For decades, a number of regulatory programs aimed at the financial services sector have been recognized as threats to financial privacy. Taxation and financial surveillance schemes undercut people’s ability to control information about themselves, and these schemes have continued to grow, increasingly menacing law-abiding people’s privacy in service of the search for law-breakers. But as government and corporate information systems have gone digital and networked, the threats to privacy have expanded even more quickly and significantly than the growth of surveillance.
No longer is just privacy at stake, but individuals’ security. Data breaches from information systems, made more likely by digitization and networking, create not just concerns about controlling financial information; they afford a new criminal class of hackers and other malefactors opportunities to harm individuals and their families financially and, in the worst cases, bodily. The trade-offs in financial surveillance are no longer between privacy and security, but between individual security and state security.
Privacy and financial information
Many people are familiar with the threats to financial privacy that exist, but often only in passing. An acute understanding of privacy is essential, and it is equally important to recognize that our financial activities and relationships are deeply revealing of our values, our relationships, and our day-to-day activities. These things are our own business. Our finances and property are a bulwark of independence from others. With wealth, we are independent actors. Without it, we are supplicants to whoever offers us bread – or permits us control of the bread we thought was ours. Protecting our privacy and property are both important elements of modern liberty.
The word “privacy” is sometimes vexing because it is used to describe a number of important interests that people have, including seclusion, fair treatment, autonomy and security. But the best sense of privacy is control of personal information about oneself. A person has privacy when he or she has the power to control personal information and has used that power consistent with his or her interests and values.
Privacy is easy to protect in many circumstances – even second nature. We put on clothes in the morning to protect privacy in the appearance of our bodies, and most of us reach days’ end, day after day and year over year, with our bodily privacy intact. It is difficult to protect privacy online, on the other hand, because many people do not know how their computers and devices work, much less how they share information with a variety of actors online. People often fail to use the control they have when they surf the World Wide Web or use other Internet protocols.
It seemed for many years that people’s online privacy troubles would be remedied as they learned better how to control information about themselves. People would also learn that being a part of the information economy offers them many benefits, such as zero-priced online content and services. The plan was to develop online habits like we have offline, gathering privacy and security around our online activities.
But the Snowden revelations of June 2013 showed that we are often actually disabled from protecting privacy as we wish when we communicate online. The contractual promises that telecommunications providers have made to Americans for years, and the privacy protection obligations pressed on them in regulation, have given way in secret government proceedings to a systematic regime of information sharing with national security agencies. The U.S. government actively works to undercut encryption systems that would allow us to cloak our communications the way we do our bodies. What we learned from Snowden was probably only the tip of a very large, globe-spanning iceberg.
Communications privacy, we now know, is in the same poor state as financial privacy. It is not just a matter of wanting to control personal information and figuring out how to do so. The law makes it impossible to enter into private relations with nearly any financial services provider. Such businesses labor under requirements to collect prescribed information about their clients – “know your customer” rules – and they have continuing and growing obligations to turn over data about customers that might be interesting to tax authorities. In parallel, they have been more and more obligated in recent decades to act as arms of law enforcement and the national security bureaucracy. “Know your customer” and “suspicious activity reporting” are staples of the global financial surveillance regime pushed by the Paris-based Financial Action Task Force, which seeks harmonized surveillance at high levels the same way the Organization for Economic Cooperation and Development seeks harmonized high tax levels worldwide.
The result is that financial privacy is very hard to maintain beyond quotidian cash transactions. It is nearly impossible for people of significant wealth to protect their financial privacy. Today, a person who has committed no crime or fraud is subject to the same generalized surveillance system – and barred from having private financial transactions – as a fraudster or thief.
In the Western tradition, people are presumed innocent until proven guilty, and they are entitled to protect privacy as they wish, for any reason or no reason. The ability to control our own property and information about ourselves is a part of the bedrock of freedom and autonomy that people have been wresting from the powerful since Magna Carta. Privacy and property are that important. But the international legal system today seeks to allow us a decreasing share of both.
Obviously, some trade-offs between privacy and security are necessary. There is no legitimate privacy claim that shelters one from valid investigations of crimes such as theft, fraud and violence. Nobody wants a system so private that criminal networks or terrorist groups can operate with impunity. But the costs of financial surveillance have risen in recent years. The efficiencies of digitization make exposure of private financial information more threatening than it was only a few years ago.
Analog data and digital data
Digitization is at the heart of the data revolution, and it has had vast benefits, to be sure. But those benefits come with costs that are inextricably linked. One of the costs is increased risks to data security. While we get the benefits of the data revolution (and governments get its surveillance benefits), the risks from collecting data in digital form have grown. Our privacy and data security is more threatened now by taxation and financial surveillance than it was when these policies and programs began.
Language and writing were not the final advance in human record-keeping and communications. The ability to translate words, sounds and images into digital codes has enabled people and organizations to transmit information of all kinds around the world at the speed of light, to store it cheaply, to copy it an infinite number of times, and to process it into new and valuable combinations. The Internet we know, our easy access to communications and entertainment, and many, many economic advances are products of that digitization.
The same benefits have accrued to governments in at least some degree as they seek to amass and use data about our tax obligations and the people among us who may be criminals or terrorists. It is easier to transmit, store, copy, and process data about people and their finances.
In corporations and governments alike, files about us no longer reside on paper in a single file cabinet, our privacy protected by the practical obscurity of this kind of record. Our files are digitized and made available across networks to a variety of actors.
By policy, of course, the people and organizations to which our information is available should have a legitimate purpose for accessing it, and they should not use the data for unauthorized purposes. But wrongful access to data is easier on digital networks, which are accessible remotely, controlled only by highly fallible passcode and other “authentication” systems. It’s a simple fact of modern life that data breaches happen more often and expose larger quantities of data. Data security risks are higher.
Governments aren’t the only organizations to allow breaches of personal and private data about their employees and subjects, but examples of this happening are legion. Examples include recent reports that the U.S. Department of Homeland Security and Federal Bureau of Investigation saw 200 gigabytes of sensitive information absconded with, including personal details about 30,000 of their employees. In June 2015, the United States government’s Office of Personnel Management announced that it had exposed the records of as many as four million people, a number later revised upward to 18 million.
And, of course, hackers are going where the money is. Recent reports from the U.K. and the U.S. state of Oregon show that exposure of sensitive personal details is allowing hackers to file false tax returns to collect funds properly owing to legitimate taxpayers.
It may be that, on average, government databases pose greater risks to security because government agencies and their employees do not suffer losses if the data they control is breached. There is no argument that corporate systems are perfect, but when a corporate system is breached, the company faces substantial liability and public relations costs that will impact the income of potentially every employee, and especially top management. Government organizations enjoy continued funding streams even in the face of failures. Indeed, some agencies are rewarded with larger budgets to clean up after, or compensate for, their lapses.
Digitization means more data about more people and things is more widely available. This includes our personal financial data. When a government agency – or Google or Facebook – collects digital data about us, there is a greater risk than there was before that this data will be exposed to a wrongdoer. And once data about us is “in the wild,” there is no telling where it may end up. Data has no necessary physical form, but it is like a volatile gas: Once it is out of the bottle, there’s no putting it back.
The security vs. security trade-off
In the past, it was fairly well recognized that record-keeping and reporting for tax purposes produced a trade-off between individual privacy and the funding needs of the state. Financial surveillance for crime control and terrorism was likewise a privacy cost exchanged for a national security benefit.
But this framework isn’t necessarily the right one any more. It is not just privacy put at risk by wrongful exposure under tax and financial surveillance policies, but individual security. The millions of individual data records breached in recent years don’t just threaten embarrassing or concerning disclosure, but the risk of identity frauds or phishing attacks that abscond with substantial amounts of individuals’ assets. It is not privacy at risk, but the keys to our financial wealth.
In the worst cases, of course, revelation of financial information can position wrongdoers not just to steal, but to select targets for robbery, kidnapping and even murder. In 1989, the murder of actress Rebecca Schaeffer spurred new privacy protections for driver license records because the California Department of Motor Vehicles had given out her home address to a stalker simply for the asking. It is not privacy at risk any more. It is personal security – mostly the security of our assets, but also, in rare cases, of our homes and families.
That does not mean there should be zero monitoring of financial transactions and financial flows. But it does mean that financial surveillance systems should be reassessed with their full costs in mind. The surveillance regime pushed by the Financial Action Task Force produces billions of dollars in compliance costs annually around the world, and it also puts individuals’ financial information at risk. If these policies are to be validated, they must be shown to produce more in national security than they cost in dollars and personal security. Taxation schemes, likewise, must be shown to produce more in revenues for needed government functions than they produce in economic dislocation, disincentives to investment, privacy and security risk, and other costs.
The challenge of making these kinds of calculation is not easy – it’s somewhat like comparing the weight of a rock to the length of a line. And many people operate simply on gut feelings: “the government needs this money” or “terrorism is really bad,” so financial surveillance is “good.” But it is essential to consider articulately whether financial surveillance actually produces net benefits. The FATF has endorsed financial institutions using risk management in their compliance programs for years. The FATF’s own principles should be subjected to the rigor of risk assessment to see whether they provide net security gains.
The modern trade-off in digitized financial surveillance is not between privacy and security, but personal security vs. national and state security. Given the presumption that states exist to protect individuals, these are trade-offs between equally important values. The privacy and security risks from financial surveillance should be more carefully considered in assessments of taxation and financial surveillance schemes.