Federal law enforcement agencies have been tracking Americans in real-time using credit cards, loyalty cards and travel reservations without getting a court order, a new document released under a government sunshine request shows.

The document, obtained by security researcher Christopher Soghoian, explains how so-called “Hotwatch” orders allow for real-time tracking of individuals in a criminal investigation via credit card companies, rental car agencies, calling cards, and even grocery store loyalty programs. The revelation sheds a little more light on the Justice Department’s increasing power and willingness to surveil Americans with little to no judicial or Congressional oversight.

For credit cards, agents can get real-time information on a person’s purchases by writing their own subpoena, followed up by a order from a judge that the surveillance not be disclosed. Agents can also go the traditional route — going to a judge, proving probable cause and getting a search warrant — which means the target will eventually be notified they were spied on.

The document suggests that the normal practice is to ask for all historical records on an account or individual from a credit card company, since getting stored records is generally legally easy. Then the agent sends a request for “Any and all records and information relating directly or indirectly to any and all ongoing and future transactions or events relating to any and all of the following person(s), entitities, account numbers, addresses and other matters…” That gets them a live feed of transaction data.

DOJ powerpoint presentation on Hotwatch surveillance orders of credit card transactions " + __flash__argumentsToXML(arguments,0) + "")); }" _gaproxy_onunload="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" externalmouseevent="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" extmouseout="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" extmouseup="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" shake="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getpage="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" setpage="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getpagecount="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getzoom="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" setzoom="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" enablerelateddocuments="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" disablerelateddocuments="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" gethorizontalscroll="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getverticalscroll="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" sethorizontalscroll="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" setverticalscroll="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" highlightkeywords="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" disablekeywordhighlighting="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" enablekeywordhighlighting="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" sethighlightkeywords="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" gethighlightkeywords="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getviewmode="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" setviewmode="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getfullscreen="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" setfullscreen="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getdocumentid="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getaccesskey="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getpagedimensions="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" gettitle="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getdescription="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getembedcode="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getviewurl="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getauthorname="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getauthorusername="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" getauthorid="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" loaddocument="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" loaddocumentfromurl="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" keyboardshortcutdown="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }" keyboardshortcutup="function () { return eval(instance.CallFunction(" " + __flash__argumentsToXML(arguments,0) + " ")); }">

It’s not clear what standards an agent would have to follow to get a “Hotwatch” order. The Justice Department told Soghoian the document is the only one it could find relating to “hotwatches” — which means there is either no policy or the department is witholding relevant documents.

The Justice Department did not return a call for comment.

Every year, the Justice Department does have to report to Congress the numbers of criminal and national security wiretaps undertaken, as well as the number of National Security Letters issued. Tens of thousands of NSLs are issued yearly — most with gag orders that forbid ISPs or librarians from ever saying they have ever been served with such a subpoena.

But the Justice Department does not report or make public the number of times it got real time or historic cell phone location information, nor how often it is using these so-called “hotwatch” orders.