September 16

Financial Data Provided to ‘Intel’ Agencies Considered ‘Not Inherently Confidential’ under U.S. Law

FATCA: a Tool of the Electronic Surveillance State

Those familiar with the U.S. “Foreign Account Tax Compliance Act” (FATCA) – and in the United States, that’s not many people – think of it as either a as sledgehammer attempt to curb “offshore tax evasion” or (more accurately) as a costly, counterproductive, and indiscriminate burden on the global economic system; a compliance nightmare that only benefits tax lawyers, accountants, and software firms; a job-killing disincentive for foreign investment in the United States; a crude extraterritorial overreach in violation of every principle of sovereign legality; an abuse of the U.S. Senate’s constitutional treaty authority; a blatant violation of WTO and other trade commitments; and a financial “drone strike” against Americans living abroad.

FATCA is all that and much, much more. But in light of sweeping revelations about the email, telephone, and internet surveillance activities of the U.S. National Security Agency (NSA), it’s time to take a look at FATCA’s implications for personal electronic privacy and the growing power of U.S. intelligence agencies’ global “surveillance state.”

Just Hand Over the Information – or Else

FATCA is a U.S. law enacted in 2010 that, beginning in July 2014, would require all “foreign” (i.e., non-American) financial firms (not just banks but also credit unions, insurance companies, pension funds, stock and investment funds, etc.) to report the accounts of “U.S. Persons” defined so broadly as to include many citizens of other countries, for example perhaps a million Canadian citizens.

How does the U.S. government get jurisdiction to do this? Well, it has no jurisdiction and doesn’t claim any. If any of the hundreds of thousands of foreign financial institutions (FFIs) anywhere in the world, whether it does business in the U.S. or not, fails to demonstrate to the U.S. Treasury Department that it has “due diligence” in place to gather the demanded account information, and agrees to hand it over to the IRS in a manner dictated by that agency in 544 pages of mind-numbing regulations, it will be hit with a 30% deduction on any U.S.-sourced revenues, including “pass-thru” payments on a percentage basis.

In view of the U.S. role in the global financial system, many if not most FFIs are recipients, at least indirectly, of revenues that can be intercepted by U.S. financial institutions forced to act as “withholding agents” on Treasury’s behalf. This would amount to confiscation of the FFIs’ legitimate assets for being “recalcitrant” under a foreign law which they are under no legal (much less moral) obligation to obey, and which in most countries they can’t obey without violating local human rights, data security, and other protection laws.

Thus, FATCA has no legal claim to its breathtaking demand for worldwide submission. Its only claim of authority is the Treasury Department’s threat to inflict pain on foreign entities not otherwise subject to U.S. law. In other words: might makes right.

There is much more to it of course, including the fact that even FATCA advocates admit the law is “wholly unachievable” as written and can only be implemented by foreign governments’ knuckling under to the threat of economic sanctions and agreeing to sign so-called “intergovernmental agreements” (IGAs) to act as the IRS’s enforcers against their own institutions and citizens under false promises of “reciprocity.” And it is well established that FATCA would yield at best a meager “recovery” of revenues hidden offshore – less than $1 billion per year (enough to fund the U.S. federal government for about two hours) while inflicting compliance costs worldwide of $1 to 2 trillion. It is increasingly clear that FATCA is cruising towards a “catastrophic collision” with reality. (See Victoria Ferauge and Lynne Swanson, “FATCA Losing Its Way,” Accounting Today, September 11, 2013.)

Since FATCA doesn’t pass the laugh test as an effective tax enforcement tool, one then has to wonder if it serves some other purpose. Why would the U.S. government (or at least some elements of the U.S. government) be so insistent on gathering vast amounts of personal financial data from foreign institutions, without any suspicion of wrongdoing by either the vast majority of account-holders or by the institutions themselves?

FATCA-Compliant Banks Would Have No Privacy Expectation from U.S. Security Agencies

If FATCA’s sole purpose were to “recover” tax revenues from assets squirreled away offshore by American “fat cats,” it seems odd that it targets only individuals and specifically exempts reporting on accounts held by U.S. corporations. On the other hand, targeting individuals makes a lot of sense if FATCA’s purpose is directed towards something else: adding to U.S. government agencies’ global electronic “map” of personal information. Americans and the rest of the world are increasingly aware of the vanishing concept of personal privacy, whether supposedly “justified” by the needs of law enforcement, anti-terrorism, or (as here) recovering tax revenues.

