Jan. 19, 2007 – The Pentagon and the Central Intelligence Agency have come under fire for secretly obtaining Americanâ€™s financial records, but civil-liberties experts say the agencies could not have amassed the data without weak privacy laws and banksâ€™ lackluster commitment to customer confidentiality.
Especially after passage of the USA PATRIOT Act in 2001 â€“ which loosened what privacy watchdogs say were already weak financial privacy laws â€“ banks likely cannot be held liable for disclosing records to Defense Department or intelligence officials, even when those officials do not have a warrant.
Kevin Bankston, an attorney with the Electronic Frontier Foundation, told The NewStandard that banks took the easy way out and complied with the requests instead of challenging the government over the security of their customersâ€™ data. EFF defends internet privacy and other rights.
The New York Times first reported last week that the Department of Defense and the CIA have been issuing "national-security letters" to financial institutions nationwide, asking them to hand over the records of hundreds of Americans supposedly suspected of terrorism or espionage. According to the Times, banks have generally complied with the requests.
The Times also reported that the military will store the records even when its suspicions are unproven, in case they are needed for future investigations.
US law generally prohibits banks from disclosing data to the government, but it has several exceptions. For instance, banks must disclose data if served with a court order or if requested by the FBI for investigations related to national security.
The Patriot Act also made amendments to the Bank Secrecy Act, allowing banks to report "suspicious" activities to intelligence agencies. It also frees banks from legal liability for disclosing those activities, or for failing to tell customers they did so. Additionally, the Patriot Act included amendments that facilitated the sharing of financial information between government agencies.
Marc Rotenberg, director of the Electronic Privacy Information Center, likened the requests to "putting a tube to the customer records in the bank on one side and connecting it to the federal government without any determination that the law is being followed."
The banking industry itself admits that banks are reporting more information than before, citing Patriot Act compliance as justification.
"Banks want to protect their customers at the end of the day, but if the customers are exposing their banks to enormous risk, banks usually follow law-enforcement requests," American Banking Association spokesperson Aaron Albright told TNS. "Some banks have been fined for not filing enough suspicious bank reports," he added, "a lot of times because they havenâ€™t had guidance from the government. The government sometimes likes more information than might be useful to them."
The Patriot Act gave the FBI the authority to issue binding "national-security letters" requiring banks and other companies to secretly turn over requested records. The letters are not approved by a judge.
The Times investigation revealed the Defense Department and, to a lesser extent, the CIA are issuing similar letters, also unapproved by any court. But it does not appear banks are required to comply with those requests for information.
Some privacy advocates say banks neglected the confidentiality of their customers in their desire to avoid trouble with the government. James Dempsey, director of the Center for Democracy and Technology, asserts that if banks do not wish to comply with a Pentagon request, they can just ignore it.
Since none of the letters issued by the DoD or the CIA has been made public, it is unknown whether they spell out the voluntary nature of the requests.
Dempsey also said banks that handed records over to the Pentagon or the CIA were operating in a legal grey area by helping agencies not generally authorized to conduct activities domestically. Neither agency is supposed to be involved in domestic law enforcement, but the Bush administration claims both have the authority to conduct investigations to protect their own operations.
"Legal or not, this incidentâ€¦ does point to a pattern of the government secretly collaborating with businesses," said Bankston of the Electronic Frontier Foundation .
But it will be difficult for customers to hold banks accountable through the courts or through public pressure since the institutions do not disclose their compliance to their customers.
"As the government simultaneously seeks a great deal of information about American citizens, it claims for itself ever greater secrecy," Rotenberg said.
One reported target of the Defense Department surveillance was retired Captain James Yee, a former US Army chaplain who was the subject of an intense investigation for alleged spying in 2003, and who spent more than two months in solitary confinement. Yee, a Muslim, worked with prisoners at the US military detention center in GuantÃ¡namo Bay, Cuba.
Authorities dropped all of the charges against him in 2004.
Yee learned that the military had requested his financial records from the Times article, which cited "two unnamed military officials" as sources. Yee told TNS that the discovery left him wondering what other aspects of his life are under surveillance.
"What else are they doing now? Are they opening my federal mailâ€¦[Is] the government tapping this phone call right now?" he said.
Yee added that he is consulting his attorney and legal organizations to determine both the legality of the governmentâ€™s actions and whether banks violated their own privacy policies in handing information to the government.