Re: "Drift net fishing," GAK, FBI, and NSA
A note on _contact analysis_. One thing the FBI probably wants badly are databases of who has travelled where, and when, for correlation analysis. Note that the crackdown on "valid IDs" for travel, for airlines, helps in this regard. I would not be surprised to learn that the airline databases are routinely fed to the Feds, so to speak. (Possibly via the FAA, acting as a kind of cutout.) Were I the head of the FBI, this is what I would want.
The airlines don't yet carefully check IDs (no SSN or DL # retained). They merely check that the name on your ID matches the reservation.
The next step will be collecting hotel reservation databases. (Unlike the case with the FAA and the airlines, I don't know what kind of authority would grant them access to private hotel databases, but I expect they are working to find such authority somewhere. Maybe the infinitely malleable "regulation of commerce" clause, even if hotel stays are canonically _not_ interstate trade!)
(They already got access to the credit card databases, decades ago, of course.)
Are SSN and other ID required when opening a 'pre-paid' credit card account? That is, the ones for persons with poor credit who are required to maintain a balance sufficient to pay off the charges? Perhaps we could put our heads together and determine a way to become franchised by MC/VISA and offer 'affinity' type accounts with no address requirements (all statments are sent via remailer/nym email). -- Steve
At 2:05 PM -0700 10/6/96, Steve Schear wrote: (quoting me)
(They already got access to the credit card databases, decades ago, of course.)
Are SSN and other ID required when opening a 'pre-paid' credit card account? That is, the ones for persons with poor credit who are required to maintain a balance sufficient to pay off the charges? Perhaps we could put our heads together and determine a way to become franchised by MC/VISA and offer 'affinity' type accounts with no address requirements (all statments are sent via remailer/nym email).
A couple of people on this list talked about a similar thing, a "Privacy Card," with the explicit policy of not reporting transactions in detail to the Big Three (the government-friendly TRW Credit, Equifax, and Transunion). The idea being that if a "market for privacy" exists, someone ought to be able to make a nice piece of change offering a card that protects privacy. One problem is that many people _want_ credit card transactions reported to the Big Three, to build up their credit record. (But many don't care. I've been using a VISA card issued by my stock broker for 12 years now. It's a "debit card," though it's handled by a merchant exactly as a credit card, and they probably can't see any difference. What I gathered when buying my current house, is that none of these transactions were part of my "credit history," as I was actually using a debit card. All of those now using, or planning to use, a debit card would be ideal candidates for a "Privacy Card.") Such a deal would have to be one of Visa, MasterCard, or Discover, with American Express a distant fourth. (I don't even know if these companies/tradenames would even allow such a thing, of course.) The cost of rolling out a brand new type of card would of course be prohibitively high. (I have no expectation than this will be done, and I think I said so at the time. Ever the realist, in some ways, I knew no one would take on such a complex project. Just as no one followed through with the "Cypherpunks Credit Union" idea, discussed at several meetings in 1993.) --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Sun, 6 Oct 1996, Timothy C. May wrote:
At 2:05 PM -0700 10/6/96, Steve Schear wrote: (quoting me)
(They already got access to the credit card databases, decades ago, of course.)
Are SSN and other ID required when opening a 'pre-paid' credit card account? That is, the ones for persons with poor credit who are required to maintain a balance sufficient to pay off the charges? Perhaps we could put our heads together and determine a way to become franchised by MC/VISA and offer 'affinity' type accounts with no address requirements (all statments are sent via remailer/nym email).
A couple of people on this list talked about a similar thing, a "Privacy Card," with the explicit policy of not reporting transactions in detail to the Big Three (the government-friendly TRW Credit, Equifax, and Transunion).
The idea being that if a "market for privacy" exists, someone ought to be able to make a nice piece of change offering a card that protects privacy.
Coming to a bank near you.
One problem is that many people _want_ credit card transactions reported to the Big Three, to build up their credit record.
The easy solution includes optional release of high balance and payment history only to the big three at the customer's option with full disclosure and customer waiver before the release as to the nature of the data to be shared with the credit company.
Such a deal would have to be one of Visa, MasterCard, or Discover, with American Express a distant fourth. (I don't even know if these companies/tradenames would even allow such a thing, of course.) The cost of rolling out a brand new type of card would of course be prohibitively high.
