Thursday, January 07, 2016

The Terrorist Financing Tracking Programme (TFTP). In tension over terrorist finance – EU to US data transfer & privacy rights

Money Laundering Bulletin

The 'Freiheit statt Angst' (Freedom instead of fear) demonstration in Berlin in August 2014 , protesting against the mass surveillance of the NSA, GCHQ and BND, and in support of whistleblower Edward Snowden.

US intelligence has access to European Union citizens’ banking transfer records by virtue of a controversial 2010 agreement. Paul Cochrane examines the Terrorist Financing Tracking Programme, currently set for renegotiation.

The Terrorist Financing Tracking Programme (TFTP), used by the United States, and revealed by the media in 2006, remains cloaked in secrecy. Implemented by the US Department of Treasury following the September 11th attacks in 2001, it utilises data provided by the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT) through a private agreement.

Europol inspection

The transfer of financial data from the European Union (EU) to the US was legitimised through a EU-US TFTP agreement in 2010. Supervision of US data searches was henceforth assigned to EU police agency Europol.

The agreement was to be renegotiated this year, but talks have stalled over data privacy concerns, especially in the European Parliament. That said, an 'Umbrella Agreement' on all kinds of exchanges between the EU and the US was reached in September 2015 (1) - it mandates both sides to protect personal data exchanged during criminal and terrorism investigations. The deal followed four years of negotiations between the two jurisdictions and should cover the TFTP. Moreover, the 2010 TFTP agreement does not have a sunset clause and remains in force.

The programme, exposed by the New York Times in June 2006, caught the EU and nearly all 7,800 banks sending client data to SWIFT unaware that confidential information was being provided to the US Treasury. Although strongly condemned in the EU as breaching citizens' privacy rights, it was not annulled.

Snowden reopens debate

The TFTP came under renewed scrutiny following the 2013 revelations by American whistleblower Edward Snowden of widespread surveillance by the US' National Security Agency (NSA) of European governments. Leaked classified documents showed the NSA had access to SWIFT's internal data traffic, with one document from 2011 designating the SWIFT computer network an agency “target”.

“The Snowden revelations had a gigantic impact on the programme and US-EU relations,” said Camino Mortera-Martinez, a Research Fellow on Justice and Home Affairs at the Centre for European Reform, a UK think-tank, in Brussels. “Because of that we've seen stronger and more open discussions about privacy.”

In 2014, the European Court of Justice (ECJ) requested that EU governments and the US make the TFTP’s practices more transparent. Concerned that the EU might amend the agreement this year (2015), Adam Szubin, director of the US Treasury's Office of Foreign Assets Control (OFAC), has been actively lobbying the EU to keep the TFTP in place, arguing that it is essential to countering the Islamic State (IS).

What's yours is ours

An ongoing issue for the EU is the essentially one-way aspect of the TFTP. While Europol ensures data provided to the US complies with the Swift agreement, EU officials are not able to scrutinise documents of Europol's internal data protection committee, the Joint Supervisory Body. In January 2015, Washington prevented Europol from accessing classified data they had contributed, on the ground that parts of the report were compiled in the US.

“What is the US doing with the data? We don't know,” noted Dr Mara Wesseling at the Centre de Sociologie des Organisations at Sciences-Po, Paris. “It is probably link analysis and social network analysis, but we're not sure, as there is no public information, we have no oversight, and we have to believe it is efficient.”

Take it on trust

She added: “The number of data sets sent to Treasury is also secret. The Belgian Privacy Commission tried to find out, as European members of parliament [MEPs] want transparency on the volume of data, which is something the US doesn't want to disclose.”

According to the latest joint report (2013) on TFTP provided data by the EU Commission and the US Treasury (2), since 2001 the programme “has produced tens of thousands of leads and over 3,000 reports (which contain multiple TFTP leads) to counter terrorism authorities worldwide, including over 2,100 reports to European authorities.”

But other than such published figures, MEPs and most EU officials have largely been kept in the dark. To ease concerns, an EU TFTP overseer was appointed, who is privy to US intelligence. However, his identity is hidden for privacy reasons. “This is very mysterious as his role is to give more legitimacy and confidence in the programme, but at the same time we do not know the person,” explained Wesseling.

How successful has the TFTP been? That's the rub. We've collected all of this data, but just a few cases can be released to the public, and due to the very nature of it, like suspicious activity report (SAR) disclosures, we can't discuss it,” said Dr. Michelle Frasher, an independent research scholar previously affiliated with the European Union Centre at the University of Illinois at Urbana-Champagne.

Inside view

While SWIFT did not respond to questions from MLB about the issue, Europol did. A spokesperson said: “The TFTP is an important instrument to provide timely, accurate and reliable information about activities associated with suspected acts of terrorism or terrorist financing. It helps to identify and track terrorists and their support networks worldwide.” She added that more than 13,000 leads to support investigative activities have been generated by the TFTP to date: “The significance of the phenomenon of so called travelling fighters can also be identified from the TFTP. While in 2014 there were over 900 leads [from the overall number mentioned before] of relevance to 11 EU member states, the developments in 2015 show that since the beginning of the year, over 6,300 leads – of relevance to all 28 EU member states – were retrieved.”

A former FBI special agent, who set up and ran the US intelligence service's terrorist financing section, agreed that TFTP had “definitely provided a lot of good results”: Dennis Lormel, who now runs DML Associates, added, “I am definitely an advocate for that programme to continue, and surprised of the longevity it's had in terms of being kept secret. When I was involved - I can't speak of where it evolved to - it was extremely limited to terrorist specific threats. The perception that we are overstepping our authority or misusing information is totally wrong. It is one of the most tightly monitored programmes I've been involved in.”

Not such a bad idea

In July 2011, the European Commission outlined its plans for an EU-TFTP that would monitor suspects' financial transaction data in real-time, allow for searches of transactional data, and create a international communications system and database for suspicious transactions.

The plan has repeatedly been put on hold despite sporadic calls for its implementation, for example by the French government following the Charlie Hebdo attacks in January 2015. An EU-TFTP would be very dependent on whether the Swift agreement with the US is renegotiated.
“In my discussions with diplomats they are very tight lipped about TFTP and renegotiations, saying it is not going to be challenged,” said Dr Frasher. “There's plenty to believe that right now, but we're also seeing things happen like the Umbrella Agreement and France saying there needs to be a EU-TFTP.”

Expect more argument

Significant concern and opposition about sharing data with the US persists in member states and at the EU Commission and the EU Parliament. Furthermore, the Fourth EU Money Laundering Directive contains multiple references to data protection that will need to be addressed with regard to any information-sharing with Washington. “I expect the renegotiation of TFTP to be a bloodbath again if they open it up for discussion, particularly [with regard to] what the oversight is, as the European Council is up in arms about the lack of accountability,” said Mortera-Martinez. “The Council would need clear examples of how the TFTP has disrupted terrorism, but they can only do that after a plot is discovered.”

EU reforms to its data protection framework, currently grinding on, mean that many decisions face delay, not least until controls around the Passenger Name Record (PNR) database on flying in and out of the EU are resolved. “When the PNR is in place maybe an EU-TFTP would be on the table again,” Dr Frasher added.


1) Joint Report from the EU Commission and the U.S. Treasury Department regarding the value of TFTP Provided Data, 2013 -

Photograph by Markus Winkler, via Wikicommons

No comments: