UK
---
By Philip Johnston, Home Affairs Editor
Last Updated: 6:49am BST 24/04/2007
The state now has 266 powers to draw upon when its agents want to enter homes, according to research.
A report from the Centre for Policy Studies says that an Englishman's home is less his castle and more "a right of way'' for police, local government officials and other bureaucrats.
English law has traditionally regarded a citizen's home as a privileged space
In the 1950s just 10 new powers of entry were granted by statute. In the 1980s and 1990s an extra 60 were added.
For the first time, Harry Snook, a barrister and the author of the study, Crossing the Threshold, has drawn together the full list of entry powers in the state's possession.
Force can be used in most cases.
The research comes at a time of heightened concern over the lengthening arm of the state, with ID cards around the corner and more sophisticated surveillance equipment being used to watch people.
Mr Snook says: "The state today enjoys widespread access to what was previously considered to be the private domain. Entry powers - some of which have their origins in EU legislation - have proliferated over recent decades.''
One of the most powerful bodies is HM Revenue and Customs whose officers can exercise a "writ of assistance" with almost unlimited rights of access.
Its holders can break into any private house to seize any goods which the customs officers believes are liable to be forfeit without seeking prior judicial approval.
However, Mr Snook discovered that HM Revenue and Customs does not keep a regular record of the use of this entry power.
advertisement
Under English law, a citizen's home has traditionally been regarded as a privileged space. Courts have insisted that servants of the state cannot enter a private home without the occupier's permission unless a specific law authorises them to do so.
However as the state's role in society has expanded so have the number of statutes that allow forcible entry.
"As a result of the proliferation and variety of entry powers, a citizen cannot realistically be aware of the circumstances in which his home may be entered by state officials without his consent, or what rights he has in such circumstances," says the report.
"Force can be used in the exercise of almost all these powers. In part this is due to its specific authorisation by law; in part to the courts' readiness to imply a right to use force on grounds of necessity."
It adds: "In many cases, discretion as to what is considered as reasonable behaviour in exercising an entry power is left to the judgment of those wielding the entry power.''
Laws now going through Parliament will give bailiffs additional powers to enter homes in pursuit of traffic penalty debts.
But Mr Snook says: "Many powers are drafted so broadly that the citizen has little or no protection if officials behave officiously or vindictively. Some carry draconian penalties for obstruction, including heavy fines and prison sentences of up to two years.''
His report says the disparate provisions should be harmonised under a new Act.
This should make clear that officials should always seek permission to enter a home; a reasonable time for entry should be specified; and state officials should always have to get a warrant before they can force entry to a private home.
Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Tuesday, April 24, 2007
Friday, April 13, 2007
Texas is amassing an unprecedented amount of information on its citizens
Features
April 20, 2007The Governor's Database
by Jake Bernstein
Piece by piece, Gov. Rick Perry’s homeland security office is gathering massive amounts of information about Texas residents and merging it to create the most exhaustive centralized database in state history. Warehoused far from Texas on servers housed at a private company in Louisville, Kentucky, the Texas Data Exchange—TDEx to those in the loop—is designed to be an all-encompassing intelligence database. It is supposed to help catch criminals, ferret out terrorist cells, and allow disparate law enforcement agencies to share information. More than $3.6 million has been spent on the project so far, and it already has tens of millions of records. At least 7,000 users are presently allowed access to this information, and tens of thousands more are anticipated.
What is most striking, and disturbing, about the database is that it is not being run by the state’s highest law enforcement agency—the Texas Department of Public Safety. Instead, control of TDEx, and the power to decide who can use it, resides in the governor’s office.
That gives Perry, his staff, future governors, and their staffs potential access to a trove of sensitive data on everything from ongoing criminal investigations to police incident reports and even traffic stops. In their zeal to assemble TDEx, Perry and his homeland security director, Steve McCraw, have plunged ahead with minimal oversight from law enforcement agencies, and even DPS is skittish about the direction the project has taken.
In researching TDEx, the Observer reviewed more than a thousand pages of documents from the Office of the Governor, DPS, and the Department of Information Management. We interviewed law enforcement officials as well as McCraw. The narrative that emerged from the records—disputed by McCraw—is a headlong pursuit of control through information hoarding for a project in search of a purpose. Along the way, money has been squandered, sensitive data potentially lost, and security warnings unheeded.
If information is power, Perry and his successors are about to become powerful in ways that are scaring civil libertarians, and probably should alarm every Texan.
Texas agencies already have plenty of information on all of us—driver’s licenses, fingerprints, and proofs of address, details we provide every time we renew our licenses, register a car, or vote. Then there’s every brush with the law, all the criminal convictions, prison records, and so forth. Much of that information is now scattered about in different agencies and locations. Never has it been pulled together for the ease of access that TDEx promises.
There’s also a less discernible realm of information that should perhaps concern the citizens of Texas more. In the course of doing their work, police agencies vacuum up enormous piles of tips, rumors, innuendo, guesses, false reports, and other useless material that they sift through to solve crimes and identify criminals.
Access to this massive trove of information—files on cases in progress, notes about “persons of interest” who may prove to be of no interest at all, details involving confidential informants—is closely guarded for good reason. Information worthless for solving a crime might be useful in other contexts. Like politics or personal revenge. The potential for abuse explains why access to existing federal and state crime databases is normally strictly controlled. Over the years—in the wake of scandals like J. Edgar Hoover’s secret FBI files and the increasing privatization of computer databases—federal regulations have evolved to ensure the safety of information and accountability for its use. Keeping a tight rein on who can access raw investigative data, and for what purposes, is supposed to prevent abuses large and small—from high officials who might misuse information for political purposes down to small town deputies who might be willing to sell information, or use it to track down an ex-wife’s new boyfriend.
The federal rules apply to states that accept federal money and ensure the integrity of law enforcement efforts. Under federal rules, a database like TDEx must be run by a criminal justice agency. According to the FBI and DPS, Texas Homeland Security is not a criminal justice agency.
McCraw, who has an extensive criminal justice background, including a stint as an assistant director of the FBI’s Office of Intelligence, has fought a pitched battle with DPS in his zeal to promote TDEx. Repeatedly DPS has raised concerns, chief among them whether the new database is even secure enough to keep unauthorized users from logging on because it lacks “advanced authentication” to ensure that people accessing the database are who they say they are. DPS is also worried that the same user could be logged on to the system multiple times concurrently.
Then there’s the problem of getting rid of bad data or faulty intelligence that finds its way into the system. Each agency that gives data to TDEx is responsible for the accuracy of its own information. But where once the mistake of a single police department was its own, TDEx offers the potential to amplify that error statewide.
To identify weaknesses within TDEx, a database manager with the DPS Criminal Law Enforcement Division, at the direction of his boss, easily defeated the security of the user registration process last summer. He did it by employing an accurate and relatively easily obtained agency identification number, and used one of his son’s e-mail accounts. In retaliation, Jack Colley, the governor’s director of emergency management, revoked the DPS staffer’s access to TDEx. After DPS complained, it was reinstated 11 days later.
McCraw says the audit and authentication issues raised by DPS have been resolved. He says that an on-again, off-again Texas Intelligence Council of law enforcement officials will eventually supervise TDEx. McCraw blames DPS reluctance to embrace TDEx on its fear of change. “You are going to see a strong resistance institutionally to move to new things,” he says.
Remarkably, in many ways TDEx seems to be an improvement over Texas Homeland Security’s first stab at a database run by a private contractor. On June 27, 2005, the Department of Information Resources, at McCraw’s behest, sent out a “request for offer” to vendors that could provide a “Solution for Local, Intra-State, and Inter-State Sharing of Offender and Other Investigative Data.” DPS was not consulted in the development of the offer request. The resulting contract given to Kentucky-based Appriss Inc. would initially be worth a little more than $759,000.
The information department, which handle’s the state’s computer needs, originally was supposed to monitor how well Appriss did the job, but that arrangement quickly ran into a problem. Under federal law—relevant because federal money was being used—the contract had to be overseen by a criminal justice agency. So McCraw simply designated the department as one. “I am writing to confirm the Texas Department of Information Resources (DIR) is an agency with law enforcement functions for the purpose of TDEx,” he wrote to Larry Olson, the department’s chief technology officer.
While TDEx was getting under way, on August 29, 2005, Hurricane Katrina hit New Orleans. As Texas cities filled with Louisiana refugees, panic over the possible arrival of a criminal element from New Orleans seems to have gripped some Texas authorities. McCraw proposed a separate database that would group traffic law enforcement information, DPS criminal law enforcement reporting, the Texas Rangers database, consumer records amassed by a scandal-ridden private data company called ChoicePoint Inc., prison records from Appriss, and criminal information from the Louisiana State Police. (There are differing accounts of whether polygraph information, the inclusion of which if not redacted could have violated state law, was also provided. McCraw says no.) A private vendor was to create a global search capability for all the unstructured data. This new database would then be made available to analysts at the Texas Fusion Center, a crisis management bunker operated by the governor’s Division of Emergency Management. McCraw rushed through a contract with Northrop Grumman Corp. for a database project to last until October 2006 at a cost of $1.4 million in federal homeland security funds.
“The Louisiana State Police has informed Texas officials that known criminals are among our evacuee population,” reads a statement of work for Northrop. “Moreover, we have been told that many of the individuals who were involved in heinous crimes at the Superdome are now a part of our evacuee population. There is a critical need to immediately collect and analyze criminal data related to evacuees and provide it to local law enforcement officials throughout Texas. This requires the rapid acquisition of information technology tools.”