Several offshore banks made the habit of issuing "secured" Gold Mastercards in corporate names. Essentially they were debit cards and could be used anywhere with atms to withdraw cash on the spot. Most of these practices were ended by shrewd attacks from the United States (the U.S. branches of these banks started having undefined and rather vague license problems and regulatory headaches until they agreed to direct their offshore branches to stop issuing these cards).
(I have no expectation than this will be done, and I think I said so at the time. Ever the realist, in some ways, I knew no one would take on such a complex project. Just as no one followed through with the "Cypherpunks Credit Union" idea, discussed at several meetings in 1993.)
There are several people who are aware that privacy is a marketable service in credit card banking and insurance now. In my view such an institution will exist within 12 months.
--Tim May
-- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li
[credit card] Any thought of privacy is a joke. Just because Punk's, Ltd. control the issuing bank, the clearinghouses in the middle will gleefully collect all the data and sell it. That would include the holders transactions, address, you name it. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
David Lesher <wb8foz@nrk.com> writes:
[credit card]
Any thought of privacy is a joke. Just because Punk's, Ltd. control the issuing bank, the clearinghouses in the middle will gleefully collect all the data and sell it.
That would include the holders transactions, address, you name it.
Well, there are two issues: When Alice buys her groceries and pays with a credit card, there are two kinds of information involved: 1. What Alice bought; 2. Who Alice is. #1 might include the fact that Alice bought some fat-free yoghurt. #2 might include the fact that Alice lives at 123 Main St and makes $150K per annum. If these two pieces of information are combined and sold to a direct marketing company, then Alice might get some junk mail or telemarketing calls advising her of other exciting diet opportunities. American Express does the most extensive analysis of purchases paid for via its cards, and gladly sells the results of its analysis to marketers. (Yep - stuff like "the list of people who bought over $10 worth of health food w/ AmEx" is present and real, not a potential threat to privacy). I *don't think* (but I could be wrong) that Visa and MasterCard's clearing houses do this kind of purchase analysis now, but they certainly have the ability. Some large banks that issue Visa and MasterCard cards do sell marketing databases similar to AmEx's (based only on purchases made with their cards), but each individual bank is smaller than AmEx. Therefore, AFAIK, right now one is relatively safe from blanket analysis of purchases by staying away from AmEx and from VISA/MC issued by certain large banks. (Hint: a certain unnamed bank that arose from a merger recently has been touting to marketers the fact that it's so big that its purchase analysis database is as good as AmEx's.) I suspect that if one contacts one's card issuer and requests in writing that the information about your purchases not be distributed to third parties w/o a court order, they'd probably comply. But it's only a matter of time before the clearinghouses start doing the purchase analysis, as David said. As far as #2 is concerned, I can safely predict that if a financial institution tried issuing credit cards or secured credit cards or debit cards without asking the holder's SS# and identity (e.g., paid via anonymous e-cash), they'd probably have audit visits from a) the Federal Reserve b) the office of the comptroller of the currency c) the IRS (SS# is needed because the interest paid on the card may be deductible) asking to prove that no money laundering or tax evasion is going on, and shutting down the operations until the negative is proven. Now, suppose you open an institution that a) puts a phoney name on the credit card, b) takes down your real name, address, SS#, etc for its files, but promises in writing not to reveal the identify or the purchasing patterns to anyone except LEO's with a court order. It might sell... I might even get one... [An interesting twist: The Wiz, a very nice electronics store in NYC, only accepts credit cards in combination with a photo ID. :-) ] Such an outfit would last until the first big dispute. "Dispute" as in, someone charges a purchase to the card and I claim I never made it. Or, I buy a gizmo, decide to return it, and the merchant refuses to take it. With anonymity, the disputant is likely to get screwed; or the issuer; never the merchant. Another possibility is to issue a charge card (payable in full at the end of the month, getting revenue from the annual fee), rather than a credit card, so it could claim not to be subject to certain Federal Reserve's regulations that have to do with credit card disputes. But then it probably can't be Visa/MC and can't use their clearginhouses. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dimitri Vulis <dlv@bwalk.dm.com> writes:
[...] Another possibility is to issue a charge card (payable in full at the end of the month, getting revenue from the annual fee), rather than a credit card, so it could claim not to be subject to certain Federal Reserve's regulations that have to do with credit card disputes. But then it probably can't be Visa/MC and can't use their clearginhouses.
