SWIFT

Double Dipping at SWIFT

Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.

The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.

But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.

Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.

Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.

Continue reading

James Clapper’s Financial War on the World

I’m fundraising this week. Please support me if you can. 

Yesterday, TV Globo published details of NSA spying on Brazil’s oil company, Petrobras, SWIFT, and financial organizations. Besides revealing that man-in-the-middle attacks are sometimes used, the report didn’t offer details of what the NSA was actually collecting. Its sources suggest NSA might be seeking Brazil’s leading deep sea drilling technology or geological information that would be useful in drilling auctions, but it is also conceivable the NSA is just trying to anticipate what the oil market will look like in upcoming years (this is one area where we probably even spy on our allies the Saudis, since they have been accused of lying about their reserves).

To some degree, then, I await more details about precisely what we’re collecting and why.

But what I am interested in is James Clapper’s response. He released this statement on the I Con site.

It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.

We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.

Our collection of information regarding terrorist financing saves lives. Since 9/11, the Intelligence Community has found success in disrupting terror networks by following their money as it moves around the globe. International criminal organizations, proliferators of weapons of mass destruction, illicit arms dealers, or nations that attempt to avoid international sanctions can also be targeted in an effort to aid America’s and our allies’ interests.

What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.

As we have said previously, the United States collects foreign intelligence – just as many other governments do – to enhance the security of our citizens and protect our interests and those of our allies around the world. The intelligence Community’s efforts to understand economic systems and policies and monitor anomalous economic activities is critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security.

Let me take this extraordinary statement in reverse order.

In the fourth paragraph, Clapper reiterates the final defense that NSA defenders use: that we’re better than, say, China and France, because we don’t engage in industrial espionage, stealing technology with our spying. That may be true, but I suspect at the end of the day the economic spying we do might be more appalling.

In the third paragraph, he retreats to the terror terror terror strategy the Administration has used throughout this crisis. And sure, no one really complains that the government is using financial tracking to break up terrorist networks (though the government is awfully selective about whom it prosecutes, and it almost certainly has used a broad definition of “terrorism” to spy on the financial transactions of individuals for geopolitical reasons). But note, while the Globo report provided no details, it did seem to describe that NSA spies on SWIFT.

That would presumably be in addition to whatever access Treasury gets directly from SWIFT, through agreements that have become public.

That is, the Globo piece at least seems to suggest that we’re getting information from SWIFT via two means, via the now public access through the consortium, but also via NSA spying. That would seem to suggest we’re using it for things that go beyond the terrorist purpose the consortium has granted us access for. Past reporting on SWIFT has made it clear we threatened to do just that. The Globo report may support that we have in fact done that.

Now the second paragraph. James Clapper, too cute by half, asserts, spying on financial information,

could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy

Hahahahahaha! Oh my word! Hahahaha. I mean, sure, the US needs to know of pending financial crises, in the same way it wants to know what the actual versus claimed petroleum reserves in the world are (and those are, of course, closely related issues). But with this claim, Clapper suggests the US would actually recognize a financial crisis and do something about it.

Hahahahaha. Didn’t — still doesn’t — work out that way.

Continue reading

Ignatius Has Become a “Choice between Security and Privacy” Stenographer

David Ignatius should be ashamed about this column. Even by his standards, it serves simply as stenography for the buzzwords top security officials have fed him, such that he repeats lines like this without any critical thinking.

Gen. Keith Alexander and other top NSA officials are considering ways they could reassure the public without damaging key programs, according to U.S. officials. They think that forcing Congress to decide between security and privacy is an unfair choice, since the country would lose either way. They’d like an agreement that protects both, but that’s a tall order. [my emphasis]

Remember: we’re talking about the Section 215 dragnet, not the (according to all players) far more valuable Section 702 collection. Even according to the government, it has only come into play in 13 terrorist cases. The only one the government can describe where it has been crucial involves indicting a man the FBI determined was not motivated by terrorism but rather tribal affiliation sending less than $10,000 to al-Shabaab three and a half years earlier.

And yet Ignatius uncritically repeats that requiring the government to use more specificity with its collections would present Congress the “unfair choice” of “deciding between security and privacy.”

