From the New York Times:
WASHINGTON, June 22 — Under a secret Bush administration program initiated weeks after the Sept. 11 attacks, counterterrorism officials have gained access to financial records from a vast international database and examined banking transactions involving thousands of Americans and others in the United States, according to government and industry officials.
The program is limited, government officials say, to tracing transactions of people suspected of having ties to Al Qaeda by reviewing records from the nerve center of the global banking industry, a Belgian cooperative that routes about $6 trillion daily between banks, brokerages, stock exchanges and other institutions. The records mostly involve wire transfers and other methods of moving money overseas and into and out of the United States. Most routine financial transactions confined to this country are not in the database.
Viewed by the Bush administration as a vital tool, the program has played a hidden role in domestic and foreign terrorism investigations since 2001 and helped in the capture of the most wanted Qaeda figure in Southeast Asia, the officials said.
The program, run out of the Central Intelligence Agency and overseen by the Treasury Department, “has provided us with a unique and powerful window into the operations of terrorist networks and is, without doubt, a legal and proper use of our authorities,” Stuart Levey, an under secretary at the Treasury Department, said in an interview on Thursday.
The program is grounded in part on the president’s emergency economic powers, Mr. Levey said, and multiple safeguards have been imposed to protect against any unwarranted searches of Americans’ records.
The program, however, is a significant departure from typical practice in how the government acquires Americans’ financial records. Treasury officials did not seek individual court-approved warrants or subpoenas to examine specific transactions, instead relying on broad administrative subpoenas for millions of records from the cooperative, known as Swift.
That access to large amounts of confidential data was highly unusual, several officials said, and stirred concerns inside the administration about legal and privacy issues.
My initial reaction to this is that it sounds legal to me (and also a pretty good idea). Despite the Times’ suggestion, I don’t think I have heard of a warrant being obtained for finanical transations; the Fourth Amendment clearly doesn’t require that, and I don’t know of a statute that does. Further, I don’t know why it makes a legal difference that the government used an administrative subpoena for lots of data rather than issuing a subpoena for individual accounts. It makes the program more broad, but I wouldn’t think that the subpoenas were legally overbroad or improper. (I assume these files were transfered in electronic form, and it’s usually not overly burdensome to transfer lots of electronic files.) And in any event, there is no sign that the recipient of the subpoenas objected, and the recipient would be the group with legal standing to object.
Adam White offers more commentary at Intel Dump; Julian Ku has thoughts at Opinio Juris.
Sometimes, I
Sometimes, I question the WSJ’s rationale behind publishing stuff like this. I don’t think that the general public is as opposed to this as reporters think. Most of us, like you, seem to think that it’s a good idea. If this is true, then why tip off the bad guys that we’re doing this? Perhaps the answer is that the secret wasn’t that well-kept (which makes sense, given that the WSJ didn’t seem to have much of a problem getting info on it).
Jerf, There was no reason for the WSJ not to publish this once the NYT announced that it was doing so (I am assuming that the NYT article was announced first or published first).
I would like to have Professor Kerr’s comments on the decision of the NYT to publish its article contrary to the wishes of the administration.
If there’s not a substantial question as to the legality of the program, then I don’t see the news value in reporting on it. Maybe it’s being put out there for propaganda reasons (make the terrorists paranoid in how they conduct their business). You wouldn’t think a Treasury official would go on the record if this story represented some huge breach of national security, but who knows.
Perhaps the news value lies in the fact that the Patriot Act authorized broader use of administrative subpoenas, and the voters are entitled, in evaluating the efficacy of that law, to acquire some information about the ends for which it is being used. Mind you, I’m not familiar enough with the provisions in question to know if the Patriot Act is truly at issue.
Pingback: Blue Crab Boulevard » Blog Archive » Personal Thanks
The Right to Financial Privacy Act requires a warrant or subpoena or other process, depending on the circumstances, for any government access to “the financial records of any customer from a financial institution,” unless an exception applies. See 12 USC s 3402. Apparently the information gained from the SWIFT system was obtained with administrative subpoenas, which require notice under s 3405 unless excepted under, e.g., secs. 3413(a) (individual customers not identifiable); (g) (particular transactions or foreign accounts being investigated); or 3414(a)(1) (agencies authorized to conduct counter-intelligence or investigate terrorism). From what I understand, the Treasury Dept. withheld notice under 3413(g)(2), claiming authorization under IEEPA, the International Emergency Economic Powers Act, 50 USC s 1701. Still, 3413(g)(2) is not a blanket exception; it allows access only to situations “when a Government authority … is seeking only the name, address, account number, and type of account of any customer or ascertainable group of customers associated … with a foreign country or subdivision thereof in the case of a Government authority exercising financial controls over foreign accounts in the United States….” So one of the accounts must be foreign, and the customers whose data is collected must be “associated … with a foreign country or subdivision thereof,” and the data collected must not contain any transaction details. But it sounds like the actual data collection was much broader than this. Maybe 3414(a)(1) applies, but I’m not sure the Treasury Department fits within the relevant categories of agencies.
[OK Comments: Does RFPA apply outside the United States? I believe the evidence in this case was obtained from a a company in Belgium. Most privacy statutes do not apply out of the United States, but I don't know if RFPA is an exception.]
