Join 3,520 readers in helping fund MetaFilter (Hide)

Tags:

I *heart* big brother
April 27, 2003 3:46 AM   Subscribe

Compliance or Consequences Compliance with the USA PATRIOT Act has never been easier, thanks to Sybase's PATRIOTcompliance Solution. It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely manner.

Ugh...
posted by delmoi (47 comments total)

 
Wait is this a joke or another step towards 1984?

I can't seem to find the punchline :(
posted by phylum sinter at 5:22 AM on April 27, 2003


Charming
posted by Eirixon at 5:24 AM on April 27, 2003


I, for one, give the Blue Blob Overlord carte blanche.
posted by kozad at 6:47 AM on April 27, 2003


Wait is this a joke or another step towards 1984?

Um, no. It's a step towards the private and public sectors in the US having technology that at least is remotely on par with the technology used by terrorists and drug runners ... who launder hundreds of billions of dollars through the global economy every year.

In the strange blue world of MeFi land, however, I can see how the criminals doing such things - and the immense pain and suffering the black markets cause - will be ignored, and the people trying to catch them and stop their activities will be accused.
posted by MidasMulligan at 7:01 AM on April 27, 2003


Regardless of the "benefits" of such technology, MidasMulligan, it is a step towards the government being able to track its citizens' every move. If you think the benefits outweigh the loss of privacy, then fine, but some of us disagree. Just don't act like, because it may stop "criminals", it's self-evident that it's a good thing.
posted by jpoulos at 7:12 AM on April 27, 2003


Furthermore, MidasMulligan, while the Patriot Act may help stop your illustrious drug-running criminals and terrorists, I wonder if it will also help combat the shameful white collar crimes committed every day by big business?

What about the immense pain and suffering that millions of everyday citizens endure because some greedy corporate fuck swindled them out of their life savings? Where's the law to prosecute these criminals? Why are the Enron biggies still walking around free and living a life of luxury?

You are correct that the Patriot Act *might* help fight some of the black market crime. I don't think anyone disagrees. However, it's the ramifications and consequences of the Patriot Act--that it strips away longstanding civil liberties and gives the Government immense power--that upsets me and so many others. It's continually shocking to me that there are so many Republicans who choose to believe this radical change in our Constitutional rights is acceptable. Worse, some are in favor of giving even *more* power to the government. All in the name of fighting terrorism? There must be a better way.
posted by mrbarrett.com at 7:41 AM on April 27, 2003


This is a question of a citizen's rights to privacy, not law enforcement. What technology do terrorists and drug runners have that the US government doesn't? The only difference has been that those groups operate outside the law. That is until now, because it has become clear that, despite the Constitution, the US government is also going to operate outside the law by treating everyone as a terrorist of drug runner. Of course, they will falsify legailty by creating unconstitutional laws that strip American's of their fundamental rights. This is repulsive to anybody who really understands the principles upon which the US was founded, those that made it one of the most desirable countries in the history of the world to live in. But as long as MidasMulligan and his segment of the US population continue to support this government, that America is going to become a mere historical footnote.
posted by sic at 7:47 AM on April 27, 2003


Um, no. It's a step towards the private and public sectors in the US having technology that at least is remotely on par with the technology used by terrorists and drug runners.

Cite, please. I'd like to know of real-time transaction processing data anomaly detection in use by any terrorist or narcotics operation.


Sure the cartels have bigger guns, faster boats, more Italian cars. I'm really sort of okay with arming the police to be on par with the criminals they're likely to face. The Florida state police organization's Ferrari (or is it a Lamborghini) might be a bit excessive in terms of operations costs, and yes, let's face it, 99% of the time its sole purpose is to make the patrolman driving it feel cool, but at the same time I don't expect them to run down the sports cars favored by narcocriminals in an Impala or a Crown Vic.

(Never mind that the black market in narcotics is entirely created by the government; say whay you will about legalization, but you must admit it would cause the drug market to collapse into the low-margin, commoditized state that most of the rest of our economy exists in. But that's a deconstruction of an entirely different argument.)

As for terrorism, terrorist organizations operating within the United States (all the way back to the SDS) have never been about superior technology. The Murrah Building was destroyed with a bomb easily assembled from parts available on the open market (at least before the FBI started checking up on fertilizer sales) - all of which had legitimate commercial and private uses. The World Trade Center was essentially destroyed with boxcutters.

Also, if you could peel back the bucket of technomarketing to determine what actual new technology lives in this PATRIOTcompilance product (and no, innovative new methods of INTERcappingWHILEslammingBUZZWORDStogether don't count), I'd appreciate it. Ten to one says this was designed by the sales department: stuff Sybase pulled off the shelf because some Fortune 100 deputy CIO read something about the Act on the john in one or another of CMP Media's "enterprise IT" fishwrap tabloids, got freaked out that the long arm of the government was going to come down on his company because he wasn't adequately spying on his customers, and called his Sybase rep and said "fix this now!"

Finally, you do realize this is not a product designed for altruistic use of corporations to discover those among its customers who would "threaten our freedom." It's designed to allow corporations to comply with new regulations being forced upon them by an increasingly bloated antiterrorism bureaucracy, some of which incur significant cost of compliance while having no actual demonstrable impact on terrorist activity.

It's actually rather interesting - what we have here is a product that can be equally reviled by lefitists and extremist libertarian conservatives (to the extent libertatian priniciples are at all compatible with "official" conservatism anymore) alike.
posted by Vetinari at 7:53 AM on April 27, 2003


In America, first you get the sugar, then you get the power, then you get the women!
posted by blue_beetle at 8:10 AM on April 27, 2003


[On preview]
Absolutely, utterly, completely, totally what Vetinari said. Best. Post. Ever.
posted by punilux at 8:31 AM on April 27, 2003


From what I've seen in the movies drug dealers and terrorists work mostly in cash. Cash that is moved around a lot through banks or just left in a house. If the money is moving through technology the sybase's blue blob technology can trace, it is probably scrubbed and looks like legitimate business transactions. There is a multi-multi-billion dollar economy based on being untraceable.

On the other hand, with this technology someone can trace every move I make since I use plastic to pay for everything. Of course I am a fine upstanding citizen.

This system, like the terrorists screening systems in place to profile air passengers won't stop another 9/11. You build a better mousetrap, you get smarter mice.
posted by birdherder at 8:35 AM on April 27, 2003


I'd like to know of real-time transaction processing data anomaly detection in use by any terrorist or narcotics operation.

For some reason that made me giggle. But what he said for the rest of the comment too.
posted by XQUZYPHYR at 8:43 AM on April 27, 2003


Vetinari is my new boy- and/or girlfriend. Pretty much everything I had to weigh in with there, only better composed.
posted by hilatron at 9:21 AM on April 27, 2003


So much to respond to.

Regardless of the "benefits" of such technology, MidasMulligan, it is a step towards the government being able to track its citizens' every move.

To get specific, the Sybase solution addresses Title III of the Patriot Act - the piece that has to do with financial insitutions. As such, it is really just adjusts existing anti-money laundering legislation to keep up with the increasingly sophisticated tactics being used by criminals. AML legislation started in 1970 (with the passage Bank Secrecy Act). The PA is largely just an extension of existing provisions, and in practice adds very little to the government's ability to "track its citizens' every move".

For instance, it has long been the case that cash transactions over $10,000 require a "Currency Transaction Report" to be filed. Wire transfers of particular kinds above $3,000 also require reporting, and SAR's (Suspicious Activity Reports) need to be filed with aggeregated transfers more than $5,000. So what did criminals do? Started making many deposits, at many accounts, of under $10,000. Started engaging in multiple wires of just under $3,000. Note that this was all law before the Patriot Act ... these are basic anti-money laundering processes.

So what does the Patriot Act do? Requires firms to be more diligent about knowing who their customers are, and requires them to consolidate activity by the same customer across it's entire institution. A recent fine levied on Western Union is a precise case in point. If someone initiated several transactions totaling above $10,000 over the course of a day from a single Western Union agent, they did catch it. However, some doing several small transactions at several different Western Union locations was not being caught. So they got fined, and are now bringing their systems up to speed.

If you think the benefits outweigh the loss of privacy, then fine, but some of us disagree. Just don't act like, because it may stop "criminals", it's self-evident that it's a good thing.

Ahh, but read MeFi here - I suspect tthe problem in this thread will have more to do with the majority of voices presuming that just because the Bush administration passed the law, it's self-evident that it's a bad thing.

Furthermore, MidasMulligan, while the Patriot Act may help stop your illustrious drug-running criminals and terrorists, I wonder if it will also help combat the shameful white collar crimes committed every day by big business?

It probably won't. Also, it won't end world hunger or cure cancer. Of course, it isn't supposed to. If you wish to discuss this sort of legislation, maybe start a thread on Sarbanes-Oxley? (Which actually is an attempt to do what you speak of).

That said, some of the pattern matching systems will help financial institutions catch some bad apples internally.

Ten to one says this was designed by the sales department: stuff Sybase pulled off the shelf because some Fortune 100 deputy CIO read something about the Act on the john in one or another of CMP Media's "enterprise IT" fishwrap tabloids, got freaked out that the long arm of the government was going to come down on his company because he wasn't adequately spying on his customers, and called his Sybase rep and said "fix this now!"

Er, no, you're wrong. The solution is pretty good, and is built to do things like receive lists of terrorists from the government and match them against transactions. But Sybase is only one of the major players here. Mantas, Bridger, and iLytics are other bigs ones. Again, within the industry the PA is not some huge new surprise, it is simply the latest adjustment to a body of AML law that has been in constant evolution for a couple of decades. The CIO's and compliance people at large institutions aren't the hapless idiots you appear to believe they are.

Finally, you do realize this is not a product designed for altruistic use of corporations to discover those among its customers who would "threaten our freedom." It's designed to allow corporations to comply with new regulations being forced upon them by an increasingly bloated antiterrorism bureaucracy, some of which incur significant cost of compliance while having no actual demonstrable impact on terrorist activity.

First, apparently you have a problem with anyone doing anything for something other than "altruistic" purposes. (Then again, do you work for free?). Sybase is - horror of horrors - actually a capitalistic company. They compete to sell the most cost-effective solutions to business problems.

Second, what you should understand is that both the government, and private firms, want to catch terrorists. I realize this is a shocker, and probably won't be believed by most of MeFi, but it is nonetheless true. (I know a bit about this, as I run a firm that works in this space). Was just at a big AML conference in Miami at the end of last month. Compliance officers from banks and brokerages, federal regulators, and vendors. In practice, the conversations about the Patriot Act revolve entirely around catching people that are genuinely doing bad things.

Not only don't they give a shit about peeking into the lives of the average citizen, the day-to-day work of the financial firms and regulators largely revolves around how to become far more efficient at not doing exactly that. They try to find and configure systems that reduce the number of "false positives" - transactions that the automated systems flag as possibly suspicious, but that after investigation turn out to be perfectly innocent.

It's actually rather interesting - what we have here is a product that can be equally reviled by lefitists and extremist libertarian conservatives.

What's actually rather interesting is that products like this - in practice - are more likely to reduce invasions of privacy than they are to increase them. Get a clue folks, every financial transaction you make through a financial insitution already leaves a trail - and did long before the PA was passed. The AML systems that were around in the late 1990's were somewhat blunt objects ... which meant they kicked a lot more transaction up the line to be viewed human eyes. There is a new generation of technology spurred (in part) by the Patriot Act ... and the outcome of it is that firms can get much more precise about identifying and reporting suspicious activity. In other words, the average American, engaging in legitimate financial activity, will be less likely to be examined by human eyes by an institution or government agency - while the people trying to use global financial systems to fund the next terrorist attack (as they used it to fund previous ones) will stand a better chance of getting caught.
posted by MidasMulligan at 9:22 AM on April 27, 2003


Ahh, but read MeFi here - I suspect tthe problem in this thread will have more to do with the majority of voices presuming that just because the Bush administration passed the law, it's self-evident that it's a bad thing.

You're missing the point here Midas. The problem is that any administration passed a law requiring -- not authorizing, mind you, requiring -- account-specific data mining procedures on private financial transactions. When I make a credit-card purchase I expect a limited network of institutions to know about it. I expect the merchant to record the transaction and the bank to process the transaction. I also understand that an external auditor might review my transaction as part of a random sample. If I use my credit card to buy a kilo of pot, I understand that there is a burden of discovery on the part of the bank to ascertain probable illegal activity before turning the transaction over to government authorities.

The PA completely wipes out this burden of discovery and codifies that institutions must send thousands, maybe millions, of false positives to a government bureaucracy. If a certain data feed contains one terrorist among ten thousand honest citizens, then what? It's easier to identify ten thousand possible terrorists in a population of ten thousand than it is to identify one definite terrorist in a population of ten thousand. I'm not convinced that the government is really interested in anything besides expediency beyond this point.
posted by PrinceValium at 9:49 AM on April 27, 2003


Is this a spoof? I don't think so.

The whois records are registered to Evolution Bureau. Looking at their site it's a bit hard to tell if the high concept ads are spoofs or not, but given the amount of work there my money is on "not a spoof". Weird.
posted by Nelson at 9:50 AM on April 27, 2003


Absolutely, utterly, completely, totally what Vetinari said. Best. Post. Ever.

Really? Let's just take the first line of this brilliant post, since it seemed to tickle the fancy of more than one:

I'd like to know of real-time transaction processing data anomaly detection in use by any terrorist or narcotics operation.

There are none. Here's a big "DUH"! The systems used to catch people are actually different than the systems used by people trying to evade capture. Guess what, criminals also don't drive around in cars with sirens and flashing lights either - police do. Laundering money has three basic steps - placement, layering, and integration. Placement is often done by "smurfs", guys hired by launderers that open up many bank accounts in a particular city, establish what appears to be a normal middle-class life, with regular deposits and withdrawals, bills paid, & etc. A given smurf may have a dozen of these accounts - usually opened with false ID's. Every week, small cash deposts are made (to delibrately avoid currency transaction reports - it's called "structuring"). In this way, multiple smurfs, each with multiple accounts, can introduce a good deal of cash into the banking system each week. The second stage is "layering", where these accounts, using a variety of methods, wire or transfer money to other accounts in different sums - still attempting to appear completely legitimate. Generally numerous such transfers are made at the layering stage, and many accounts used. The final, "integration" stage comes when the money is then taken from several of these accounts, and used as collateral for a loan (that is never paid back), or in the purchase of real estate (that is then sold a week later), etc., etc. The whole point being that by the time the wash, rinse and dry cycles are done, the money is used for legitimate transactions and is many steps removed from it's illegal source.

So the sort of systems required (and in fact, used) to manage this whole process are obviously different than the ones (like real time transaction filtering for wire transfers) required to try to stop it. This would seem rather obvious.

Of course, we're in a world here where catchy little one-liner "gotchas" are the currency of choice - regardless of whether they they even remotely resemble an intelligent argument.
posted by MidasMulligan at 9:55 AM on April 27, 2003


A bit more.. there's at least one page on sybase.com itself that has the "Compliance or Consequences" tagline.

I am really creeped out. Thanks for the lovely Sunday morning, delmoi.
posted by Nelson at 9:56 AM on April 27, 2003


Nelson: Follow the link from the Sybase FrontPage and read more about it.
It's not a spoof.
posted by psychomedia at 10:06 AM on April 27, 2003


You guys are missing the obvious.

You have a struggling technology company in a struggling IT sector. Then a war happens which tanks the economy further. The next few quarters are looking quite grim.

But there is money being spent, and lots of it, in very specific sectors: rebuilding Iraq and Homeland Security. We're talking billions and billions of dollars being thrown willy-nilly towards any proposal.

So it's pretty simple, you spin anything you've ever done into something that can help either the rebuilding of Iraq or the safety of the homeland and your company scores. You think I'm kidding? I've thought long and hard about how to spin any sort of internet knowledge, web development experience, and/or software I've built into a proposal towards either of these two hot areas of investment.

Think about it, among the billions being spent like water, a $100k project would make any small company sing, and it amounts to a rounding error in the big picture of US govt spending. Sybase is simply reaching for a quick buck, any way they can.
posted by mathowie at 10:06 AM on April 27, 2003


I hope you don't mind a dumb question – what's that blue blob on their page? You can nudge it around slightly, but it doesn't seem to do anything. How did they make it? I'm sure there are some computer literate people here who know how it's done. Seen any more blobs out there?
posted by Termite at 10:08 AM on April 27, 2003


Laundering money has three basic steps - placement, layering, and integration....

You seem to know an awful lot, Midas.

Meet me at a hotel in Miami. Wear a pastel suit and bring the brushed steel breifcase.

I can feel it comin' in the air tonight.....
posted by jonmc at 10:17 AM on April 27, 2003


I hope you don't mind a dumb question – what's that blue blob on their page?

Information Liquidity
posted by psychomedia at 10:17 AM on April 27, 2003


The blue blob appears to be a flash file. You can see the alternate image if you don't have flash. I think the blobbiness is supposed to suggest "information liquidity", whatever the hell that is.

The page also has some DoubleClick Spotlight tracking crud on it. Quis custodiet ipsos custodes?
posted by Nelson at 10:18 AM on April 27, 2003


Ahh, but read MeFi here - I suspect tthe problem in this thread will have more to do with the majority of voices presuming that just because the Bush administration passed the law, it's self-evident that it's a bad thing.

Couldn't the consumer-oreiented monitoring aspect of the PATRIOT ACT apply to, say, sweet precious guns (not that I know Midas to be fan of firearms, or that I am stereotyping. I just think that Midas could likely agree that guns are not 1. Beloved by Mefi groupthink; or 2. Something that the majority of Bush supporters/conservatives are cool with seeing restricted.)?

What if Hillary Clinton was behind the PATRIOT ACT? I know that I would still be freaked out about it.
posted by Ignatius J. Reilly at 10:19 AM on April 27, 2003


This is one example of an interesting trend emerging as a (possible) counterforce to this bizarre phenomenon of anti-libertarian religious conservative government. This issue, as well as the war in Iraq and possibly the economy (if it becomes a real issue, with someone on the left having some balls) could be showing a gowing irrelevence in our current "left"/"right" framework. The Republicans are the party of bigger government and less individual protection from the state? Wild. It's like the black helicopters just left West Texas alltogether, and started flying above NYC.
posted by Ignatius J. Reilly at 10:30 AM on April 27, 2003


MidasMulligan also fails to recognize that by doing away with the "burden of discovery" as PrinceValium put it, the government treats every transaction as if it were illegal until it is proven legal (by scrutiny). This then, by extension, can be applied to the legal system in general, where once one was innocent until proven guilty, now the non-terrorists and the non-drug runners (the vast majority of the population mind you) are treated as if they were criminals. This is in essence the PATRIOT act, an almost total loss of personal privacy due to widespread electronic and telecommunication snooping of everything from personal habits (the books you check out of a library, the things you buy) to personal correspondence (the emails you send to your wife, the phone calls you make to your lawyer) among many other things. This is astonishing. Back when the US government supported civil rights and the Constitution, those kinds of methods were only used by the police or FBI when there was probable cause sanctioned by a court order.

You can ignore this consequence of the PATRIOT Act and the mentality behind it, but that doesn't change the fact that it radically alters the personal freedom that has made the US one of the most successful democracies in history.
posted by sic at 10:48 AM on April 27, 2003


You seem to know an awful lot, Midas.
Meet me at a hotel in Miami. Wear a pastel suit and bring the brushed steel breifcase.


I do this for a living. And actually have a brushed aluminum briefcase. (No pastel suits though). And in fact the last big AML conference was in Miami - and had a lot of attendees from South America and the Carribean (Miami is widely used by drug cartels as a center of money-laundering activity). I do hope people understand how immense the black market really is - what the world's governments are trying to stop. The profits earned by the big conglomerates (the Columbians, the Chinese Triads, & etc.) are larger than the profits of the biggest multi-national financial services firms on earth.

This is not just the USA Patriot Act folks ... most of the world's governments are trying to figure out how to address this stuff. For anyone that wishes to get beyond rhetoric and examine the background of the issue, FinCEN is the main site to start with in the US, and the FATF is the international group who's site is worth browsing.

Also, for those that are really worried, I'd suggest reading Title III of the USA Patriot Act itself. One of the more peculiar parts of the way the national discussion has unfolded has to do with how few people with apparently strong opinions about the Act haven't actually read the damned thing. Nor seem to show any understanding of where it fits in the context of existing law. much of what I hear people complaining about - saying they are worried about - actually exsted considerably prior to the Patriot Act.

Anyone that reads statements like (upon preview) this: "MidasMulligan also fails to recognize that by doing away with the "burden of discovery" as PrinceValium put it, the government treats every transaction as if it were illegal until it is proven legal (by scrutiny). This then, by extension, can be applied to the legal system in general, where once one was innocent until proven guilty, now the non-terrorists and the non-drug runners (the vast majority of the population mind you) are treated as if they were criminals." ... well, let me just say I'd encourage you to read the act, and study the background of AML legislation ... or at least don't just take the many truly absurd summaries and commentaries on the Act to be the truth about the Act itself.
posted by MidasMulligan at 11:02 AM on April 27, 2003


Here's a great article on how organized crime is already using data mining to stay ahead of the police. The difference is, once a drug cartel identifies a suspect, they just kill 'em.

And here's an article on some of the players in this market.
posted by kindall at 11:09 AM on April 27, 2003


Why don't you point out where the act doesn't do these things that the rest of us are worried about? Everything I've read about PATRIOT I and II is that it takes away most of the privacy and freedoms that many Americans are willing to die for in a war, but apparently accept blindly in the name of a pseudo-war(s).

