September 21, 2006

SWIFT breach - Roundup - Good Morning Europe, BoE got out early, Simon Davies: "we won't be fooled again."

Collected notes on a month or so of SWIFT rumblings. European privacy regulators are taking on the investigation:

The test is whether European law has competence over US claims to data held by European firms. It does not look at all certain whether it does, but The Register understands that the EU is planning to walk and talk like it does.

It's a very wide geographical area, from Czech Republic to Canada:

Results of the Czech and other probes are expected by the end of the month, Stepankova said. "The next step" will be to determine whether the SWIFT system is being used "in a way that conforms to domestic legislation" in EU countries, she said.

As mused on before, the SWIFT breach has caught the attention of authorities where the one-way passing of confidential flight and phone data did not. Also, the industrial espionage issue of "restaurant economics" has exposed something of a dilemma in the US arguments for over-arching eurosociomonitoring. Problem is, the key regulators ducked and weaved:

The Bank of England, one of the 10 central banks with a place on Swift's managing committee, revealed it had told the British government about the programme in 2002. "When we found out we informed the Treasury and passed the relationship over to them," Peter Rogers of the Bank said. "We also told Swift that they had to speak to the government themselves. It had nothing to do with us. It was a matter of security and not of finance. It was an issue between Swift and the government."

In a written parliamentary answer, Gordon Brown last month confirmed the government was aware of the arrangement. Citing government policy not to comment on "specific security issues", however, the chancellor refused to say whether measures had been taken to "ensure the privacy of UK citizens who may have had their financial transactions viewed as part of US counter-terrorism investigations in conjunction with Swift". He also refused to say whether the Swift programme was "legally reconciled" with Article 8 of the European convention on human rights.

A Home Office spokesman said the government had been given "no reason to believe the operation was unlawful", adding that it "strongly supports US efforts to target, disrupt and cut off sources of funding for terrorism". He declined to comment on the commissioner's assessment that the programme may be illegal.

What we need now is for the authorities to recognise the governance issue of breaches. This could be called the camel's-nose-under-the-flap argument -- once a payment system starts shifting protected information out, the information is no longer protected, and breaches happen thick and fast. We're not there yet, as the BoE like others declined jurisdiction.

This issue of Central Banks ducking responsibility for governance is made all the more poignant as they are the only agency with credibility when it comes to the task of general regulation of payment systems, no matter how much we or they approve of their position(s) or not. Hence the general quacking and phaffing around in Belgium and other halls of power as data and competition regulators try and work out what SWIFT is, where it is, and how to spell it.

SWIFT stalled EU probe of US snooping

For the EU to feel confident that SWIFT had not betrayed home rules, and that the US hadn't stuck its nose where it was not warranted, it had to review the subpoenas by which the US has gained access to SWIFT's records for the last five years.

Yet if SWIFT gave this information up, it would offend the US intelligence services. If it didn't give the information up, it would offend the EU authorities.

Bingo. Why aren't they handing over the subpoenas? Rumour has it that there aren't any; the SWIFT executives in NY were extorted to hand over the data without papers in hand. This favoured technique is used as it guarantees that the Feds (or UST in this case) can do no wrong. They are covered because the information was "volunteered" by SWIFT, and thus, the US Treasury officials concerned have broken no laws. SWIFT of course are later hung out to dry.

Pressure is being exerted in Britain over the various and thin claims of oversight and governance:

However, campaign group Privacy International said [assurances] were not enough. It had filed a complaint to the British data protection body, the Information Commissioner. It is worried that the Treasury was fishing through international financial records in the hope of turning up terrorist finance records. It also feared the data could be used for other purposes, including espionage.

Swift's CEO, Leonard Schrank, flew to London to meet Privacy International on Friday. Simon Davies, a PI director, said he had told Schrank he wanted to see proof that the Treasury was only able to see records that it knew contained details of terrorist financial transactions.

"When was the last time you were satisfied with something that was claimed without seeing proof?" said Davies. "We are not prepared to accept anybody's face value assertions that protections have been put in place," he said.

"We won't be fooled again." Precedent is on Davies' side. The US government is on record as not operating secret overseas prisons, not wanting to re-negotiate FISA with Congress, and not wiretapping Americans without a warrant. A few weeks ago, Judge Taylor ruled illegal the wiretapping they promised they were not doing, and the Bush administration immediately turned to Congress to request re-negotiating the FISA act which they were not breaching. (The bills which hand an open cheque to the wiretappers have just been approved in committee.) Which presumptively renders factual their breach, a trend that seems more a standard than an exception.

More snippets: it also looks as though the New York Times might have been a little faithless in not only holding the story for "a year" but in fact before the last Bush election:

Such a delay was, in itself, unpardonable, and provoked angry criticism. Now we learn, from an interview with Executive Editor Bill Keller conducted by Calame, that internal discussions at the Times about drafts of the eventual article had been "dragging on for weeks" before the November 2, 2004, election, which resulted in a victory for Bush.

"The process," the public editor notes, "had included talks with the Bush administration." A fresh draft was the subject of discussion at the newspaper "less than a week" before the election.

Meanwhile, back at the mission ranch, let's consider why all this was necessary. Terrorism, that's what. Now the Foreign Affairs journal weighs in:

Intelligence estimates in 2002 held that there were as many as 5,000 al Qaeda terrorists and supporters in the United States. However, a secret FBI report in 2005 wistfully noted that although the bureau had managed to arrest a few bad guys here and there after more than three years of intense and well-funded hunting, it had been unable to identify a single true al Qaeda sleeper cell anywhere in the country. Thousands of people in the United States have had their overseas communications monitored under a controversial warrantless surveillance program. Of these, fewer than ten U.S. citizens or residents per year have aroused enough suspicion to impel the agencies spying on them to seek warrants authorizing surveillance of their domestic communications as well; none of this activity, it appears, has led to an indictment on any charge whatever.

In an exceedingly long article that details in painful detail how many terrorist threats failed to materialise, one of the most respected voices in US foreign policy calls the whole motivation for the SWIFT tracking ... bogus!

Who can we trust to inform us on these issues? Politicians asked the NSA to clarify what was secret and what was not so they could get on with their job of politicking.

On July 27, shortly after most members of the committee were briefed on the controversial surveillance program, the NSA supplied the panel's chairman, Pat Roberts (R-Kan.), with "a set of administration approved, unclassified talking points for the members to use," as described in the document.

Among the talking points were "subjective statements that appear intended to advance a particular policy view and present certain facts in the best possible light," Sen. John D. Rockefeller IV (D-W.Va.) said in a letter to the NSA director. [...]

Unfortunately the NSA upstaged them and did the politicking for them. Among them, this gem of advice on "what is secret":

"It is being run in a highly disciplined way that takes great pains to protect U.S. privacy rights. There is strict oversight in place, both at the NSA and outside, now including the full congressional intelligence committees."

Others have mentioned the tendency to answer every question with the policy and ignore the question as well as the truth, but this takes the dishonesty to a whole new level. Lying to the congressional committee when they are investigating the precise lack of any "strict oversight" has to be ineptness or chutzpa only possible with extraordinary levels of arrogance.

Posted by iang at September 21, 2006 03:11 AM | TrackBack
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.