Talks on sharing bank details with US prompt privacy concerns


EUROPEAN DIARY:Past clandestine CIA operations have made some MEPs sceptical about counter-terrorism intelligence sharing, writes JAMIE SMYTH.

THE EU has agreed to begin talks with the US aimed at agreeing to share information on European citizens’ bank transactions for use in counter-terrorism investigations.

EU foreign ministers gave a mandate to EU diplomats yesterday to negotiate a new interim deal with the US treasury to allow it to continue to access Swift, a Belgian firm owned by leading banks that facilitates international cross-border financial transactions.

An existing EU-US deal signed in 2007 is due to run out later this year when Swift moves a key internet server at the centre of its network from the US to the Netherlands.

“We must negotiate an agreement based on reciprocity rather than allowing the US to continue as they have up until now as if they were top dog,” EU justice commissioner Jacques Barrot told sceptical MEPs on the European Parliament’s civil liberties committee last week. He also warned them that without a deal a “security gap” would open up in the fight against terrorism.

It’s hardly surprising that some MEPs are sceptical about allowing the US authorities to sift through EU citizens’ bank records. US security agencies secretly began monitoring Swift after the September 11th terrorist attacks without informing EU states or making details of the programme public in the US.

The existence of the Terrorist Finance Tracking Programme (TFTP) only became known in Europe when the New York Timespublished the story in June 2006, despite warnings from the White House that publication would compromise US security.

The paper reported that the CIA was directing the TFTP programme to sift through the estimated $6 trillion daily payments between banks and other finance firms to search for terrorist financing. The clandestine programme relied on executive powers deployed by President Bush in the wake of the September 11th attacks and Congress was not informed about the programme until after the story was published.

News that the US was secretly monitoring the banking transactions of Europeans caused a storm of protest in Europe. Many EU states, particularly Germany, are very sensitive about data protection given the history of massive state surveillance on citizens living behind the Iron Curtain during the Cold War.

The Swift affair further soured relations between the US and EU, which had already deteriorated as a result of Bush’s cavalier attitude to international law regarding the extraordinary rendition programme and the Guantánamo Bay detention centre.

An investigation into Swift in 2006 ordered by Belgium prime minister Guy Verhofstadt found the company had broken EU privacy rules. “Swift finds itself in a conflicting position between American and European law,” said Verhofstadt at the publication of the investigation’s findings. “But it should have received stronger guarantees of privacy protection based on European standards – not by American standards, which are not as strong.”

Following this report in June 2007 the EU and US introduced measures to ensure the TFTP monitoring complied with EU data protection regulations. For example the US agreed banking records obtained could only be used to investigate terrorism and not for any industrial or commercial purposes. This is more restrictive than a similar EU-US deal on airline passenger data where the information can be used by the US authorities to combat serious crime. The US also agreed to delete information that is not relevant to terrorist investigations after five years and to allow an EU expert to review its TFTP monitoring on an annual basis.

French judge Jean-Louis Bruguière – the first EU expert appointed to review the programme – said in February Swift data was being used purely for counter-terrorism and was being deleted in line with the deal. But his report has never been made public by the EU authorities and it is not known how much data has been requested by the US.

So why is there a need for a new EU-US deal now? The answer lies in a decision by Swift, which has been strongly criticised by EU politicians, to move one of its key internet servers from the US back to the Netherlands. This means the US authorities will not be able to subpoena Swift under US law to gain access to its network, which it believes will undermine its efforts to track down key sources of terrorist financing.

EU officials say the TFTP system set up by the US is invaluable to tracking terrorist financing and want to continue to provide the US with direct access to EU citizens’ banking transactions. “TFTP has prevented attacks in Europe and we are benefiting from the intelligence gathered by the US,” said one EU official, who admitted the EU doesn’t have the knowledge, finance or know-how to monitor banking transactions like the US.

But concerns remain over the talks, which some MEPs and privacy campaigners say will facilitate the “outsourcing” of intelligence service to the US.

“I’m completely mystified over why the EU wants to let the US have direct access to the data when the whole point of Swift moving its servers from the US back to Europe was to stop its security services getting unlimited access,” says Dutch MEP Sophie in’t Veld, who sits on the parliament’s civil liberties committee.

An interim deal on the sharing of the banking information is expected to be agreed by negotiators in the autumn before Swift moves its servers to Europe. A final deal is expected to be negotiated when, or if, the Lisbon Treaty comes into force as this would hand MEPs important new powers to scrutinise the agreement. But MEPs plan to hold a hearing on the interim deal in September and are still hopeful that they will be able to influence the agreement and ensure more safeguards for citizens.