Forgot your password?
typodupeerror
Government Privacy United States

What the DHS Knows About You 402

Posted by kdawson
from the shirt-size-and-toothbrush-color dept.
Sherri Davidoff writes "Here's a real copy of an American citizen's DHS Travel Record, retrieved from the US Customs and Border Patrol's Automated Targeting System and obtained through a FOIA/Privacy Act request. The document reveals that the DHS is storing: the traveler's credit card number and expiration; IP addresses used to make Web travel reservations; hotel information and itinerary; full airline itinerary including flight numbers and seat numbers; phone numbers including business, home, and cell; and every frequent flyer and hotel number associated with the traveler, even ones not used for the specific reservation."
This discussion has been archived. No new comments can be posted.

What the DHS Knows About You

Comments Filter:
  • What??? (Score:5, Funny)

    by camperdave (969942) on Tuesday September 08, 2009 @08:17AM (#29349561) Journal
    What?? No shoe size? What's the point of taking off your shoes at the checkpoint then?
  • Reminds me... (Score:5, Interesting)

    by matt4077 (581118) on Tuesday September 08, 2009 @08:19AM (#29349571) Homepage
    This reminds me of the current idea to charge a 10$ entrance fee for foreign visitors. The money is supposed to go into a marketing fund. It's not only borderline schizophrenic to raise a new barrier in order to promote it, it might be even more sinister: that fee can apparently only be paid by credit card. Since 10$ doesn't seem to be enough money to be worth collecting, I'm wondering if getting all the credit card data isn't the real goal.

    Or maybe the US wants to finally catch up with the third world in unfriendliness.
    • Re:Reminds me... (Score:5, Insightful)

      by Cow Jones (615566) on Tuesday September 08, 2009 @08:34AM (#29349703)

      Yeah, I liked travelling to the US better when all I had to do was check the correct boxes on the amusing green form:

      [x] I am not a terrorist
      [x] I am not planning a child abduction in the US

      • Re:Reminds me... (Score:5, Interesting)

        by xaxa (988988) on Tuesday September 08, 2009 @08:52AM (#29349853)

        Yeah, I liked travelling to the US better when all I had to do was check the correct boxes on the amusing green form:

        [x] I am not a terrorist
        [x] I am not planning a child abduction in the US

        I visited the US before 9/11:

        [x] I am not a communist

      • As ridiculous as those questions are, they serve a near-sensible purpose:
        If somebody is caught doing $bad_thing he denied planning on the form,
        even if the case is tricky, he can be prosecuted for lying to immigration.

        It's a sort of legal backup.
        • by Rogerborg (306625)

          To prove he lied to immigration, you first have to prove that he actually did $bad_thing.

          Security Theatre has found its target audience, I see.

          • If you're caught doing $bad_thing, it is pretty easy to prove you actually did $bad_thing. Your hand will be red [phrases.org.uk].
      • Re: (Score:3, Interesting)

        Yeah, I liked travelling to the US better when all I had to do was check the correct boxes on the amusing green form

        Well, lying on that form is a crime. So if you come into the country under false pretenses, they can legally arrest you, whereas I'm not sure what legal standing the US has to prosecute, say war crimes committed in Bosnia.

    • Re: (Score:3, Insightful)

      by Timex (11710) *

      What if you don't HAVE a credit card? What THEN? "Sorry, we can't let you enter the country without a credit card."

      If the sole purpose is to fund advertising (as you say they claim), then cash should be an acceptable form of payment. If it is really a ruse to get a credit card number, then one shouldn't have to pay it if one doesn't have one. I, for one, refuse to get into a drawn-out discussion with Border Patrol about my financial decisions.

      • Re: (Score:3, Insightful)

        by DarthBart (640519)

        If you don't have a credit card, then it must mean that you're trying to do things with untraceable cash. And that means you're a terrorist!

    • Re:Reminds me... (Score:5, Interesting)

      by LLKrisJ (1021777) on Tuesday September 08, 2009 @08:50AM (#29349837) Journal

      Well just so you know, I live in Belgium and if I want to get my paperwork to travel to the US I have to CALL the US embassy (I cannot just go there, no sir, we're all terrorist here in Europe, you see) and without so much as getting a human operator to respond, like to - I don't know, ask me what the hell I want - I just have to hand over my CC number so I can be charged xx dollars, just to get them to make an appointment.

      I find that very disturbing, off putting and blatantly rude... It is not because the US can do that that it bloody should. I do not want to go to the US but sometimes the circumstances force me to, but when I do I am treated like a piece of s**t with no rights... It really makes me want to go through all the hassle of getting my visa, then canceling my card and getting a new one.

    • Re:Reminds me... (Score:5, Insightful)

      by nimbius (983462) on Tuesday September 08, 2009 @08:59AM (#29349933) Homepage
      so we need to revise a few docs to say "bring me your tired, your poor, your huddled masses with cash, check, or money order for $10 us..."
    • Re:Reminds me... (Score:5, Informative)

      by Natales (182136) on Tuesday September 08, 2009 @09:14AM (#29350055)

      The US already collects vasts amount of information as part of the visa application process for any foreign national, all paid by the applicant.

      Different countries pay different amounts. I wish the $10 would be the case. Chileans pay $131 just for a visitor's visa [embajadaeeuu.cl], and that doesn't even include all the expenses in getting the required paperwork.

      The US unfriendliness towards visitors you mention has been here for a long time, and it's manifested in many different ways, some subtle, some not.

    • http://en.wikipedia.org/wiki/PCI_DSS [wikipedia.org]

      Oh, yeah. The rules are different if you're the government than if you're a regular company.

    • Re:Reminds me... (Score:4, Informative)

      by TheTurtlesMoves (1442727) on Tuesday September 08, 2009 @10:51AM (#29351309)
      I have traveled to the 3rd world more than once. The US boarder is far worse and has been for a long time. Heres the real funny part. I was only ever on connecting flights in the US. I have never gone all the way through customs! And that still worse than entering any 3rd world country I have visited.
  • Dupe (Score:5, Informative)

    by Arkaic (784460) on Tuesday September 08, 2009 @08:19AM (#29349577)
    Hrmm. I think this was pretty much covered in this past article: http://yro.slashdot.org/story/09/01/06/2238228/A-Peek-At-DHSs-Files-On-You?art_pos=4 [slashdot.org] Perhaps a different person's records, but basically the same deal, from what I can see so far.
    • I think the point that highlights why this is all security theater is the note at the way bottom of the record which says Private Jet Travel was not included in the documentation. It seems this is a hole in their security model that will never be plugged.
  • Hush, citizen. (Score:5, Insightful)

    by TheSpoom (715771) * <slashdot@ u b e r m00.net> on Tuesday September 08, 2009 @08:20AM (#29349581) Homepage Journal

    Your full, unencrypted credit card information available in our logs to every DHS employee is necessary for us to fight the evil terrorists.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Absolutely right! You wouldn't believe the number of hookers and the amount of blow needed to keep up our morale here at DHS.

    • Re:Hush, citizen. (Score:5, Insightful)

      by commodore64_love (1445365) on Tuesday September 08, 2009 @08:31AM (#29349665) Journal

      Technology has changed, therefore it's necessary for the Supreme Court to rethink some of its past decisions. "The right of the people to be secure in their persons, houses, papers, and effects..." should apply to ALL papers/data even if it's not in the citizen's immediate possession. The government should not be able to obtain your personal credit cards numbers from a 3rd party without first getting a warrant from a judge.

      • Re:Hush, citizen. (Score:4, Insightful)

        by zach_the_lizard (1317619) on Tuesday September 08, 2009 @08:40AM (#29349765)
        Citizen, you have dared to question the supreme legal, moral, and constitutional authority of our anti-terrorism methods. Not only that, but you have also exposed yourself as an EVIL anti-American communist socialist fascist islamist anti-war drug doing child molesting hippy. Our officers will arrive promptly to detain you. Have a nice day, DHS
      • Re:Hush, citizen. (Score:5, Insightful)

        by fuzzyfuzzyfungus (1223518) on Tuesday September 08, 2009 @08:40AM (#29349767) Journal
        More likely, we'll get some cryptofascist who calls himself a "strict constructionist" to tell us that, if the founding fathers wouldn't have recognized it on sight, it couldn't possibly be covered by the constitution.
        • Re:Hush, citizen. (Score:5, Interesting)

          by NotBornYesterday (1093817) * on Tuesday September 08, 2009 @10:05AM (#29350677) Journal
          I could see Ben Franklin spending about 5 minutes being amazed by a laptop before taking it apart to see how it worked. If he lived today, he would be a pony-tailed uberhacker.
          • Re: (Score:3, Insightful)

            by mdarksbane (587589)

            The amazing thing about Frankling is that he seems to have been completely the fat, balding, pony-tailed hacker, and he *still* got all the chicks he could want. Guy was some kind of geek god.

      • by deblau (68023)

        The government should not be able to obtain your personal credit cards numbers from a 3rd party without first getting a warrant from a judge.

