is overruling Obama wanting to do less spying and being more open?

Re:This isn't news

[Troed]

The actual question is: what are you going to do about it?

I became an active politician (and since I'm in a non-two party dictatorship it made a difference). /me - board member of the Swedish Pirate Party

So Feds in the 2000s have the same data...

[retroworks]

... as credit card companies have been keeping on us since the 1980s?

Re:So Feds in the 2000s have the same data...

[wxxy___]

Except the credit card companies wont raid your house for shopping at the wrong store http://www.huffingtonpost.com/...

PCI-DSS

[Alioth]

As an organisation accredited to be following PCI-DSS, we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?

Re:PCI-DSS

I'd hardly call the Feds "anyone else".
Clearly they operate under a different set of rules and couldn't care less about credit card issuers' desires.

Re:PCI-DSS

[WaffleMonster]

Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?

What part of "any tangible thing" and third party doctrine does one suppose is non-applicable to card numbers?

Government is not bound by rules of the road created by industry.

Re:PCI-DSS

[Loki_1929]

As an organisation accredited to be following PCI-DSS

You aren't accredited to be following PCI because nobody is. There is no certificate. There is no special seal of approval. You provided security information to your acquiring bank(s) and you were allowed to process credit card transactions. There's no such thing as certification or accreditation for PCI.

we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?

Who says they're holding the PAN in plaintext? They can decrypt it to send it to the Feds as needed without keeping it in plaintext in their systems. The Feds have no agreement with an acquiring bank, so they don't have to worry about how they store it. Nobody can do anything to them. Any agreement the airlines have with their acquiring banks undoubtedly includes plenty of cover for Federal data reporting requirements (likely a blanket "if the Feds come calling, we're just going to give them everything"). So long as the acquiring banks have signed off on it, they're in the clear. And since all these guys would like to continue doing business in the largest economy in the world, nobody's going to say no.

Re:PCI-DSS

[SeatcheInpericulisau]

The NSA may be allowed all access to all information that an airlines has, including the full PAN, however, the airlines doesn't store the full PAN, if they were PCI-DSS compliant. If you assume that the airlines storage servers don't keep the full PAN, but the NSA has the full PAN, then the NSA is conducting man-in-the-middle attacks on its citizens. Sad that they would result to this. Sadder that it probably won't result in stopping a terrorist, or any criminal worth their salt. Just saying.

Re:PCI-DSS

[DRJlaw]

Who says they're holding the PAN in plaintext? They can decrypt it to send it to the Feds as needed without keeping it in plaintext in their systems.

So your argument is that they're reconstructing the PAN within the remarks section of the PNR by inserting decrypted credit card information back into the record?

I was most surprised to see my credit card detailsâ"full card number and expiration dateâ"published unredacted and in the clear. Fortunately, that credit card number has long expired, but I was nonetheless appalled to see it out there. American Airlines, which had created that particular PNR in 2005, did not immediately respond to my request for comment on how or why such detailed personal information would show up here. (In other instances, the majority of the number was Xâ(TM)d out.)

And they're doing it voluntarily...

Line 4 revealed my long-expired and since changed credit card number, in full. As a security precaution, we've redacted it here.

[Cannot link directly to first PNR graphic in TFA, but look at lines 4 and 5] And they're doing it in a field/line that looks like it cannot be differentiated from the immediately following name information...

Pull the other leg.

Re:PCI-DSS

[rlwhite]

You aren't accredited to be following PCI because nobody is. There is no certificate. There is no special seal of approval. You provided security information to your acquiring bank(s) and you were allowed to process credit card transactions. There's no such thing as certification or accreditation for PCI.

No, there's no certificate, but there is a process of documentation and testing commonly referred to as "certification" before you are allowed to process credit card transactions. I work in point of sale software development and have had to help retail chains overcome problems found in their certification tests. You either don't know what you're talking about, or you're playing a pointless semantic game.

Re:PCI-DSS

[Wildclaw]

Remember that PCI-DSS is a fairly new standard. A quick search got me a VISA document that listed january 1, 2008 as the date for phasing out old payment systems that didn't manage card numbers securely.

The plain text credit card number was apparently used in a transaction from 2005. Still a bad idea to use a plain text card number. But ompanies doing stupid stuff like that.is kind of the reason why PCI-DSS became mandatory in the first place.

Re:PCI-DSS

[operagost]

You aren't accredited to be following PCI because nobody is. There is no certificate. There is no special seal of approval. You provided security information to your acquiring bank(s) and you were allowed to process credit card transactions. There's no such thing as certification or accreditation for PCI.

What you have said implies that people can just declare they are PCI DSS compliant. This is not quite the case, except perhaps for very small vendors who self-assess (I am not one of these, and therefore have no experience). A QSA must be employed for the audit, and the QSA indeed must undergo approved training and certification. They sign off on the Report of Compliance (ROC).

Re:PCI-DSS

[WaffleMonster]

The NSA may be allowed all access to all information that an airlines has, including the full PAN, however, the airlines doesn't store the full PAN, if they were PCI-DSS compliant.

There is no prohibition against storage of PAN (e.g. card number) in the PCI-DSS. You are forbidden only from storing CVV2 and full track data from the mag stripe.

Re:PCI-DSS

[Loki_1929]

No, there's no certificate, but there is a process of documentation and testing commonly referred to as "certification" before you are allowed to process credit card transactions.

This depends entirely on the organization and their acquiring bank's requirements (ultimately the acquiring bank is the only one who matters, but most reasonably organizations develop their own process to ensure they're covered as much as possible). For many small businesses, they're often times just buying a cheap terminal and swiping away. The acquiring bank isn't pressing them for details of their security measures and they're often completely clueless about any requirements they're supposed to be meeting. They aren't bringing in a QSA. Even if they were, bring in three QSAs to any decently sized organization and get three different opinions about your scope and your compliance measures. Half the fun of PCI assessments is determining what the requirements mean, how they apply in your specific instance, and where scope ends. But the point is, there's no issuing authority to say that you're PCI compliant. There's no governing body certifying anyone. The only thing that's actually there are the contractual relationships between the merchant and the acquiring bank and the contractual relationships between the acquiring bank and the payment brands.

I work in point of sale software development and have had to help retail chains overcome problems found in their certification tests. You either don't know what you're talking about, or you're playing a pointless semantic game.

It's not a pointless semantic game because it's the unspoken risk for anyone accepting credit cards. Since there is no official PCI certification and since there is no agreement between QSAs on what the requirements mean in principle (let alone in practice in a specific organization's situation), the PCI SSC gets to stick the claim up on their website that no breach has ever occurred in a PCI-compliant vendor. Best of all, each individual payment brand actually gets to decide what requirements have to be met in which situation by which type of vendor doing what type of business at what scale and via which medium. The ambiguity and the leverage the payment brands hold allows them to arbitrarily decide who is and who isn't compliant at any given moment.

So you keep on doing your documentation and your testing processes (and you should, it's good practice), but if you think for a second your customers are somehow protected from Visa, Mastercard, etc in the event of a breach, you'd best think again. It's a shell game designed to ensure that whenever things go south, the payment brands are never the ones left holding the bag.

Re:PCI-DSS

[Loki_1929]

Self-assessment is the method used by the vast majority of small businesses, and they're often not even required to do even minimal work to get started. The acquiring bank will just set them up an account and start the ball rolling after Farmer Bob buys a cheap swipe terminal off eBay for the weekend Farmer's market and signs a couple papers. For those organizations that aren't self-assessing, they get to deal with the fact that QSAs often can't even agree on what some requirements mean in principle, let alone when applied to their specific circumstances. Show three different QSAs the same architecture and documentation, get three different reports. That ROC? That's good for toilet paper by the time the QSA pulls out of the parking lot. Don't believe me? Have a data breach and watch Visa roll in with auditors who won't leave until they find a reason to fail your compliance. That's just how the game is played.

All that said, people just declaring that they are PCI DSS compliant is actually exactly what happens. You tell the acquiring bank that you're PCI compliant (either via SAQ or QSA/ROC). If you've met certain levels of activity, the acquiring bank may pass along some paperwork regarding your audits to certain payment brands who require it. They then effectively state that your paperwork appears to be in order and begin processing your credit card transactions. At no point do they declare you PCI DSS compliant and they will most certainly toss your ass to the wolves the second there's a whiff of trouble. And even if they did say you were compliant at filing time, any QSA will tell you that any minor change, lapse, or mistake can completely alter the state of your compliance. From the PCI SSC website: "There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process."

In other words, yesterday you might have been compliant, and tomorrow you might be compliant, but today (always of course the day of the breach), you're non-compliant.

Does the country you're a national of....

[Mister+Liberty]

have a constitution that has some reknown, and maybe organized defenders of same?
If so, get in touch with them, organize, get active.

Re:Does the country you're a national of....

I'm looking for the "else" part of the conditional, but can't find one.

In Soviet USA

not spying on its citizens is a crime.

Not effective

[HangingChad]

This kind of mass data collection on everyone is a huge waste of resources. The more people you add to a database, the less relevant it becomes for anything. People who know trade craft, know how to cover their tracks and pollute big data. So this is basically a giant database of amateurs, stupid crooks and ordinary civilians.

