NSA Data Mining Also Extends To Credit Card Transactions

Sadly, this is not surprising.

Credit Card / Gold & Platinum

The Wall Street Journal reports today that the National Security Agency’s vast data mining efforts extends beyond cell phone records and internet data into areas as common place to Americans as credit card transactions:

WASHINGTON—The National Security Agency’s monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency’s activities.

The disclosure this week of an order by a secret U.S. court for Verizon Communications Inc. phone records set off the latest public discussion of the program. But people familiar with the NSA’s operations said the initiative also encompasses phone-call data from AT&T, Inc.  and Sprint Nextel Corp., records from Internet-service providers and purchase information from credit-card providers.

(…)

It couldn’t be determined if any of the Internet or credit-card arrangements are ongoing, as are the phone company efforts, or one-shot collection efforts. The credit-card firms, phone companies and NSA declined to comment for this article.

I suppose that there really isn’t anything surprising about this. If they’re gathering vast amounts of cell phone metadata and Internet traffic, it seems only natural that they’d also be monitoring credit card transactions for, well, whatever patterns they might think would be helpful to them. Indeed, monitoring credit card records has been a common part of criminal investigations for years. The difference, of course, is that in those cases law enforcement is generally looking at a specific suspect or suspects, and they would have gotten a warrant from a Judge in a proceeding that is a matter of public record. Here we’re not talking about any kind of probable cause, or even reasonable suspicion, and we’re not talking about looking at a specific suspect. Instead, as the law seems to unfortunately permit, we’re talking about sucking up vast amounts of data involving all kinds of credit card transactions.

In all honesty, I have to wonder what the value of this kind of data mining actually is. Quite obviously, all this data is not being reviewed personally by NSA employees, to do so would be an impossible task for any human being. Instead, what is likely happening is that it’s all being passed through computer system looking for patterns and connections that looking at discrete points of data might not show. Of course, this means that you have to trust that the algorithms that are used to analyze this data are configured correctly. Otherwise, you’re going to get a lot of false positives, and you’re going to miss out on real patterns that might be buried in the data. Given that, one wonders if much of what the NSA is going here isn’t really just a massive waste of time and resources.

FILED UNDER: Intelligence, National Security
Doug Mataconis
About Doug Mataconis
Doug holds a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020.

Comments

  1. Quite obviously, all this data is not being reviewed personally by NSA employees, to do so would be an impossible task for any human being.

    Yeah, but what happens when an NSA employee gets annoyed at you for whatever reason and decides to make you their “special project”? Sure they can’t look at everyone’s data, but that doesn’t mean they can’t look at anyone’s data.

  2. john personna says:

    Well, we know there is now a check for anyone who buys 12 pressure cookers. Maybe even 2 is suspicious.

    If it was only the NSA that would be a small user group with a specific focus. I worry that over time the government firewalls on this sort of data will erode. The FBI has some now. Presumably not local law enforcement?

    I’d be uncomfortable with, say, a small town cop seeing my license plate and running my visa card history. Will we actually prevent that? We do have a lot of privacy laws, but I think the presumption in the old days was that you had to stop the government from collecting certain data. I’m not sure the laws stop them from buying it.

  3. 11B40 says:

    Greetings:

    Patriot that I am, I can’t help but wonder if the NSA is ready for the influx of data from the Big Mother Brother’s Obamacare. Hopefully, the IRS will be there to render its expert assistance.

  4. Instead, what is likely happening is that it’s all being passed through computer system looking for patterns and connections that looking at discrete points of data might not show.

    So Big Brother’s not actually watching?

  5. john personna says:

    @James Pearce (Formerly Known as Herb):

    You have 101 big brothers now. You have a statistical likelihood of not being watched, but no guarantees.

  6. stonetools says:

    Note that the WSJ is in favor of data mining as being less intrusive and more efficient than other methods of investigation. What all this indicates to me is that NSA data mining isn’t going away, no matter how uncomfortable it makes us feel. IOW, we are talking limitation, not elimination.

    The critics nonetheless say the NSA program is a violation of privacy, or illegal, or unconstitutional, or all of the above. But nobody’s civil liberties are violated by tech companies or banks that constantly run the same kinds of data analysis. We bow to no one in our desire to limit government power, but data-mining is less intrusive on individuals than routine airport security. The data sweep is worth it if it prevents terror attacks that would lead politicians to endorse far greater harm to civil liberties……
    Yet surveillance is more critical than ever to stopping terror attacks now that Mr. Obama has all but abolished extended interrogation and military detention and invited Congress to limit drone strikes.

    Amid many real abuses of power, the political temptation will be to tie data-mining into a narrative about a government out of control. Such opportunism can only weaken our counterterror defenses and endanger the country.

  7. tps says:

    There was a story from about 15+ years ago in Columbia when the Cali cartel was still active. The cops raided a house and found miniframe installed there. Not a PC but smaller than a big mainframe. They couldn’t figure out just what it was used for so they shipped it to the NSA and had them look at it.

    The cartel was getting the phone records for the whole city of Cali. Not the actual calls but the what numbers called what and when. The miniframe was then crunching the information to develop call patterns. Its fairly simple but its a lot of numbers and PC’s didn’t have the horse power back then. Once they had the patterns they could compare them to the phone numbers for the police stations, DEA agents, members of the cartel, phone booths, etc. Aka ‘traffic analysis’. A certain phone booth that always calls the police station before a shipment that is intercepted can be watched.

  8. Hal 10000 says:

    Otherwise, you’re going to get a lot of false positives, and you’re going to miss out on real patterns that might be buried in the data. Given that, one wonders if much of what the NSA is going here isn’t really just a massive waste of time and resources.

    I think you’ll also get a lot of real positives for things like drugs, prostitution, drugs, property crime, drugs, immigration and drugs. This database will be used for other purposes as they all have.

  9. Gustopher says:

    I assume that by tomorrow we will have confirmation that the NSA is watching all bank transactions, presumably not just for direct transfers to known terrorists, but also for people who are taking out more cash than usual (and may or may not have interesting emails, search history, etc).

    Beyond that, I’m a little stumped. What other information might they want?

  10. @john personna:

    You have 101 big brothers now.

    I’ve often mused that libertarians would prefer to swap one tyrant for a million little ones.

    If some enterprising pol proposed passing a law making it illegal for Verizon to store your phone records for more than 30 days, the first ones to howl will be the Libertarians. If the government told Google to stop taking pictures of my house and putting them on the internet, again the Libertarians would play the “Freedom” song. (It’s their favorite one….good for any occasion.)

  11. john personna says:

    @James Pearce (Formerly Known as Herb):

    Yeah, they used to be little ones, before the petabytes got cheap enough for so many companies to afford. We just get more indecipherable “privacy updates” from our banks and phone companies as it all evolves.

  12. @john personna:

    We just get more indecipherable “privacy updates” from our banks and phone companies as it all evolves.

    Well, that’s okay because they’re private for-profit organizations, governed by “The Invisible Hand’ and various other economic theories.

    The real problem is the elected representatives in government, who are bound by law.

    (And yes, this is sarcasm.)

  13. john personna says:

    @this:

    I don’t know what idiot downvotes petabyte and costs ccomments, but for your edification:

    Of policy and petabytes: Shaping the use of big data

    No one knows for certain where big data is headed, but its future will be inextricably tied to the policies that govern the ways in which government agencies and corporations use ever-increasing amounts of information about individuals and the world we live in.

    Existing federal policies like the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act have little to say about how a corporation collects petabytes of customer data to drive sales, or how the government uses social networking analytics to predict the flu or respond to emergencies.

    “I’m worried we have a short window on the policy side to make hard decisions,” he said.

  14. matt says:

    Why are people surprised by this? Private companies have been doing this for decades. Google and even facebook do it on a large scale too.