SWIFT and the Asymmetric Control of Data

I’ve been thinking a lot about SWIFT lately. Partly that’s because of the renewed discussion on how some big banks relied on cash from drug cartels to survive as the housing bubble began to pop. Partly that’s because of advance publicity for Nicholas Shaxson’s Treasure Islands and coverage of corporate tax dodging. And partly it’s because of this piece, declaring privacy dead without realizing that privacy is only dead for the little people.

You see, I’m increasingly convinced SWIFT will one day be the ultimate battleground over whether the US government can just suck up and analyze all the data it wants.

As a reminder, SWIFT (or Society for Worldwide Interbank Financial Telecommunicatiom) is the online messaging system the world’s finance industry uses to transfer funds internationally. It records the flows of trillions of dollars each day.

It first got big news coverage when Eric Lichtblau and James Risen reported on how our government uses it to track terrorist financing. But of course, the database tracks all sorts of financial flows, not just terrorist financing. Thus, it could be used to track drug finance, tax cheats (both corporate and individual), and the looting of various nations’ riches by their elites.

Swift, a former government official said, was “the mother lode, the Rosetta stone” for financial data.

Indeed, according to Lichtblau’s Bush’s Law, the database appears to track even more information than tax havens would ever collect.

[T]he routing instructions that the company used to move money around the globe often included much more detailed data than any other system: passport information, phone numbers and local addresses, critical identifying information about the senders and the recipients, the purpose of the transaction, and more. (243)

In a world where–as described in Shaxson’s book–our financial system largely runs on the strategic shifting of money behind the cloak of corporate anonymity or secret back accounts, SWIFT appears to be the one place where there is full transparency.

The US and UK in particular, according to Shaxson, have used the secrecy that corporate laws and associated tax havens can offer to sustain their hegemonic position in the world. As we saw, giving a bunch of drug cartels means to launder their money allowed Wachovia to survive for years after the time when it should have collapsed; the US and UK are just larger versions of the same gimmick.

Which is why, I’ve become convinced, the response to NYT’s reporting on SWIFT was (and remains) so much more intense than even their exposure of the illegal wiretap program. The shell game of international finance only works so long as we sustain the myth that money moves in secret; but of course there has to be one place, like SWIFT, where those secrets are revealed. And so, in revealing that the US was using SWIFT to track terror financing, the NYT was also making it clear that there is such a window of transparency on a purportedly secret system.

And the CIA has, alone among the world’s intelligence services, access to it.

There are hints in Lichtblau’s book that back my suspicion that revealing SWIFT was so problematic because it reveals monetary transfers aren’t as secret as the banksters would like you to think they are. One reason people grew uncomfortable with the program was because “some foreign officials feared that the United States could turn the giant database against them.” (234) Others worried that the US might be “delving into corporate trade secrets of overseas companies.” (248) And when Alan Greenspan helped persuade SWIFT to continue offering US access to the database, he admitted how dangerous it was.

If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems. (246)

Now, Lichtblau doesn’t describe explicitly what these risks entail, but this all seems to be about letting the CIA see, unfettered, the most valuable secrets in the world, financial secrets. The world’s globalized elite has to trust in the secrecy of their banking system, but in fact the CIA (of all entities!) has violated that trust.

Mind you, the CIA says that (after getting the entire contents of the SWIFT database at first) there were safeguards put in place to make sure the CIA wasn’t using the database to find corrupt politicians who could be blackmailed to spy for the US or to see what scams other countries’ banks were using to make money. When Lichtblau and Risen broke this story in 2006, the safeguards then consisted of Booz Allen Hamilton (which is hard to claim is independent from our spy agencies) auditing the searches and SWIFT employees overseeing the CIA’s use of the data. But reports of a recent European audit on our use of SWIFT suggests that these safeguards have been oversold. Significantly, the US augments very generalized data requests with verbal requests, meaning the individual searches can’t be audited. (Indeed, I’ve been told–though haven’t confirmed–that the European audit was supposed to have replaced the function of the BAH audit; given how much of a joke the European audit is, that would suggest the US used its squabble with Europe over SWIFT access to lower the protections that had been in place.)

And all that pertains just to our acknowledged use of SWIFT to track terrorist financing.