Following up on my comment last night, which is still in the moderation queue, I read in the Wash. Post this morning that the Administration is relying in part on the definition of “financial institution” in Sec. 3401 to argue that SWIFT is not a financial institution and therefore its records aren’t covered. That seems like a plausible reading of Sec. 3401 as far as I can tell, given my limited knowledge of what SWIFT is. But I’m still curious about Sec. 3402, which provides that “no Government authority may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution”. The “from a financial institution” bit may limit the scope of 3402 to requests directly to a financial institution — it’s a little hard to tell from the language alone and I haven’t reviewed the legislative history. But Sec. 3401(2) defines “financial record” as “an original of, a copy of, or information known to have been derived from, any record held by a financial institution pertaining to a customer’s relationship with the financial institution.” That looks to me like the RFPA may cover “financial records” even when they are not currently in the possession of a 3401(1) “financial institution.” In which case, Treasury would need to rely on one of the 3413 or 3414 exceptions to notice.
Steve:
It’s not about legality. It’s newsworthy because the government has power we didn’t know it had. Democracies only work if the people know what the government is doing. It really is that simple. It’s newsworthy not because it’s already illegal, but because the populace might want to make it illegal.
Maybe the debate should be about what sort of internal audits are in place. Perhaps now is a time for the executive to show that it can be trusted with power that was actually conferred upon it. Showing an example of an audit probably wouldn’t compromise national security, and it might go a long way to building confidence.
Just to let readers know, this post drew a bunch of very partisan comments from both sides: some slammed “libs” for being privacy nuts who don’t care about the GWOT, and others slammed the GOP for being fascists who don’t care about privacy and civil liberties. There were occasssional arguments embedded in these broadsides, but not many, so I’m not posting them. But my description above gives you the basic flavor.
Orin,
To address your comment above — I no longer think RFPA directly applies, because Swift doesn’t appear to meet RFPA’s definition of a “financial institution”, in part because it is not located in the U.S.
The more important issues are the IEEPA and the constitutional questions.
In re to Adam’s point at 10.20, I don’t think that it could be that Swift is not definitionally a “financial institution” under RFPA because it is not “located in” the United States. If that were true then how could the administrative subpoenas be valid if served outside the United States?
OTOH, if the requests were made pursuant to an MOU with Belgium (where Swift is based), then technically the request is not an administrative subpeona but instead a request purusant to a bi- or multi-lateral foreign agreement. That means the privacy issues are really Belgian and EU issues, and not US law.
The tenor of the news reports implies that it is not the case (as does the actual reference to purportedly overbroad administrative subpoenas), so I think we have to assume that in fact the subpoenas are being served within the United States on some agent of Swift.
This brings us back to the question, how are these exempt from RFPA and, as Bruce above pointed out, the 3402 issue of financial records. This gets back to the more technical analysis of RFPA which I will defer to someone with knowledge.
[OK Comments: David, are you sure that the administrative subpoena was "valid" in the sense of legally binding?]
Professor — To be clear, I have no knowledge whether the administrative subpoenas described by the NYT, WSJ, etc., are “valid” as in legally binding and forcing Swift to comply at risk of being haled to court otherwise. However, if the administrative subpoenas are not legally binding, then I think (1) this story has been blown completely out of proportion , and (2) the real knotty questions then become one of Belgian and EU law regarding privacy interests.
Although I certainly don’t believe that NYT is an unbiased organ of news, I don’t think they would botch a basic fact like the method of gathering. Moreover, that type of fact presumably would already have been caught by other journalists working the story themselves while it was breaking.
The story doesn’t die if Swift is voluntarily providing the information, it just becomes one of foreign bank balancing its duties under foreign laws with a desire to assist the US government voluntarily (or, perhaps less interestingly, one of the US and foreign governments cooperating via an MOU arrangement to obtain information that otherwise is outside the normal scope of investigation).
My initial reaction to this is that it sounds legal to me (and also a pretty good idea).
Not to be partisan at all, but part of the “new” provisions of the Patriot Act to track financial institutions and engage in asset forfeitures were lifted from legislation John Kerry drafted after working on drug trafficking issues concerning South and Central America in the 80s. Far from asset seizures and forefeitures being a tactic akin to outlandish arrogation of power by the Executive, this kind of aggressive tack on terrorism and drug cartels has been advocated for by Democrats and Republicans for the past 20 years. For what is it worth, I don’t see how it is technically a news story, and for that reason Bill Keller’s defense of the NY Times publication of the story (apart from partisan concerns) rings hollow. Both Kerry and Bush agreed these kinds of tactics were a good idea during the 2004 election.
David:
Well, if we’re assuming that RFPA is the only possibly applicable statute, the exception relevant to this case still seems pretty straightforward.
Section 3402 applies only where the situation does not fall under, among other things, Section 3414. And Section 3414(a)(1)(C) quite clearly applies:
“Nothing in this chapter … shall apply to the production and disclosure of financial records pursuant to requests from—a Government authority authorized to conduct investigations of, or intelligence or counterintelligence analyses related to, international terrorism for the purpose of conducting such investigations or analyses.”
Of course, that brings us back to the notification issues which are still, I believe, relevant.
Adam, based on the President’s statements yesterday regarding briefings to Congress, you likely are correct that the 3414 carve out to RFPA is the operative section (which requires such briefings). Why do you think the notification issues are relevant if this is the case? I think 3414 requests are carved out almost entirely from RFPA’s requirements, including any notice to the bank customer. (I am assuming that you otherwise don’t have a problem with the underlying rule from Miller that rejected the argument set forth nicely in Judge Mosk’s opinion in the Burrows case in California.)
Pingback: Patterico’s Pontifications » L.A. Times Pretends the Hamdan Case Justifies Its Own Dangerous Publication Decisions