It should be further understood that any data transmitted by foreign financial institutions will not be confined to the IRS but will be handed over (“upon request,” of course) to other “three-letter” agencies of the U.S. government. The following is from a 2012 letter from Sen. Carl Levin (D-Michigan), a prominent FATCA supporter, to then-IRS Commissioner Douglas H. Shulman:

“Although FATCA is structured to address offshore tax abuse [Note: this is itself inaccurate, as FATCA includes not a single provision targeting actual tax evasion activity], offshore account information has significance far beyond the tax context, affecting cases involving money laundering, drug trafficking, terrorist financing, acts of corruption, financial fraud, and many other legal violations and crimes. Given the importance of offshore account disclosures, FATCA guidance and implementing rule should create account FATCA forms that are not designated as tax return information but, like FBARs, may be provided to law enforcement, regulatory, and national security communities upon request. FFIs are not, after all, U.S. taxpayers, and will not be supplying tax information on behalf of their U.S. clients; they will instead be providing information about accounts opened by U.S. persons. The U.S. Supreme Court has long held that bank account information is not inherently confidential but is subject to inspection by law enforcement and others in appropriate circumstances. Foreign account information is too important to a wide range of civil and criminal law enforcement and national security efforts to be designated as tax return information bound by Section 6103’s severe restrictions on access.” [emphasis added, source: http://bsmlegal.com/PDFs/CarlLevin.pdf ]

This requires some explanation. “Section 6103” refers to United States Code Chapter 26, Section 6103, which according to the Justice Department “generally prohibits the disclosure of ‘tax returns’ and other ‘tax return information’ outside the” IRS, unless certain narrow exceptions apply, mainly with respect to specific criminal cases. Here, Senator Levin is saying – correctly, as far as U.S. law goes – that when FFIs sign on to the IRS portal for transmitting data demanded under FATCA (https://sa2.www4.irs.gov/fatca-rup/ ), any information received can (and I would say, will) be passed on to other government agencies, including “national security” (i.e., intelligence) agencies: the NSA, the Central Security Service, the U.S. Cyber Command, and any of the other agencies and departments collectively known as the “intelligence community.” Not only the U.S. Persons whose account information is forwarded but also the institutions themselves have no expectation of privacy or confidentiality (“FFIs are not, after all, U.S. taxpayers” and “bank account information is not inherently confidential.”).

Having established that (a) information received under FATCA may be passed on to these other agencies, (b) there is no legal expectation of privacy or confidentiality, or any limitation on use of any information gathered, and (c) institutions would be required to log onto a portal created and operated by the U.S. government, it is fair to ask, given growing concerns about covert information-gathering by the NSA, whether the motives behind FATCA are limited to tax enforcement and what further use will be made of information supplied to the IRS.

So, Why Would ‘Intel’ Agencies Want Personal Information from Banks?

If information itself, not tax enforcement, is the real underlying “value” of FATCA for U.S. government agencies, this might also help explain exemption of corporations. Perhaps the law’s authors figured that corporations, unlike individuals (all presumed to be slimy “tax cheats”), might have the means to fight back and risk upsetting the whole applecart. Or perhaps personal information is more useful for intelligence purposes. Either way, targeting individuals’ private data appears to be the most plausible way to impose a mandate that FFIs – including many thousands worldwide that don’t do business in the United States and may not be as readily accessible to U.S. agencies as domestic firms – log onto a government-controlled site.

How might FATCA compliance by FFIs facilitate intelligence collection? In at least two ways:

First, the FATCA data itself, matched with other information available to the relevant agencies, would greatly enhance creation of a global financial social accounting matrix, using U.S. Persons’ account information as a kind of marker or human “taggant” for mapping contacts, relationships, and activities of a wide range of persons and institutions well beyond the U.S. Persons themselves. While email, phone records, blog postings, social media ramblings, and other personal data are valuable for the surveillance state, one could argue that capture of personal financial information is a far more valuable payload for intelligence monitoring and management. FATCA data would be an invaluable supplement to ‘intel’ agencies existing efforts to monitor international finances. (See: “’Follow the Money’: NSA Spies on International Payments,” Der Spiegel, September 15, 2013.)

Second, and more ominously, it needs to be asked what additional types of information-gathering on FFI targets other than “U.S. Persons” may be facilitated by metadata and other transfers incidental to automatic electronic data transmission. There is no reason to suppose the technical capabilities of U.S. agencies would be thwarted by metadata-scrubbing, encryption, or other safeguards FFIs might place on data transfer, whether incidental or anticipated. (With respect to the possible hazards for institutions’ data security, see: “XKeyscore: NSA tool collects ‘nearly everything a user does on the internet’,” the Guardian, July 31, 2013 and “Reports: NSA has cracked much online encryption,” CNN, September 6, 2013). Certainly, from a purely technical point of view, it seems NSA and other intel agencies already are doing fine on their own. But consider how much easier it would be to steal keys, crack encryption, or install a worm, a Trojan horse program, or other malware via a drive-by download to provide backdoor access to all the data in a target network when it’s unnecessary to phish the target in. Instead, they can just require the target institution (under threat of FATCA sanctions) to log in at the Black Gate of Mordor and take it from there. As an extra bonus, instead of having to pay for costs incurred by the target firms, as NSA did for U.S. firms involved in the “Prism” program, the FFIs themselves would have to bear the costs of providing possible access for U.S. agencies to acquire data even beyond that demanded under FATCA.

Some might consider the suggestion that U.S. agencies would abuse FATCA compliance for intelligence collection purposes speculative, or even offensive. But then one wonders what would be the impediment to such abuse. Technical? Political? Moral? Legal? Given almost daily revelations of what the same agencies already have been doing it’s hard to take such objections seriously. (And if anyone thinks Treasury and the IRS are not already integral elements of the broader spying program, see: Jennifer Stisa Granick and Christopher Jon Sprigman, “NSA, DEA, IRS Lie About Fact That Americans Are Routinely Spied On By Our Government: Time For A Special Prosecutor,” Forbes, 8/14/2013.)

At the very least, it should be expected that the IRS would have the decency to provide a warning on the log-in portal, which opened on August 19, 2013:

WARNING

This site is operated by the United States Internal Revenue Service (IRS). Foreign financial institutions are on notice that any information made available to the IRS as a result of logging onto this site may be passed on to other agencies of the government of the United States and that use of such information may not be exclusively for tax purposes.

It’s Time to Think of Financial Information as Personal Information

Thus far, media coverage of FATCA has been almost entirely relegated to the finance and tax pages, mainly outside the United States, much of it dominated by compliance-mongers drumming up business. Even FATCA’s deleterious economic impacts and the Treasury Department’s grossly exceeding its legal authority have drawn little notice, especially in U.S. domestic reporting.

Still less attention has been given to what may be the real story of FATCA as a critical, but thus far almost completely ignored, piece of the growing machinery of global surveillance. After all, FATCA is only about “offshore tax evasion” and has nothing to do with personal privacy, right? It’s not as though the IRS or NSA were hacking into something important, like your Instagram pix . . . right?

Wrong. First, an individual’s financial information is personal information. In terms of intrusive agencies’ monitoring – and perhaps soon, controlling – of the lives of people who used to consider themselves free and independent citizens of their respective countries, financial information is far more significant in content than most of the fluff and narcissism on Internet forums, weblogs, social blogs, microblogging, wikis, social networks, podcasts, facial recognition, and other electronic content we’ve gotten used to thinking of as defining “personal”:

“Financial privacy isn’t typically considered as sexy as other forms of privacy, like our right to private beliefs, health care, property, and communications. Infringement of financial privacy doesn’t evoke the kind of outrage as other violations, because most overlook the vital role it plays in preserving human rights and protecting individuals from governmental abuse. Without financial privacy, for instance, law-abiding citizens around the world would be in danger of having all of their financial information shared with corrupt governments or criminal organizations, potentially exposing them to extortion, blackmail, or even kidnapping.

“Just as supporters of the police and surveillance state argue that individuals with nothing to hide should be willing to forfeit their right to privacy, those obsessed with collecting taxes think that the vast majority of Americans who do not engage in evasion should be willing to relinquish their financial privacy rights. Recent scandals have exposed these claims as naïve and dangerous. Innocent Americans must zealously guard their privacy against government intrusion and reject invasive laws like FATCA passed under the false pretense of catching criminals.” [Andrew F. Quinlan, President, Center for Freedom and Prosperity, “FATCA: The end of financial privacy,” The Daily Caller, September 13, 2013.]

Second, the sheer scope of the data haul that can be accessed if foreign financial firms’ data – potentially, all of it – is compromised through FATCA compliance could make the revelations to date about NSA’s snooping pale to insignificance. Already, we’ve seen the willingness of the NSA to require American domestic firms to hand over what their customers thought were private communications, to insert vulnerabilities into commercial encryption systems, and otherwise to flout the rule of law. Such lawlessness achieves a whole new dimension of menace when firms, literally, anywhere on the planet can be forced by the one-and-only global sovereign to submit to the same treatment – with their own governments meekly cooperating even as they denounce the latest reports about the NSA.

Will the watchdogs of electronic privacy finally figure out that FATCA is not really about taxes? It’s time to find out.

James George Jatras
Notice: The foregoing may be posted, republished, or quoted with attribution.
Contact RepealFATCA.com and find out how you can help get rid of “the worst law most Americans have never heard of”!
www.RepealFATCA.com
RepealFATCA@gmail.com
jim@globalstrategicpr.com
@RepealFATCA
+1.202.375.1007