Europol and CIA Data-Mine from SWIFT System

The SWIFT system was in the spotlight early on in the Ukrainian war instigated by Russia.  It was one of many sanctions against Russia, to sanction the use of the SWIFT system by designated Russian banks.  SWIFT provides secure financial messaging services to allow for financial transaction and payments across borders.  The SWIFT sanctions against Russian banks hurt the Russian economy because it became harder for Russians to transact business internationally.

With the sanctions on Russian banks, SWIFT gained a popularity rarely seen amongst financial systems.  Unfortunately for SWIFT, the more recent news about the system brings negative attention to the darling financial system.

It was recently revealed that SWIFT bulk data has been provided to Europol and to the US Treasury Department.  From the US Treasury Department, it made its way to the Central Intelligence Agency.

Based on the Terrorist Finance Tracking Program (TFTP), Europol was intentionally transferring data received from the SWIFT system to the US Treasury Department.  The US Treasury Department used AI algorithms on the SWIFT data and sent the results to Europol as well as some EU national authorities.  This had been going on since 2009.

By 2016 at the latest, the data began being sent additionally to the Central Intelligence Agency.  The CIA used the data to search for terrorists, but also for other purposes.  The TFTP 1) didn’t allow data mining; 2) didn’t allow the data to be passed to other authorities; and 3) didn’t allow the data to be used for other purposes.

In review:

1. Data mining itself was illegal under the TFTP.

2. Sharing the data with other governmental authorities was illegal under the TFTP.

3. Using the data for purposes other than the prevention, investigation, detection, or prosecution of terrorism or its financing was illegal under the TFTP.

Yet all three of those happened after the data was transferred to the CIA.

This was a violation of the privacy of millions of people.  This is why data transfers to the US are so concerning for EU residents and regulators.  Once the data crosses into the US, US intelligence agencies often want it and end up getting it not terribly infrequently.

As long as this remains the status quo, it will be difficult to achieve normalized data transfers to the US.

Being a privacy pariah is never a good look for a company.  Even though SWIFT had favorable attention recently and the US Treasury Department and CIA were the real wrongdoers in this instance, SWIFT still had their name mentioned and it was their data that was exemplified as being disclosed to the CIA and used for illicit purposes.  Its much better to be viewed as a privacy-conscious company than a privacy pariah.

Clarip can help with that.  Clarip helps companies with automated data subject request fulfillment, data mapping, website scanning, vendor management, consent management, and much more.

Email Now:

Mike Mango, VP of Sales
mmango@clarip.com