Spy Blog - SpyBlog.org.uk

Swift is a crucial gatekeeper, providing electronic instructions on how to transfer money between 7,800 financial institutions worldwide. The cooperative is owned by more than 2,200 organizations, and virtually every major commercial bank, as well as brokerage houses, fund managers and stock exchanges, uses its services. Swift routes more than 11 million transactions each day, most of them across borders.

[...]

Intelligence officials were so eager to exploit the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

Intelligence agencies have been trying to snoop on SWIFT ever since it was set up e.g. the then West German Bundesnachrichtendienst ran Operation Rahab in the late 1980s.

[...]

Within weeks of the Sept. 11 attacks, Swift began turning over records that allowed American analysts to look for evidence of terrorist financing. Initially, there appear to have been few formal limits on the searches.

"At first, they got everything - the entire Swift database," one person close to the operation said.

[...]

The volume of data, particularly at the outset, was often overwhelming, officials said. "We were turning on every spigot we could find and seeing what water would come out," one former administration official said. "Sometimes there were hits, but a lot of times there weren't."

Officials realized the potential for abuse, and soon narrowed the program's targets and put in more safeguards.

The legal access to the plaintext of thousands or millions of SWIFT transactions could be a huge help the US intelligence agencies in breaking the cryptographic protections of the stuff which SWIFT has started to withhold from them, but which they are undoubtedly intercepting.

[...]

Despite the controls, Swift executives became increasingly worried about their secret involvement with the American government, the officials said. By 2003, the cooperative's officials were discussing pulling out because of their concerns about legal and financial risks if the program were revealed, one government official said.

"How long can this go on?" a Swift executive asked, according to the official.

Even some American officials began to question the open-ended arrangement. "I thought there was a limited shelf life and that this was going to go away," the former senior official said.

The executives agreed to continue supplying records after the Americans pledged to impose tighter controls. Swift representatives would be stationed alongside intelligence officials and could block any searches considered inappropriate, several officials said. The procedural change provoked some opposition at the C.I.A. because "the agency was chomping at the bit to have unfettered access to the information," a senior counterterrorism official said. But the Treasury Department saw it as a necessary compromise, the official said, to "save the program."

Despite all this snooping, the programme appears to have had very few actual sucesses since September 2001.

This secret US Government program appears to make redundant Chancellor of the Exchequer Gordon Brown's plans for a "Blechley Park" type organisation to track international terrorist finances

Has SWIFT been secretly handing over confidential financial data to any other Governments on such a wholsesale basis ?

How many innocent UK citizens have had their financial records snooped on via this betrayal of trust ?

What is the UK Government doing to prevent such snooping by foreign governments, on innocent United Kingdom citizens, including that done by the US Government ?

What is so diffuclt about legitimate foreign government terrorist or criminal investigations into the activities of British citizens or involving British financial institutions being channelled through the existing systems of legal cooperation and data sharing, which should be held accountable according to UK law ?

Will SWIFT now end this data trawling programme ?

Have all the cryptographic keys used to protect the SWIFT system now been changed, using sepatrate channels of communication to this which have been potentially compromised during the "full database access" period of 2001 to 2003 ?

Will the UK Information Commissioner and the Financial Services Authority conduct an investigation into SWIFT's activities ?

Does the UK Government share the US Government view that SWIFT is a "message service" ?

[...]

Treasury officials said Swift was exempt from American laws restricting government access to private financial records because the cooperative was considered a messaging service, not a bank or financial institution.

[...]

After an initial debate, Treasury Department lawyers, consulting with the Justice Department, concluded that the privacy laws applied to banks, not to a banking cooperative like Swift. They also said the law protected individual customers and small companies, not the major institutions that route money through Swift on behalf of their customers.

Remember that US financial privacy laws do not protect the privacy of any foreign or overseas transactions, i.e. those in the United Kingdom, from being snooped on by the US government.

This also has implications for the Regulation of Investigatory Powers Part III consultation on Encrypted Data and on Government access to Encryption Keys., especially paragraph 6.8 Special circumstances requiring disclosure of a key

This Draft Code of Practice suggests that the Chairman of the Financial Services Authority (currently Sir Christopher Kelly KCB) , should be informed every time that an Encryption Key is demanded under RIPA Part III.

Will UK investigators be able to serve a section 49 Disclosure Notice for the secret encryption keys which protect the $6 trillion dollar day SWIFT network ?

Does this also have implications for, say, the private VISAnet network which the VISA credit card company uses ?

N.B.. Neither SWIFT nor the international VISA or MasterCard credit card networks, nor indeed UK centric payments networks like BACS , appear to be regulated by the Financial Services Authority (seach the FSA Register), even though their customers and the consortia of financial instutions and partners which own and operate them, are regulated

The share settlements network CREST and the consumer web payments network PayPal are regulated by the Financial Services Authority.

Surely the United Kindom financial institutions' access to the SWIFT network should be protected as part of the Criticial National Infrastructure, from all threats, including those from foreign intelligence agencies, organised criminal gangs, and terrorists etc ?

Is Gordon Brown's plan for a "Bletchley Park" style organisation to track terrorist finances, the prime focus of his "I want am experienced in security matters, make me Prime Minister" speech to RUSI in February, now dead in the water, since SWIFT will hopefully now be more reluctant to betray their customers' data wholesale ?