Another problem with big data are the large numbers of errors. I've run big databases where users were motivated to provide good data and there were still gaps in the data, misspelled names, numbers transposed, and some entries locked out because they were trying to enter duplicate primary keys. Travel data is coming in fast, I can't imagine what the exception reports look like every day.

Re:Not effective

[linearz69]

Writing this off as not effective misses the point. Most reasonable people - certainly most reasonable technical people - know this is ineffective. But this isn't about finding terrorists.....

If a defense contractor can convince bureaucrats and politicians that an ineffective big system can effectively ID potential terrorist, then we are left with either a false sense of security and/or a lot of innocent people being treated like potential terrorists. It makes for good security theater at the expense of civil liberties.

Re:Not effective

... If a defense contractor ...

And of course a good deal for the defense contractor. And happy share holders, too.

Re:Not effective

[Antique+Geekmeister]

> This kind of mass data collection on everyone is a huge waste of resources.

Compared to the cost of intelligently filtering it down to unpredictably "relevant" information, and only storing that? Picking out only the "relevant" or even "legal to hold" information would be, in espionage terms, a complete waste of time, prone to error and reducing the effectiveness of exactly the sort of personal, detailed information which this helps gather.

I sincerely doubt that the NSA cares about the fine grained accuracy of such bulk data. That's what analysis is for, not filtering. And by collecting bulk information on US citizens, they've gathered an enormous currency in private data that can be provided to the US government without a warrant, or that can be traded with foreign intelligence to gather the information they _are_ chartered to obtain.

Re:Not effective

It's a waste of resources until the grand change over from oligarchy to full blown fascism then some parsing will take place, algorithms will be written and many many many people will disappear overnight.
Far-fetched? Maybe, but we thought the NSA having all internet traffic, including SSL, from every country in the world was far-fetched. It's only a matter of time.

Re:Not effective

> So this is basically a giant database of amateurs, stupid crooks and ordinary civilians.

That is why cops like to say criminals are stupid.
They only catch the stupid ones, in reality the smart ones never even show up on their radar.

Re: Not effective

Surrogate keys ftw

Re:Not effective

[c6gunner]

The more people you add to a database, the less relevant it becomes for anything.

Totally. Just like mass-surveys become more and more useless the more people you add to them. And scientific research becomes more and more useless the more data points you gather.

Re:Not effective

So this is basically a giant database of amateurs, stupid crooks and ordinary civilians.

This is quite useful if you're looking to cow the populace and/or "produce convictions" since that's how your effectiveness (and thus size of next year's budget) is measured. With this you can data mine for easy convictions (the low hanging fruit) and you can even take it up to eleven by data mining for "bad things", lobby for laws against them to be passed because they're really necessary don't you know, then throw the new book at your hapless victims, er, those never do wells you so fortuitously thought to keep track of well in advance.

The obvious problems ought to be obvious, but clearly aren't to many. The one thing I'll say about it is that any promises such powers won't be abused are void and therefore should be prohibited by law, reasons why left as an exercise.

This just in: PNRs include notes

[Shag]

I know, Occam's Razor would explain this by simply having all airline employees be psychic, but in fact, when you call and talk to someone, they note what you talked about, then when you call and talk to an entirely different person who magically knows what you talked about before, they're just reading that note. OMG!

Re:This just in: PNRs include notes

[russotto]

I know, Occam's Razor would explain this by simply having all airline employees be psychic, but in fact, when you call and talk to someone, they note what you talked about, then when you call and talk to an entirely different person who magically knows what you talked about before, they're just reading that note. OMG!

I've never actually had this experience when dealing with an airline; I typically have to explain the situation to each employee, often more than once.

if you've voted R or D...

If you've voted for a republic or democrat in the last 20 or 30 years, then congratulations.

This is your fault.

Re:if you've voted R or D...

[SuiteSisterMary]

Nonsense. For example, if you voted for Ross Perot, you're directly responsible for the Republicans losing the White House. If you voted for Nader, you're directly responsible for the Democrats losing the White House.

Either go back to your government as intended; that is to say, without political parties, or accept the fact that there are, in fact, political parties, and change your government setup to work with that.

Re:if you've voted R or D...

No, your post is nonsense. A vote signifies endorsement of a specific candidate and consent to be governed by their policies. If you voted for Perot or Nader, you voted because that is the government you wanted. If that candidate didn't win, it's hardly your fault.

Re:if you've voted R or D...

[bill_mcgonigle]

Nonsense. For example, if you voted for Ross Perot, you're directly responsible for the Republicans losing the White House.

That's silly - exit polls showed more Perot voters would have otherwise voted for Clinton than for Bush.

Either go back to your government as intended; that is to say, without political parties, or accept the fact that there are, in fact, political parties, and change your government setup to work with that.

That right there, though, is some good stuff.

Re:if you've voted R or D...

[jeIIomizer]

The only wasted vote is a vote for provably evil scumbags. To say that someone else might win because I cast my vote for someone who isn't an evil scumbag is extremely short-sighted; nothing is ever going to change if people do not take a stand. And win or not, people voting for third parties sends a message to The One Party.

Re: if you've voted R or D...

But i derive so much pleasure from my self-defeatist attitudes! Ego needs success then?

Re:if you've voted R or D...

Fine, but what if I want all of those bastards violating the peoples privacy out of the government? Then I couldn't care less whether that George W. Bush or this Obama Bush got in. The American people still lost, either way.

Re:if you've voted R or D...

The only wasted vote is a vote for provably evil scumbags. To say that someone else might win because I cast my vote for someone who isn't an evil scumbag is extremely short-sighted; nothing is ever going to change if people do not take a stand. And win or not, people voting for third parties sends a message to The One Party.

That's not been true for most of my adult life. I've voted for the lesser of two evils or against one I perceived as provably more evil.
The only time that wasn't true was when I voted for Bush2x2 - and that was just to see how the fuckstick would extract us from the middle east (note 12 years later our asses are still there). No, Matilda, we haven't left Iraq, yet.

Until we organize at a grassroots level and shock the fuck out of established politics, we will always be choosing a single-issue candidate because our populace is too stupid to realize how fucked they are. Squirrel!

Re:if you've voted R or D...

It's a democracy. It doesn't matter if you voted or who you voted for. You're still directly responsible for your government. People who disown responsibility after making the least required effort are immoral whiners.

Re:if you've voted R or D...

[SuiteSisterMary]

It's a democracy.

Given that the American government setup was SPECIFICALLY DESIGNED to avoid 'too much democracy,' I'd have to disagree with you, champ.

Re:if you've voted R or D...

[SuiteSisterMary]

No, see, that's the problem. You, as a voter, are presented with a choice. Do you vote for the candidate you actually want, knowing full well that the American system, as currently implemented, is specifically geared against third-party candidates? Or do you game the system, and aim for the best realistic outcome?

Re:if you've voted R or D...

[CyclistOne]

I agree.

Re:if you've voted R or D...

[jeIIomizer]

I've voted for the lesser of two evils or against one I perceived as provably more evil.

Then, as already pointed out, you're part of the problem. Have fun with your TSA, your Patriot Act, your mass government surveillance, and all the other constitutional and rights violations that the government is more than happy to shove on us, all because of voters' shortsightedness.

Re:if you've voted R or D...

[jeIIomizer]

Or do you game the system, and aim for the best realistic outcome?

That's not gaming the system; that's being a shortsighted, unprincipled moron and mindlessly going along with the status quo. I assure you that voting for evil scumbags does not 'stick it to the man' or do anything similar; it definitely doesn't "game the system." It's better to have principles and vote for someone you like even if there's virtually no chance they'll win than it is to vote for evil and ensure that nothing will likely ever change. Have fun with your self-fulfilling prophecies.

Re:if you've voted R or D...

[jeIIomizer]

So, if I participate in protests, vote for people aren't evil scumbags, get involved in my local government, and try to convince others to do the same, I'm directly responsible for evil scumbags being voted in, even though I have nothing to do with that? We're not even much of a democracy at all.

It seems more like you're trying to convince yourself that even doing the bare minimum (not voting for evil scumbags) is fine because other people who do don't accomplish much.

Re:if you've voted R or D...

Directly? No. Indirectly, maybe. Only those that voted for a particular candidate are directly responsible for that candidate's win (or other candidates') loss.

Re:if you've voted R or D...

[TangoMargarine]

SPECIFICALLY DESIGNED to avoid 'too much democracy,'

So you admit we have some.

Re:if you've voted R or D...

[SuiteSisterMary]

Well, America kinda half-asses it. One one hand, it's a republic, whereby you elect representatives. On the other hand, you vote directly on various propositions and what not. It's bloody weird.

Re:if you've voted R or D...

[SuiteSisterMary]

It's better principles, maybe, but it also guarantees that your vote is tossed away.

The system, as is, is designed to not allow third parties to win. Therefore, by voting third-party, you're implicitly not voting for a candidate that could actually win.

Like I said in another post, change the system. Somehow.

Re:if you've voted R or D...

