How can we trust but verify?
IN the wake of revelations about the National Security Agency’s surveillance programs, President Obama has acknowledged the imperative to balance privacy and security. But so far, his administration’s defense of the programs has failed to assure the public that this balance has been achieved — or that basic privacy rights and civil liberties are being protected.
Now that these programs have been leaked, Americans need to decide what this balance should look like. How do we devise a program that can allow the intelligence community to use big data and the latest technology to prevent terrorist attacks while ensuring we have not created a Big Brother state? In other words, how can we trust but verify?
We know because we’ve done it before.
In 2006, this newspaper revealed the existence of the classified Terrorist Finance Tracking Program, which was developed and overseen by the United States Treasury. T.F.T.P. was, and still is, run by the Treasury Department using information subpoenaed from the Society for Worldwide International Financial Telecommunication. During the program’s first few years, one of us headed Swift; the other helped oversee T.F.T.P. at Treasury.
Swift is an industry-owned, global-financial-messaging system based in Brussels. Its transmissions carry financial messages for most of the world’s banks across borders. Swift’s data show who is transferring money, how much, and to whom, and contains specific identifier information. Soon after 9/11, Treasury began to subpoena Swift’s data to allow government analysts to track the movement of terrorist funds.
The Swift system doesn’t contain private bank account information. But if a terrorist financier in one country were sending funds to a terrorist in another, it would be in the data of subpoenaed Swift messages. The sender’s and receiver’s names and bank account information would also be in the message.
From the start, privacy and civil liberties protections were central to the program. Unlike the N.S.A., we assumed it would eventually have to endure public scrutiny — in America and abroad.
Given the importance and confidentiality of its data, Swift demanded that the government’s access be targeted and limited, preventing broad data-mining but allowing focused searches and analysis to prevent terrorist attacks. Searches for any other purpose were forbidden.
Both the Treasury and Swift ensured that the constraints on the information retrieved and used by analysts were strictly enforced. Outside auditors hired by Swift confirmed the limited scope of use, and Swift’s own representatives (called “scrutineers”) had authority to stop access to the data at any time if there was a concern that the restrictions were being breached. These independent monitors worked on site at government agencies and had real-time access to the system. Every time an analyst queried the system, the scrutineer could immediately review the query. Each query had to have a reason attached to it that justified it as a counterterrorism matter. Over time, the scope of data requested and retained was reduced.
This confirmed that the information was being used in the way we said it was — to save lives.
When European data privacy advocates and politicians objected to the program, the eminent French counterterrorism judge Jean-Louis Burguière was assigned to review the program in detail for the European Parliament. He reported in 2008, and again in 2010, that Treasury had complied with civil liberties protections.
The program was also highly effective. The financial intelligence it provided helped thwart terrorist attacks in America, Germany, Spain and Britain. Information gleaned from Swift databases provided thousands of leads — including ones that helped capture Al Qaeda’s principal representative in Southeast Asia and uncover a terrorist-financing network in New York City and Pakistan.
The use of the data was legal, limited, targeted, overseen and audited.
via The New York Times – LEONARD H. SCHRANK and JUAN C. ZARATE
The Latest Streaming News: Privacy and security. updated minute-by-minute
Bookmark this page and come back often