From: Anonymous <nowhere@bsu-cs.bsu.edu>
To: cypherpunks@toad.com
Message Hash: 881ecc0f2a6acde0d91df22cfba56a38877ea4b993fbe936a2ae544ed052b03f
Message ID: <9311280025.AA08372@bsu-cs.bsu.edu>
Reply To: N/A
UTC Datetime: 1993-11-28 00:24:44 UTC
Raw Date: Sat, 27 Nov 93 16:24:44 PST
From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Sat, 27 Nov 93 16:24:44 PST
To: cypherpunks@toad.com
Subject: Big Brother Wants to Look Into Your Bank Account ...
Message-ID: <9311280025.AA08372@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain
excerpted from:
W-I-R-E-D
1.6
December 1993
pages 91 through 93, 134
Big Brother Wants to Look Into Your Bank Account
(Any Time It Pleases)
The US Government is constructing a system to track all financial
transactions in real-time -- ostensibly to catch drug traffickers,
terrorists, and financial criminals. Does that leave you with the warm
fuzzies -- or scare you out of your wits?
by Anthony L. Kimery
There wasn't much to go on. The police salvaged the slip of paper that
a small-time East Coast drug dealer tried to eat before being
arrested, but on it they found scribbled only a telephone number and
what appeared to be the name "John." This frustrated the police. They
had anticipated more incriminating information on the man they
believed was the supplier not only to the dealer they'd just busted,
but also to dozens of other street corner crack peddlers. With two
slim leads, the police weren't technically equipped to do much more
than antiquated detective work that probably wouldn't yield evidence
they could use to indict John. So they turned to the quasi-secretive,
federal Financial Crimes Enforcement Network (FinCEN) for the digital
sleuthing they needed.
Less than 45 minutes after receiving the official police request for
help, FinCEN had retrieved enough evidence of criminal wrongdoing from
government databases that the district attorney prosecuting the case
was able to seek indictments against John on charges of money
laundering and conspiracy to traffic narcotics. The local police were
impressed.
Launched with a low-key champagne reception at the Treasury Department
in April 1990, FinCEN is the US Government's (perhaps the world's)
most effective financial crime investigation unit. Even Russian
President Boris Yeltsin asked for its help in locating stolen
Communist Party funds. This state-of-the-art computer-snooping agency
is quietly tucked away under the auspices of the Treasury Department.
Its mission is to map the digital trails of dirty money, be it the
laundered profits from drug sales, stolen S&L loot, hidden political
slush funds, or the financing conduits of terrorists. It's the only
federal unit devoted solely to the systematic collation and
cross-analysis of law enforcement, intelligence, and public databases.
Until August 1993, FinCEN headquarters was an old Social Security
Administration building with a ceiling ravaged by asbestos abatement
crews, but that didn't seem to faze director Brian Bruh (he retired in
October). With 25 years of experience in law enforcement, Bruh is a
seasoned cop who has headed up criminal investigations at both the IRS
and the Pentagon. Prior to overseeing FinCEN, he was the chief
investigator for the Tower Commission, President Reagan's blue ribbon
probe into the Iran-Contra scandal. FinCEN was his crowning
achievement, and he took pride in directing visitors to FinCEN's
computer command center as he touted the agency's successes.
In private and in testimony to Congress, statistics roll off Bruh's
tongue. Last year FinCEN's computer operations center responded to
priority requests for tactical intelligence on nearly 12,000
individuals and entities, doubling the 1991 workload. The 1993 total
will be three times the 1991 sum. Longer-term strategic analytical
reports have been completed for 715 investigations involving 16,000
other individuals and entities.
Two of the government's biggest strikes against organized drug-money
laundering -- operations Green Ice (a lengthy DEA operation that
resulted in the arrests of high-ranking Cali and Medellin cartel
financial officers and the seizure of US$54 million in cash and
assets) and Polar Cap V (a spinoff of Green Ice that culminated in
April 1990) -- owe a great deal to FinCEN for having identified and
targeted money laundering activities via computer. In the Polar Cap
operation, FinCEN's computer tracking documented more than US$500
million in financial activity by 47 individuals who have since been
indicted on drug trafficking and money laundering charges.
