Financial Cryptography

FC'07 - call for papers

FC'07: Financial Cryptography and Data Security
http://fc07.ifca.ai/

Eleventh International Conference
February 12-15, 2007
Lowlands, Scarborough, Trinidad and Tobago

Submissions Due Date: October 9, 2006, 11:59pm, EDT (UTC-4)

Program Chair: Sven Dietrich (Carnegie Mellon University)
General Chair: Rafael Hirschfeld (Unipay)

At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business, and policy aspects. Material both on theoretical (fundamental) aspects of securing systems,and on secure applications and real-world deployments will be considered.
...

The conference goal is to bring together top cryptographers, data-security
specialists, and computer scientists with economists, bankers, implementers,
and policy makers. Intimate and colorful by tradition, the FC'07 program
will feature invited talks, academic presentations, technical
demonstrations, and panel discussions.

This conference is organized annually by the International Financial
Cryptography Association (IFCA).

Original papers, surveys, and presentations on all aspects of financial and
commerce security are invited. Submissions must have a strong and visible
bearing on financial and commerce security issues, but can be
interdisciplinary in nature and need not be exclusively concerned with
cryptography or security. Possible topics for submission to the various
sessions include, but are not limited to:

Anonymity and Privacy
Auctions
Audit and Auditability
Authentication and Identification, including Biometrics
Certification and Authorization
Commercial Cryptographic Applications
Commercial Transactions and Contracts
Digital Cash and Payment Systems
Digital Incentive and Loyalty Systems
Digital Rights Management
Financial Regulation and Reporting
Fraud Detection
Game Theoretic Approaches to Security
Identity Theft, Physhing and Social Engineering
Infrastructure Design
Legal and Regulatory Issues
Microfinance and Micropayments
Monitoring, Management and Operations
Reputation Systems
RFID-Based and Contactless Payment Systems
Risk Assessment and Management
Secure Banking and Financial Web Services
Securing Emerging Computational Paradigms
Security and Risk Perceptions and Judgments
Security Economics
Smart Cards and Secure Tokens
Trust Management
Trustability and Trustworthiness
Underground-Market Economics
Virtual Economies
Voting system security

For those interested, last year's proceedings are available from Springer.

Submission Instructions

Submission Categories

FC'07 is inviting submissions in four categories: (1) research papers, (2)
systems and applications presentations, (3) panel sessions, (4) surveys. For
all accepted submissions, at least one author must attend the conference and
present the work.

Research Papers

Research papers should describe novel scientific contributions to the field,
and they will be subject to rigorous peer review. Accepted submissions will
be included in the conference proceedings to be published in the
Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the
conference, so the submissions must be formatted in the standard LNCS format
(15 page limit).

Systems and Application Presentations

Submissions in this category should describe novel or successful systems
with an emphasis on secure digital commerce applications. Presentations may
concern commercial systems, academic prototypes, or open-source projects for
any of the topics listed above. Where appropriate, software or hardware
demonstrations are encouraged as part of the presentations in these
sessions. Submissions in this category should consist of a short summary of
the work (1-6 pages in length) to be reviewed by the Program Committee,
along with a short biography of the presenters. Accepted submissions will be
presented at the conference (25 minutes per presentation), and a one-page
abstract will be published in the conference proceedings.

Panel Sessions

Proposals for panel sessions are also solicited, and should include a brief
description of the panel as well as prospective participants. Accepted panel
sessions will be presented at the conference, and each participant will
contribute a one-page abstract to be published in the conference
proceedings.

Surveys

A limited number of surveys presentations may also be included in the
program. We encourage submissions that summarize the current state of the
art on any well-defined subset of the above listed submission topics. A
limited description of visions on future directions of research in these
topics would also be appreciated. Survey submissions can be significantly
shorter than research paper submissions.

Preparation Instructions

Submissions to the research papers, systems/application presentation
categories, and surveys must be received by the due date. Papers must be
formatted in standard PostScript or PDF format. Submissions in other formats
will be rejected. All papers must be submitted electronically according to
the instructions and forms found on this web site and at the submission
site.

Authors should provide names and affiliations at submission time, and have
the option of including or not names and affiliations in their submitted
papers, that must include on their first page the title of the paper, a
brief abstract, and a list of topical keywords. Accepted submissions will be
included in the conference proceedings to be published in the
Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the
conference, so the submissions must be formatted in the standard LNCS format
(15 page limit). Authors of accepted submissions will be required to
complete and sign an IFCA copyright form. A pre-proceedings volume
containing preliminary versions of the papers will be distributed at the
conference.

Questions about all conference submissions should be directed to the Program
Chair at fc07chair@cert.org

Paper Submission

Authors should only submit work that does not substantially overlap with
work that is currently submitted or has been accepted for publication to a
conference with proceedings or a journal.

Paper submission will occur via website to be announced at a later time.

The Rump Session

FC'07 will also include the popular "rump session" held on one of the
evenings in an informal, social atmosphere. The rump session is a program of
short (5-7 minute), informal presentations on works in progress,
off-the-cuff ideas, and any other matters pertinent to the conference. Any
conference attendee is welcome to submit a presentation to the Rump Session
Chair (to be announced). This submission should consist of a talk title, the
name of the presenter, and, if desired, a very brief abstract. Submissions
may be sent via e-mail, or submitted in person through the Monday of the
conference.

Associated Workshop

There will be a Usability Workshop held in conjunction with FC 2007. Details
will be published at a later time.

Program Committee

Alessandro Acquisti, Carnegie Mellon University
Jon Callas, PGP Corporation
Yvo Desmedt, University College London
Giovanni di Crescenzo, Telcordia Technologies
Roger Dingledine, The Freehaven Project
Bernhard Esslinger, Deutsche Bank
Philippe Golle, PARC
Klaus Kursawe, Philips Research Eindhoven
Arjen Lenstra, EPFL
Patrick McDaniel, Penn State University
Tatsuaki Okamoto, NTT
Kazue Sako, NEC
Radu Sion, SUNY Stony Brook
Stuart Stubblebine, Stubblebine Consulting
Paul Syverson, NRL
Mike Szydlo, RSA
Jonathan Trostle, ASK Consulting and Research
Moti Yung, RSA & Columbia University
Yuliang Zheng, University of North Carolina at Charlotte

Important Dates:

Paper Submission: October 9, 2006
Notification: December 11, 2006
Pre-Proceedings: January 11, 2007
Conference dates: February 12-15, 2007
Post Proceedings: April 10, 2007

Case Study: Thunderbird's brittle security as proof of Iang's 3rd Hypothesis in secure design: there is only one mode, and it's secure.

In talking with Hagai, it was suggested that I try using the TLS/IMAP capabilities of Thunderbird, which I turned on (it's been a year or two since the last time I tried it). Unfortunately, nothing happened. Nothing positive, nothing negative. Cue in here a long debate about whether it was working or not, and how there should be a status display, at least, and various other remedies, at most.

A week later, the cleaning lady came in and cleaned up my desk. This process, for her, also involves unpowering the machine. Darn, normally I leave it on for ever, like a couple of months or so.

