Reason Magazine

Show Us Your Money

The USA PATRIOT Act lets the feds spy on your finances. But does it help catch terrorists?

John Berlau from the November 2003 issue

(Page 3 of 3)

FinCEN apparently was so busy processing paperwork that it ignored the valuable advice of one of its experts -- advice that many say could have led to the Al Qaeda money trail. Patrick Jost, who came to FinCEN in the '90s with an atypical background as a jazz musician, linguistics instructor, and video game programmer, was an expert on hawala, the shadowy, informal system of money trading in South Asian and Middle Eastern countries that leaves a very faint paper trail. In a hawala transaction, someone from Pakistan living in America could send money back home by paying a U.S. vendor, who in turn would contact a trusted partner in Pakistan, who would give the money in local currency to its intended recipient. The money technically never leaves the U.S. It is a money transfer without money movement. Although hawala is often used for innocent purposes such as sending money to relatives, in the late '90s there was already evidence that it was being used by terrorists. As Jost documented in a 1998 paper he co-wrote for Interpol, terrorists used hawala to finance a series of bomb blasts in Bombay, India, in 1993.

William Wechsler, head of a White House working group on terrorist financing, met with Jost in 1999. Wechsler recalls that after hearing Jost's explanation of hawala, he spread the word to counterterrorism experts in the government, many of whom contacted Jost for help. Jost was also doing research on other aspects of terrorist financing, such as the countries terrorist money flows through. But FinCEN, even though it was charged with helping law enforcement track criminal money laundering, instructed him to decline Jost's offer of assistance and discouraged him from pursuing further research on terrorism financing. Jost told The Washington Post in 2001 that FinCEN Director James Sloan and Chief of Operations Connie Fenchel "didn't want FinCEN to pursue this line of work." According to the Post, after being "made to feel unwelcome, Jost left government in June 2000." (Jost and FinCEN officials declined to comment for this article.)

Wechsler recalls that the issue of terrorism did not seem to be a high priority for FinCEN, which appeared much more interested in processing data for the drug war. "FinCEN, along with the rest of the federal law enforcement community, for too long assigned far too low a priority to understanding the nature of and the threat from underground remittance systems, like the hawala network," he says.

Now that supposedly has changed. FinCEN has set up a toll-free number for banks to report transactions they truly think are suspicious, and the Treasury Department has a targeted "watch list" of suspected terrorists for banks to report on. But FinCEN and other agencies will still be inundated with an even bigger flood of reports about mostly legal financial transactions, thanks to the mandates of the BSA and the PATRIOT Act.

Wechsler, along with other Clinton administration officials such as Treasury Undersecretary Stuart Eizenstat, supported the expansion of "suspicious activity" reporting. (He proudly claims that "there are a lot of provisions of the PATRIOT Act that the Clinton administration had asked for.") He argues that new technology will be able to sift through the data. "We should spend the money that it takes to make sure we are able to use the information as effectively as possible, and that we are able to give back to the banking community the after-action reports, how it was used," he says. "But all of those are marginal questions compared to the overall statement that this is way too burdensome and useless. It's nonsense; it's very useful."

Yet for 30 years agencies have said technology eventually would be able to pinpoint the needle in this enormous haystack, and the elusive technology has yet to appear. The Pentagon's Total Information Awareness (TIA) project was aimed at developing methods to sift through huge volumes of data from public and private sources, looking for patterns that could indicate terrorist activity. After a loud public outcry about the privacy implications, Congress voted earlier this year to deny the project funding. Now the Pentagon is trying to revive it under a new name, Terrorism Information Awareness.

Missing Human Intelligence

Professional criminals often know the banking laws and how to get around them. And terrorist money, without prior intelligence, appears to be even harder to track than drug money. While large cash transfers can occasionally tip off authorities to drug activity, terrorists leave few telltale financial signs. As Jost pointed out in Senate testimony in late 2001, money used for terrorism often comes from legal businesses and charities. "With a certain amount of simplification, money laundering and terrorist financing are opposites," he said. "In money laundering, dirty money becomes clean; in terrorist financing, clean money become dirty."