As far as the problem of money laundering by drug cartels, I think that legalizing drugs, thereby taking away the profit from dealing in them illegaly, is far more attractive than turning ALL of the law-abiding citizens into suspects and treating them as such.
posted by sic at 11:31 AM on April 27, 2003


FINCEN is the Department of the Treasury, the government. They're powers are increased a thousandfold under the PATRIOT Act, of course they support it. But the Constitution and the Bill of Rights are designed precisely to protect the common citizen from the unchecked power of government, among other things.

The PATRIOT Act, radically alters personal freedom and right to privacy in the United States. Do you deny this?
posted by sic at 11:37 AM on April 27, 2003


Although I usually don't, in this thread I'm inclined to agree with MidasMulligan--there's a reactionary quality in some of the negative response to post-9/11 government changes. I catch myself making 1984 references and damn-administration mutterings regarding new programs that may be less heinous than I initially believe. For example, NSEERS, the program for tracking immigrants, has had big implementation problems: protested detentions & deportations of Muslim men from a list of countries that originally didn’t include Saudi Arabia. But a system like NSEERS was mandated by 1996 law to track all US visitors; it simply wasn’t funded until after 9/11. Last week I read an article, which unfortunately I can’t find now, that said some Muslim associations have noted improvement in how the INS (now BCIS) is publicizing and running the registrations. Plus I believe the GAO, DHS’s Inspector General, and the Senate are all dogging NSEERS’s footsteps to get it in line. (Well, the Senate’s threatening to defund it.)

Even though it may have been smaller than many of the atrocities other people in other countries have suffered, the US’s 9/11 attack made such a strong impact here that sweeping changes have been called for. If the present administration takes up that challenge, and it has to, of course there are going to be errors and failures mixed in with any success in its first attempts. Pursuing new ways to enforce our existing immigration and money-laundering laws is one step. I’m not saying people should suspend their skepticism the administration, but personally, I’ve decided also to be skeptical of my assumptions of malicious government totalitarianism. Like MidasMulligan says, much of the PATRIOT Act isn’t that shocking; plus, if we can keep a lid on Orrin Hatch, the Act will sunset in 2005. I still agree with the posters in the thread who want to see parts of the PATRIOT Act die a rapid death, but not everything in the Act is 100% bad. For example, in section 418, the Act directs the Secretary of State to review foreign visa applications to check against “consular shopping,” the phenomenon in which applicants who are doubtful they’ll be allowed entry to the US work to get their visas from less strict consulates. Isn't that just good sense?
posted by win_k at 12:18 PM on April 27, 2003


All right.. first up, what mathowie said. This whole industry is trying to make itself relevant to "homeland security". Hell, I'm not even immune to the temptation myself; I own a small custom software development firm that's basically sustaining itself on "homeland security" work (though loosely constructed, and both my partner, who is at times even more of a raging leftist than I am, and I verified that there is no obviously evil application of our work before becoming, in essence, defense contractors.)

Midas: I know mathowie's point definitely applies to Bridger - they're banker's geeks that decided to hop on the Homeland Money Train, and they would have been idiots not to, given that a big part of the Act is getting government hooks deeper into banking. I have no prior knowledge of the other two companies you cited, and try not to make judgements based upon marketing websites. And I still don't see how any of this "for x in customers: for y in terrorists: if x == y: police.arrest(customer)" constitutes a leap in technology rather than a change in sales positions based on existing technology. Yes, I'll admit, some engineers at these vendors probably did have to do some amount of adaptation work to make the modules they had look like the problem sales told the customer they would solve.

The CIO's and compliance people at large institutions aren't the hapless idiots you appear to believe they are.

Probably not, but understanding the delta between technology and the marketing of that technology, I would say they're more susceptible to marketing than they should be.

First, apparently you have a problem with anyone doing anything for something other than "altruistic" purposes. (Then again, do you work for free?)

No, aside from the five hours or so a month I donate to maintenance of open-source software projects, of course I don't work for free. I think you misunderstood me here. You seemed to be representing this as a great tool for companies who want, for no reason relating to their bottom line, to catch terrorists, not as a piece of software whose use is essentially mandated by the government. Even Sybase's sales people don't believe the former; they're calling this "Compliance of Consequences" not "Catch Terrorists for Profit."

Second, what you should understand is that both the government, and private firms, want to catch terrorists.

The government doesn't know what the hell it wants. It wants safety from WMDs, it wants to liberate the Iraqi citizenry, it simultaneously wants to colonize and extricate itself from the Middle East, it wants to protect freedom by sharply curtailing it, and it wants to do this while hemhorraging $300bn toward the rich in a tax cut "designed to create jobs" at a cost of about $250k a piece. As for wanting to catch terrorists, well, yes, they do, depending on what your definition of "terrorist" is. People who donate to innocent-looking charities with ties to Hamas get questioned or arrested. The IRA "tip glass" at Boston watering holes went away quietly. Charities that explictly support the Israeli settlement movement - which I'm pretty well convinced is terrorism, though I don't want to turn this into an I/P thread - operate freely and with impunity. So we're pretty much still talking about the War on Some Terror here.

Now, I'll buy that yes, all of the rank-and-file in the government, and probably most of the people all the way up the org chart in the various indusries affected by the Act, want to catch terrorists. I want to catch terrorists. Terrorists are fuckers. If banks really want to catch terrorists, let them do it on their terms, under existing statutes to prevent money laundering, not under the shadow of an unconstiutional law that imposes questionably effective antiterrorism policy on them.

(Aside: has anyone seen any information on the impact compliance with the Act will have on credit unions and non-interstate banking interests? I'd be a lot more comfortable knowing that this isn't just another nail in the coffin of the preconsoildated economy.)

In practice, the conversations about the Patriot Act revolve entirely around catching people that are genuinely doing bad things.

Of course they do. Nobody wants to think about disrupting the lives of innocent people because their compliance solution screwed up. Going Richard Jewell on someone's ass because he looks like a money-launderer to a few hundred lines of RPG or COBOL isn't pleasant for anyone involved, and probably even violates the tiny shreds of Gramm-Leach-Bliley still in place. I don't actually think the danger in the Act lies in isolated cases of corruption, but in the general potential for corruption and the slow erosion of the citizenry's expectation of privacy, freedom, and acceptance of the greatly expanded rights of government.

In any case, it still seems like the more elegant solution to the money laundering problem with respect to various black markets is to deflate them, rather than worrying about the money after it's made.

kindall: wow. I stand corrected. :) quite an interesting read.
posted by Vetinari at 12:24 PM on April 27, 2003


"Of course, we're in a world here where catchy little one-liner "gotchas" are the currency of choice - regardless of whether they they even remotely resemble an intelligent argument."

And long-winded defenses of big business and its Republican allies in government routinely fail to address the only issue truly relevant to a community weblog: what we think of all this.

Most of us don't have any impact on terrorist money laundering. All we have is our dull, unimportant lives that the government and its highly paid service sectors don't give a SHIT about, as MM so explicitly reminds us. And yeah, we get annoyed when those lives become a little less private in order to financially benefit the few at the expense of much personal liberty.
posted by divrsional at 12:29 PM on April 27, 2003


oh, and, for the record, i want to marry vetinari, too.
posted by divrsional at 12:46 PM on April 27, 2003


The World Trade Center was essentially destroyed with boxcutters.

Not really. There was quite a bankroll behind sept 11. People don't just "learn to fly" for free, nor do they take practice runs in the first class cabin w/o a little support.
posted by tomplus2 at 1:42 PM on April 27, 2003


The PATRIOT Act, radically alters personal freedom and right to privacy in the United States. Do you deny this?

Absolutely. It doesn't "radically" do anything. Please tell me precisely what "personal freedom" of yours has been limited. In fact, can anyone tell me of a direct, personal aspect of their lives that has been "radically" altered due to the Act? (Unless you actually do engage in illegal activities ... these people are finding it a bit more difficult to get away with some of the tactics they were accustomed to using). So far as the "right to privacy" ... kindly tell me exactly where in the Constitution or Bill of Rights this right is mentioned?

Anyone that believes email, or financial transactions using the national or global banking systems were ever private and secure mediums - now or before the Patriot Act - really needs to wake up a bit.

Why don't you point out where the act doesn't do these things that the rest of us are worried about? Everything I've read about PATRIOT I and II is that it takes away most of the privacy and freedoms that many Americans are willing to die for in a war, but apparently accept blindly in the name of a pseudo-war(s).

Read "about" the Patriot Act? As I said - it is positively bizzarre that so much of the discussion surrounding the Act is engaged in by people who have not read it. I hear over and over again about all manner of wierd allegations and implications ... that (to take one for instance) suddenly the government can know what books you buy, or what emails you send to your wife. The people saying such stuff simply have no clue what the Act is about, nor what the day-to-day lives of people enforcing the Act are concerned with. Yes, I suppose the "government" can try to read someone's email to their wife. By the same token, we let cops in Penn Station carry guns. They could shoot innocent people with them. however - and get clear about this - they don't want to.

FinCEN's powers are not increased "a thousandfold" (good grief). In practice, their powers are based on resources. This is important to understand. I know a lot of folks at Justice & Treasury, and the FBI and IRS and Customs (there's a number of agencies involved in this stuff at different levels). In any talk I've heard them give to industry people at conferences, any personal conversation I've had with any of them (and not just the official public line, but privately during cocktail parties and golf outings), ... the larger picture is inevitably this: They want to catch bad guys. And they know full well that in terms of resources, funding, and technology, they are badly outstaffed and outspent by those bad guys.

They not only don't want to read an email you write to your wife, and don't want to know what books you bought at Amazon, but indeed want systems that will filter this noise(which is what they consider it to be) completely out of detection systems.

What they do want is this: If a sleeping al-Qa'eda cell is being quietly watched, they want the ability to track all financial activity it and it's members engage in. They want to be able to build profiles of the members (and yes, purchasing or borrowing books on, for instance, chemicals or explosives definately is something they want to know). If the members are using Hotmail or Yahoo email accounts, the feds want to be able to monitor those accounts.

And long-winded defenses of big business and its Republican allies in government routinely fail to address the only issue truly relevant to a community weblog: what we think of all this.


What my long-winded explanations have been trying to do is correct a number of outright falshoods perpetrated here. I, and my Republican and Libertarian friends are actually also part of this "community".

Most of us don't have any impact on terrorist money laundering. All we have is our dull, unimportant lives that the government and its highly paid service sectors don't give a SHIT about, as MM so explicitly reminds us. And yeah, we get annoyed when those lives become a little less private in order to financially benefit the few at the expense of much personal liberty.

Hhmmmm ... interesting paraphrase - sums up so much of this discussion. I did not "explicitly" say that the government and it's "highly paid" service sectors don't give a shit about anyone's lives ... indeed, what I've been saying over and over is that the people trying to protect this country - in both the public and private sectors - DO give a shit. The average American life already leaves a set of very distinct financial patterns ... and criminals also leave very distinct patterns, that they try to mask. The Patriot Act, in practice, is serving to refine the mechanisms the government uses to distinguish between normal and criminal behavior. They want this because they do give a shit about protecting innocent citizens. What this means is that with limited time and resources, to whatever degree possible they don't want to look at the details of people that are not criminals.

