Update: The change went into effect on July 1, 2013, so before Comey’s coronation.
I’ve been tracking the FBI’s embrace of its national security/intelligence role (with a consequent inattention to bank crimes, in particular) for years – notably with this post on its self-congratulation a decade after 9/11. (See also this post, this post, and this one.)
So regular readers will be unsurprised by Foreign Policy’s report that the FBI’s boilerplate fact sheet now hails its primary function to be national security.
But quietly and without notice, the agency has finally decided to make it official in one of its organizational fact sheets. Instead of declaring “law enforcement” as its “primary function,” as it has for years, the FBI fact sheet now lists “national security” as its chief mission. The changes largely reflect the FBI reforms put in place after September 11, 2001, which some have criticized for de-prioritizing law enforcement activities. Regardless, with the 9/11 attacks more than a decade in the past, the timing of the edits is baffling some FBI-watchers.
But I am a bit interested in the question FP goes onto ask: when did this happen. It appears to have happened during the summer.
“What happened in the last year that changed?” asked Kel McClanahan, a Washington-based national security lawyer.
McClanahan noticed the change last month while reviewing a Freedom of Information Act (FOIA) request from the agency. The FBI fact sheet accompanies every FOIA response and highlights a variety of facts about the agency. After noticing the change, McClanahan reviewed his records and saw that the revised fact sheets began going out this summer. “I think they’re trying to rebrand,” he said. “So many good things happen to your agency when you tie it to national security.”
What FP doesn’t answer is why this happened.
But one possibility is the arrival of Jim Comey.
Comey didn’t take over as FBI DIrector until September 4, 2013. But his confirmation hearing (more of a coronation, really) was on July 9; his confirmation vote was on July 29. So he had plenty of time to complete the FBI’s rebranding as a domestic spy agency rather than its premier domestic law enforcement agency before he officially took over.
I checked his
confirmation hearing coronation, to see if he announced this rebranding. I’ve been unable to find a formal statement (!!). And while later in the hearing he talked about balancing the intelligence side with the law enforcement side (the FBI itself emphasized this part of the hearing), what apparently extemporaneous statement he did give focused on the FBI’s transition under Robert Mueller to an intelligence agency. (This is my transcription of the non-family part, which took up half of the statement; it starts around 42:30.)
If I’m confirmed for this position I will follow a great American, one who has been clear-eyed about the threat facing our country, especially the metastasizing terrorist threat, the cyber-threat, that poses a risk to our secrets, to our commerce, to our people, and most ominously, to the networks we depend upon as our lifeblood. I know he has changed the FBI, as the Chairman and the Ranking Member described, in fundamental and crucial ways. I know that this will be a hard job. I’m sure that things will go wrong and I will make mistakes. What I pledge to you though is to follow Bob Mueller’s example of staring hard at those mistakes, learning from those mistakes, and getting better as a result of those mistakes. His legacy of candor and straight-forwardness and integrity is one that I pledge to continue. I also know that the FBI is and must be an independent entity in the life of America. It cannot be associated with any party or any interest or any group. It has to be seen as the good guys and good gals in this country. The FBI is and must be about finding the facts and only the facts in a fair, thorough, and objective way, and to do that with a rock-solid commitment to our Constitution and to our laws. That culture of commitment to law and resistance to any jeopardy of independence is at the core of the FBI. I know it is deep inside FBI Agents. Those values are the things that I love about the FBI.
It wouldn’t be surprising that a guy with roots in NY who was prosecuting terrorism even before 9/11 would adopt this focus. Nor do I, thus far, have reason to believe he won’t be better at going after banksters than Mueller was (and Obama has finally shifted some focus to it).
But I do hope — given his appeal to independence — he realizes that making the FBI a domestic intelligence agency does make the FBI a partisan institution, because it de-emphasizes a threat every bit as serious as terrorists and cybercriminals: the banksters.
As I noted last year, when DOJ trumpeted their settlement with HSBC for a slew of money laundering violations, they didn’t mention that HSBC had provided almost a billion dollars to a Saudi bank that funded terrorists. Effectively, HSBC’s material support for terrorism for 5 years after it first realized it was doing so got completely ignored.
It turns out, between the time in 2010 when HSBC stopped providing cash dollars to a terror-supporting bank and the time of the DOJ settlement, HSBC was still violating counterterrorism sanctions. Treasury’s Office of Foreign Assets Controls just issued another settlement with HSBC’s US branch, detailing how HSBC processed 3 transfers totaling over $40,164 involving Husayn Tajideen after the bank learned he had gotten listed a designated terrorist. Not a huge amount of money, but over 4 times what Basaaly Moalin is going to jail for.
It’s OFAC’s rationale it uses to rationalize giving a recidivist just a $32,400 penalty that I find particularly egregious.
The settlement amount reflects OFAC’s consideration of the following facts and circumstances, pursuant to the General Factors under OFAC’s Economic Sanctions Enforcement Guidelines, 31 C.F.R. part 501, app. A. OFAC considered the following to be mitigating factors: HBUS voluntarily self-disclosed the apparent violations to OFAC; HBUS took appropriate remedial action in response to these apparent violations and now has a more robust compliance program in place; and HBUS has not received a penalty notice or Finding of Violation from OFAC for substantially similar apparent violations in the five years preceding the earliest date of the transactions giving rise to the apparent violations. The settlement amount reflects the following aggravating factors: HBUS managers and employees whose primary responsibility includes OFAC compliance were aware of the first apparent violation and had reason to be aware of the second and third apparent violations; the apparent violations resulted in actual economic benefit to an SDGT; HBUS is a large and commercially sophisticated financial institution; HBUS initially provided an incomplete response to an administrative subpoena; and, at the time of the first apparent violation, HBUS’ compliance program did not screen all MT 199 messages for potential OFAC matches. OFAC further reduced the proposed penalty in light of HBUS’ agreement to settle its potential liability for the apparent violations. [my emphasis]
Some of this is typical mumbo jumbo (though in this case, should be read with the awareness that Stuart Levey, who used to be Under Secretary of Terrorism Finance and Intelligence, got named HSBC’s General Counsel in 2012, so the subsequent actions likely represent his involvement).
But the claim that HBUS hadn’t had any substantially similar violations in the five years previous is just ridiculous. They had been busted for all sorts of very similar money laundering problems involving known drug kingpins and were uniquely important in providing cash that terrorists likely used for significant attacks. It’s only not substantially similar because it is orders of magnitude worse, so much so DOJ got involved and the settlement was with a different agency!
And in response to a recidivist being caught again, OFAC fines a bank with $14 billion in profits $32,400.
Update: In a statement to WSJ, Treasury said this settlement with a recidivist is unrelated to the past settlement with the recidivist.
But a Treasury spokesman said in an email that Tuesday’s settlement is unrelated to the December 2012 agreement with OFAC and other federal and state agencies.
“This action is similar to other settlements OFAC has reached with regard to apparent violations committed by U.S. financial institutions,” he said.
Because Bill Binney made an observation about the high docket number of the phone dragnet order released this year, Sibel Edmonds has decided that Glenn Greenwald is hiding a bunch of Edward Snowden documents to protect Pierre Omidyar showing PayPal cooperated with NSA.
Here’s what Binney said, according to him.
Unfortunately, Sibel attributes some of her words to me. I do not know that PAYPAL is involved – only that financial data is being used by NSA. And, based on the “BR” number 13/80 on the Verizon court order to give records to NSA, I estimated that this program involved 78 companies. These would include: telecom’s, internet service providers, banks/finance/credit cards, travel, plus others. So, there’s a lot of business data being collected by NSA and the FBI. In the future, if I am to be quoted, I will have to I will have to insist on a pre-publication review. [my emphasis]
Now, like Peter Kofod, I don’t doubt that PayPal gives a ton of data to the national security state (more on what probably happens below).
