[iwar] [fc:Search.for.Illicit.Activities.Taps.Confidential.Financial.Data]

From: Fred Cohen (fc@all.net)
Date: 2002-06-02 21:32:20
Next message: Fred Cohen: "[iwar] [fc:Tap,.Tap,.Tap]"
Previous message: Fred Cohen: "[iwar] [fc:Report:.Al.Qaeda.Tells.U.S..to.Get.Ready.for.Attack]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200206030432.g534WKK29860@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Sun, 2 Jun 2002 21:32:20 -0700 (PDT)
Subject: [iwar] [fc:Search.for.Illicit.Activities.Taps.Confidential.Financial.Data]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

In the War Against Terror, Privacy vs. Security
Search for Illicit Activities Taps Confidential Financial Data

By Robert O'Harrow Jr.
Washington Post Staff Writer
Monday, June 3, 2002; Page A01

In the amorphous war on terrorism, government officials believe they have a
new weapon: the growing number of financial institutions that use powerful
technology to monitor confidential customer activity and report suspicious
behavior to law enforcement and intelligence officials.

Driven by little-known provisions of the USA Patriot Act, the anti-terror
legislation that was approved after Sept. 11, banks, securities firms and
other companies are deploying computer systems that draw together millions
of transactions, sometimes automatically, in searches for money laundering,
terrorist financing or other unusual patterns.

"The Patriot Act is imposing a citizen-soldier burden on the gatekeepers of
the financial institutions," said David Aufhauser, general counsel at the
Treasury Department and head of an interagency task force on terrorist
finance. "In many respects, they are in the best position to police attempts
by people who would do ill to us in the U.S., to penetrate the financial
systems."

Federal regulators three years ago tried to impose similar monitoring
requirements on financial institutions to combat money laundering but
dropped their plan, known as "know your customer," after it caused an uproar
among consumers concerned about their privacy. Now some specialists believe
the scrutiny of consumers on the government's behalf is going even deeper.

"Sept. 11 obviously made us totally rethink where to draw the line with
respect to government access to customer information," said David Medine, a
former financial privacy specialist at the Federal Trade Commission.

"The question going forward is: Did we draw that line in the right place?"
Medine said. "It is really a fundamental civil liberties issue."

The increased financial scrutiny is part of an expanded campaign by the
government to tap into public and confidential data in search of people who
pose terrorist threats. The push relies heavily on data and analytical
tools, some of them developed in the 1990s for direct mail, credit-card
offers and other kinds of targeted marketing.

As directed by the Patriot Act, Treasury Department regulations require that
securities firms, money-services businesses and broker-dealers file reports
on suspicious activity, something banks have been doing for several years.
Those firms, along with mutual funds, operators of credit-card companies and
some other financial companies, also must have anti-money-laundering
programs.

Congress also said that financial companies must authenticate new customers,
check their identities against government watch lists and maintain records
for government scrutiny.

The law encourages financial institutions to share information among
themselves about customers suspected of being involved with terrorism or
money laundering, and it gives them protection from legal liability for
doing so. In addition, it gives law enforcement and intelligence agencies
greater access to confidential information without a subpoena while also
requiring that credit bureaus secretly turn over credit reports to the CIA,
National Security Agency and other intelligence agencies when presented with
a request signed by a senior agency official.

While law-enforcement officials said the cooperation of the financial
services industry is critical to the war on terrorism, some industry
officials have expressed concern.

H. Rodgin Cohen, a leading financial services lawyer in New York, said he
believes that financial companies may find themselves asking customers about
seemingly suspicious but innocent activity that might be embarrassing or
involve private matters, such as health care. He predicted that they also
will file more suspicious-activity reports, with less evidence, to avoid
trouble from the government.

"As long as the government can enlist the financial institution as part of
the front-line defense against money laundering and terrorism, it has got to
be anticipated there will be more in the way of intrusions on privacy," said
Cohen, chairman of Sullivan &amp; Cromwell. "It is just a different
manifestation of whether they can wiretap you."

Tracy Calder, chief money-laundering prevention officer at UBS PaineWebber
Inc., agreed the new reporting mandates, coupled with the sophisticated
monitoring technology, are "absolutely intrusive." But, she said, they will
help fight terrorism and crime, something she believes most people will
embrace. "Americans are willing to accept more intrusiveness in exchange for
security," she said.

The computerized systems create profiles of customer activity, sometimes
including more than a year's transactions, and sift through deposits, wire
transfers, ATM activity and links among account holders. Mantas Inc., a
Fairfax County spinoff from SRA International Inc., a government contractor
that works closely with U.S. intelligence agencies, recently demonstrated
how its software can monitor millions of transactions a day.

