The NSA Is Also Grabbing Millions Of Credit Card Records

from the so.-much.-hay. dept

In addition to everything else it’s collecting, the NSA also has millions of international credit card transactions stashed away in its databases, according to documents viewed by Spiegel.

The information from the American foreign intelligence agency, acquired by former NSA contractor and whistleblower Edward Snowden, show that the spying is conducted by a branch called “Follow the Money” (FTM). The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

On one hand, what the NSA is doing is exactly what the NSA should be doing: tracing the money flow of terrorist organizations.

Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to “collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions.”

This is part of the Terrorist Finance Tracking Program, which was set up shortly after the 9/11 attacks and gave the US government access to the SWIFT (Society for Worldwide Interbank Financial Telecommunication) database. This, in and of itself, is not news, having been exposed in 2006. Documents uncovered then showed the program had been in place since 2002, with permission extended to the CIA and the Treasury Dept. as part of Bush’s “Global War on Terror.”

What is new, however, is the fact that the NSA is targeting transactions from major credit card companies, like VISA. This has quite a bit more potential for misuse than SWIFT, which records only banking transactions. VISA responded to this new information with the same quasi-denial we’ve seen from several other companies whose links to the NSA have been exposed.

“We are not aware of any unauthorized access to our network. Visa takes data security seriously and, in response to any attempted intrusion, we would pursue all available remedies to the fullest extent of the law. Further, its Visa’s policy to only provide transaction information in response to a subpoena or other valid legal process.”

Of course, this isn’t “unauthorized” access, not when gathered with a court order or subpoena. But this isn’t as tightly controlled as the spokesperson makes it appear. If pursuing data for “counterterrorism” purposes, the NSA is allowed to skirt the protections of the Right to Financial Privacy Act, thanks to an amendment in the PATRIOT Act. But even with these legal options, it appears the NSA would still rather pursue this in an extralegal fashion in order to circumvent the warrant process.

NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company’s complex transaction network for tapping possibilities.

Whatever’s happening now appears to be the NSA grabbing more data simply because it can. It’s not as if it didn’t already have access copious amounts of financial data, thanks to the government’s fully legal (and fully public) collection of bulk financial records through SWIFT.

Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

“The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.”

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Even when the government has an advantageous agreement to collect bulk data with little oversight, its agencies can’t help but exploit this even further. The collection via “oral queries” is another indicator of these agencies’ (FBI, NSA, CIA) unwillingness to follow even the most minimal of rules. (See also the administration’s 2010 ruling that made the FBI’s warrantless wiretapping legal, which occurred after the agency’s process had slid from issuing tons of National Security Letters to simply calling up the telcos and requesting records.)

The untargeted collection of financial data has raised concerns from those on the “collection” side.

[E]ven intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK’s intelligence agency GCHQ concerning the legal perspectives on “financial data” and the agency’s own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved “bulk data” full of “rich personal information,” much of which “is not about our targets,” the document says.

When even the spies are concerned about about how much data their spy programs are netting, that’s a pretty good sign a bulk records collections effort has gone too far. And it has deeper implications than simply a massive amount of privacy violations. As Marcy Wheeler points out, even the then-Fed chairman Alan Greenspan expressed his concerns about the breadth of the SWIFT collections.

If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems.

That’s a scary thought, considering the “global banking system” isn’t all that stable to begin with. A lack of targeting will leave the NSA open to more accusations of economic espionage, something clearly not related to its supposed “national security” agenda.

Filed Under: , , , , ,
Companies: swift, visa

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The NSA Is Also Grabbing Millions Of Credit Card Records”

Subscribe: RSS Leave a comment
out_of_the_blue says:

Quit being surprised by universal surveillance!

EVERY gadget and computerized system that human ingenuity can devise and implement is tied into ONE surveillance grid, and more to come: “smart-meters” for your house. That’s established –even has a name: “the internet of things” to be rolled out, with even your refrigerator spying on you — though some weenies STILL can’t accept that Google and Facebook give NSA “direct” access.

Now, move on to WHO BENEFITS and HOW TO RESIST.

The phony deal that evil people (and gullible fools) try to force on us: You can’t have the benefits of technology unless give up all privacy.

Ninja (profile) says:

It’s hard to imagine why ANY terrorist would use official Visa cards to buy his explosives. Honestly by now the privacy and trust have been eroded by a degree that I find it hard to accept the supposed counter terrorism effects such surveillance should have had outweigh the damage it’s causing.

It’s worth following how much of an impact this may have. I personally use plain old money if I don’t want to leave tracks. Then there’s bitcoin…

Anonymous Coward says:

The longer this goes on, the worse the repercussions will be. Financial requires one have faith in the system working. Without that faith it all collapses, which is what happened with the housing meltdown. Once no one could identify the bad loans, no one was willing to take a risk on buying.

We have now another little tidbit from Belgium, you know, home of the European Commission, the European Parliament, NATO Headquarters, and gobs of lobbyists. Every time now a security breach is found it will automatically be suspected that NSA was involved. As such it isn’t going to end and there will be results from all this spying done.

Skeptical says:

Potential for misuse

“What is new, however, is the fact that the NSA is targeting transactions from major credit card companies, like VISA. This has quite a bit more potential for misuse than SWIFT, which records only banking transactions.”

I’m not sure I see the difference. Why is there more potential for abuse when credit cards are involved?

Anonymous Coward says:

Re: Potential for misuse

I think credit cards are a bit more detailed than banking transactions.

Unless I’m mistaken, the banking transactions would be deposits, withdraws, transfers, etc. So they would see who I write checks to, get checks from, when I deposit or withdraw cash, when I transfer money to or from my stock brokerage, or when I pay utility bills, car payments, make credit card payments etc.

Tracking the credit card transactions themselves on the other hand lets them know exactly how much you spend at what stores on what dates, using which credit card.

The second has a lot more potential for black mail, stalking, etc.

Anonymous Coward says:

so much for the banks saying all our financial services and transactions are 110% safe, then! when is the USG going to come right out and say it? it wants to know what every single person everywhere both on and off the planet is doing, is saying, is writing, is buying, is selling, is making, is destroying, is thinking and where they are going! then it wants the same information about it’s ‘enemies’!!

Anonymous Coward says:

Re: Re:

What about debit cards, like those that employees of some companies are paid on? If you have a bank account, you can get all the money off your card. But what if you don’t have a bank account? You can go to a store and buy a small, cheap item (like a pack of gum, for example), swipe your card and get the maximum allowed amount of cash back. Sure, they know you bought a pack of gum, but they don’t have a clue what you did with that cash.

Pixelation says:

A little shocked

Why the fuck would anyone trust Visa? In fact, why would anyone trust any of the overly large corporations? Microsoft? No. Google? No. Verizon? No. AT&T? Hell No! Intel? Gosh I wish but, no. Amazon, who cares… wait, no.
The problem is that when the government comes calling they will bend over and spread their cheeks.

Too big to fail.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...