From: "Bradley W. Dolan" <71431.2564@CompuServe.COM>
Date: Wed, 9 Mar 94 07:08:36 PST
To: <cypherpunks@toad.com>
Subject: FinCen
Message-ID: <940309145545_71431.2564_FHA66-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


This may be old news to you guys, but some of it was new to me:

bdolan@well.sf.ca.us   ...


From: Bradley Parsons <parsons@acad.stedwards.edu>
Subject: Clipper's Grandaddy: FinCEN
To: uwsa@shell.portal.com
Date: Wed, 9 Mar 94 1:57:27 CST
Mailer: Elm [revision: 70.85]
Status: R


>From acad.stedwards.edu!parsons Wed Mar  9 01:42:56 1994
Newsgroups: alt.politics.clinton
Path: acad.stedwards.edu!parsons
From: parsons@acad.stedwards.edu (Bradley J. Parsons)
Subject: Clipper's Daddy: FinCEN
Sender: parsons@acad.stedwards.edu (Bradley J. Parsons)
Message-ID: <1994Mar9.071635.3171@acad.stedwards.edu>
Date: Wed, 9 Mar 1994 07:16:35 GMT
Distribution: usa
Organization: Austin, Texas

From: Ralf Brown <ralf@telerama.lm.com>
Date: Mon, 7 Mar 1994 04:09:18 GMT

<TITLE>1.6: Big Brother</TITLE>
<H1>Big Brother Wants to Look Into Your Bank Account (Any Time It Pleases) </H1>
<i>By Anthony L. Kimery</I>
-------------------------------------------------------

There wasn't much to go on. The police salvaged the slip of paper that a
small-time East Coast drug dealer tried to eat before being arrested, but on it
they found scribbled only a telephone number and what appeared to be the name
"John." This frustrated the police. They had anticipated more incriminating
information on the man they believed was the supplier not only to the dealer
they'd just busted, but also to dozens of other street corner crack peddlers.
With two slim leads, the police weren't technically equipped to do much more
than antiquated detective work that probably wouldn't yield evidence they could
use to indict John. So they turned to the quasi-secretive, federal Financial
Crimes Enforcement Network (FinCEN) for the digital sleuthing they needed.

Less than 45 minutes after receiving the official police request for help,
FinCEN had retrieved enough evidence of criminal wrongdoing from government
databases that the district attorney prosecuting the case was able to seek
indictments against John on charges of money laundering and conspiracy to
traffic narcotics. The local police were impressed. 

Launched with a low-key champagne reception at the Treasury Department in April
1990, FinCEN is the US government's (perhaps the world's) most effective
financial crime investigation unit. Even Russian President Boris Yeltsin asked
for its help in locating stolen Communist Party funds. This state-of-the-art
computer-snooping agency is quietly tucked away under the auspices of the
Treasury Department. Its mission is to map the digital trails of dirty money, be
it the laundered profits from drug sales, stolen S&L loot, hidden political
slush funds, or the financing conduits of terrorists. It's the only federal unit
devoted solely to the systematic collation and cross-analysis of law
enforcement, intelligence, and public databases.

Until August 1993, FinCEN headquarters was an old Social Security Administration
building with a ceiling ravaged by asbestos abatement crews, but that didn't
seem to faze director Brian Bruh (he retired in October). With 25 years of
experience in law enforcement, Bruh is a seasoned federal cop who has headed up
criminal investigations at both the IRS and the Pentagon. Prior to overseeing
FinCEN, he was the chief investigator for the Tower Commission, President
Reagan's blue ribbon probe into the Iran-Contra scandal. FinCEN was his crowning
achievement, and he took pride in directing visitors to FinCEN's computer
command center as he touted the agency's successes.

In private and in testimony to Congress, statistics roll off Bruh's tongue. Last
year FinCEN's computer operations center responded to priority requests for
tactical intelligence on nearly 12,000 individuals and entities, doubling the
1991 workload. The 1993 total will be three times the 1991 sum. Longer-term
strategic analytical reports have been completed for 715 investigations
involving 16,000 other individuals and entities. 

Two of the government's biggest strikes against organized drug-money laundering
- operations Green Ice (a lengthy DEA operation that resulted in the arrests of
high-ranking Cali and Medellin cartel financial officers and the seizure of
US$54 million in cash and assets) and Polar Cap V (a spinoff of Green Ice that
culminated in April 1990) - owe a great deal to FinCEN for having identified and
targeted money laundering activities via computer. In the Polar Cap operation,
FinCEN's computer tracking documented more than US$500 million in financial
activity by 47 individuals who have since been indicted on drug trafficking and
money laundering charges. 

Inside FinCEN's new digs on the second floor of a gleaming high-rise office
building down the road from the CIA in Vienna, Virginia (otherwise known as
"Spook City"), the talents of the IRS, FBI, DEA, Secret Service, and other
traditional federal cops such as customs agents and postal inspectors are
pooled. According to senior intelligence officers, these investigative units can
access the resources of the CIA, the National Security Agency (which intercepts
data on electronic currency movements into and out of the United States, some of
which make their way into FinCEN's analyses), and the Defense Intelligence
Agency.

Bruh and other FinCEN officials openly acknowledge their association with the
CIA, but they refuse to discuss further any aspect of FinCEN's dealings with it
or any other intelligence agency. In addition to the CIA, intelligence officials
have admitted, off the record, that the National Security Council and the State
Department's Bureau of Intelligence and Research (INR) have also joined FinCEN's
impressive intelligence crew. In short, FinCEN is a one-of-a-kind cauldron
containing all the available financial intelligence in the United States. 

"It's the first ever government-wide, multi-source intelligence and analytical
network brought together under one roof to combat financial crimes," said Peter
Djinis, director of the Treasury Department's Office of Financial Enforcement
and one of the few Treasury officials close to FinCEN activities.

"FinCEN is absolutely necessary," said a senior General Accounting Office (GAO)
official involved in an audit of FinCEN required by new anti-money- laundering
laws passed last year. The agency's report wasn't released by press time, but
according to the GAO official, no irregularities were uncovered. However, the
GAO's scrutiny skirted emerging concerns about privacy, civil rights, and the
appropriate role of the intelligence community.

FinCEN's mission requires the involvement of the intelligence community,
particularly in tracking the financial dealings of terrorists and in conducting
financial counterintelligence, although few are willing to discuss the trend
openly. Because these activities cross into the world of cloaks and daggers,
some watchdogs are concerned that such endeavors will encroach on privacy and
civil rights. When you look at the power of FinCEN and its proposed offspring,
their fears seem justified. 

<H2>How to Bust a John</H2>
The whiz kids at FinCEN are good. Very good. That's why state and local police
have come to depend on FinCEN to pull them out of the electronic- sleuthing
quicksand. The case of John the drug supplier is a good example of one of their
less-complex assignments, and it illustrates the adeptness with which the
government can collate existing financial data. 

Seated at a computer terminal inside FinCEN's former command post, a FinCEN
analyst began the hunt. He started by querying a database of business phone
numbers. He scored a hit with the number of a local restaurant. Next he entered
the Currency and Banking Database (CBDB), an IRS database accessed through the
Currency and Banking Retrieval System. CBDB contains roughly 50 million Currency
Transaction Reports (CTRs), which document all financial transactions of more
than US$10,000. By law these transactions must be filed by banks, S&Ls, credit
unions, securities brokers, casinos, and other individuals and businesses
engaged in the exchange of large sums of money. 

The analyst narrowed his quest by searching for CTRs filed for transactions
deemed "suspicious." Financial institutions must still file a CTR, or IRS Form
4789, if a transaction under US$10,000 is considered suspicious under the terms
of an extensive federal government list. There was a hit. A series of
"suspicious" CTRs existed in the restaurant's ZIP code. Punching up images of
the identified CTRs on his terminal, the FinCEN analyst noted that the
transactions were made by a person whose first name was John. The CTRs were
suspicious all right; they were submitted for a series of transactions each in
the amount of US$9,500, just below the CTR threshold of US$10,000. This was hard
evidence that John structured the deposits to avoid filinga Form 4789, and that
is a federal crime. 

Selecting one of the CTRs for "an expanded review," the analyst got John's full
name, Social Security number, date of birth, home address, driver license
number, and other vital statistics, including bank account numbers. 

Plunging back into the IRS database, the analyst broadened his search for all
CTRs filed on behalf of the suspect, including non-suspicious CTRs. Only 20
reports deemed suspicious popped up on the screen, but more than 150 CTRs were
filed in all. A review of the non-suspicious ones revealed that on several, John
listed his occupation as the owner or manager of the restaurant identified by
the telephone number on the slip of paper taken from the arrested drug dealer.
The connection between the name and the phone number originally given to FinCEN
was secured. 

The FinCEN analyst then tapped commercial and government databases, and turned
up business information on the restaurant showing that John had reported an
expected annual revenue for his eatery of substantially less than the money he
had been depositing, as indicated by the CTRs. Fishing in a database of local
tax assessment records, the analyst discovered that John owned other properties
and businesses. With the names of these other companies, the analyst went back
into the CTR database and found that suspicious transaction reports were filed
on several of them as well. 

As routine as such assignments as this case may be, the chumminess between
FinCEN and the intelligence community raises serious questions about the privacy
and security of the financial records of citizens John and Jane Doe, considering
the intelligence community's historic penchant for illegal spying on
non-criminals. Given the vast reach and ease with which the government can now
tap into an individual's or business's financial records on a whim, these
questions have received far too little scrutiny. 


<H2>Whose Privacy?</H2>
"There are legitimate concerns" regarding privacy, a ranking House banking
committee staffer conceded in an interview with Wired. "Quite frankly, there
hasn't been much congressional oversight with respect to the intelligence
community's involvement with FinCEN. When you start trying to look into this,
you start running up against all kinds of roadblocks." The GAO official involved
in auditing FinCEN agreed that questions regarding the intelligence community's
involvement and attendant privacy concerns haven't been addressed. If such
issues have been the subject of discussion behind the closed doors of the House
and Senate intelligence committees, no one is talking openly about it.
Meanwhile, the potential for abusive intrusion by government into the financial
affairs of private citizens and businesses is growing almost unnoticed and
unchecked. 

Two of the latest electronic inroads into the financial records of private
citizens and businesses are "Operation Gateway," a FinCEN initiative, and the
proposed Deposit Tracking System, which other intelligence agencies would like
to see established. Both are inherently prone to abuse and provide a disturbing
indication of the direction in which the government is moving.

Gateway is a pilot program launched in Texas this July that gives state and
local law enforcement officials direct access to the massive federal Financial
Database (FDB) through a designated FinCEN coordinator. The FDB contains the
records that financial institutions have been filing under the Bank Secrecy Act
for the last 23 years - CTRs, suspicious transaction reports, International
Transportation of Currency or Monetary Instruments reports, and Foreign Bank and
Financial Accounts reports. In addition, Congress is expected to grant FinCEN
authority to tap into the database of Forms 8300, which are reports of payments
over US$10,000 received in a trade or business. These documents principally
contain information on deposits, withdrawals, and the movement of large sums of
currency. It is FinCEN's intent to give all state governments individual access
to the FDB. 

Under the Gateway proposal, results from all queries would be written into a
master audit file that will constantly be compared against other requests and
databases to track whether the subject of the inquiry is of interest to another
agency or has popped up in a record somewhere else. 

State coordinators designated by FinCEN will do the logging on, as FinCEN is
uncomfortable with giving 50,000 federal agents and 500,000 police officers
direct electronic access to its database. "This is very sensitive information,"
concedes Andy Flodin, special assistant to the FinCEN director. "We'd have to
have additional security safeguards before we could open it up to every police
agency."

But while the FDB contains only records on major money movements and thus is not
as much of a threat to individual privacy, the Deposit Tracking System (DTS) is
a potential menace. If implemented, the estimated US$12.5 million computer
system could be used to penetrate the security of bank accounts belonging to
you, me, and 388 million other bank account holders in the US.

The government argues that such a system is necessary for two reasons: first, to
assess adequately the funding needed for federal deposit insurance and second,
to locate the assets of individuals ordered by courts to make restitution for
financial crimes - like the savings and loan crooks. (It seems the government
can't trace most of the money they stole.) 

The first reason stems from a requirement of the seemingly innocuous Federal
Deposit Insurance Corporation Improvement Act of 1991 - one of Congress's
legislative responses to the savings and loan debacle. The Act requires the FDIC
to study the costs, feasibility, and privacy implications of tracking every bank
deposit in the United States. 

So far the DTS exists only on paper. The FDIC's completed feasibility study is
currently being examined by Congress, but it is unlikely to act on it before
late next year. For the time being, the US$12.5 million price tag seems to be
the biggest drawback to its implementation. 

Concerns about the DTS have been widespread, although it has received scant
attention in the mainstream press. But according to Diane Casey, executive
director of the Independent Bankers Association of America, the DTS "would
fundamentally change the relationships among banks, consumers, and the
government in ways that have implications beyond banking policy. Our open and
democratic society would be changed profoundly if any agency of the government
maintained the scope of information on private citizens described in this
proposal. It raises questions about our democracy that would have to be
addressed by the highest policy-making levels of government."

The American Bankers Association (ABA) voiced equally serious concerns. The ABA
doubts "whether there are any privacy safeguards that would be adequate to
effectively protect this database from use by government agencies and,
eventually, private parties," an ABA spokesman explains. "It is inconceivable to
the ABA that such a database could be used only by the FDIC in deposit insurance
coverage functions. Such a database...would provide a wealth of information for
investigations being conducted by the FBI, the Drug Enforcement Administration,
and the IRS, to name but a few. Like the baseball diamond in Field of Dreams,
build this database and they will come. Eventually, whether legally or
illegally, they will gain access to this database."

The FDIC forcefully argued against the DTS in the 234-page draft report it
submitted to Congress in June 1993, but it may not have the bureaucratic clout
necessary to kill the proposal. Wired was told by intelligence analysts and
congressional sources dealing with oversight of the intelligence community that
federal law enforcement and intelligence agencies are privately clamoring for
the system, apparently disregarding both the privacy issues and the system's
start-up cost (which does not include the additional US$20 million a year the
feasibility study said would be required for facilities, for salaries and
benefits, and for routine hardware and software maintenance). 

Further driving the intelligence agencies's desire for the DTS is the much-
hyped role of economic intelligence gathering, a key focus of the Clinton
administration's reform of the intelligence community. Agencies like the CIA
view the system as a boon to their ability to monitor foreign financial dealings
in the US, according to both congressional and intelligence sources.


<H2>Adding Intelligence to the Equation</H2>
Regardless of the form it takes, the sources said, the DTS and any other
financial databases that come down the pike could be easily interfaced to
FinCEN's Artificial Intelligence/Massive Parallel Processing (AI/MPP) program, a
criminal targeting system that will go online in a few years. 

Because laundered money is moved undetected along with the millions of
legitimate computerized wire transfers that occur daily, FinCEN's computer
investigations naturally demand expert systems that can single the dirty money
out of the crowd. FinCEN's current Artificial Intelligence capability allows it
to search the Financial Database for suspicious, preprogrammed patterns of
monetary transactions. While not very flexible, the system has successfully
identified previously unknown criminal organizations and activities.

But FinCEN has a hush-hush US$2.4 million contract with the US Department of
Energy's Los Alamos National Laboratory to develop what Bruh and other FinCEN
officials de-scribed as a powerful "money flow model." Unlike FinCEN's current
system, Los Alamos's AI software will look for unexplained, atypical money
flows. Coupled with a massively parallel computer system, the AI/MPP could
perform real-time monitoring of the entire US electronic banking landscape.

FinCEN's AI capabilities currently exploit the Financial Database for proactive
targeting of criminal activity. The system automatically monitors the entire FDB
database, constantly identifying suspicious financial activity in
supercomputer-aided, rapid-response time. In addition to the FDB, FinCEN is
applying AI to the Criminal Referral Forms that must be filed with FinCEN
whenever banks, examiners, and regulators uncover financial activities they
suspect are illegal. 

In the near future, all of these government databases will be interfaced by way
of AI/ MPP technology. "MPP is critical to FinCEN's ability to analyze (banking)
data to its full capacity," Bruh insists. 

The pure power of such a "database of databases" terrifies critics. Though
FinCEN and other authorities discount the potential for abuse, tell that to the
CIA. Its charter forbids it from engaging in domestic surveillance; nonetheless,
it spied on Americans for seven consecutive presidential administrations (it
says it finally ceased its internal spying in the mid- 1970s).

FinCEN's AI operation has been employed legitimately with great success. Perhaps
its least-known project was assisting the CIA in identifying and tracking the
flow of money between Iran's state-sponsored Islamic fundamentalist terrorist
organizations and the men linked to the bombing of the World Trade Center.
According to a Treasury official and confirmed by Anna Fotias, FinCEN's
congressional liaison, FinCEN identified suspicious transaction reports filed by
a bank in New Jersey on wire transfers from Germany to the accounts of two of
the men charged in the bombing. With the bank account in Germany identified,
further AI processing - utilizing intelligence from the CIA's DESIST computer
system, the world's most extensive database on terrorists - identified a company
as a front for an Iranian terrorist group. Coupled with DESIST's data on the two
men's terrorist connections, FinCEN was able to identify a number of previously
unknown conduits of terrorist funding in the US and abroad. Similarly, FinCEN
was crucial in identifying Iraqi assets in the US that were frozen in the wake
of Iraq's invasion of Kuwait, according to a Treasury official. 

Still, given the CIA's less-than-spotless record, privacy advocates are likely
to find it disturbing that there are some within the walls of CIA headquarters -
apparently unbeknownst to anyone at FinCEN - who want to mesh DESIST with
FinCEN's eventual AI/MPP ability and with all the databases FinCEN routinely
surveys. The justification for creating such a system is compelling: More likely
than not it would identify scores of previously unknown financial conduits to
terrorists. 

Advocates of a full-time DESIST/FinCEN system carry their argument one step
further: Hooked into the yet-to-be-authorized Deposit Tracking System, the
DESIST/FinCEN system would be able to identify terrorist financial movements in
real-time, thus providing early warning of potentially imminent terrorist
actions. Some within the intelligence community take it still another step: They
would have the system tied into the private computers that hold credit card
transactions "so that we could have nearly instant time-tracking capability,"
according to one source who works closely with the CIA's Counterterrorist
Center. 

Conversely, a CIA/FinCEN/DTS endeavor could monitor on a real-time basis the
financial activity of narcotics traffickers, since drug dealing also is within
the purview of the CIA. The agency's Counternarcotics Center, or CNC, already
works closely with FinCEN.

Before the CIA would be allowed to tap into a system as sensitive as the
proposed Deposit Tracking System, it would have to clear plenty of civil
liberties hurdles, not the least of which is the prohibition on the CIA from
gathering intelligence on US citizens. As long as the DTS itself was shielded
from direct access by the CIA, proponents could argue that the operation was
allowable under law. Opponents, on the other hand, fear that the CIA would find
a way to download, copy, or otherwise secretly access the DTS.

"The risk of the CIA getting its hands on this is serious - we know the kind of
unscrupulous people who populate the spook world," said a Washington-area
private investigator who conducts many legitimate financial investigations for a
CIA-linked firm. "This kind of financial data, when coupled with other
information like a person's credit history, could be used for blackmail,
bribery, and extortion," said the investigator, who has a military intelligence
background.

Bruce Hemmings is a veteran CIA clandestine-services officer who retired in
1989. Prior to the DTS proposal, he told Wired that the CIA routinely digs for
financial dirt on people from whom the agency wants specific information.
Typically they are foreign intelligence officers working in the US under a
diplomatic guise, and this financial information is often used as leverage in
getting them to talk. In less civilized venues, this is called blackmail.

DTS could present an inviting mechanism for quieting unwanted dissent or for
defanging an unruly congressional leader bent on exposing some questionable CIA
operation. Although still in its embryonic stage and in spite of the looming
privacy obstacle it will inevitably confront, FinCEN is seen by many in the
government as the catalyst for a powerful, all- seeing, all-knowing, global,
financial-tracking organization. In fact, FinCEN is al-ready working closely
with INTERPOL, and Bruh's deputy just resigned to head up INTERPOL's US office. 

As the privacy debate heats up, FinCEN's digital dirty-money trackers go on
about their work, hoping they don't have to choose sides if what they do becomes
a full-blown privacy invasion problem. As Bruh puts it, "There's tons of crooks
out there who are disguising their criminal profits. FinCEN needs to computerize
as much as possible to be able to identify the really significant criminals and
their activities." 

The question then becomes, at what point does it stop? 

* * *

Anthony L. Kimery covers financial industry regulatory affairs as an editor at
American Banker Newsletters.

-------------------------------------------------------



<B>Copyright (c) 1993 Wired magazine</B>

Requesting information from the Wired InfoBot (other than the help file)
indicates your acceptance of the following terms and conditions: 

(1) These articles and the contents thereof may be reposted, remailed, 
or redistributed to any publicly accessible electronic forum provided that
this notice remains attached and intact. 

(2) These articles may not under any circumstances be resold or redistributed
for compensation without prior written agreement of Wired. 

(3) Wired keeps an archive of all electronic address of those requesting 
information from the Wired InfoBot. An electronic mailing list will be
compiled from this archive. This list may from time to time be used by the
staff of Wired Online Services for the purpose of distributing information
deemed relevant to Wired's online readers. 

If you wish to have your name removed from this mailing list, please notify
us by sending an electronic mail message to infoman@wired.com.

If you have any questions about these terms, or would like information about
licensing materials from Wired, please contact us via telephone
(+1.415.904.0660), fax (+1.415.904.0669), or email (info@wired.com).