Yet another reason why I hate living in this country (the US). Various "security" agencies becoming paranoid and rapidly demanding that they get access to everything that foreign companies have.
Privacy chiefs have given Europe's banks a September deadline for alerting customers that their financial transactions could be tracked by US security agencies. Customers must be warned that even transactions within Europe could be monitored, they said. The new rules come from the Article 29 Working Party, a committee of …
This notification is OK, were it not for the fact there is no "true" competition in the UK and there is no real "European" market (e.g. Living in the UK, it's not practical to use a French high-street bank - unless they take over a bank in the UK in which case the level of choice is the same).
All that will happen is ALL the banks will say your data could be accessed by the US. There will be no choice and they will all act in the same way. This could be due to higher level policies - e.g. BASEL2 but it would be good to see one UK Bank break rank... Banking is really a gentleman's club and IMHO verging on a cartel.
SWIFT handed over their encryption keys to the US, which rendered the SWIFT sytem totally insecure. SWIFT uses a certificate based PKI (with SWIFT as the trusted 3rd party) for data transfer. So did they hand over all their users private keys, or just the transaction records from their database?
Reading the SWIFT website (http://www.swift.com/index.cfm?item_id=62260) I see that they will now store European data only in Europe, making it more difficult for the US authorities to get their mitts on the data.
I don't mind the fact that US authorities want to snoop.... what i do mind is the fact of the extreme reluctance of the US to reciprocate.... I think this should be stopped regardless of terrorism threat etc as there are (as always) unethical people out there who can turn an individuals life into a nightmare because they neglected to dot the i's and cross the t's
If you have no alternative but to use services provided by SWIFT (or any other financial service provider for that matter) then you just have to suck it up and allow your transactions to be monitored. Being told that they may be monitored doesn't win the customer anything in terms of privacy protection.
How about showing a little backbone and *not letting* transactions be monitored by outside agencies? I don't mind having a mechanism where external agencies could request certain data from EU law enforcement groups, with appropriate safeguards of course.
You can guarantee if a european security agency asked for the transaction data for a US citizen there would be no chance of that happening. They would be screaming that it was completely unconstitiutional and against there rights, but it is alright to walk over a european citizen rights.
If swift broke both EU and Belgium Law, then the EU, and Belgium should DO something about it, instead of just saying how naughty they were.
I consider Data Protection a serious issue, and I think decisive action against Swift would not only be appropriate, but would also let other companies know that giving our personal data to the (arrogant) American government is unacceptable.
Moreover, the 'action' that the EU takes against Swift should be such that companies will fear EU reprisal to giving the data away much more than they fear US reprisals for NOT giving them the data.
There's a principle at work here. Today it's USA putting pressure on SWIFT, tomorrow it will be Russia or China or Izbiquistangania, it becomes easier and easier to hand data over to ever smaller and smaller powers in the world. There's a lot more data being logged too, than bank transactions, what about health records, email logs, telephone call records, our DNA, our GSM logs (i.e. the location of every body with a mobile phone at all times).
Despite all the criticism, SWIFT continues to ignore EU law. They claim that having an onsite auditor of the search queries run against their data, makes it a legal search. SWIFT however has insufficient information to determine if those queries are run for the claimed 'terrorism' purpose, since it does not have access to the intelligence. Further, because the intelligence hasn't been run past a judge under oath, there's no comeback, should it turn out to be otherwise.
If the EU is unable to guarantee the privacy of internal communications within Europe to snooping by outside powers, they should get criminal sanctions to back up their words.
Better to do that now, rather than wait till it's the dictator of Izbiquistangania demanding our GSM location logs.
The thing that troubles me about this whole thing is that the US was unwilling to offer reciprocity of it's own data.
Surely if the key reason for wanting this information was for the prevention of terrorism, then Europe deserves equal access to US transactions to do it's own data mining.
Instead what we are left with as a result of the wekaness of SWIFT and the European courts, is a data "land grab" by the Americans with little or no actual evidence of need and no reciprocity in data provision. Given the historical use of similar information in the past, who is to say that the CIA/NSA may use this information to advance US commercial interests instead?
Somehow I find it hard to believe that Osama Bin Laden pays for his weapons via Paypal...
"If the EU is unable to guarantee the privacy of internal communications within Europe to snooping by outside powers, they should get criminal sanctions to back up their words."
I think if the EU government(s) are unable to guarantee our rights against illegal foreign infringement, it's time for us to replace whoever is in charge. I emphasize with the US's citizens, however wasn't it someone that their country respected very well that said something to the effect of all people being equal.
As an American I regret my countries policies and actions but, there are options besides cooperating fully.
I think that the banks could take the traditional approach of confidentiality, that such information will not be released or offered without a court ordered search warrant (approved by a judge). In other word tell the invewstigators to do their paperwork first as required by law in the US.
Lastly the banks could simply refuse to share the information at all with the US (and whether legal or not) and see what the US can do about it. After all ,Swiss banks for years operated among other things as a tax haven for American Businessmen like how banks in the Caymen Islands are used today.
I buy goods for my business from a couple of manufacturers in Pakistan and I pay by Bank Transfer.
If I pay more than £1000, I have to provide proof of ID before my Bank will allow the transaction through to make sure I'm not money laundering or funding terrorism or some such.
I don't doubt that this probably also now flags me up on some US DHS Watch List such that they would want to ask me a lot of questions were I to travel there.
Hmm, another reason not to go to the USA, then...
Obviously by reading the the comments above, I realize that many of you have no clue who or what SWIFT is. There is simply no alternate path for the trillions of dollars in financial data that travels the SWIFT network. It would create major headaches for international financial organizations if they "removed their servers from the US". This is a case of the US government being able to cripple banks by forcing SWIFT to shutdown.
As to demanding US reciprocity, what data are you suggesting that "the US" share. Financial data does not belong to the US government. So in that respect there is nothing for them to "share" with the EU. If the government in the UK wants to investigate financial data according to it's laws, more power to it. Any American financial data that traverses devices and networks in the UK is fair game if some law allows it to be inspected.
I believe that the true issue here is that SWIFT failed to notify its users of the data seizure. I would be concerned with the integrity of their data in those circumstances. Of course the users in question are huge banks, not the account holders at those banks. So Im not sure who they should have informed.
The US doesn't need to rule the world. We're a large enough economic power that we can just hint at a threat to cut off a company / industry / country from our markets to motivate just about anyone to do anything we want. And the world considers our government stupid enough to do something rash like that, even if it would have negative consequences on our own economy.
The world isn't a series of seperate countries, they're all tied together and interdependant enough that some of the larger ones can get irritated and really just wipe away some of the smaller ones without much effort at all. Its not really a terribly settling idea, but its rather true. The only reason it hasn't happened yet is that the threat of such action is still enough to get results.
"And the world considers our government stupid enough to do something rash like that, even if it would have negative consequences on our own economy."
That's not by accident. It's in America's interests to have the rest of the world consider them to be slightly unhinged. It's amazing how helpful people can be when there's the possibility of their country being turned into glass.