In practice, the average American life is far more likely to be negatively affected by identity theft or fraud (both of which are on the rise at an alarming rate) than it is to be affected in any way by the Patriot Act ... and oddly enough, one of the many positive side-effects of the Act is that if you are subject to identity theft, or credit card fraud, these new systems are likely to enable to financial insitutions catch it much more quickly, and the government to have a much better chance of prosecuting.

If you want, you can continue to be paranoid about "big brother", and assert that the Patriot Act somehow limits freedom. In practice, it just flat out is not true.
posted by MidasMulligan at 3:49 PM on April 27, 2003


[this thread is good.]

Smart people talking about important things. Balance. Links (thanks to MM, I'm going to read the Patriot Act). Stuff I wouldn't see elsewhere.

Divrsional says: long-winded defenses of big business and its Republican allies in government routinely fail to address the only issue truly relevant to a community weblog: what we think of all this.

To which I reply: Huh? 50 comments which can be summed up as "This sux, d00d!" don't help anyone.
posted by zpousman at 3:53 PM on April 27, 2003


They not only don't want to read an email you write to your wife, and don't want to know what books you bought at Amazon, but indeed want systems that will filter this noise(which is what they consider it to be) completely out of detection systems.

However, there is a basic problem of statistics here. Decrease the number of false positives, you increase the number of false negatives. Increase the sensitivity to catch more criminals, and you disproportionately increase the number of false alarms that must be investigated. This is one of the reasons why total information awareness could never work. By including data on everyone living in the United States, you are stuck with either an unacceptably leaky dragnet or chasing down (best case) hundreds of false leads for every positive one.

(And personally, I have read the Patriot act.)

What they do want is this: If a sleeping al-Qa'eda cell is being quietly watched, they want the ability to track all financial activity it and it's members engage in. They want to be able to build profiles of the members (and yes, purchasing or borrowing books on, for instance, chemicals or explosives definately is something they want to know).

AFAIK, the ability to serve a warrant for purchase records on a retailer, including book stores has been around for ages. As such the level of additional powers attached to bookstore and library warrants are a bit disturbing. Months before Patriot, local police were able to track down a case of tree spiking using puchase records from the hardware store and store security video. In that case, the warrant was based on a tip and physical evidence that marked the store as the origin of the spikes. So I really don't have a problem with searches based on probable cause.

What is a concern is with the reduced standards for probable cause that may encourage the use of what we in statistics dervisively call "shotgun methods" to profile entire communities based on library or book purchasing records. My objection to this is twofold. First of all I do feel that these kinds of trolling expeditions into reading habits are overly intrusive. Secondly, such large scale profiling is probably not the best use of law enforcement manpower, because of the large number of false positives returned.
posted by KirkJobSluder at 4:48 PM on April 27, 2003


The World Trade Center was essentially destroyed with boxcutters.

princess diana was essentially destroyed with a word processor.
posted by quonsar at 5:57 PM on April 27, 2003


Let me be clear about something, I don't live in the United States so this law doesn't affect me on a daily basis in any way. Even so, I am a great admirer of the US Constitution and Bill of Rights, more so than some US citizens, it appears. I have no doubt that most of the people working to capture terrorists and break up drug cartels sincerely want to do so, just as I believe that most police join the force with a real desire to fight crime. That is why if you were to offer the police the use of unlimited wiretaps and other intrusive surveillance to combat a certain crime (say organized drug rings), they would exploit it to that end, however they may also be tempted to use it to combat other undesirable elements (say gangs), even if that meant suspending the spirit of the IV Amendment, all in the name of combatting injustice.

I have looked at the PATRIOT Act text but since I have no legal or legislative training, I had a difficult time understanding it in its totality, especially since it often refers to other laws that have a line or two amended. That is why, like most, I must rely on analysis by legal and legislative experts to understand it fully. Perhaps you are right and the many TRUSTED sources that I have looked to for information are exaggerating (although I doubt that these sources are pro-terrorist), but when I read something like this it gives me pause:

------------
The USAPA expands the Secretary of State's power to designate terrorist groups without any court or congressional review and allows for secret searches without probable cause. Dempsey and Cole state that these changes "go far beyond what was needed to respond to terrorism." Indeed, they point out that in many instances, "the changes are not limited to terrorist investigations at all, but apply across the board to all criminal investigations."

A good example of the kind of change brought about under the USAPA, which illustrates the underlying and pre-existing agenda of its proponents, is section 218, which amends a single phrase in the 1978 Foreign Intelligence Surveillance Act (FISA). The purpose of FISA was to allow intelligence agencies to gather information about foreign powers without the restrictions imposed on them by the Constitution. The reasoning for this was that the purpose of foreign intelligence gathering is not to detect crimes but to gather information about foreign agents.

Under FISA, when an agent wanted to obtain authority to conduct electronic surveillance or secret physical searches, a designated official of the executive office had to certify that "the purpose" for the surveillance was to obtain foreign intelligence information. Section 218 of the USAPA modifies that clause so that intelligence gathering need not be "the purpose," - in other words, it need no longer be the primary purpose, -- but may be only "a significant purpose" of the surveillance.

This means that if an official can certify that obtaining foreign intelligence is a significant purpose of a surveillance action (the other purpose clearly being criminal investigation), he can avoid the requirement that he first show probable cause of criminal activity. It means the FBI, the CIA, or any other intelligence agency, can surveil you without probable cause, as long as they say the surveillance has something to do with a foreign intelligence investigation of some sort (which may otherwise not even involve you directly).

Because courts have consistently refused to "second guess" FISA surveillance certifications, there is effectively no judicial review of such activities. This small change has enormous ramifications. For all practical purposes, the section 218 USAPA amendment of FISA allows government to completely avoid Fourth Amendment probable cause requirements for searches and seizures of American citizens (not just immigrants).



My emphasis.

(here the link to the full text)
posted by sic at 6:09 PM on April 27, 2003


The World Trade Center was essentially destroyed with boxcutters.

Not really. There was quite a bankroll behind sept 11. People don't just "learn to fly" for free, nor do they take practice runs in the first class cabin w/o a little support.


Good point. It did take money (is how much generally known?) - my point is what it did not take is any sort of advanced technology (well, okay, flight schools that give air transport certificate training tend to have full-motion simulators, and those aren't exactly just tubs of fertilizer...)
posted by Vetinari at 6:25 PM on April 27, 2003


first, this link to techfocus has an interview with Cindy Cohn from EFF. it is a good interview, it touches on both positives and negative, like most of you though, the negatives make my skin crawl.

now as far as data mining, there is this from a Scientific American column, Total Information Overload. you have to pay to read the whole article online, but i have a paper copy here and let me touch on a relevant point or two. the article is about CAPPS, Computer Assisted Passenger Prescreening System, v2.0. the author(editors@sciam.com) says that if there were 1000 terrorists in the U.S. and if the datamining was 99% successful, it would still only catch 10 terrorists(that would be two 9/11 planes) and then there would be 2.8 million innocent people mistakenly fingered as terrorists.

"In short, the data miners commit the fallacy of determinism: they falsely assume that if you just amass enough data, you will know what is going to happen."

"None of this makes the cause of homeland security futile. The point is that broad dragnets are unlikey to work as well as targeted solutions. Beefing up cockpit doors and security searches are more immediate and efficient ways to stop hijackers than running a credit check on every passenger."

that's the march 2003 issue for those of you who want to go to the library and read the article.
posted by memnock at 7:43 PM on April 27, 2003


Not really. There was quite a bankroll behind sept 11. People don't just "learn to fly" for free, nor do they take practice runs in the first class cabin w/o a little support.
What you've described could certainly be financed for less than $250,000. That may be more than is in most of our checking accounts, but I'm certain that you could think of a way to raise $250k if you believed you could please your god while destroying your enemy simultaneously.
posted by mosch at 10:28 PM on April 27, 2003


However, there is a basic problem of statistics here. Decrease the number of false positives, you increase the number of false negatives. Increase the sensitivity to catch more criminals, and you disproportionately increase the number of false alarms that must be investigated. This is one of the reasons why total information awareness could never work. By including data on everyone living in the United States, you are stuck with either an unacceptably leaky dragnet or chasing down (best case) hundreds of false leads for every positive one. (KirkJobSluder)

Nitpick: Agreed that simply increasing your N leads to the problem you describe. But doesn't this assume equivalence of error rate between the old and new methods? If the newer methods truly are more sophisticated at filtering noise, then they should be able to decrease both false positives and false negatives without a change in N. Have I gotten that right?

That said, I think we're crazy if we're not concerned about the fact that we have teenagers being held in cages in Cuba without trial or legal representation, just because the government says, "Trust us, these people are bad guys". This should be unconscionable by any standard. Even with legal representation we have innocent people being thrown in prison.
posted by boredomjockey at 11:37 PM on April 27, 2003


Midas--

As always, I find your posts fascinating. A little off-topic, but I was wondering if you could recommend any books about the global balck-market, the organization of the groups, their means of business, etc...feel free to email me so as not to tie up the thread.

Thanks
posted by pjgulliver at 7:37 AM on April 28, 2003


Nitpick: Agreed that simply increasing your N leads to the problem you describe. But doesn't this assume equivalence of error rate between the old and new methods? If the newer methods truly are more sophisticated at filtering noise, then they should be able to decrease both false positives and false negatives without a change in N. Have I gotten that right?

Well there are two problems here. The first is that as a basic rule at a certain point sensitivity (the ability to find enough terrorists to justify the test) and selectivity (the ability to identify only terrorists) become tradeoffs. But aside from that, the problem is not the N, but with the rather fortunate fact that there are a relatively small number of terrorists active in the United States.

As a paranoid guess, lets say there are 3,000 terrorists (about 1 terrorist for every 10,000 innocent civilians.) In order to drop the number of false positives to a reasonable level, this means that the false positive rate must also be reduced to about 1/10,000. Otherwise it means that you are chasing down a few hundred false leads for every good lead.

The same problem applies to medical tests. One of the reasons why we don't population-wide medical tests is because of the problem of false positives. The easiest way around the problem is to select a population where the occurance of your trait is likely higher than 1/10,000. So for example, you don't test everyone in the population for breast cancer markers, you test women with a family history of breast cancer. You don't test everyone in the U.S. for HIV, you test high risk groups. (For blood screening, the consequences of a false positive are minimal.)

Basically, I see population profiling to be a loose-loose situation for both law enforcement and civil liberties. Law enforcement must spend time and energy cutting down false positives by typical labor-intensive police work, while civil liberties suffer because of the larger number of prosecutions and property siezueres based on statistical data.

Another reason why I don't see more data as the answer is because 9-11 occurred not due to an absence of economic profile information but due to a surplus of traditional tips, information gained through networks and repots of suspicious behavior. If law enforcement had enough trouble following up on reliable reports of suspicious people asking for flight simulator training, coinciding with high levels of "chatter" in terrorist circles, would unreliable profiling data help that much?
posted by KirkJobSluder at 12:59 PM on April 28, 2003


« Older Mystery Object....  |  Yippie.... Newer »


This thread has been archived and is closed to new comments