Terrorist Finance Tracking Program
The Terrorist Finance Tracking Program is a United States government program to access financial transactions on the international SWIFT network that was revealed by The New York Times, The Wall Street Journal and The Los Angeles Times in June 2006. It was part of the Bush administration's War on Terrorism. After the covert action was disclosed, the so-called SWIFT Agreement was negotiated between the United States and the European Union.
Overview
A series of articles published on June 23, 2006, by the New York Times, the Wall Street Journal and the Los Angeles Times revealed that the United States government, specifically the Treasury and the CIA, had a program to access the SWIFT transaction database after the September 11th attacks.According to the June 2006 New York Times article, the program helped lead to the capture of an al-Qaeda operative known as Hambali in 2003, believed to be the mastermind of the 2002 Bali bombing, as well as helped identify a Brooklyn man convicted in 2005 for laundering money for an al-Qaeda operative in Pakistan. The Treasury Department and White House responded to the leak the day before it was published, and claimed that the leak damaged counterterrorism activities. They also referred to the program as the "Terrorist Finance Tracking Program", similar to the Terrorist Surveillance Program in the NSA wiretapping controversy.
The Terrorist Finance Tracking Program was viewed by the Bush administration as another tool in the "Global War on Terrorism". The administration contends the program allows additional scrutiny that could prove instrumental in tracking transactions between terrorist cells. Some have raised concerns that this classified program might also be a violation of United States and European financial privacy laws, because individual search warrants to access financial data were not obtained in advance. In response to the claim that the program violates U.S. law, some have noted that the U.S. Supreme Court in United States v. Miller has ruled that there is not an expected right to privacy for financial transaction records held by third parties and that "the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed".
Immediately following the disclosure, SWIFT released an official press statement asserting that they did give information to the United States in compliance with Treasury Department subpoenas, but claiming that "SWIFT received significant protections and assurances as to the purpose, confidentiality, oversight and control of the limited sets of data produced under the subpoenas".
European privacy laws
On 27 June 2006, it was revealed by the media that Belgium's central bank, the National Bank of Belgium, had known about the U.S. government's access to the SWIFT databases since 2002. Belgian Christian Democratic and Flemish party claimed on June 28, that the actions of the CIA with SWIFT were in breach with Belgian privacy laws. The Belgian parliamentary committee that deals with the workings of the Belgian State Security Service reported that SWIFT was indeed in violation with Belgian and European privacy laws.In addition, the New York branch of the Dutch Rabobank is said to deliver information on its European customers to the U.S. government, in contempt of European privacy laws. The Dutch Data Protection Authority claims that Dutch banks could face fines if they hand over data on their customers to the U.S. government.
Consequently, the European Union obtained an agreement that they could send an investigating magistrate as High Representative of the EU to the United States of America in order to monitor the TFTP activities. This magistrate, Jean-Louis Bruguière, had a permanent office in Washington, D.C., at the U.S. Department of Treasury.
Disclosures by former National Security Agency contractor Edward Snowden alleged the NSA was systematically undermining the SWIFT Agreement. No denial was issued by the American side, and the European Parliament passed a non-binding vote calling for the suspension the agreement. A suspension would however require the consent of a two-thirds majority of EU governments.
EU-U.S. relations
Legal treaty development
After European concerns with wholesale SWIFT data export were raised, it became necessary for the United States to negotiate a treaty with the EU in order to be able to continue accessing the SWIFT database. The Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program was negotiated during 2009. The treaty was first rejected by the European parliament, however after a few months and a visit by U.S. Vice president Joe Biden to the parliament, the European Commission introduced a proposal with strengthened safeguards, which was then adopted.Scope
The scope of the treaty is to use financial payment messaging data to prevent, investigate, detect, and prosecute conduct pertaining to terrorism or terrorist financing. Terrorism is defined as acts which involves violence or are otherwise dangerous to human life or create a risk of damage to property or infrastructure with the intent to intimidate a population or government or an international institution to act or abstain from acting or to seriously destabilize or destroy fundamental structures of a country or international organization.Process
The United States Treasury serves production orders to a designated provider of financial data. SWIFT is the only designated provider today. The request shall identify as clearly as possible the data necessary for the purpose of the treaty. The request should clearly substantiate the necessity of the data, and be tailored as narrowly as possible. Payments within the Single Euro Payments Area are excluded.Safeguards
The U.S. Treasury shall process the data only for the purpose of the treaty and data mining is not allowed. The data must be secured and cannot be interconnected with any other database. Access to data shall be limited to investigations of terrorism. All searches must be based upon preexisting information or evidence of connection with terrorism. Information may only be shared with law enforcement, public security, or counterterrorism authorities in the United States or the EU.Citizen's rights
Any person has the right to obtain a confirmation through the data protection authority in the EU member state that the person's data protection rights have been respected. Any person has the right to seek the rectification, erasure or blocking of his or her personal data where the data is inaccurate or the processing contravenes the treaty.European TFTP
EU may request the aid of the United States to build up a European TFTP.History
2013
- October 23: Following revelations about mass surveillance by the NSA, the European Parliament passes a non-binding resolution calling on the EU Commission to suspend all data transfers according to the TFTP with the United States Treasury Department.
