February 7, 2010
I have written before why the SWIFT agreement is bad for Europe. This post is an update based on the final agreement and the new arguments that have been brought forward. In short: the situation has not changed and MEPs should reject the SWIFT agreement.
If you have not done so, read first my post about the SWIFT agreement which I wrote in November. This week, on 11 February, the Members of the European Parliaments (MEPs) will vote on the agreement that will allow US authorities to tap into EU bank data.
Here is a list of arguments why MEPs must reject the agreement:
1) EU’s financial messaging data will be transferred in bulk
The European Parliament’s rapporteur on the SWIFT agreement, Jenine Hennis-Plasschaert, made it very clear in her report that SWIFT is actually unable to provide tailored data about individual transactions (for technical and governance reasons). This means that, in accordance with the following provision in the agreement with the USA, SWIFT will need to provide all of its data in bulk:
“If the Designated Provider [SWIFT] is not able to identify and produce the specific data that would respond to the request because of technical reasons, all potentially relevant data shall be transmitted in bulk, subject to Article 5(2), to the competent authority of the requested Member State.” (SWIFT agreement, article 4 point 6)
In other words: instead of prohibiting SWIFT to provide all of its data at once to the US authorities it expressly permits this. This should already be enough to reject the whole agreement. If the possibility to get all data exists then you can be 100% sure that the United States will use it.
2) Privacy: It’s about European business and industry and not about citizens
In the discussions about the SWIFT agreement many people mentioned the privacy concerns with regard to the banking data of European citizens. But in reality European companies and industry will be much more affected than citizens because businesses are likely the ones to have the majority of trans-border transactions running through SWIFT.
The bulk transfer of data (see above) opens the door to industrial espionage on European businesses’ financial transactions – something that the US of course will never openly admit – but can they withstand this outstanding opportunity? (The German industry federation has warned already in November about this – without success it seems.)
3) The scope of the agreement is completely unclear
Everybody talks about SWIFT but the agreement applies to all companies dealing with financial transactions. Furthermore the agreement does not specify which transactions are concerned: bank transfers to and from EU countries or also intra EU countries. Even SEPA (Euro transfers) could be affected by the agreement.
4) There is no limit in time that the US can store the SWIFT data
While in principle the agreement says that transmitted data shall be deleted no later than 5 years from receipt (article 5 l) this is on the condition that the data is “no longer necessary to combat terrorism or its financing” (article 5 i). Such a weak regulation of the retention of the data cannot be acceptable. It means that all SWIFT data could potentially be used by US administrations in decades. Five years is already much above the 2 years maximum retention used by the EU’s telecom data rentention directive.
5) There is not much evidence that the SWIFT data / TFTP programme has had major benefits in the fight against terror
The US administration claims that several terrorist leads have been shared with EU member states. But how many terrorists have been convicted? We don’t know. But I’d assume that we would know by now if there were several of them.
The European Union has assigned a person that is overseeing the SWIFT data transfers. This person is Jean-Louis Bruguière, a former judge and French conservative politician with apparently close ties to the CIA and FBI, according to Wikipedia. Bruguière has produced two reports on the implementation of the previous SWIFT agreements. These reports are classified as secret. No MEP other than rapporteur Hennis-Plasschaert has seen them.
The US administration especially stresses Germany as a country that has benefited from the TFTP programme and the searches in the SWIFT banking records. But in December last year the German Federal Criminal Police Office (BKA) critisised the SWIFT agreement and (according to an internal paper cited by Der Spiegel) is of the opinion that there is “no need” and “no operational interest” in the SWIFT data searches.
All in all not very convincing arguments for the necessity of the TFTP programme, don’t you think?
6) The EU must not outsource the terror intelligence to the USA
Maybe you don’t know this: the TFTP programme has been set up only for the purpose of accessing SWIFT data. The majority of SWIFT transactions however concerns European banks and not those of US banks.
So what has the EU done? Article 8 of the SWIFT agreement expressly permits EU Member States to request a search for relevant information. The US will do the search for the EU Member State and hand back the information. The EP rapporteur has this summary:
“It cannot be denied that the EU continues to outsource its financial intelligence service to the US.” EP comittee report, 3 February 2010
The EU’s anti-terror investigations on (largely) its own data should – if deemed necessary – be done by the EU itself. And please don’t tell me that no EU Member State has the technical capability to do searches in a large database of financial transactions.
7) This is the last chance for the European Parliament to improve things
Just step back a bit and think about what has happened: the US administration has secretly set up the TFTP programme in 2002 without informing the EU Member States. This programme was in breach of Belgian and European data protection legislation. When uncovered by US newspapers the EU Council of ministers tried to get a few assurances on the use of the data.
Then, when drafting the new interim agreement in 2009 the Council of the EU showed complete ignorance with regard to the European Parliament – ignoring the demands set out by the EP in September 2009, signing the agreement just one day before the Lisbon Treaty came into force (30 Nov 2009) and giving the Parliament one week to decide whether it agrees with it. And now MEPs are expected to rubber-stamp the agreement?
Yes, the interim agreement will only be valid until the end of October 2010 – and the European Parliament has already demanded that it will be fully involved in the negotiations. Nothing substantial has been promised. (The commission is apparently preparing some concessions, counter-check them with the above points!) Do you really think the final agreement will be very different from the interim agreement? How much negotiation power will the European Parliament have if it already agrees to the interim agreement?
The European Parliament must NOW say no to the interim agreement. Only this will give them the opportunity to be really heard and involved in the final agreement.
But apparently the US threatens now quite openly – in the case of a no – to stop EU level negotations and to make a bilateral agreement with Belgium (the seat of SWIFT): do you really say yes to something because the other party is threatening to ignore the European Union and its legislative bodies? SWIFT and European banking data is a European issue and must be dealt at European level. If necessary, European safeguards must be established for other EU Members states banking data that is stored in other EU countries. Individual Member States must not be left alone when the US (or any other Member States) is forcing them to undermine fundamental rights like data protection, privacy and trade secrets.
Many in favour are saying that only a yes will provide security to Europe. In fact they are playing with the security of European businesses and citizens. If you re-read the points above it must be impossible to say yes to such a sub-standard agreement.
Finally, if this has not been yet convincing, let me give you a quick summary of other legal concerns mentioned by the EP rapporteur in her recent report:
- The TFTP must be considered “as a departure from European law and practice in how law enforcement agencies would acquire individuals’ financial records”.
- The “transfer of all, or virtually all of its data [bulk transfer] […] violates the basic principles of [EU] data protection law”.
- The SWIFT agreement “does not expressly provide that transfer requests be subject to judicial authorisation”.
- The conditions for sharing SWIFT data with third-party countries are “not sufficiently defined”.
- Access, rectification, compensation and redress outside the EU are “not defined adequately”.
- The Council “failed to clarify the precise role of the ‘public authority'” with the responsibility to handle the requests from the USA.
- SWIFT agreement – published in EU Official Journal on 13 January 2010
- EP Civil liberties, Justice and Home Affairs Committee’s recommendation to say to SWIFT agreement (3 February 2010)
- Rules on processing of SWIFT data (2007) – [if you read carefully you will see a 8 pages full of blabla]
- European Parliament legal service opinion on SWIFT agreement