[TangoMargarine]

On the other hand, having a monarch that in theory has the ability to veto any bill Parliament passes, but said privilege is in a Schroedinger state because they haven't exercised it since 1708 strikes me as a bit weird.

Is the U.K. a monarchy or a republic? Seems debatable.

(assuming since you said "bloody" you're from the UK)

Re:if you've voted R or D...

[jeIIomizer]

It's better principles, maybe, but it also guarantees that your vote is tossed away.

As I said, the only wasted vote is a vote for evil.

The system, as is, is designed to not allow third parties to win.

But they still did - once. And it replaced the main party.

Therefore, by voting third-party, you're implicitly not voting for a candidate that could actually win.

And by shortsightedly voting for evil scumbags, you are ensuring that evil will remain victorious, and that your prophecy (that third parties can't win) is self-fulfilling. And what of sending a message to the main party? If even enough people vote for third parties, it sends a message to them that they need to take action if they want to reclaim those votes.

But really, I'd feel like vomiting if I voted for either a republican or a democrat. What's really sad, though, is that most people don't even think of voting for evil scumbags as 'gaming the system'; they don't even put *that* much thought into it. Instead, they just mindlessly vote for a candidate for a certain party.

Re:if you've voted R or D...

[SuiteSisterMary]

Actually, I'm a proud socialist of Canuckistan. And our system certainly has it's quirks and foibles (and outright stupidities) as well, don't get me wrong.

Re:if you've voted R or D...

[SuiteSisterMary]

Yes, straight-ticket voting is horrid. But again, in a multi-party system, things tend to balance out towards the center. In a first-past-the-post system, the two sides are encouraged to move to the extremes.

Re:if you've voted R or D...

[jeIIomizer]

But again, in a multi-party system, things tend to balance out towards the center.

There is no definitive "center." That's about as meaningless as the words "extreme," "liberal," "conservative," "left," "right," etc. in the sense that they don't really tell you about the individual policies that a candidate supports. What I care about is whether someone supports good policies, not what "side" they're commonly attributed to. The "center" is not necessarily good, and what is sometimes considered "extreme" is not necessarily bad.

In a first-past-the-post system, the two sides are encouraged to move to the extremes.

I don't care about "extremes." What matters to me is that such systems encourage people vote for the 'lesser of two evils,' even if it's damn foolish to do so.

Re:if you've voted R or D...

[SuiteSisterMary]

You state that there is no 'center,' extreme, liberal, conservative, left, right, etc etc.

I find this odd, as 'left,' 'right,' 'liberal' and 'conservative' are political definitions. It's like saying there's no such thing as 'sweet' versus 'sour.'

The American system, of course, boils lib and con down to absurd extremes, and assumes an all-or-nothing take; pro choice? you're also pro gun control, etc etc.

Then you categorize some choices as 'evil.' Can you expound on that a bit?

Re:if you've voted R or D...

[jeIIomizer]

I find this odd, as 'left,' 'right,' 'liberal' and 'conservative' are political definitions.

Yes, they exist, but they're so vague that they're almost worthless.

The American system, of course, boils lib and con down to absurd extremes, and assumes an all-or-nothing take; pro choice? you're also pro gun control, etc etc.

That's one of the problems. Rather than focusing on useless labels and making all sorts of assumptions about someone based on how they or others label themselves, why not just do some research to see of the policies they support are overall good to you? Too many people just mindlessly vote for "left," "right," or "center" candidates, even though those labels don't really hold any useful information. Too many people blame the Other Side (usually "left" or "right") for all the world's wrongs. It's just a way to separate people uselessly.

Then you categorize some choices as 'evil.' Can you expound on that a bit?

I said that there are quite a few people who vote for what they personally believe is 'the lesser of two evils.'

A whole lot of whine

[dave562]

I read the article and while one might question why data is being stored that is almost a decade old, the data itself is not that big of a deal. Basically the airlines store all the information about how he bought the ticket and what his preferences were (seat assignments, meal choices, etc.) The call center agents kept notes on why he called.

All of the information is benign. They kept his credit card information in plain text which is lame, but I have yet to see a story about a CBP breach that led to a bunch of fraud. It could happen, and they should probably encrypt the data in the future, but it is not a massive, conspiracy re-enforcing revelation.

The only disconcerting thing is the length of the data retention. Once it is obvious that the plane did not go down and nobody flying was involved in any subsequent terrorist activities, the data should be purged.

Gestapo like? I am afraid to admit...[Yes]

[bogaboga]

My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.

Someone tell me there's a difference on this issue...Just this issue please.

Re:Gestapo like? I am afraid to admit...[Yes]

Gestapo was more direct. They didn't just interrogate, they also beated people up if they had the mood, and tortured at will. You should compare it to the stasi instead. From the late 1970s on they used almost no direct violence, no bruises you could show to others when you came out.

Re:Gestapo like? I am afraid to admit...[Yes]

[AHuxley]

The files and paper work to sort on a massive scale. Per city in German–occupied Europe the Gestapo staff count was not big considering the tasks.
Most work was done with informants and tips, letters. A vast network of local people wanting to settle grudges and grievance via denunciation.
A vast happy to help collaborative staff in different nations also worked very hard to clear out their cities..
Very few nations bothered to look into the huge numbers of collaborative staff after ww2. Most just returned to gov work with a few cover stories.
After the war some just reinvented their pasts and went back to basic police work and retirement.
ie its not so much the politics - its the badge, uniform, suit, car, the power and prestige. Reinventing a workplace change from post ww1 Germany, into ww2 Germany and then helping in the four occupation zones after ww2.
The difference is now the computers really work good. The difference is now the global telco sector really helps so much more. Todays staff work hard at sites to create double agents. Terms like ghost detainees, black sites and the roles of medical doctors listed as 'medical technicians' also point to complex tasks.
So with the data seen by the press, what was sorted on cards via complex rented sorting equipment during ww2 is now pre sorted as entered.

Murrica!

Murrica!

Re:Murrica!

[buckfeta2014]

FUCK YEAH!

Wait, no... Fuck you!

Re:Murrica!

At least in our country we are free to air this dirty laundry and debate it. You're the fucking idiot who thinks that because you don't hear about it in your country means that it doesn't go on there. I know which of the two countries I want to live in.

Re:Murrica!

land of the free idiots
FUCK YEAH

Folded, spindled, and mutilated.

[bmo]

"The population census has got him down as "dormanted". The Central Collective Storehouse computer has got him down as "deleted". [â¦] Information Retrieval has got him down as "inoperative". And thereâ(TM)s another one - security has got him down as "excised". Administration has got him down as "completed". ⦠Heâ(TM)s dead."

Brazil (1985)

IP's with out ISP logs are useless and even if the

[Joe_Dragon]

IP's with out ISP logs are useless and even if they have them ones from public networks are dead ends unless they have full logs as well.

Just another reason not to fly.....

[the_rajah]

My wife and I last flew commercial on 9-10-2001 out of LGA, the day before 9-11. My wife and I decided, the next day that, short of an emergency situation, we were done flying commercial. If we couldn't drive to get there, we didn't need to go. It's not because we were afraid of terrorists, but we saw what a hassle and invasion of privacy it would became.

Re:Just another reason not to fly.....

I think it might be hard for me to drive across the Atlantic Ocean on business.

Re:Just another reason not to fly.....

[Nkwe]

My wife and I last flew commercial on 9-10-2001 out of LGA, the day before 9-11. My wife and I decided, the next day that, short of an emergency situation, we were done flying commercial. If we couldn't drive to get there, we didn't need to go. It's not because we were afraid of terrorists, but we saw what a hassle and invasion of privacy it would became.

I hope that when you are driving, you don't use any toll roads and that when you buy gas or anything else, you use cash that you obtained from an ATM when you were at home. Best also not to drive through any intersections with red light cameras. You also might need to put optical filters on your license plates if you don't want to be tracked. There are lots of cameras out there.

Re:Just another reason not to fly.....

[Bing+Tsher+E]

They said 'hassle' not just 'invasion of privacy.' None of the things you listed amount to a hassle similar to that which regular people now face when they try to enter an airport terminal.

But that stuff you rambled on about certainly sounds like a hassle. Is that how you live your life? Really?

Re:Just another reason not to fly.....

[jeIIomizer]

But that stuff you rambled on about certainly sounds like a hassle. Is that how you live your life? Really?

I consider avoiding being tracked by government thugs to the best of my ability to be very important.

Re:Just another reason not to fly.....

Yes, and having intercontinental business that requires your physical presence (instead of being conducted by various wired communication mediums) is such a common problem for most people.

Re:Just another reason not to fly.....

[Nkwe]

But that stuff you rambled on about certainly sounds like a hassle. Is that how you live your life? Really?

Nope, I don't do any of it. I was just saying that if you are trying to avoid being tracked when traveling by avoiding flying, it won't do you any good. I travel a lot and I assume that I am tracked a lot.

