While The Guardian has published the most scoops from former NSA contractor and whistleblower Edward Snowden, the German newspaper, Der Spiegel, has posted its share of revelations from documents Snowden took with him from the NSA. The latest story shows the NSA managed to figure out how to infiltrate and search records of international VISA credit card customers.
Der Spiegel reports the NSA “widely monitors international payments, banking and credit card transactions,” according to documents from Snowden. They show a unit, “Follow the Money,” collects data that goes into the “NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records.”
“Some 84 percent of the data is from credit card transactions,” Der Spiegel notes. The transactions of large credit card companies, such as VISA, are targeted. “NSA analysts at an internal conference” in 2010 described how they had “apparently successfully searched through the US company’s complex transaction network for tapping possibilities.” The analysts sought access to data from VISA customers in Europe, the Middle East and Africa.
Documents from Snowden also showed Tracfin contains data from the Society for Worldwide Interbank Financial Telecommunications (SWIFT), which is a Brussels-based network that “thousands of banks in the world use to send transaction information securely.” SWIFT was a “target,” and the NSA managed to access data from SWIFT’s “tailored access operations” by reading “SWIFT printer traffic from numerous banks.”
This information builds off what was already known and reported by New York Times reporters Eric Lichtblau and James Risen in 2006 about the United States government’s use of financial records from SWIFT in investigations of alleged domestic or foreign terrorists. That story highlighted how the CIA and Treasury Department were collecting data without “court-approved warrants or subpoenas to examine specific transactions” and were “instead relying on broad administrative subpoenas for millions of records from the cooperative, known as SWIFT.”
European Union politicians have reacted angrily to news that the NSA is targeting SWIFT data. They have called for the “immediate suspension of a data-sharing agreement between the US and European Union”—the Terrorist Financing Tracking Program (TFTP), which provides the Treasury Department with data that Europe stores from SWIFT.
Globo TV in Brazil aired a report about a week ago that showed SWIFT, along with Brazil’s state-controlled oil company, Petrobras, had been targeted by the NSA.
German MEP Jan Philipp Albrecht reacted , “The revelations about NSA surveillance of Swift make a mockery of the EU’s agreement with the U.S. The NSA surveillance is an open breach of the agreement and further undermines the already insufficient data protection given to European citizens under the deal.”
Dutch deputy Sophie in’t Veld urged the TFTP be suspended so NSA revelations could be investigated. “New revelations are surfacing all the time about the extent of US spying on friendly allies and innocent civilians. It is increasingly evident that the NSA data tracking programmes go far beyond the fight against terrorism.” The agreement, Veld said, should probably not be continued if the revelations are true.
Analysts with the UK intelligence agency, GCHQ, seem to acknowledge that the spying on SWIFT is “concerning.”
According to Der Spiegel, documents show them admitting, “The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved ‘bulk data’ full of ‘rich personal information.'”
This news about the NSA’s targeting of international financial transactions—along with earlier reported revelations around the NSA and GCHQ compromising guarantees of companies by targeting encryption, which is used to protect online banking—suggest few banks or credit card companies can reassure their customers their data will be protected from interception because of the NSA’s capabilities and ongoing operations.