Share and Share Alike

The Treasury Department is going to give more financial information to the intelligence agencies. Do you see a pattern here?

Reuters reports that the Treasury Department is going to give US intelligence agencies full access to a large amount of financial information that it obtains from banks and other institutions. This includes reports of money transfers that are routinely used to track terrorist and criminal finances around the world. 

A plan being drawn up by the Obama administration would link the Financial Crimes Enforcement Network (FinCEN) to the Joint Worldwide Intelligence Communications System (JWICS), which is essentially a classified intranet for the Defense Department and intelligence agencies. Those agencies already have had access to FinCEN data, but only on a case-by-case basis. Now, Reuters reports, agencies like the CIA and the National Security Agency are going to be plugged into the financial data network and have unprecedented ability to roam around. 

This would be an incremental change in policy. But don’t overlook its significance. 

More and more lately, the government is focusing on what agencies do with the data they collect, rather than the means of collection. US law is currently oriented mostly to regulate collection. And practically speaking, the government can collect a lot–a whole lot. 

It’s all the post-collection activity–the moving and shaping and sharing storing of information–that we know far less about. Who can see it? How long can an agency hold onto it? What kinds of technologies are applied to make sense of it?  These are arguably more important questions than how a piece of information was collected if you’re truly concerned about protecting privacy and civil liberties, and if you want to know whether that glut of information coming into the system is actually keeping the country safer.   

FinCEN is a good example of how collection really isn’t novel anymore. It has a massive a massive data set based on routine and voluminous standardized reporting from banks and other financial institutions. It most famously includes so-called suspicious activity reports that institutions are required to file whenever they notice transactions or money transfers that might indicate criminal activity. 

This collection occurs on a broad and massive scale. According to the Treasury Department, US financial institutions file more than 15 million suspicious activity reports every year about transactions that exceed $10,000. Only a fraction of them could involve criminal activity. But the end result is that if any significant amount of money moves from one set of hands to another through the US financial system, FinCEN is supposed to know about it. 

And what it knows tells investigators a lot about the nature of organized crime and terrorist networks. FinCEN was around before the 9/11 attacks, and it earned a reputation among investigators for being a well-run operation with useful tools for peering into money laundering operations and detecting fraud. After the terrorist attacks, it became the centerpiece in an interagency effort–i.e., a shared information effort–to track down the conduits of terrorist money, and by extension, the terrorist themselves. 

In the past few months, there have been other examples of the government shifting attention from collection of information towards  analysis and sharing among different agencies, on the theory that the more access analysts and investigators have, the more likely they are to crack a case or find a lead.

The National Counterterrorism Center is now allowed to hold onto information about airline passengers, international travelers, and a host of other categories for five years, a much longer period of time than previously allowed. 

The NSA has been sharing more information about cyber security threats with the Homeland Security Department, in an effort to protect critical infrastructure. And in the coming weeks that effort will be extended to the private sector, as the government gives threat signature data to US telecommunications companies, so that they can monitor their networks for malicious code and intrusions. 

Each of these changes involves information that the government already collects, legally. But from the administration’s perspective, information that sits in once place often loses its value. That explains the shift in policy at FinCEN and elsewhere. The information is flowing more freely now, and the volume and frequency of that flow is going to increase.