SWIFT: Big Brother with a Booz Assist, Only without the Paperwork

As reporting on Edward Snowden reveal the scope of our spying on European friends, I’ve been thinking a lot about SWIFT.

SWIFT, you recall, is the database tracking international online money transfers. After 9/11, the US Government started helping itself to the data to track terrorist financing. But then in 2010 the servers moved entirely to the EU, and the EU forced the US to accede to certain protections: protections for EU citizens, a prohibition on bulk collection (and with it data mining), and two-pronged audit system.

Today, the CEO of SWIFT until 2007, Leonard Schrank, and the former Homeland Security Advisor, Juan Zarate, boast about the controls on SWIFT, suggesting it provides a model for data collection with oversight.

Both the Treasury and Swift ensured that the constraints on the information retrieved and used by analysts were strictly enforced. Outside auditors hired by Swift confirmed the limited scope of use, and Swift’s own representatives (called “scrutineers”) had authority to stop access to the data at any time if there was a concern that the restrictions were being breached. These independent monitors worked on site at government agencies and had real-time access to the system. Every time an analyst queried the system, the scrutineer could immediately review the query. Each query had to have a reason attached to it that justified it as a counterterrorism matter. Over time, the scope of data requested and retained was reduced.

This confirmed that the information was being used in the way we said it was — to save lives.

[snip]

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

This description should already raise concerns about the so-called gold standard for spying. When “scrutineers” cohabit with those they’re supposed to be scrutinizing, it tends to encourage cooperation, not scrutiny.

And somehow, Schrank and Zarate neglect to mention that the vaunted audit process they describe was conducted by none other than Booz Allen Hamilton, the contractor that hired and let Edward Snowden abscond with the spying world’s crown jewels. And, as ACLU noted in a report for the EU in 2006, even during Schrank’s tenure, Booz was neck deep in aggressive surveillance.

But the real problem with highlighting SWIFT as a poster child of massive surveillance done right post-dates Schrank’s tenure (though he must know about this), when the EU’s independent audits for the first time revealed what went on in SWIFT queries. Among other things: the actual requests were oral, and therefore couldn’t be audited.

The report revealed that the Americans have been submitting largely identical requests–but then supplementing them with oral requests.

The oral requests, of course, make it impossible to audit the requests.

At the time of the inspection, Europol had received our requests for SWIFT data. Those four requests are almost identical in nature and request–in abstract terms–broad types of data, also involving EU Member States’ data. Due to their abstract nature, proper verification of whether the requests are in line with the conditions of the Article 4(2) of the TFTP Agreement–on the basis of the available documentation–is impossible. The JSB considers it likely that the information in the requests could be more specific.

Information provided orally–to certain Europol staff by the US Treasury Department, with the stipulation that no written notes are made–has had an impact upon each of Europol’s decisions; however, the JSB does not know the content of that information. Therefore, where the requests lack the necessary written information to allow proper verification of compliance with Article 4(2) of the TFTP Agreement, it is impossible to check whether this deficiency is rectified by the orally provided information. [my emphasis]

In addition, in spite of demands that the program include no bulk downloads, that’s precisely what the US was doing.

“We have given our trust to the other EU institutions, but our trust has been betrayed”, said Sophia in’t Veld (ALDE, NL), rapporteur on the EU-US Passenger Name Record (PNR) agreements. “This should be kept in mind when they want our approval for other agreements”, she declared.

“Somehow I am not surprised”, said Simon Busuttil (EPP, MT), recalling that “at the time of the negotiations last year we were not satisfied with having Europol controlling it – we wanted additional safeguards”. He added that ”the agreement is not satisfactory”, since it involves the transfer of bulk data, and insisted that ”we need an EU TFTP”.

For Claude Moraes (S&D, UK), the US demands are “too general and too abstract”. He also recalled that MEPs had insisted at the time that it must be specified how the US request would be made and that they needed to be “narrowly tailored”. A written explanation should accompany each request, he added.

This agreement is not in line with Member States’ constitutional principles and with fundamental rights, argued Jan Philipp Albrecht (Greens/EFA, DE). He highlighted the problem of bulk data transfer, “which is exactly what we have criticised before“. [my emphasis]

In other words, once an actual independent reviewer — not an embedded contractor like Booz — reviewed the program, it became clear it was designed to be impossible to audit, even while engaging in precisely the bulk downloads the Europeans feared.

Not only is the experience of SWIFT one reason why the Europeans are so quick to object to the scale of US spying on them. But it is actually a poster child for surveillance done wrong.

Contrary to what its boosters want you to believe.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

14 replies
  1. person1597 says:

    If “all encrypted data” triggers capture… yes, that’s all supposedly “secure” traffic! Sheese.

    But I digress.

    There’s a squirrely but possible pivot to 24/7 panoptic capture for all digital data flow, even if it might make a constitutional loyalist blanche…

    Suppose, just for a moment, in the heat of the night, someone in the fourth branch chose to conflate “encoded” with “encrypted”.

    In an attempt to back-door the toobz, someone may have been tempted to construe standard high speed digital transmission (8b/10b) encoding as a substitution cipher. (As such, packets are generally “encoded” beyond the native data format to enhance communications reliability.)