Actually if you travel a lot, the hassle factor gets greatly reduced; when you travel by air frequently, you gain status with the airlines and they treat you much nicer. You also become eligible for TSA Pre / known traveler, which lets you go back to the simple "old school" security which is basically just walking through the metal detector and running your bags through the x-ray. No more taking coat and shoes off, extracting laptop and liquids, etc. It typically takes me 5-10 minutes from the time I arrive at the airport front door to the time I clear security.

Re:Just another reason not to fly.....

[whoever57]

My wife and I decided, the next day that, short of an emergency situation, we were done flying commercial. If we couldn't drive to get there, we didn't need to go. It's not because we were afraid of terrorists, but we saw what a hassle and invasion of privacy it would became.

Some of us have families the other sides of oceans. It's not so easy to give up flying.

Re:Just another reason not to fly.....

[SeatcheInpericulisau]

Thanks for the obvious. If the NSA is getting full credit card numbers no matter where you purchase, that would be a nice suprise, but at this pint, highly unlikely. (Yes I mean at this pint, because who can be sure without further evidence?). That said, if you think they gather all POS and internet transactions, do you have any proof? Just asking.

Re:Just another reason not to fly.....

[gl4ss]

good news!

the invasion of privacy according to the data started long, long before 9/11!

Re:Just another reason not to fly.....

People change their habits and behaviors if they think they are being spied on. Simple really.
The evidence is out that the Stasi are IN fashion, plus I already know they they have interviewed my associates.
Time to ladle out deception and misinformation.
Add mangled tongue twisters in your phone conversations. Be seen shaking hands with your local politician, then follow up with a call saying you gave him money/ice or incriminating photos. Subscribe him up to Jihad weekly or the like. It takes 1% of false positives to screw up any megabase. The more outlandish, the better. Remember, you are creating employment for the mentally retarded, who are fully into sniffing and snorting. Googling works too - local congresscritter + underage + ??. And if they deny it - it must be true!

Re:Just another reason not to fly.....

Wow.. so you will never see the rest of world. Sad !!

Re:Just another reason not to fly.....

I am curious by what logic is it determined that frequent flying reduces risk, because otherwise all that one has to do is fly frequently to be able to miss on all the terminal fun. It must be an assumption that "they" lack the funds required - but that can also be accomplished by having a job that requires you to fly frequently.

Re:Just another reason not to fly.....

[zlives]

well, fuck!!! and we thought we were special

Re:Just another reason not to fly.....

[rp]

Don't you own a cell phone?

Re:Just another reason not to fly.....

[Nkwe]

I am curious by what logic is it determined that frequent flying reduces risk

I don't think that it is frequent flying itself that reduces risk. Rather if you fly frequently, the airlines consider you a better customer. Since the airlines want to keep their better customers, they try and make life easier for customers by reducing the airline related "hassles". The airline related hassles don't have anything to do with risk. What some airlines also do is sponsor their better customers for the TSA Pre program, which does reduce risk. Risk in TSA Pre is reduced by background checks.The cost of these checks theoretically covered by the application fee that the airlines pay on their customers' behalf.

Re:Just another reason not to fly.....

[jeIIomizer]

No.

Re:IP's with out ISP logs are useless and even if

[WaffleMonster]

IP's with out ISP logs are useless and even if they have them ones from public networks are dead ends unless they have full logs as well.

Perhaps some 20 years ago when millions browsed the web from AOL behind a complex series of proxy server.

Today everyone has always on broadband at home with long lived IP addresses. Knowing the user or household associated with an IP with some degree of accuracy seems to me to be anything but useless.

Re:IP's with out ISP logs are useless and even if

[z0idberg]

Not useless.

Can you not cross-reference the IP address of known transactions (booking a flight with credit card/personal info), with unknown transactions (emails intended to be sent anonymously, visits to "offensive/dangerous/terrorist" sites etc) to determine who is doing what?

Yes, there are ways around masking your IP source and identity if you go to the trouble, but that doesn't mean everyone takes those measures.

meh

As long as you dont get their river trip special your ok.

Re:IP's with out ISP logs are useless and even if

[the+eric+conspiracy]

If you are paranoid change the router MAC address on a regular basis.

Blah blah neo-con police state apologetics

What's up with all the neo/con / neo-con apologist postings around here lately?

  As if history doesn't exist and anyone should even have to explain why police states/policies are unjust and inhumane.

