It’s been more than a week since the British newspaper The Guardian revealed that the National Security Agency is indiscriminately collecting Americans’ telephone records (or, in NSA parlance, “telephony metadata” — which includes when and where you made a phone call and what number you called, but doesn’t reveal what you said). Since then, numerous leaks have spilled out about what else the intelligence agency is collecting — including the revelation that credit card purchase data may be getting swept up as well.
On June 7, the Wall Street Journal reported
that unnamed sources connected to the agency claimed that credit card transactions were included in the NSA’s mass extraction of data. (So, too, are Internet search details, according to the Journal.)
The Journal didn’t say which card companies were involved and was unable to confirm how often the data was collected. But it was able to confirm from three unnamed sources that the agency has established specific “relationships” with the unidentified card companies so that the agency can access that data if it needs it.
On Wednesday, June 12, during a Senate hearing
on cyber security, NSA chief Gen. Keith Alexander publicly denied to U.S. lawmakers that the NSA is currently using credit card details to spy on potential terrorists.
He didn’t explicitly deny, however, that the NSA could
use that card information if it wanted to. He didn’t need to.
Just before Gen. Alexander denied knowing of any NSA program that collects credit card transaction data, Sen. Dick Durbin pointed out that under Section 215 of the Patriot Act, the U.S. government is legally authorized to collect that data — along with a host of other sensitive personal information — if it wants to. “Section 215 can be used to obtain ‘any tangible thing,'” said Sen. Durbin during the hearing. “That could include — could include — medical records, Internet search records, tax records, credit card records.”
According to Durbin, the authority to pull those types of records has been used multiple times in recent years. “Last year, the government filed 212 Section 215 orders. That’s an increase from 21 such orders in 2009. So clearly this authority is being used for something more than phone records,” said Durbin.
Despite Gen. Alexander’s denial of the NSA’s involvement in collecting card data, previous reports and statements to Congress
have confirmed that credit card records have indeed been subject to federal Section 215 requests. In fact, contrary to media reports from the past days that have divulged the Fed’s use of card data as if it were something new, it’s no secret that the U.S. government has access to credit card transaction data — including data that belongs to American citizens.
In April, for example, U.S. News and World Report revealed
that the IRS is using credit card transaction data to fish out tax evaders. That revelation didn’t get nearly the same amount of attention. However, the IRS’s large-scale analysis of card data is similar to the NSA’s alleged use and just as unnerving. According to U.S. News and World Report, for example, the IRS not only has access to a vast trove of credit card transaction data belonging to U.S. citizens, the federal agency also has the power to use that data to spot patterns that may indicate criminal misdoing and target cardholders for auditing.
As the New York Times noted
in an article published June 8, there’s not much to protect Americans from getting their purchase details snapped up for big data analysis. “United States laws restrict wiretapping and eavesdropping on the actual content of the communications of American citizens, but offer very little protection to the digital data thrown off by the telephone when a call is made. And they offer virtually no protection to other forms of non-telephone-related data like credit card transactions,” wrote Times reporters James Rosen and Eric Lichtblau.
After all, if private companies can buy that data
and analyze it for marketing purposes, why can’t the Feds?