So it should be no surprise that Ignatius uncritically repeats other details of the program. For example, Ignatius claims this involves only two-hop analysis, when we know it can go three hops (and therefore millions of people) deep.

When the agency identifies a suspicious number in, say, Pakistan, analysts want to see who that person called in the United States and who, in turn, might have been contacted by that second person.

Ignatius doesn’t note the descriptions — from both Edward Snowden and James Clapper — that they then use this metadata to index previously collected communications. That’s because he’s too busy repeating that we don’t “record” these collections, as if we’d have to.

Then finally there’s Ignatius’ claim that SWIFT (the record of international financial transfers) presents a viable alternative to the dragnet program. As I have reported, when the EU finally got to audit what the US had been doing with SWIFT, they discovered the real content of the queries was transmitted verbally, making it impossible to audit the use.

Thus far, no one has explained whether the queries and underlying articulable suspicion gets automatically recorded or — as happened with one of the precursors to this program — manually in hardcopy form. If it’s the latter (which I will assume until someone asserts differently) it is prone to the same kind of large scale documentation lapses that could hide a great deal of improper use of the dragnet. Which, given Ron Wyden and Mark Udall’s insistence that the problems have been more problematic than James Clapper lets on, could well be the case.

All of these are issues anyone with Ignatius’ access might want to answer.

Alternately, that access may now serve to do no more than produce “security or privacy” automatons, repeating the obviously false cant Ignatius has here.

 

In These Times We Can’t Blindly Trust Government to Respect Freedom of Association

One of my friends, who works in a strategic role at American Federation of Teachers, is Iranian-American. I asked him a few weeks ago whom he called in Iran; if I remember correctly (I’ve been asking a lot of Iranian-Americans whom they call in Iran) he said it was mostly his grandmother, who’s not a member of the Republican Guard or even close. Still, according to the statement that Dianne Feinstein had confirmed by NSA Director Keith Alexander, calls “related to Iran” are fair game for queries of the dragnet database of all Americans’ phone metadata.

Chances are slim that my friend’s calls to his grandmother are among the 300 identifiers the NSA queried last year, unless (as is possible) they monitored all calls to Iran. But nothing in the program seems to prohibit it, particularly given the government’s absurdly broad definitions of “related to” for issues of surveillance and its bizarre adoption of a terrorist program to surveil another nation-state. And if someone chose to query on my friend’s calls to his grandmother, using the two-degrees-of-separation query they have used in the past would give the government — not always the best friend of teachers unions — a pretty interesting picture of whom the AFT was partnering with and what it had planned.

In other words, nothing in the law or the known minimization rules of the Business Records provision would seem to protect some of the AFT’s organizational secrets just because they happen to employ someone whose grandmother is in Iran. That’s not the only obvious way labor discussions might come under scrutiny; Colombian human rights organizers with tangential ties to FARC is just one other one.

When I read labor organizer Louis Nayman’s “defense of PRISM,” it became clear he’s not aware of many details of the programs he defended. Just as an example, Nayman misstated this claim:

According to NSA officials, the surveillance in question has prevented at least 50 planned terror attacks against Americans, including bombings of the New York City subway system and the New York Stock Exchange. While such assertions from government officials are difficult to verify independently, the lack of attacks during the long stretch between 9/11 and the Boston Marathon bombings speaks for itself.

Keith Alexander didn’t say NSA’s use of Section 702 and Section 215 have thwarted 50 planned attacks against Americans; those 50 were in the US and overseas. He said only around 10 of those plots were in the United States. That works out to be less than 20% of the attacks thwarted in the US just between January 2009 and October 2012 (though these programs have existed for a much longer period of time, so the percentage must be even lower). And there are problems with three of the four cases publicly claimed by the government — from false positives and more important tips in the Najibullah Zazi case, missing details of the belated arrest of David Headley, to bogus claims that Khalid Ouazzan ever planned to attack NYSE. The sole story that has stood up to scrutiny is some guys who tried to send less than $10,000 to al-Shabaab.

While that doesn’t mean the NSA surveillance programs played no role, it does mean that the government’s assertions of efficacy (at least as it pertains to terrorism) have proven to be overblown.

Yet from that, Nayman concludes these programs have “been effective in keeping us safe” (given Nayman’s conflation of US and overseas, I wonder how families of the 166 Indians Headley had a hand in killing feel about that) and defends giving the government legal access (whether they’ve used it or not) to — among other things — metadata identifying the strategic partners of labor unions with little question.

And details about the success of the program are not the only statements made by top National Security officials that have proven inaccurate or overblown. That’s why Nayman would be far better off relying on Mark Udall and Ron Wyden as sources for whether or not the government can read US person emails without probable cause than misstating what HBO Director David Simon has said (Simon said that entirely domestic communications require probable cause, which is generally but not always true). And not just because the Senators are actually read into these programs. After the Senators noted that Keith Alexander had “portray[ed] protections for Americans’ privacy as being significantly stronger than they actually are” — specifically as it relates to what the government can do with US person communications collected “incidentally” to a target — Alexander withdrew his claims.

Nayman says, “As people who believe in government, we cannot simply assume that officials are abusing their lawfully granted responsibility and authority to defend our people from violence and harm.” I would respond that neither should we simply assume they’re not abusing their authority, particularly given evidence those officials have repeatedly misled us in the past.

Nayman then admits, “We should do all we can to assure proper oversight any time a surveillance program of any size and scope is launched.” But a big part of the problem with these programs is that the government has either not implemented or refused such oversight. Some holes in the oversight of the program are:

SWIFT: Big Brother with a Booz Assist, Only without the Paperwork

As reporting on Edward Snowden reveal the scope of our spying on European friends, I’ve been thinking a lot about SWIFT.

SWIFT, you recall, is the database tracking international online money transfers. After 9/11, the US Government started helping itself to the data to track terrorist financing. But then in 2010 the servers moved entirely to the EU, and the EU forced the US to accede to certain protections: protections for EU citizens, a prohibition on bulk collection (and with it data mining), and two-pronged audit system.

Today, the CEO of SWIFT until 2007, Leonard Schrank, and the former Homeland Security Advisor, Juan Zarate, boast about the controls on SWIFT, suggesting it provides a model for data collection with oversight.

Both the Treasury and Swift ensured that the constraints on the information retrieved and used by analysts were strictly enforced. Outside auditors hired by Swift confirmed the limited scope of use, and Swift’s own representatives (called “scrutineers”) had authority to stop access to the data at any time if there was a concern that the restrictions were being breached. These independent monitors worked on site at government agencies and had real-time access to the system. Every time an analyst queried the system, the scrutineer could immediately review the query. Each query had to have a reason attached to it that justified it as a counterterrorism matter. Over time, the scope of data requested and retained was reduced.

This confirmed that the information was being used in the way we said it was — to save lives.

[snip]

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

This description should already raise concerns about the so-called gold standard for spying. When “scrutineers” cohabit with those they’re supposed to be scrutinizing, it tends to encourage cooperation, not scrutiny.

And somehow, Schrank and Zarate neglect to mention that the vaunted audit process they describe was conducted by none other than Booz Allen Hamilton, the contractor that hired and let Edward Snowden abscond with the spying world’s crown jewels. And, as ACLU noted in a report for the EU in 2006, even during Schrank’s tenure, Booz was neck deep in aggressive surveillance.

But the real problem with highlighting SWIFT as a poster child of massive surveillance done right post-dates Schrank’s tenure (though he must know about this), when the EU’s independent audits for the first time revealed what went on in SWIFT queries. Among other things: the actual requests were oral, and therefore couldn’t be audited.

The report revealed that the Americans have been submitting largely identical requests–but then supplementing them with oral requests.

The oral requests, of course, make it impossible to audit the requests.

At the time of the inspection, Europol had received our requests for SWIFT data. Those four requests are almost identical in nature and request–in abstract terms–broad types of data, also involving EU Member States’ data. Due to their abstract nature, proper verification of whether the requests are in line with the conditions of the Article 4(2) of the TFTP Agreement–on the basis of the available documentation–is impossible. The JSB considers it likely that the information in the requests could be more specific.