    Suppose your boss wants a way to bend the law to his will… what would any self-respecting minion-hack do — change the spec!

    Fairy dust the policy treatment for “encoded data” to be the same as “encrypted data”. Get it? — Now all digital communications are treated as encrypted simply because they have been pre-conditioned to survive the transmission gauntlet.

    Poof! All your toobz are mine!! Preposterous? Maybe… But…

    100 Exabytes of “encoded” data flow every day may be one heck of a Hoover, but actually, not that expensive — maybe about $50-60K a day if I had to guess.

  2. Scott Kinney says:

    First, kissy-points for remembering that SWIFT is an acronym and should be capitalized.

    Second, though, SWIFT is *not* ‘a database tracking international online money transfers’. It’s really a general-purpose communication protocol for banking and other financial operations. There are many hundreds of distinct kinds of SWIFT messages that member banks can exchange, and really only 5 of them move money.

    You can get records of money transfers between member banks and their correspondents out of SWIFT, which is really what the entire dreary story is about, but it would in no way be a simple dump of every SWIFT message.

    For more fun and games, research the nascent Treasury rule requiring daily reporting of all electronic cross-border funds transfers directly to Treasury.

  3. earlofhuntingdon says:

    That the USG has bludgeoned its way into the SWIFT data systems, almost certainly in violation of EU privacy rules, has a long history on this blog. No kissy-points for having missed that. Not surprising when one finds the topic so dreary.

  4. earlofhuntingdon says:

    How dreary that even a foreign head of state’s aircraft is not given its due diplomatic immunity when the hunt for Snowden is at stake. I guess I should repeat that two minutes of hate I missed.

  5. orionATL says:

    in this week’s edition of banking fraud for fun and profit:

    http://www.guardian.co.uk/business/2013/jul/03/hsbc-money-laundering-settlement-approved

    as far as i am concerned, “did it make any real difference” is a key question for all these spying and prying games our gov’t plays under the aegis of “national security”.

    i’m all for discovering money laundering, but did swift play any role in dicovering hsbc’s money laundering or was it mostly financial accounting leg-work?

    further, hsbc’s infraction was just an intermediate step in the drug trafficing and sales business? would it be reasonable to expect that some drug businessmen would have been discovered and prosecuted as a result of knowledge garnered from swift?

    was that in fact the case?

    what bothers me almost as much as the constututional issues of privacy and political activity is the question of “does all this unconstitutional, intrusive, phenomenally expensive government spying ever stop any illegal activity”, e.g., vindictives (aka terrorists), drug businessmen, arms businesmmen, corporate or private income tax evaders, bankers, economic “diplomacy” (iran), etc.?

    or are these snooping, spying, prying u.s. programs just giant gyro gearloose technical triumphs, empty of any real benefit to society?

  6. orionATL says:

    let’s see now,

    we got a nsa database of all american telephone call “metadata” (aka, tracking and identifying information)

    we got a nsa data base of ofamerican e-mail “metadata” (aka, tracking and identifying information)

    we got a nsa database of conversations among diplomats and leaders of our european allies

    we got a data base of swift documents. does treasury hand this off to nsa to process and return to treasury?

    we got a number of (non-government) real estate databases that appear to list a large number of houses in the nation

    imagine this:

    a nsa database of the genome of every citizen of the u.s.

    or, more broadly, of every person resident in the u.s. at a point in time.

    now imagine the rationales for this.

    now imagine an nsa database for the banking information of every citizen, or every resident, of the u.s.

    now imagine the rationales for this.

    now imagine a nsa data base of the medical records from birth of all u.s. citizens or residents of the u.s.

    now imagine the rationales for this.

    i mention nsa for some of these datasets for the important reason they have developed, thru spying for decades, the expertise to gather and to store enormous data sets, and thus might be considered the “efficient and sensible” choice to gather and manage these other data, if they aren’t do so already. changing the nsa restrictions on spheres of operation is only a congressional act away.

    welcome to our brave new future of total information awareness – of you.

    be assured that naught could go amiss; we have and will continue to have our presidents’ assurances of “checks and balances” and “transparency”.

  7. OutCountry says:

    Just curious, but why haven’t there been any stories about electronic records of checks and credit card transactions for US citizens also being captured? I can’t believe that the NSA has no interest in that potential gold mine of information. Besides the obvious possibility of exposing weapon, drug and chemical purchases, the records could supplement mobile call location data (fill in gaps when phones are turned off). That could allow the government to put together an even better minute-to-minute account of a target’s activities. Would the big banks and credit card companies hesitate at all before turning over their bulk records? Are there any laws preventing this?

  8. emptywheel says:

    @OutCountry: Part of the reason is that Snowden was NSA. I suspect a lot of the other collection is going through the FBI exclusively (Section 215 is meant for the FBI, not NSA, as are NSLs). So it may be much of that is happening elsewhere in the govt.

  9. GKJames says:

    Which brings to mind the credit card companies. Far as I know, they haven’t been mentioned. Fertile ground for a closer look??

Comments are closed.