I have a VISA card which is purely a debit card. It is accepted all the places any standard VISA card would be. (UK, Lloyds bank). Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, aba@dcs.ex.ac.uk writes:
Dimitri Vulis <dlv@bwalk.dm.com> writes:
[...] Another possibility is to issue a charge card (payable in full at the end of the month, getting revenue from the annual fee), rather than a credit card, so it could claim not to be subject to certain Federal Reserve's regulations that have to do with credit card disputes. But then it probably can't be Visa/MC and can't use their clearginhouses.
I have a VISA card which is purely a debit card. It is accepted all the places any standard VISA card would be. (UK, Lloyds bank).
I have one of those, too. A couple of months ago, Thrifty car rental refused to accept it to rent a car. (the agent was pretty snotty about it, too) Beginning of a trend? - -- Roy M. Silvernail [ ] roy@scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMlzp0xvikii9febJAQFatAP9EUJ8i0xqt7G03C8nDreZ+YcO04a9x/xI R/ZzX+xQSo1Oe6xbB5IvyEeLuoO2SsXrHroLNE7AekgqQnyK9JprxcykUlxkKSEq IVL+QHbR2Y8nvO8qINp3G7ToU6HfsISOJtFl8mVtcy2eukMgqErVcIhqOYbafsf+ CZfMIKaJsM8= =6AQd -----END PGP SIGNATURE-----
roy@scytale.com said
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, aba@dcs.ex.ac.uk writes:
Dimitri Vulis <dlv@bwalk.dm.com> writes:
[...] Another possibility is to issue a charge card (payable in full at the end of the month, getting revenue from the annual fee), rather than a credit card, so it could claim not to be subject to certain Federal Reserve's regulations that have to do with credit card disputes. But then it probably can't be Visa/MC and can't use their clearginhouses.
I have a VISA card which is purely a debit card. It is accepted all the places any standard VISA card would be. (UK, Lloyds bank).
I have one of those, too. A couple of months ago, Thrifty car rental refused to accept it to rent a car. (the agent was pretty snotty about it, too) Beginning of a trend?
Did he recognize that it wasn't a "real" card himself? I find that many cashiers don't know what it is. If you just say its a Visa (or MC etc.) they'll use it. It works just like a real card when they swipe it.
- -- Roy M. Silvernail [ ] roy@scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com
-----BEGIN PGP SIGNATURE----- Version: 2.6.2
iQCVAwUBMlzp0xvikii9febJAQFatAP9EUJ8i0xqt7G03C8nDreZ+YcO04a9x/xI R/ZzX+xQSo1Oe6xbB5IvyEeLuoO2SsXrHroLNE7AekgqQnyK9JprxcykUlxkKSEq IVL+QHbR2Y8nvO8qINp3G7ToU6HfsISOJtFl8mVtcy2eukMgqErVcIhqOYbafsf+ CZfMIKaJsM8= =6AQd -----END PGP SIGNATURE-----
-------------------- Scott V. McGuire <svmcguir@syr.edu> PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, svmcguir@syr.edu writes:
roy@scytale.com said
[re: my debit card]
I have one of those, too. A couple of months ago, Thrifty car rental refused to accept it to rent a car. (the agent was pretty snotty about it, too) Beginning of a trend?
Did he recognize that it wasn't a "real" card himself? I find that many cashiers don't know what it is. If you just say its a Visa (or MC etc.) they'll use it. It works just like a real card when they swipe it.
She recognized it, alright. Of course, it says "NORWEST Instant Cash and Check" in brilliant yellow letters. The exchange was like this: Me: offers debit card Her: "That's a check cashing card." Me: "No, it is _not_ a 'check cashing card'." Her: "Well, it's a debit card. We don't accept those." No sign, no warning. If I hadn't been on a tight business schedule, I'd have walked out. - -- Roy M. Silvernail [ ] roy@scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMl45ZRvikii9febJAQH4cAP/X7sjlk2W4ys9VKxwDfb70cQRSoWp0NYX JWz8b1Od625DN4sVQI6t8eHRPfns696Ac/MeYWT0YvAHAXeK6VoLr+/S7xCGBeAp G8RjU0VJGzLtHYVgXme+ouM+ksMWj76fwCsy6KyQT5sKtnlCWY81wqnjcS+RxWMa bFOhNTLRm4o= =venZ -----END PGP SIGNATURE-----
On Fri, 11 Oct 1996, Roy M. Silvernail wrote:
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, svmcguir@syr.edu writes:
roy@scytale.com said
[re: my debit card]
I have one of those, too. A couple of months ago, Thrifty car rental refused to accept it to rent a car. (the agent was pretty snotty about it, too) Beginning of a trend?
