Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Pulling a Swift one? Bank transfer information sent to U.S. authorities

On June 22-23 2006 the New York Times ran a story uncovering an international financial surveillance programme run by the Bush Administration. In essence the Bush Administration is getting access to international transfer data and storing this in databases at the Treasury Department and/or CIA for access to investigate terrorist activity.

There are a number of inconsistencies in the accounts so far:

  • The U.S. claims that this is a narrowly focused programme that is compliant with the law, while the Belgian Government has concerns that the data is accessed without authorisation by a Belgian judge.
  • The Bush Administration claims that it has been open with reporting this to Congressional leaders, but some found out as late as May 2006 once it became clear that the story was about to break.
  • As with most cases of international co-operation, the country seizing the data, i.e. the U.S., is claiming universal jurisdiction while the regime responsible for protecting the data, the EU, is disavowing any responsibility.
  • The U.S. claims that the data is only used for combatting terrorism, but then admits that it has shared data on other illegal transactions with relevant agencies.
  • The U.S. claims that they only get access to specific data when it is relevant to an investigation, but this does not explain how they have been able to access to the entire database of billions of transactions.
  • The U.S. claims that it the data is searched only when it is relevant to an investigation and then admit that there were possibly hundreds of thousands of such searches.
  • The U.S. claims that it had briefed the international oversight bodies, e.g. G-10 bank central governors, but the Central Bank governors deny that they have jurisdiction over such activities and the Belgian Minister of Justice admitted that she heard of the transfers from the media.

These inconsistencies have severe implications for trust and confidence in the international finance sector. PI calls for an immediate halt of the transfers until essential questions regarding due process and privacy protections can be answered adequately.

According to the New York Times:

The records mostly involve wire transfers and other methods of moving money overseas and into and out of the United States. Most routine financial transactions confined to this country are not in the database."

According to the LA Times:

The messages typically include the names and account numbers of bank customers -- from U.S. citizens to major corporations -- who are sending or receiving funds. (...) In a major departure from traditional methods of obtaining financial records."

According to Treasury Undersecretary for Terrorism and Financial Intelligence Stuart Levey, there were a large number of searches done against the database:

I don't know the exact number but it's . . . at least tens of thousands, maybe hundreds of thousands of searches."

SWIFT's response was almost immediate. It released a statement on compliance stating that:

SWIFT takes its role as a key infrastructure of the international financial system very seriously and cooperates with authorities to prevent illegal uses of the international financial system. Where required, SWIFT has to comply with valid subpoenas.

"In the aftermath of the September 11th attacks, SWIFT responded to compulsory subpoenas for limited sets of data from the Office of Foreign Assets Control of the United States Department of the Treasury. Our fundamental principle has been to preserve the confidentiality of our users’ data while complying with the lawful obligations in countries where we operate. Striking that balance has guided SWIFT through this process with the United States Department of the Treasury.

"SWIFT negotiated with the U.S. Treasury over the scope and oversight of the subpoenas. Through this process, SWIFT received significant protections and assurances as to the purpose, confidentiality, oversight and control of the limited sets of data produced under the subpoenas. Independent audit controls provide additional assurance that these protections are fully complied with."

According to one statement from SWIFT given to the New York Times, there have been no discussions of withdrawing from the transfer programme and that SWIFT was "very resolute" in its commitment to the programme.

About SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian-based industry-owned co-operative that supplies a messaging infrastructure to the global banking community. This 'community' consists of banks, brokers and dealers, investment managers and their market infrastructures in payments, securities, treasury and trade. SWIFT provides messaging services and interface software to more than 7,863 financial institutions in 204 countries and territories. For instance, 107 U.S. banks are memebrs of SWIFT, as are 99 Swiss Banks, 101 Russian banks, 86 UK Banks, 123 Japanese Banks, 37 Chinese Banks, 123 Italian Banks, and 104 German Banks. According to its 2005 report, traffic on this network has reached 2.6bn messages, or 10 million messages a day on average. The largest sources of trafffic on the SWIFTNet FIN are the UK, the U.S., Germany, Belgium, France and Italy; though the fastest growth markets for 2005 were the Middle East and Africa. The majority of the messaging is about payments, followed by securities, treasury and trade messaging.

Though based in La Hulpe, Belgium, just outside of Brussels, the SWIFT Group has subsidiaries in Australia, Brazil, Switzerland, Germany, Spain, France, the United Kingdom, Hong Kong, Ireland, Italy, Japan, Luxembourg, Sweden, Singapore, South Africa, and the United States. The Chairman of SWIFT is Jaap Kamp, while the CEO is Leonard Schrank. Unfortunately the story broke one week after SWIFT's Annual General Meeting on June 14, 2006.

SWIFT's activities is overseen primarily by the National Bank of Belgium, though other central banks are said to "have a legitimate interest in, or responsibility for, the oversight of SWIFT, given SWIFT's role in their domestic systems." Therefore it has international oversight in co-operation with G-10 central banks, i.e. the Bank of Canada, Deutsche Bundesbank, European Central Bank, Banque de France, Banca d’Italia, Bank of Japan, De Nederlandsche Bank, Sveriges Riksbank, Swiss National Bank, Bank of England and the Federal Reserve System (USA), represented by the Federal Reserve Bank of New York and the Board of Governors of the Federal Reserve System. For the most part, however, this oversight is limited to security, operational reliability, business continuity, and resilience of the infrastructure.

Nature of the transfers: Swift Action

After 9/11, Treasury Department officials (claimed by some to be Secret Service officials) initially approached SWIFT with a number of subpoenas. According to Secretary John Snow, these were "really narrowly crafted subpoenas all tied to terrorism."

SWIFT had responded at the time that it could not provide individualised searches of the information and, according to Snow, had offered the U.S. Government access to all transaction records.

The LA Times reported that two years into the program, financial institutions began wondering how long this would go on, and SWIFT executives were no long happy with mere oral assurances. Greater safeguards were then to be built into the scheme.

According to Secretary Snow's statement of June 22, 2006, the 'Terrorist Finance Tracking Program' does not involved data mining or trolling through the private financial records of Americans. Without clarifying the substance of the program, he declared:

It is not a "fishing expedition", but rather a sharp harpoon aimed at the heart of terrorist activity. That fact makes today's disclosure so regrettable, because the public dissemination of our sources and methods of fighting terrorists not only harms national security but also degrades the government's efforts to prevent terrorist activity in the future."

Snow was forced to expand on this answer on the 23rd of June when he insisted that the program was "entirely consistent with our democratic values, with our best legal traditions."

Under Secretary for the Office of Terrorism and Financial Intelligence Stuart Levey clarified the matter further on June 23, 2006. In his statement, he confirmed that the Treasury Department has subpoenaed records on terrorist-related transactions from SWIFT. He reported that the legal basis was 'routine and absolutely clear':

The International Emergency Economic Powers Act, a statute passed in 1977, allows us to issue administrative subpoenas for financial records. We issue such subpoenas regularly, and our authority to do so has never been called into doubt. The SWIFT subpoena is powerful but narrow, as it allows us to access only that information that is related to terrorism investigations. We are not permitted to browse through the data, nor can we search it for any non-terrorism investigation. In practice, this means that we have accessed only a minute fraction of SWIFT's data."

Levey outlined the procedure as involving the following steps:

  • Before a search can be run against the data, analysts must first explain how the target of the search is connected to a terrorism investigation.
  • SWIFT's auditors are able to monitor the searches in real time and to stop any one of them if they have any concerns about the link to terrorism.
  • A record is kept of every search that is done.
  • Records are reviewed by an outside independent auditor, Booz Allen Hamilton, the SWIFT's auditors, or both.

According to Levey, Booz Allen Hamilton "have found consistently the government is not abusing this data [and] that we are using it for counterterrorism purposes." There was one exception to this, according to Levey:

There was one instance noted at one point in an audit that there had been one search that was done that was, in our view, inappropriate. . . . The person who conducted that search is no longer allowed to work on this program. And no information from any search that's even been questioned has ever been disseminated."

However this was further clarified: when information appeared that indicated a non-terrorist crime, such as money laundering or drug trafficking, Levey said the source of the information was "sanitized" before it was passed to other law enforcement agencies.

The LA Times has reported that the database is maintained at a CIA facility in Virginia, near to the computer hub for the SWIFT network in the U.S. in Manassas, Virginia.

Who is responsible?

As with most international activities, identifying the bodies that are responsible for oversight and authorisation is next to impossible. As the Treasury Department is using administrative subpoenas, and these are secret letters, there is no judicial oversight in the U.S. According to the Washington Post there was no congressional authorization though the legislative oversight committees knew abou the programme. However some committee members were informed years ago, others were only briefed as late as May 2006 after the Administration learned that the New York Times was aware of the programme. Despite this, the Chairman of the Senate Judiciary Committee stated that he had not yet seen the need to hold hearings on the issue.

Beyond the U.S., the oversight appears even murkier. The European Commission has already disavowed its jurisdiction on the issue. According to a Commission spokesperson, as quoted in Forbes:

At first sight, it would appear that there is no European legislation covering this type of transfer. And therefore it is a matter for national law. If it were the case in Belgium, it would be the Belgian authorities that would be involved."

Undersecretary Levey stated that the Belgian Central Bank was aware, and the Central Bank Governors of the G-10 countries were also briefed but failled to identify exactly when this took place.

According to the International Herald Tribune, the Belgian Central bank that oversees Swift rejected criticism that it had inadequately protected the privacy of European citizens, stating that the decision was beyond its control. According to a bank statement:

The monitoring of SWIFT's activities that do not affect financial stability is not a matter for the oversight group and therefore the U.S. Treasury subpoenas of SWIFT were outside the purview of central bank oversight."

The Finance Minister Dider Reynders also knew of the agreement, but some reports state that the Minister was only informed 'informally' in April 2006.

According to the spokesman for the Prime Minister:

We need to ask what are the legal frontiers in this case and whether it is right that a U.S. civil servant could look at a private transaction without the approval of a Belgian judge."

The Belgian Justice Minister Laurette Onkelinx learned of the searches from the media and has asked for Belgian national security services and counter-fraud office to produce reports by the end of the week as to the legality of the transfers.

Legal and Political Ramifications

The New York Times has come under attack for disclosing the existence of the programme. Despite having held discussions with the Bush Administration prior to the story being released, the NY Times faced complaints from senior officials.

Vice President Cheney:

What I find most disturbing about these stories is the fact that some of the news media take it upon themselves to disclose vital national security programs, thereby making it more difficult for us to prevent future attacks against the American people. That offends me."

President Bush called the disclosure 'disgraceful'.

One Congressman from NY, Peter King (Republican, New York), chairman of the House Homeland Security Committee, has called the New York Times "treasonous" and has called for an investigation of the paper.

Related articles:
Europe's Privacy Commissioners rule against SWIFT
Privacy organisations praise vote of European Parliament on SWIFT data deal
PI and ACLU show that SWIFT auditor has extensive ties to US Government
PI commences legal action to suspend unlawful activities of finance giant

Countries: