June 24, 2006

SWIFT breached - Big Badda Boom - will this hasten dollar shift?

SWIFT has been breached. We can argue about the definition of this, but we'll knock that one right on the head:

CIA operatives trying to track Osama bin Laden's money in the late 1990s figured out clandestine ways to access the SWIFT network. But a former CIA official said Treasury officials blocked the effort because they did not want to anger the banking community.
Unlike telephone lines and e-mail communications, the SWIFT network cannot be easily tapped. It uses secure log-ins and state-of-the-art encryption technology to prevent intercepted messages from being deciphered. "It is arguably the most secure network on the planet," said the former SWIFT executive who spoke on condition of anonymity. "This thing is locked down like Fort Knox."

So what was holding back the CIA from tracing Osama's cash through SWIFT in the late 1990s? The Treasury department, that's who:

Historically, "there was always a line of contention" inside the government, said Paul Pillar, former deputy director of the CIA's counterterrorism center. "The Treasury position was placing a high priority on the integrity of the banking system. There was considerable concern from that side about anything that could be seen as compromising the integrity of international banking."

The money system is the be-all and end-all. It is the rock on which society is built - it intermediates all transactions. It counts all wealth, at the end of the day. It delivers the information that makes the economy work. So when the Treasury said to the spooks "mitts off" it was speaking with more than ordinary concern.

Which all vanished when 9/11 came along. The economy -- the money system -- became second priority, and the US isn't a country for second places. Damage control is immediate by John Snow, Treasury Secretary:

"President Bush has made it clear that ensuring the safety of the American people and citizens around the globe must be our number one priority.

"Consistent with this charge, one of the most important things we at Treasury do is to follow the flow of terrorist monies. They don't lie. Skillfully followed, they lead us to terrorists themselves, thereby protecting our citizens.

Some more damage control here.

The danger of breaching SWIFT and putting the database into the hands of the various and many US agencies is still present, or the US Treasury was talking out its hat to the CIA in the 1990s. This is obviously going to surprise the banks around the world, not to mention governments like Iran which are "by US fiat" terrorist supporting, China that is locked in a resource battle, and Russia which is emerging from the old cold war days as power that wants reckoning with. Even in the cold war, Russia and allies like Cuba dealt in dollars.

Does this system work? Does John Snow have the picture? We have to make a judgement call here. Every official will leap to the defence, but these are the same officials that kept it secret in the first place. But we can expect some ex-officials to express their skepticism:

Current and former U.S. officials said the effort has been only marginally successful against Al Qaeda, which long ago began transferring money through other means, including the highly informal banking system common in Islamic countries.

The value of the program, Levey and others said, has been in tracking lower- and mid-level terrorist operatives and financiers who believe they have not been detected, and militant groups, such as Hezbollah, Hamas and Palestinian Islamic Jihad, that also operate political and social welfare organizations.

Of course there is another reason why this won't be much good: If Osama Bin Laden or his team were congenitally stupid, they might imagine that SWIFT had not been breached, and the somewhat famed Belgian penchant for banking secrecy would protect them. Sadly for all his victims, we have plenty of evidence that he is fairly smart, he is very far from dumb, and even if this were the case, even the stupidist and thuggiest of drugs dealers seem to be quite adept at hiring good money launderers, if the claimed growth of that money flow is any guide.

(To be frank, I'm a bit surprised at the blow up of this one. I suppose I simply assumed from way back that SWIFT records were already being funnelled to the UST. Consider any outrage written here to be journalistic.)

In effect, the Bush administration have taken on the ire of the banking world, for no gain. It remains to be seen what will be made of this in other countries. John Snow, Treasury Secretary, says response is isolated to the Press. Keep reading those papers, Mr Snow - Banks normally do not signal their displeasure so openly, so you can be sure that you won't have too much worry there...

Moving on from the mild gossip stuff, let's get to the harder governance questions.

We can imagine that many banks and many governments will be going through that "Big Badda Boom" moment as they realise who's reading their traffic. Expect more pressure on the dollar, and more pressure for independent systems. The islamic world will almost certainly push for something, but probably not Sealand, which burnt out today. Any country on the axis-of-evil list is a gonna, as they are by US-definition terrorist-related.

Examine the case of SWIFT. In comes the subpoena, which they make great stress of as compulsory. But let's make no bones about it -- this was a force-based subpoena, and probably an illegal one at that, or backed up by an Executive Order that was probably itself "presidential writ of the novel kind."

What then to do? Comply, probably, in the instance. There is no point in SWIFT leaving the United States, as there are more banks there than the rest of the world put together (an artifact of State banking, not necessarily anything else.) But, in the meantime, design of systems to very carefuly limit the damage would be appreciated. Minimal information, and oversight.

Oversight? Let's talk about oversight.

In a major departure from traditional methods of obtaining financial records, the Treasury Department uses a little-known power - administrative subpoenas - to collect data from the SWIFT network, which has operations in the U.S., including a main computer hub in Manassas, Va. The subpoenas are secret and not reviewed by judges or grand juries, as are most criminal subpoenas. ... Treasury shares the data with the CIA, the FBI and analysts from other agencies, who can run queries on specific individuals and accounts believed to have terrorist connections, Levey said Thursday in an interview with The Times. ... Levey said the program is subject to "robust" checks and balances designed to prevent misuse of the data. He noted that requests to access the data are reviewed by Treasury's assistant secretary for intelligence; that analysts can only access the data for terrorism-related searches; and that records are kept of each search and are reviewed by an outside auditor for compliance.

Levey said there had been one instance of abuse in which an analyst had conducted a search that did not meet the terrorist-related criteria. The analyst was subsequently denied access to the database, he said. New safeguards have been added, he said, noting that SWIFT officials are now allowed to be present when analysts search the data and to raise objections with top officials.

Officials from other government agencies have raised the issue of accessing the records for other investigative purposes, but Levey said such proposals have been rejected - largely out of concern that doing so might erode support for the program.

Asked what would prevent the data from being used for other purposes in the future, Levey said doing so would likely trigger objections from SWIFT and the outside auditor. A SWIFT representative said that Booz Allen Hamilton, an international consulting firm, is the auditor, but provided no further details on how the oversight process works.

OK, so this time they have taken data sharing seriously. They know this data is hot, hot, hot, given the unprecedented step to protect it before being caught. They have 3 sets of guardians (2 better than hapless Sealand).

Unfortunately the oversight is crippled: An internal review of requests. SWIFT officers, who are already compromised and an auditor who is unlikely to blow the lid on it, as he's covered by national security, secrecy, and great pay. In short, nothing independent, nothing open and nothing with teeth. No judge, not even FISA. Signs are Congressional oversight is limited to the extent that they cannot see what it does:

Lee Hamilton, a former congressman and co-chairman of the commission who said he has been briefed on the SWIFT program, said U.S. intelligence agencies have made significant progress in recent years, but are still falling short. "I still cannot point to specific successes of our efforts here on terrorist financing," he said.

I'd give it 3 years before it is comprehensively breached. If they didn't want that then they would have set up the tracking in Brussels, and put in international oversight. Curiously, maybe Congress will wake up at this point and realise that they've got a tiger by the tail. When that transaction tracking starts getting used for non-terrorist purposes, there are going to be some very annoyed people.

Posted by iang at June 24, 2006 02:10 PM | TrackBack

"One danger of a never-ending government investigation into people's financial transactions is mission creep. A Treasury Department spokesman told The [New York] Times that the information mined from Swift - which includes millions of records - cannot be used for anything except terrorism searches. But there is little to guarantee that will continue to be the case."

"Congress, which has given the administration many new powers to conduct terrorism investigations, needs to judge whether this was what it had in mind. The original Patriot Act made major changes in money-laundering laws that provided for the use of administrative subpoenas. But the Judiciary chairman, Arlen Specter, was quoted yesterday as questioning whether their use in the Swift investigation has been too broad. The committee has already scheduled an oversight hearing this month, at which Attorney General Alberto Gonzales is slated to appear. The senators should take the opportunity to look deeper."

"So far, the only check on the executive branch appears to have come from the Swift executives themselves, who grew increasingly concerned when what they envisioned to be a short-term program seemed on its way to becoming permanent. It was at their insistence that the controls the government now cites were put into place. An outside auditing firm is now used to verify that investigators have real intelligence leads behind their requests for information. That is all to the good; it is clear that when it comes to defending their customers, international banking executives are far more aggressive than, say, American telephone company executives."

Posted by: "New York Times Editorial" at June 25, 2006 07:06 AM

>>> "Curiously, maybe Congress will wake up at this point and realise that they've got a tiger by the tail. When that transaction tracking starts getting used for non-terrorist purposes, there are going to be some very annoyed people."

I'd re-phrase this to 'When [people begin to think] that transaction tracking starts getting used for non-terrorist purposes, there are going to be some very annoyed people.' I'd also suggest that people will immediately think that the information tracking is being used for non-terrorist purposes.

Posted by: Darren at June 25, 2006 07:50 AM

Indeed a worrying development.
And as the article suggests, I would expect the big bad guys to know how to avoid this kind of detection anyway. Leaving on the smaller, less important terrorist groups prone to detection on the SWIFT network. And of course ... Innocent John Doe.

Posted by: Anon at June 28, 2006 07:02 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.