DEA Paid Amtrak Employee To Pilfer Passenger Lists 127
Via Ars Technica comes news that an Amtrak employee was paid nearly $900,000 over the last ten years to give the DEA passenger lists outside of normal channels. Strangely enough, the DEA already had access to such information through official channels. From the article: The employee, described as a "secretary to a train and engine crew" in a summary obtained by the AP, was selling the customer data without Amtrak's approval. Amtrak and other transportation companies collect information from their customers including credit card numbers, travel itineraries, emergency contact info, passport numbers, and dates of birth. When booking tickets online in recent years, Amtrak has also collected phone numbers and e-mail addresses. ... Amtrak has long worked closely with the DEA to track drug trafficking activity on its train lines. The Albuquerque Journal reported in 2001 that "a computer with access to Amtrak's ticketing information sits on a desk in the [DEA]'s local office," wrote the ACLU.
Let's play the who goes to jail game.... (Score:5, Insightful)
Let's guess who gets in trouble...
The employee selling the data..check (low level scape goat)
Maybe an IT guy that allowed excessive permission.. maybe he just gets fired...
Any DEA agents or upper level management who authorized illegal and warrant-less data collection? NO
Any Amtrak executives for allowing it to be provided (through the employee or the terminal in the DEA office?) NO
If we are lucky we will hear some strong words at a congressional hearing, and that will be the end of it.
Re: (Score:2)
Well, let's look at the pattern in an attempt to predict the future:
Manning walks in and gets the data. Government doesn't learn from that ...
Snowden walks in and gets the data. Government doesn't learn from that ...
Now this guy ...
Re: (Score:2)
No one. Because they'll say it was to protect national security and so everyone will just look the other way.
Re: (Score:3)
The one that needs to go to jail is the one whose signature is on the bottom of the checks.
That's the part that is sickening to me.
CLASS ACTION TIME! (Score:2)
the DEA were the hackers here, they took personal data without permission. this should be a class action suit against both amtrak and the DEA. will some lawyer out there start writing it up???
Re: (Score:2)
Re: (Score:2)
Or log avoidance. The secure access station probably keeps detailed logs which could be used to reveal fishing expeditions, an out-of-channels approach like this leaves no paper trail which could then come back to bit someone.
Re: (Score:3, Funny)
Drug traffickers shouldn't have access to the Amtrak database which would allow them to see if they're being monitored in the first fucking place. What pseudo-IT nonsense are you talking about?
Re: (Score:2)
He's speculating that the drug traffickers might have paid an Amtrak IT person to tell them if they were being monitored. That's what he meant when he said "mole in Amtrak's organization."
It's a plausible idea, but hardly justifies the DEA's action (especially since, if the DEA suspected a mole, they surely wouldn't have failed to find and remove him in that ten-year period -- or if they did fail at that, then they're incompetent and don't deserve to exist anyway!).
Re: (Score:2)
"He's speculating that the drug traffickers might have paid an Amtrak IT person to tell them if they were being monitored"
"It's a plausible idea"
Plausible but hardly easy to pull off considering the DEA would watch you almost every minute after informing you until they've caught their guy.
Re: (Score:1)
He's speculating that the drug traffickers might have paid an Amtrak IT person to tell them if they were being monitored.
The drug trafficker's mole wouldn't tell them that the mules are specifically being monitored, but rather they'd submit false passenger data via the regional office system (or removing that data before it hits the main (DEA-linked) database.) The DEA'd be looking for differences between the two passenger lists, the one that reaches the official system, and the list in the regional office, to see if anyone in a regional office is playing with the data to hide traffic.
From the DEA's point of view, it's an ind
Re: (Score:1)
"The DEA's own mole was apparently limited to a single crew. So they'd only be able to check a small number of routes/trips at any given time."
Not at all necessarily so. The secretary had access to passenger data. There is no indication that the passenger data was linked to what crew she (or he) worked for - nor would it make sense to do so (why should Amtrak care who was driving a particular train?).
Re: (Score:2)
Logging this type of thing wouldn't be a matter for the OS, it'd be a matter for the database software. I know MySQL supports it, I imagine all major RDBM software does. Doesn't mean it was enabled.
Re: (Score:1)
I really think it should be a matter for the OS as well. Something at the more base levels of operation that make note of WTF is happening and log it. The database can have its own stuff, but it should also tell the OS, which should encrypt this stuff so only the truly authorized personnel can see it.
Of course, that doesn't stop my 'mole' attack if the mole has that level of access.
Re: (Score:2)
All the OS sees are block read-write requests. There isn't much use logging that. It wouldn't even see the requesting user, only the DBM PID.
