Slashdot Mirror
Ars Editor Learns Feds Have His Old IP Addresses, Full Credit Card Numbers
mpicpp writes with the ultimate results of Ars's senior business editor Cyrus Farivar's FOIA request. In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested, the United States Customs and Border Protection (CBP) turned over only basic information about my travel going back to 1994. So I appealed—and without explanation, the government recently turned over the actual PNRs I had requested the first time.
The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.
The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.
monkey nigger lips
He is a nosy bastard.
is there a surprise "twist" ending?
This is just basic customer information.
Why wouldn't they have this info? Storing it takes up a couple hundred bytes per passenger.
The Travelocity guy avoided telling the whole story. They do provide relevant information, but if the government has the PNR with all the remarks in it, then it likely came from Travelocity or Sabre.
Travel agencies and 3rd-party web sites, such as Travelocity. put all this encoded stuff into the remarks section of the PNR, it's all that "H-" stuff. When the PNR is sent to the airline, NONE of the remarks are transmitted. The airline doesn't receive your IP address, for example. Seat numbers, phone and contact information are transmitted in Special Service Request (SSR) and/or Other Service Information (OSI) fields. One major exception is that Travelocity and AA share the same PNR when booking AA.
Now, the airlines have to send a whole bunch of data about you to the TSA to get clearance for you to board. Look up Secure Flight / APIS / AQQ and you can learn a little bit about it.
A.
The new shell company for just this problem was already in the works, and the spam data has already been transferred.
They never made their money providing service, they made their money effectively blackmailing people to get their "domain squatted" domains back. Half a dozen companies like this tried to hire me in the middle of the dotcom boom, and they're not changed a bit except that now they have to change company names faster.
The government has files on everyone (or nearly everyone); people never suspected of, or implicated in, any crime.
How is this different from what the Stasi did?
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
Major Strasser: We have a complete dossier on you: Richard Blaine, American, age 37. Cannot return to his country. The reason is a little vague. We also know what you did in Paris, Mr. Blaine, and also we know why you left Paris.
[hands the dossier to Rick]
Major Strasser: Don't worry, we are not going to broadcast it.
Rick: [reading] Are my eyes really brown?
---- The above post was generated by the Turing Institute. Maybe.
... the feds store personal financial data at rest unencrypted ? That's nice to know.
When two totalitarian countries spy on its citizens data collection should not surprise anyone.
Remember in Asia it it North Korea. In North America it is USA.
Two regimes that hate any signs of freedom.
Ok, not really. Though I would be shocked if I found out that anyone else was shocked by this.
Really, is there anyone out there (reading this site) that doesn't know that you have no privacy anywhere anymore?
The actual question is: what are you going to do about it?
"Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
... as credit card companies have been keeping on us since the 1980s?
Gently reply
As an organisation accredited to be following PCI-DSS, we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?
Oolite: Elite-like game. For Mac, Linux and Windows
have a constitution that has some reknown, and maybe organized defenders of same?
If so, get in touch with them, organize, get active.
not spying on its citizens is a crime.
This kind of mass data collection on everyone is a huge waste of resources. The more people you add to a database, the less relevant it becomes for anything. People who know trade craft, know how to cover their tracks and pollute big data. So this is basically a giant database of amateurs, stupid crooks and ordinary civilians.
Another problem with big data are the large numbers of errors. I've run big databases where users were motivated to provide good data and there were still gaps in the data, misspelled names, numbers transposed, and some entries locked out because they were trying to enter duplicate primary keys. Travel data is coming in fast, I can't imagine what the exception reports look like every day.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I know, Occam's Razor would explain this by simply having all airline employees be psychic, but in fact, when you call and talk to someone, they note what you talked about, then when you call and talk to an entirely different person who magically knows what you talked about before, they're just reading that note. OMG!
Village idiot in some extremely smart villages.
If you've voted for a republic or democrat in the last 20 or 30 years, then congratulations.
This is your fault.
I read the article and while one might question why data is being stored that is almost a decade old, the data itself is not that big of a deal. Basically the airlines store all the information about how he bought the ticket and what his preferences were (seat assignments, meal choices, etc.) The call center agents kept notes on why he called.
All of the information is benign. They kept his credit card information in plain text which is lame, but I have yet to see a story about a CBP breach that led to a bunch of fraud. It could happen, and they should probably encrypt the data in the future, but it is not a massive, conspiracy re-enforcing revelation.
The only disconcerting thing is the length of the data retention. Once it is obvious that the plane did not go down and nobody flying was involved in any subsequent terrorist activities, the data should be purged.
My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.
Someone tell me there's a difference on this issue...Just this issue please.
Murrica!
"The population census has got him down as "dormanted". The Central Collective Storehouse computer has got him down as "deleted". [â¦] Information Retrieval has got him down as "inoperative". And thereâ(TM)s another one - security has got him down as "excised". Administration has got him down as "completed". ⦠Heâ(TM)s dead."
Brazil (1985)
IP's with out ISP logs are useless and even if they have them ones from public networks are dead ends unless they have full logs as well.
My wife and I last flew commercial on 9-10-2001 out of LGA, the day before 9-11. My wife and I decided, the next day that, short of an emergency situation, we were done flying commercial. If we couldn't drive to get there, we didn't need to go. It's not because we were afraid of terrorists, but we saw what a hassle and invasion of privacy it would became.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
IP's with out ISP logs are useless and even if they have them ones from public networks are dead ends unless they have full logs as well.
Perhaps some 20 years ago when millions browsed the web from AOL behind a complex series of proxy server.
Today everyone has always on broadband at home with long lived IP addresses. Knowing the user or household associated with an IP with some degree of accuracy seems to me to be anything but useless.
Not useless.
Can you not cross-reference the IP address of known transactions (booking a flight with credit card/personal info), with unknown transactions (emails intended to be sent anonymously, visits to "offensive/dangerous/terrorist" sites etc) to determine who is doing what?
Yes, there are ways around masking your IP source and identity if you go to the trouble, but that doesn't mean everyone takes those measures.
As long as you dont get their river trip special your ok.
Microsoft Kinect Spy System
THIS ARTICLE IS BEING SCRUBBED FROM THE NET. THE SITE IT WAS ORIGINALLY POSTED TO YANKED THE PLUG ON THEIR WHOLE SITE!!! COPY/PASTE THIS ARTICLE AS MUCH AS POSSIBLE TO DISCUSSION FORUMS, BLOGS, FACEBOOK, TWITTER, AND ARCHIVE AND MIRROR THIS DOCUMENT SO IT DOES NOT VANISH FOREVER!
"So you just got the Kinect/Xbox360 gaming system and you're having fun, hanging out in your underwear, plopped down in your favorite lounge chair, and playing games with your buddies. Yeah, it's great to have a microphone and camera in your game system so you can "Kinect" to your pals while you play, but did you read that Terms of Service Agreement that came with your Kinect thingy? No? Here, let me point out an important part of that service agreement.
If you accept the agreement, you "expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft, our partners, or our customers, including the enforcement of our agreements or policies governing your use of the Service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."
Did you catch that? Here, let me print the important part in really big letters.
"If you accept the agreement, you expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications⦠on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."
OK, is that clear enough for ya? When you use the Kinect system, you agree to allow Microsoft (and any branch of law enforcement or government they care to share information with) to use your Kinect system to spy on you. Maybe run that facial recognition software to check you out, listen to your conversations, and keep track of who you are communicating with.
I know this is probably old news to some, but I thought I would mention it because it pertains to almost all of these home game systems that are interactive. You have to remember, the camera and microphone contained in your game system have the ability to be hacked by anyone the game company gives that ability to, and that includes government snoops and law enforcement agents.
Hey, it's MICROSOFT. What did you expect?
And the same concerns apply to all interactive game systems. Just something to think about if you're having a "Naked Wii party" or doing something illegal while you're gaming with your buddies. Or maybe you say something suspicious and it triggers the DHS software to start tracking your every word. Hey, this is not paranoia. It's spelled out for you, right there in that Service Agreement. Read it! Here's one more part of the agreement you should be aware of.
"You should not expect any level of privacy concerning your use of the live communication features (for example, voice chat, video and communications in live-hosted gameplay sessions) offered through the Service."
Did you catch it that time? YOU SHOULD NOT EXPECT ANY LEVEL OF PRIVACY concerning your voice chat and video features on your Kinect box."
###
"Listen up, you ignorant sheep. Your government is spending more money than ever to spy on its own citizens. That's YOU, my friend. And if you're one of these people who say, "Well I ain't ever done nothing wrong so why should I worry about it?' - you are dead wrong. Our civil liberties are being taken away faster than you can spit. The NSA is working away on its new "First Intelligence Community Comprehensive National Cyber-security Initiative Data Center' to keep track of every last one of us. This thing will be the size of 17 football stadiums. One million square feet, all to be fille
"Is Your Antivirus Tracking You? You'd Be Surprised At What It Sends"
by Chris Hoffman, 28th May, 2014, MakeUseOf.com
############
PLEASE READ THE PDF. THE QUOTE FROM THIS ARTICLE DRAWS REFERENCE TO WEB URLs BUT IN ORDER TO PROPERLY COMPREHEND THE MAGNITUDE OF DATA COLLECTION, YOU NEED TO READ THE PDF. PREPARE TO BE FLOORED.
DOWNLOAD THE PDF. STORE IT. CONVERT IT TO OTHER FORMATS. SHARE IT. MAKE SURE IT IS ALWAYS AVAILABLE SOMEWHERE ON-LINE OTHER THAN THE SOURCE BELOW. DON'T BLINDLY TRUST ARCHIVE.ORG OR SITES LIKE IT TO KEEP IT FOR YOU.
EVERYONE NEEDS TO READ THIS PDF BEFORE CONTINUING TO USE ANTI-VIRUS PROGRAMS.
############
"Your antivirus software is watching you. A recent study shows that popular antivirus applications like Avast assign your computer a unique identifier and send a list of all web addresses you visit to the manufacturer. If the antivirus finds a suspicious document, it will send the document to the antivirus company. Yes, your antivirus company might have a list of web pages you've visited along with your sensitive personal documents!
AV-Comparatives' Data Transmission Report
We're getting this information from AV-Comparative's Data transmission in Internet security products report, released on May 8, 2014. AV-Comparatives is an antivirus testing and comparison organization.
The study was performed by analyzing antivirus products running in a virtual machine to see what they sent to the antivirus company, reading each antivirus product's end user license agreement (EULA), and sending a detailed questionnaire to each antivirus company so they could explain what their products do........""
############
Rest of article and comments here: .PDF - The Study, dated May 20, 2014: .PDF-To-Images Free 0n-Line Viewer:
http://www.makeuseof.com/tag/a...
http://www.av-comparatives.org...
http://view.samurajdata.se/
If you are paranoid change the router MAC address on a regular basis.
What's up with all the neo/con / neo-con apologist postings around here lately?
As if history doesn't exist and anyone should even have to explain why police states/policies are unjust and inhumane.
Back before PCI DSS we used to store everything we got during the booking process. And that include FOP (Form Of payment, CA cash, CC Credit Card, CH Checks, government card have another code etc...), FOID (Form of Identification - often Passport number nowadays but used to be FF card and CC card) confidential remarks (financial data) non confidential remarks (address, tel numbers, etc... And for a web based system , yes the IP you used). Everything you have directly or indirectly was saved i the PNR. And when CAPS 2 came up yes all that was sent indiscriminately to the US government , privacy be damned. Only recently when PCI DSS came up the airline started to blank our new PNR , but in some case for interline you may need to still send the CC (Can't recall which interline ticketing scenario - not refund as interline refund is not allowed by any airline i know of - maybe exchange to keep old FOP and new FOP in synch). Old PNR were never really corrected, especially all that was sent to the US government.
Bottom line : that's sadly a non story.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
When the spooks treat the entire public as the enemy is probably the the time to recognise the spooks are the enemy of civil society.
When I used to work for the IT of a very large travel agency in the late 1990's/early 2K's, our systems interacted with the computer reservations systems (CRS') of the major airlines, hotel and rental car chains. Every little detail of a call, itinerary, preferences and even comments by the travel agents are recorded. This information is collected by both travel agents on behalf of the travel firms so that they can provide better customer service (or, in the case of asshat travellers, give the agent a heads up).
We, as a travel agents could see the PNRs of all the airlines, hotels and rental car companies we did business with. And, we kept information on our corporate and personal clients in our own CRS as well - often, it included information extracted from those other systems so we could present it in a manner useful for our agents.
The point? The point is that this information has been available to 3rd parties for years under agreement. Since 9/11, right or wrong, the gov't has become more interested in your travel plans. This is, especially, true if you are a person of interest. Imagine what they have on your when the merge your credit card info / purchases, gas and food purchases, toll records, call records (meta data or actual, recorded calls) bank records, health records, video feeds, DMV records, and social media...Imagine the picture they can paint on each one of us under the guise of "National Security".
None of this is new. Only now are people beginning to understand what data is collected and available to those who want to know more about you. And, only now, do we as society have the ability to aggregate all this information into a single profile about you. You can can for what they have on you. You, almost certainly, will not like what you see. And, you aren't going to see the intel they extracted from that info.
There is no privacy. We, as a society, have given up privacy for convenience. And, we have accepted what corporations push on us (i.e. ATM fees (which, used to be free, btw) ) as the price for the convenience.
Here's something else to consider - we put money into banks. Those banks use our money to make money via loans. And, they fail to pay any reasonable interest on the money you deposited and allowing them to use (I remember 6% on savings...today? maybe 0.5%..can't even buy A lunch on the interest payment). And, they have the balls to charge you for the "privilege" of having an account and accessing your own money. Worse, you HAVE to have an account if you desire the convenience of a credit card, debit card, loan, or even as a place to deposit your paycheck as many corporations don't like cutting checks. The gov't has access to all these accounts and transactions and we pay for it. This is all in the name of convenience. Convenient, isn't it?
This isn't about paranoia, it's about the fact that our personal rights are being completely abrogated by governments that are out of our control.
Our true freedom is doomed until we demand action so that due process takes place - legally and by the rules.
It's time to use the system to give itself back to us: with court challenges and by voting out non-supportive elected officials.
Exposure of incompetence and malfeasance with articles such as this are where to begin.
*** Don't be dull.***
I don't think I will be making any friends with this post but I don't see why this is surprising or considered negative. I am in no way affiliated with the US Government, but, as I have said before, how would one go about find the proverbial "needle in a haystack" an actual threat might require without the haystack? Of course there is data stored on everyone (would you prefer to be a random unknown or known as "47, male, high-school teacher, boring, no criminal record, borrowed the Anarchists Cookbook from the library, no other red flags" when traveling?) and of course credit card data is saved - how else could you tell who is using which cards for what or correlate purchases from different vendors?
There have always been registers on everyone. Always. There will likely always be registers, aswell - how else would things like identification, the IRS, criminal justice databases and such function?
I understand that many people wish for what they believe is their "freedom", but in doing so they often overstep the bounds of social reaponsibility in the same way that those who collect data might overstep the necessary, or even useful. I can imagine some junior analyst at a three-letter organization reading all of these posts and looking for a possible pattern of possibly violent and dangerous dissent, seeing such a "the government knows too much" post and thinking, "Seriously? Do you think we care? I've been sifting for important data for hours. You are a sea of green flags long forgotten at the bottom of some filing cabinet and no one cares about your dog fetish. lol."