Inside FinCEN's new digs on the second floor of a gleaming high-rise
office building down the road from the CIA in Vienna, Virginia
(otherwise know as "Spook City"), the talents of the IRS, FBI, DEA,
Secret Service, and other traditional federal cops such as customs
agents and postal inspectors are pooled. According to senior
intelligence officers, these investigative units can access resources
of the CIA, the National Security Agency (which intercepts data on
electronic currency movements into and out of the United States, some
of which make their way into FinCEN's analyses), and the Defense
Intelligence Agency.
Bruh and other FinCEN officials openly acknowledge their association
with the CIA, but refuse to discuss further any aspect of FinCEN's
dealings with it or any other intelligence agency. In addition to the
CIA, intelligence officials have admitted, of the record, that the
National Security Council and the State Department's Bureau of
Intelligence and Research (INR) have also joined FinCEN's impressive
intelligence crew. In short, FinCEN is a one-of-a-kind cauldron
containing all the available financial intelligence in the United
States.
"FinCEN is absolutely necessary," said a senior General Accounting
Office (GAO) official involved in an audit of FinCEN required by new
anti-money-laundering laws passed last year. The agency's report
wasn't released by press time, but according to the GAO official, no
irregularities were uncovered. However, the GAO's scrutiny skirted
emerging concerns about privacy, civil rights, and the appropriate
role of the intelligence community.
FinCEN's mission _requires_ the involvement of the intelligence
community, particularly in tracking the financial dealings of
terrorists and in conducting financial counterintelligence, although
few are willing to discuss the trend openly. Because these activities
cross into the world od cloaks and daggers, some watchdogs are
concerned that such endeavors will encroach on privacy and civil
rights. When you look at the power of FinCEN and its proposed
offspring, their fears seem justified.
How to Bust a John
The whiz kids at FinCEN are good. Very good. That;s why state and
local police have come to depend on FinCEN to pull them out of the
electronic-sleuthing quicksand. The case of John the drug supplier is
a good example of one of their less-complex assignments, and it
illustrates the adeptness with which the government can collate
existing financial data.
Seated at a computer terminal inside FinCEN's former command post, a
FinCEN analyst began the hunt. He started by querying a database of
business phone numbers. He scored a hit with the number of a local
restaurant. Next he entered the Currency and Banking Database (CBDB),
an IRS database accessed through the Currency and Banking Retrieval
System. CBDB contains roughly 50 million Currency Transaction Reports
(CTRs), which document all financial transactions of more than
US$10,000. By law these transactions must be filed by banks, S&Ls,
credit unions, securities brokers, casinos, and other individuals and
businesses engaged in the exchange of large sums of money.
The analyst narrowed his quest by searching for CTRs filed for
transactions deemed "suspicious." Financial institutions must still
file a CTR, or IRS Form 4789, if a transaction under US$10,000 is
considered suspicious under the terms of an extensive federal
government list. There was a hit. A series of :suspicious" CTRs
existed in the restaurant's ZIP code. Punching up images of the
identified CTRs on his terminal, the FinCEN analyst noted that the
transactions were made by a person whose first name was John. The CTRs
were suspicious all right; they were submitted for a series of
transactions each in the amount of US$9,500, just below the CTR
threshold of US$10,000. This was hard evidence that John structured
the deposits to avoid filing a Form 4789, and that is a federal crime.
Selecting one of the CTRs for "an expanded review," the analyst got
John's full name, Social Security number, date of birth, home address,
driver license number, and other vital statistics, including bank
account number.
Plunging back into the IRS database, the analyst broadened his search
for all CTRs filed on behalf of the suspect, including non-suspicious
CTRs. Only 20 reports deemed suspicious popped up on the screen, but
more than 150 CTRs were filed in all. A review of the non-suspicious
ones revealed that on several, John listed his occupation as the owner
or manager of the restaurant identified by the telephone number on the
slip of paper taken from the arrested drug dealer. The connection
between the name and the phone number originally given to FinCEN was
secured.
The FinCEN analyst the tapped commercial and government databases, and
turned up business information on the restaurant showing that John had
reported an expected annual revenue for his eatery of substantially
less than the money he had been depositing, as indicated by the CTRs.