Information provided orally–to certain Europol staff by the US Treasury Department, with the stipulation that no written notes are made–has had an impact upon each of Europol’s decisions; however, the JSB does not know the content of that information. Therefore, where the requests lack the necessary written information to allow proper verification of compliance with Article 4(2) of the TFTP Agreement, it is impossible to check whether this deficiency is rectified by the orally provided information. [my emphasis]

In addition, in spite of demands that the program include no bulk downloads, that’s precisely what the US was doing.

“We have given our trust to the other EU institutions, but our trust has been betrayed”, said Sophia in’t Veld (ALDE, NL), rapporteur on the EU-US Passenger Name Record (PNR) agreements. “This should be kept in mind when they want our approval for other agreements”, she declared.

“Somehow I am not surprised”, said Simon Busuttil (EPP, MT), recalling that “at the time of the negotiations last year we were not satisfied with having Europol controlling it - we wanted additional safeguards”. He added that ”the agreement is not satisfactory”, since it involves the transfer of bulk data, and insisted that ”we need an EU TFTP”.

For Claude Moraes (S&D, UK), the US demands are “too general and too abstract”. He also recalled that MEPs had insisted at the time that it must be specified how the US request would be made and that they needed to be “narrowly tailored”. A written explanation should accompany each request, he added.

This agreement is not in line with Member States’ constitutional principles and with fundamental rights, argued Jan Philipp Albrecht (Greens/EFA, DE). He highlighted the problem of bulk data transfer, “which is exactly what we have criticised before“. [my emphasis]

In other words, once an actual independent reviewer — not an embedded contractor like Booz — reviewed the program, it became clear it was designed to be impossible to audit, even while engaging in precisely the bulk downloads the Europeans feared.

Not only is the experience of SWIFT one reason why the Europeans are so quick to object to the scale of US spying on them. But it is actually a poster child for surveillance done wrong.

Contrary to what its boosters want you to believe.

“SWIFT” Boating the Russian Mafia

Remember that GCHQ/MI6 agent, Gareth Williams, who was found dead in a duffel bag last year?

At first, the narrative around his death centered on rumors he had been killed in a weird gay sex game. Amid such sensational reporting, other articles revealed Williams worked closely with the NSA on wiretapping Rashid Rauf, one of the men involved in the 2006 plot to bring down planes with small bottles of liquid. Williams’ work with NSA is all the more interesting when you consider American manipulation of that investigation and their subsequent squeamishness about sharing the intercepts.

But now there’s a new theory out now (from the Daily Mail, which was early to the now discredited sex crime theory): that Williams was killed by the Russian mafia because he was working on a way to track money laundering.

But now security sources say Williams, who was on secondment to MI6 from the Government’s eavesdropping centre GCHQ, was working on equipment that tracked the flow of money from Russia to Europe.

The technology enabled MI6 agents to follow the money trails from bank accounts in Russia to criminal European gangs via internet and wire transfers, said the source.

‘He was involved in a very sensitive project with the highest security clearance. He was not an agent doing surveillance, but was very much part of the team, working on the technology side, devising stuff like software,’ said the source.

He added: ‘A knock-on effect of this technology would be that a number of criminal groups in  Russia would be disrupted.

‘Some of these powerful criminal networks have links with, and employ, former KGB agents who can track down people like  Williams.’

The rest of the Daily Mail article on this hypes how scary and omnipresent the Russian mafia are.

But money laundering is money laundering. Terrorists do it. Organized crime does it. Spy services do it. Corporations do it (often legally). And banksters do it, among others.

And there doesn’t appear to be anything about this description to suggest the Russian mafia would be specifically targeted by the technology. Indeed, the description of their exposure as a “knock-on effect” suggests everything would be targeted (which sort of makes sense; you can’t track money laundering unless you track the “legitimate” part of finance that makes it clean).

Which is why I find this latest narrative–with its complete lack of attention on the technology, instead focusing exclusively on the Russian mob–so interesting. Because finding a way to track money laundering, of any sort, would just be a new way to do what US intelligence has already been doing with SWIFT.

You’ll recall that SWIFT is the messaging system that tracks international money transfers; our use of it to track terrorist finance was first exposed by James Risen and Eric Lichtblau in 2006. In 2009, the US and EU got in a big squabble over whether the US would continue to have access when the servers moved to Europe. They ultimately signed a deal on access. But in March it became clear we were cheating on that deal–among other things by making all specific search requests orally, thereby bypassing the audit provisions demanded by the Europeans.

I increasingly suspect the furor around the SWIFT disclosures has to do with a concern over maintaining the perceived sanctity of tax havens even as it becomes clear our government has routinely been accessing money transfer information using nothing more than administrative subpoenas.  And I increasingly suspect the ongoing squabble between Europe and the US over SWIFT access has to do with America’s asymmetrical access to what has been described as the Rosetta stone of money transfers.

I’ve become convinced, the response to NYT’s reporting on SWIFT was (and remains) so much more intense than even their exposure of the illegal wiretap program. The shell game of international finance only works so long as we sustain the myth that money moves in secret; but of course there has to be one place, like SWIFT, where those secrets are revealed. And so, in revealing that the US was using SWIFT to track terror financing, the NYT was also making it clear that there is such a window of transparency on a purportedly secret system.And the CIA has, alone among the world’s intelligence services, access to it.

There are hints in Lichtblau’s book that back my suspicion that revealing SWIFT was so problematic because it reveals monetary transfers aren’t as secret as the banksters would like you to think they are. One reason people grew uncomfortable with the program was because “some foreign officials feared that the United States could turn the giant database against them.” (234) Others worried that the US might be “delving into corporate trade secrets of overseas companies.” (248) And when Alan Greenspan helped persuade SWIFT to continue offering US access to the database, he admitted how dangerous it was.

If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems. (246)

Now, Lichtblau doesn’t describe explicitly what these risks entail, but this all seems to be about letting the CIA see, unfettered, the most valuable secrets in the world, financial secrets. The world’s globalized elite has to trust in the secrecy of their banking system, but in fact the CIA (of all entities!) has violated that trust.

It turns out (the LAT reported this contemporaneously with the NYT reporting; I’ve just now read this in the context of Risen’s affidavit to quash his Sterling subpoena) that the CIA once developed a clandestine way to access SWIFT but were persuaded not to use it because doing so would “compromis[e] the integrity of international banking.”

CIA operatives trying to track Osama bin Laden’s money in the late 1990s figured out clandestine ways to access the SWIFT network. But a former CIA official said Treasury officials blocked the effort because they did not want to anger the banking community.

Historically, “there was always a line of contention” inside the government, said Paul Pillar, former deputy director of the CIA’s counterterrorism center. “The Treasury position was placing a high priority on the integrity of the banking system. There was considerable concern from that side about anything that could be seen as compromising the integrity of international banking.”

Ah, for the halcyon days when people believed international banking had any integrity to compromise!

My point, though, is that the US has had the potential capability to track Russian mobsters since SWIFT let us access the databases after 9/11, particularly now that we’re making all our specific requests orally. So far as I know, no one has ended up dead in a duffel bag over that access.

Moreover, there would be a great deal of people who would like to prevent the UK from getting their own back door into the global finance system, if that’s really the reason Williams was killed. (Note, Williams was also reportedly about to join the UK’s cybersecurity team, which might offer other reasons to want him dead.) Sure, the Russian mafia are among that group, but so would be many others with the means to murder a spook.

Now, it may be that this entire new narrative is just as sketchy as the sex crime one was. Or it may be that this is a preemptive attempt to suggest only Russian mobsters have anything to hide.

But I do find this latest narrative mighty intriguing.

SWIFT and the Asymmetric Control of Data

I’ve been thinking a lot about SWIFT lately. Partly that’s because of the renewed discussion on how some big banks relied on cash from drug cartels to survive as the housing bubble began to pop. Partly that’s because of advance publicity for Nicholas Shaxson’s Treasure Islands and coverage of corporate tax dodging. And partly it’s because of this piece, declaring privacy dead without realizing that privacy is only dead for the little people.

You see, I’m increasingly convinced SWIFT will one day be the ultimate battleground over whether the US government can just suck up and analyze all the data it wants.

As a reminder, SWIFT (or Society for Worldwide Interbank Financial Telecommunicatiom) is the online messaging system the world’s finance industry uses to transfer funds internationally. It records the flows of trillions of dollars each day.