Take the September 11 hijackers. The only way we know of that any of them broke the law prior to the attacks was by overstaying their visas. They gave no signs to the financial institutions they dealt with that they were plotting something sinister. "The terrorists didn't spend a whole lot," observes Richard Rahn, a senior fellow at the Seattle-based Discovery Institute and the author of The End of Money and the Struggle for Financial Privacy. "They stayed in cheap hotels, ate in cheap restaurants and rode in cheap rental cars....And so these measures that are promulgated to try to just collect financial information willy-nilly are not really very useful." Bert Ely, the banking consultant, noted in his Free Congress Foundation paper that "the FBI has estimated that the Sept. 11th hijackers spent just $500,000 over more than a year carrying out their diabolical acts. Payments moving through the U.S. financial system average $1.7 trillion per business day."

A SunTrust bank in Florida did file an internal report, as required for wire transfers of $3,000 or more, on money received by 9/11 ringleader Mohammad Atta, which came from the United Arab Emirates in 2000 and totaled more than $100,000. But "there was nothing unusual in the way those accounts and transactions were opened or maintained," says SunTrust spokesman Barry Koling. The only possible tipoff was that the money came from the UAE, which Jost had identified in his 1998 Interpol report as a hotbed of hawala and terrorism financing. But FinCEN apparently had not issued any warnings about the UAE, as it had about Colombia and other hot drug spots.

That oversight illustrates the importance of what's called "human intelligence." Both privacy and national security advocates say that since the advent of massive data- bases and laws like the BSA, the government too often has relied on technology as a savior and disregarded the importance of human sources, both experts in the field and snitches among the bad guys. FBI veteran Revell says that in his major cases, it was the informant who led to the financial data, not the other way around. "When we were investigating the skimming of the casinos by the mob in Las Vegas [in the late 1970s and early '80s], we had to have intelligence on how it was being done before we could really determine evidence of how it was being done," he recalls. "The development of informants within the mob's control structure of Las Vegas led us to be able to discover the money laundering and to bring charges and wipe the mafia out in Las Vegas."

Even data mining experts say the most advanced technology is useless without human intelligence. "The data won't do anything unless you ask the right questions," says Marc Epstein, CEO of Data Mining International, a Los Gatos, California, firm that makes software for the U.S. Customs Service and other law enforcement agencies. Epstein says that before the government starts collecting massive data for a TIA-style program, it should make better use of the data it has. He says there is much that can be gleaned simply from the customs data of goods going into and out of the country. "From a pure law enforcement point of view, putting aside privacy concerns, more information is better," Epstein says. "But we're not using the information that we have well."

30 Years of Failure

There are plenty in the tech world who would take issue with Epstein's assertion that more information is always better. Software engineer Bruce Schneier, for example, has written about the inevitable problem of "false positives" in a large database. Passengers at airports are already seeing the effect of false positives that mistakenly put them on "no fly" lists, presumably because their names are similar to those of terrorists or criminals. Recent press reports have chronicled the travails of several men named David Nelson, including the actor who played himself on the popular '50s TV show The Adventure of Ozzie and Harriet, who have been delayed or prevented from catching their flights because the name mysteriously set off an alarm in an airport computer.

"When you are scanning a population that is composed of hundreds of millions of people, and the class of criminal you're looking for is a couple hundred or a couple thousand, there are no tools available, and there are almost certainly never going to be tools available, with the sophistication to focus almost exclusively on the bad guys," says Bob Gellman, who in the '90s acted as chief counsel of a House subcommittee on privacy and technology. Gellman says data mining's success in the private sector will never translate to law enforcement because a different level of precision is required. "If direct marketing companies, with all the research they do, get a 3 percent response rate, they're ecstatic," Gellman says. "And these are smart people with lots of data and lots of motivation because they're making money, and they can't do much better than that."

In the debate over the PATRIOT Act and other broad surveillance measures, the Bank Secrecy Act should be thought of as a 30-year experiment in subverting the Fourth Amendment. The experiment has imposed tremendous costs on individual privacy and the economy (even before 9/11, the banking industry was estimating compliance costs of $10 billion a year), with few tangible results in stopping crime and even fewer in preventing terrorism. Getting back to the standards of the Fourth Amendment is a good idea, not just for securing privacy but for making law enforcement and intelligence agencies more focused and effective at stopping criminals and catching terrorists.

"Most police officers, I find, have very high regard for and deference to the Fourth Amendment," says Bob Barr, the former CIA agent and U.S. attorney who served as a Republican congressman from Georgia for eight years and is now a consultant on privacy issues for the ACLU and the American Conservative Union. "I think they understand, perhaps better than a lot of bigwigs, that it is there to protect them and to help keep them focused as well as to protect the individuals."