Terrorist Finance Tracking Program raises privacy questions

By EDRi · July 5, 2006

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

On 22-23 June 2006, the New York Times published a story uncovering an
international financial surveillance programme, called Terrorist Finance
Tracking Program, run by the US authorities. After the 11 September 2001
attacks, the US Treasury Department and/or CIA starting getting access to
international transfer data, available in the SWIFT database, in order to
investigate terrorist activity.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a
Belgian-based industry-owned co-operative that supplies a messaging
infrastructure to the global banking community. This ‘community’ consists of
banks, brokers and dealers, investment managers and their market
infrastructures in payments, securities, treasury and trade. SWIFT provides
messaging services and interface software to more than 7,863 financial
institutions in 204 countries and territories.

SWIFT’s activities is overseen primarily by the National Bank of Belgium,
though other central banks are said to “have a legitimate interest in, or
responsibility for, the oversight of SWIFT, given SWIFT’s role in their
domestic systems.” Therefore it has international oversight in co-operation
with G-10 central banks.

After 11 September 2001 SWIFT responded to some very broad US subpoenas.
SWIFT had considered at the time that it could not provide individualised
searches of the information and it had offered the U.S. Government access to
all transaction records. This has been a situation going on since then and
the financial authorities examined tens of thousands of confidential
financial transactions.

The Secretary for the Office of Terrorism and Financial Intelligence Stuart
Levey confirmed that the Treasury Department had subpoenaed records on
terrorist-related transactions from SWIFT. He reported that the legal basis
was “routine and absolutely clear”. Some US Representatives asked US
Department of Justice to investigate the New York Times for its actions for
violating the Espionage Act and other related federal statutes.

The European Commission said it had no jurisdiction over the transfer of
financial data to non-EU countries such as the US, considering that this was
a problem for the national legislation. Friso Abbing, EU spokesman on
justice and home affairs, stated that the European Union remained concerned
that civil liberties were being overlooked in the name of combating
terrorism: “Everyone agrees that in the fight against terrorism we do need
to have measures against the funding of terrorism. But the emphasis is that
this must be done with full respect in the respect of data privacy.”

The Belgium government said that they were investigating the legality of the
searches. Prime-Minister Guy Verhofstadt stated that they needed to
determine if the rights of Belgium nationals and the Belgium Law have been
respected during this process within SWIFT.

The National Bank of Belgium acknowledged that it knew of the transfers and
The European Central Bank and the Bank of England were also aware that
customers’ payment data were being accessed by US authorities.

There are serious privacy concerns that this classified program might also
be a violation of U.S. and European financial privacy laws, because
individual search warrants to access financial data were not obtained in
advance. Privacy International (PI) lists a number of inconsistencies with
this program, including the US claims that this is a narrowly focused
programme that is compliant with the law, while the Belgian Government has
concerns that the data is accessed without authorisation by a Belgian judge.
Or that, as with most cases of international co-operation, the country
seizing the data, i.e. the U.S., is claiming universal jurisdiction while
the regime responsible for protecting the data, the EU, is disavowing any

PI launched on 28 June 2006 an international campaign against the SWIFT
illeagal activities. They have filed simultaneous complaints with Data
Protection and Privacy regulators in 33 countries, considering that the
activity was undertaken without regard to legal process under Data
Protection law, and that the disclosures were made without any legal basis
or authority whatever. The scale of the operation, involving millions of
records, places this disclosure in the realm of a fishing exercise rather
than a legally authorised investigation.

Pulling a Swift one? Bank transfer information sent to U.S. authorities

PI launches campaign to suspend unlawful activities of finance giant

PI Complaint: Transfer of personal data from SWIFT to the U.S. Government

Belgian leader orders bank inquiry (26.06.2006)

NY Times accused of treason (26.06.2006)

Belgium probes US bank record searches(26.06.2006)

European Central Bank knew about US data access (29.06.2006)

Society for Worldwide Interbank Financial Telecommunication – SWIFT

(Thanks to Gus Hosein – Privacy International)