Feds Tracking Americans' Credit Cards in Real-Time Without a Warrant

Federal law enforcement agencies have been tracking Americans in real-time using credit cards, loyalty cards and travel reservations without getting court orders for the "hotwatch."

It should surprise very few to learn that federal law enforcement agencies track Americans without getting court orders, but this time the feds have been tracking U.S. residents using real-time surveillance of credit card transactions and travel reservations.

Security researcher Christopher Soghoian obtained a 10 page document from the Justice Department about "hotwatch" orders. "As the document makes clear, Federal law enforcement agencies do not limit their surveillance of US residents to phone calls, emails and geo-location information. They are also interested in calling cards, credit cards, rental cars and airline reservations, as well as retail shopping clubs," Soghoian explained.

DOJ powerpoint presentation on Hotwatch surveillance orders of credit card transactions

As seen in the document, real-time "hotwatch" surveillance is meant to "track the date, time and location of account transactions as they occur." Loyalty cards, such as those issued by grocery stores or pharmacies could fall into this category. Cell phones as also listed as well as any kind of agencies related to travel arrangements. This real-time tracking of Americans happens without the targets ever knowing about it.

Soghoian wrote, "The government's guidelines reveal that this surveillance often occurs with a simple subpoena, thus sidestepping any Fourth Amendment protections." Federal agents write their own subpoena to get real-time credit card information of a person's purchases. The only role that the courts play in the administrative subpoena process is to issue an order preventing the banks from telling their customers that the government is spying on their financial transactions. If law enforcement appears in front of a judge to get a search warrant by proving probably cause, the person being spied upon will eventually be notified.

Although the government "routinely" obtains hotwatch orders, the DOJ told Soghoian that this document was the only one they could find which was related to hotwatches. This would seem to indicate there is no policy regarding hotwatches or that related documents were withheld.

The Justice Department is required to submit statistical reports to Congress, detailing how many and which law enforcement agencies engaged in wiretapping. As Soghoian explained, "We currently have no idea how often law enforcement agencies engage in real-time surveillance of financial transactions." The lack of information seems to indicate there is no Congressional oversight on hotwatches.

Soghoian has done much work trying to uncover to what extent the government can invade citizen's privacy in our post PATRIOT Act world. With a Freedom of Information Act request, he recently discovered what the DEA spends on wiretaps and pen registers. Microsoft charges the government nothing for surveillance, while Google charges $25 per user and Yahoo charges $29. The FOIA delivered 25 pages to Soghoian about the electronic surveillance methods of the U.S. Marshal Service. He also published a paper about Big Brother's certified lies, how the government can get a "court order" to gain access to falsified cryptographic credentials (spy certs). Those are only a few details uncovered by Christopher Soghoian's security and privacy analysis on slight paranoia.

After this revelation of real-time spying conducted by the feds without a warrant, the tracking of U.S. residents' credit card, store, and travel purchases, there is no telling how much more privacy invasive and illegal surveillance that spooks may do to spy on Americans.

Like this? Check out these other posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2010 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline