Double Dipping at SWIFT

Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.

The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.

But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.

Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.

Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.

Indeed, though it may pertain to the credit card data, Spiegel reports that even the spooks are wary about the degree to which GCHQ and NSA collect data on people who aren’t legitimate targets.

But even intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK’s intelligence agency GCHQ concerning the legal perspectives on “financial data” and the agency’s own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved “bulk data” full of “rich personal information,” much of which “is not about our targets,” the document says.

And these GCHQ spies aren’t the only ones concerned about this spying. Eric Lichtblau’s book described some of the worries about SWIFT access.

One reason people grew uncomfortable with the program was because “some foreign officials feared that the United States could turn the giant database against them.” (234) Others worried that the US might be “delving into corporate trade secrets of overseas companies.” (248) And when Alan Greenspan helped persuade SWIFT to continue offering US access to the database, he admitted how dangerous it was.

If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems. (246)

Sure, Alan Greenspan is a hack, but he normally underestimates the degree to which risks threaten the global financial system. And there’s a decent chance that NSA’s theft of this data goes beyond even that access — purportedly limited to counterterrorism — that got Greenspan so concerned.

Now if the rest of us can’t have privacy to conduct our private lives, I’m all in favor of making the banskters’ secrets public as well. Heh.

I recognize that that undermines a key assumption the banksters rely on: privacy. If NSA can steal whatever they want, they really do have the ability to undermine what few rules still govern the international gambling-masquerading-as-banking system.

But even having been warned about the risk stealing this data poses to the global financial system doesn’t appear to have stopped NSA.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

16 replies
  1. orionATL says:


    why is the us govt/nsa stealing swift info, listening to negotiating allies in europe, spying on brazilian president and mexican president-to-be, not to mention the multiple communications of every american citizen?

    a simple answer is “because the nsa has the ability”; the add-on spying is reflexive.

    another obvious answer is because of a enabling quadrangle involving defense contractors seeking to increase corporate income, whitehouse and congressional politicians seeking campaign money, the police/prosecutors of the doj, and the nsa.

    but i’m of the opinion it is time to begin to look carefully to see if there might be a small group of individuals who are the driving force behind what appears to be “merely” reflexive spying of questionable value.

    nsa’s generalissimo, keith alexander is one obvious person, but are there others from the congress, from the bush or obama whitehouse, from the bush or obama doj, from the bush or obama dod?

    if there is such a group, what might be their objectives?

    glenn greenwald gives us a disturbing picture of generalissimo alexander fantasizing he is star-trek material.

    but alexander is not foolish or irrational in his bureaucratic effectiveness.

    and there may be a few other key power-lovers or idealogues who are stealthily moving the nsa along. who might they be?

    and, again, why?

    to what end?

  2. Arbusto says:

    Begs the question and as expanded by onionATL, WTF can NSA do with all this crap. I guess we could initiate a community college certificate program on intel analysis to increase the ranks, or farm it out to India and China. But depth and breadth of analysis, not even including the worlds disparate languages and cultures is mind numbing. Jeebus, the shear mass of data accumulation for accumulation sake is beyond asinine, and NSA interrupted how many plots and caused the arrest, prosecution and imprisonment of how many terrorists?

  3. P J Evans says:

    Now if the rest of us can’t have privacy to conduct our private lives, I’m all in favor of making the banskters’ secrets public as well.

    I’d go for all of them from CEO/board chair down to regional VP/manager.

  4. William A. Hamilton says:

    NSA’s Follow the Money Signal Intelligence (SIGINT) intercepts of bank transfers did not begin under President Obama, but under the first year of the Reagan Administration, and the U.S. Department of Justice was a full partner of NSA from the inception, I.e. stealing the PROMIS software from INSLAW and covertly disseminating copies to NSA so NSA “cutout” companies could sell the stolen software to banks for installation on their computers to enable NSA’s real-time electronic surveillance of bank transfers. Whenever INSLAW came close to proving what NSA was doing with the stolen PROMIS software, the U.S. Department of Justice could be counted on to obstruct justice through colluding to deprive INSLAW of litigation counsel, by having incriminating evidence “disappeared” from the Justice Department’s litigation files when it was under subpoena from Congress, and by tampering with FBI software source code evidence that the U.S. Court of Federal Claims had ordered the FBI to produce in January 1996 so a Panel of court-appointed outside software experts could do a line-by-line comparison with INSLAW’s PROMIS. The lack of accountability of NSA not only did not begin under Obama but it has always involved active collusion with the chief law enforcement agency of the United States.

  5. jo6pac says:

    @William A. Hamilton: The good old days with uncle ed meese in charge of doj. If I remember correctly the cutouts sold the software to Canada and Canada thought the had found and closed the backdoor on the software to find out yrs later they didn’t. Sad but a few people died along the way of INSLAW story but was swept away as nothing to see here. doj also gave this software to Amerikas good friend at the time sadman hussian they never knew that nsa was watching their every move. ,

  6. Chetnolian says:

    This is back out of the weeds. Don’t worry Marcy keep digging. Knowledge they say is power. If NSA has or can get hold of all the financial data of everyone, can you imagine how many scared people there might be, within the US Government? You don’t have to get very conspiracy theorist to wonder if the current administration’s inability to rein in the spooks has something to do with what the spooks know. And that is a scary thought.

  7. orionATL says:

    this is quite a story:

    as is this:

    this latter is an excellent primer on how ruthless the u.s. department of “justice” can be, how it willingly abuses the law when the law proves inconvenient, and how it covers up criminal activity of its attorneys.

    it also suggests an early (reagan-era) link between the doj and nsa-israeli spying, with the doj fascilitating.

  8. C says:

    @orionATL: Think about the glowing bio that was written about Clapper a few weeks ago. The one that described him with a singleminded focus on “Preventing another 9/11”. Think also about the horribly insulting behavior of the PCLOB, the ones who complained that the board was too concerned with civil liberties and not enough with terror.

    If you look at all of the stupid behavior the NSA has engaged in (e.g. weakening crypto standards) there are really three possible interpretations: (1) Washington is obsessed with terrorism and doesn’t really see anything else as important; (2) They like having power and want to use it and really don’t trust anyone else; (3) The surveillance state is so profitable for people like Booz and Google that they actively lobby to increase it and back “Teror Experts” who talk it up just as people like Raytheon support groups like the “Instutute for the Study of War”.

    Personally I suspect that it is all three things, money, power, and ocd operating in groupthink city. At this point I’m not sure anyone even understands how to not do it or understands quite how bad it all is for those outside the bubble.

  9. earlofhuntingdon says:

    “Just steal it.” Pretty much sounds like the US approach to global resources generally. Ask anyone in Latin America or West Africa.

  10. tjallen says:

    Other countries should stop making purchases from the US and from US companies. That might wake up someone. The NSA may “just steal it” when it comes to data, but they cannot force countries and individuals to purchase things.

  11. Greg Bean (@GregLBean) says:

    One has to wonder at what stage the damage is so severe that it reduces the 5-eyes group to outsiders.

    BRICS (Brazil Russia India China & South Africa) is not an insignificant organization and with just a little transparency and adherence to mutually agreed rules will likely grow in strength and influence. They certainly have a very viable commercial future and have now funded their competitor to the World Bank. They are likely to develop a shared cyber future and with Brazil and Argentina’s co-operation on Cyber-security defense, just announced, their is every likelihood that will expand to include other BRICS members soon, and lock out the 5-eyes group. And militarily BRICS is not in any way threatened by the 5-eyes group in anything less than total mutual destruction.

    It is not hard to imagine many western allies, like Germany, and even much of Europe, the remaining South American, African and Asia countries that are western allies, and even many middle eastern allies discarding the crumbling old boys club that is 5-eyes and moving to what appears to be a more inclusive global cooperative.

    And all the while Obama fiddles.

  12. C says:

    @Greg Bean (@GregLBean): Well put, that really is the problem. Some set of idiots (Congress and a succession of presidents) have essentially let the NSA have free reign to abuse any and all powers with no thought to the broader consequences. The problem is that the payoffs seem to have been minimal at best (one economic crisis not averted dubious use for real terror plots and increased safety “at the margins”) while the cost (convincing the rest of the world and most of the American People that the U.S. cannot be trusted) is too damn high.

    At present even Germany is acting as if they cannot trust us and encouraging their people to turn away from American companies. As a consequence the real economic costs will be burdensome but noone in bubble city gets that.

    As to Obama fiddling. Well I put the blame for this on many especially those in Congress who have abdicated their oversight for decades. But I do have to say, it takes real work to make Vladimir Putin look like the peace candidate.

  13. Greg Bean (@GregLBean) says:

    @C: “But I do have to say, it takes real work to make Vladimir Putin look like the peace candidate.” I agree with your entire response, especially the part where you complemented me. :-)

    However, as a contentious shit disturber I take exception to the comment about Putin, only mildly mind you, but even so, I do, and here’s why.

