Privacy International extends legal action against banking giant SWIFT

Privacy International (PI) today filed additional complaints with authorities in Japan, Israel, Korea, Taiwan, Province of China, Thailand and Argentina. On June 27th PI filed simultaneous complaints with Data Protection and Privacy regulators in 32 countries concerning recent revelations of secret disclosures of records from SWIFT to US intelligence agencies.(1)

The disclosures involve the mass transfer of data from SWIFT in Europe to the United States, and possibly direct access by US authorities both to data held within Belgium and data residing in SWIFT centres worldwide. Data from throughout the world is involved.

All complaints allege that the activity was undertaken without regard to legal process under privacy and Data Protection law, and that the disclosures were made without any legal basis or authority whatever. The scale of the operation, involving millions of records, places this disclosure in the realm of a fishing exercise rather than legally authorised investigations.

PI has also filed a request under Britain’s Freedom of Information Act to the Bank of England, asking for disclosure of all documents relating to dealings between the two organisations.

In the wake of the PI complaints, the European Parliament voted to require all EU governments and institutions to fully disclose any knowledge they had of the agreement.

The Canadian Federal Privacy Commissioner has already commenced an inquiry. Privacy regulators in Europe have agreed to work cooperatively on their own investigation.

PI has warned that the scandal was creating a "haemorrhage of trust" in the security of the international banking system, and accused SWIFT of "fiddling while Rome burns". Privacy International’s Director, Simon Davies, said: “SWIFT has done next to nothing to publicly address the concerns of either its member banks or its customers. There is a real threat in this delicate environment both Asia and the Arabic speaking world will move to create their own systems.”

“The organisation is dormant. In the three weeks since the secret agreement was brought to light the same vacuous statement has remained on the SWIFT website. SWIFT has not disclosed any meaningful information, even though it is entrusted by the world's financial community to manage our most personal and confidential economic and financial data.”

“We were repeatedly told that SWIFT’s CEO, Leonard Schrank, wanted a meeting to ‘clarify’ the facts, yet after almost two weeks no meeting has been arranged. In my opinion the organisation is so out of touch with reality that it is incapable of responding.”

Based on SWIFT annual reports and discussions with SWIFT officials and key stakeholders, Privacy International has also estimated that approximately one percent of SWIFT’s two billion transactions annually are captured by the system. While the PI estimate is only indicative, we now believe that it is reasonable to assume that around 20 million records in 2004/2005 were secretly transferred. A comparable figure can be derived for each of the four years that the programme has been in operation. We believe that some of SWIFT’s other services and affiliated systems may have been involved in similar arrangements.

The issue was first brought to light on Friday June 23rd 2006, when the New York Times and the Los Angeles Times published details of the private arrangement between SWIFT and the United States Government that involved the covert disclosure to the US of customer financial data. Neither the US Government nor SWIFT was prepared to provide details of the extent of the disclosures. However the office of the Belgium Prime Minister confirmed that: “the cooperative (SWIFT) had received broad administrative subpoenas for millions of records”.

The complaints also expressed concern that this data could be used by US authorities for a range of unrelated activities, including espionage.

Simon Davies, said: “I find it extraordinary that SWIFT has refused to deal squarely with these grave allegations”.

The scale of the operation is breathtaking, and the extent of privacy violation is almost without parallel. We will work to bring the programme to a halt pending further investigation.”