But Binney’s comment appears to be based on a misunderstanding of how the FISA docket numbering works (though not one that changes his observation that “there’s a lot of business data being collected by NSA and the FBI”): that each docket pertains to a different company.
Given the filings we’ve seen from voluminous years — particularly 2009 — it is clear that DOJ uses one docket for all providers on a particular order. For example, 3 of the 4 docket numbers used for the phone dragnet in 2009 were 08-13, 09-06, and 09-13. For the entire 3 month period the primary order covers, all the orders and correspondence related to that primary order bears the original docket number. Even in the case where Judge Walton cut off and then resumed production (see 09-13 above) from just one provider got handled in that docketing system. The now public FISC docket appears to continue this practice, with BR 13-109 and BR 13-158 including all the correspondence on a particular order (in addition, there are the Misc dockets for lawsuits, and the 2007 docket tied to Protect America Act for the Yahoo challenge).
And over the years, the list of providers included on the dockets appears to have gotten much longer. Here’s the redacted list of providers from the original 2006 order:
Here’s the redacted list of providers from the most recent order:
The additional providers are probably smaller providers, as well as VOIP providers.
So just 4 and on rare occasions 5 of the Section 215 (“BR”) docket numbers in any given year (and, for the life of the program, just 4 of the PR/TT docket numbers) covered all the providers.
But that may, in fact, mean far more companies are getting Section 215 orders, even bulk orders. As I laid out in this post, the numbers of Section 215 orders have gone up in the last several years (Julian Sanchez has speculated that previously some of this collection was done via National Security Letter, which is a pretty good bet).
And as they’ve gone up, the FISA Court has been modifying far more orders — it modified 86% of the orders in 2011. It has been modifying orders to add minimization procedures (it modified 176 orders in 2011 to add minimization requirements). Given that you only need to have significant minimization procedures if you’re getting a lot of innocent people’s data, and given that these orders would also be on a 90-day cycle, that may mean there were 44 bulk collection programs in 2011.
But, as Binney said, that’s going to include a lot of different kinds of companies. We know they’ve used Section 215 to collect precursor chemical purchase records. They likely cover credit cards records, other financial records, gun purchases, health and medical records, and other computer records. There have even been questions about using Section 215 to collect URL search terms.
PayPal is one possible or even likely recipient of these, but only one out of a bunch. Continue reading
Apparently, the people at Treasury don’t need to take advantage of the Black Friday sales. Instead, they’re at work and announcing that the Cayman Islands (and Costa Rica) will share information on US taxpayers with the IRS. The move comes after the Brits rolled out a similar agreement earlier this month.
I assume we’ll see other advanced countries demand similar agreements. But for the moment, just the NSA and GCHQ’s home countries will be able to learn which of their citizens are stashing money in one of the world’s most important tax havens (and one that has been important to Anglo-American financial dominance).
There are two submarine cables serving the Cayman Islands. One — Maya 1 — carries telecom traffic to Hollywood, FL. It is owned, in part, by NSA spy partners AT&T and Verizon. The other carries traffic to Jamaica. Another of the cables that serves Jamaica lands in Boca Raton. A third carries traffic to British Virgin Islands. From BVI, cables carry traffic directly to several other landing spots in the US, as well as — by way of Bermuda — Canada.
Earlier this year, someone leaked massive amounts of data on BVI’s tax shelter clients and habits (though curiously, no US persons were identified among the most prominent culprits). As far as I know, no one has ever discovered how that data got leaked, and there seems little concern from the powers that be about this leaker who, after all, was as audacious as Chelsea Manning or Edward Snowden.
Now, I’m not saying that the US and UK were already stealing Cayman Islands’ data. I’m only saying that doing so would be perfectly within the known practices of America and Britain’s spy agencies.
Both the NYT (Charlie Savage and Mark Mazzetti) and WSJ (Siobhan Gorman, Devlin Barrett, and Jennifer Valentine-Devries) tell the same story today: the CIA is collecting bulk data on international money transfers. Given that someone has decided to deal this story to two papers at the same time, and given the number of times the Administration has pre-leaked stories to Gorman of late to increasingly spectacular effect (even making most national security journalists forget the very existence of GCHQ’s notoriously voracious taps at cable landings just off Europe) I assume this may be some kind of limited hangout.