    I grew up in Canada, hell SS Marie, Ont. is so close to Marcy’s home ground that I almost feel like we might have been neighbors. During that time, the early sixties, when I was 7-8, I regularly ran home from school while the air raid sirens wailed their warnings of impending nuclear disaster. We’d hide in our basements, tight up against the wall closest to the expected blast, and pretend that we’d survive. Many houses were built in that era with 3 ft thick concrete walls and ceilings and equipped with water, food and supplies for 12-18 months, in preparation for THE BOMB’ing that was imminent. We all knew about the DEW Line and that the Russians were mad war-mongers who would gladly die to destroy our free society.

    And then when I was in my teens I saw the movie, ‘On the Beach’. And something clicked. No one would be this mad.

    Well, no one except the US that is.

    I live in Australia now, and have done for 30 years, and only hope that the madness stays in the northern hemisphere.

    So, back to my original comment; when you leave the North American continent, and are exposed to the world news as everyone except North Americans see it (yeah, my Canadian family and friends still seem so deceived by it that I cannot fathom their delusion – it’s fanatical, almost religious) you start to realise that the world is not as you were told it was.

    Vietnam is one of the most beautiful, peaceful, pleasant societies you can visit. The resorts and beaches are awesome. They refer to what we in the west think of as the Vietnam War, as the American War, when they were invaded by the US. There is no animosity mind you. They are happy, largely. They have problems with their democracy, and will with luck resolve the issues, but they are not under the thumb of a murderous US installed dictator.

    China is not a threat. It has a hugely corrupted communist party that almost matches the corruption of the corporations and banksters of the west but is not in most measurable ways worse. And as far as I can see, China is not focused on developing a global empire, unless it is through dominating trade. Yes there are irritations over disputed islands with Japan, but they are not threatening to bomb anyone, and do not have drones reeking havoc on wedding parties in half a dozen countries.

    And so it goes, once out of the North American propaganda zone one learns that life is generally pretty pleasant and we can all get along.

    So, Putin, a monster. How many countries is Russia at war with? How many wedding parties has Putin blown to smithereens? How many chemical and depleted uranium weapons has Russia dumped on the world in the last 100 years? How many terrorists have felt a need to retaliate and bomb Russian cities and subways recently?

    Putin is not the best mankind can hope for but compared to Truman, Eisenhower, Kennedy, Johnson, Nixon, Ford, Carter, Reagan, Bush, Clinton, Bush, Obama he sure is not out of the running as a peace candidate.

    One really does not have to work hard to look like a peace candidate compared with any of the last 12 US Presidents.

    And I haven’t forgotten the War of 1812 with Canada and the Mexican War that JD Thoreau writes about so eloquently but just don’t have time to cover the full history of US war-mongering.

  14. C says:

    @Greg Bean (@GregLBean): Greg, while I agree with you that things are not as they always seem within the bubble I want to comment on one point:

    So, Putin, a monster. How many countries is Russia at war with? How many wedding parties has Putin blown to smithereens? How many chemical and depleted uranium weapons has Russia dumped on the world in the last 100 years? How many terrorists have felt a need to retaliate and bomb Russian cities and subways recently?

    Putin’s conduct in Chechnya in particular has been quite awful. No he has not resorted to drones as we have but noone I know inside or outside of the U.S. (including Russians) consider his actions on that moral or moderated. Now are they wild with the way he has increased the use of the state security apparatus inside Russia to monitor and stifle dissent.

    In my neither Putin nor Obama counts as a peace candidate nor deserves a peace prize, hence my comment. Somehow Team O managed to handle this so oddly, not that there was a good way to do it, that they managed to make it seem like a time for Putin the peacemaker. Now they are busy trying to spin it as a “Victory” for Obama even as they and the Russians squabble at the U.N. and none of the Very Serious People in bubble-city are as concerned for the fate of the Syrians as they were a week ago.

  15. Bill Michtom says:

    @earlofhuntingdon: “Just steal it.” Pretty much sounds like the US approach to global resources generally. Ask anyone in Latin America or West Africa.”

    I’m with the earl on this. :(

  16. Bill Michtom says:

    @C: Have to disagree on this: “Just steal it.” Pretty much sounds like the US approach to global resources generally. Ask anyone in Latin America or West Africa.”

    The banksters have cleaned up–and continue to. And they’re just not interested in anything remotely long-term.

Comments are closed.