What My Credit Card Taught Me About NSA Snooping

I’ll get back to writing about our cross country trip later today. First, a story about my credit card and how it relates to the whole NSA mishegas.

While driving toward Lincoln, NE I got an email from Chase. They’re behind the credit card we use most often. Chase wanted me to call their Security Department.

Uh oh. The last thing we needed was trouble with the card we were using to get to SoCal.

Before we left we notified Chase we’d be traveling and even changed our address to the new home in California. Still, when they saw a large charge for gas somewhere in Iowa they freaked.

I called the number given in the email, but was asked so many personal questions I wondered if it was a scam? How many bits of data did I have to give Chase before they knew it was me? I balked at my date of birth, hung up and called the number on the back of the card.

This time I spoke to Jay in the Philippines. We solved the problem, but not before I’d gone through a half hour of angst, two calls to Chase and lots of questions an identity thief could take to the bank–literally.

No person at Chase made the decision there was a problem. I certainly did nothing wrong. It was artificial intelligence, a computer on the lookout for unusual activity.

Chase purposely sets their criteria low enough that false positives make up a large percentage of their work. It’s better for them to hassle people like me than miss real fraud. When it comes to fraudulent purchases, they’re left holding the bag.

In order to comb through all its data the NSA also uses computer driven AI. They too will come up with false positives. People who’ve done nothing wrong will get hassled, possibly worse.

In the end most of the mistakes the NSA makes will be corrected. Probably not all. Certainly not before innocent people suffer undue stress.

Look at the TSA’s “No Fly” list. We’ve all heard stories about people who are on it and can’t get off. Here’s the story of young boy who was on. He’s not alone.

Computers and the Internet have allowed data to be organized in ways never possible before. The question before us is how we want that data used? I can choose to ditch Chase, but I only get one government. And Chase can’t put me in jail.

We should be protected from government snooping by the 4th Amendment. It is very clear.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Unhappily, The Walls Have Ears

I’ve been trading emails back-and-forth with the bank providing our mortgage in California. The sidebar on my Gmail page has two ads for financing. Google/Gmail knows what’s going on.

It’s no secret you are being followed incessantly as you traipse across the Internet. Sometimes the result of this data mining is beneficial, sometimes not.

It’s always creepy.

Last year the New York Times revealed how Target knew customers were expecting without asking.

As Pole’s computers crawled through the data, he was able to identify about 25 products that, when analyzed together, allowed him to assign each shopper a “pregnancy prediction” score. More important, he could also estimate her due date to within a small window, so Target could send coupons timed to very specific stages of her pregnancy.

It’s upsetting that Google, Facebook, Target and an untold number of data brokers know. It’s even worse when it’s the government.

News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americans’ phone calls and Internet communications. Those news reports, combined with a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of American’s telephone and other communications records. All of these surveillance activities are in violation of the privacy safeguards established by Congress and the US Constitution.

That’s the Electronic Freedom Foundation’s spin in the last sentence, but I agree. The 4th Amendment has this covered.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Of course the 4th offers no protection when it’s disregarded!

Beyond that, what’s promised and what’s delivered are often two different things. Recently a former FBI agent appeared with CNN’s Erin Burnett.

More recently, two sources familiar with the investigation told CNN that Russell had spoken with Tamerlan after his picture appeared on national television April 18.

What exactly the two said remains under investigation, the sources said.

Investigators may be able to recover the conversation, said Tom Clemente, a former counterterrorism agent for the FBI.

“We certainly have ways in national security investigations to find out exactly what was said in that conversation,” he told CNN’s Erin Burnett on Monday, adding that “all of that stuff is being captured as we speak whether we know it or like it or not.”

“It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her,” he said.

Some folks doubt what Clemente claims, but even if it can’t be done now it’s aspirational. Certainly the government is looking for easy snoop access wherever they can get it.

The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance – Wired.com

I am not one of those people who worries about government gone wild. I am much more worried about government employees connecting the wrong dots and making bad assumptions. I don’t want to be undone by some bug in the system. Even a tiny error rate (or a small number of agents with an agenda), multiplied by our 314 million citizens, could cause trouble for millions.

Mistakes already happen.

Officials say an 18-month-old girl was mistakenly pulled off a JetBlue flight before it left Fort Lauderdale because airline employees thought her name was on the U.S. no-fly list.

You can check your credit report and undo errors. You can’t do that when you’ve been surveilled. Most likely you won’t even know.

When data is secret and conclusions drawn based on secondary or tertiary actions there’s nothing you can do. That’s wrong.

I wonder if writing this will get me watched?

More ChoicePoint

MSNBC has more on the ChoicePoint story. I’m using their link because they’ve really been in the lead with this one.

This gives me an opportunity to add what I think is the irony in this whole sordid mess. ChoicePoint didn’t get hacked&#185, they sold this information within the normal course of their business. They were scammed into believing they were dealing with legitimate businesses by people who used techniques that ChoicePoint’s data is often sold to prevent! Oops.

Though this information, the most personal of data on all of us, was sold to criminals, I’m just as upset that it can be aggregated and sold at all.

Expect a lot of smoke but little fire as congressional hearings get underway. As a matter of political realism, strict reform in the data mining and sales business would seem to be an unlikely outcome right now.

&#185 – Speaking of not getting hacked, there’s a rumor at Motley Fool that Paris Hilton’s Blackberry wasn’t hacked… someone just guessed the password.

It is unclear exactly how Paris’ bejeweled electronic organizer was compromised — whether T-Mobile’s servers, where information is stored, were breached or whether someone accessed her actual device using her password (“Tinkerbell,” her Chihuahua’s name, perhaps?). The latter is what those in the technology field call an “end user error.” Or in non-techie parlance: shooting yourself in the foot.

Matt Drudge, reporting on a new theft of Fred Durst’s home video, writes:

A site hosting the hack reads: ‘I’M SORRY, U SELLOUT :)’

“The previous information was obtained using social engineering tactics.”

Law enforcement officials believe the video comes from the same source who presented Paris’s Sidekick diary.

“Social engineering” means someone got in through guile, not technology.