Fishing in a database of local tax assessment records, the analyst
discovered that John owned other properties and businesses. With the
names of these other companies, the analyst went back into the CTR
database and found that suspicious transaction reports were filed on
several of them as well.
As routine as such assignments as this case may be, the chumminess
between FinCEN and the intelligence community raises serious questions
about the privacy and security of the financial records of citizens
John and Jane Doe, considering the intelligence community's historic
penchant for illegal spying on non-criminals. Given the cast reach and
ease with which the government can now tap into an individual's or
business's financial records on a whim, these questions have received
far too little scrutiny.
Whose privacy?
"There are legitimate concerns" regarding privacy, a ranking House
banking committee staffer conceded in an interview with _Wired_.
"Quite frankly, there hasn't been much congressional oversight with
respect to the intelligence community's involvement with FinCEN. When
you start trying look into this, you start running up against all
kinds of roadblocks." The GAO official involved in auditing FinCEN
agreed that questions regarding the intelligence community's
involvement and attendant privacy concerns haven't been addressed. If
such issues have been the subject of discussion behind the closed
doors of the White House and Senate intelligence committees, no one is
talking openly about it. Meanwhile, the potential for abusive intrusion
by government into the financial affairs of private citizens and
businesses is growing almost unnoticed and unchecked.
Two of the latest electronic inroads into the financial records of
private citizens and businesses are "Operation Gateway," a FinCEN
initiative, and the proposed Deposit Tracking System, which other
intelligence agencies would like to see established. Both are
inherently prone to abuse and provide a disturbing indication of the
direction which the government is moving.
Gateway is a pilot program launched in Texas this July that gives
state and local law enforcement officials direct access to the massive
federal Financial Database (FDB) through a designated FinCEN
coordinator. The FDB contains the records that financial institutions
have been filing under the Bank Secrecy Act for the last 25 years --
CTRs, suspicious transaction reports, International Transportation of
Currency or Monetary Instruments reports, and Foreign Bank and
Financial Accounts reports. In addition, Congress is expected to grant
FinCEN authority to tap into the database of Forms 8300, which are
reports of payments over US$10,000 received in a trade or business.
These documents principally contain information on deposits,
withdrawals, and the movement of large sums of currency. It is
FinCEN's intent to give all state governments individual access to the
FDB.
Under the Gateway proposal, results from all queries would be written
into a master audit file that will constantly be compared against
other requests and databases to track whether the subject of the
inquiry is of interest to another agency or has popped up in a record
somewhere else.
State coordinators designated by the FinCEN will do the logging on, as
FinCEN is uncomfortable with giving 50,000 federal agents and 500,000
police officers direct electronic access to its database. "This is
very sensitive information," concedes Andy Flodin, special assistant
to the FinCEN director. "We'd have to have additional security
safeguards before we could open it up to every police agency."
But while the FDB contains only records on major money movements and
thus is not as much of a threat to individual privacy, the Deposit
Tracking System (DTS) is a potential menace. If implemented, the
estimated US$12.5 million computer system could be used to penetrate
the security of bank accounts belonging to you, me, and 388 million
other bank account holders in the US.
The government argues that such a system is necessary for two reasons:
first, to access adequately the funding needed for federal deposit
insurance and second, to locate the assets of individuals ordered by
courts to make restitution for financial crimes -- like the savings
and loan crooks. (It seems the government can't trace most of the
money they stole.)
The first reason stems from a requirement of the seemingly innocuous
Federal Deposit Insurance Corporation Improvement Act of 1991 -- one
of Congress's legislative responses to the savings and loan debacle.
The Act requires the FDIC to study the costs, feasibility, and privacy
implications of tracking every bank deposit in the United States.
So far the DTS exists only on paper. The FDIC's completed feasibility
study is currently being examined by Congress, but it is unlikely to
act on it before late next year, For the time being, the US$12.5
million price tag seems to be the biggest drawback to its
implementation.
Concerns about the DTS have been widespread, although it has received
scant attention in the mainstream press. But according to Diane Casey,
executive director of the Independent Bankers Association of America,
the DTS "would fundamentally change the relationships among banks,
consumers, and the government in ways that have implications beyond
banking policy. Our open and democratic society would be changed
profoundly if any agency of the government maintained the scope of
information on private citizens described in this proposal. It raises
questions about our democracy that would have to be addressed by the
highest policy-making levels of government."
The American Bankers Association (ABA) voiced equally serious
concerns. The ABA doubts "whether there are any privacy safeguards
that would be adequate to effectively protect this database from use
by government agencies and, eventually, private parties," an ABA
spokesman explains. "It is inconceivable to the ABA that such a
database could be used only by the FDIC in deposit insurance coverage
investigations. Such a database...would provide a wealth of
information for investigations being conducted by the FBI, the Drug
Enforcement Administration, and the IRS, to name but a few. Like the
baseball diamond in _Field_of_Dreams_, build this database and they
will come. Eventually, whether legally or illegally, they will gain
access to this database."
The FDIC forcefully argued against the DTS in the 234-page draft
report it submitted to Congress in June 1993, but it may not have the
bureaucratic clout necessary to kill the proposal. _Wired_ was told by
intelligence analysts and congressional sources dealing with oversight
of the intelligence community that federal law enforcement and
intelligence agencies are privately clamoring for the system,
apparently disregarding both the privacy issues and the system's
start-up cost (which does not include the additional US$20 million a
year the feasibility study said would be required for facilities, for
salaries and benefits, and for routine hardware and software
maintenance).
Further driving the intelligence agencies's desire for the DTS is the
much-hyped role of economic intelligence gathering, a key focus of the
Clinton administration's reform of the intelligence community.
Agencies like the CIA view the system as a boon to their ability to
monitor foreign financial dealings in the US, according to both
congressional and intelligence sources.
Adding Intelligence to the Equation
Regardless of the form it takes, the sources said, the DTS and any
other financial databases that come down the pike could be easily
interfaced to FinCEN's Artificial Intelligence/Massive Parallel
Processing (AI/MPP) program, a criminal targeting system that will go
online in a few years.
Because laundered money is moved undetected along with the millions of
legitimate computerized wire transfers that occur daily, FinCEN's
computer investigations naturally demand expert systems that can
single the dirty money out of the crowd. FinCEN's current Artificial
Intelligence capability allows it to search the Financial Database for
suspicious, preprogrammed patterns of monetary transactions. While not
very flexible, the system has successfully identified previously
unknown criminal organizations and activities.
But FinCEN has a hush-hush US$2.4 million contract with the US
Department of Energy's Los Alamos National Laboratory to develop what
Bruh and other FinCEN officials described as a powerful "money flow
model." Unlike FinCEN's current system, Los Alamos's AI software will
look for unexplained, atypical money flows. Coupled with a massively
parallel computer system, the AI/MPP could perform real-time
monitoring of the entire US electronic banking landscape.
FinCEN's AI capabilities currently exploit the Financial Database for
proactive targeting of criminal activity. The system automatically
monitors the entire FDB database, constantly identifying suspicious
financial activity in supercomputer-aided, rapid-response time. In
addition to the FDB, FinCEN is applying AI to the Criminal Referral
Forms that must be filed with the FinCEN whenever banks, examiners,
and regulators uncover financial activities they suspect are illegal.
In the near future, all of these government databases will be
interfaced by way of AI/MPP technology. "MPP is critical to FinCEN's
ability to analyse (banking) data to its full capacity," Bruh insists.
The pure power od such a "database of databases" terrifies critics.
Though FinCEN and other authorities discount the potential for abuse,
tell that to the CIA. Its charter forbids it from engaging in domestic
surveillance; nonetheless, it spied on Americans for seven consecutive
presidential administrations (it says it finally ceased its internal
spying in the mid-1970s).
FinCEN's AI operation has been employed legitimately with great
success. Perhaps its least-known project was assisting the CIA in
identifying and tracking the flow of money between Iran's
state-sponsored Islamic fundamentalist terrorist organizations and the
men linked to the bombing of the World Trade Center. According to a
Treasury official and confirmed by Anna Fotias, FinCEN's congressional
liaison, FinCEN identified suspicious transaction reports filed by a
bank in New Jersey on wire transfers from Germany to the accounts of
two of the men charged in the bombing. With the bank account in
Germany identified, further AI processing -- utilizing intelligence
from the CIA's DESIST computer system, the world's most extensive
database on terrorists -- identified a company as a front for an
Iranian terrorist group. Coupled with DESIST's data on the two men's
terrorist connections, FinCEN was able to identify a number of
previously unknown conduits of terrorist funding in the US and abroad.
Similarly, FinCEN was crucial in identifying Iraqi assets in the US
that were frozen in the wake of Iraq's invasion of Kuwait, according
to a Treasury official.
Still, given the CIA's less-than-spotless record, privacy advocates
are likely to find it disturbing that there are some within the walls
of CIA headquarters -- apparently unbeknownst to anyone at FinCEN --
who want to mesh DESIST with FinCEN's eventual AI/MPP ability and with
all the databases FinCEN routinely surveys. The justification for
creating such a system is compelling: More likely than not it would
identify scores of previously unknown financial conduits to
terrorists.
Advocates of a full-time DESIST/FinCEN system carry their argument one
step further: Hooked into the yet-to-be-authorized Deposit Tracking
System, the DESIST/FinCEN system would be able to identify terrorist
financial movements in real-time, thus providing early warning of
potentially imminent terrorist actions. Some within the intelligence
community take it still another step: They would have the system tied
into the private computers that hold credit card transactions "so that
we could have a nearly instant time-tracking capability," according to
one source who works closely with the CIA's Counterterrorist Center.
Conversely, a CIA/FinCEN/DTS endeavor could monitor on a real-time
basis the financial activity of narcotics traffickers, since drug
dealing also is within the purview of the CIA. The agency's
Counternarcotics Center, or CNC, already works closely with FinCEN.
Before the CIA would be allowed to tap into a system as sensitive as
the proposed Deposit Tracking System, it would have to clear plenty of
civil liberties hurdles, not the least of which is the prohibition on
the CIA from gathering intelligence on US citizens. As long as the DTS
itself was shielded from direct access by the CIA, proponents could
argue that the operation was allowable under law. Opponents, on the
other hand, fear that the CIA would find a way to download, copy, or
otherwise secretly access the DTS.
"The risk of the CIA getting its hands on this is serious -- we know
the kind of unscrupulous people who populate the spook world," said a
Washington-area private investigator who conducts many legitimate
financial investigations for a CIA-linked firm. "This kind of
financial data, when coupled with other information like a person's
credit history, could be used for blackmail, bribery, and extortion,"
said the investigator, who has a military intelligence background.
Bruce Hemmings is a veteran CIA clandestine-services officer who
retired in 1989. Prior to the DTS proposal, he told _Wired_ that the
CIA routinely digs for financial dirt on people from whom the agency
wants specific information. Typically they are foreign intelligence
officers working in the US under a diplomatic guise, and this
financial information is often used as leverage in getting them to
talk. In less civilized venues, this is called blackmail.
DTS could present an inviting mechanism for quieting unwanted dissent
or for defanging an unruly congressional leader bent on exposing some
questionable CIA operation. Although still in its embryonic stage and
in spite of the looming privacy obstacle it will inevitably confront,
FinCEN is seen by many in the government as the catalyst for a
powerful, all-seeing, all-knowing, global, financial-tracking
organization. In fact, FinCEN is already working closely with
INTERPOL, and Bruh's deputy just resigned to head up INTERPOLs US
office.
As the privacy debate heats up, FinCEN's digital dirt-money trackers
go on about their work, hoping they don't have to choose sides if what
they do becomes a fill-blown privacy invasion problem. As Bruh puts
it, "There's tons of crooks out there who are disguising their
criminal profits. FinCEN needs to computerize as much as possible to
be able to identify the really significant criminals and their
activities."
The question then becomes, at point does it stop?
-------------------------------
Anthony L. Kimery covers financial industry regulatory affairs as an
editor at American Banker Newsletters.
<all _underscored_ text above signifies italicized print>
Return to November 1993
Return to “Anonymous <nowhere@bsu-cs.bsu.edu>”
1993-11-28 (Sat, 27 Nov 93 16:24:44 PST) - Big Brother Wants to Look Into Your Bank Account … - Anonymous <nowhere@bsu-cs.bsu.edu>