2012
- February 26: Danish newspaper Berlingske reported that U.S. authorities evidently have sufficient control over SWIFT to seize money being transferred between two EU countries, since they have seized around $26,000 which were being transferred from a Danish to a German bank. The money was a payment by a Danish businessman for a batch of Cuban cigars previously imported to Germany by a German supplier. As justification for the seizure, the U.S. Treasury has stated that the Danish businessman has violated the United States embargo against Cuba.
2011
- October 25
- *European Data Protection Supervisor communication entitled to Cecilia Malmström, Commissioner for Home Affairs, European Commission:
- **We support all the points made by the Article 29 Working Party in its letter of 29 September, based on its specific experience in analysing and monitoring the original agreement between the United States and the EU regarding the Terrorist Finance Tracking Programme, which is the source of the developments of the Terrorist Finance Tracking System at EU level.
- **We would like to complement the observations of the WP29, especially in relation to the context in which the TFTS is envisaged, about its necessity and proportionality, the procedural guarantees that should be introduced and finally with regard to its consequences on the existing US TFTP agreement.
- *European Data Protection Supervisor offers ':
- ** main reason for the development of a European terrorist finance tracking system has its source in the present US TFTP agreement and in the Council Decision of 13 July 2010. Currently, under TFTP, data are sent in bulk to the US, to be stored and filtered according to requests of the U.S. Treasury Department'. This has raised serious criticism, especially by the European Parliament, notably with regard to the necessity and proportionality of the 'bulk' data flows.
- **If the filtering of data is performed within the EU under TFTS, according to criteria which should be particularly strict, the data sent to the United States would be restricted as a result. This is essential in order to meet the EU data protection requirements, even if the data would not totally meet the requests of U.S. authorities.''
- September 29
- *Article 29 Working Party letter regarding TFTP
2010
- November 19:
- *Article 29 Working Party communication entitled ' to Vice-President Viviane Reding, Commissioner for Justice, Fundamental Rights and Citizenship, European Commission:
- **On 26 May 2010 the European Commission presented the draft negotiating mandate for an agreement between the European Union and the United States of America on the protection of personal data when transferred and processed for the purpose of preventing, investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters. The Article 29 Working Party understands the negotiating mandate has been under discussion in both the Council and the European Parliament in recent months and may be adopted by the Justice and Home Affairs Council in early December. The Working Party regrets that it has not been consulted on the content of the negotiating mandate for this agreement, since these negotiations with the US are bound to be one of the most important steps within the area of data protection the EU is to take in the coming years.
- July 13: Council Decision
- *EDPS: In the Decision, the Council agreed to the conclusion of the agreement between the EU and the US while at the same time inviting the Commission to submit to the European Parliament and to the Council a legal and technical framework for the extraction of data on EU territory. Furthermore, in giving its approval to the conclusion of the agreement on 8 July 2010, the European Parliament explicitly acknowledged the commitment by the Council and the Commission to set up the legal and technical framework allowing for the extraction of data on EU soil. This commitment would in the mid-term ensure the termination of bulk data transfers to the U.S. authorities. The requirement for a prior filtering of data within the EU is supported by the EDPS, as it would prevent the sending of bulk data to a third country. However, the Communication goes beyond the acknowledged purpose of filtering data in the EU, as it clearly indicates that the "system should not be set up just to provide relevant information to US authorities", as the authorities of the Member States "have a real interest in the results of such a system as well". The Communication therefore seems to legitimise the setting up of a whole new TFTS scheme, in an EU specific context, on the basis of the existing TFTP agreement. In other words, the Communication seems to justify the introduction of a new system which invades the privacy of EU citizens for the benefit of the authorities of EU Member States while using as a justification the assessment of utility of a system conceived and implemented to allow the US authorities to pursue their own investigation linked to terrorism. The EDPS has strong doubts about this approach, which does not appear to respect the principles of necessity and proportionality.
- May 26: European Commission presents draft mandate.
- *The Article 29 Working Party understands the negotiating mandate has been under discussion in both the Council and the European Parliament in recent months and may be adopted by the Justice and Home Affairs Council in early December. The Working Party regrets that it has not been consulted... - EDPS, ', 2010-11-19.
2001-2006
- November 22, 2006: Article 29 Working Party adopts '.
- * Article 29 Working Party emphasizes that even in the fight against terrorism and crime fundamental rights must remain guaranteed. It insists therefore on the respect of global data protection principles.
- *The Article 29 Working Party calls upon SWIFT and the financial institutions to take measures in order to remedy the currently illegal state of affairs without delay'.''
- September 2006: The Belgian government declared that the SWIFT dealings with U.S. government authorities were, in fact, a breach of Belgian and European privacy laws.
- June/July, 2006
''New York Times''' disclosure controversy
Some have also questioned whether the information in the original June 23, 2006 newspaper articles was even secret, despite its U.S. government classification, because of previous newspaper articles discussing SWIFT. Specifically, a 1998 Washington Post article, in the wake of the U.S. embassy bombings, mentioned that the "CIA and agents with Treasury's Financial Crimes Enforcement Network also will try to lay tripwires to find out when bin Laden moves funds by plugging into the computerized systems of bank transaction monitoring services – operated by the Federal Reserve and private organizations called SWIFT and CHIPS – that record the billions of dollars coursing through the global banking system daily." Also, a September 21, 2001 Baltimore Sun article mentioned SWIFT "headquartered in Belgium" and conjectured about the ability of the U.S. National Security Agency "to follow the money through its electronic intercepts of such transactions". Still others have questioned the secrecy of the TFTP because the Bush administration has made public announcements that it planned to track terrorist-related finances. For example, in a speech shortly after the September 11th attacks, George W. Bush elaborated on the Administration's intention to track terrorist funding, saying "if fail to help us by sharing information or freezing accounts, the Department of the Treasury now has the authority to freeze their bank's assets and transactions in the United States".
However, critics of the decision to disclose the classified program's existence, including U.S. Treasury Secretary John W. Snow, responded by arguing that there is a vast difference between stating general intentions to track terrorist finances and actually revealing the exact means employed to do so. Some of these critics called attention to the New York Times itself making no mention of either SWIFT or the Terrorist Finance Tracking Program in a November 29, 2005 article ironically detailing the Bush administration's apparent lack of progress in tracking terrorist finances. Moreover, in an editorial on the press's obligations in wartime, the clarified the basic differences between its approach to the story and that of the New York Times. As for Secretary Snow, he disagreed with executive editor of The New York Times Bill Keller's claim that terrorists are now exclusively using "other means" to transfer funds, by stating that terrorists "have continued to the formal financial system, which has made this program incredibly valuable". Testifying before the House Financial Services Subcommittee on Oversight and Investigations on July 11, 2006, Stuart Levey, the Department of the Treasury’s Under Secretary for Terrorism and Financial Intelligence, stated:
"Since being asked to oversee this program by then-Secretary Snow and then-Deputy Secretary Bodman almost two years ago, I have received the written output from this program as part of my daily intelligence briefing. For two years, I have been reviewing that output every morning. I cannot remember a day when that briefing did not include at least one terrorism lead from this program. Despite attempts at secrecy, terrorist facilitators have continued to use the international banking system to send money to one another, even after September 11th. This disclosure compromised one of our most valuable programs and will only make our efforts to track terrorist financing—and to prevent terrorist attacks—harder. Tracking terrorist money trails is difficult enough without having our sources and methods reported on the front page of newspapers."
On October 22, 2006, Public Editor of The New York Times Byron Calame stated that he did not think the article should have been published, reversing his strong support of the Times in his June 2 column. "I haven't found any evidence in the intervening months that the surveillance program was illegal...The lack of appropriate oversight—to catch any abuses in the absence of media attention—was a key reason I originally supported publication. I think, however, that I gave it too much weight".
In September 2006, however, the Belgian government declared that the SWIFT dealings with U.S. government authorities were, in fact, a breach of Belgian and European privacy laws. New York Times editor Bill Keller responded to Calame’s “revisionist epiphany” in a letter published on November 6, 2006. Keller felt that Calame’s premise that “the press should not reveal sensitive secret information unless there is a preponderance of evidence that the information exposes illegal or abusive actions by the government” set too high a bar. Keller explained, “The banking story landed in the context of a national debate about the concentration of executive power. The Swift program was the latest in a series of programs carried out without the customary checks and balances—in this case, Congressional oversight. Key members of Congress who would normally be apprised of such a program and who would be expected to monitor its safeguards only learned of the program because we did”.