On restarting everything, Thunderbird could not connect to the mail servers. Our earlier mystery is thus resolved - the settings don't take effect until restart. Doh!

So, how then did Thunderbird handle? Not so well, but it may have got there in the end. This gives me a change to do a sort of case study in 1990s design weaknesses, a critique in (un)usability, leading to design principles updated for this decade.

To predict the punch line, the big result is that there should only be one mode, and it should be secure. To get there more slowly, here's what I observed:

Firstly, Thunderbird grumbled about the certificate being in the wrong name. I got my negative signal, and I knew that there was something working! Hooray!

But, then it turned out that Thunderbird still could not connect, because "You have chosen secure authentication, but this server does not offer it. Therefore you cannot log in..." Or somesuch. Then I had to go find that option and turn it off. This had to be done for all mail accounts, one by one.

Then it worked. Well, I *guess* it did... because funnily enough it already had the mail, and again had not evidenced any difference.

Let's break this up into point form. Further, let's also assume that all competing products to be as bad or worse. I actually *choose* Thunderbird as my preferred email client, over say Kmail. So it's not as bad as it sounds; I'm not "abandoning Thunderbird", I'm just not getting much security benefit from it, and I'm not recommending it to others for security purposes.

1. No caching of certs. There is no ability to say "Yes, use that cert for ever, I do know that the ISP is not the same name as my domain name, dammit!!!!" This is an old debate; in the PKI world, they do not subscribe to the theory that the user knows more than any CA about her ISP. One demerit for flat earth fantasies.
2. No display anywhere that tells me what the status of the security is. One demerit. (Keep in mind that this will only be useful for us "qualified cryptoplumbers" who know what the display means.)
3. I can choose "secure authentication" and I can choose "secure connection." As a dumb user, I have no idea what that means, either of them. One demerit.
4. If I choose one of those ON, and it is not available, it works. Until it doesn't -- it won't connect at some later time and it tells me to turn it off. So as a user I have a confusing choice of several options, but ramifications that do not become clear until later.

   Another demerit: multiple options with no clear relationship, but unfortunate consequences.

5. Once it goes wrong, I have to navigate from a popup telling me something strange, across to a a series of boxes in some other strange area, and turn off the exact setting that I was told to, if I can remember what was on the popup. Another demerit.
6. All this took about 5 minutes. It took longer to do the setting up of some security options than it takes to download, install, and initiate an encrypted VoIP call over Skype with someone who has *never used Skype before*. I know that because the previous night I had two newbies going with Skype in 3 minutes each, just by talking them through it via some other chat program.
7. Normal users will probably turn it all off, as they won't understand what's really happening, and "I need my mail, darnit!"

   (So, we now start to see what "need" means when used by users... it means "I need my email and I'll switch the darned security rubbish off and/or move to another system / supplier / etc.)

8. This system is *only useable by computer experts.* The only reason I was able to "quickly" sort this out was because I knew (as an experienced cryptoplumber) exactly what it was trying to do. I know that TLS requires a cert over the other end, *and* there is a potential client-side cert. But without that knowledge, a user would be lost. TLS security as delivered here is a system is not really up to use by ordinary people - hence "brittle."

We can conclude that this is a nightmare in terms of:

• usability.
• implementation.
• design.
• standards.

Let's put this in context: when this system was designed, we didn't have the knowledge we have now. Thunderbird's security concept is at least 3 years old, probably 8-10 years old. Since those years have passed, we've got phishing, usability studies, opportunistic crypto, successful user-level cryptoapps (two, now), and a large body of research that tells us how to do it properly.

We know way more than we did 3 years ago - which was when I started on phishing. (FTR, I suggested visit counts! How hokey!)

Having got the apologies off our chest, let's get to the serious slamming: If you look at any minor mods to the Thunderbird TLS-based security, like an extra popup, or extra info or displays, you still end up with a mess. E.g., Hagai suggested that there should be an icon to display what is going on - but that only helps *me* being an experience user who knows exactly what it is trying to tell me. I know what is meant by 'secure authentication' but if you ask grandma, she'll offer you some carrot cake and say "yes, dear. now have some of this, I grew the carrots myself!"

(And, in so doing, she'll prove herself wiser than any of us. And she grows carrots!)

Pigs cannot be improved by putting them in dresses - this security system is a pig and won't be improved by frills.

The *design* is completely backwards, and all it serves to do is frustrate the use of the system. The PKI view is that the architecture is in place for good reasons, and therefore the user should be instructed and led along that system path. Hence,

"We need to educate the users better."

That is a truly utterly disastrous recommendation. No! Firstly, the system is wrong, for reasons that we can skip today. Secondly, the technical choices being offered to the users are beyond their capabilities. This can never be "educated." Thirdly, it's a totally inefficient use of the user's time. Fourthly, the end effect is that most users will not ever get the benefit.

(That would be a mighty fine survey -- how many users get the benefit of TLS security in Thunderbird? If it is less than 10%, that's a failure.)

The system should be reversed in logic. It should automatically achieve what it can achieve and then simply display somewhere how far it got:

1. Try for the best, which might be secure auth, and then click into that. Display "Secure Auth" if it got that far.
2. If that fails, then, fallback to second best: try the "Secure Conn" mode, and display that on success.
3. Or finally, fall back to password mode, and display "Password only. Sorry."

The buttons to turn these modes on are totally unneccessary. We have computers to figure that sort of nonsense out.

Even the above is not the best way. Fallback modes are difficult to get right. They are very expensive, brittle even. (But, they are better - far far far cheaper - than asking the user to make those choices.) There is still one way to improve on this!

Hence, after 5 demerits and a handful of higher-level critiques, we get to the punchline:

To improve, there should only be one mode. And that mode is secure. There should be only one mode, because that means you can eliminate the fallback code. Code that falls back is probably twice as large as code that does not fallback. Twice as brittle, four times as many customer complaints. I speak from experience...

The principle, which I call my 3rd Hypothesis in Secure Protocol Design, reads like this:

There is only one mode, and it is secure.

If you compare and contrast that principle with all the above, you'll find that all the above bugs magically disappear. In fact, a whole lot of your life suddenly becomes much better.

Now, again, let's drag in some wider context. It is interesting that email can never ever get away from the fact that it will always have this sucky insecure mode. Several of them, indeed. So we may never get away from fallbacks, for email at least.

That unfortunate legacy should be considered as the reality that clashes with the Hypothesis. It is email that breaches the Hypothesis, and it and all of us suffer for it.

There is no use bemoaning the historical disaster that is email. But: new designs can and will get it right. Skype has adopted this Hypothesis, and it took over - it owns VoIP space in part because it delivered security without the cost. SSH did exactly the same, before.

In time, other communication designs such as for IM/chat and emerging methods will adopt Hypothesis #3, and they will compete with Skype. Some of the mail systems (Start/TLS ?) have also adopted it, and where they do, they do very well, allegedly.

(Nobody can compete with SSH, because we only need one open source product there - the task is so well defined there isn't any room for innovation. Well, that's not exactly true - there are at least two innovations coming down the pipeline that I know of but they both embrace and extend. But that's topic drift.)

More Brittle Security -- Agriculture

And we thought Thunderbird's security was slow and brittle -- consider Nick's comments on agriculture:

The crucial role of security for the history of farming may also shed light on the birth of agricultural in the first place. Hunter-gatherers were very knowledgeable about plants and animals, far more than the typical modern. It would not have taken a genius -- and there were many, as their brains were as large as ours -- to figure out that you can plant a seed into the ground and it will grow. There must have been, rather, some severe institutional constraints that prevented agriculture from arising in the first place. The basic problem is that somebody has to protect that seedling for several months from enemies, and then has to harvest it before the enemy (or simply a envious neighbor) does. Security and allocation of property rights between providers of security and providers of farm labor were the intractable problems that took vast amounts of trial and error as well as genius to solve in order for agriculture to take root.

Nick's referring to the arisal of property rights:

There were at least eight centers of secondary innovations (e.g. crop and livestock domestications and agricultural tools) that look independent: the Middle East, China, India, sub-Saharan Africa, Peru, central America, eastern North America, and New Guinea. But they all occured within a few thousand years of each other, after at least 100,000 years of anatomically modern humans.

(My emphasis.) He refers to it as a cultural revolution, perhaps in deference to its title, but what it really is is the arisal of patterns of cooperation, in this case through the particular mechanism of property rights.

I've postulated in the past that property rights needs two essential elements: 1. the claim, a.k.a. the declaration of a title in property, and 2. the defence, a.k.a., the big man with the pointy stick. I'll stick to that hypothesis as the two essential elements of property, although running the experiment seems longer than worthwhile.

(See recent posts on negotiation for another form of cooperation.)

SWIFT breach - the 'squeeze', justice not being done, the Europeans wake up to "restaurant economics" a.k.a. industrial espionage

SWIFT was extorted to hand over the data. According to two Austrian reports:

"Einverständnis wurde abgepresst" Per Gerichtsbeschluss sollte der gesamte Datenverkehr in der US-Zentrale von SWIFT beschlagnahmt werden, falls SWIFT nicht freiwillig eine bestimmte Zahl von Datensätzen liefere - "das Einverständnis wurde abgepresst", sagt Gall.

“Agreement was squeezed off” By court order the entire data traffic in the US center should be seized by SWIFT, if SWIFT does not supply voluntarily a certain number of data records - “agreement was squeezed off”, says Gall.

Also, here (left in German, right in Googlish, sorry about that) and also see earlier reports (1, 2, 3, 4, 5) ... :

Mit Beschlagnahme gedroht Als sich SWIFT zunächst weigerte, drohten die Amerikaner mit der Beschlagnahme der in den USA gespeicherten SWIFT-Daten. Im US-Bundesstaat Virginia befindet sich nämlich eines der drei Hauptrechenzentren des weltweiten Finanztransaktionssystems SWIFT. Mit der Verhinderung von noch Schlimmerem begründet SWIFT nun, dass man alle gewünschten Daten freiwillig übermittelt habe.

Threatened with seizure When SWIFT refused first, the Americans threatened with the seizure of the Swift data stored in the USA. In the US Federal State Virginia is one of the three main computing centres of the world-wide financial transaction system SWIFT. With the prevention of still worse one SWIFT justifies now that one conveyed all desired data voluntarily.

SWIFT director Günther Gall made those comments at a recent "crisis meeting" held by Austrian banks. He reported that the US Treasury prepared warrants for the seizure of the entire data center, and then offered SWIFT the chance to cooperate by means of a slightly less draconian handover of data.

There's no doubt that the US Government can have this data if it wants. It has the power, and SWIFT is an easy touch, so say at least the Swiss

Stellt sich die Frage, wieso die Swift dem amerikanischen Finanzministerium gefügig Folge leistete. «Die Swift ist leicht erpressbar», mutmasst Mark Pieth, der bereits die Untersuchungskommission der Uno im «Oil for Food» -Skandal leitete, «denn wenn die US-Behörden der Swift die Lizenz für ihre amerikanische Niederlassung entziehen, ist sie nicht mehr funktionsfähig.» Pieth wäre auch nicht erstaunt, wenn der amerikanische Geheimdienst sich im selben Atemzug Einblick in andere Finanztransaktions-Plattformen beschafft hätte. Laut dem Bericht der «New York Times» bestätigten Offizielle der US-Behörden zudem, limitierte Abkommen mit Kreditkarten- oder Transaktionsunternehmen wie Western Union eingegangen zu sein. Die Angelegenheit stellt für Pieth jedenfalls einen eindeutigen Eingriff in die Freiheitsrechte der Bürger dar, und er ist gespannt, wie sich die Schweizer Behörden rechtfertigen werden.

The question arises, why Swift had complied to the American Finance Ministry so easily. “*SWIFT is easily extortable*”, presumed Mark Pieth, which already led the inquiry of the UN in the “oil for Food” scandal, “if the US authorities withdraw the licence from SWIFT, it is no longer functional.” Pieth would not be surprised also, if the American secret service had procured itself in the same breath view of other financial transaction platforms. According to the report the “New York Time” confirmed official one of the US authorities besides, agreement with credit card or transaction enterprises limited such as Western union to have been received. The affair represents a clear interference anyhow for Pieth into the liberty rights of the citizens, and it is strained, as Swiss authorities will justify themselves.

In this case, it used the power, and hence we now have another reason for the cover-up -- if true, the US government again exceeded the bounds of reasonable civilised behaviour. It brings to mind how Judge Lewis A. Kaplan recently ruled in the New York Southern District court:

"Justice is not done when the government uses the threat of indictment ... to coerce companies into depriving their present and even former employees of the means of defending themselves against criminal charges in a court of law," he wrote. "If those whom the government suspects are culpable in fact are guilty, they should pay the price. But the determination of guilt or innocence must be made fairly _ not in a proceeding in which the government has obtained an unfair advantage long before the trial even has begun."

There, Judge Kaplan was referring to the US Justice Department's documented technique of pressuring companies to "cooperate" by hanging their employees out to dry. Unfortunately, there was nobody at the American data center to represent the world's wire senders against the seizure "incentive."

This is a scenario which is all too routine in the money world which is why we have rather strict banking secrecy laws. More:

Offiziell Bescheid wusste in Österreich offenbar nur ein Manager der Raiffeisen Zentral Bank und SWIFT Aufsichtsrat Günther Gall. Er hatte bereits 2001 der Weitergabe von österreichischen Transaktionsdaten an die CIA zugestimmt. Angeblich wurden die österreichischen Banken über diese, nach österreichischem Recht illegalen Datenweitergaben, nicht informiert. Nach fast fünf Jahren wird es nun Zeit, dass sich die Banken darum kümmern, wie mit unseren österreichischen Finanzdaten umgegangen wird, die sie an SWIFT weitergeben. Denn es sind die Banken, die garantieren müssen, dass Dienstleister den gleichen Standard beim Datenschutz garantieren, wie sie selbst mit dem Bankgeheimnis versichern.

Officially, only one manager in Austria know, Raiffeisen central bank and SWIFT supervisory board Günther Gall. It had already agreed 2001 of the passing on of Austrian transaction data to the CIA. Allegedly the Austrian banks were not informed about these data passing on illegal after Austrian right. After nearly five years it becomes now time the fact that the banks worry about how with our Austrian financial data is handled, which pass it on at SWIFT. Because there is the banks, which must guarantee that Dienstleister guarantee the same standard with the data security, how they insure with the banking secrecy.

Which is a grumble that the Austrian responsibilities towards secrecy of data have been breached.

There is yet another problem. Most of the world is looking at this as a privacy issue. (Indeed Privacy International is right on the case, and it needs no crystal ball to predict who's top choice for this year's Big Brother award.) Yet, this is missing the point. As I've pointed out, the lack of governance means that the information will be leaked in due course; not to you or I, as we can't affort the price of illegal data, and we may not want to anyway. But to someone; and due to strong secrecy of their operations, we won't know who it is being leaked to.

René Pfeiffer reports in EDRIgram:

Members of Austrian business organisations have also voiced big concerns about possible cases of industrial espionage, because it is not known who has access to the intercepted SWIFT data. Combining the data from money transfers and the disputed Passenger Name Records data enables everyone who gets these records to use them for economic advantage. Organisations in UK, Germany and Austria have begun to investigate the scope of the damage caused by the SWIFT tapping. Letters to local banks and SWIFT board members have been prepared and published. Every company, business and individual is advised to demand a clarification about the intercepted data on the basis of data protection laws. Furthermore legal steps are being prepared against the SWIFT board since they gave customer details away without mutual consent.

This isn't so much about privacy of the individual, as privacy of the business. A.k.a. industrial espionage, on a state-run scale.

If a large enough deal is being done, where some US champion (say, Boeing) is up against some European champion (say Airbus) for some large bid (say 100 A380s for China), then we can expect _governance be damned_. Maybe the US Treasury would stand up and defend Airbus's right to privacy, against Boeing's corporate survival, ... but I wouldn't be betting *my* factory on it. More:

Wirtschaftsspionage mit EU-Finanzdaten Bisher wurde nur vermutet, die USA könnten ihr Überwachungssystem im Namen der Terrorabwehr auch dazu nutzen, Europas Wirtschaft auszuspionieren. Mit dem Abhören der Finanzdaten habe sich das nun betätigt, so ein Experte der Internationalen Handelskammer. "Für mich kommt diese Wendung nicht überraschend. Vom Überwachen des internationalen Telefonieverkehrs bis zur Kontrolle des Finanzverkehrs ist es ja nur ein kleiner Schritt. Was im ECHELON-Untersuchungsausschuss des EU-Parlaments noch Vermutung war, hat sich damit bestätigt", sagt Maximilian Burger-Scheidlin von der Internationalen Handelskammer [ICC] in Wien. ECHELON lässt grüßen Die Vermutungen im Untersuchungsausschuss, die USA würden ihr elektronisches Überwachungssystem ECHELON auch gezielt dazu benutzen, Europas Wirtschaft auszuspionieren, sind für Burger-Scheidlin mit der Affäre SWIFT nun real geworden. Man könne eigentlich dankbar sein, denn nun lägen handfeste Indizien vor, dass US-Geheimdienste die europäischen Finanztransfers systematisch durchsuchten. "Wir hoffen nun, dass die Regierungen Europas endlich aktiv werden, nachdem sie nun seit vielen Jahren Bescheid wissen", sagt Müller-Scheidlin, dessen Spezialgebiet bei der ICC die Abwehr von Wirtschaftsspionage ist.

Restaurant economics with European Union financial data So far only one assumed, which could use the USA their monitor in the name of the terror defense also to spy of Europe economics. With the hearing of the financial data now, such an expert of the international Chamber of Commerce worked. “For me this idiom does not come surprisingly. From supervising the international telephone voice traffic up to control of financial traffic it is only a small step. Which in the ECHELON committee of inquiry of the European Union parliament still assumption was, thereby”, says Maximilian Burger Scheidlin was confirmed of the international Chamber of Commerce [ICC] in Vienna. ECHELON says "I'm not dead yet!" The assumptions in the committee of inquiry, which the USA its electronic monitor ECHELON also purposefully to use to spy of Europe economics are become for Burger Scheidlin with the affair SWIFT now material. One can be actually grateful, because now strong indications would be present that US secret services scanned the European financial transfers systematically. “We hope now that the governments of Europe become finally active, after they know, say now for many years answer” Mueller Scheidlin, whose special field is with the ICC the protection from restaurant economics.

And More. "Restaurant economics" is googlish for "industrial espionage" it seems. Luckily, it's all in German which means the Bush Administration can wave off these funny krauts and their silly terms, and pretend this is just another case of New York Times treachery and treason.

It remains to be seen if the International Chamber of Commerce will carry this fight to the enemy. What was last month's curiousity -- the European Commission being quite happy to sign over so much data in one-way exchanges on individuals -- is now replaced with the new curiosity of whether they will do the same to their companies.

Threatwatch - "you again operate impulsively in the manner"

Apparently, I sent this email to someone, and it bounced, possibly because of the attached viruses!

Subject: Re: The Proof !!!
From: iang
Date: Tue, 18 Jul 2006 09:26:04 +0200
To: anton

Hello,

Monday, July 17, 2006,3:14:35 PM, you wrote:

> >I think that you again operate impulsively in the manner
> >calm down and tell though that any that simply more than
> >simple charges your jealousy does not know a limit!!!!!

I do not understand why you still screen its all.
I have collected already so much proofs, that
listening to your remarks is inclined to think
as at you with it something too was.
Now I already avoiding half-words send photos
where it does sucked to my boss!
Well, also what you to me on it will tell?

P.S. To anybody it do not show.
If I from your neighbour learn as you have transformed it into a
circus, I to you guarantee troubles. Within the next few days
do not write, I have already drunk in office and I think
to go for city that and you I wish.

--
Best regards,
iang mailto:iang

What answer is there to that?

SWIFT breach - embarrassed Europeans, outrageous acting in Congress, the aggreated abuses, camelgate, and the institutionalised defrauding of American values

I was right on the embarrassment call. First the Canadians, now the British, the Irish and even the European Parliament:

The European Parliament demanded Thursday that European governments and European institutions in Brussels disclose how much they knew about a secret U.S. program to tap into international banking data.

In a resolution reflecting concern among Europeans about cooperation in America's "war on terror," the Parliament voted 302 to 219, with 22 abstentions, to demand that the European Commission, the European Central Bank and the EU's 25 member states "explain fully the extent to which they were aware of the secret agreement" between Swift, an international banking consortium, and the U.S. government.

Following the arrest in Italy on Wednesday of two Italian intelligence agents suspected of helping in the alleged CIA kidnapping of a terrorism suspect and his transfer to a third country, a process known as "extraordinary rendition," the Parliament also adopted a resolution stating that it was "implausible" that "certain European governments were not aware of the activities linked to extraordinary rendition taking place on their territory." It voted to extend its investigation into alleged CIA detention centers in Europe by six months.

While the resolutions are not legally binding, they have "political teeth," said Friso Rascam Abbing, spokesman for the EU's justice and security commissioner, Franco Frattini.