It’s not that I doubt in the least that CIA gets and uses financial data. I don’t even doubt the government uses PATRIOT authorities to do so (as both stories assert).
But it would be unlikely that this data comes in through an FBI order and does not also get shared with Treasury and National Counterterrorism Center (if not NSA), both of which would have better infrastructure for analyzing it, and both of which we know to use such data for their known intelligence products. Indeed, in response to a question from both papers about this practice Western Union points to Treasury programs.
A spokeswoman for one large company that handles money transfers abroad, Western Union, did not directly address a question about whether it had been ordered to turn over records in bulk, but said that the company complies with legal requirements to provide information.
“We collect consumer information to comply with the Bank Secrecy Act and other laws,” said the spokeswoman, Luella Chavez D’Angelo. “In doing so, we also protect our consumers’ privacy.”
And at WSJ a consultant to the industry points even more firmly towards Treasury.
Money-transfer companies are “highly, highly aware of their obligations under the Patriot Act,” said Robert Pargac, a director in global investigations and compliance at Navigant Consulting Inc. who has worked at several such companies. Western Union said last month it would be spending about 4% of its revenue in 2014 on compliance with rules under the Patriot Act, the Treasury Department’s Office of Foreign Assets Control and other anti-money-laundering and terrorist-financing requirements.
We know that, at least until 2008, the FBI maintained that it could share materials that came in through Section 215 with any agency so long as that agency asserted it had a need for the information, and there’s little reason to believe the FBI has changed that policy. So I would assume at least Treasury and NCTC gets this data as well. It may be all this story indicates is that — as they do with much Section 702 data — CIA gets its own access to the data. That’s a minimization story, not a collection story, because we’ve known this data was collected (as WSJ points out).
Then there’s the evidence both papers point to to show that this is a Section 215 program. Continue reading
Yesterday, the Italian magazine Panorama claimed that the NSA had wiretapped the Vatican.
I have some questions about the veracity of the report. NSA has denied it more vigorously than other allegations of tapping world leaders. Panorama is not known to have access to the Edward Snowden documents. One key claim — that the current Pope, Jorge Mario Bergoglio, has been surveilled since 2005 — was actually sourced to WikiLeaks in the story (In addition to cables on Argentine politics, Bergoglio shows up in a 2003 cable speculating on the possibility of a Latin American Pope).
All that said, I am intrigued by this claim.
Panorama said the recorded Vatican phone calls were catalogued by the NSA in four categories – leadership intentions, threats to the financial system, foreign policy objectives and human rights.
I did a quick review of WikiLeaks cables on the Vatican (remember, these are classified at no more than the Secret level, and therefore are not going to have any intercept information in them, and they of course stop at 2010). The human rights issues pertain to interfaith dialogue and the rights of Catholics in repressive countries, the Church’s role in anti-gay laws, and allegations of anti-Semitism (this cable, on the Church prioritizing unity and thereby endorsing Holocaust denial, is one of the few Secret ones). There are fewer that relate directly to the Church’s role in the financial system; though a good many cables with “financial” content relate to Syria or, especially, Lebanon, and include the Vatican because of its influence with Christian power brokers in the region (this cable, on Syrian money laundering, was forwarded to the Vatican mission for some reason).
But there two other reasons why the Vatican might be an NSA target based on those topics: its multi-decade cover-up of pedophilia (and the impact legal investigations and settlements might have around the world), and the Vatican’s role in money laundering. The recent disclosures of Vatican money laundering suggest Iraq, Iran, and Indonesia have used the bank, as well as the Italian mafia, but given its ties to Lebanon, I wouldn’t be surprised if it were also laundering money from that country, which is another close focus of the US’ own money laundering attention.
