p2p news / p2pnet: Did US officials and the CIA have unauthorised access to private information concerning Canadian financial transactions?

"This is something we’re looking into," Anne-Marie Hayden, spokeswoman for the privacy commissioner’s office, says, quoted by The Toronto Star.

"While declining to comment further on the American program specifically, Hayden said that, in general, ‘anytime personal information of Canadians is obtained by a foreign government in circumstances that may not provide the same privacy protections that exist in Canada, we have concerns’."

At the centre of what’s certain to become a major scandal not only in Canada but around the world is the revelation that the Cheney / Bush administration has for the last half decade been pirating private citizen information held by the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, which links about 7,800 banks and brokerages.

Bush called the disclosure of the secret program, designed to, "track millions of bank records in search of terrorist suspects," as the Chicago Sun-Times summed it up, as ”disgraceful”.

Now human rights group Privacy International, based in London, England, has launched a campaign today against the, "illegal actions of SWIFT in its transfer of financial transactional data to the U.S. Government".

It says it’s filed simultaneous complaints with Data Protection and Privacy regulators in 33 countries concerning recent revelations of secret disclosures of millions of records from the banking giant SWIFT to U.S. intelligence agencies.

"The disclosures involve the mass transfer of data from the SWIFT centre in Belgium to the United States, and possibly direct access by US authorities both to data held within Belgium and data residing in SWIFT centres worldwide," says Privacy International, continuing:

"The complaints allege that the activity was undertaken without regard to legal process under Data Protection law, and that the disclosures were made without any legal basis or authority whatever. The scale of the operation, involving millions of records, places this disclosure in the realm of a fishing exercise rather than legally authorised investigation."

Neither the US government nor SWIFT, "was prepared to provide details of the extent of the disclosures," says the complaint.

"However the office of the Belgium Prime Minister confirmed that: ‘the cooperative (SWIFT) had received broad administrative subpoenas for millions of records’."

It also expresses concern that the data could be used by U.S. authorities for a range of unrelated activities, even espionage.

The complaints were sent to privacy commissioners regulators of Belgium, the Czech Republic, Denmark, Germany, Estonia, Greece, Spain, France, Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, Hungary, Malta, the Netherlands, Austria, Poland, Portugal, Slovenia, Slovakia, Finland, Sweden, the United Kingdom, Iceland, Liechtenstein, Norway, Switzerland, Guernsey, Jersey, Isle of Man, Australia, Canada, Hong Kong, New Zealand.

p2pnet is publishing the full text of the compaint below. >>>>>>>>>>>>>>>>>>>>>>>>

Transfer of personal data from SWIFT to the U.S. Government

Dear Commissioner

I am writing with regard to recently publicised activities of the Society for Worldwide Interbank Financial Telecommunications (SWIFT) involving the covert disclosure of personal information relating to nationals of the EU, the United States and other countries.

This disclosure of data has been undertaken ostensibly on the grounds of counter-terrorism.

The disclosures involve the mass transfer of data from the SWIFT centre in Belgium to the United States, and possibly direct access by U.S. authorities both to data held within Belgium and data residing in SWIFT centres worldwide. It appears that the activity was undertaken without regard to legal process under Data Protection provisions, and it is possible that the disclosures were made without any legal basis or authority whatever. In all cases the

disclosures were made without the knowledge or consent of the individuals to whom the data related. To the best of our knowledge, the disclosure activity is ongoing. The scale of the operation, involving millions of records, places this disclosure in the realm of a fishing exercise rather than legally authorised investigation.

At this stage we do not have enough information to determine how many people have been the subject of these disclosures, but there is a probability that the SWIFT activities involve mass disclosure. The office of Belgium’s Prime Minister confirmed that: "the cooperative (SWIFT) had received broad administrative subpoenas for millions of records".

An ‘administrative subpoena’ takes the form of a letter issued without judicial authority.

We are also concerned that this data could be used by US authorities for a range of non-terrorist related activities. As this information can amount to a profile of all financial transfers over periods of years the additional uses could vary widely to include taxation monitoring and even espionage.

We are concerned that the practice substantially violates Data Protection law and we ask that you intervene with a view to making a demand that the disclosure programme be suspended pending legal review.

The complainant

Privacy International (PI) is one of the world’s oldest privacy organisations, and has been instrumental in establishing the modern international privacy movement. The London-based organisation was formed in 1990 as a privacy, human rights and civil liberties watchdog. PI has organised campaigns and initiatives in more than fifty countries. It has members from 30 countries.

Background to the complaint

SWIFT is the financial industry-owned co-operative that supplies secure, standardised messaging services and interface software to 7,863 financial institutions in 204 countries and territories. SWIFT’s worldwide partnership includes banks, broker/dealers and investment managers, as well as their market infrastructures in payments, securities, treasury and trade. The organization generates authorisations concerning almost two billion transactions per year amounting to around 2000 trillion US dollars.

On Friday June 23rd 2006 the New York Times and the Los Angeles Times published details of a private arrangement between SWIFT and the United States Government that involved the covert disclosure to the U.S. of customer financial data. Neither the U.S. Government nor SWIFT was prepared to provide details of the extent of the disclosures.

Quoting from the New York Times: "The records mostly involve wire transfers and other methods of moving money overseas and into and out of the United States. Most routine financial transactions confined to this country are not in the database."

The Los Angeles Times reported: "The messages typically include the names and account numbers of bank customers — from U.S. citizens to major corporations — who are sending or receiving funds. … [this is a] major departure from traditional methods of obtaining financial records."

The Washington Post observed: "Current and former counter-terrorism officials said the program works in parallel with the previously reported surveillance of international telephone calls, faxes and e-mails by the National Security Agency, which has eavesdropped without warrants on more than 5,000 Americans suspected of terrorist links. Together with a hundredfold expansion of the FBI’s use of ‘national security letters’ to obtain communications and banking records, the secret NSA and Treasury programs have built unprecedented government databases of private transactions, most of them involving people who prove irrelevant to terrorism investigators."

SWIFT confirmed in a statement later that day that the disclosures had occurred, and justified the practice on the grounds of the organisation’s ongoing commitment to working with authorities on the issue of financing of terrorist operations.

SWIFT has offices in a number of countries: the United States, Australia, Hong Kong, China, Singapore, France, Germany, Italy, Spain, Belgium, South Africa, Sweden, Switzerland and the United Kingdom. It is possible that data has been disclosed from or accessed via these centres.

Basis of the complaint The disclosures have taken place on the grounds of counter-terrorism. This complaint does not seek to challenge the existence of provisions to disclose personal information on legitimate grounds of national security or counter-terrorism. Such disclosures must be subject to

established legal procedures. The relevant procedures appear not to have been engaged either by SWIFT or by the United States government. In our view, therefore, the disclosures are unlawful and should be brought to a halt.

The statement from SWIFT asserts:

"All of these actions have been undertaken with advice from international and U.S. legal counsel…"

but the statement makes no mention of arrangements being made or notification given to Members States of the European Union. We presume in these circumstances no approval was secured for the transfer of this information to the U.S.

According to the report from the Los Angeles Times:

"the Treasury Department uses a little-known power — administrative subpoenas — to collect data from the SWIFT network, which has operations in the U.S.,

including a main computer hub in Manassas, Va. The subpoenas are secret and not reviewed by judges or grand juries, as are most criminal subpoenas."

The monitoring of the SWIFT transaction database by the CIA and U.S. Treasury Department also raises troubling questions under U.S. law. While details of the program are unclear one fact already seems certain – U.S. government lawyers carefully designed this program to circumvent clear U.S. privacy laws for financial institutions. By targeting a financial intermediary whose role, and legal responsibilities to customers, remains undefined under U.S. law, the

disclosure programme seeks to sidestep legal safeguards designed to give bank customers protections similar to those offered by the Fourth Amendment to the U.S. Constitution. This is contrary to Congressional intent, namely that the U.S. public not lose their privacy protections simply because a financial institution shared their information with a third party to complete a transaction. Finally, this financial surveillance also seems to have occurred without any judicial oversight and only very limited notice to elected officials.

Legal position

Forbes and other media sources quote a Commission spokesman proposing that the disclosure programme falls outside of EU law.

"At first sight, it would appear that there is no European legislation covering this type of transfer.. and therefore it is a matter for national law."

The Commission spokesman added: "If it were the case in Belgium, it would be the Belgian authorities that would be involved."

Didier Seus, a spokesman for Belgium’s Prime Minister, has been quoted saying that the prime minister had asked the Justice Ministry to examine whether SWIFT had acted unlawfully by providing access to information from its database to the U.S. authorities without the approval of a Belgian judge.

"We need to ask what are the legal frontiers in this case and whether it is right that a U.S. civil servant could look at a private transaction without the approval of a Belgian judge."

Mr Seus noted that because SWIFT was based in Belgium and had offices in the United States, it was governed by both European and U.S. law.

He said that the government wanted to determine whether obeying these administrative subpoenas was compatible with Belgian law, since Belgian officials must seek individual courtapproved warrants or subpoenas to examine specific transactions.

We submit that because this matter relates to the unlawful disclosure of personal data and we hope that you will be able to take immediate action on this complaint.

Yours sincerely,
Simon Davies
Director

Digg this story

Also See:
The Toronto Star – Did CIA gain access to our bank records?, June 28, 2006
pirating private citizen information – New Bush data piracy scandal, June 24, 2006
disgraceful – Bush attacks The New York Times, June 27, 2006
Privacy International – PI launches campaign to suspend unlawful activities of finance giant, June 28, 2006

---

p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php

This entry was posted on Thursday, June 29th, 2006 at 2:54 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2916 times