Did he recognize that it wasn't a "real" card himself? I find that many cashiers don't know what it is. If you just say its a Visa (or MC etc.) they'll use it. It works just like a real card when they swipe it.
She recognized it, alright. Of course, it says "NORWEST Instant Cash and Check" in brilliant yellow letters.
The exchange was like this:
Me: offers debit card
Her: "That's a check cashing card."
Me: "No, it is _not_ a 'check cashing card'."
Her: "Well, it's a debit card. We don't accept those."
No sign, no warning. If I hadn't been on a tight business schedule, I'd have walked out.
Any idea what the basis for refusing "debit" cards is? I've heard that one concern is that debit cards will often not hold a high enough balance to be used as a security deposit. How this applies in terms of rental cars is a bit beyond me.
- -- Roy M. Silvernail [ ] roy@scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com
-----BEGIN PGP SIGNATURE----- Version: 2.6.2
iQCVAwUBMl45ZRvikii9febJAQH4cAP/X7sjlk2W4ys9VKxwDfb70cQRSoWp0NYX JWz8b1Od625DN4sVQI6t8eHRPfns696Ac/MeYWT0YvAHAXeK6VoLr+/S7xCGBeAp G8RjU0VJGzLtHYVgXme+ouM+ksMWj76fwCsy6KyQT5sKtnlCWY81wqnjcS+RxWMa bFOhNTLRm4o= =venZ -----END PGP SIGNATURE-----
-- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, unicorn@schloss.li writes:
Any idea what the basis for refusing "debit" cards is?
None whatsoever.
I've heard that one concern is that debit cards will often not hold a high enough balance to be used as a security deposit. How this applies in terms of rental cars is a bit beyond me.
Me, either. Perhaps this rental agency has had a rash of chargebacks? The strange part is, when the car gets rented they don't run a charge authorization, just check if the card's valid. (if they did run a validation, mine would have bounced because the Visa card they would accept was quite full) - -- Roy M. Silvernail [ ] roy@scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMmLVzhvikii9febJAQHlqQP+Jo4jFXkUfjZu08C4O7EpjWvo59Jz47Dv f4OnGVMyWPC3OKWS46YDbYw6SnKIZUCTSWEAsBSNlaJpfkSoFuRM7KKs1nBMpoC2 GFc6rqHmOtzojBASKGHtb1wExi2FDglIzfPmLuvxWTMr6dkIGojclnpbrFAv0WPo e0A20RgbGCE= =72gI -----END PGP SIGNATURE-----
On Mon, 14 Oct 1996, Roy M. Silvernail wrote:
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, unicorn@schloss.li writes:
Any idea what the basis for refusing "debit" cards is?
None whatsoever. I had that happen to me as well. Perhaps debit cards don't allow for "holds", such as are typically used for deposits?
--Lucky
On Fri, 11 Oct 1996, Roy M. Silvernail wrote:
No sign, no warning. If I hadn't been on a tight business schedule, I'd have walked out.
My company uses debit cards, they're not marked that way at all, and look 100% like credit cards. We get'em from Merryl Lynch. See if you can get your bank to issue one without the tags. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | "A toast to Odin, |KA| law abridging the freedom of speech'|==\|/== + v + | God of pretzles!" |AK| do you not understand? |======= ===================http://www.brainlink.COM/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes!
A clarification regarding something I wrote a few days ago: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:
Another possibility is to issue a charge card (payable in full at the end of the month, getting revenue from the annual fee), rather than a credit card, s it could claim not to be subject to certain Federal Reserve's regulations tha have to do with credit card disputes. But then it probably can't be Visa/MC a can't use their clearginhouses.
A charge card (like the original AmEx, not like Optima) is not the same as a debit card. I have a debit card, tied to my checking account, and using mastercard's clearinghouse. To issue a debit card, the organization needs to keep checking accounts. Even if it doesn't pay interest, doesn't make commercial loans, etc, it still would be subject to weird Fed regulations and probably couldn't maintain anonimity. But the lack of a dispite resolution mechanism is really the killer. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (10)
-
Adam Back -
azur@netcom.com -
Black Unicorn -
David Lesher -
dlv@bwalk.dm.com -
Lucky Green -
Ray Arachelian -
roy@sendai.scytale.com -
Scott McGuire -
Timothy C. May