McCraw says today that the purpose of the project was to help DPS coordinate its criminal justice information. According to several accounts, DPS officials resisted this “help,” and its Criminal Law Enforcement Division only handed over data—including open cases still under investigation—after being ordered to do so.
By the summer of 2006, it was clear that Northrop could not make the project function and that the threat from Katrina evacuees appeared to be overblown. In addition to the fact that it didn’t work, the project had multiple flaws. Chief among DPS’s concerns was that it was not clear who at Northrop had access to the data, or what had become of it.
In an e-mail on August 17, 2006, Kent Mawyer, chief of the enforcement division, wrote to McCraw: “... with the termination of the project, I will be notifying NG to confirm delete of all data from affected servers ... to include any backups and closure of the firewall.”
McCraw responded: “Please hold off on any deletions until I have an independent audit conducted to ensure there are no excuses for meeting operational requirements.”
Rather than go through the state auditor’s office, McCraw commissioned an audit of the project by a former colleague from his FBI days. She produced a five-page evaluation. Under a section on security, the audit read:
Operation of the system has been suspended by DPS primarily for security reasons. Other than a firewall, the system had no front-end security (no access control) and it also collected no audit data (nothing to record what users had done). During its brief operation, the data was available theoretically to anyone at the DPS IP address who typed in the web address for the system. NG asserts that security features were eliminated from the proposal to cut costs; this appears to have been an inappropriate solution in the absence of alternative security measures.
McCraw says some of the money for the Katrina project was spent on hardware and software that can still be utilized. He insists that the data DPS gave Northrop Grumman were eventually returned. Extensive public records requests have not revealed any documentation to that effect.
Control and security of data would be an issue with Appriss as well. Some of the difficulty stems from using private vendors to handle sensitive material. For McCraw, this is the future and the only way to operate. “What we are trying to build,” he says, “is an intelligence capability or intelligence-sharing capability. Not do it in the old ways, where it takes four years to roll out, and not do it where the government is going to do it, where it’s cost prohibitive, but to do it in a way that leverages the private sector’s capability and know-how.”
Fortunately, there are federal guidelines laid out by the FBI’s Criminal Justice Information Services Advisory Policy Board. As part of the CJIS guidelines, before a private vendor can handle sensitive material, its staff must undergo background and fingerprint checks. CJIS also contains policies governing the operation of computers, access devices, circuits, hubs, routers, firewalls, and other components that comprise and support a network.
According to DPS, as of April 11, Appriss is still not CJIS compliant. McCraw disputes this. “DPS is wrong,” he says. “We’re more in compliance with CJIS security requirements than CJIS.”
McCraw knows from experience that larger Texas police departments will not give their files to a system that is not CJIS compliant for fear of compromising their data. DPS has heard from the McAllen and Plano police departments, which have voiced concern over TDEx for this very reason. And it’s not unfounded.
As late as October 2006, more than a year after Appriss signed its contract and after receiving sensitive data from the Texas Rangers and the state Highway Patrol, Appriss had not given Texas authorities fingerprints or background checks of all its employees handling the data, according to e-mails obtained by the Observer. There were also questions about the security of the company hired to shred documents for Appriss. (McCraw says all background checks have since been completed.)
In hope of providing some form of monitoring over the Appriss facilities, Texas DPS authorities began discussions with the Kentucky State Police to make them a “supervisory” criminal justice agency for site security. No agreement was formalized. In a recent interview, McCraw insists that there are sufficient safeguards and it’s no longer necessary. “In today’s world, where the warehouse is doesn’t matter, as long as it’s in complete compliance with all the security protocol and ... you have the ability to audit at any time,” he says.
Others disagree. “Once that data leaves, you’ve lost control,” says one law enforcement official knowledgeable about TDEx who requested anonymity.
One sticking point for DPS was how Appriss would provide a statewide network to deliver the information that would be sufficiently secure. There was one available: the FBI’s Law Enforcement Online network. DPS urged Appriss to use it. McCraw nixed the idea. “... my concerns with LEO is simply this: If it is not funded or there are other FBI priorities as in the past we lose,” McCraw e-mailed a DPS supervisor from his Blackberry.
Because of these and other issues, the DPS’s Criminal Law Enforcement Division decided that despite McCraw’s objections, it would only provide TDEx with information on closed cases.
In some ways, TDEx’s goals are not necessarily bad. The need for law enforcement agencies to better communicate and share information with each other has been widely recognized by the 9/11 Commission, among others. But even if the TDEx system could solve its significant security hurdles and manage to function as intended, there would still be the issue of its control by the governor’s office.
Asked about the dangers involved in allowing a political office to control such a database, McCraw replies, “I’m the only one [from the governor’s office] that has access to TDEx, and the reason I have access to it now is not because I need it, but because I’m just testing its capability.”
When it was pointed out that Jack Colley, director of the governor’s emergency management division, also had access, McCraw backtracked and took refuge in the idea that no matter who the user, there would be an audit trail of their searches.
Civil libertarians are not assuaged by this kind of answer. “Criminal intelligence data should be in the hands of a professional law enforcement agency that has distance from the political pressures on elected officials,” says Rebecca Bernhardt, immigration, border and national security policy director for the Texas ACLU. “How can we be sure that we will never have a governor who will misuse this power?”
Rather than take a serious look at these issues, the Texas Legislature seems intent on giving Perry even more power. The governor is pushing an appropriation of $100 million for border and homeland security. Presumably, some of that money would be used for TDEx. House State Affairs Chairman David Swinford, a Dumas Republican, is offering House Bill 13, “relating to homeland security issues.” The bill is scheduled for hearing on Friday, April 13. Leading up to the hearing, the bill’s content was a bit of a moving target. Two days before the hearing, there already had been two committee substitutes, with the possibility of a third on the way. The most recent version had a provision that reads: “The Department of Public Safety of the State of Texas shall provide to the State Office of Homeland Security any criminal intelligence information that the director of the State Office of Homeland Security determines is relevant to Homeland Security operations.”
Asked about this provision, McCraw vowed that it would not be in the final version. “I’m sure there are some that think I was conspiring to take over criminal intelligence,” he says. “I got enough problems tying my shoelaces; it’s not about one agency, it’s about multiple agencies working as a team.”
Meanwhile, the Perry Alliance Network paid for by Texans for Rick Perry has been sending out e-mails in support of Swinford’s bill.
What did you think?
Please share your thoughts and opinions about this article by sending an e-mail to editors@texasobserver.org.
Thursday, March 29, 2007
Largest ever credit-card number theft at US retailer TJX
Posted on : 2007-03-29 | Author : DPA
News Category : US
Washington - At least 45.7 million customer credit and debit card numbers have been stolen from major US retailer TJX after the company's computer system was hacked, the company said Thursday. The numbers were published in TJX's annual report to the US Securities and Exchange Commission (SEC).
It was "the biggest breach of personal data ever reported," The Boston Globe said in its online edition Thursday.
According to TJX, the theft of personal data happened over an 18- month period. The company on Thursday gave the first concrete figures relating to the computer system break-in which had already been made public in January.
Data from its computer system in Britain was also stolen, the retail giant said.
The stolen information related to transactions dating back to December 2002.
TJX owns a number of department-store and retail chains in the US, including T J Maxx, Marshall's and A J Wright, as well as Winners in Canada and T K Maxx in Britain and Ireland.
The company's profit in the last financial year was 776.8 million dollars on turnover of 17.4 billion dollars. Altogether, TJX owns some 2,466 shops.
News Category : US
Washington - At least 45.7 million customer credit and debit card numbers have been stolen from major US retailer TJX after the company's computer system was hacked, the company said Thursday. The numbers were published in TJX's annual report to the US Securities and Exchange Commission (SEC).
It was "the biggest breach of personal data ever reported," The Boston Globe said in its online edition Thursday.
According to TJX, the theft of personal data happened over an 18- month period. The company on Thursday gave the first concrete figures relating to the computer system break-in which had already been made public in January.
Data from its computer system in Britain was also stolen, the retail giant said.
The stolen information related to transactions dating back to December 2002.
TJX owns a number of department-store and retail chains in the US, including T J Maxx, Marshall's and A J Wright, as well as Winners in Canada and T K Maxx in Britain and Ireland.
The company's profit in the last financial year was 776.8 million dollars on turnover of 17.4 billion dollars. Altogether, TJX owns some 2,466 shops.
Tuesday, March 27, 2007
FBI Provided Inaccurate Data for Surveillance Warrants
By John Solomon
Washington Post Staff Writer
Tuesday, March 27, 2007; A05
FBI agents repeatedly provided inaccurate information to win secret court approval of surveillance warrants in terrorism and espionage cases, prompting officials to tighten controls on the way the bureau uses that powerful anti-terrorism tool, according to Justice Department and FBI officials.
The errors were pervasive enough that the chief judge of the Foreign Intelligence Surveillance Court, Colleen Kollar-Kotelly, wrote the Justice Department in December 2005 to complain. She raised the possibility of requiring counterterrorism agents to swear in her courtroom that the information they were providing was accurate, a procedure that could have slowed such investigations drastically.
A internal FBI review in early 2006 of some of the more than 2,000 surveillance warrants the bureau obtains each year confirmed that dozens of inaccuracies had been provided to the court. The errors ranged from innocuous lapses, such as the wrong description of family relationships, to more serious problems, such as citing information from informants who were no longer active, officials said.
The FBI contends that none of the mistakes were serious enough to reverse judges' findings that there was probable cause to issue a surveillance warrant. But officials said the errors were significant enough to prompt reforms bureau-wide.
"It is clear to everybody this is a serious matter. This is something that has to happen quickly. We have to have the confidence of the American people that we are using these tools appropriately," said Kenneth Wainstein, the Justice Department's new assistant attorney general for national security.
The department's acknowledgment of the problems with the FISA court applications comes nearly two weeks after a blistering inspector general's report revealed widespread violations of the use of "national security" and "exigent circumstances" letters, which allow FBI agents to collect phone, e-mail and Internet records from telecommunications companies without review by a judge. The problems included failing to document relevant evidence, claiming emergencies that did not exist and failing to show that phone records requests were connected to authorized investigations.
In the use of both national security letters and the FISA warrant applications, officials acknowledged that the problems resulted from agents' haste or sloppiness -- or both -- and that there was inadequate supervision.
"We've oftentimes been better at setting the rules than we have been at establishing the internal controls and audits necessary to enforce them," FBI Assistant Director John Miller said.
FBI Director Robert S. Mueller III is scheduled to appear before the Senate Judiciary Committee today to answer questions about the use of national security letters. Congress will receive its annual report on FISA warrants next month.
Experts said Congress, the courts and the Justice Department share the blame for not conducting more aggressive oversight of FBI agents.
"It is a little too easy to blame the FBI, because the FBI gets away with this stuff when the other institutions of government fail to do their jobs," said Marc Rotenberg, president of the Electronic Privacy Information Center, which monitors civil liberties issues.
Records show that the FISA court approves almost every application for the warrants, which give agents broad powers to electronically monitor and surveil people who they allege are connected to terrorism or espionage cases. The number of requests rose from 886 in 1999 to 2,074 in 2005. The court did not reject a single application in 2005 but "modified" 61, according to a Justice Department report to Congress.
Senior Justice officials said they have begun a comprehensive review of all terrorism-fighting tools and their compliance with the law. That will be followed by regular audits and training to ensure that agents do not lapse into shortcuts that can cause unintended legal consequences.
Wainstein noted that before his division was created last year, the Justice Department could not systematically check FBI compliance with rules in all types of national security investigations. He acknowledged, for instance, that the department was told of 26 potential violations that the FBI had disclosed in its use of national security letters but did not focus on them.
Earlier this year, President Bush agreed to allow the FISA court to review surveillance requests from the National Security Agency after a battle with civil liberties groups and some lawmakers over the legality of that agency's spying effort, in which some suspects were overseas.
Last year's problems involving the FISA court, however, involved the issuance of secret warrants that authorized FBI agents to conduct surveillance inside the United States.
Shortly before the Sept. 11, 2001, attacks, the FISA court complained that there were inaccuracies in 75 warrants that the court had approved going back several years. The FBI responded by instituting new policies to better ensure that the information agents provided in warrant applications was accurate and could be verified if questioned.
But audits conducted beginning in 2003 showed an increasing number of errors and corrections in applications. On Dec. 12, 2005, the court sent a letter of complaint that raised the idea of agents being compelled to swear to the accuracy of information.
Justice and the FBI are reviewing about 10 percent of the 60,000 ongoing terrorism investigation files in search of problems. "We are learning to live in a different environment, and now we are aware and working on problems, and I think we are creating a lot of fixes," said Jane Horvath, the Justice Department's first chief privacy and civil liberties officer.
FBI officials said they expect the audit of national security letters for 2006 to show the same problems as those identified in the current audit, which covered 2003 through 2005.
"You are never going to be at a zero error rate because this is a human endeavor," Wainstein said. "Therefore it is subject to error on occasion. But we're going to do everything we can to minimize them."
Firms Using Govt 'Terror' Blacklist to Screen Customers
Ordinary Customers Flagged as Terrorists
By Ellen Nakashima
Washington Post Staff Writer
Tuesday, March 27, 2007; D01
Private businesses such as rental and mortgage companies and car dealers are checking the names of customers against a list of suspected terrorists and drug traffickers made publicly available by the Treasury Department, sometimes denying services to ordinary people whose names are similar to those on the list.
The Office of Foreign Asset Control's list of "specially designated nationals" has long been used by banks and other financial institutions to block financial transactions of drug dealers and other criminals. But an executive order issued by President Bush after the Sept. 11, 2001, attacks has expanded the list and its consequences in unforeseen ways. Businesses have used it to screen applicants for home and car loans, apartments and even exercise equipment, according to interviews and a report by the Lawyers' Committee for Civil Rights of the San Francisco Bay Area to be issued today.
"The way in which the list is being used goes far beyond contexts in which it has a link to national security," said Shirin Sinnar, the report's author. "The government is effectively conscripting private businesses into the war on terrorism but doing so without making sure that businesses don't trample on individual rights."
The lawyers' committee has documented at least a dozen cases in which U.S. customers have had transactions denied or delayed because their names were a partial match with a name on the list, which runs more than 250 pages and includes 3,300 groups and individuals. No more than a handful of people on the list, available online, are U.S. citizens.
Yet anyone who does business with a person or group on the list risks penalties of up to $10 million and 10 to 30 years in prison, a powerful incentive for businesses to comply. The law's scope is so broad and guidance so limited that some businesses would rather deny a transaction than risk criminal penalties, the report finds.
"The law is ridiculous," said Tom Hudson, a lawyer in Hanover, Md., who advises car dealers to use the list to avoid penalties. "It prohibits anyone from doing business with anyone who's on the list. It does not have a minimum dollar amount. . . . The local deli, if it sells a sandwich to someone whose name appears on the list, has violated the law."
Molly Millerwise, a Treasury Department spokeswomen, acknowledged that there are "challenges" in complying with the rules but said that the department has extensive guidance on compliance, both on the OFAC Web site and in workshops with industry representatives. She also said most businesses can root out "false positives" on their own. If not, OFAC suggests contacting the firm that provided the screening software or calling an OFAC hotline.
"So the company is not only sure that they are complying with the law," she said, "but they're also being good corporate citizens to make sure they're doing their part to protect the U.S. financial system from abuse by terrorists or [weapons] proliferators or drug traffickers."
Tom Kubbany is neither a terrorist nor a drug trafficker, has average credit and has owned homes in the past, so the Northern California mental-health worker was baffled when his mortgage broker said lenders were not interested in him. Reviewing his loan file, he discovered something shocking. At the top of his credit report was an OFAC alert provided by credit bureau TransUnion that showed that his middle name, Hassan, is an alias for Ali Saddam Hussein, purportedly a "son of Saddam Hussein."
The record is not clear on whether Ali Saddam Hussein was a Hussein offspring, but the OFAC list stated he was born in 1980 or 1983. Kubbany was born in Detroit in 1949.
Under OFAC guidance, the date discrepancy signals a false match. Still, Kubbany said, the broker decided not to proceed. "She just talked with a bunch of lenders over the phone and they said, 'No,' " he said. "So we said, 'The heck with it. We'll just go somewhere else.' "
Kubbany and his wife are applying for another loan, though he worries that the stigma lingers. "There's a dark cloud over us," he said. "We will never know if we had qualified for the mortgage last summer, then we might have been in a house now."
Saad Ali Muhammad is an African American who was born in Chicago and converted to Islam in 1980. When he tried to buy a used car from a Chevrolet dealership three years ago, a salesman ran his credit report and at the top saw a reference to "OFAC search," followed by the names of terrorists including Osama bin Laden. The only apparent connection was the name Muhammad. The credit report, also by TransUnion, did not explain what OFAC was or what the credit report user should do with the information. Muhammad wrote to TransUnion and filed a complaint with a state human rights agency, but the alert remains on his report, Sinnar said.
Colleen Tunney-Ryan, a TransUnion spokeswoman, said in an e-mail that clients using the firm's credit reports are solely responsible for any action required by federal law as a result of a potential match and that they must agree they will not take any adverse action against a consumer based solely on the report.
The lawyers' committee documented other cases, including that of a couple in Phoenix who were about to close on their first home, only to be told the sale could not proceed because the husband's first and last names -- common Hispanic names -- matched an entry on the OFAC list. The entry did not include a date or place of birth, which could have helped distinguish the individuals.
In another case, a Roseville, Calif., couple wanted to buy a treadmill from a home fitness store on a financing plan. A bank representative told the salesperson that because the husband's first name was Hussein, the couple would have to wait 72 hours while they were investigated. Though the couple eventually received the treadmill, they were so embarrassed by the incident they did not want their names in the report, Sinnar said.
James Maclin, a vice president at Mid-America Apartment Communities in Memphis, which owns 39,000 apartment units in the Southeast, said the screening has become "industry standard" in the apartment rental business. It began about three years ago, he said, spurred by banks that wanted companies they worked with to comply with the law.
David Cole, a Georgetown University law professor, has studied the list and at one point found only one U.S. citizen on it. "It sounds like overly cautious companies have started checking the list in situations where there's no obligation they do so and virtually no chance that anyone they deal with would actually be on the list," he said. "For all practical purposes, landlords do not need to check the list."
Still, Neil Leverenz, chief executive of Automotive Compliance Center in Phoenix, a firm that helps auto dealers comply with federal law, said he spoke to the general manager of a Tucson dealership who tearfully told him that if he had known to check the OFAC list in late summer of 2001, he would not have sold the car used by Mohamed Atta, who went on to fly a plane into the World Trade Center.
Staff researchers Bob Lyford and Richard Drezen contributed to this report.
By Ellen Nakashima
Washington Post Staff Writer
Tuesday, March 27, 2007; D01
Private businesses such as rental and mortgage companies and car dealers are checking the names of customers against a list of suspected terrorists and drug traffickers made publicly available by the Treasury Department, sometimes denying services to ordinary people whose names are similar to those on the list.
The Office of Foreign Asset Control's list of "specially designated nationals" has long been used by banks and other financial institutions to block financial transactions of drug dealers and other criminals. But an executive order issued by President Bush after the Sept. 11, 2001, attacks has expanded the list and its consequences in unforeseen ways. Businesses have used it to screen applicants for home and car loans, apartments and even exercise equipment, according to interviews and a report by the Lawyers' Committee for Civil Rights of the San Francisco Bay Area to be issued today.
"The way in which the list is being used goes far beyond contexts in which it has a link to national security," said Shirin Sinnar, the report's author. "The government is effectively conscripting private businesses into the war on terrorism but doing so without making sure that businesses don't trample on individual rights."
The lawyers' committee has documented at least a dozen cases in which U.S. customers have had transactions denied or delayed because their names were a partial match with a name on the list, which runs more than 250 pages and includes 3,300 groups and individuals. No more than a handful of people on the list, available online, are U.S. citizens.
Yet anyone who does business with a person or group on the list risks penalties of up to $10 million and 10 to 30 years in prison, a powerful incentive for businesses to comply. The law's scope is so broad and guidance so limited that some businesses would rather deny a transaction than risk criminal penalties, the report finds.
"The law is ridiculous," said Tom Hudson, a lawyer in Hanover, Md., who advises car dealers to use the list to avoid penalties. "It prohibits anyone from doing business with anyone who's on the list. It does not have a minimum dollar amount. . . . The local deli, if it sells a sandwich to someone whose name appears on the list, has violated the law."
Molly Millerwise, a Treasury Department spokeswomen, acknowledged that there are "challenges" in complying with the rules but said that the department has extensive guidance on compliance, both on the OFAC Web site and in workshops with industry representatives. She also said most businesses can root out "false positives" on their own. If not, OFAC suggests contacting the firm that provided the screening software or calling an OFAC hotline.
"So the company is not only sure that they are complying with the law," she said, "but they're also being good corporate citizens to make sure they're doing their part to protect the U.S. financial system from abuse by terrorists or [weapons] proliferators or drug traffickers."
Tom Kubbany is neither a terrorist nor a drug trafficker, has average credit and has owned homes in the past, so the Northern California mental-health worker was baffled when his mortgage broker said lenders were not interested in him. Reviewing his loan file, he discovered something shocking. At the top of his credit report was an OFAC alert provided by credit bureau TransUnion that showed that his middle name, Hassan, is an alias for Ali Saddam Hussein, purportedly a "son of Saddam Hussein."
The record is not clear on whether Ali Saddam Hussein was a Hussein offspring, but the OFAC list stated he was born in 1980 or 1983. Kubbany was born in Detroit in 1949.
Under OFAC guidance, the date discrepancy signals a false match. Still, Kubbany said, the broker decided not to proceed. "She just talked with a bunch of lenders over the phone and they said, 'No,' " he said. "So we said, 'The heck with it. We'll just go somewhere else.' "
Kubbany and his wife are applying for another loan, though he worries that the stigma lingers. "There's a dark cloud over us," he said. "We will never know if we had qualified for the mortgage last summer, then we might have been in a house now."
Saad Ali Muhammad is an African American who was born in Chicago and converted to Islam in 1980. When he tried to buy a used car from a Chevrolet dealership three years ago, a salesman ran his credit report and at the top saw a reference to "OFAC search," followed by the names of terrorists including Osama bin Laden. The only apparent connection was the name Muhammad. The credit report, also by TransUnion, did not explain what OFAC was or what the credit report user should do with the information. Muhammad wrote to TransUnion and filed a complaint with a state human rights agency, but the alert remains on his report, Sinnar said.
Colleen Tunney-Ryan, a TransUnion spokeswoman, said in an e-mail that clients using the firm's credit reports are solely responsible for any action required by federal law as a result of a potential match and that they must agree they will not take any adverse action against a consumer based solely on the report.
The lawyers' committee documented other cases, including that of a couple in Phoenix who were about to close on their first home, only to be told the sale could not proceed because the husband's first and last names -- common Hispanic names -- matched an entry on the OFAC list. The entry did not include a date or place of birth, which could have helped distinguish the individuals.
In another case, a Roseville, Calif., couple wanted to buy a treadmill from a home fitness store on a financing plan. A bank representative told the salesperson that because the husband's first name was Hussein, the couple would have to wait 72 hours while they were investigated. Though the couple eventually received the treadmill, they were so embarrassed by the incident they did not want their names in the report, Sinnar said.
James Maclin, a vice president at Mid-America Apartment Communities in Memphis, which owns 39,000 apartment units in the Southeast, said the screening has become "industry standard" in the apartment rental business. It began about three years ago, he said, spurred by banks that wanted companies they worked with to comply with the law.
David Cole, a Georgetown University law professor, has studied the list and at one point found only one U.S. citizen on it. "It sounds like overly cautious companies have started checking the list in situations where there's no obligation they do so and virtually no chance that anyone they deal with would actually be on the list," he said. "For all practical purposes, landlords do not need to check the list."
Still, Neil Leverenz, chief executive of Automotive Compliance Center in Phoenix, a firm that helps auto dealers comply with federal law, said he spoke to the general manager of a Tucson dealership who tearfully told him that if he had known to check the OFAC list in late summer of 2001, he would not have sold the car used by Mohamed Atta, who went on to fly a plane into the World Trade Center.
Staff researchers Bob Lyford and Richard Drezen contributed to this report.
Tuesday, March 20, 2007
Watchdog calls FBI abuses inexcusable
By MICHAEL J. SNIFFEN, Associated Press Writer 1 hour, 15 minutes ago
The FBI engaged in widespread and serious misuse of its authority in illegally gathering telephone, e-mail and financial records of Americans and foreigners while hunting terrorists, the Justice Department's chief inspector said Tuesday.
The FBI's failure to establish sufficient controls or oversight for collecting the information through so-called national security letters constituted "serious and unacceptable" failures, said Glenn A. Fine, the internal watchdog who revealed the data-gathering abuses in a 130-page report last week.
Testifying before the House Judiciary Committee, Fine said he did not believe the problems were intentional, but were generally the result of confusion and carelessness.
"It really was unacceptable and inexcusable what happened here," Fine said under questioning.
Democrats said that Fine's findings were an example of how the Justice Department has used broad counterterrorism authorities Congress granted in the wake of the Sept. 11 attacks to trample on privacy rights.
"This was a serious breach of trust," said Rep. John Conyers (news, bio, voting record), D-Mich., the Judiciary chairman. "The department had converted this tool into a handy shortcut to illegally gather vast amounts of private information while at the same time significantly underreporting its activities to Congress."
Rep. James Sensenbrenner of Wisconsin, the committee's former Republican chairman, said: "I hope that this would be a lesson to the FBI that they can't get away with this and expect to maintain public support," said "Let this be a warning."
Other Republicans, however, said the FBI's expanded spying powers were vital to tracking terrorists.
"The problem is enforcement of the law, not the law itself," said Rep. Lamar Smith (news, bio, voting record) of Texas, the committee's senior GOP member. "We need to be vigilant to make sure these problems are fixed."
Valerie Caproni, the FBI's general counsel, took responsibility for the abuses detailed in Fine's report.
"We're going to have to work to get the trust of this committee back, and we know that's what we have to do, and we're going to do it," she said.
In a review of headquarters files and a sampling of just four of the FBI's 56 field offices, Fine found 48 violations of law or presidential directives during 2003-2005 and estimated that "a significant number of ... violations throughout the FBI have not been identified or reported."
The bureau has launched an audit of all 56 field offices to determine the full extent of the problem. The Senate Judiciary Committee is to hear Wednesday from Fine and FBI Director Robert Mueller on the same topic.
A key concern in Congress is whether the USA Patriot Act, which substantially loosened controls over the letters, should be revised.
"Many of us have been saying that the potential for abuse of the Patriot Act's national security letter authority is almost without limit," Conyers said. "The Justice Department's total lack of internal control and cavalier attitude toward the few legal restrictions that exist in the act have possibly resulted in the illegal seizure of American citizen's private information.,"
In 1986, Congress first authorized FBI agents to obtain electronic records without approval from a judge using national security letters. The letters can be used to acquire e-mails, telephone, travel records and financial information, like credit and bank transactions. They can be sent to telephone and Internet access companies, universities, public interest organizations, nearly all libraries, financial and credit companies.
In 2001, the Patriot Act eliminated any requirement that the records belong to someone under suspicion. Now an innocent person's records can be obtained if FBI field agents consider them merely relevant to an ongoing terrorism or spying investigation.
Fine's review, authorized by Congress over Bush administration objections, concluded the number of national security letters requested by the FBI skyrocketed after the Patriot Act became law. Each letter may contain several requests.
In 2000, the FBI issued an estimated 8,500 requests. That number peaked in 2004 with 56,000. Overall, the FBI reported issuing 143,074 requests in national security letters between 2003 and 2005. In 2005, 53 percent were for records of U.S. citizens or permanent residents.
In a sampling of 77 case files in four FBI field offices, Fine discovered an additional 8,850 requests that were never recorded in the FBI's database, and he estimated there were many more nationwide.
The 48 possible violations Fine uncovered included failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.
Fine said the violations were unintentional, but that conclusion has been disputed by critics of the Patriot Act.
"What the inspector general documented shows a pattern of intentional misconduct that goes far beyond mismanagement," said Mike German, a former FBI agent who is a national security counsel to the American Civil Liberties Union. More than 700 "exigent circumstances" letters "said the FBI had already asked for grand jury subpoenas although the agents knew they hadn't."
Subscribe to:
Comments (Atom)