Non Story

[aepervius]

Back before PCI DSS we used to store everything we got during the booking process. And that include FOP (Form Of payment, CA cash, CC Credit Card, CH Checks, government card have another code etc...), FOID (Form of Identification - often Passport number nowadays but used to be FF card and CC card) confidential remarks (financial data) non confidential remarks (address, tel numbers, etc... And for a web based system , yes the IP you used). Everything you have directly or indirectly was saved i the PNR. And when CAPS 2 came up yes all that was sent indiscriminately to the US government , privacy be damned. Only recently when PCI DSS came up the airline started to blank our new PNR , but in some case for interline you may need to still send the CC (Can't recall which interline ticketing scenario - not refund as interline refund is not allowed by any airline i know of - maybe exchange to keep old FOP and new FOP in synch). Old PNR were never really corrected, especially all that was sent to the US government.

Bottom line : that's sadly a non story.

When the spooks ...

[Martin+S.]

When the spooks treat the entire public as the enemy is probably the the time to recognise the spooks are the enemy of civil society.

PNR's are not new

[Ronin+Developer]

When I used to work for the IT of a very large travel agency in the late 1990's/early 2K's, our systems interacted with the computer reservations systems (CRS') of the major airlines, hotel and rental car chains. Every little detail of a call, itinerary, preferences and even comments by the travel agents are recorded. This information is collected by both travel agents on behalf of the travel firms so that they can provide better customer service (or, in the case of asshat travellers, give the agent a heads up).

We, as a travel agents could see the PNRs of all the airlines, hotels and rental car companies we did business with. And, we kept information on our corporate and personal clients in our own CRS as well - often, it included information extracted from those other systems so we could present it in a manner useful for our agents.

The point? The point is that this information has been available to 3rd parties for years under agreement. Since 9/11, right or wrong, the gov't has become more interested in your travel plans. This is, especially, true if you are a person of interest. Imagine what they have on your when the merge your credit card info / purchases, gas and food purchases, toll records, call records (meta data or actual, recorded calls) bank records, health records, video feeds, DMV records, and social media...Imagine the picture they can paint on each one of us under the guise of "National Security".

None of this is new. Only now are people beginning to understand what data is collected and available to those who want to know more about you. And, only now, do we as society have the ability to aggregate all this information into a single profile about you. You can can for what they have on you. You, almost certainly, will not like what you see. And, you aren't going to see the intel they extracted from that info.

There is no privacy. We, as a society, have given up privacy for convenience. And, we have accepted what corporations push on us (i.e. ATM fees (which, used to be free, btw) ) as the price for the convenience.

Here's something else to consider - we put money into banks. Those banks use our money to make money via loans. And, they fail to pay any reasonable interest on the money you deposited and allowing them to use (I remember 6% on savings...today? maybe 0.5%..can't even buy A lunch on the interest payment). And, they have the balls to charge you for the "privilege" of having an account and accessing your own money. Worse, you HAVE to have an account if you desire the convenience of a credit card, debit card, loan, or even as a place to deposit your paycheck as many corporations don't like cutting checks. The gov't has access to all these accounts and transactions and we pay for it. This is all in the name of convenience. Convenient, isn't it?

You voted for 'em.

[XB-70]

It is long overdue that government surveillance becomes a major political issue. Yet, we are no longer represented by our elected officials who have been bought off by the oligarchy. Moreover, if you talk to 99% of citizens, they will simply shrug off news items like this and go back to the latest Kardashian wardrobe malfunction intrigue.

This isn't about paranoia, it's about the fact that our personal rights are being completely abrogated by governments that are out of our control.

Our true freedom is doomed until we demand action so that due process takes place - legally and by the rules.

It's time to use the system to give itself back to us: with court challenges and by voting out non-supportive elected officials.

Exposure of incompetence and malfeasance with articles such as this are where to begin.

Devil's Advocate

I don't think I will be making any friends with this post but I don't see why this is surprising or considered negative. I am in no way affiliated with the US Government, but, as I have said before, how would one go about find the proverbial "needle in a haystack" an actual threat might require without the haystack? Of course there is data stored on everyone (would you prefer to be a random unknown or known as "47, male, high-school teacher, boring, no criminal record, borrowed the Anarchists Cookbook from the library, no other red flags" when traveling?) and of course credit card data is saved - how else could you tell who is using which cards for what or correlate purchases from different vendors?

There have always been registers on everyone. Always. There will likely always be registers, aswell - how else would things like identification, the IRS, criminal justice databases and such function?

I understand that many people wish for what they believe is their "freedom", but in doing so they often overstep the bounds of social reaponsibility in the same way that those who collect data might overstep the necessary, or even useful. I can imagine some junior analyst at a three-letter organization reading all of these posts and looking for a possible pattern of possibly violent and dangerous dissent, seeing such a "the government knows too much" post and thinking, "Seriously? Do you think we care? I've been sifting for important data for hours. You are a sea of green flags long forgotten at the bottom of some filing cabinet and no one cares about your dog fetish. lol."