Feeds

US violated world's privacy with secret SWIFT checks

SWIFT breaks EU law to comply with US law

3 Big data security analytics techniques

The US Treasury's Terrorist Finance Tracking programme had violated the privacy of up to 7,800 international financial institutions in its secret trawl through financial records held by the Belgian firm SWIFT.

The Belgian data protection registrar declared today that the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which handles financial transactions on behalf of banks and other financial institutions in G10 countries, had violated Belgian data protection law by complying with the US Treasury's secret investigation.

"SWIFT should have complied with its obligations under Belgian data protection law," said the opinion of the Belgian Commission de la Protection de la Vie Privee today.

The firm should have informed the Belgian authorities that it was handing its clients records over the the US, and it should have complied with rules regarding the transfer of its data to a foreign country, said the opinion.

It recognised the efforts SWIFT took to comply with the US subpoenas on its data. Pressured by the US to keep the violation secret, SWIFT took its own steps to protect the privacy of its clients' data as much as it could.

But this was not enough: "SWIFT made some substantial errors of judgement in complying with the American subpoenas," said the opinion.

"From the beginning, SWIFT should have been aware that the fundamental principles of European law were to be observed, apart from the enforcement of American law," it continued.

The US Treasury had demanded to examine SWIFT's records in a hunt for terrorist financiers after 9/11.

It had unlimited access to this data for an unspecified time. The opinion said that in order to protect the privacy of its client's data, SWIFT should have ensured that the US snooping of its records was proportionate, that they were only retained for a limited examination, that the investigation was transparent to the European authorities and so on.

Yet a spokeswoman for the Belgian data protection registrar said the office would not prosecute SWIFT. She could not say why, but the opinion gave a clue.

"SWIFT finds itself in a conflict situation between American and European law," it said.

SWIFT jumped on this concession. A statement attributed to the firm's CEO, Leonard Schrank, said: "The review has raised important issues about the balance between data privacy for consumer protection purposes and use of financial data for security and counter-terrorism purposes."

He called for the US and EU authorities to formulate an agreement that "reconciled data privacy protections with today's pressing security concerns."

The Belgian opinion was going to be adopted by the European Commission's Data Protection Supervisor and form the basis of opinions formed by the registrars of all 33 countries where campaigners Privacy International filed complaints about SWIFT's co-operation with the US programme.

The Belgian registrar said it was not in the remit of today's opinion to consider whether Belgium's financial institutions had also offended its data privacy laws. Some of them at least would have been aware of the US snooping through their membership of SWIFT's co-operative board. Central banks in all G10 countries were also privy to the investigation without telling the authorities. The European Parliament is considering on Wednesday whether the ECB should be implicated. The Register found this week that it was.®

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.