http://www.insightmag.com Snoops and Spies By Timothy W. Maier The newest twist in the privacy wars: A federal regulatory proposal would bring Big Brother to your bank, where he'd be counting more than just your pennies the squirming beneath the microscope? George Orwell had it right in his dystopia novel Nineteen Eighty-Four, but he missed it by a decade. Big Brother wants bankers to create a dossier on every account holder. And a federal regulatory proposal dubbed "Know Your Customer" could do just that by turning bank tellers into snoops. If it sounds like something out of the X-Files, it isn't. Look for it at a bank near you. Welcome to the Orwellian dawn of the 21st century, where the lost age of Aquarius has become the new age of surveillance, bolstered by electronic cascades of personal information that are ever more readily accessible. Both liberals and conservatives increasingly are concerned about a society they fear is all too willing to surrender another layer of privacy in exchange for a false sense of security. Across the nation -- in Maryland, for instance -- camera cops are replacing the squad car. In New York, witnesses are frisked like suspects as part of a crackdown on violent crime. In New Jersey, critics charge that "Megan's Law," which requires child sex offenders to register with the local cops, turns neighbors into spies and vigilantes. In Chicago, U.S. Customs agents routinely strip search and probe body cavities of black females traveling internationally if authorities believe they fit a certain profile. Not personal enough? Ask your local motor-vehicle administration if they are selling your driver's-license photograph and personal data. Do you live in South Carolina or Florida? The authorities there have sold some 17 million such photographs to a New Hampshire company, claiming to be building a national database to identify theft. On Capitol Hill, medical-identity cards and even universal identity cards top political agendas, while the Federal Communications Commission hopes to turn your wireless telephone into a personal tracking device so the government can keep tabs on you -- for your own good, of course. And personal computers built by Intel Corp. were to contain silicon chips allegedly to protect electronic transactions but, as it happens, also to let marketers track consumers' every move in cyberspace. So it should come as no surprise that your trusted banker has been enlisted by Big Brother to help him watch every financial move you make. The Federal Deposit Insurance Corp., or FDIC, the Federal Reserve System, the Office of the Comptroller of the Currency and the Office of Thrift Supervision are frighteningly vague about how your banker should implement the program. However, the rule published Dec. 7, Pearl Harbor Day, in the Federal Register calls for uniform banking procedures to identify customers, establish their sources of money, note their "normal and expected transactions," watch for transactions that are inconsistent with the customer's "normal and expected transactions," report any transactions that are determined to be suspicious and place limitations on amounts that can be withdrawn at any one time. The regulators say Know Your Customer snooping is for your own good. The banks say hold it, they don't like it. It's costly and burdensome and an invasion of privacy, says John Byrne, senior counsel and compliance manager for the Washington-based American Banker's Association, or ABA. Byrne says it's not fair that banks are required to do this while broker dealers, insurance agencies and security dealers don't operate under the same requirement. He sees it as a substantial cost to community banks, which would be required to purchase hardware and software programs to conduct all of the spying. "We are concerned about the language of the proposal," Byrne says. "It's an intrusive requirement that banks are going to profile customers." Why should bankers be turned into federal snoops? The proposal is supposed to attack money-laundering techniques employed by drug traffickers and other criminals who hide illegal profits. Such methods include wire transfers, bank drafts and "smurfing," the practice of cutting transactions into lesser amounts that don't have to be reported as suspicious under the $10,000 bank-reporting laws established under President Reagan. Insight spoke with Richard Small, assistant director at the Federal Reserve and author of the proposed regulation. He says it won't be as costly as many bankers believe. Take that small bank in Kansas, he says. "They know everyone. They know the person. They may not have to tell them to show a driver's license. They aren't going to have to buy a new computer or software. We just want them to formalize their policy." Small says most banks already have Know Your Customer programs in place. In fact, a 1990 ABA survey claimed that 86 percent of the ABA's membership already employed such policies. One of those doing so is Terre Haute Savings Bank in Indiana. It publishes a list of suspicious banking activities, such as customers unwilling to provide identification information or a borrower who pays down a loan with no explanation of the source of funds. While many banks and citizens are decrying the proposed rule as an invasion of privacy, most see no problem with asking customers who aren't account holders to put their thumbprint on the check, Small observes. More than 16 states have adopted this as a rule, though it is not (yet) mandated by federal regulatory agencies. "I haven't heard any uproar about that," he says. Byrne says that's different. Banks that require it are protecting their customers by reducing check fraud, he says, noting that banks requiring fingerprinting have reported a 40 percent to 50 percent drop in fraud since implementing the practice. "The fingerprints don't go anywhere" unless the check doesn't clear, he says. Account holders, known to the banks, may not mind because they aren't being fingerprinted. But what about future customers? Sharon Weidenfeld, a Maryland private investigator, was a potential customer for NationsBank. That is, until she was ordered to surrender her thumbprint to cash a check there. "I thought they were going to take my mug shot next and it would be hanging on the post-office wall next week," says Weidenfeld. While fingerprinting as an internal policy may be some banks' idea of getting to know their customers, Small says the proposed rule is needed to ensure all banks and savings institutions have consistent policies. "Right now there is no standard or baseline," Small says. "We want to set up that baseline. We want a system to understand and identify the customer." For the average consumer, the proposed Clinton bank rule means banks would develop a profile of all your financial transactions on the bank's database. This would include a record of the amount of funds deposited each month, sources of income, weekly paycheck, Social Security, stocks and normal withdrawals. Any significant deviation from this pattern and the bank would be obligated to report the inconsistent transaction to a federal database. Then, zap! The FBI or perhaps the new kinder and gentler IRS might just give you a ring or request information and documentation of expenses and income. It's all part of the federal bureaucracy's "Minimum Security Devices and Procedures and Bank Secrecy Act Compliance Program." Solveig Singleton, director of information studies at the libertarian Cato Institute in Washington, doesn't like it. "The 'Know Your Comrade' regulations, I think, are a big step in the wrong direction," she says. "It's basically none of the bank's or government's business where [people] get their money and in what patterns they choose to spend it. Until someone is convicted of a crime, it isn't right to treat them like criminals." Barry Steinhardt, the American Civil Liberties Union's privacy expert, agrees. "This program turns the Fourth Amendment of the Constitution on its head," he says. "Banking records are personal records. People are sensitive about medical, bank and tax records. If they are disclosed you can lose a job or be investigated by the government. There has to be some probable cause. This affects everyone. Even little Johnny whose bank account swells after getting a Christmas present from his grandparents, or the average worker who gets a bonus and buys a new car, will trigger a suspicious-activity report. It's going to be cold comfort to be innocent of any wrongdoing if you are dragged before the IRS or [Drug Enforcement Administration] and asked to explain an unusual money transaction." Small says he doubts little Johnny's Christmas gift, a bonus or a one-time deposit from selling a car will trigger a suspicious audit, because he says similar transactions have not done so with banks that have Know Your Customer programs in place. "No bank in the country is going to report suspicious activity on a one-time deposit," he says. "Banks look for patterns." Steinhardt is not buying that assurance. The government has been successful in taking advantage of a passive society by either proposing or encouraging corporations or banks to collect everything from Social Security numbers to iris scans at automated-teller machines and pushing to place personal information on Smart Cards, Steinhardt warns. "Computer technology makes it possible to create this profile. The purpose is to track our movements. And all these things -- the iris scan, selling driver's-license photos -- increasingly are connected and ripe for abuse," Steinhardt believes. "We are told it is done for our own good," he says. "This kind of surveillance that takes place is dangerous. Big Brother is not talking to us from a screen, but Big Brother is watching us in a variety of different ways." But Internet law expert Chris Wolf, who represented the gay Naval officer who recently settled a privacy lawsuit with the Navy after the service illegally obtained information about the officer's sexual preference on America Online, says it's very unlikely abuse will occur as long as there is an avenue to sue for privacy violations. "Banks don't abuse private information they have already," says Wolf. "Look, very soon we will be using fingerprints as a password for computers. Privacy is given up these days because the technology is available. As long as there are strict safeguards in place, I don't think it's worrisome." No doubt some attorneys see a whirlwind of new business in lawsuits for invasion of privacy, but the new banking proposals have caught the ire of 12 members of the House Banking and Financial Services Committee, who fired off a letter to the federal regulatory agencies, saying the "unofficial profiling of transactions that are not regular and expected may discriminate against the poor (who are more likely to be unbanked) as well as racial and ethnic minorities." Meanwhile, the committee is convinced the cost of the proposed financial regulations would be excessive -- noting implementation of the Bank Secrecy Act cost more than $83 million -- and would lead to higher banking fees. The committee also opposes the regulation for privacy concerns, saying the rule would "essentially deputize tellers not only as law-enforcement agents but private investigators as well." . . . . Texas Republican Rep. Ron Paul of Texas, a member of the committee, refers to the proposal as the "Spy on Your Neighbor" rule and has sponsored a bill to kill the scheme should it be adopted. "[The proposal] is designed to invade the privacy of every single person in America," Paul tells Insight. "Banks will profile every person who makes a transaction. What this says is that government will consider you guilty until you're proven innocent. This is a very, very dangerous program. I am not even convinced it will catch any criminals." Charles Smith, chief executive officer of Softwar, who has been an outspoken privacy advocate against the government's plan to safeguard computers with universal encryption says, "The new proposal is not aimed at the drug war but at your wallet. The government overregulation of middle-class banking is almost a comedy routine. Soon, your average customer will be required to leave a skin sample --not for genetic-identification purposes -- but just to see how serious you are about cashing a check. The real criminals transfer monies through a variety of means that are left untouched by this example of overzealous bureaucracy. It is, however, typical of the Clinton administration to propose idiotic ideas for law enforcement that make us all feel good but, in reality, are of little use against organized crime." . . . . Federal Reserve regulator Small disagrees. The rule should help cut into the $300 billion to $500 billion illicit-money transactions that take place annually, or what some estimate to be as much as 3 percent to 5 percent of the gross international product, says Small. He points to a recent General Accounting Office, or GAO, report that suggests CitiBank had to violate its Know Your Customer program to help Raul Salinas, the brother of Mexico's former president who was just convicted in a 1994 assassination plot of a top Mexican politician. Salinas laundered millions of dollars from Mexico through New York to foreign accounts. FBI money-laundering chief John Kingston tells Insight there has been tremendous pressure internationally to create a uniform program. During the mid-eighties, 26 nations got together to work on money laundering and passed regulations and legislative plans to detect illicit-money transactions, including guidelines for Know Your Customer regulations. Most of those countries adopted it, but the United States has yet to come fully onboard, Kingston says. The GAO report claims that banks that follow the Know Your Customer policies see it as one of the "most important guidelines for detecting suspicious activity." "The FBI has relied on banks having policies, and for many years we have been thrilled and couldn't do our jobs without those policies," he says. "Now that they have formalized it -- it's even better. It will cause the few banks that don't comply to do so," Kingston says, noting that 15 to 20 percent of FBI resources are spent on illegal-money cases -- and most crimes contain an element of financial fraud. How effective are the Know Your Customer policies? Critics compare them to gun laws. Criminals find other means to obtain guns just as they do to launder money. Statistically, Kingston admits, it's difficult to measure because not all the cases go to trial. On average, about 6,000 bank-fraud convictions occur annually. In 1995, there were 957 convictions under the Federal Money Statute and some 2,034 indictments or informations charged. Kingston says the indictments often are dismissed in plea deals. "The Know Your Neighbor policies prevent the money launderer from using one channel of commerce. They won't risk going to a bank that asks too many questions," he says. Kingston says he can understand that some people might be upset about the personal questions in all of this. If an account holder deposited a large amount of cash after selling her car, "the worst-case scenario is the bank teller might try to make contact with the customer, saying they are double-checking big transactions," Kingston says. "One of two things is going to happen: The account holder is going to be very thankful or they are not going to like the fact that the bank is watching the account that closely." . . . . Judging from the responses that the federal agencies have received during a 90-day public-comment period, it appears people are not likely to say thank you. Most are outraged. "We have received a record-setting 10,000 comments -- an overwhelming number of them opposed," says FDIC spokesman David Barr, noting that many people complain about the cost burden and privacy issues and also see the procedures as ineffective crime measures. And how many support the proposal? "Ten," he says sheepishly, "just 10." Two politically polar opposites --the liberal California Bankers Association and the conservative Christian Alert Network -- are organizing campaigns against the rule. And some of the complaints appear to be coming from antigovernment groups convinced of a federal or banking conspiracy to undermine constitutional rights. The huge volume of negative letters and e-mail, however, suggests widespread fear of the slippery slope. An angry Texas couple writes, "So here's two peaceful parties, not hurting anyone, a banker and his or her customer. Now you are going to interpose yourselves between the two of them, and mandate that one of them should turn into a spy and a snitch, minding the business of the other? This is a VERY BAD precedent! What's next, the grocer having to track and report who's buying 'suspicious' amounts of beer?" A Florida doctor writes, according to the Associated Press, "Next you'll be implanting an electronic chip in newborns at birth so they can be scanned as they walk in banks as an adult." Many argue the proposed scheme is unconstitutional. Small dismisses that argument. He notes the Supreme Court has not given individuals constitutional protection over their banking records, since the Fourth Amendment does not apply to records held by third parties. Besides, he says, the federal Right to Financial Privacy Act limits the government's access to personal financial records unless subpoenaed. Asked about the public outrage, Small admits some of the words such as creation of a customer "profile" may have been misinterpreted and need to be rewritten to clarify the meaning. "We haven't made it clear enough in our explanatory language." Lisa Dean, vice president of technology for the Free Congress Foundation, a Washington-based conservative organization, has followed the proposal closely. She says the feds will rewrite the rule and "take out the buzz words," but it still will be a "violation of privacy and constitutional liberty." Steinhardt of the ACLU puts it this way: "The plain language of their proposal lays out a massive system of surveillance of banking customers. It requires banks to track income, spending habits. If they intended something more benign they weren't artful. And as more and more people become victims of invasion of privacy, you will see more outrage." FBI agent Kingston concedes the proposed regulation breeds a certain amount of distrust. "There always has to be a balance on whether benefits outweigh the intrusion," he says. "But in reality Know Your Customer has existed for many years. Nothing changes but to make it required. It has surprised me, this outrage." The outrage may be far from over if the proposal is instituted. Now, time is running out. The public-comment period ends March 8, at which time regulators will examine responses and then accept, revise or kill the proposal. If approved, banks must establish formal Know Your Customer programs by April 1, 2000. To comment on the proposed rule, write to Robert E. Feldman, Executive Secretary, Attention: Comments/OES, Federal Deposit Insurance Corp., 550 17th St. N.W., Washington, DC 20429. Comments also may be faxed to (202) 898-3838 or sent via e-mail to [EMAIL PROTECTED]