Re: (Score:1)
I'm currently on "Oh, look, turns out my own stuff is fairly compromised because of this same scenario, and I sit here wondering how other companies are suddenly popping out with ideas I discuss internally with mine" panic mode. Thanks.
Turns out, a quick audit, oh, look, e-mails out to China with encrypted info.
Heads are rolling in the UK tonight.
You can't travel anonymously... (Score:1, Interesting)
Why? Seems like exactly the opposite — DEA does know, Amtrak has the information, and DEA arranged for the information to be available to them at ease...
I'm not surprised either, but I don't see, how this is unconstitutional. The Constitution has nothing on the right to travel and, if you ask a government official, you'll quickly realize, they con
Re: (Score:2)
We're not throwing you in jail without a trial, we're merely restricting your "privilege" to travel more than 6 feet in any direction.
Re: (Score:2)
We already have freedom of movement [wikipedia.org], which is enshrined in the Constitution, as interpreted by case law.
What we don't have is freedom of anonymous movement.
Re: (Score:1)
Freedom of movement is not freedom if it does not apply to all equally.
Like people on GPS bracelets to ensure they do not leave the state.
Doesn't matter about "They're fleeing justice!" FREEDOM OF MOVEMENT. Even fucking MEXICO got this right and it's not even explicitly stated (it's hidden as the right to seek liberty, which is why you bust out of Mexican jail, they can't charge you with another crime. Proof? Yea, check my international criminal record. Alex McQuown, 1982. Ain't but one of me from that yea
Re: (Score:2)
I was under the impression that people were only required to wear GPS bracelets when they were on probation (or maybe on bond), as a "nicer" alternative to jail. Are you trying to claim that some people are being forced to wear GPSs in circumstances other than being ordered to do so by a court, or are you trying to claim that probation and/or bail are unconstitutional?
Re: (Score:2)
"I was under the impression that people were only required to wear GPS bracelets when they were on probation (or maybe on bond), as a "nicer" alternative to jail."
Nope, you only need be under suspicion of a crime. All it takes.
Want the picture of the one currently around my ankle?
Re: (Score:2)
It takes a judge's decision — as the terms of your release before trial. Judiciary can suspend your rights. Executive should not be able to — but, in the case of travel, they do just that with the "no-fly" lists. Which was my point.
Re: (Score:2)
The bracelets are an alternative to being in jail — having your freedoms suspended by the Judiciary, not Executive. Executive can arrest you — limiting your freedoms temporarily — but they can not deprive a citizen of his rights for very long without a successful a successful trial.
I've b
Re: (Score:2)
The law doesn't state you have freedom to use any means of transport available. You can be banned from airlines, trains, buses, and your rights technically aren't infringed because you can still walk or drive your car (assuming it's fully legal), or hitch a ride in a friend's vehicle.
So yeah, you have freedom of movement without regards to practicality.
Re: (Score:2)
If the First Amendment were interpreted this way, you could be banned from using newspapers or radio for your speech — and it would not have been an infringement, because you can still talk to your friends...
Nope, that still requires a "driver's license" — a government's permission to d
Re: (Score:1)
In that case, the "no-fly" lists are, indeed, unconstitutional — and the ACLU are asleep at the wheel. Perhaps, having aligned themselves over the past decades with the Far Left of the American politics, they don't want to further hamper a Far Left President... Or, maybe, they are just disorganized and lacking decent members and funds — as eventually befalls all Far Left organi
Re: (Score:2)
A very explicitly spelled-out right to "keep and bear arms" is readily infringed upon all over the nation. Even the most liberal locales — like Texas — require you to obtain a license. And it can be suspended even there upon a mere accusation of a crime [texaschl.us].
In less liberal locales — like New York — the Executive can withdraw the license at any moment and for any reason — or without reason at all
Re: (Score:2)
Re: (Score:2)
Oh, but "reasonable" is a term with such a wide interpretation, you drive a train through it — sideways...
Ah, yes, the famous "why can't we be more like Europe" [brainyquote.com] whine.
Well, you c [raileurope.com]
Re: You can't travel anonymously... (Score:1)
Where do you get that "can't board anonymously in Europe"? I do at least once a week, and millions do every day. The only check is that I'm carrying a valid ticket which I may have paid cash for 5 minutes before getting on the train with no ID (though long distance travel is considerably cheaper if you buy your ticket at least the day before).
Re: (Score:2)
Given all the ridicules and bullshit mental gymnastics the government does all the time to argue they can do clearly unconstitutional things like compel you to use your private property to purchase a service you may not want; its not hard to construct a right to travel. In fact I think the right to travel is actually pretty clear.
We have a first amendment right to peaceful assembly. In order to assemble one must be able to go to that place the assembly is taking place. (1) this should establish a basic r
Re: (Score:2)
It is even less hard — for the government — to construct the opposite. In fact, they already did — the no-fly lists exist...