Using data culled from people whose identities were masked, officials showed
reports that a bank analyst might receive from an overnight computer review.
One report in the demonstration had a risk score of 95 out of 100. A click
on a screen that resembled a Web page pulled up a file that showed several
unrelated individuals at the same address had, over several days, sent out
18 checks or money orders for a total of $9,000.

Another click on the screen brought up a report about links among five
relatively new accounts at different branches of the same bank. Those
accounts had transferred $125,000 to another account in Miami. The system
noted that the account holder there then wrote a check for $125,000.

While each account on its own did not appear to represent a risk, the
coordinated activity set off alarms, said Don Temple, an
anti-money-laundering specialist at Mantas and a former special agent at the
IRS. "You can only detect suspicious transactions today with sophisticated
data-mining and pattern-recognition software," Temple said.

Experts said such systems could also flag a securities account that never
trades stocks. Or the systems could draw attention to someone of apparently
modest means who receives a $40,000 wire transfer from abroad and then sends
out a large check. Specialists said the systems, by sweeping through vast
electronic depositories of information, can find links among customers that
a person might never see.

"Sometimes we've referred to our product as the 'Big Brother,' " said Alison
Holland, spokeswoman for NetEconomy, a Dutch firm that is pitching its
systems to U.S. firms. "It can monitor so many things."

Some companies used such tools before Sept. 11, as computer power increased
and the government increased efforts to stop the flow of drug and mob money
through the U.S. banking system. But TowerGroup, a Massachusetts research
firm that tracks financial services, estimated that banks and other
institutions will double their spending on monitoring systems this year, to
$120’million. "This is just a sea change in the industry," said TowerGroup
analyst Breffni McGuire.

UBS PaineWebber, for example, recently signed a deal with Searchspace Corp.,
a company that says its computer system "captures and uses all transactions
that flow through an organization to provide continuously adaptive profiles
of all individuals."

Riggs Bank NA is working with Americas Software Corp. to install a similar
system that will automate procedures it has had in place for several years.
Citigroup Inc. has contracted with Mantas, which says its software can
"reduce the risk of money laundering with comprehensive, enterprise-wide
surveillance of your customer, account, and transaction information . . . to
reveal suspicious and previously unknown behaviors."

Last week, in response to a mandate in the Patriot Act, the Treasury
Department's Financial Crimes Enforcement Network, known as FinCen, began
operating a secure online network to make it easier for financial companies
to report suspicious behavior by customers to the government.

Central to that relationship are suspicious-activity reports, which require
officials to fill in more than 50 kinds of information, including addresses,
account numbers, Social Security numbers and phone numbers.

They are maintained by FinCen in databases that are available to local,
state and federal law-enforcement agencies. Under Patriot Act provisions,
intelligence agencies also have the right to get such reports on demand.
People who are the subjects of the reports may not see them, a FinCen
official said.

The number of suspicious-activity reports filed with the government was
almost 163,000 in 2000, compared with 81,000 in 1997, the first full year
the reports were collected, the agency said.

The pace of the reports jumped sharply after the Sept. 11 attacks. About
125,000 were filed from Oct. 1, 2001, to the end of March, compared with
about 86,000 in the same period the previous year, agency officials said.

John Byrne, senior counsel at the American Bankers Association, said members
have cooperated with the government in tracking down terrorist assets and
matching customer names against government lists of suspects since Sept. 11.
But Byrne said that financial institutions, even those using the most
sophisticated technology, need guidance and timely intelligence to help the
government.

"We have proven our willingness to respond to legal government requests to
search records and report suspected crime," he said. "What concerns us is
any policy that suggests that the financial industry on its own determine
potential terrorist activity. At the end of the day, the financial sector is
not law enforcement."

Officials at FinCen said they have no interest in deputizing the financial
industry and intruding unnecessarily into the financial lives of most
people. They want the industry to act as a gatekeeper, not a cop, and to
focus on risky customers.

"We have this important practical reason for paying attention to privacy
concerns," FinCen Director James F. Sloan said. "If we don't, we're going to
end up losing these tools."

Sloan said suspicious-activity reports, coupled with powerful data
warehouses and mining tools at FinCen, have turned up leads and suspects.
"This created an opportunity for dialogue that has never existed before,"
Sloan said of the Patriot Act. "It has given us an opportunity to work with
the industry like never before."

© 2002 The Washington Post Company 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tied to your PC? Cut Loose and
Stay connected with Yahoo! Mobile
http://us.click.yahoo.com/QBCcSD/o1CEAA/sXBHAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Tap,.Tap,.Tap]"
Previous message: Fred Cohen: "[iwar] [fc:Report:.Al.Qaeda.Tells.U.S..to.Get.Ready.for.Attack]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT