WASHINGTON — Know-your-customer laws may be good at catching petty criminals and dumb “wannabe” terrorists, but they do little to thwart sophisticated bad actors, former National Security Agency contractor Edward Snowden said Monday.
Speaking by web chat from Russia at the K(no)w Identity conference, the fugitive and whistleblower responded to an audience member’s question about the effectiveness of anti-money-laundering laws that require financial institutions and other businesses to extensively vet their customers.
“They are perhaps helpful, perhaps useful in some edge cases,” Snowden said.
“We do get dumb terrorists,” he said. “We get people who are wannabes who go out on Twitter on Facebook, using their real name and they say ‘death to the infidel, I’m going to go shoot up a courthouse’ and they go on Amazon and try to purchase materials that are obviously for bombing. We put all these things together and go ‘hmmm, yeah.’ ”
But such cases are rare and usually involve FBI informants goading suspects into radicalization, Snowden said. Meanwhile, “we do have many instances in public evidence where these know-your-customer laws did precisely bupkis in preventing flow of resources — whether we’re talking physical, whether we’re talking monetary, whether we’re talking informational — across the world. Because people can bypass these things if they have enough sophistication.”
Snowden fled to Hong Kong in 2013 after leaking classified NSA documents to several newspapers that focused on U.S. surveillance activities against Americans and foreign governments. The revelations rocked the U.S. government and the world, forcing the U.S. to reveal several previously secret programs.
Snowden has been stuck in Russia after the U.S. revoked his passport while he was allegedly on his way to Ecuador. Since then, he has been outspoken on U.S. cybersurveillance and civil liberties issues.
In his remarks on Monday, Snowden said extensive identity requirements slow the growth of commerce and internet use without stopping the likes of Osama bin Laden.
“The people that we’re actually worried about are not the ones who are going to be held back by these kinds of regulations,” he said. “Ordinary people? Yes. Petty criminals? Yes. Businesses, and their agility? Yes.”
Knowing that many of the people in attendance were vendors of KYC services and identity verification software, Snowden acknowledged that these products can add value, but he warned against seeking perfect solutions.
“You can’t stop all criminals. If you could, you would have done it by now,” Snowden said. “The only world in which you can foreclose on entire avenues of human activity … is a world in which everybody’s sitting in a jail cell.”
Earlier in his talk, Snowden made the case for risk-based approaches to identity on the internet, calling for “technical solutions where you can buy a bucket of internet like you can buy a bottle of water.”
“You don’t need to present a particular giant portfolio of documentation for transactions that are not high risk,” he said.
“If you’re worried that somebody’s buying a dual-use product that can be used in a nuclear proliferation process, yes, by all means, let’s do some identity verification,” Snowden said. “But if somebody’s trying to browse for stuff on Amazon,” as long as they can pay, “it doesn’t really matter to you what their identity is, and it should not matter.
“We should have a digital economy that is much more close to a cash economy than it is today,” he said.