Take a look at the Second Amendment — the right to "keep and bear arms" does not need to be constructed or otherwise derived — it is explicitly listed. And what? Even in the most liberal places — like Texas — you must have a license for it. Which means, it is not a right, but merely a privilege...
Criminal Embezzlement or Breach of Contract (Score:2)
Actually, if the employee was selling Amtrak's proprietary information without Amtrak's consent and was keeping the money, they are guilty of embezzlement and DEA employees may be guilty of crimes related to arranging that activity, e.g. conspiracy or solicitation.
If the employee was selling Amtrak's proprietary information and giving the money to Amtrak, the DEA was breaching its contract with Amtrak. The DEA has to share the proceeds of drug busts based on information that comes from Amtrak with Amtrak,
Re: (Score:2)
Re: (Score:2)
I am sure it came from all the property the cease without any kind of due process. The DEA like the NSA is so out of control and so culturally broken the ONLY viable solution is complete dissolution of the agency. The cancer is so bad just outright killing the patient is the best outcome; we can't fix'em.
Honestly we need a whole house cleaning of these two agencies (to start with) that includes pretty much anyone who has greater role than sweeping the floors or brewing coffee. Every last 'analyst' every
Re: (Score:2)
independent verification? (Score:3)
Re: (Score:2)
And what I like to call "the ever expanding surveillance state".
It boils down to "fuck it, collect everything, from anywhere, without warrant or oversight, and figure out if you have anything interesting later".
Kind of the opposite of the 4th amendment it seems.
How is that possible? (Score:1)
Do people really have to provide passport numbers and dates of birth to get on the train in America? Unbelivable.
Re: (Score:3)
Only if the train crosses a border that requires it. Amtrak trains go to and from Canada.
Otherwise its pretty much like buying a bus ticket, except they only check the ticket while the train is on its way instead of at the entrance.
Re: (Score:2)
I'm surprised their are passenger trains at all in other parts of the country... Here in PA, Philly I think is the only city with passenger train service through Amtrak. Oh sure, we have lots of rail lines (I drive over 6 sets of tracks every day), but those are exclusively industrial transportation and not passenger lines...
Re: (Score:2)
Amtrak runs from Philly West to Pittsburgh, and from there north toward Cleveland and south toward DC. Lots of stops through central PA. There's also commuter rail (SEPTA) in the Philadelphia area.
Re: (Score:1)
I'm surprised their are passenger trains at all in other parts of the country... Here in PA, Philly I think is the only city with passenger train service through Amtrak. Oh sure, we have lots of rail lines (I drive over 6 sets of tracks every day), but those are exclusively industrial transportation and not passenger lines...
Amtrak runs over CSX/NS/UP/etc.-owned trackage with infinite-length trackage rights (i.e. ability to travel over "foreign" rail) due to the US government taking over the (failing) passenger rail service from the former large railroads (NKP, PRR, NYC, etc.) in 1971.
Amtrak says they have service to Altoona, Ardmore, Coatesville, Connellsville, Cornwells Heights, Downington, Elizabethtown, Erie, Exton Greensburg, Harrisburg, Huntingdon, Johnstown, Lancaster, Lantrobe, Lewistown, Middletown, Mount Joy, Nor
Re: (Score:2)
No. I've only ridden Amtrak a few times in the NE corridor from Boston to NY/DC and I've never had to display any form of identification to enter the station or board.
the important question is.... (Score:5, Interesting)
Has the DEA been sending him a yearly 1099 for taxes? if not, then the IRS needs to audit the DEA.
From endangered to extinct (Score:4, Funny)
Articles such as this will henceforth only be of interest to me if they include examples where my data is not collected.
Whirrr...click. Adjustment Bureau confirms your new filter parameters.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Yes. The Constitution enumerates what the governement is allowed to do. It doesn't say it's allowed to track citizens. That means the Feds aren't allowed to do it. (It says nothing, however, about what the states are allowed to do.)
Circomventing controlls (Score:2)
Sounds like someone was circumventing controls. The DEA had access... but did everyone in the DEA have access? I doubt it. One department likely had the data and getting to it either required evidence some didn't want to bother with, or was political, or maybe involved transferring money from your department to the controlling department. I've seen businesses where IS has control of an application, but what they claimed it cost per license was high enough that another department went out and bought the appl
Re: (Score:2)
I see this as very similar to the parallel construction method. The DEA likely has controls on the information and logs requests to see it, by paying the Amtrak employee separately they can argue they never looked at the passenger information because it's not logged in the request. The defense can't say they used improper search methods because the log shows they never accessed it.