In other words, in addition to wiretapping the Vatican because it wields special influence in countries around the world (the leadership intentions and foreign policy objectives category), the US would have reason to surveil it because of what amount to Vatican actions that make it a Transnational Criminal Organization, completely apart from matters of faith.
That is, if NSA applied its apparent mandate to track TCOs indiscriminately.
But I bet you they don’t. While I am sure they track Latin American, African, and South Asian drug networks, I’m certain they track Russian mobsters who have ties to online crime, and I’m sure they are tracking and probably have an active role in the investigation of Yakuza’s ties to big Japanese banks (most of these are either named Treasury drug kingpin or TCO targets), I also believe if the NSA tracked transnational crime organizations generally, its efforts would be shut down tomorrow.
Imagine, for example, if in addition to using Title III wiretaps (though barely) and self-disclosure and evidence generated by other financial institutions in put-back suits, the NSA used its bulk collection to track JPMC’s international transfers to see whether any of it constituted “foreign intelligence,” and from that referred any evidence of a crime to the FBI? Imagine if the NSA were stealing all of JPMC’s transfer information, even outside its access to SWIFT, to see how JPMC laundered its world-destabilizing actions through multiple jurisdictions? And both JPMC and HSBC have a known history of material support for terrorism, which certainly ought to justify such spying (noting, of course, that I think JPMC did get spied on in conjunction with the Scary Iran Plot, which may have forced FinCEN to settle with it on other outstanding sanction violation issues).
They wouldn’t even need to track JPMC and other multinational banks in the name of transnational crime and terrorism; the Sovereign Wealth Funds of the world – both of volatile Middle Eastern countries, Asian targets, but even in Europe — have effectively become foreign policy entities. Do they track what Qatar and the Emirates do with their SWFs?
As I said, I doubt it. While I suspect as this scandal develops we’ll find more and more evidence that the NSA has spied on targets selected for their financial competition with the US and UK (we’ve already seen hints they collected intelligence on the Euro versus the dollar, Brazil’s competitive position vis as vis the US, for example), I also suspect if there were ever a hint that the NSA treated JPMC or HSBC like it did other TCO targets, it would get shut down in a matter of weeks.
There was an odd statement from NSA in the middle of yesterday’s WaPo story describing how NSA facilitates CIA’s drone mission (click to embiggen).
The NSA is “focused on discovering and developing intelligence about valid foreign intelligence targets, such as terrorists, human traffickers and drug smugglers,” the agency said Wednesday in a statement. “Our activities are directed against valid foreign intelligence targets in response to requirements from U.S. leaders in order to protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction.” [my emphasis]
While the NSA is finally admitting again their central cybersecurity focus, I believe this is the first time since the Snowden leak that NSA has suggested its “valid foreign intelligence targets” include “human traffickers and drug smugglers.”
It’s not surprising they are, mind you, especially given the Obama Administration’s focus on Transnational Criminal Organizations.
It’s just that the admission comes in a story about NSA’s contributions to drones for which the WaPo explained,
[T]he documents provide the most detailed account of the intricate collaboration between the CIA and the NSA in the drone campaign.
The Post is withholding many details about those missions, at the request of U.S. intelligence officials who cited potential damage to ongoing operations and national security.
It seems the only reason to raise the issue is if some of the materials on drones make it clear they’re being used — if not lethally — against entirely new kinds of targets: human traffickers and drug smugglers (though there have been a slew of stories that they were even used to hunt Chapo Guzman).
Ah well. It’s all moot now. OneKade alerts me that the reference has now been removed from the story.
Poof! All record the NSA and CIA used drones against drug traffickers gone!
Over 3 months ago, the Guardian revealed that the President reserved the right to declare “inherent right of self defense” to access private networks deemed part of our critical infrastructure in the name of cybersecurity.
Also 2 weeks ago, FP reported that “many corporate participants” in an NSA initiative to protect US critical infrastructure “say Alexander’s primary motive” in that initiative “has not been to share what the NSA knows about hackers. It’s to get intelligence from the companies.”
And just this week, Spiegel provided details of how NSA conducts Man-in-the-Middle attacks — hacks — on financial giants like VISA and SWIFT.
Yet none of those revelations prevented Comptroller of the Currency Thomas Curry to give a fairly breathtaking speech yesterday about financial cybersecurity.
In it, a member of the Executive Branch that has made everyone less security by corrupting encryption said,
The growing sophistication and frequency of cyberattacks is a cause for concern, not only because of the potential for disruption, but also because of the potential for destruction of the systems and information that support our banks. These risks, if unchecked, could threaten the reputation of our financial institutions as well as public confidence in the system.
A member of a regime that is routinely hacking financial entities said,
The global nature of the Internet means they can conduct their activity from almost anywhere, including in countries with regimes that, at worst, sponsor attacks and, at a minimum, act as criminal havens by turning a blind eye toward criminal behavior.
And a member of the government that has hacked key third party providers like SWIFT and cooperated with third party telecoms to just steal data said,
Banks not only operate their own networks, they also rely on third parties to support their systems and business activities. Some of these third parties have connections to other institutions and servicers. Each new relationship and connection provides potential access points to all of the connected networks and introduces different weaknesses into the system.
I recognize the cybersecurity threat to banks is real. I’d like to be protected against criminals trying to steal my money online and I endorse OCC including IT security among things bank inspectors review. I grant that Curry may well be operating in good faith when he says all these things. But when he talks about partnerships like this, he simply loses credibility.
Clearly, much of the responsibility for assessing cyber threats is housed in other agencies, from the Department of Homeland Security to the FBI to the National Security Agency. They are on the front lines, and they are the ones that are doing the most within government to identify, evaluate, and respond to threats in this area. However, we – the OCC, the FFIEC, and the other regulatory agencies individually – are working closely with them to strengthen the coordination and overall effectiveness of government’s approach to cybersecurity of critical infrastructure.
But this is not a problem that can be addressed by one agency alone or by any one institution acting on its own. It is a threat that we can deal with only if we work together in a collegial and collaborative way for the good of our country.
The banks’ regulators may believe he is in a position to lecture about collegiality in the face of threats. But since the government is one of the biggest of those threats, it doesn’t strike me as all that convincing.
It is wealth inequality day, in which, on the same day, the Census Bureau releases information on poverty and CQ releases the list of richest members of Congress.
As for poverty: things didn’t get statistically worse, but things didn’t get better at all, not even with decreasing unemployment (which, admittedly, is largely about labor market participation). (In good news, President Obama today extended minimum wage and overtime protections to home healthcare workers, though he bizarrely delayed implementation of the rule until 2015.)
As for wealth, 50 members of Congress are worth $6.67 million or more.
No wonder they seem so distant from the worries of their constituents.
But the truly mind-blowing detail from CQ’s wealthiest list is the remarkable luck Darrell Issa had in the last year. In just the last year, his net worth has increased from $140.55 million to $355.38 million — or a net worth increase of 152.8%. (He also became the richest member, but would have anyway on account of John Kerry’s retirement.)
No wonder he gins up factually problematic attacks on the IRS.
Here’s how CQ describes Issa managed such a feat:
The longtime denizen of the 50 Richest list finally reached the No. 1 spot after making about $135 million in 2012, mostly from investments that swelled in a bull market.
Issa appears to make his money in the stock market. He ended 2012 with at least $390 million in bonds and stocks. His true worth, however, could be far greater. Members of Congress aren’t obligated to disclose exact figures, only ranges, and Issa has seven accounts with a minimum of $50 million, which is the highest category available on standard disclosure forms.
Issa also has about $75 million in outstanding loans, owing at least $50 million to Merrill Lynch and $25 million to Union Bank. Whether he truly is the richest member of Congress actually depends on precisely how much money he owes to Merrill Lynch.
So in the last year in which insider trading was legal for members Congress, Darrell Issa managed to make at least $100 million.
And yet he believes Benghazi is the most urgent matter facing this country.
Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.
The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.
Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.
The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.
Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.
But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.
The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.
It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.
Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.
Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.
Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.
Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.
12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.