Slashdot Mirror
Ars Editor Learns Feds Have His Old IP Addresses, Full Credit Card Numbers
mpicpp writes with the ultimate results of Ars's senior business editor Cyrus Farivar's FOIA request. In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested, the United States Customs and Border Protection (CBP) turned over only basic information about my travel going back to 1994. So I appealed—and without explanation, the government recently turned over the actual PNRs I had requested the first time.
The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.
The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.
He is a nosy bastard.
The Travelocity guy avoided telling the whole story. They do provide relevant information, but if the government has the PNR with all the remarks in it, then it likely came from Travelocity or Sabre.
Travel agencies and 3rd-party web sites, such as Travelocity. put all this encoded stuff into the remarks section of the PNR, it's all that "H-" stuff. When the PNR is sent to the airline, NONE of the remarks are transmitted. The airline doesn't receive your IP address, for example. Seat numbers, phone and contact information are transmitted in Special Service Request (SSR) and/or Other Service Information (OSI) fields. One major exception is that Travelocity and AA share the same PNR when booking AA.
Now, the airlines have to send a whole bunch of data about you to the TSA to get clearance for you to board. Look up Secure Flight / APIS / AQQ and you can learn a little bit about it.
A.
full Credit card numbers is not just basic Info, imagine a data breach.
The government has files on everyone (or nearly everyone); people never suspected of, or implicated in, any crime.
How is this different from what the Stasi did?
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
Major Strasser: We have a complete dossier on you: Richard Blaine, American, age 37. Cannot return to his country. The reason is a little vague. We also know what you did in Paris, Mr. Blaine, and also we know why you left Paris.
[hands the dossier to Rick]
Major Strasser: Don't worry, we are not going to broadcast it.
Rick: [reading] Are my eyes really brown?
---- The above post was generated by the Turing Institute. Maybe.
Really, is there anyone out there (reading this site) that doesn't know that you have no privacy anywhere anymore?
The actual question is: what are you going to do about it?
"Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
... as credit card companies have been keeping on us since the 1980s?
Gently reply
As an organisation accredited to be following PCI-DSS, we would be crucified if the PCI auditor found us holding the PAN (the long number on the front of your credit card, PAN = primary account number) in plain text. Surely the airlines/booking agents should not be passing the PAN to anyone else if they are following PCI-DSS (which is mandatory if you want to accept card payments)?
Oolite: Elite-like game. For Mac, Linux and Windows
have a constitution that has some reknown, and maybe organized defenders of same?
If so, get in touch with them, organize, get active.
Not correct.
You can have a certain --even high-- degree of freedom, and still be under more or less total control.
The latter is the program that has been initiated quite some time ago.
Those in power, a minuscule pertentage of the population, need to consolidate that power. How you
do that? By gaining total control over the masses
It's so simple it could've been a conspiracy -- if it weren't for the sheer number oif stories like these
popping up every day, and then some.
Get organized!
Because most of the time the airline blacks out most of the Credit Card before sending it to the Feds. In theory the Fed're only supposed to have the last four digits, because that should be enough (when combined with name and expiration date) to identify the card.
This is actually a pretty typical story on this issue. The Feds collect data that can be very useful in searching for terrorists, but they don't actually look at it much. They do a computer search, and most of it will never come up. So the airline sent them more then it should, and maybe somebody noticed, but nobody cared. So it got sent to his file folders (both electronic and physical). Then he FOIA'd the info, and since nobody FOIA's the info they had no procedure to respond to the FOIA, so he got it in a ridicuklous way (two batches, the first batch of which he had not asked for, and the second batch seems to have been totally unexpected).
If you think privacy rights are incredibly important, and are sincerely worried that Obama isn't enforcing them better, it's terrifying that a federal Agent could have stolen his CC info. And it's even more terrifying that there's no bureaucrat in charge of purging irrelevant info (like his CC number).