But underlying that use of it, there appears to be one of DOJ’s wacky set of legal authorizations that would suggest the database should be accessible for a whole range of other uses. As Licthblau and Risen’s original story described, DOJ basically claimed that there is no legal bank privacy for SWIFT.

Treasury officials said Swift was exempt from American laws restricting government access to private financial records because the cooperative was considered a messaging service, not a bank or financial institution.

But at the outset of the operation, Treasury and Justice Department lawyers debated whether the program had to comply with such laws before concluding that it did not, people with knowledge of the debate said.

[snip]

In 1976, the Supreme Court ruled that Americans had no constitutional right to privacy for their records held by banks or other financial institutions. In response, Congress passed the Right to Financial Privacy Act two years later, restricting government access to Americans’ banking records. In considering the Swift program, some government lawyers were particularly concerned about whether the law prohibited officials from gaining access to records without a warrant or subpoena based on some level of suspicion about each target.

[snip]

After an initial debate, Treasury Department lawyers, consulting with the Justice Department, concluded that the privacy laws applied to banks, not to a banking cooperative like Swift. They also said the law protected individual customers and small companies, not the major institutions that route money through Swift on behalf of their customers.

[snip]

Treasury officials said they considered the government’s authority to subpoena the Swift records to be clear. “People do not have a privacy interest in their international wire transactions,” Mr. Levey, the Treasury under secretary, said.

In other words, while our government claims it only uses SWIFT to track terrorist financing, there is a legal argument probably hidden in an unknown John Yoo memo that says no one–not corrupt politicians, not GE, not Goldman Sachs–have any right to privacy as SWIFT records them transferring money internationally.

Now, as Greenspan suggested, that theory could radically destabilize the financial shell game the world’s elites depend on.

Thus far, though, it hasn’t. Which I take to mean the US has largely stood by its promise not to use SWIFT to uncover all the crimes it could reveal–like what Bank of America and GE did with the money they should pay in taxes, or who really crashed the global economy. Presumably, DOJ is sitting on a bunch of legal opinions saying they could use SWIFT to pursue those crimes, but it has chosen not to.

I get it. Our country likes to pretend terrorism is a bigger existential threat to us than the looting and financial shenanigans that have dismantled our middle class and have led to increased instability and deaths here and in other countries. That’s laughable on its face, mind you, but it’s a nice story elites like to tell.

But they have to tell that story. Because otherwise, knowing that DOJ has authorized itself to access SWIFT with no privacy restrictions, if we all acknowledged that this looting has already done more damage than terrorists will ever do, then DOJ would actually have to use the tools it has at hand to pursue this looting.

image_print
  1. emptywheel says:

    Incidentally, one more reason I’ve been thinking of this is because of this article. Aside from following up on their past reporting, Lichtblau and Risen haven’t been partnering on many articles since 2006 and Lichtblau’s technically off this beat.

    So I find it interesting that they’ve come together to do an article on Qaddafi’s financing. I guess with the Pan Am bombing you could claim monitoring Qaddafi has something to do with terrorism. But that’s an awfully big stretch.

  2. MadDog says:

    OT and Breaking – Pete Williams on MSNBC just reported that the 5 detainees involved in the 9/11 attack and currently held at Gitmo will not be tried in Federal Court, but instead will be tried before Military Commissions at Gitmo. AG Eric Holder will speak about this topic at 2 PM EST.

  3. wavpeac says:

    Wow…fascinating articles (this and the last) as always. Amazing really. I just wish we could infiltrate the teabaggers, they could totally get alarmed by this, if we found a way to put this info into easy to digest sound bites. Drug cartels run the world!!! New at 5. Or How Swift monitors Gun purchases!! there has to be a way!

  4. MadDog says:

    …After an initial debate, Treasury Department lawyers, consulting with the Justice Department, concluded that the privacy laws applied to banks, not to a banking cooperative like Swift. They also said the law protected individual customers and small companies, not the major institutions that route money through Swift on behalf of their customers.

    [snip]

    Treasury officials said they considered the government’s authority to subpoena the Swift records to be clear. “People do not have a privacy interest in their international wire transactions,” Mr. Levey, the Treasury under secretary, said…

    The government’s opinion that SWIFT is a non-bank bank and merely routes money stuff back and forth, and therefore it has no privacy implications when its transactions are scanned for illegality sounds eerily familiar.

    As in the Internet is itself not a communications provider and it merely routes stuff back and forth, and therefore it has no privacy implications when its messages are scanned without a warrant for illegality.

    The philosophy is National Security State SOP these days: “If you’ve done nothing wrong, you have nothing to worry about.”

    Perhaps John Yoo still has a generalized OLC opinion hidden away that says “nothing the government does is illegal because the government says so”.

    • earlofhuntingdon says:

      The same argument would apply to VISA and MasterCard. Neither are banks, but they route financial transactions without which the modern credit-dependent world would seize up like a race car with a busted oil pump.

  5. Mary says:

    Extremely fast drive (under the gun at work AND getting repeated outages from bad storms)

    When you say this, “And the CIA has, alone among the world’s intelligence services, access to it.” I’m not sure I understand. I think other intel services do have access as well, but the difference is that there access is outlined in judicial warrants issued by courts in their countries – isn’t that how it works? I think SWIFT allows for access with warrants. The difference with the US was that it wanted to just hop in and go on freeforalls and so it made up previously non-existant administrative warrants to give it a veneer of compliance(that eventually cracked).

    What the new – and not being enforced – rules were supposed to do (at least – in my understanding) was to make the US, which is still refusing to do what other nations do and get judicial warrants (with all their specificity and neutral reviewer aspects) is to in essence have to have a written paper trail that lays out, the way a warrant would, exactly what they were getting.

    • emptywheel says:

      I don’t think other INTEL agencies get data. Law enforcement, maybe (though given the way we go about money laundering cases, I’m not sure they do have much access).

      Letting an intel agency access the data, in any form, is a whole different issue since it’s not about prosecution.

      • Mary says:

        Technically I think that all the requests (in the bad ol and the bad new days both) are from Treasury, not CIA. The fact that once Treasury gets it, they conspire with CIA to pick and choose who are going to be the next kidnap, disappearance, assasination, torture or other victims isn’t really something that happens at the SWIFT – to – USA level I think.

        And I do think other countries who get the info do have their intel agencies involved, but since their intel agencies are also bound by different sorts of law, they never had a “wall” and could work with law enforcement. fwiw.

    • scribe says:

      Not exactly.

      SWIFT is located in the EU, where all sorts of privacy laws supposedly shield the disclosure of all sorts of information. (They have bad experience with things like “secret police” and “intrusion on privacy”.)

      For example, in ordinary civil litigation one can quite easily violate EU privacy laws by doing what is considered ordinary discovery in US courts. Indeed, litigants can wind up coming to the US court where they are litigating and facing an order from the US court that they disclose something in discovery, having to argue that if they do disclose that they stand exposed to criminal prosecution in their EU home. Subpoenas and warrants are very different overseas, and their scope is almost never as broad as what we in the US consider normal.

      And, given the Euros’ bad experiences with secret police and domestic intelligence gathering, I would be surprised if their intel services have ready access to SWIFT; not nearly what the US is getting.

      And remember, intelligence sharing is only done when the sharing agency deems such sharing to be in its interest, not out of some charitable motiviation.

      What the US is doing with SWIFT is well beyond what any private litigation would do, and the US is doing it for no purpose other than desiring to know all there is to know so as to use that information (or the threat of using it) for the US’ own purposes.

      • Mary says:

        I understand (and have posted about) EU privacy laws, but I am talking about SWIFT itself. Because it has always been a multination data base, my understanding is that how SWIFT reconciled all those different legal and jurisdictional aspects of access to its data under varied and varying laws, was to set up a system where, as part of its organizational structure that is agreed upon by members and by the nations of operations, access would be provided in response to warrants and orders of member nations. That way, SWIFT as an entity wasn’t required to figure out the different privacy issues and laws – it would be responding to a court determination – and the members were basically then agreeing that their information would be accessible by such an order.

        It had a difficult jurisdictional line to toe, but if I understood correctly, that’s how they reconciled it organziationally. Warrants. That’s why the Treasury went through the farce of creating administrative warrants as their basis for accessing the information. It’s just everyone new that the SWIFT membership intended real, judicial warrants instead, but since the legal organizations and mandated departments for nations varied, there had been some wiggle room under the “warrant” language.

        OTOH, SWIFT itself had another round of issues – as it was a foreign entity itself (and needed to comply with its country of origin’s laws) and yet was physically located in the US and thereby subject to US assertions of authority. This pretty irreconcilable set of issues is why they had to physically relocate – bc they couldn’t reconcile US interpretations of law with their home nation mandates or the EU mandates their home nation was subject to or their own organizational mandates.

        So fwiw, it isn’t just an issue of what are EU privacy laws and how do they compare with US laws, it’s also an issue of the organizational mandates of SWIFT itself and SWIFT’s home nation responsibilities, and US direct interference with those organizational and home nation responsiblities. If it was just a matter of trying to impose the EU privacy laws, it would be almost simpler, but there are additional layers for a multi-nation user entity, where there are non-EU users.

    • emptywheel says:

      Actually, to circle back on this.

      I’m pretty sure NEITHER other intel services NOR other law enforcement get access to the data.

      Mueller, when he was in charge of money laundering investigations under Poppy (spiking the BCCI case, among other things) asked for access in the 1990s. SWIFT said if they tried to subpoena the data they’d pull offshore.

      • Mary says:

        This is reaching back, but IRRC, that was bc SWIFT was about to be between a rock and hard place in that BCI had non-US protective orders. So they would have had competing orders and they couldn’t tolerate that – and in the end, that’s basically why they have left shores now, bc of competing rulings in the EU and by the AG here as to what they are required to do if they are operating from the US.

  6. earlofhuntingdon says:

    SWIFT appears to be the one place where there is full transparency.

    Let’s not forget dummy accounts, shell companies, fake names and passport data, fake or non-descriptive descriptions of the use of funds, multiple transfers of the same money across the world to obfuscate origins and uses. The only guy in the business who doesn’t use such things was the CIA snitch who used his real name and identity, his real phone, car and bank accounts in the Bourne Ultimatum. Unsurprisingly, he was readily tracked and blown up by his own side, but that’s fiction.

      • earlofhuntingdon says:

        I do think it’s a constantly moving target. The USG isn’t the only enterprise with access to math whizzes, supercomputers and tiny bits of code that open and close doors and erase digital traces. One example is moving money as if you were moving it for, say, Rupert Murdoch or Tony Blair, while moving it for Tony, Javier or Sergey.

  7. earlofhuntingdon says:

    Having Booz Allen Hamilton “audit” for propriety the use of the SWIFT data by US spy agencies is like having John Yoo write a legal opinion on the scope of executive powers.

  8. earlofhuntingdon says:

    In other words, while our government claims it only uses SWIFT to track terrorist financing, there is a legal argument probably hidden in an unknown John Yoo memo that says no one–not corrupt politicians, not GE, not Goldman Sachs–have any right to privacy as SWIFT records them transferring money internationally.

    As we’ve discussed before, that claim ignores the statutory, in effect, the constitutional requirements of EU data privacy regime. Those laws are also the basis for similar privacy regimes in Canada, Japan and Australia, all of which move vast sums through SWIFT, including massive amounts of Chinese money.

    It’s obvious why the USG wants unfettered access to SWIFT’s data (which it is as capable of misusing and abusing as any Enron or Karl Rove). Other than as an expression of raw power, it’s unclear why it should get it.

  9. earlofhuntingdon says:

    Few doubted that Cheney and Rove would abuse data extracted from illegal domestic spying for partisan political purposes. Mr. Obama has so far adopted their means, methods and goals that it seems unlikely they would hesitate to do that, too. His actions cement in place the excesses of his predecessor; they do not correct or withdraw from them.

    As for revealing high crimes and misdemeanors a thorough analysis of SWIFT might helped prove, I would just observe that the best threats are hinted at, not slapped on the table. That allows for plausible deniability and lets the target’s imagination produce bigger shadows than would an outright threat.

  10. earlofhuntingdon says:

    Here is a related story on how well US consumers’ data is secured and how little consumers here, unlike their counterparts elsewhere, can do about it:

    The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as College Board students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.

    In what could be one of the biggest such breaches in U.S. history, a diverse swath of companies that did business with Epsilon stepped forward over the weekend to warn customers some of their electronic information could have been exposed.

