So instead of insisting that the US catches up with data protection levels, we water ours down to be less than the paper it's written on...
Bank customers wanting to make international transactions are being asked to sign a waiver to allow their personal details and financial records to be scanned by US anti-terror investigators. The waivers put customers in the same Catch-22 European data protection officials found themselves in after it emerged that the US had …
They broke US domestic spying laws too.
The US has a law, "the right to financial privacy act", one of a raft of privacy laws introduced after Nixon's escapades.
"(a) Release of records by financial institutions prohibited
No financial institution, or officer, employees, or agent of a financial institution, may provide to any Government authority access to or copies of, or the information contained in, the financial records of any customer except in accordance with the provisions of this chapter. "
SWIFT are claiming two defenses.
1. That it was done with a subpoena.
2. That they didn't need to receive a subpoena because they are not a financial institution.
1. The right to financial privacy act requires an individual subpoena. and a copy of the subpoena be sent to the person whose records are being sought. If they don't file a motion to quash with 10 days their records can be taken.
Yet this was not complied with, the subpoena was not specific and searches were done freely and without delay. The executive admitted this:
"Among the safeguards, government officials said, is an outside auditing firm that verifies that the data searches are based on intelligence leads about suspected terrorists. "We are not on a fishing expedition," Mr. Levey said. "We're not just turning on a vacuum cleaner and sucking in all the information that we can.""
Essentially they were given direct access to SWIFT's database without individual warrant. SWIFT also confirms this themselves on their site:
"How does SWIFT audit the US Treasury’s access to data?
SWIFT cares deeply about the privacy of its data, including its subpoenaed data. It has obtained substantial audit mechanisms which provide extremely high assurance that access to the data is limited exclusively to ongoing terrorism investigations. SWIFT has internal auditors on site who review every query. External auditors are also commissioned to provide additional assurance that all the protections and conditions are fully adhered to."
2. They are *agents* of financial institutions and specifically mentioned by this law.
Catch 22 situations occur when the two choices are interdependent
In this situation, your choice is:
Let the US spy on your data, or
Struggle to make a payment
It's not a catch 22 situation.
This is an example of what would be a catch 22:
America will want to spy on your data unless you pay them a 'registration fee', but you have to send this money via swift, meaning your choices are:
Don't pay, and give them leave to spy on your transactions or
Pay, using a service where you have to give them leave to spy on your transactions
Biting the hand that feeds IT © 1998–2019