[LINK] US government agency monitors most credit card transactions; "If you're not doing anything wrong . . ."

Frank O'Connor francisoconnor3 at bigpond.com
Sat Sep 14 17:44:20 AEST 2013

I looked at this about 20 years back for a research project I was on.

At the time, the monitoring and data collection seemed pretty easy to do ... hey, all data packets into and out of ISP's networks were routinely logged simply in the interests of monitoring the health of the network (don't know about nowadays) and diagnostics. 

Anyway, a simple analysis of packet header data that passed through any given central point/logger for packet headers with certain characteristics (SSL over Port 443, for example, would have picked up about 99% of online credit card transactions at the time - SWIFT and other financial transactions had different packet characteristics ... and, indeed, dedicated networks). From the data logged via the router/switch/log etc one could easily have determined the contracting parties in the transaction, the data and time of the transaction, often the provider of the transaction (MasterCard, VISA, American Express etc) and numerous other details of interest.

Stripping that data out of a log would be a simple database operation. Doing it in real time would have been more difficult, but quite possible if interception was done at the right network points. Nowadays, either would be child's play, and the impact on network performance would not be high.

At the time (early 1990's) what one couldn't do was easily break the encryption of the actual data packet(s) ... so the substance and amount of the transaction was pretty sacrosanct ... but you could derive a hell of a lot from the packet headers (in what would now be known as meta-data, I suppose).

Nowadays, deep packet inspection is viable given the grunt and facilities bodies like the NSA have on hand, but I still question whether the intermediary has either the storage or processing grunt to collect and archive all the packets of data which would be required to build a comprehensive transaction database. And if the government wishes to waste its time, resources and money analysing all the data when 99.99% of it is reported back to them in other condensed reporting formats by third parties, and of minimal threat to the nation or the revenue anyway ... well, more power to them. That means they don't have the time and resources for delving into other areas of my private domain that I'm a lot more concerned about.

Finally, the natural end-point of all this is for the government to install themselves in the financial end-points (the credit card companies, banks, financial institutions et alia), the pivots on which out system relies, and require regular data dumps from same ... in much the same way as the ATO and other revenue bodies already get annual data dumps from the banks, the stock exchange, public companies and the like for dividend and interest income matching against our returns. I'd suggest that this is a lot more efficient and effective than intercepting network traffic.

Just my 2 cents worth ...
On 14/09/2013, at 1:26 PM, Robin Whittle <rw at firstpr.com.au> wrote:

> According to this article:
> http://washingtonexaminer.com/cfpbs-data-mining-on-consumer-credit-cards-challenged-in-heated-house-hearing/article/2535726
> the Consumer Financial Protection Bureau aims to monitor 80% of US
> credit card transactions this year.  It is not clear from the article
> how this data is used, but mainly Republican congressfolk are upset
> about it.
> In a discussion about this on Karl Denninger's Market Ticker:
>  http://market-ticker.org/akcs-www?post=224299
> someone posted a graphic image: http://www.quickmeme.com/meme/3usegz/
> in which Philosoraptor is quoted as saying:
>    The government says "If you're not doing anything
>    wrong, you shouldn't have anything to hide".
>    If that is true, shouldn't the government
>    declassify everything?
> Several hundred other such utterances can be found at:
>  http://www.quickmeme.com/Philosoraptor/
> and new ones can apparently be added anonymously.  The background to
> Philosoraptor is explained at:
>  http://knowyourmeme.com/memes/philosoraptor
> Googling "If that is true, shouldn't the government declassify
> everything" there were only 10 results, the earliest of which was dated
> 2013-06-09: and which cites Philosoraptor:
>  http://pikdit.com/i/hmmm-5/
> The quickmeme page states that it was created 3 months and 4 days ago
> and has had 769,968 views.  In the modern age, cartoon reptiles seem to
> be not such a bad source of aphorisms and philosophical fodder.
>  - Robin
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list