        Your fingerprint is personal. Your DNA is personal. Your credit card numbers are not personal, they are assigned to you by a large, multinational corporation that lobbies the government for things like overlooking large executive pay packages.

      • Your credit card number isn't your property.. it's the property of the credit card company that issued the card. Therefore, they can distribute the number to whoever they want, including the US government. If you don't like them doing this, then protest and possibly stop using credit cards altogether.

  • If they have that much useless detail on everyone, chances are they won't be able to actually find anything in it. Yay for security through obscurity.

    On the other hand, someone's probably going to break in and get all those credit card numbers...

    • by jomegat (706411) on Tuesday September 08, 2009 @08:26AM (#29349625)
      Since they have your CC number, what would stop them from using it to buy something incriminating? Hey DHS, can't find the missing link? Provide it yourself then!
    • by savuporo (658486)
      If they have that much useless detail on everyone, chances are they won't be able to actually find anything in it

      They'll fix the problem by hiring a metric buttload of data mining consultants.
    • by Dan667 (564390)
      Exactly what I was thinking. They had no idea what was going to happen before 9/11 and it is pretty obvious why when you look at stuff like this. Invasion of privacy and a wasted effort all at the same time.
  • by aepervius (535155) on Tuesday September 08, 2009 @08:22AM (#29349603)
    Look at the record detail. You can even see on what CRS it was reserved : 1A. If you reserve everything with the CRS (for example at a travel agency) then ultimately everything is linked and saved there. Then most airline do not bother filtering they just send the whole kludge to the DHS. I commented the same, and yes indeed he blacked the name out, but left the RECORD LOCATOR, which is identifying the person too, if you have access to the CRS system.
  • by 2phar (137027) on Tuesday September 08, 2009 @08:29AM (#29349653)
    If you book with a one-use virtual credit card number, is that what appears on the record? Does it produce all previously used cc numbers too? This looks like just the airline passing on their booking/customer db record, but if it was the actual CC that would be real tin foil hat time.
  • by EWAdams (953502) on Tuesday September 08, 2009 @08:32AM (#29349681) Homepage

    I'd rather have all the CCTV in the world than giving my entire identity, credit cards and all, to any DHS cocaine addict who happens to need a fix. At least CCTV can't read my passport and credit cards.

  • ...since the site is slashdotted.
  • PCI Compliance? (Score:4, Interesting)

    by atchijov (527688) on Tuesday September 08, 2009 @08:40AM (#29349769)
    Any business which is retaining credit card numbers and other personal information has to be PCI compliant. What about DHS?
    • Re: (Score:3, Interesting)

      by dannyrap (1897)

      Not exactly. Any business that processes credit cards has to be PCI compliant. That means truncating the credit card number or encrypting it. So any company that give the DHS access to unencrypted credit card numbers no longer PCI compliant and is liable for damages in the event of a breach (which this may be).

      • Chances are that Visa-Mastercard know these numbers exist in the US government system, but do not care. You really only need to be compliant if Visa-Mastercard enforces the compliance with fines... but then again, the fine is $25,000... so to the US government, they may just pay the non-compliance fine to get VM off the government's back.

        • by AndrewNeo (979708)

          Except the government isn't the one collecting the numbers, it's the airlines (or your travel agent/website.) So the government has to be getting them from -somewhere-.

  • by OzPeter (195038) on Tuesday September 08, 2009 @08:40AM (#29349771)
    The DHS knows a shitload more about than just my travel records. And I had to pay a shitload of money for the privilege.
  • Other nuggets (Score:3, Interesting)

    by i_want_you_to_throw_ (559379) on Tuesday September 08, 2009 @08:58AM (#29349911) Homepage Journal
    Looks like he went Tampa to London via Houston (used to be Intercontinental) and then mysteriously flew from Charles DeGaulle in Paris back to Tampa via Newark. (Hmmmmmm.. what of the missing segment? Hmm? Hmm?!!!)

    Seat numbers are clearly visible at the end of each flight segment as well.

    The history of every PNR (personal name record) has ALWAYS been tracked by CRS systems.

    Looks like the flights he was scheduled for had some schedule changes and his seat had to be changed also.

    Certainly does a lot of international travel huh?

    Customs and Immigration has always been interested in suspicious behavior though.

    1. Fly to South America and pay cash for your ticket? Expect to be stopped at re-entry
    2. Didn't eat your meal on the way back from Central or South America? Expect to be stopped at re-entry
    3. Fly international more than twice a month? Expect to be stopped at re-entry


    It's good ole profiling at it's best and there's nothing you can do about it. It's a "national security" issue. I speak from experience. I have been stopped 30 consecutive times on international flights. Every flight I ever took until that passport was renewed.
    • Re:Other nuggets (Score:5, Informative)

      by Curmudgeonlyoldbloke (850482) on Tuesday September 08, 2009 @09:18AM (#29350091)

      Looks like he went Tampa to London via Houston (used to be Intercontinental) and then mysteriously flew from Charles DeGaulle in Paris back to Tampa via Newark. (Hmmmmmm.. what of the missing segment? Hmm? Hmm?!!!)

      They have these crazy things in Europe called "trains" that connect city centres without having to hang around in an unfashionable suburb for a few hours waiting to be put into a metal tube. You don't even have to take your shoes off to get on them.

      • That may be true, but even your European superiority wouldn't make a train travel from Houston to Paris.
      • by russotto (537200)

        They have these crazy things in Europe called "trains" that connect city centres without having to hang around in an unfashionable suburb for a few hours waiting to be put into a metal tube. You don't even have to take your shoes off to get on them.

        You do, however, have to go through passport control ("E.U., schmee-you, that's what we say -- Gordon Brown") to take a train between London and Paris, so I'm surprised the missing segment isn't shown.

      • Re:Other nuggets (Score:5, Insightful)

        by nomadic (141991) <[nomadicworld] [at] [gmail.com]> on Tuesday September 08, 2009 @09:41AM (#29350357) Homepage
        They have these crazy things in Europe called "trains" that connect city centres without having to hang around in an unfashionable suburb for a few hours waiting to be put into a metal tube. You don't even have to take your shoes off to get on them.

        Silly Europeans always have such a skewed sense of geography. Newark to Tampa is 1,000 miles, exactly. It's a two and a half hour flight and a 20 hour train ride.
        • Re: (Score:3, Informative)

          by CyberDave (79582)

          Silly commenters always have such a skewed sense of reading comprehension. The trips were:

          Tampa - Houston - London
          Paris (CDG) - Newark - Tampa

          The "missing segment" is how the traveler got to Paris from London without flying, not from Newark to Tampa The answer, of course, is a train (ever hear of the Chunnel?)

      • by ndege (12658)

        You don't even have to take your shoes off to get on them.

        ...yet.

    • Re: (Score:3, Insightful)

      by oldspewey (1303305)

      2. Didn't eat your meal on the way back from Central or South America? Expect to be stopped at re-entry

      The flight crew on your average longhaul flight do not give a flying fuck what you eat, whether you eat, or how much untouched food you leave on your tray. They are not logging everybody's mealtime performance on some secret touchscreen in the forward galley.

  • by shrtcircuit (936357) on Tuesday September 08, 2009 @09:01AM (#29349953)
    I worked for a large company post-9/11 with fingers in most major industries, including a significant presence in travel (whether you knew it or not). Part of the data collection they did was essentially building profiles of everyone, including all of the information this guy obtained. The government couldn't legally collect the data, but being a private corporation, this place could. Naturally collecting all of that is really only useful for spying on people, so there was never any real doubt as to what happened to it. The rabbit hole goes a fair bit deeper into what you do and how that information is linked, and that was all just at this one company.
  • by Newer Guy (520108) on Tuesday September 08, 2009 @09:14AM (#29350063)
    How does the Govt. having this information help the govt. stop terrorism? Anyone?
  • What do you bet we have no recourse when they inevitably release all this credit card data to crooks ?

  • meal preferences (Score:4, Interesting)

    by hey (83763) on Tuesday September 08, 2009 @09:50AM (#29350457) Journal

    Do they flag:
    kosher = maybe friend
    halal = terrorist
    vegan = hippie scum

  • by CyberPhart (954001) on Tuesday September 08, 2009 @10:00AM (#29350583)
    I've actually heard people respond to revelations like this by saying, "If you're not doing anything wrong, why are you worried about the government having this information?" I then ask "Really? Well, tell me all about your sex life..no?..are you engaging in some perversion?" or "How much money have you got in the bank?...Why won't you tell me? Are you laundering money for drug dealers?" I don't know which is worse, these clowns prying into our lives or our wonderful Congress sitting there and letting them do it. Big Brother is taking over faster than you doublethink.
  • Perhaps I'm out of the loop but I don't see anything here that's outrageous.

    It looks like CBP received a dump of your PNR from the airline, period. Any data that's stored in that PNR will be transmitted when it's dumped. Whoopty-fookin-do. It's the AIRLINE that has all this information to begin with.

    As for the CBP internal records it makes sense they would track when/where your passport shows up. I know my passport details have either been manually entered or scanned in and out of most countries I've been i

With your bare hands?!?

Working...