Taking Liberties: The War on Terror and the Erosion of American Democracy (17 page)

Inviting amateurs to spot terrorists also invites racial, ethnic, and religious profiling, as the
New York Times
story on the See Something, Say Something program, described in the last chapter, showed. Asked to report suspicious activity in the subways, callers overwhelmingly reported innocuous activity and praying Muslims. Programs that were heirs to TIPS, like the Air Force’s “Eagle Eyes,” have encouraged these polarizing tendencies, disconcertingly promising that “anyone can recognize elements of terror planning” and urging the public to “watch for people who don’t seem to
belong.”
²²
This is the type of advice that evidently led an overly suspicious co-worker to plant suspicions about pilot Erich Scherfen that almost caused him to be fired from his job. It is always possible that an amateur sleuth might find and recognize a dangerous needle in the haystack, but the public found this possibility too slight to justify TIPS, a program that would have moved our society a giant step in the direction of totalitarianism.

But TIPS did not die. “Financial institutions,” broadly defined, have taken the place of Bush’s cable guys, spying on their customers on behalf of the government.

Watchlists and the Private Sector

OFAC maintains a hefty “Specially Designated Nationals” watchlist of suspected terrorists and terrorist entities—an altogether different list from the ones used at the airport. This mother list includes the smaller number of OFAC’s “Specially Designated Global Terrorists” who are not allowed to buy or sell any form of property or interest in property (due to the “emergency” 2001 Executive Order that plagued the Muslim charities), plus legions of others. The current Specially Designated Nationals watch-list goes on for 500 dense, three-column, single-spaced pages,
²³
is amended frequently, and contains many common names that are the equivalent of Smith or Jones (Mohammed, Ali, Taylor, Rodriguez), as well as many lengthy recitations of aliases or “doing business as” alternative names. Financial institutions are required to check these lists before engaging in business with anyone or risk civil or criminal fines.
²⁴
If you get a “hit” on checking the list, that is, the name of your customer matches all or part of a name on the list, you then have to work your way through page after stupefying page of complex instructions on the OFAC website, telling you how to conduct further analysis and which bureaucracy to call.
²⁵
Meanwhile, your customer’s transaction—whether it’s a mortgage, a job application, or the sale of a car—will be on hold while OFAC investigates. You might well decide that it is easier to just refuse that mortgage or hire someone else rather than go through the process of finding out whether your customer only happens to share a name with someone on the list.

Tom and Nanci Kubbany found out about this list when they were trying to buy their first house, in Arcata, California. They were so confident of their solid financial status that they were stunned when their mortgage application was denied. They eventually were able to figure out that this was because a credit report that made its way into their file flagged the
fact that “Hassan,” Tom’s highly common middle name, matched part of a name on a government watchlist—where the name had been placed because it was an alias of Saddam Hussein’s son.
²⁶
(As Nanci and Tom now know, requesting an annual credit report is one way to uncover potential problems like this.
²⁷
)

The OFAC watchlists suffer from all the same defects as the No Fly and it companion lists. They are compiled with information conglomerated by multiple agencies, in secret, without due process, and therefore are highly susceptible to mistakes. And there is no procedure at all for getting one’s name off this watchlist—not even the behind-the-curtains remedy of the DHS TRIP program. Unlike the government, private companies are not subject to freedom of information laws, and so someone who is rejected by a financial institution has no recourse.
²⁸
Faizah Zuberi, the New Jersey doctor, has no effective way to fight the American Express company’s decision to cancel her credit card or even to find out why they took that action. Because the OFAC list is published, it is at least possible to know if you or someone with a name similar to yours is actually on that blacklist, so at least it is possible for some consumers to anticipate problems.

Although businesses other than financial institutions are not obligated to check watchlists, some do so voluntarily for self-protection. Everyone is subject to penalties for engaging in any form of transaction with a “blocked” entity, or for providing “material support” to any terrorist, even someone not on any watchlist. This includes families buying or selling a house, shoeshine stands, and hot dog vendors. Title companies have added watchlist-checking to their real estate closing checklists.
²⁹
Many businesses, including foundations and charities, also try to protect themselves from unwanted government attention by adding antiterrorism compliance clauses to, as one lawyer advised real estate professionals, “every document you enter into—leases, amendments, purchase and sale agreements, consents to subleases, brokerage agreements, loan documents, construction contracts, vendor contracts—everything.”
³⁰
These clauses typically ask the signers to warrant that they are not on the OFAC list, will not violate antiterrorism laws, will not do business with any entity violating antiterrorism laws, will provide certification or other evidence of compliance, and will absorb costs generated if they do violate antiterrorism laws. Given that the material support laws are so broad and therefore so easy to violate, as previous chapters have shown, these clauses won’t necessarily insulate even the most cautious business from civil or criminal penalties. But Treasury officials responsible for enforcing all these vague
and threatening laws say there is no need for concern: “[W]hen we issue enforcement actions—especially major enforcement actions—they are rare and only applied when appropriate.”
³¹
Just trust us.

Once financial institutions became accustomed to checking watchlists as a matter of routine, the idea of mandatory list-checking was available to be extended to others, like charitable organizations. The Combined Federal Campaign (CFC) is a program that channels millions of dollars in charitable donations from federal employees and military personnel. The CFC provides a convenient form where people on the federal payroll can check off organizations to which they would like to contribute from a list of thousands of participating nonprofits. In deciding what groups to put on this list, the Treasury Department sets ground rules and sends eligible nonprofits a questionnaire to fill out. As of October 2003, the questionnaire required each nonprofit to certify that it “does not knowingly employ individuals or contribute funds to organizations found on” watchlists. When asked by a reporter whether this certification would require the organizations to check the watchlists, the director of the program replied that it would.
³²
To many organizations, being required to check lists compiled without due process was intolerable. The lists were unreliable; the names on the lists were being obtained in mysterious and possibly unconstitutional fashion; and the requirement had troubling historical echoes: obligatory list-checking was evocative of McCarthyism. After considerable debate and turmoil, the ACLU withdrew from the program, forfeiting as much as half a million dollars in federal employee contributions.
³³
A coalition of other nonprofit groups, ranging from the Sierra Club to People for the Ethical Treatment of Animals to Unitarians, also found this demand that they serve as TIPSters disturbing and joined the ACLU in a lawsuit to challenge the legality and constitutionality of the watchlist-checking requirement. The case was settled when the Treasury Department relented and said that it would not require eligible nonprofits to check the watchlists after all.
³⁴

But as
chapter 3
described, charities, like all other businesses, are still vulnerable to sanctions if they employ or do business with someone who is deemed to be a terrorist, whether they check watchlists or not. Non-Muslim American charities have little cause to fear being abruptly shut down, so far. But they are subject to material support prosecutions if they are found to be supporting terrorists or working with designated organizations, as the Humanitarian Law Project recognized. OFAC created voluntary guidelines for charities to consult in order to protect themselves against
unintended diversion of their grants to terrorist groups.
³⁵
These guidelines are generally regarded by the charities themselves as ineffectual. A charity can follow all the guidelines—as KindHearts tried to do—and nevertheless find itself in the sights of government enforcers. A report by OMBWatch and Grantmakers without Borders describes OFAC’s Voluntary Guidelines and “Risk Matrix system” as “the worst of both worlds” because the guidelines demand burdensome investigation but don’t actually provide protection against legal sanctions.
³⁶
Charities generally have their own due diligence practices, which seem to be effective. A study of charities that did check watchlists to ensure that they were not giving grants to or doing business with terrorists showed that no charity had gotten a true hit—that is, the charities were not funding or employing anyone who actually was on a watchlist in any event.
³⁷
Do non-Muslim charities need to worry about undue government attention? The uncertainty created by the material support and blockade laws shifts a great deal of power to the government by providing a justification for investigating, prosecuting, or just pressuring an organization whose work it might disfavor, perhaps for political reasons.

Does It Work?

Is it worth the cost in time, effort, and corrosion of business relationships to require companies to search for needles in their customer haystacks in all the ways described? Blue Cross Blue Shield of Michigan, for example, conducted a costly and time-consuming search of six million customers’ health insurance records, looking for possible terrorists. The search yielded 6,000 false positives—customers whose records were then investigated more fully by the company’s employees before they were determined not to pose any problem—but no terrorists.
³⁸
When MSNBC reporter Brian Braiker asked a Treasury Department spokesperson whether list-checking is effective, the spokesperson confidently responded, “The list has worked” but, the reporter noted, declined to give any specific examples, citing privacy and legal concerns.
³⁹
Braiker tried the system himself, entering the name “Osama bin Laden,” but did not get a hit because the watchlist spelled the name he had in mind “Usama bin Laden.” Better comparison shopping might have gotten him less literal software which would have declared a match. But the watchlists, based on known names and aliases, don’t protect against someone using a new alias or front. If Osama bin Laden had wanted to engage in any sort of financial transaction in the
United States, in all likelihood he would not have done so under his own name, whether spelled with an O or a U.

This program of business watchlist-checking and information gathering has become unmoored from its origin as a way to address terrorism financing and money laundering. The 9/11 Commission staff thought the Patriot Act’s plan to disrupt terrorist financing by adapting a criminal money-laundering model was always destined to fail because it was based on a false equation between the nature of criminal money laundering and terrorism financing.
⁴⁰
Bankers can recognize money laundering activity, designed to conceal the illegal source of funds, because it is common enough that patterns can be recognized. If a customer inexplicably deposits an unusually large amount of money in an account and then moves that money through layers of shell companies and offshore accounts, bankers will recognize and report these suspicious activities. But how can a bank recognize money deposited by terrorists or intended for terrorists? Efforts to develop a profile of terrorist financiers for financial institutions to apply are unlikely to succeed, according to the Commission staff, because we do not have an adequate basis for prediction. One attempt to compose a terrorist profile carefully studied the 9/11 hijackers and, as a result, identified factors like listing one’s occupation as a student and spending money on flight training schools as indicators of terrorist activity.
⁴¹
These very specific factors might indeed detect terrorists who want to reenact the 9/11 hijackings in every detail, but are not likely to identify would-be terrorists with a different plan. Nothing the 9/11 hijackers did, noted the Commission staff, would have triggered any of the post–Patriot Act reporting requirements.
⁴²
Their activities did not raise money-laundering alerts by moving large amounts of money through American financial institutions. So the chief functions of the financial institution network actually seem to be first, getting businesses to play an active TIPSter role in trying to spot terrorists (with questionable results), and second, using businesses as pass-throughs to feed the government’s bulging databanks.

Collecting the Dots

The data collection and data mining approach to fighting terrorism is also reminiscent of an early post-9/11 idea that Congress rejected because it smacked of totalitarianism. In February 2002, the
New York Times
revealed to the public that a branch of the Defense Department headed by John Poin-dexter—a former National Security Advisor to Ronald Reagan previously
best known for his involvement in the Iran-Contra scandal and his statement that it was his duty to withhold information from Congress
⁴³
—was working on a secret program known as “Total Information Awareness.”
⁴⁴
This program, under the motto “Knowledge Is Power,” aimed to design a gargantuan database that would collect information from both government and corporate databases on all of Americans’ “transactions” and then create algorithms and systems to mine that data to try to discover terrorist patterns. The covered “transactions” would have included “Financial, Education, Travel, Medical, Veterinary, Country Entry, Place/Event Entry, Transportation, Housing, Critical Resources, Government, [and] Communications” information.
⁴⁵
As one of the program’s designers explained, the program’s task was “much harder than simply finding needles in a haystack. … [O]ur task is akin to finding dangerous groups of needles hidden in stacks of needle pieces.” Therefore, he concluded, “In principle at least, we must track all the needle pieces all of the time and consider all possible combinations.”
⁴⁶
New York Times
columnist William Safire was among the many critics, from all points along the political spectrum, who were aghast: “[The TIA] has been given a $200 million budget to create computer dossiers on 300 million Americans.”
⁴⁷
As public outrage about this Orwellian vision continued to simmer, Congress delayed and ultimately decided to defund the program.
⁴⁸
This was something of a pyrrhic victory for privacy. The TIA program was not actually abolished, but driven underground.
⁴⁹