In the wake of revelations about the National Security Agency’s surveillance programs, President Obama has acknowledged the imperative to balance privacy and security. But so far, his administration’s defense of the programs has failed to assure the public that this balance has been achieved — or that basic privacy rights and civil liberties are being protected.
Now that these programs have been leaked, Americans need to decide what this balance should look like. How do we devise a program that can allow the intelligence community to use big data and the latest technology to prevent terrorist attacks while ensuring we have not created a Big Brother state? In other words, how can we trust but verify?
We know because we’ve done it before.
In 2006, this newspaper revealed the existence of the classified Terrorist Finance Tracking Program, which was developed and overseen by the United States Treasury. T.F.T.P. was, and still is, run by the Treasury Department using information subpoenaed from the Society for Worldwide Interbank Financial Telecommunication. During the program’s first few years, one of us headed Swift; the other helped oversee T.F.T.P. at Treasury.
Swift is an industry-owned, global-financial-messaging system based in Brussels. Its transmissions carry financial messages for most of the world’s banks across borders. Swift’s data show who is transferring money, how much, and to whom, and contains specific identifier information. Soon after 9/11, Treasury began to subpoena Swift’s data to allow government analysts to track the movement of terrorist funds.
The Swift system doesn’t contain private bank account information. But if a terrorist financier in one country were sending funds to a terrorist in another, it would be in the data of subpoenaed Swift messages. The sender’s and receiver’s names and bank account information would also be in the message.
From the start, privacy and civil liberties protections were central to the program. Unlike the N.S.A., we assumed it would eventually have to endure public scrutiny — in America and abroad.
Given the importance and confidentiality of its data, Swift demanded that the government’s access be targeted and limited, preventing broad data-mining but allowing focused searches and analysis to prevent terrorist attacks. Searches for any other purpose were forbidden.
Both the Treasury and Swift ensured that the constraints on the information retrieved and used by analysts were strictly enforced. Outside auditors hired by Swift confirmed the limited scope of use, and Swift’s own representatives (called “scrutineers”) had authority to stop access to the data at any time if there was a concern that the restrictions were being breached. These independent monitors worked on site at government agencies and had real-time access to the system. Every time an analyst queried the system, the scrutineer could immediately review the query. Each query had to have a reason attached to it that justified it as a counterterrorism matter. Over time, the scope of data requested and retained was reduced.
This confirmed that the information was being used in the way we said it was — to save lives.
When European data privacy advocates and politicians objected to the program, the eminent French counterterrorism judge Jean-Louis Burguière was assigned to review the program in detail for the European Parliament. He reported in 2008, and again in 2010, that Treasury had complied with civil liberties protections.
The program was also highly effective. The financial intelligence it provided helped thwart terrorist attacks in America, Germany, Spain and Britain. Information gleaned from Swift databases provided thousands of leads — including ones that helped capture Al Qaeda’s principal representative in Southeast Asia and uncover a terrorist-financing network in New York City and Pakistan.
The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.
It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties. The Times’ revelation did damage to the effectiveness of the program while ignoring the innovations that balanced security and civil liberties.
The debate over T.F.T.P. was in many ways a precursor of today’s debate about the N.S.A.
To give American citizens confidence that their privacy isn’t being violated today, the government must demonstrate that there is adequate oversight of the programs and that constraints on the use of N.S.A. data are being respected vigilantly. The private companies that are affected should be briefed on how their data is being used and given some say in how the programs are structured, limited and defended in public. It’s possible that the government is already doing some of this — but the people must be told.
Ultimately, the Obama administration needs to demonstrate that the programs are not only valuable and legal, but also that the government’s use of that data can be constrained and verified.
Leonard H. Schrank was the chief executive of Swift from 1992 to 2007. Juan C. Zarate, a former assistant Treasury secretary, is the author of the forthcoming book Treasury’s War: The Unleashing of a New Era of Financial Warfare.