It first got big news coverage when Eric Lichtblau and James Risen reported on how our government uses it to track terrorist financing. But of course, the database tracks all sorts of financial flows, not just terrorist financing. Thus, it could be used to track drug finance, tax cheats (both corporate and individual), and the looting of various nations’ riches by their elites.

Swift, a former government official said, was “the mother lode, the Rosetta stone” for financial data.

Indeed, according to Lichtblau’s Bush’s Law, the database appears to track even more information than tax havens would ever collect.

[T]he routing instructions that the company used to move money around the globe often included much more detailed data than any other system: passport information, phone numbers and local addresses, critical identifying information about the senders and the recipients, the purpose of the transaction, and more. (243)

In a world where–as described in Shaxson’s book–our financial system largely runs on the strategic shifting of money behind the cloak of corporate anonymity or secret back accounts, SWIFT appears to be the one place where there is full transparency.

The US and UK in particular, according to Shaxson, have used the secrecy that corporate laws and associated tax havens can offer to sustain their hegemonic position in the world. As we saw, giving a bunch of drug cartels means to launder their money allowed Wachovia to survive for years after the time when it should have collapsed; the US and UK are just larger versions of the same gimmick.

Which is why, I’ve become convinced, the response to NYT’s reporting on SWIFT was (and remains) so much more intense than even their exposure of the illegal wiretap program. The shell game of international finance only works so long as we sustain the myth that money moves in secret; but of course there has to be one place, like SWIFT, where those secrets are revealed. And so, in revealing that the US was using SWIFT to track terror financing, the NYT was also making it clear that there is such a window of transparency on a purportedly secret system.

And the CIA has, alone among the world’s intelligence services, access to it.

Continue reading

US Cheating on European SWIFT Agreement Reveals Safeguards Were Oversold

As I noted last night, the US has been violating the spirit of its agreement with the EU on access to the SWIFT database–the database tracking international financial transfers. Rather than giving Europol specific, written requests for data, it has been giving it generic requests backed by oral requests the Europol staffers are not supposed to record. That arrangement makes it impossible to audit the requests the US is making, as required by the agreement between the US and EU.

But not only does our cheating make us an arrogant data octopus, it may suggest we’re violating our own internal safeguards on the program.

Back when Lichtblau and Risen first exposed the SWIFT program, they described how it initially operated under emergency powers. On such terms, SWIFT turned over its entire database.

Indeed, the cooperative’s executives voiced early concerns about legal and corporate liability, officials said, and the Treasury Department’s Office of Foreign Asset Control began issuing broad subpoenas for the cooperative’s records related to terrorism. One official said the subpoenas were intended to give Swift some legal protection.

Underlying the government’s legal analysis was the International Emergency Economic Powers Act, which Mr. Bush invoked after the 9/11 attacks. The law gives the president what legal experts say is broad authority to “investigate, regulate or prohibit” foreign transactions in responding to “an unusual and extraordinary threat.”

[snip]

Within weeks of 9/11, Swift began turning over records that allowed American analysts to look for evidence of terrorist financing. Initially, there appear to have been few formal limits on the searches.

“At first, they got everything — the entire Swift database,” one person close to the operation said.

But then they put in more safeguards. One of those safeguards was to have an outside auditing firm review the requests to make sure they were based on actual leads about actual suspected terrorists.

Officials realized the potential for abuse, and narrowed the program’s targets and put in more safeguards. Among them were the auditing firm, an electronic record of every search and a requirement that analysts involved in the operation document the intelligence that justified each data search. Mr. Levey said the program was used only to examine records of individuals or entities, not for broader data searches.

[snip]

Swift executives have been uneasy at times about their secret role, the government and industry officials said. By 2003, the executives told American officials they were considering pulling out of the arrangement, which began as an emergency response to the Sept. 11 attacks, the officials said. Worried about potential legal liability, the Swift executives agreed to continue providing the data only after top officials, including Alan Greenspan, then chairman of the Federal Reserve, intervened. At that time, new controls were introduced.

Among the safeguards, government officials said, is an outside auditing firm that verifies that the data searches are based on intelligence leads about suspected terrorists. “We are not on a fishing expedition,” Mr. Levey said. “We’re not just turning on a vacuum cleaner and sucking in all the information that we can.”

Continue reading

US Cheats on SWIFT Agreement with Oral Requests

I have tracked the American negotiations with the post-Lisbon EU to get continued access to the SWIFT database, the database that tracks international money payments.

Basically, after the Lisbon Treaty went into effect last year, the EU Parliament balked at giving Americans free run of the SWIFT database. The EU and US put an interim agreement in place. Which the EU Parliament then overturned in February. The US then granted EU citizens privacy protections Americans don’t have.

As part of the Terrorist Finance Tracking Program agreement negotiated between the US and EU, the Europol Joint Supervisory Body was tasked with auditing whether the US was complying with the data protection requirements of the agreement.

Back in November, JSB did their first audit; they just released their report.

The report revealed that the Americans have been submitting largely identical requests–but then supplementing them with oral requests.

The oral requests, of course, make it impossible to audit the requests.

At the time of the inspection, Europol had received our requests for SWIFT data. Those four requests are almost identical in nature and request–in abstract terms–broad types of data, also involving EU Member States’ data. Due to their abstract nature, proper verification of whether the requests are in line with the conditions of the Article 4(2) of the TFTP Agreement–on the basis of the available documentation–is impossible. The JSB considers it likely that the information in the requests could be more specific.

Information provided orally–to certain Europol staff by the US Treasury Department, with the stipulation that no written notes are made–has had an impact upon each of Europol’s decisions; however, the JSB does not know the content of that information. Therefore, where the requests lack the necessary written information to allow proper verification of compliance with Article 4(2) of the TFTP Agreement, it is impossible to check whether this deficiency is rectified by the orally provided information.

And boy are the Europeans P-I-S-S-E-D mad at the Americans for betraying the spirit of the agreement.

“As Members of Parliament we feel betrayed reading this report”, said Alexander Alvaro (ALDE, DE), Parliament’s rapporteur on the TFTP agreement. “We voted in favour [of this agreement last year] in the trust that both parties would apply the adopted agreement”, which “concerns the transfer of sensitive data belonging to our citizens”, he stressed, adding that “the credibility of Parliament and of this committee are being jeopardised. This is about trust and confidence of the public in what the EU did and is capable of doing here”.

“We have given our trust to the other EU institutions, but our trust has been betrayed”, said Sophia in’t Veld (ALDE, NL), rapporteur on the EU-US Passenger Name Record (PNR) agreements. “This should be kept in mind when they want our approval for other agreements”, she declared.

“Somehow I am not surprised”, said Simon Busuttil (EPP, MT), recalling that “at the time of the negotiations last year we were not satisfied with having Europol controlling it - we wanted additional safeguards”. He added that “the agreement is not satisfactory”, since it involves the transfer of bulk data, and insisted that “we need an EU TFTP”.

Continue reading

What State Wanted Withheld from WikiLeaks Publication

There are now four versions of the cooperation between WikiLeaks and its journalistic “partners:” Vanity Fair, NYT, Guardian, and Spiegel. A comparison of them is more instructive than reading any in isolation.

For example, compare how the NYT and Spiegel describe the three things the State Department asked journalistic partners not to publish during the lead-up to publication of the diplomatic cables. The NYT says State asked them not to publish individual sources, “sensitive American programs,” and candid comments about foreign leaders.

The administration’s concerns generally fell into three categories. First was the importance of protecting individuals who had spoken candidly to American diplomats in oppressive countries. We almost always agreed on those and were grateful to the government for pointing out some we overlooked.

“We were all aware of dire stakes for some of the people named in the cables if we failed to obscure their identities,” Shane wrote to me later, recalling the nature of the meetings. Like many of us, Shane has worked in countries where dissent can mean prison or worse. “That sometimes meant not just removing the name but also references to institutions that might give a clue to an identity and sometimes even the dates of conversations, which might be compared with surveillance tapes of an American Embassy to reveal who was visiting the diplomats that day.”

The second category included sensitive American programs, usually related to intelligence. We agreed to withhold some of this information, like a cable describing an intelligence-sharing program that took years to arrange and might be lost if exposed. In other cases, we went away convinced that publication would cause some embarrassment but no real harm.

