Taking Liberties: The War on Terror and the Erosion of American Democracy (16 page)

Like the subway search program, this program might conceivably prevent a terrorist attack, although we have no way to evaluate the likelihood of that type of success. Even if this innocuous program does not compromise anyone’s rights, is it worth the $3 million? By the laws of inertia, these and other security programs are likely to continue into a second decade even though we have no way of knowing whether they are worthwhile. Once we become accustomed to a new baseline, like bag searches or bodyscanners at the airport, those practices, like the idea of watchlists, are likely to proliferate. Familiarity breeds acceptance. And so bag searches spread to the subways and bodyscanners are proliferating at the entrances of courthouses around the country.

The Fourth Amendment teaches us that law enforcement officials—whether the FBI, the TSA, or the NYPD—should not be trusted to police themselves. This is not because they are not good people, but because we give them a one-dimensional job to do—to prevent other people from harming us. We expect them to do that job zealously, and we tend to blame them if they do not keep us completely safe, even though that is not a very reasonable expectation. Under these conditions, it is not surprising if people entrusted with the weighty responsibility of protecting us against terrorists sometimes become overzealous or allow themselves to be carried away by wishful thinking. As Supreme Court Justice Louis Brandeis explained, that is why the courts have to be available to enforce the Fourth Amendment’s guarantee against unreasonable searches and seizures: “The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding.”
⁸⁴
There is indeed a balance that needs to be drawn at the airport or in the subway, but if we leave it to the FBI or the NYPD to strike that balance, constitutional values will regularly end up on the losing side. Yes, Congress and the courts should be more active in oversight. But they are unlikely to step up to that role if we don’t even want to know whether or not we are being given placebos.

5.
Banks and Databanks

We regret to inform you that we have decided that it is not in our best interest to continue your banking relationship with us.
—Letter from Fleet Bank to U.S. citizen Hossam Algabri (2002)

[A]nyone can recognize elements of terror planning.
—Air Force “Eagle Eyes” promotion (2010)

What happened in Vegas stayed in federal data banks.
—Barton Gellman,
Washington Post
(2005)

W
ATCHLISTS AND SECURITY
screening don’t only apply to travelers. Every time you go to a bank, buy a house, apply for a credit card, purchase life insurance, use a travel agent, or rent a car, the Patriot Act affects you. As a customer you may be lucky enough to be unaware of its impact. Or you might be unlucky, like Hossam Algabri, whose bank account was abruptly terminated because his bank created its own blacklist—perhaps in the hope of avoiding sanctions for not working hard enough to ferret out terrorism financing. And every time you apply for a job or rent an apartment, your prospective employer or landlord risks violating the prohibition of doing business with a blocked person if they don’t know whether or not you are on the “emergency” government blacklist that caused the Muslim charities problems. A more ubiquitous companion of the No Fly list is what might be called the No Buy list.
¹

Post–Patriot Act businesses, especially financial institutions, have been swept up in the War on Terror, as the line between the private sector and government has been erased
²
by a pervasive combination of different types of government rules and activities:

1.  Financial institutions, very broadly defined, are conscripted as antiterrorism agents, shouldering many duties like Suspicious Activity
Reporting and facing heavy penalties if they fail to perform their assigned duties.

2.  Financial institutions are required to check extensive government watchlists before engaging in transactions; all businesses and individuals have to be wary of subjecting themselves to civil or criminal penalties for doing business with the wrong people, even if those people, like Hossam Algabri, are not on any government list. If it sounds farfetched to suggest that a Starbucks barista who is not a terrorist might have reason to be concerned,
chapter 11
tells the story of what happened to a Florida waiter who was unlucky enough to serve dinner to some of the 9/11 terrorists.

3.  Government agents cannibalize information people have shared with businesses by (a) imposing special obligations on financial institutions to collect and turn over a range of information about their customers, (b) using Patriot Act powers to demand records of any business—including schools, hospitals, and libraries—through watered-down court orders or, in some cases, through National Security Letters which don’t require court approval at all, (c) asking businesses to turn over information or records voluntarily, which many do even where doing so violates privacy laws, and (d) buying masses of information from data aggregators, who are in the business of collecting, cross-indexing, and selling vast quantities of information about every aspect of people’s lives, from religious practices to vacation plans to the medications they take.

Like the campaign against charities, this web of compulsion and obligation was initially intended to disrupt terrorism financing, hence the special focus on financial institutions and the surprising involvement of the Treasury Department’s Office of Foreign Assets Control (OFAC) in all-American transactions. Another goal was to enlist the financial sector in informing on people who act suspiciously. And a third goal was to combine the forces of private record-keeping and government coercion to feed ever-expanding government databanks in order to enable data mining—searching for information about particular individuals (subject-based data mining) or using mathematical models to search oceans of data for terrorist patterns (pattern-based data mining).

Whether privacy is an anachronistic notion in the age of Google and Facebook is a hotly debated topic.
³
But whatever the pros and cons of
Amazon.com’s ability to mine data about you in order to sell you a book, government collection and use of large quantities of data is qualitatively different and far more consequential. People sometimes ask why anyone should care what the government knows about them if they are not doing anything wrong. After exploring the post–Patriot Act state of what has aptly been dubbed “dataveillance,”
⁴
I will address that question. There are many reasons to care, as individuals and as members of society, about the government keeping digital dossiers
⁵
on us. It is no exaggeration to say that not only individual privacy is at stake, but also the quality of our democracy. And there is every reason to believe that we can control this genie, even if we cannot put it back into the bottle, if we decide that the new private-public spying partnership and the dataveillance approach to terrorism are costing us more than they are worth.

Financial Institutions as TIPSters

Post-9/11, the term “financial institution” has been expansively defined to apply not only to banks, but also to car rental agencies, storage warehouses, real estate brokers, private equity fund managers, broker/dealers, casinos, life insurers, jewelers, travel agencies, pawnbrokers, landlords, and “persons involved in real estate closings or settlements,”
⁶
whether they know it or not. People in these businesses have to master all the intricacies of highly complex and demanding laws or risk very stiff penalties. The duties imposed—“Know Your Customer” (i.e., gather and maintain information that the government can later plunder),
⁷
“Suspicious Activity Reporting,”
⁸
maintaining an anti–money laundering program,
⁹
conducting records searches on request,
¹⁰
and watchlist-checking—are so challenging that the Patriot Act has spawned a new business: creating and marketing Patriot Act compliance software. One merchant advertises:

•  Simultaneously cross check your customer list against multiple watch lists

•  Scan customer name, address, date of birth and social security number (SSN) to rule out a match with sanctioned entities or individuals

•  Create “good” and “blocked” customer lists for future searches
¹¹

Meeting these obligations costs a lot more than the price of software. One research firm estimated that securities firms alone would have to
spend $700 million on compliance in the first few years of this new regime.
¹²
Penalties for willful violations—either for not checking lists where required or for failing to discharge other obligations the law imposes—can go up to 10–30 years imprisonment and a $1 million fine per violation. Western Union, for example, was fined $8 million in 2002 for failing to report “suspicious transactions.”
¹³
The company that owns Western Union, First Data Corporation, now has over 150 employees working on compliance, in addition to the hundreds of thousands of employees who regularly screen wire transfers as part of their job.
¹⁴
The costs of compliance and of penalties may be passed on to customers, of course. And there are other kinds of costs to asking companies to wear a terrorism-prevention hat in addition to their business hat: innocent Americans find themselves denied financial services because software has decided, on the basis of unknown or unreliable criteria, that they might be a threat to national security. French Clements, a young man living in San Jose, California, for example, tried to start a retirement fund by opening an online brokerage account with Harris Direct. But the system denied his request, citing the Patriot Act—probably because he was a college student who moved frequently and so the address on his application did not match the address in his credit report, a factor the software considered suspicious.
¹⁵

Unexplained decisions may be based on religious or ethnic profiling, perhaps built into software’s algorithms,
¹⁶
or perhaps as a result of human perceptions that it is risky to do business with Muslims. Hossam Algabri, a thirty-two-year-old Boston computer consultant, had banked with Fleet Bank for ten uneventful years when the bank, giving him no reason, abruptly decided to close his account, sending him the startling letter quoted above.
¹⁷
He believes that the explanation lies in his religion and background. A Muslim, Hossam immigrated to the United States from Egypt at the age of twelve. A similar upsetting encounter with a business happened to Faizah Zuberi, a Pakistani-American doctor who lives in New Jersey. She reports that American Express suddenly and inexplicably demanded that she furnish an extraordinary amount of documentation—her tax returns, employment statements, financial statements, and so forth—and then nevertheless canceled her credit card for no apparent reason.
¹⁸

Facing complex law and an intimidating penalty structure, companies have little incentive to tell their customers about their suspicions or to give them a chance to clear up mistakes or misunderstandings. Hossam Algabri has no way to know if his bank reported some suspicion about him to the government, whether the government initiated his problem by warning the
bank about him, or whether the bank simply decided to “play it safe” by cutting its ties with a foreign-born Muslim.

In many respects, the Know Your Customer/Suspicious Activity Reporting enterprise resembles another early post-9/11 idea about how to combat terrorism. In his January 2002 State of the Union address, George W. Bush proposed creating an army of truck drivers, utilities workers, and cable guys to look for and report on suspicious activities as part of a program called TIPS (Terrorism Information and Prevention System).
¹⁹
The pilot project would have enlisted a million amateur intelligence agents in ten cities. Even though images of 9/11 were still vivid, the public was horrified and Congress refused to provide funding.

There were many good reasons for rejecting TIPS. This network of informants bears a strong resemblance to the system run by the despised East German Stasi, the state security service whose operations were memorialized in the popular 2006 film
The Lives of Others
. Between 1950 and 1989, the Stasi employed over 90,000 full-time workers and over 173,000 informants to monitor their neighbors’ behavior and identify possible enemies of the state.
²⁰
A large-scale program like TIPS would have sowed a deep sense of distrust and unease among Americans worrying not only about whether their neighbors were terrorists, but also whether they were informants. American tradition, embodied in the Constitution’s First Amendment freedom of speech and association and the Fourth Amendment’s prohibition of unreasonable searches and seizures, promises us a “right to be let alone.”
²¹
We expect to be able to go about our business, develop relationships, and form and express ideas without the government tracking our actions and transactions. In addition, the TIPS program inevitably would have produced countless false positives, deluging intelligence agencies with a great deal of useless information and encouraging them to waste their time pursuing worthless leads (like the account of Erich Scherfen removing a seat from his car). As the saying goes, you don’t find a needle in a haystack by adding more hay.