The European Parliament are an odd bunch. They have little power to pass laws, but when they jump up and do something, it is a hint that something's gone awray. In this case, the Commission -- where the real power lies -- has realised the writing is on the wall:

Belgian authorities are investigating whether the Brussels-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT, broke the law by passing bank transaction data to the CIA.

Once that inquiry is concluded, European Commission officials will try to determine whether EU privacy laws were also violated.

"There is no question of a cover-up," said Friso Roscam Abbing, a European Commission home affairs spokesman in Brussels.

That other apparently powerless bunch of seat warmers, the US Congress, agrees:

In a sharply worded letter, the Republican chairman of the House intelligence committee has told President Bush that the administration is angering lawmakers, and possibly violating the law, by giving Congress too little information about domestic surveillance programs.

Rep. Peter Hoekstra (Mich.) has been a staunch defender of the administration's anti-terrorism tactics. But seven weeks ago, he wrote to Bush to report that he had heard of "alleged Intelligence Community activities" not outlined to committee members in classified briefings.

"If these allegations are true," he wrote, "they may represent a breach of responsibility by the Administration, a violation of law and . . . a direct affront to me and the Members of this committee."

However, one shouldn't take the noise from Congress as too scary. In a production more befitting of Hollywood than Pennsylvannia Avenue, the bill to legalise and also slip in a few more weapons of mass privacy destruction has already been written, under cover of outrage at the White House:

The White House balked at an early draft that would have mandated the president submit the NSA program to the FISA court for review. Specter agreed to make it voluntary as long as Bush promised to submit the program if Congress passes the bill. Aides privately acknowledged it was a big concession by a president who until now has resisted judicial interference in how he wages war against terrorists.

The White House conceded in part because it believes the NSA program will survive constitutional muster and the Specter bill will make it easier to argue that the program complies with congressional statutes as well. "We've always said it's constitutional," said one administration official who was not authorized to speak on the record.

The language acknowledging the president's constitutional authority to conduct intelligence operations also was important to the White House. "We see it as historic because here's a statute recognizing an authority the president says he has," the administration official said.

Still, that language alone might mean little because it did not define the scope of the authority or explicitly suggest that a president did not need to seek court approval for warrants. But at the same time, Specter agreed to repeal a section of the original FISA law that made it the exclusive statute governing such intelligence programs.

The combination of the statement acknowledging presidential authority and the deletion of the exclusivity clause left open the interpretation that Bush has the power to conduct other surveillance outside FISA's purview, a possibility administration officials noted with approval.

Also, added, a clause sweeping all civil suits before the FISA court. Whoops! In other words, "please tell us what bill you want written to legalise it, and we will pass it, loudly and angrily." Will this Patriot sequal outsell the Pirates of the Caribbean redux? Back to the IHT article:

Revelations about the SWIFT operation have coincided with growing awareness of the CIA's use of clandestine prisons in Europe for terrorism suspects, the abduction of such suspects, and secret flights to transport them, often to countries where they might be tortured.

Note that this is backtracking at rapid speed by the EC and other regulators. Earlier statements were of the ilk of "not our jurisdiction". Note also how this is being linked to the 'extraordinary rendition' issue above and in other press reports (two Italian intelligence agents arrested in recent weeks in connection...). Keeping in mind the phone tracking and the flight data, both cases where data was passed across the Atlantic without coming back the same way, Europe is now waking up to the fact that the much vaunted European privacy model has been breached on a wholesale level. For more evidence of asymmetry accepted by lame-duck politicians, consider the 3 accused Enron scapegoats:

Lawyers for the three former bankers known as the NatWest Three confirmed yesterday that the men will complete on Thursday their fast-track extradition to America to face charges relating to an £11m fraud involving the collapsed US giant Enron.

On the same day, the Home Secretary will dispatch a minister to Washington to try save the British Government from further humiliation by persuading US senators to drop their opposition to a reciprocal US-UK extradition treaty.

In each case in isolation, the government(s) let it happen -- a one way deal. The question we are now looking at is whether the European Union and others such as US Congress, the Canadians, and the rest of the world will view the abuses in aggregate in a different light.

Curiously, the Bush administrations fears may have been justified: Notwithstanding the expected nature of this particular breach, it may become the straw that broke the camel's back. In time honoured American tradition, maybe we should call the SWIFT breach Camelgate.

Finally, we need to keep our eye on the ball here. What is the central problem? It is this: the information that is being collected is not subject to appropriate governance, something that worries as financial cryptographers. The special conditions that once applied to national intelligence activities no longer apply. That data is as we speak being moved out of the box labelled "only for counter-terrorism":

"We can use that information for terrorism, money laundering - all sorts of law enforcement purposes," Stuart Levey, the Treasury Department's undersecretary for terrorism and financial intelligence, told the House Financial Services subcommittee on oversight and investigations. "And we can do all kinds of the things that people traditionally think about when they think about data mining in terms of looking for trend analysis, suspicious activity and the like."

There, he is talking about a *new* program to trace all American/International wires. The only thing that is surprising is the breathtaking speed with which US Treasury are discarding the claims of only a few weeks ago.

Now, the naive might think that the government has the data, and if you've done nothing wrong, then you have nothing to fear. Dead wrong. Because there is no governance worth spit in place, the SWIFT value will be used for nefarious purposes. Intelligence data is already being used so:

A former ISC insider passed the dossier to the intelligence arm of the anti-corruption squad in February. The informant directed handlers to a series of ISC payments, totaling 20,000 pounds, made to a recipient identified as Detective Sergeant Gary Flood.

United Kingdom (oops: not US) Intelligence data is now available to the highest bidder. Some will see this as a good thing -- an opportunity. Some of that data is good stuff:

Among the critical assets in the database are Old MacDonald's Petting Zoo, a Kangaroo Conservation Center, Jay's Sporting Goods, several Wal-Mart stores, Amish Country Popcorn, and the Sweetwater Flea Market.

The DHS Office of Inspector General found the National Asset Database, being compiled to support a variety of infrastructure protection projects, full to overflowing with "poor quality" data, such as 4,055 malls, shopping centers, and retail outlets, 224 racetracks, 539 theme or amusement parks and 163 water parks, 514 religious meeting places and 1,305 casinos.

(spotted by 27BStroke6.)

The USA is moving with breathtaking speed to financial tracking on a comprehensive scale, available to a wide range of interested parties. The institution known as the American Value System has been breached, and is about to be defrauded in a way that makes previous scandals (mutual funds, oil-for-food, KPMG, Enron, ...) look like quaint stories told by old-timers over sherry.

Threatwatch - 2-factor tokens attacked by phishers - another "must-have" security tool shown to be fighting the last war

Lance James points out that Phishers have moved on to attacking 2-factor authentication tokens:

The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real.

This news (Brian Krebs in a Washington Post blog) has been expected (#10.3) for a long time. It's a timeline point -- we've moved to that stage.

More bad news for suppliers of 2-factor tokens and also US Banks which got a quasi-recommendation to implement something like this. I say, quasi-something, because the FDIC carefully did not recommend any specific technology, choosing instead to recommend that banks carefully review their risk-based exposure (although I also called it wrongly, initially). The banks themselves may have assumed tokens or similar, for whatever reason.

It has been interesting to watch RSASecurity deal with this. I'd say they saw the writing on the wall maybe a year or two ago. They aggressively expanded from their older PKI roots and their staple SecureId 2-factor token by buying more modern companies such as Cyota in Britain. It was Cyota that pushed them into "defence in depth" which involved transaction monitoring and risk-graduated authentication mechanisms.

RSASecurity also purchased PassMark which had a big deal to provide Bank Of America with unique pictures for each account user, in what they call their "2-factor-2way" solution. Between the two of them, these two companies buried the older "2-way authentication" system known as SSL which RSASecurity had had so much to do with in the early days (the one the phishers showed to be a Maginot defence).

Now the phishers count coup again -- PassMark's technology is also vulnerable to the new phishing attack. Being bought out by EMC might have been a good move alround.

Now, the casual marketeer will take this as gloating. We've predicted this for so long, we must be overjoyed. No such. That would be their own lack of familiarity at open criticism, an essential tool in risk management, because attackers brook no marketing fools. Here's where we are at.

Firstly, the industry is in dire straights and the sooner we recognise it the better. RSASecurity, or Cyota as it happens, recognised the broken SSL system a while back.

Secondly, it is absolutely vital that this information be put out in to the wider community. European banks have been working like mad for 6 months. American banks are still fighting the last war, and while they are looking backwards, there are more enemies coming up. American banks, for lethargy and bad advice, and American security suppliers, for liability *1, 2) and overzealous histories, are especially vulnerable.

It is American account holders to whom this column is devoted, today.

• Chandler at Not Bad for a Cubicle including some interesting debate in comments
• John Quarterman at Perilocity

Galileo (EuroGPS) cracked

Darren points to a development reminiscent of satellite TV: the codes to protect the European Galileo satellite's positioning signals have been cracked by a team from Cornell University in USA. Full story below:

Cracking the secret codes of Europe's Galileo satellite

Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.

The codes and the methods used to extract them were published in the June issue of GPS World.

The navigational satellite, GIOVE-A (Galileo In-Orbit Validation Element-A), is a prototype for 30 satellites that by 2010 will compose Galileo, a $4 billion joint venture of the European Union, European Space Agency and private investors. Galileo is Europe's answer to the United States' GPS.

Because GPS satellites, which were put into orbit by the Department of Defense, are funded by U.S. taxpayers, the signal is free -- consumers need only purchase a receiver. Galileo, on the other hand, must make money to reimburse its investors -- presumably by charging a fee for PRN codes. Because Galileo and GPS will share frequency bandwidths, Europe and the United States signed an agreement whereby some of Galileo's PRN codes must be "open source." Nevertheless, after broadcasting its first signals on Jan. 12, 2006, none of GIOVE-A's codes had been made public.

In late January, Mark Psiaki, associate professor of mechanical and aerospace engineering at Cornell and co-leader of Cornell's GPS Laboratory, requested the codes from Martin Unwin at Surrey Space Technologies Ltd., one of three privileged groups in the world with the PRN codes.

"In a very polite way, he said, 'Sorry, goodbye,'" recalled Psiaki. Next Psiaki contacted Oliver Montenbruck, a friend and colleague in Germany, and discovered that he also wanted the codes. "Even Europeans were being frustrated," said Psiaki. "Then it dawned on me: Maybe we can pull these things off the air, just with an antenna and lots of signal processing."

Within one week Psiaki's team developed a basic algorithm to extract the codes. Two weeks later they had their first signal from the satellite, but were thrown off track because the signal's repeat rate was twice that expected. By mid-March they derived their first estimates of the code, and -- with clever detective work and an important tip from Montenbruck -- published final versions on their Web site (http://gps.ece.cornell.edu/galileo) on April 1. The next day, NovAtel Inc., a Canadian-based major manufacturer of GPS receivers, downloaded the codes from the Web site and within 20 minutes began tracking GIOVE-A for the first time.

Galileo eventually published PRN codes in mid-April, but they weren't the codes currently used by the GIOVE-A satellite. Furthermore, the same publication labeled the open source codes as intellectual property, claiming a license is required for any commercial receiver. "That caught my eye right away," said Psiaki. "Apparently they were trying to make money on the open source code."

Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki. The upshot: The Europeans cannot copyright basic data about the physical world, even if the data are coming from a satellite that they built.

"Imagine someone builds a lighthouse," argued Psiaki. "And I've gone by and see how often the light flashes and measured where the coordinates are. Can the owner charge me a licensing fee for looking at the light? … No. How is looking at the Galileo satellite any different?"

Adam pointed to more here and slashdot.

SWIFT breach - canonically novel theories in law revealed

In the breach that keeps on breaching, I suggested that the reason the Bush administration was nervous of the program was that the Europeans might be embarrassed via public opinion to put in place real governance. I was close (dead link to "Piling On the New York Times With a Scoop," Howard Kurtz, WaPo):

Keller said he spent more than an hour in late May listening to Treasury Secretary John Snow argue against publication of the story. He said that he also got a call from Negroponte, the national intelligence czar, and that three former officials also made the case to Times editors: Tom Kean and Lee Hamilton, chairmen of the 9/11 commission, and Democratic Rep. John Murtha of Pennsylvania -- an outspoken critic of the war in Iraq.

"The main argument they made to me, extensively and at length, besides that the program is valuable and legitimate, was that there are a lot of banks that are very sensitive to public opinion, and if this sees the light of day, they may stop cooperating," Keller said.

What useful reason could they have for keeping it secret? If it was legal, the banks will cooperate. I think we can clearly state that banks will generally operate within the law, and will always side with the government over the interests of their customers.

As far as the banks are concerned, their interests are covered as long as a) it is legal, and b) all banks equally have to comply. So, keeping it secret was either directed at covering up potential illegality or a lack of legality, or some particular discrimination that was going on. As there has been no real hint of any discrimination here (SWIFT by definition serving all banks), it would be the former. (And, what does he mean by "a lot of banks?")

He acknowledged, as did the Times article, that there was no clear evidence that the banking program was illegal. But, he said, "there were officials who talked to us who were uncomfortable with the legality of this program, and others who were uncomfortable with the sense that what started as a temporary program had acquired a kind of permanence.

So what we have here is a programme of dubious legality, where insiders know they have transgressed, and would like the law to be clarified and updated. So they themselves are not at risk, and evidently the banks feel the same way.

"It's a tough call; it was not a decision made lightly," said Doyle McManus, the Los Angeles Times' Washington bureau chief. "The key issue here is whether the government has shown that there are adequate safeguards in these programs to give American citizens confidence that information that should remain private is being protected." ... McManus said the other factor that tipped the paper's decision to publish was the novel approach government was using to gather data in another realm without warrant or subpoena.

"Police agencies and prosecutors get warrants all the time to search suspects' houses, and we don't write stories about that," he said. "This is different. This is new. And this is a process that has been developed that does not involve getting a specific warrant. It's a new and unfamiliar process."

That's raising an interesting question. The question of the maybe-subpoena is addressed here:

The Administration says the program is legal because every month the Treasury Department issues an administrative subpoena, basically a subpoena you write yourself without seeing a judge.