The third category consisted of cables that disclosed candid comments by and about foreign officials, including heads of state. The State Department feared publication would strain relations with those countries. We were mostly unconvinced.

Spiegel describes those three things slightly differently. It says State asked them to withhold government sources, cables with security implications, and “cables relating to counterterrorism.”

At first, less than a week before the upcoming publication of the leaked documents, Clinton’s diplomats wanted three things from the participating media organizations. First, they wanted the names of US government sources to be protected if leaks posed a danger to life and limb. This was a policy that all five media organizations involved already pursued. Second, they asked the journalists to exercise restraint when it came to cables with security implications. Third, they asked them to be aware that cables relating to counterterrorism are extremely sensitive.

Now the discrepancy may mean nothing. Both agree State had three categories of information they wanted withheld. Both agree State asked the newspapers to withhold both the names of sources and details on intelligence programs. But since the NYT notes the journalistic partners didn’t take the third category–candid comments–very seriously, perhaps Spiegel just misremembered what that third category was, or just remembered a particular focus on counterterrorism. Presumably, after all, the counterterrorism programs would be included in category two.

But whatever the cause of the discrepancy, I am intrigued that Spiegel emphasizes counterterrorism programs rather than candid comments about foreign officials, not least because the Spiegel article describes working with US Ambassador to Germany Philip Murphy directly. Consider the two most sensitive revelations pertaining to Germany and counterterrorism. First, there was the news of Philip Murphy personally bad-mouthing the Free Democratic Party’s opposition to US vacuuming up European data, particularly as it relates to the SWIFT database. Then there are negotiations about whether Germany would prosecute Americans involved in the rendition of Khalid El-Masri. As I showed, it appears that Condi was telling German Foreign Minister Frank-Walter Steinmeier one thing about a subpoena for those Americans, followed quickly by the American Deputy Chief of Mission “correcting” the US position on it.

That is, on both major disclosures about US counterterrorism cooperation with the Germans, the US has reason to be embarrassed about its two-faced dealing with German officials.

In other words, there may be no discrepancy. It is possible that the third category of information State wanted suppressed has to do not with the substance of our counterterrorism program (after all, both the details of SWIFT and of our rendition program have been widely publicized), but with the degree to which our private diplomacy belies all the public claims we make about counterterrorism.

Emptywheel Twitterverse
emptywheel @OKnox It's supposed to be capitalized? #WasAlwaysBadWithStyleGuides
14mreplyretweetfavorite
emptywheel Isn't part of reason the Saudis are beheading so much of late bc they didn't have proper swordsman for a while? http://t.co/4w4zNIkTW8
15mreplyretweetfavorite
JimWhiteGNV @laRosalind I have a really bad feeling about that one. It's so sad.
16mreplyretweetfavorite
emptywheel @CreepyRepRogers They weren't killed. They were issued. @charlie_savage @Krhawkins5
26mreplyretweetfavorite
JimWhiteGNV Goodell gives him a high five! RT @McClatchyDC: Biden praises disgraced senator in DNC speech http://t.co/3tYDfPaeLX
30mreplyretweetfavorite
JimWhiteGNV Second "neighbor" today in front of the house to pick up some of the wood stacked at curb from yesterday's tree trimming. County pickup Mon
32mreplyretweetfavorite
emptywheel @charlie_savage AGG is what technically fulfills 12333 tho, right? @Krhawkins5
36mreplyretweetfavorite
emptywheel @charlie_savage Thanks. That's what I was trying to say, but misstated. @Krhawkins5
37mreplyretweetfavorite
emptywheel @Thomas_Drake1 But you saw Hayden wrote new classified annex on March 11, 2004? http://t.co/bjXULklJM0
38mreplyretweetfavorite
emptywheel @dangillmor But certain members of society seem to be relatively immune to them, no? @ddayen @Thomas_Drake1
40mreplyretweetfavorite
emptywheel @Krhawkins5 I hate days when CompLit PhD feels like perfect training for what we do & it is happening more & more of late @brettmaxkaufman
57mreplyretweetfavorite
emptywheel @brettmaxkaufman I'm imagining a giant server full of nothing but correspondence about wedding RSVPs and registries. @Krhawkins5
59mreplyretweetfavorite
September 2014
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930