    Companies whose customer data may have been accessed include Citigroup, Capital One, JPMorgan Chase, Walgreen’s, TiVo, Kroger’s supermarkets, Verizon Communications Inc, Hilton Hotels, Kraft Foods Inc, and AstraZeneca.

    Epsilon is a unit of Alliance Data Systems Corp, one of the largest US data management companies.

    • earlofhuntingdon says:

      The construction was a hypothetical one in which someone attempts to hide how and how much they moved their money by adopting a digital financial persona that mimicked Mr. Blair’s or someone else’s. A safe identity who had a lot of money from lots of locations to move.

      Mr. “Blair” could be anyone with a similar background: Mr. Wu, Mr. Solano, Mr. Smith. He happens to be a multi-millionaire who derives income from many countries via speaking, consulting, lobbying and other arrangements and presumably moves it frequently for tax, investment and cash management purposes.

  11. orionATL says:

    if analyzing data contained in swift routing instructions is so effective,

    why is terrorism still such a big issue, one that requires land armies and armaments throughout the middle east and west asia?

    with swift data presumably available, why haven’t drug cartels been failing for years?

    these comments are not a criticism of this post; information about the u.s. abuse of swift data is extremely important for americans, europeans, and asians to know.

    my comments are a criticism about the value of the u.s. govts’ official theft of banking data to “combat terrorism” or interdict the activities of drug cartels.

    do we get real, sustained benefit from this data or is demanding it just more reflexive, grasping acquisition of information/power to be held onto until abused by, say, a right-wing president with strong internal opposition which threatens to push him from power?

    think gov walker writ large.

  12. orionATL says:

    “lawfare: hard national security choices”

    this is the weblog law prof jack goldsmith used to criticize the nytimes.

    when you see a subtitle like “hard national security choices” you know you are dealing with cowboys – still playing cowboys and indians into their fifties.

    the subtitke should be “bad national security choices”.

    it is hard to think of a bush era “hard choice” that was

    -really necessary

    -really effective

    all the more so when one considers that “terrorism” was never a real national security threat of great size or consequence.

    it was always more of a communications threat to and among american national politicians.

    • Mary says:

      Or he could just put up a subfolder/title “Fascism – Really Good National Security Option or Really Great National Security Option?”

  13. orionATL says:

    tx, eofh

    i thought that might be the case,

    but, then again, i couldn’t pass up the possibility that you, a subject of hmq, might have some insider info on blair that i hadn’t heard.

    the lure of gossip, i confess. :>)

  14. JohnLopresti says:

    Several concepts which recur for me when reading of the swift node, and the other thread concerning gray markets, continue to include questions I would formulate concerning other sectors in global commerce which might or may not be part of swift. I thought the wachovia thread missed distinctions and gradations in the illicit trade part of its discussion; and I would expect international trade in arms to be an elusive channel but one with many likely intersects with the swift datacapture disputes. Further, I am reminded of infrastructure administrative console access which platform owners and managers maintain; for example, French and German telcos provide most of the African mediterranean rim countries telco switches. I do not know about the new wireless technology outside plant ownership in the region; though aerial and space based reconaissance likely hoovers wireless pretty thoroughly; maybe it is as simple as the calea chips in cellphones doing the hoover mirror work. ATT has a bid out for acquiring Deutsche Telekom currently; saves rerouting thru some Verizon mirror noc, at least it does if att already has a mirror topology for hoovering. I think of these things when a country has protesters, then douses or eavesdrops or filters internet and other forms of contermporary ecommunications; I wonder if the usual satellite platform companies and uplink providers also could provide an easy backdoor for hoovering. Maybe the issue is something like what some comments suggested, that there is a difference between clandestine vacuuming and some court accepting derivative information as admissible for discovery if there was no public government to government agreement prior. Besides the Bout trial, the suggested Egypt grilling of officials from the exited regime might supply infilling information about some of these postulated methods. I guess I am saying I am not so sure swift aint compromised in the intell sense, already; for the foregoing and numerous other conjectural reasons. Then there is that amazing word of mouth abacus calculated accounting system which was described early in Bushco*s initiative to reveal funding methodologies.