The NSA Is Also Grabbing Millions Of Credit Card Records
from the so.-much.-hay. dept
In addition to everything else it's collecting, the NSA also has millions of international credit card transactions stashed away in its databases, according to documents viewed by Spiegel.
The information from the American foreign intelligence agency, acquired by former NSA contractor and whistleblower Edward Snowden, show that the spying is conducted by a branch called "Follow the Money" (FTM). The collected information then flows into the NSA's own financial databank, called "Tracfin," which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.On one hand, what the NSA is doing is exactly what the NSA should be doing: tracing the money flow of terrorist organizations.
Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to "collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions."This is part of the Terrorist Finance Tracking Program, which was set up shortly after the 9/11 attacks and gave the US government access to the SWIFT (Society for Worldwide Interbank Financial Telecommunication) database. This, in and of itself, is not news, having been exposed in 2006. Documents uncovered then showed the program had been in place since 2002, with permission extended to the CIA and the Treasury Dept. as part of Bush's "Global War on Terror."
What is new, however, is the fact that the NSA is targeting transactions from major credit card companies, like VISA. This has quite a bit more potential for misuse than SWIFT, which records only banking transactions. VISA responded to this new information with the same quasi-denial we've seen from several other companies whose links to the NSA have been exposed.
"We are not aware of any unauthorized access to our network. Visa takes data security seriously and, in response to any attempted intrusion, we would pursue all available remedies to the fullest extent of the law. Further, its Visa's policy to only provide transaction information in response to a subpoena or other valid legal process."Of course, this isn't "unauthorized" access, not when gathered with a court order or subpoena. But this isn't as tightly controlled as the spokesperson makes it appear. If pursuing data for "counterterrorism" purposes, the NSA is allowed to skirt the protections of the Right to Financial Privacy Act, thanks to an amendment in the PATRIOT Act. But even with these legal options, it appears the NSA would still rather pursue this in an extralegal fashion in order to circumvent the warrant process.
NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company's complex transaction network for tapping possibilities.Whatever's happening now appears to be the NSA grabbing more data simply because it can. It's not as if it didn't already have access copious amounts of financial data, thanks to the government's fully legal (and fully public) collection of bulk financial records through SWIFT.
Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.Even when the government has an advantageous agreement to collect bulk data with little oversight, its agencies can't help but exploit this even further. The collection via "oral queries" is another indicator of these agencies' (FBI, NSA, CIA) unwillingness to follow even the most minimal of rules. (See also the administration's 2010 ruling that made the FBI's warrantless wiretapping legal, which occurred after the agency's process had slid from issuing tons of National Security Letters to simply calling up the telcos and requesting records.)
"The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.
It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties."
Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.
The untargeted collection of financial data has raised concerns from those on the "collection" side.
[E]ven intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK's intelligence agency GCHQ concerning the legal perspectives on "financial data" and the agency's own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved "bulk data" full of "rich personal information," much of which "is not about our targets," the document says.When even the spies are concerned about about how much data their spy programs are netting, that's a pretty good sign a bulk records collections effort has gone too far. And it has deeper implications than simply a massive amount of privacy violations. As Marcy Wheeler points out, even the then-Fed chairman Alan Greenspan expressed his concerns about the breadth of the SWIFT collections.
If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems.That's a scary thought, considering the "global banking system" isn't all that stable to begin with. A lack of targeting will leave the NSA open to more accusations of economic espionage, something clearly not related to its supposed "national security" agenda.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: credit cards, financial transactions, nsa, nsa surveillance, surveillance, swift
Companies: swift, visa
Reader Comments
Subscribe: RSS
View by: Time | Thread
Quit being surprised by universal surveillance!
Now, move on to WHO BENEFITS and HOW TO RESIST.
The phony deal that evil people (and gullible fools) try to force on us: You can't have the benefits of technology unless give up all privacy.
[ link to this | view in chronology ]
Quick nitpick
[ link to this | view in chronology ]
Re: Quick nitpick
[ link to this | view in chronology ]
Re: Re: Quick nitpick
If we sink to their level, then they've won anyway. Because they will have corrupted our thinking.
[ link to this | view in chronology ]
It's worth following how much of an impact this may have. I personally use plain old money if I don't want to leave tracks. Then there's bitcoin...
[ link to this | view in chronology ]
We have now another little tidbit from Belgium, you know, home of the European Commission, the European Parliament, NATO Headquarters, and gobs of lobbyists. Every time now a security breach is found it will automatically be suspected that NSA was involved. As such it isn't going to end and there will be results from all this spying done.
http://www.engineeringnet.eu/details.asp?Id=10978
[ link to this | view in chronology ]
Potential for misuse
I'm not sure I see the difference. Why is there more potential for abuse when credit cards are involved?
[ link to this | view in chronology ]
Re: Potential for misuse
Unless I'm mistaken, the banking transactions would be deposits, withdraws, transfers, etc. So they would see who I write checks to, get checks from, when I deposit or withdraw cash, when I transfer money to or from my stock brokerage, or when I pay utility bills, car payments, make credit card payments etc.
Tracking the credit card transactions themselves on the other hand lets them know exactly how much you spend at what stores on what dates, using which credit card.
The second has a lot more potential for black mail, stalking, etc.
[ link to this | view in chronology ]
The question is not if, but when?
[ link to this | view in chronology ]
OMG
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Suck! Suck! Suck!
[ link to this | view in chronology ]
Of course
Do as we say, not as we do. Utter hypocrites.
[ link to this | view in chronology ]
I still want to know....
Just sayin'...........
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
They're watching what you say and what you buy. If that doesn't scare the shit out of anyone, then they aren't worth bothering with to begin with.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Terrorist financing
Support Saddam Hussein. Check.
Support Syrian "rebels". Check.
The US government doesn't miss a trick, does it?
[ link to this | view in chronology ]
A little shocked
The problem is that when the government comes calling they will bend over and spread their cheeks.
Too big to fail.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
documentary letters of credit software
[ link to this | view in chronology ]