Schneier on Security

Is this the list: http://www.ustreas.gov/offices/enforcement/ofac/sdn/index.shtml

That's amazing. It seems that in order to comply with the law, a vending machine will have to check the identity of the customer before selling him or her a soda!

@Michael: yes, AFAICT.

FTA:
"
"Laws like this that are so ridiculous that no one obeys them do nothing to inspire respect in our legal system," says Hudson.
"

No, but they do make for a lovely soviet police state.

"it's impractical", says Hudson.

Not at all! It is easy to download the list to a PDA and use it to check for suspected terrorists. All citizens should be required to carry an anti-terrorist PDA right next to their constitutionally "mandated" handgun.

Of course it will not catch any terrorists, but maybe people will feel good about "doing everything possible in the war against terrorism".

Bruce, think "Wire Transfers". It's the fastest and easiest way to move your ill-gotten gains. Since many of these folks [their money, not them] are in Europe (western & eastern) it's more difficult to move money around to US banks (that also have overseas operations). They can't run down to the BofA in downtown Strasburg and wire $10 million to the Caymen Islands.

We have to check every wire against the OFAC list every day. [Just in case Fidel is moving his $ again :-)].

Since when was practicality a requirement for national security measures. This has gotten even more ludicrious under the Patriot Act and the Bush government.

We wouldn't need to ban cigarette lighters from airplanes if the TSA and DHS actually did their real jobs... but Bush's administration has never been about real security, just job security...usually theirs.

"That's amazing. It seems that in order to comply with the law, a vending machine will have to check the identity of the customer before selling him or her a soda!"

You can't be too careful. Some of those soft drinks are pretty amazing. We don't want terrorists to have access to Mountain Dew, for example.

"Some of those soft drinks are pretty amazing."

I have read that some of these sodas have high levels of substances that can induce cancer. They are hazardous to our health, probably a greater treat than terrorism. Maybe we should ONLY sell them to terrorists. ;-)

Yes, if they get soda and candy, they might do something like this... http://video.google.com/videoplay?docid=4077724936497803978

If the soft drinks cause cancer, there's no doubt that the terrorists are buying them to build some sort of biological weapon...

I worked for a mortgage banking firm a few years ago, and I can confirm that part of our checks on people who wanted to have some money for a house was to do a search on their name on that OFAC page. Seemed a little silly that part of my workflow was hitting ctrl-F on an unencrypted web page.

Seems like the perfect application for a Bloom Filter! It keeps the actual list secret, gives some false positives, and (most importantly) you can add names but can't remove them.

(I wish I were joking about this)

And of course, this Awesome Power to Screw Up People's Lives will only be used for good purposes.

The web site appears to be unavailable.

Is this the first instance of a "Schneierdotting" :-)

Is this not another instance of "how to really screw over anyone with a similar name to a terrorist"?

So, if a terrorist doesn't like someone, start using their name as an alias. Then their name will get added to the list.

Great.

Looks like self-advertisement for the lawyer's book... When was the last prosecution? It's relevant for banking transactions as mentioned by earlier comments.

"Same for Charles "Chuckie" Taylor, son of the recently arrested former president of Liberia"

Thanks Bruce. You should know that you done your bit in he GWOT; since I recenently received an email from "Chuckie" with a very intriguing business proposition. These internets sure are amazing.

These names are a joke, right? Just how many folks called "Ahmed Mohammed" can you imagine there are? Or does the block only apply if he signs his order "a.k.a. Ahmed the Egyptian"? (assuming he chooses to write in latin script with this form of letters). Pity any other Egyptians called Ahmed.
Or there's "Abu *" - e.g. "father of *".

@ John

> The web site appears to be unavailable.
>
> Is this the first instance of a "Schneierdotting" :-)

No, that's happened before (last time in December if I recall). Schneierdotting is less frequent, but it still occurs (usually with destination hosts with *really* small bandwidth allocations).

Of course, usually Bruce posts papers (which are on university nets with "fat pipes") or articles from some newspaper (ditto).

And for anyone who wants to join the terrorists, or to help them out in any way, its a perfect list of contacts, advisors, suppliers, etc.

It's probably a best seller in some parts of the Middle East...

Mr W

You'll be surprised, but when I recently visited the branch of Citibank in Moscow, Russia (in a rather out-of-the-way location) in order to exchange $100 into local russian currency, i was, sure, asked for a passport and printed a receipt. The receipt was stamped by the nice red "Sanctions/SDN Verified".

It was a routine street level operation, and it made me laughing, imagining somebody like Mira Milosevic going to Citi to change the bill to buy some bread :)

The NYT obviously does not check the list, they have a Charles Taylor doing book and film reviews.

"The OFAC requirements apply to all U.S. citizens. "

I just found myself a market niche:
I'll open an OFAC-agnostic produce stand.

"Having trouble buying your vegetables?
Come on over to Gerd's No-OFAC fruits&vegetables".

My business will flourish and prosper, until
my name makes it onto the list also ;-)

okay, i found the list, is there any angle i can play to sell goods and services to these people, maybe as part of an affinity program?

"You can't be too careful. Some of those soft drinks are pretty amazing. We don't want terrorists to have access to Mountain Dew, for example."

If Osama does the Dew, it's all over.....

This law is only impractical if you think its purpose is to stop people selling to the "Bad Guys."

If, instead, you realize that this law, like so many others, is meant to make it easier to prosecute as wide a number of people as possible, then you see that it is a very effective law.

A famous example of this "type" of law is our tax code being used to prosecute mobsters, prostitutes, drug dealers, and other "Bad Guys."

Another example is the use of data recovery professionals to find out if you ever had anything illegal on your computer. Even if it was in temp files, and even if you said, "eeewww! I don't want to be seeing crap like that! I'd better delete that right now and never go back!" These "types" of laws allow them to go after you if they wish.

It's purely to make life easier for the prosecutors.

Greetings, I am Enid Taylor, wife of former President of Liberia, Charles Taylor. I need your assistence for a business transaction. There will be NO RISK to you. Currently I have 50000 (FIFTY THOUSAND) humvees in a car lot in Texas, but I am unable to access them due to the OFAC list. I propose to transfer them to your name so you can collect, and then you transfer 60% of the humvees to me, keeping the remainder as your profit.

Greetings, I am Bob, whose name just happens to resemble that of an alias of a cousin of a suspected terrorist sympathisers mother in law.

I currently have $50 in my account but find myself unable to buy milk and bread at the local shop.

In return for your assistance you can keep 3 slices of bread (white or wholemeal, your choice) and a glass of milk.

Wow - what a great resource for matching SSN, passport and DOB records! ;)

I know most (if not all?) banks in france have an "OFAC filter" running with their SWIFT installations. As one poster guessed, it does generate many false positives. One large institution I worked for had a dedicated team to handle these.

Hah.  This WP reporter just heard about OFAC?  He doesn't know from stuff.  This bad guy list has been in place for years and years.  What's more, your great country has a wonderful set of sanctions against bad countries including, of course, that island in the Caribbean which is such a danger to US freedom and democracy.  Check out http://www.treas.gov/offices/enforcement/ofac/programs/
Then there's the even more wonderful Bureau of Industry and Security, part of the Department of Commerce, that regulates in excruciating detail what may and may not be exported from the USA (yes, that means you, if you ever send anything out of the country).  To really blow your mind, check out the Export Administration Regulations:  http://www.bis.doc.gov/licensing/exportingbasics.htm

Here is an interesting recount of a no-fly experience.

http://www.capitolhillblue.com/artman/publish/article_8045.shtml
http://tinyurl.com/dxnda

If it is to believed, no-fly is becoming a tool for political retaliation.

It is not quite as daft as it looks.

For example, if you wanted to donate money to help the Palestinian people, but not terrorists, you would be well advised to check the organisation you donated to was not on the list. If you fail to do so, and donate to "RELIEF COMMITTEE FOR SOLIDARITY WITH
PALESTINE" under one of it's many aliases, or even "BENEVOLENCE INTERNATIONAL NEDERLAND", you could end up in trouble.

Bruce,
SDN compliance is a _major_ pain and you'll notice the best advice the OFAC site gives you is to download the PDF doc of all 5000 names and do a find for each one of your clients against the list. Penalties are stiff - $1mm for unknowingly doing business with someone from the list and $10mm + 30yrs prison for knowingly transacting.

I wrote the SDNcompliance.com website to help alleviate the burden people face in checking their client lists against the SDN. This tool parses the SDN list nightly, indexes it and allows you to export your outlook contacts and match them against the list. It's all free and advertising driven and the solutions I looked at that are out there now by Attus and Bridger Insight are ungodly expensive and horrible interfaces.

Sean