/. [The U.S.'s Net Wide For 'Terrorist' Names]

Eugen Leitl eugen at leitl.org
Sat Jul 8 01:37:51 PDT 2006

Link: http://slashdot.org/article.pl?sid=06/07/07/1812240
Posted by: timothy, on 2006-07-07 19:45:00

   Yesterday's report of [1]name-based blocking of money transfers as a
   result of U.S. Treasury policies intended to reduce the flow of money
   to Middle Eastern terrorists drew more than 800 comments. Western
   Union money transfers were at the heart of the linked Associated Press
   article, but as some of these comments point out, that's not the only
   case of interference in electronic financial transactions based on the
   names of the participants, akin to the use of the much-derided no-fly
   list. Read on for the Backslash summary of the conversation.

   Several readers concentrated not just on the undesirability of
   government snooping on money transfers in the first place, but on the
   unintended but likely side-effects of heavy-handed government
   oversight of conventional money-transfer methods; as the AP article
   explained, there are ways to route around large-scale commercial
   services like Western Union, including informal networks called
   "hundis" or "hawalas." Reader quantaman calls increased control on
   conventional money-transfer services "worse than useless," writing:

   "From what I can gather from the article this policy is actually
   harming security.

   ... If law abiding people are avoiding official institutions what
   makes them think that terrorists are stupid enough to use them?

   More than that, by driving additional people to the hawalas it
   circumvents existing security measures. For starters, it means that
   more money (even the legit stuff) is moving around and they have no
   idea where it went. Also the additional people using the hawalas will
   mean they are more developed for the terrorists [to] use them.
   Additionally, when you uncover a hawala network it will be that much
   harder to pick out the terrorists, since you've added all these false
   positives. And finally, for the terrorists who would have used
   official institutions in the past since it was easy and the hawalas
   weren't developed, now you no longer have a money trail you can
   inspect later on.

   All this security measure does is inconvenience and alientate a whole
   bunch of people while making the world a little less safe."

   No matter how legitimate the ends to which it will be put, high-handed
   interference with the transfer of money isn't popular for other
   reasons, too. Reader ColourlessGreenIdeas writes "I know of a charity
   that works with (mostly Christian) organisations in the West Bank.
   Their usual way of getting money to their partners is to fly into
   Israel with a [2]big bundle of money. Otherwise it tends to get
   massively delayed by U.S. banks."

   (And at least one reader points out reason to suspect that Western
   Union in particular might have been [3]willing to turn over
   information on its customers even in the absence of Treasury

   The Treasury regulations on which the name-filtering is based are
   clearly imperfect, but not quite as simplistic as certain comments
   painted them. Responding to the claim in the AP article that "Western
   Union prevented [taxi driver Abdul Rahman Maruthayil] from sending
   $120 to a friend at home last month because the recipient's name was
   Mohammed," reader lecithin says "Not true. They prevented him from
   sending the cash [4]because his name was Sahir Mohammed. A bit of a
   difference. Perhaps a Sahir Mohammed has some links to 'bad guys'?
   Well, it happens here in the U.S. too. There are plenty of stories
   regarding people being put on the 'do not fly' list due to
   circumstances like this as well."

   Reader bwcarty, too, calls "FUD" on claims that the list is
   indiscriminant or exclusively targets those with Arab names, writing
   "I work for a division of a large financial firm, and we are
   [5]required to download a list of [6]Specially Designated Nationals
   from the Treasury Department and compare names from it against new
   accounts and transfers. The list includes lists of suspected
   terrorists, and they're not all Arabic (think Irish Republican Army)."
   Reader rhsanborn offers a similar account of the regulations and why
   they affect one-time transfers so significantly:

   "... They aren't blocking people because they have some generic Arab
   name. They are blocking people who have [7]names that match the
   Federal list of suspected terrorists. As someone mentioned above,
   something like Sahir Mohammed. Probably a perfect match for the list.

   We too have to run periodic checks against the names in that database.
   If a match comes up, we have people individually check other
   information to confirm that it is an actual match (e.g. same name,
   different birthday).

   We have open accounts with these people though, so we have a
   significant amount of time to deal with these. Western Union has a
   very short period of time because it is a one time transaction that
   happens relatively quickly."

   Several readers related personal experience with the no-fly list, and
   a few pointed out some of its better-known shortcomings, such as a
   [8]Soundex-based name database which has the potential to needlessly
   flag [9]passengers like Senator Ted Kennedy and the former Sex Pistol
   Johnny Lydon (though as dan828 points out, [10]Lydon has never
   actually been stopped because of the list).

   Many readers denounced as racist the use of common Arab names to
   justify interference in money transfers. One response to that claim
   comes from reader mrxak, who offers a more innocuous explanation,
   namely imperfect information and a limited pool of names, which will
   inevitably contain variations of commonly used names. Such a system,
   he argues, is therefore based on pragmatism -- [11]not necessarily
   racism." Arguing that a similar system would pose just as much risk
   for "John Smiths" on the list as for those with Arab names, mrxak
   concedes the need for "a better system," and asks "but what kind of
   system would work?"

   To this, reader eln had a ready answer: "Maybe a system where you
   [12]gather a little more information about suspected terrorists other
   than their name before throwing them on some sort of list that
   prevents anyone with that name from doing all sorts of normal tasks.
   ... [O]f all of the pieces of information that can be used to identify
   a person, his name is probably the one that's most easily falsified.
   So, instead of doing some actual police work and gathering some actual
   evidence against an actual person, we decide to cast a wide net, and
   end up catching a lot of innocent people while actually decreasing our
   chances of catching the actual bad guy."

   Jah-Wren Ryel's answer to the same question is more radical -- Ryel
   suggests that perhaps [13]"none at all" is the best approach. He asks
   "What makes you think that any system could work?" Rather than
   spending money on elaborate surveillance or other
   intelligence-gathering efforts, Ryel says, "spend it on emergency
   services instead. ... No matter how many tax dollars you throw at the
   problem, terrorism is a tactic that can not be fully countered."
   Rather than concentrating on the prevention of terrorist acts, he
   argues, the most intelligent use of resources is on "the
   infrastructure that minimizes the damage. Better hospitals, better
   fire departments, better 'first responder' teams. That way, we get the
   benefit of the money spent regardless of if a terrorist blows up a
   building or an earthquake knocks it down."

   The Israeli response to recurring attacks illustrates that these
   approaches may be in large part reconcilable; infrastructure
   improvements and intelligence gathering can certainly coexist, details
   of their implementation aside. The effectiveness of the pre-emptive
   side of any nation's approach to minimizing terrorist attacks, though,
   is slightly different from its approach to "fighting terror" in a
   broad sense.

   On that note, reader karlandtanya describes measures such as the U.S.
   policies subjecting what might otherwise be private financial
   transactions to automated scrutiny as "[14]effective, but still
   unfair," categorizing the use of name-based interference as what Bruce
   Schneier has described as "security theater." Karlandtanya writes,
   cynically, that in reaction to perceived security threats, "we present
   the appearance of security measures. Going overboard and causing
   outrage is just part of the salesmanship." To combat terror in a
   literal sense, he writes, "[t]he solution is, of course, the
   perception of security."

   Thanks to all the readers whose comments informed the conversation, in
   particular to those whose comments are quoted above.


   1. http://yro.slashdot.org/article.pl?sid=06/07/06/1610229&tid=98
   2. http://yro.slashdot.org/comments.pl?cid=15668058&sid=190461&tid=98
   3. http://yro.slashdot.org/comments.pl?cid=15668360&sid=190461&tid=98
   4. http://yro.slashdot.org/comments.pl?cid=15667965&sid=190461&tid=98
   5. http://yro.slashdot.org/comments.pl?cid=15668203&sid=190461&tid=98
   6. http://www.ustreas.gov/offices/enforcement/ofac/sdn/sdnlist.txt
   7. http://yro.slashdot.org/comments.pl?cid=15668462&sid=190461&tid=98
   8. http://en.wikipedia.org/wiki/Soundex
   9. http://slashdot.org/article.pl?sid=04/08/20/1244205&tid=103
  10. http://yro.slashdot.org/comments.pl?cid=15668598&sid=190461&tid=98
  11. http://yro.slashdot.org/comments.pl?cid=15668037&sid=190461&tid=98
  12. http://yro.slashdot.org/comments.pl?cid=15668209&sid=190461&tid=98
  13. http://yro.slashdot.org/comments.pl?cid=15668377&sid=190461&tid=98
  14. http://yro.slashdot.org/comments.pl?cid=15668264&sid=190461&tid=98

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list