Double Dipping at SWIFT

Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.

The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.

But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.

Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.

Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.

Indeed, though it may pertain to the credit card data, Spiegel reports that even the spooks are wary about the degree to which GCHQ and NSA collect data on people who aren’t legitimate targets.

But even intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK’s intelligence agency GCHQ concerning the legal perspectives on “financial data” and the agency’s own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved “bulk data” full of “rich personal information,” much of which “is not about our targets,” the document says.

And these GCHQ spies aren’t the only ones concerned about this spying. Eric Lichtblau’s book described some of the worries about SWIFT access.

One reason people grew uncomfortable with the program was because “some foreign officials feared that the United States could turn the giant database against them.” (234) Others worried that the US might be “delving into corporate trade secrets of overseas companies.” (248) And when Alan Greenspan helped persuade SWIFT to continue offering US access to the database, he admitted how dangerous it was.

If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems. (246)

Sure, Alan Greenspan is a hack, but he normally underestimates the degree to which risks threaten the global financial system. And there’s a decent chance that NSA’s theft of this data goes beyond even that access — purportedly limited to counterterrorism — that got Greenspan so concerned.

Now if the rest of us can’t have privacy to conduct our private lives, I’m all in favor of making the banskters’ secrets public as well. Heh.

I recognize that that undermines a key assumption the banksters rely on: privacy. If NSA can steal whatever they want, they really do have the ability to undermine what few rules still govern the international gambling-masquerading-as-banking system.

But even having been warned about the risk stealing this data poses to the global financial system doesn’t appear to have stopped NSA.

Tweet about this on Twitter14Share on Reddit0Share on Facebook6Google+0Email to someone

16 Responses to Double Dipping at SWIFT

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

Emptywheel Twitterverse
JimWhiteGNV RT @DCreDC: "@DemocracyNow: Have you been called by anyone in Congress to testify...? POSTOL: Of course not. Congress is not interested in …
48sreplyretweetfavorite
JimWhiteGNV RT @MarcACaputo: A new identity for David Rivera: 'Co-conspirator A.' http://t.co/CyI8Rl104o
2mreplyretweetfavorite
JimWhiteGNV I'm shocked, shocked that the torture report has significant redactions. #MostTranparentAdministrationMyAss
6mreplyretweetfavorite
emptywheel @1971Film Had a ticket but didn't make it--so bummed!
8mreplyretweetfavorite
emptywheel @Krhawkins5 So maybe they'll ruin your October vacation. You got one of those scheduled?
9mreplyretweetfavorite
emptywheel @Krhawkins5 Normally I'd say you'd be absolutely right. But CIA is going to stall on explaining its overredaction longer, don't you think?
9mreplyretweetfavorite
JimWhiteGNV RT @DCreDC: MIT expert: Hamas warheads are only 10-20 pounds, and #IronDome likely intercepts at most 5% of them http://t.co/jr44BTnRqe #Ga
10mreplyretweetfavorite
emptywheel And @Krhawkins5 wins the predicted-the-utterly-predictable about CIA's overcensorship sweepstakes! Your prize is... dysfunctional democracy!
17mreplyretweetfavorite
emptywheel RT @shaneharris: Feinstein: SSCI got interrogation report from WH. Has "significant redactions." Need to review. Report "will be held until…
19mreplyretweetfavorite
JimWhiteGNV RT @ggreenwald: A reminder that John Brennan himself was at Bush CIA & supported some forms of torture and renditions http://t.co/mOJ7VSSCBc
22mreplyretweetfavorite
JimWhiteGNV RT @assholeofday: Yochanan Gordon, writer of "When Genocide is Permissible", is the #AssholeOfTheDay: http://t.co/TXaKynUBcx http://t.co/H2
24mreplyretweetfavorite
emptywheel RT @OrinKerr: DOJ petitions for rehearing in U.S. v. Davis, the 11th Circuit cell-site case: http://t.co/O3hwU3yvWt
24mreplyretweetfavorite
September 2013
S M T W T F S
« Aug   Oct »
1234567
891011121314
15161718192021
22232425262728
2930