I'd be willing to be someone is in jail right now because of this information being accessed outside normal channels and had the
Re: (Score:2)
Under a joint drug enforcement task force that includes the DEA and Amtrakâ(TM)s own police agency, the task force can obtain Amtrak confidential passenger reservation information at no cost, the inspector generalâ(TM)s report said. Under an agreement, Amtrak police would receive a share of any money seized as a result of such drug task force investigations, and Amtrakâ(TM)s inspector general concluded that DEAâ(TM)s purchase of the passenger information deprived the Amtrak Police Department of money it would have received from resulting drug arrests.
So it may simply be that there was a lot of money to be made by screwing Amtrak out of it.
Perfectly normal business (Score:5, Funny)
Comment removed (Score:5, Informative)
Re: (Score:2, Interesting)
You realize those California dispensaries may be legal according to state law. but run afoul of federal law because of the federal prohibition on drugs.
because? i don't know why...why did it take a constitutional amendment to ban alcohol but did not require one for other drugs?
i believe they often use the interstate commerce clause...but if the state views it as legal and it never crossed state lines, then it seems the fed's shouldn't be able to touch it.
Re: (Score:1)
"their raids on California dispensaries and legislative obstructionism shouldnt be ignored."
Uh, speaking as a former member of a few of those collectives, you do realize that they were operating outside of state law? That very same set of laws that the FG said they'd not interfere in unless it hit federal territory? Do you not realize most of these busted places were running a for-profit organization, in violation of STATE LAW?
What happens when state law is heavily violated? State doesn't prosecute, the Fed
Re: (Score:2)
I don't see how controversial it can really be, given that there's ample evidence for it. This book [amazon.com] dedicates a whole chapter to the formation of DEA and other related actions (introduction of no-knock raids, for example) of the Nixon administration, plotting the timeline against the political rhetoric.
Hard to know which to be more disgusted by.. (Score:3)
Theft? (Score:3)
Surely this is illegal? I know that the US has no privacy laws, but it is still theft. Both he and the individuals purchasing the stolen data should be prosecuted.
Of course, it won't happen because "War on Drugs", and anyway, anything the US government wants is ok.
Re: (Score:2)
Amtrak [wikipedia.org] is publicly funded. So the issue of whether theft was involved or it was an instance of interagency data sharing might be a bit cloudy.
Certainly this sort of transaction shoud be covered in Amtrak's corporate policies and procedures. I seriously doubt a low level employee could engage in such activity without approval from higher up. On the other hand, the absense such policies is a sure sign of bad management.
Re: (Score:1)
It pretty much goes like this:
1) Purchase ticket using unique email address.
2) Almost immediately receive spam to that email address from a spoofed source.
3) Realize Amtrack is (knowingly or unknowingly) selling your personal contact information to anyone who will pay.
It makes sense that if this Amtrack employee was selling the customer contact info database illegally to the DEA there likely were other buyers too that are much harder to catch in the act. Furthermore it makes sense that if the DEA would spe
Government Dollars at Work! (Score:1)
Re: (Score:2)
One can only shake your head.
You can just shake your head but don't forget this lightened your wallet too.
Re: (Score:2)
Hey, babe. Take a walk on the wild side...
Re: (Score:2)
Re: (Score:2)
You ignorant bigoted piece of shit. Just don't give the prostitute money, and leave her to live her life as she chooses.
Re: (Score:2)
I greatly dislike prostitution. I regret that some people feel it's the only way they can earn a living. I would prefer that there wasn't a market for such services.
None of that makes me hate people that provide such services.
None of that makes me a bigoted twat that hates transgendered people for no reason other than my own ignorance.
I'd rather be a clown.
Re: (Score:2)
Ignorant? Really?
Bigoted against tranny prostitites? On government transportation that the public rides on? HELL, yes. Publicly visited transport should be free of this filth. You're a complete fucktard for thinking this is not completely fucking disgusting and actually supporting it's actions. Just because some assclown wants to pretend it's a woman, that certainly means that it isn't. Get that seedy shit off of national transportation that people have to pay to be on. Clown.
The lady doth protest too much, methinks.
Allowed to retire without disciplinary action (Score:2)
That's just amazing. Any company I've worked for, I'd be strung up by the heels for giving away customer data, let alone selling it for the better part of a million dollars. One article notes "It was not clear whether the DEA has rules against soliciting corporate insiders to provide confidential customer information in exchange for money." Really, they need a specific rule against that? I can see a DEA official whispering in someone's ear "Shut up, shut up, let it go and just let her retire."
Amtrak informant is just one source (Score:1)
Re: (Score:1)
Don't miss out, there are, FREE patches to soothe, your ravaged, souls. Come and, be, WHOLE again.
windowsupdate.microsoft.com
WTF?
Probably a guy whom the DEA would be interested to meet if you ask me... ;-)