Ryan Single also offered a theory on how the newspapers wrote their own administrative subpoenas. More odd remarks from the McManus of the LATimes:

"I always start with the premise that the question is, why should we not publish? Publishing information is our job. What you really need is a reason to withhold information."

It's a point. As we dig further we discover the old black helicopter theories surging up:

The scandal here is not government over-reach, [Blum] tells me. The scandal is the pitiful reluctance of this administration (and others before it) to get serious about the problem. Bankers, Blum explained, "have fended off every conceivable rule that would really be effective. Why are we pandering to them if we say we are in such a desperate situation?" ... The monitoring system described by the Times seems unexceptional to Blum. Indeed, his complaint is that it's so narrowly focused that it mostly harvests empty information. "Meanwhile, the biggest purveyor of terrorist money, as everyone knows, are accounts in Saudi Arabia," Blum observes. "Nobody will deal with it because the Saudis own half of America." An exaggeration, but you get his point.

Blum knows the offshore outposts where US corporations and wealthy Americans dodge taxes or US regulatory laws. Congress could shut them tomorrow if it chose. Instead, it keeps elaborating new loopholes that enable the invention of exotic new tax shelters for tainted fortunes. The latest to flourish, he says, are shell corporations-- freely chartered by states.

"The GAO says this device is being used for money laundering by everyone else in the world," Blum says. "Congress ought to start there." He is not holding his breath.

Which would be the house of cards defence. Here's another card that is showing signs of bending:

The U.S. National Security Agency asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks, lawyers claimed June 23 in court papers filed in New York federal court.

The allegation is part of a court filing adding AT&T, the nation's largest telephone company, as a defendant in a breach of privacy case filed earlier this month on behalf of Verizon Communications Inc. and BellSouth Corp. customers. The suit alleges that the three carriers, the NSA and President George W. Bush violated the Telecommunications Act of 1934 and the U.S. Constitution, and seeks money damages.

``The Bush Administration asserted this became necessary after 9/11,'' plaintiff's lawyer Carl Mayer said in a telephone interview. ``This undermines that assertion.''

People all around the world bent over backwards to help the USA deal with 9/11. And let's not forget a substantial number of people killed were foreigners -- expatriate workers in the towers at the time.

If it is true that the spying programmes were begun before 9/11, that might shake the faith a bit. For the unshakebly faithful, see the relevant complaint and some skepticism here (tip to Adam and 27BStroke6):

Within eleven (11) days of the onset of the Bush administration, and at least seven (7) months prior to the attacks of September 11, 2001, defendant ATT began development of a center for monitoring long distance calls and internet transmissions and other digital information for the exclusive use of the NSA.

Why are we doing all this? Eavesdropping. We know it is a present danger, but the clarity lacks. We need to figure out what capabilities the agencies have and how far it spreads, in order to inform future designs.

DDA cards may address the UK Chip&Pin woes

Lynn points to an article that states the French rollout of chipcards uses DDA or "dynamic data authentication":

The DDA cards store an encryption key that generates a unique number, or signature, for each transaction. This signature is read by the point-of-sale terminal, which has a corresponding encryption key, so a transaction from a counterfeit card is unlikely to be approved. The DDA technology allows banks to more securely approve transactions at the terminal without having to send the transactions over the network for authorization. Most EMV cards in circulation worldwide, including those in the UK, use less-secure "static" signatures, which can be copied onto cloned cards. Unless issuers send these transactions over the processing network for online authentication, terminals might not be able to detect fraudulent cards.

This looks a little bit like diversified keys or some similar hybrid asymmetric system using symmetric algorithms. In diversified key systems the "merchant set" of receivers can check the signature but no ordinary card can. These were used in one-way triangular money products so that consumer card could prove itself to merchant card; which made the consumer cards less interesting to crack, but also shifted the burden to the merchant cards (anyone who can crack a card can steal a merchant terminal...).

Microcontroller suitable for an interceptor of SDA smartcard as per UK Chip&Pin. Mike Bond University of Cambridge, Computer Laboratory.

The fact that France is rolling out these more advanced units at the same time as Chip&Pin is being rolled and rolled in the UK is possibly a reflection on competition. In France, the banks probably have more chance to build in the higher cost base of the more expensive cards than in the UK.

Lynn asks in comments:

This looks to close the "yes card", "replay attack" scenario with existing static data (skim static data in manner similar to skimming magstripe static data, using it to create counterfeit card).

An issue raised in the "naked transaction" scenario ... is whether the actual transaction is signed ... ala x9.59
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959

Or is it an upgrade of the existing static data card authentication to dynamic data card authentication ... aka an end-point authentication ... but leaving the actual transaction otherwise naked ... and possibly vulnerable to things like man-in-the-middle attacks
http://www.garlic.com/~lynn/subpubkey.html#mitm

https://financialcryptography.com/mt/archives/000745.html

My guess is that it is "div-key-signed" but as the signature can only be checked by the fully equiped merchant card, various dumb checks won't work.

More:

The mask in question supports all bank card applications in France, EMV and Moneo, and is certified to EAL 4+ level, the toughest card security standard in existence.

Previous posts:

• Naked Payments IV - let's all go naked
• Naked Payments II - uncovering alternates, merchants v. issuers, Brits bungle the risk, and just what are MBAs good for?
• Naked Payments I - New ISO standard for payments security - the Emperor's new clothes?
• Chip-and-Pin terminals were replaced by "repairworkers" ?
• FraudWatch - Chip&Pin, a new tenner (USD10)

Prototype interceptor of SDA smartcard as per UK Chip&Pin. Mike Bond University of Cambridge, Computer Laboratory.

SWIFT breach - softly softly, catchee monkey?

As predicted, the politicians in Europe are responding, albeit mildly.

Meanwhile, Belgian Prime Minister Guy Verhofstadt issued a statement saying he has asked security officials to determine whether the U.S. program complied with Belgian laws.

In the same Toronto Star article:

New security powers aimed at fighting terrorism may be a "threat to privacy" and must be monitored, Canada's privacy commissioner said yesterday as she announced an inquiry into whether U.S. authorities accessed Canadian financial records.

Commissioner Jennifer Stoddart said she anticipates making the results of her inquiries public in coming weeks, after "examining whether Canadians' financial transactions are being improperly accessed by foreign authorities."

Fairly clearly, everyone in the financial community knew that SWIFT tracking was likely, and knew it was probably ineffective. They allegedly caught one guy, which makes it an inessential tool -- you don't take on those risks just to get one successful lead over 4-5 years. And, as we know:

In his new offering, "The 1 Percent Doctrine," author Ron Suskind says everyone in U.S. intelligence has known for years that al-Qaida and similar groups have jettisoned electronic banking for some time. These guys aren't fools. They also use untraceable cell phones. They now use bodies to carry the cash or hide it in other packages, so the 'use' of this spying is questionable.

The reason that terrorists aren't stupid is simple - the stupid ones get eliminated over time, an evolutionary feedback mechanism that seems unavailable in Washington D.C, no matter how desirable. Notwithstanding all that, the Bush administration chose to counter-attack the press for the 'leak':

President George W. Bush has condemned newspapers that carried initial reports on the program last week - including the New York Times, the Los Angeles Times and the Wall Street Journal - saying the disclosure made it "harder to win the war on terror."

