SWIFT Violates Legal Privacy Protections

This is a good summary of the SWIFT privacy case:

This week, the Article 29 group -- a panel of European Commissioners for Freedom, Security, and Justice -- ruled that the interbank money transfer service SWIFT (Society for Worldwide Interbank Financial Telecommunication) has failed to respect the provisions of the EU Data Protection directive by transferring personal financial data to the US in a manner the press release describes as "hidden, systematic, massive, and long-term."

Posted on February 13, 2007 at 7:49 AM • 21 Comments

Comments

Andre LePlumeFebruary 13, 2007 8:35 AM

After that headline, Bruce, I expected the blog entry to start with "Film at 11".

Question now is, what will they do about it?

PaeniteoFebruary 13, 2007 8:38 AM

And now guess, what consequences this will have...
Right, none. There is no indication that SWIFT has stopped this practice.

FloorFebruary 13, 2007 8:46 AM

Maybe slightly off-topic:

On June 26th of last year I contacted my bank (Postbank in Holland) because it was just in the news (http://www.swift.com/index.cfm?item_id=59897) that the dutch banks where sharing payment information with SWIFT. They refused to answer my questions by asking for more time to answer or just not answer at all. I still don't fully trust my bank, but figured other banks would have done the same.

Peter PearsonFebruary 13, 2007 9:43 AM

Of course, the EU would have no objection to a similar invasion of privacy perpetrated in the name of a Good Cause, such as making sure that people pay enough taxes, or that they don't shop on days not government-designated as shopping days. The cause of interrupting funding of groups who blow up Yanks just isn't good enough.

FinFebruary 13, 2007 10:19 AM

Peter,

The Data Protection laws in the EU are designed to protect the individual against corporations and the government using data gathered on them in ways not exressly authorised by the individual. Such as Nazis hunting jews in the low countries.

There are exceptions for national security and detection of crime built into the directive and national legislation. The issue here is most likley relating to the restrictions cross border data flows. These are designed to stop people getting round the legislation by moving the processing to countries with lax or no protections on personal data such as the US.

There are mechanisms which would allow for processing by the EU to identify criminal activity. You would have to be niave to think this does not go on. However what is not allowed is to hand over the records of millions of innocent people and transactions to another country which has had a less than perfect recent record for the respect of idividual rights.

I think you'll find most if not all EU people are against terrorism and the funding thereof. It might have escaped your notice but Spain, France, and Britain have had ongoing problems with terrorists of various ilks. ETA, IRA, Algerian indepedance movements and islamist factions for at least 30 years to name a few. Terrorism is not new to the world. However the largest threats to our life and liberty if viewed with some degree of perspective have predominantly been bad governemnts. This current escalation of terrorism is although unpleasant is still less dangerous to you than driving your car. Bad governments have killed millions in the last century.

Tools like the DPA are designed to limit the scope of abuses corperations and government. This is a good thing. You should want the equivilant protections, not belittle those who do have them.

For a country that claims to love freedom and liberty I find it odd that some post 911 americans seem very quick to devalue those principles for the appearance of security.

OneirosFebruary 13, 2007 11:28 AM

It's a welcome ruling, I only hope they'll react in time to the latest attempt to implement the Prüm treaty, as well (http://www.guardian.co.uk/crime/article/0,,1989926,00.html).

warp99February 13, 2007 12:23 PM

"I think you'll find most if not all EU people are against terrorism and the funding thereof."

Don't be so sure of it.

Posted by: purpleslog at February 13, 2007 12:02 PM

Just like the in US with the likes of Timothy McVeigh, The Jewish Defense League, Orlando Bosch, and Luis Posada Carriles.

Arturo QuirantesFebruary 13, 2007 12:39 PM

" peter:

"The cause of interrupting funding of groups who blow up Yanks just isn't good enough.

Sorry to be rude, but it´s not long since the flow of money came freely from the US to Ireland or Spain to blow up irish or spaniards. That didn´t seem to be good enough, either, as Uncle Sam never did a thing to prevent it under the "it´s none of our business" motto.

You can always find a good excuse, in any country, to make exceptions to people´s rights. Bur breaking laws is not a good idea if you do want others to keep legal.

Jaime In CaliforniaFebruary 13, 2007 12:48 PM

There are bad people everywhere. Does it really help that we track every telephone call, bank transaction, and e-mail message? I don't think so. What we do is collect information that can be turned against our citizens, while the very few who *are* bad guys are lost in the background noise of too much data.

At some point, you have to recognize that bad guys will strike and will hurt of kill people, but we cannot prevent that without putting 50% of our population on guard duty, watching the other half and each other.

I agree with Fin here. Government and corporate abuses are our most likely dangers. The Constitution was written to protect us from government. That is why it says, "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." (Amendment IX) and again, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." (Amendment X)

The founders wanted to protect people and local governments from a strong central authority's natural tendency to collect more and more power for itself.

Timo TeeFebruary 13, 2007 1:06 PM

Purpleslog is right. But only because it seems the US assumes it has a global monopoly on defining who is a terrorist supporter. Majority of Europeans do not support president Bush's administration. Thus they must support terrorism and their banking details must be sent to the US. A logic so simple even children understand it.

grrlwonderFebruary 13, 2007 1:42 PM

@ Arturo Quirantes:

"Sorry to be rude, but it´s not long since the flow of money came freely from the US to Ireland or Spain to blow up irish or spaniards. That didn´t seem to be good enough, either, as Uncle Sam never did a thing to prevent it under the "it´s none of our business" motto."

Actually, for many years, the FBI had a large unit dedicated solely to anti-IRA activity and to preventing the flow of arms and money to the IRA.

Try again.

Ben RosengartFebruary 13, 2007 2:13 PM

@Fin,

Very well put.

Thanks from someone who is an American, a Jew and an E.U. citizen,

John PhillipsFebruary 13, 2007 2:58 PM

grrlwonder: but for a long time they did nothing for all the requests for them to do so by the UK. And even when they started doing something, they were not that good at it, as witnessed by the amount of cash and arms that still made it over.

I have no problem with the EU cooperating with the US in moves that genuinely help against terrorism. But not for general data collecting which is largely what the US is doing. Especially if their record to date with handling large data sets is any indication.

I find it ironic that the US government is actually doing more damage to civil liberties in the land of the free than Bin Lading and his ilk could ever have hoped for and mostly in the name of security theatre rather than real security.

grrlwonderFebruary 13, 2007 3:16 PM

@ John Phillips:

"I find it ironic that the US government is actually doing more damage to civil liberties in the land of the free than Bin Lading and his ilk could ever have hoped for and mostly in the name of security theatre rather than real security."

I agree wholeheartedly. And I fully sympathize with residents of the EU -- I'm American and *I* don't want the US goevernment collecting data on me. But a foreign government?? You've got to be kidding.

StudentFebruary 14, 2007 4:10 AM

I am curious... Exactly what frigging rights did Swift think they had to transfer my personal economical information to the US?

The war on freedom goes on. Soon only criminals will have any freedom.

supersnailFebruary 14, 2007 5:29 AM

"I am curious... Exactly what frigging rights did Swift think they had to transfer my personal economical information to the US?"

SWIFT has a wierd status: its a company owned by a comittee of contral bankers. As such a large piece of it is owned by the Federal Reserve in the US and about a quarter if its operational infrastructure is based in the US. So when it gets a court order from a US federal court it really had no choice but to respond. The particular problem they had was that the court order specifically forbid the discusion or even mention of its existance with any third party. So swift had a choice of violating a US court order or violating EU privacy laws. Its lawers took the view that the first option would involve it in an immediate and messy legal battle while they might get away with the second option of nobody noticed.

As for the another posters question "whats the alternative". For transfering money internationaly:-
Well you can use Western Union, but as a US based company you can pretty much guarentee that details of all transactions are being handed over to the FBI.
You can fill a paper bag with money and catch a plane (dont try this if you are Nigerian!)
If you have a word with one of your Moslem nieghboors they can probably put you in touch with a traditional money lender/banker who would have no problem ensuring your cash arrived safely in any almost country without going on any govenrment record.

GiovanniFebruary 14, 2007 6:46 AM

Bank customers are supposed to know that payments made to other countries cross borders and leave thereby their area of jurisdiction, including privacy laws. What most customers do not know is that many national payment systems use SWIFT standards and infrastructures for domestic payments. The result is that also purely national payments that never cross borders may end up in the CIA archives.

AnonFebruary 16, 2007 9:00 AM

Go to www.swift.com and read the REAL facts, not the FUD put out by the press and other so called experts.

bobFebruary 16, 2007 9:36 AM

How dare you europeans think that you should have a right to control who exploits your personal & private information. That concept is...; well, its... its... - unAmerican!

How ironic that the US government is exhibiting behavior which would have gotten it imprisoned (if it were an individual) during the McCarthy era.

I guess a "House Unamerican Activities comittee" today would be a guidebook, not a prohibition.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..