If you're me, and you take a more philosophical view of the whole issue, you note that a bureaucrat in charge of looking at his info would have looked at his info. Said info was highly unlikely to leak from the TSA to anyone else unless a) they had probable cause due to some investigation, or b) some enterprising agent decided to go over his file and verify it. Federal agencies just don't share information with each-other the way privacy purists imagine in their nightmares, rather they horde it and then exaggerate the info-horde's usefulness in powerpoints demanding an increased budget.
This kind of mass data collection on everyone is a huge waste of resources. The more people you add to a database, the less relevant it becomes for anything. People who know trade craft, know how to cover their tracks and pollute big data. So this is basically a giant database of amateurs, stupid crooks and ordinary civilians.
Another problem with big data are the large numbers of errors. I've run big databases where users were motivated to provide good data and there were still gaps in the data, misspelled names, numbers transposed, and some entries locked out because they were trying to enter duplicate primary keys. Travel data is coming in fast, I can't imagine what the exception reports look like every day.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
How do you think all those companies let you pay without re-entering payment info?
They store your credit card number.
Sure it sucks if they get hacked or whatever, but that's the way it is.
They whole idea that you can use someones credit card just by knowing some numbers is stupid anyway.
Untick "keep my credit card information for future payments". In vast majority of the cases, that means company doesn't keep your info after payment has been received.
So, do you believe abuses like those described here do not happen as a regular course of business: "NSA Employees Routinely Pass Around Nude Photos Obtained Via Mass Surveillance" http://www.zerohedge.com/news/...
I find that naive. Now, do I care? Not really. But I understand why some people might, and I don't consider that privacy purity.
Nonsense. For example, if you voted for Ross Perot, you're directly responsible for the Republicans losing the White House. If you voted for Nader, you're directly responsible for the Democrats losing the White House.
Either go back to your government as intended; that is to say, without political parties, or accept the fact that there are, in fact, political parties, and change your government setup to work with that.
Vintage computer games and RPG books available. Email me if you're interested.
The files and paper work to sort on a massive scale. Per city in German–occupied Europe the Gestapo staff count was not big considering the tasks.
Most work was done with informants and tips, letters. A vast network of local people wanting to settle grudges and grievance via denunciation.
A vast happy to help collaborative staff in different nations also worked very hard to clear out their cities..
Very few nations bothered to look into the huge numbers of collaborative staff after ww2. Most just returned to gov work with a few cover stories.
After the war some just reinvented their pasts and went back to basic police work and retirement.
ie its not so much the politics - its the badge, uniform, suit, car, the power and prestige. Reinventing a workplace change from post ww1 Germany, into ww2 Germany and then helping in the four occupation zones after ww2.
The difference is now the computers really work good. The difference is now the global telco sector really helps so much more. Todays staff work hard at sites to create double agents. Terms like ghost detainees, black sites and the roles of medical doctors listed as 'medical technicians' also point to complex tasks.
So with the data seen by the press, what was sorted on cards via complex rented sorting equipment during ww2 is now pre sorted as entered.
Domestic spying is now "Benign Information Gathering"
> And we can actually be quite sure it was not widely shared at the TSA, because if it had been some asshole would have stolen his Credit Card number.
Except that they're available, in bulk, to whoever administers that database. And a theft or loss of a backup of that database is hideously unlikely to ever be reported, for "national security reasons" but also to reduce bureaucratic business. And given the history of federal agency personal and political fraud against private citizens, especially politically active citizens, it verifies that they have far too much data, far too easily accessed, available at whim for whatever purpose is desired.
Just because "it's boring text" does not mean it's not incredibly useful for political espionage or frame-ups. Please, do not try to claim that it "wouldn't happen here" The abuse of confidential federal information to harass political opponents certainly _has_ happened here, in the McCarthy hunt for Communits, with the Committee to Re-Elect the President in Nixon's presidential reign whose failures cost Richard Nixon his presidency, and with the Valerie Plame affair during George W. Bush's presidency.
The collection and aggregation of "uninteresting" private information or "metadata" represent risks to political careers and private liberty that will not cease simply because "who would care" or "it's dull". It's hardly dull to be able to use someone's personal information and credit card data to track the nature, times, and location of _every purchase_, and have warrant free monitoring of travels and personal business. And there is, effectively, no oversight of such access because it's the NSA: they operate under a tremendous shroud of national security that prevents rational oversight of such sensitive information.
"reuse your stored credit card information for future payments"
is what they really mean.
My wife and I last flew commercial on 9-10-2001 out of LGA, the day before 9-11. My wife and I decided, the next day that, short of an emergency situation, we were done flying commercial. If we couldn't drive to get there, we didn't need to go. It's not because we were afraid of terrorists, but we saw what a hassle and invasion of privacy it would became.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
You realize Hoover never had access to any non-FBI database? Neither did HUAC at al. And there are plenty of Federal databases besides the FBI. In another thread I mentioned three that are actually a lot more dangerous, and a lot older, then anything we're talking about: the Census, Social Security, and the IRS. Neither the CREEPs nor the Plame Scandal involved the use of a Federal database. Plame was not even a database at all. Rove was talking to a random guy about her husband, and he mentioned the CIA connection. The CREEP did not abuse any Federal databases, it tried to steal information that could not be added to those databases (like reports from the shrink of a guy who pissed Nixon off).
I'll note here you haven't managed to quote the only actual example of a Federal database being used against US Citizens (Japanese internment).
So while I will agree, that in theory this database could be used by a future Hoover, I will also point out that it is quite useful in numerous actual law enforcement situations. Terrorism actually exists, even tho we like to pretend it no longer counts just because almost all the victims are black Africans. I disagree with much of the war on drugs, but the drug runners are not nice people. Both groups use the US Air network, and if there's any pattern to their usage we can't find that out unless it's recorded somewhere. Given that the US Government is pretty consistent in it's evils (they tend to involve totally ignoring the Constitution to get new data, and/or abuse minorities; using data from existing data sources just isn't the MO), the long-term risk of them abusing old data is quite low. Call it 5%.
So we have a database, that will be useful in numerous perfectly legitimate law enforcement operations, and a small risk of it leading to bad things. You're free to conclude any risk is too much, but I think that risk is fine.
FUCK YEAH!
Wait, no... Fuck you!
Buck Feta. You know what to do.
Governments abuse their power. I did not come to this conclusion from this incident. This incident is yet another example of innumerable examples in history. You think this new scenario is an exception based on... I don't know what.
The surprise twist ending is when we end up with an authoritarian regime because too many people just sighed and said, "this is news?" any time something that should outrage us happened.
http://www.rootstrikers.org/
Anyone who believes that, go stand on your head in the corner and be counted.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
The only wasted vote is a vote for provably evil scumbags. To say that someone else might win because I cast my vote for someone who isn't an evil scumbag is extremely short-sighted; nothing is ever going to change if people do not take a stand. And win or not, people voting for third parties sends a message to The One Party.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
The Nisei were a wholesale incarceration, and was quite public. I was referring more to illegal acts in living memory. The other acts involved the abuse of private information, held in federal hands. It doesn't have to be in a database. The extent of the data and its ease of access _expand_ the risk, not reduce it.
> So we have a database, that will be useful in numerous perfectly legitimate law enforcement operations, and a small risk of it leading to bad things
The "risk" is real. I'm afraid that its abuse is inevitable with so much data concentrated behind closed doors, without any judicial review or enforceable consequences for its misuse.
Vote your heart when it comes to elections, even if statistically speaking, the candidate is going to lose. If enough people stopped voting for the lesser of two evils, and for someone whom they really want to be elected, I wonder what will happen?
The problem is in your phrasing of it as 'government abuses'. In the most part, it's not 'the government', as a monolithic entity acting based on policy that is abusing the power, it's individuals whose abuses are enabled by the government's programs. There's a political split over whether you can trust 'the government', but both sides agree that you probably can't trust an underpaid civil servant with a napoleon complex.
I am TheRaven on Soylent News
You guys are stuck with a stupid two-party system, all you can do is vote for the lesser of two evils.
Get free satoshi (Bitcoin) and Dogecoins
You guys are stuck with a stupid two-party system, all you can do is vote for the lesser of two evils.
The solution is obvious: vote Cthulhu
When I used to work for the IT of a very large travel agency in the late 1990's/early 2K's, our systems interacted with the computer reservations systems (CRS') of the major airlines, hotel and rental car chains. Every little detail of a call, itinerary, preferences and even comments by the travel agents are recorded. This information is collected by both travel agents on behalf of the travel firms so that they can provide better customer service (or, in the case of asshat travellers, give the agent a heads up).
We, as a travel agents could see the PNRs of all the airlines, hotels and rental car companies we did business with. And, we kept information on our corporate and personal clients in our own CRS as well - often, it included information extracted from those other systems so we could present it in a manner useful for our agents.
The point? The point is that this information has been available to 3rd parties for years under agreement. Since 9/11, right or wrong, the gov't has become more interested in your travel plans. This is, especially, true if you are a person of interest. Imagine what they have on your when the merge your credit card info / purchases, gas and food purchases, toll records, call records (meta data or actual, recorded calls) bank records, health records, video feeds, DMV records, and social media...Imagine the picture they can paint on each one of us under the guise of "National Security".
None of this is new. Only now are people beginning to understand what data is collected and available to those who want to know more about you. And, only now, do we as society have the ability to aggregate all this information into a single profile about you. You can can for what they have on you. You, almost certainly, will not like what you see. And, you aren't going to see the intel they extracted from that info.
There is no privacy. We, as a society, have given up privacy for convenience. And, we have accepted what corporations push on us (i.e. ATM fees (which, used to be free, btw) ) as the price for the convenience.
Here's something else to consider - we put money into banks. Those banks use our money to make money via loans. And, they fail to pay any reasonable interest on the money you deposited and allowing them to use (I remember 6% on savings...today? maybe 0.5%..can't even buy A lunch on the interest payment). And, they have the balls to charge you for the "privilege" of having an account and accessing your own money. Worse, you HAVE to have an account if you desire the convenience of a credit card, debit card, loan, or even as a place to deposit your paycheck as many corporations don't like cutting checks. The gov't has access to all these accounts and transactions and we pay for it. This is all in the name of convenience. Convenient, isn't it?
Given that the American government setup was SPECIFICALLY DESIGNED to avoid 'too much democracy,' I'd have to disagree with you, champ.
Vintage computer games and RPG books available. Email me if you're interested.
This isn't about paranoia, it's about the fact that our personal rights are being completely abrogated by governments that are out of our control.
Our true freedom is doomed until we demand action so that due process takes place - legally and by the rules.
It's time to use the system to give itself back to us: with court challenges and by voting out non-supportive elected officials.
Exposure of incompetence and malfeasance with articles such as this are where to begin.
*** Don't be dull.***
I've voted for the lesser of two evils or against one I perceived as provably more evil.
Then, as already pointed out, you're part of the problem. Have fun with your TSA, your Patriot Act, your mass government surveillance, and all the other constitutional and rights violations that the government is more than happy to shove on us, all because of voters' shortsightedness.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Or do you game the system, and aim for the best realistic outcome?
That's not gaming the system; that's being a shortsighted, unprincipled moron and mindlessly going along with the status quo. I assure you that voting for evil scumbags does not 'stick it to the man' or do anything similar; it definitely doesn't "game the system." It's better to have principles and vote for someone you like even if there's virtually no chance they'll win than it is to vote for evil and ensure that nothing will likely ever change. Have fun with your self-fulfilling prophecies.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
So, if I participate in protests, vote for people aren't evil scumbags, get involved in my local government, and try to convince others to do the same, I'm directly responsible for evil scumbags being voted in, even though I have nothing to do with that? We're not even much of a democracy at all.
It seems more like you're trying to convince yourself that even doing the bare minimum (not voting for evil scumbags) is fine because other people who do don't accomplish much.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.