The need for a message that can be explained in 25 simple words to the Republican support base is apparent, but this is verging on the ridiculous. Which raises the question -- aside from lack of evolutionary pressures -- why is Bush taking the New York Times to task on this?

You also can't count out the White House from being political on this. Attacking the messenger, in this case the New York Times, is "red meat" to some who dislike the media and may garner members of the current administration a few votes in November.

So, we are being asked to choose between the Republican base being too stupid to realise they are being conned again, or that they will wake up and call Bush's bluff. I don't want to go there. Also, what happens when there is a leak over an effective and agreeable tool? They'll have shot their wad. That's actually a fairly likely scenario, given the record of this administration to shoot first, think later.

But there might be more to this than mere stupidity and electoral panic. In considering what it means to threaten prosecution over the leak of an ineffective and controversial tool, keep in mind that terrorists aren't stupid. Therefore, they are not in this picture. So, if it is not about terrorists, everything else mentioned is likely as deceptive.

Let's consider the possibility of a deception plan. Why would Bush's team just not dampen down on it? Nobody knows who SWIFT is, and if we were to keep repeating "boring!" people would eventually get the message. The reason may have something to do with two factors:

1. International embarressment may actually force a debate on this, and could cause the tool to be modified, or at worst withdrawn. Is the Bush administration embarrassed and caught flat-footed in front of its erstwhile international peers? Or even the Democrats?

At a confirmation hearing Tuesday for Henry Paulson Jr., the nominee for Treasury secretary, Senator Max Baucus, Democrat of Montana, asked whether the monitoring might violate the Fourth Amendment's protection against unreasonable searches.

"I think you'll agree that we could fight terrorism properly and adequately without having a police state in America," Baucus said.

Paulson did not express an opinion on the propriety of the Swift monitoring but pledged to study it. "I am going to, if confirmed, be all over it, make sure I learn everything there is to learn, make sure I understand the law thoroughly," Paulson said.

Democrats said they hoped to get a clearer idea of the legal foundations for the program, how it was monitored, and how long it would be allowed to continue under the president's invocation of emergency powers.

I think it unlikely to be withdrawn, but it might earn some proper governance, especially if the Democrats keep embarrassing the international community into thinking about it. Which leads us to point 2:

2. There is massive support in US Treasury for this tool, if this embarrassing tidbit is anything to go by:

Democratic staff members said they had pressed Treasury officials in recent days for a fuller accounting of which members of Congress were briefed on the program and whether notification requirements under the International Economic Emergency Powers Act, invoked by Bush after Sept. 11, were met.

Treasury officials have told congressional staff members that they briefed the full intelligence committees of both houses about a month ago, after inquiries by The [New York] Times, according to one Democratic aide who spoke on condition of anonymity.

US Treasury possibly realise they now have the crown jewels in their grasp - the tool they need to chase their own subjects across the globe. Now is the time to roll out the long term strategy -- first migrate the SWIFT tracking across to drugs & ML (already started, as spotted earlier). Then on to own citizens.

Softly softly, catchee monkey. Is this going to happen? You might as well bet your bottom dollar, because it could be your last private bet:

A U.N. report on terrorist financing released in May 2002 noted that a "suspicious transaction report" had been filed with the U.S. government over a $69,985 wire transfer that Mohamed Atta, leader of the hijackers, received from the United Arab Emirates. The report noted that "this particular transaction was not noticed quickly enough because the report was just one of a very large number and was not distinguishable from those related to other financial crimes."
One of the key federal agencies vacuuming the financial information long has snubbed the terrorist threat. As of 2004, the Treasury Department's Office of Foreign Assets Control had 10 times more agents assigned to track violators of the U.S. embargo on Cuba as it had tracking Osama bin Laden's money. From 1994 to 2004, this Treasury bureau collected nearly 1,000 times as much in fines for trading with Cuba as for terrorism financing.

If you know anything about systems you can see where this going: individual queries on suspicions clarified through governance will give way to massive datamining in order to avoid the above embarrassing failures. Which leads to the earlier scenario of own citizen tracking, if we accept the principle that any (secret, ungoverned) system is eventually captured by those with the most interest.

Fear of embarrassment and consequent proper governance may explain why the administration is taking the line that this is "government at its best." In effect, daring detractors to call them; before you can put in proper governance, you have to present the Bush Administration as bad governance.

So watch to see how much resistance there is to proper governance and international oversight.

Relevance to wider currency matters? If the worst case scenario comes to pass and the SWIFT breach widens, then expect a couple of competitors to SWIFT to arise. One for the Muslim world and another for the Asian sphere.

Also, there are signs that the penny may have dropped for at least some FBI agents.

FBI Financial Crimes Section chief Dennis Lormel and his colleagues at other intelligence agencies eventually realized that the information supplied by the company could be used not only to locate and freeze the assets of terror groups, but also to track them in real time - in other words, to follow the money trail directly to the sources and destinations of the funds.

First Data subsidiary Western Union, with branches throughout the Arab world and a high volume of money transfers, was in a perfect position to help. American intelligence agents and company officials cooperated in tracking the data trail and in monitoring security cameras installed in Western Union branches in order to see who was picking up the funds.

According to the book, then Shin Bet head Avi Dichter, whom Suskind calls an agent of change in the U.S. war against terror, was briefed by Lormel on the new monitoring capabilities during one of his frequent visits to Washington.

In April 2003, Dichter called Lormel to ask for the FBI's help in this regard. Dichter told officials that the Shin Bet had information about a courier who was expected to be bringing money to Israel from Lebanon shortly. The source of the money was known, but not the identity of the person for whom its was destined.

In early April, 2003, an Islamic Jihad activist went to a Western Union office in Lebanon and ordered a money transfer to Hebron. The Justice Department authorized Western Union to release this information to the FBI and the CIA, and eventually to the Shin Bet. According to Suskind, all this took just minutes, enabling Israeli intelligence to track the person who collected the transfer in
Hebron and to uncover the terror cell.

According to the book, this method was used successfully many times over the next year and a half, until autumn 2004, when Palestinian operatives realized that their Western Union transfers were being used to trap them.

Top notch! There is potential value in the AML tool of money tracking for the anti-terrorism mission, notwithstanding the real fears of civil libertarians. But, the value is only present if the tool isn't destroyed beforehand. Seizing terrorist funds isn't likely to be effective, just as seizing drugs money isn't likely to be effective, as it just moves the committed into more committments, and gives them a good signal as to what not to do next time.

(If you don't follow the above, consider this: terrorists do not care about money, they've already crossed the rubicon of civil society. If they need more money they will just go and steal it. So seizures don't mean a thing to them, and the next terrorist attacks in USA are likely to be self-financing. Same with drugs dealers.)

But, as it has taken the champions of AML 20 years to work out that tracking is valuable, whereas seizures achieve nothing towards the fundamental stated goal, I wouldn't hold out much hope that Treasury will make a wise choice. They are after all a bureaucracy of many interests.