Security Bumping Privacy From Top of the Agenda

National security concerns prompted by last week’s terrorist attacks are expected to tone down calls for more privacy protection.

As the government widens its intelligence powers and follows the terrorists’ money trail, new procedures could expose more Americans’ personal information, privacy experts say.

Consultant Robert Ellis Smith, a longstanding privacy advocate who publishes Privacy Journal in Providence, R.I., said the current focus of policymakers and the public alike is clearly on safety. But businesses that have opposed new privacy protections in the past may try to graft their own agenda on to the government’s, he said.

“My hope is that they do not use this interim period to try and put a fast one on Congress while others are looking elsewhere,” Mr. Smith said.

At a news conference last Thursday, Rep. Michael Oxley, R-Ohio, said that Congress will focus its attention on national security matters and anti-money launlaundering laws, and implied that it will shelve the debate over financial privacy for the time being.

“There are a significant number of issues that we have to address,” including money laundering and surveillance by law enforcement, said Mr. Oxley, the chairman of the House Financial Services Committee. The tightening of the laws on financial privacy does not “fall into that same category,” he said.

On Friday the California Legislature rejected a bill that would have gone beyond federal privacy law by requiring financial institutions to get written customer consent before sharing their information with affiliates or third parties. Financial services firms had been expected to ask Congress, if the measure had passed, for a federal preemption of state privacy laws in exchange for perhaps slightly stricter federal rules.

Mr. Smith said he hoped that privacy advocates would be included in the legislative process of finding “ways to enhance security without threatening civil liberties.” But he called legislative proposals that followed the attacks, such as proposals to broaden of the government’s wire-tapping capabilities, “not major changes but tweakings of existing legislation.”

Other measures, he said, could provide security without infringing on individuals’ right to privacy. For example, he said, airlines’ computer systems could be programmed to catch suspicious ticket purchases. In Boston, where credit card ticket purchases were used to help track down suspected collaborators, the suspects had used post office boxes as home addresses during their ticket purchases, and this could have been flagged in advance, Mr. Smith said.

Stricter money-laundering procedures may well be on the way for the financial industry, he said. Amendments could be made to the Bank Secrecy Act and to the “know your customer” policy, which allows banks to pass on anecdotal evidence of customers’ financial transactions to law enforcement agencies. “If policymakers can show that there were transactions [made by those involved in the recent hijackings] that could not be got under present authority, then they could make a strong case to widen that authority,” Mr. Smith said.

As for customer privacy, he noted, “this kind of climate is an opening for the government to make proposals that otherwise might not get approved.” Mr. Smith said he thought the government and the media were premature and wrong to suggest that “there will inevitably be some curtailment of civil liberties” in the aftermath of the attacks.

David Medine, a partner in the Washington offices of the Hogan & Hartson law firm and a former official at the Federal Trade Commission, pointed to the controversy inspired by the “know your customer” policy, which he said “triggered hundreds of thousands of negative responses.”

In the current crisis, he said, “I think if there were a coherent reason why banks needed more information to prevent terrorists from coming into the country, people would be willing to go along, but there would be a resistance to surveillance.”

The challenge for policymakers, he said, will be to enhance law enforcement without overstepping privacy. “People have always been willing to give up personal information if it’s for a good reason, so I think they will do it if it clearly benefits national security. What’s important, then, is to assess what information is really necessary [to gather] and not go beyond that.”

Mr. Medine said that privacy issues will not be paramount for a while. “You can’t describe how concerned and upset people are right now,” he said. “As time goes on, the debate will return to how we protect the bank customer, because ultimately what you have to protect is confidence in the banking system. But that’s not the debate for today, while people are still putting their lives and their companies bank together.”

One staunch privacy advocate, Evan Hendricks, the editor of Privacy Times, said that though he was a little troubled by the government’s recent expansion of its wiretapping privileges, he was more worried that the government’s intelligence operations might be inadequate.

“What I’d like to know is what the government’s surveillance infrastructure of these terrorist networks has been,” Mr. Hendricks said. “Are there offices dedicated to watching these people, or have they been letting some fall through the cracks?”

Mr. Hendricks said the government’s stepped-up security measures seemed unlikely to violate more general privacy protections. “The drumbeat is to get people into the frame of mind where Americans are going to have to trade in their privacy for security,” he said. “But even security forces are not asking for a weakening of privacy for all American consumers, including financial privacy.”

The wider scope of government scrutiny will certainly include financial networks, he said, but only as they relate to the financial activity of suspected terrorists. “If Bin Laden is responsible, he has to have money in a financial institution, and in the past we know terrorists have used banks in safe-haven countries. The government has to be able to identify those banks and locate where the money is and where it’s gone.”

“Now, if they just did that to any American consumer it would be an invasion of privacy,” Mr. Hendricks said. “But we’re not talking about consumers.”

To a great extent, the government already has the necessary intelligence and law enforcement rights to pursue a rigorous investigation, he said. “They already have an incredibly broad authority — as they should — to go after these kinds of cases. They really don’t need much more in the way of legal authority and change of policy when it comes to gathering personal information.”

Michele Heller contributed to this article.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER