1
00:00:00,000 --> 00:00:15,090
34c3 preroll
2
00:00:15,090 --> 00:00:19,290
Herald: Welcome everybody to our next
talk: Financial surveillance, Exposing the
3
00:00:19,290 --> 00:00:24,290
global banking watch lists. I think
everybody in this room would agree that
4
00:00:24,290 --> 00:00:29,040
mass surveillance is a very bad idea, and
that of course also goes for financial
5
00:00:29,040 --> 00:00:34,280
surveillance. And our next two speakers,
Jasmin Klofta and Tom Wills, are two
6
00:00:34,280 --> 00:00:39,180
investigative journalists, who have
uncovered, how the system of financial
7
00:00:39,180 --> 00:00:43,500
surveillance works. And I'm pretty sure
that you are just as excited as me to find
8
00:00:43,500 --> 00:00:47,939
out what they have found out. So, please
give them a warm round of applause!
9
00:00:47,939 --> 00:00:58,739
applause
10
00:00:58,739 --> 00:01:04,761
Jasmin Klofta: So hello, nice to see you
all. Microphone's not on I think? Be cool.
11
00:01:04,761 --> 00:01:14,189
I think the headset doesn't work.
Herald: Audio? Well you know there's
12
00:01:14,189 --> 00:01:18,740
always a litttle thing that doesn't work,
whatever this is. For the talk we just had before,
13
00:01:18,740 --> 00:01:23,270
there was a live demo, it was very well
planned - still something went wrong. I think
14
00:01:23,270 --> 00:01:26,650
everybody in the audience had a lot of
empathy, because nobody wants to be in
15
00:01:26,650 --> 00:01:30,769
that position. But I think we just fixed
the problem. Is it fixed? Is it about to
16
00:01:30,769 --> 00:01:33,509
be fixed?
Jasmin: I will try a little bit, yes!
17
00:01:33,509 --> 00:01:35,941
Herald: There we go! Round of applause,
now we go!
18
00:01:35,941 --> 00:01:40,511
Jasmin: We can start!
applause
19
00:01:40,511 --> 00:01:45,899
Jasmin: So, it's nice to see you all, so
happy that so many people came. I want to
20
00:01:45,899 --> 00:01:50,680
introduce to you: this is Tom - he's the
data journalist working on investigations
21
00:01:50,680 --> 00:01:56,519
at the Times of London and he specializes
in a set of techniques such as data
22
00:01:56,519 --> 00:02:02,030
mining, which can reveal wrongdoing and
lead to stories that benefit the public.
23
00:02:02,030 --> 00:02:05,369
Tom Wills: And this is Jasmin, she's an
investigative journalist working in
24
00:02:05,369 --> 00:02:11,001
Hamburg for Panorama at the broadcaster
NDR, which is part of the ARD network, and
25
00:02:11,001 --> 00:02:15,370
she focuses on politics, the digital
economy, and surveillance. And we're going
26
00:02:15,370 --> 00:02:20,270
to tell you tonight about findings of an
investigation we conducted this year as
27
00:02:20,270 --> 00:02:26,550
part of an international collaboration,
and our colleagues were Eveline, Stefania,
28
00:02:26,550 --> 00:02:34,310
Lars, and Cora. And Jasmin.
Jasmin: Yeah, and together we investigated
29
00:02:34,310 --> 00:02:39,500
the leaked database and published in June
this year our stories in the UK, in
30
00:02:39,500 --> 00:02:45,490
Germany, in the US, Netherlands, Belgium,
and Italy. So what was our story? We
31
00:02:45,490 --> 00:02:50,250
investigated, that innocent people around
the world have been wrongly added to a
32
00:02:50,250 --> 00:02:56,640
watch list of terrorists and criminals.
This watch list of high risk people and
33
00:02:56,640 --> 00:03:01,200
organization is compiled by Thomson
Reuters, a British firm, and sold to
34
00:03:01,200 --> 00:03:06,040
almost all the world's major banks, as
well as police forces, intelligence
35
00:03:06,040 --> 00:03:13,150
agencies, and non-government organization.
It's called World-Check and the leak gave
36
00:03:13,150 --> 00:03:19,860
us the opportunity to review the entire
database for the first time.
37
00:03:19,860 --> 00:03:25,020
Tom: So, what exactly is World-Check? Well,
if you want to open a bank account, we
38
00:03:25,020 --> 00:03:29,310
know that the bank might your credit
rating to see if you are a reliable
39
00:03:29,310 --> 00:03:34,000
borrower. But how does the bank know, if
you're a criminal, or a terrorist, or a
40
00:03:34,000 --> 00:03:38,380
potential money launderer? One of the
checks that most banks will do, is run your
41
00:03:38,380 --> 00:03:43,260
name against the World-Check watchlist,
and they might look in here. If your bank
42
00:03:43,260 --> 00:03:47,570
finds your name on the list, they might
refuse your application, or they might
43
00:03:47,570 --> 00:03:52,100
subject your financial transactions to
extra scrutiny, or if you're an existing
44
00:03:52,100 --> 00:03:56,920
customer, they might even
close your account.
45
00:03:56,920 --> 00:04:02,760
Jasmin: So, Thomson Reuters says about
their list that it is to find hidden risk.
46
00:04:02,760 --> 00:04:08,730
The list is of heightened risk people and
organizations, such as terrorists,
47
00:04:08,730 --> 00:04:13,100
fraudsters, or senior public officials,
who might try to use the account to handle
48
00:04:13,100 --> 00:04:21,860
corrupt funds. So they want to be kind of
an early warning system for hidden risk.
49
00:04:21,860 --> 00:04:27,600
And banks are even forced to use these kinds
of lists by regulation, they have to take
50
00:04:27,600 --> 00:04:32,700
steps to comply with sanctions and
international and domestic law against
51
00:04:32,700 --> 00:04:38,230
money laundering and terror financing. And
of course we all want less terrorism, and of
52
00:04:38,230 --> 00:04:42,900
course we want less money laundering,
that's clear. And to put it in a World-Check
53
00:04:42,900 --> 00:04:48,310
words, it's to help identify
relationships or risk by providing highly
54
00:04:48,310 --> 00:04:52,990
structured intelligence profiles and
heightening risk individuals and entities
55
00:04:52,990 --> 00:05:00,700
globally. But since 9/11, governments have
to put more and more pressure on banks to
56
00:05:00,700 --> 00:05:06,990
identify terrorists and money launderers
among their customers. So, Thomson Reuters
57
00:05:06,990 --> 00:05:12,860
advertises even World-Check with warnings
about recent fines and settlements against
58
00:05:12,860 --> 00:05:19,790
banks for violating sanctions. Maybe you
know the.. this one story: HSBC had a
59
00:05:19,790 --> 00:05:26,530
historic 1.9 billion dollar payment to US
authorities to settle money-laundering
60
00:05:26,530 --> 00:05:31,800
allegation in 2012, and that's one of the
most famous example that the banks, of
61
00:05:31,800 --> 00:05:38,800
course, fear very much. So if you look for
information how the information is
62
00:05:38,800 --> 00:05:44,120
collected, Thomson Reuters says it
compiles a list using hundreds of
63
00:05:44,120 --> 00:05:51,050
thousands of reputable sources in the
public domain. You got to remember that
64
00:05:51,050 --> 00:05:55,990
slide, and especially the word "reputable
sources", because we will come back to
65
00:05:55,990 --> 00:06:00,770
that a little bit later.
Tom: So how do they collect this
66
00:06:00,770 --> 00:06:05,730
information? Well, Thomson Reuters
researchers look into public sources,
67
00:06:05,730 --> 00:06:11,389
ranging from EU sanction lists, to local
newspapers in order to find names to add
68
00:06:11,389 --> 00:06:17,260
to the database. In total, Thomson Reuters
says that World-Check contains profiles on
69
00:06:17,260 --> 00:06:22,370
over two million entities, and that it's
adding 20.000 profiles a month, and
70
00:06:22,370 --> 00:06:29,580
updating 40.000. So the list is growing all
the time. Now, this is a job advert for a
71
00:06:29,580 --> 00:06:35,389
position as a World-Check researcher in
Washington DC and it states, that among the
72
00:06:35,389 --> 00:06:41,090
many responsibilities you need to write
more than 220 highly structured and
73
00:06:41,090 --> 00:06:45,510
sourced biographical intelligence profiles
every month. I think it's really nice of
74
00:06:45,510 --> 00:06:50,740
them to be so upfront about the workload.
And that's about 1 hour per profile,
75
00:06:50,740 --> 00:06:55,310
if you're working full time. So it must be
quite a challenge if you are the assistant
76
00:06:55,310 --> 00:07:02,500
research associate to maintain accuracy
and quality under that kind of workload.
77
00:07:02,500 --> 00:07:07,280
Jasmin: So not many people had heard of
this list until recently but it's one of
78
00:07:07,280 --> 00:07:12,520
the biggest of its kind. According to a
World-Check datasheet the service is used
79
00:07:12,520 --> 00:07:19,000
by over 300 intelligence and government
agencies, 9 out of the world's top 10 law
80
00:07:19,000 --> 00:07:26,440
firms and 49 of the world's 50 largest
banks. Overall more than 6000 customers
81
00:07:26,440 --> 00:07:34,590
from 170 countries are reportedly on their
customer list. The content of the list is
82
00:07:34,590 --> 00:07:39,470
secret because Thomson Reuters doesn't
tell people when it adds them to the list
83
00:07:39,470 --> 00:07:45,940
and banks are forbidden from passing on
the information. Access is only granted
84
00:07:45,940 --> 00:07:51,229
after a vetting process, so the user has
to sign a nondisclosure agreement and also
85
00:07:51,229 --> 00:07:56,979
using the database is quite expensive. A
year's access can cost up to 1 million
86
00:07:56,979 --> 00:08:02,389
euro.
Tom: In recent years there have been some
87
00:08:02,389 --> 00:08:06,110
excellent investigations by other
journalists, who've highlighted some
88
00:08:06,110 --> 00:08:12,680
possible issues with World-Check. The BBC
has been investigating why HSBC closed the
89
00:08:12,680 --> 00:08:18,610
account of Finsbury Park Mosque in London
without any explanation. The BBC
90
00:08:18,610 --> 00:08:22,580
researchers found that the mosque had been
listed in World-Check in the terrorism
91
00:08:22,580 --> 00:08:28,270
category. So that may have been part of
the bank's decision. VICE news was also
92
00:08:28,270 --> 00:08:32,759
able to view some of the entries in World-
Check through a client of Thomson Reuters
93
00:08:32,759 --> 00:08:37,540
and they discovered more examples of
questionable entries. So we knew that
94
00:08:37,540 --> 00:08:42,279
there was something potentially going on
with this database, but it mostly remained
95
00:08:42,279 --> 00:08:46,689
confidential and nobody had been able to
view the entire database in order to find
96
00:08:46,689 --> 00:08:51,440
out, whether there were wider
issues with the system.
97
00:08:51,440 --> 00:08:59,189
Jasmin: But then there was a leak: In
summer 2016 this security researcher Chris
98
00:08:59,189 --> 00:09:03,290
Vickery was doing what he very much likes
to do. He was scanning the internet for
99
00:09:03,290 --> 00:09:10,140
CouchDB instances exposed to the world
without any username or password. Well,
100
00:09:10,140 --> 00:09:18,749
you can imagine what comes next.
applause
101
00:09:18,749 --> 00:09:23,231
Jasmin: He would contact the owners to
encourage them to secure the data but he
102
00:09:23,231 --> 00:09:27,180
found something really interesting, and
that was the copy of the World-Check
103
00:09:27,180 --> 00:09:35,010
database from 2014. With him finding it
the question came up in his head: He
104
00:09:35,010 --> 00:09:41,490
asked: "I have a terrorism blacklist. I
have a copy, should it be shared?" Chris
105
00:09:41,490 --> 00:09:47,139
posted on Reddit to say that he was facing
a dilemma about, whether to release the
106
00:09:47,139 --> 00:09:52,260
entire database or not. Because on the one
hand the database was apparently compiled
107
00:09:52,260 --> 00:09:59,829
from public sources, so: what's the
problem with publishing public sources?
108
00:09:59,829 --> 00:10:04,030
The World-Check is a system that is used
to make decisions about people's lives and
109
00:10:04,030 --> 00:10:09,420
secrets, so maybe transparency would be in
their interest. But on the other hand it
110
00:10:09,420 --> 00:10:14,689
contained personal data relating to
millions of people, who might suffer harm
111
00:10:14,689 --> 00:10:20,850
if the information was disclosed. Since it
is not so easy to ask the 2 million
112
00:10:20,850 --> 00:10:28,760
people, if he's allowed to publish it, he
was asking himself so what now to do.
113
00:10:28,760 --> 00:10:33,360
Thanks to the previous work of the BBC
advice we as journalists had reason to
114
00:10:33,360 --> 00:10:39,160
believe, it would be in the public
interest to review this data. So we made
115
00:10:39,160 --> 00:10:44,540
contact with Chris and before viewing the
leaked data we considered of course the
116
00:10:44,540 --> 00:10:51,889
ethical, legal and security implications.
Tom: We had a chance to fully reveal how
117
00:10:51,889 --> 00:10:55,889
the system works for the first time. And
this is what the file looked like:
118
00:10:55,889 --> 00:11:01,729
laughter
Jasmin: Isn't it beautiful?
119
00:11:01,729 --> 00:11:05,829
Tom: We agreed with Chris that we would
use the data to do responsible journalism,
120
00:11:05,829 --> 00:11:09,519
but not to publish the data itself, so we
can't show you the full database in this
121
00:11:09,519 --> 00:11:16,519
presentation. When we received the data it
was a 4 GB JSON line delimited file with
122
00:11:16,519 --> 00:11:23,299
no documentation. The first thing I had to
do was write a parser in Python. I started
123
00:11:23,299 --> 00:11:30,269
to flatten this JSON file into a CSV file.
Then we had a 4 GB CSV file and I loaded
124
00:11:30,269 --> 00:11:35,069
that into Postgres in order that we could
do some analysis of the contents of this
125
00:11:35,069 --> 00:11:42,029
database. So this is an abridged version
of the field list showing you the really
126
00:11:42,029 --> 00:11:46,360
key pieces of data on each of these
profiles. We've got an ID, we've got an
127
00:11:46,360 --> 00:11:52,610
entity type, that is, if this is a person
or an organization, for people there were
128
00:11:52,610 --> 00:11:57,740
first names, surnames, aliases. Position
would be: if you're a politician, this
129
00:11:57,740 --> 00:12:02,270
would say what your position is in the
government. The categories were really
130
00:12:02,270 --> 00:12:07,610
interesting, because these might be that
you're a politician as mentioned or might
131
00:12:07,610 --> 00:12:12,019
be that you're in the terrorism category
or the financial crime category. We've got
132
00:12:12,019 --> 00:12:15,509
dates of birth and countries and
nationalities, obviously those are really
133
00:12:15,509 --> 00:12:23,449
important so that banks can identify the
customers correctly. Information text was
134
00:12:23,449 --> 00:12:27,439
possibly the most interesting part of the
data. And then we had various links to
135
00:12:27,439 --> 00:12:32,920
other profiles, the source URLs which
turned out to be really crucial and the
136
00:12:32,920 --> 00:12:39,749
dates on which the records have been
created and updated. You know, some of
137
00:12:39,749 --> 00:12:45,660
these fields were self-explanatory, but we
really needed to see what this database
138
00:12:45,660 --> 00:12:51,149
looked like to the end-user to understand
how this information would be interpreted.
139
00:12:51,149 --> 00:12:56,260
Like any good investigative journalists ..
we of course turned to Google. After a
140
00:12:56,260 --> 00:13:00,850
bit of experimentation we discovered the
magic words: searching for "you are
141
00:13:00,850 --> 00:13:06,989
strictly prohibited from disclosing or
copying the content of this service".
142
00:13:06,989 --> 00:13:11,509
applause
143
00:13:11,509 --> 00:13:17,221
Tom: And sure enough we find some examples
of profiles from World-Check, which people
144
00:13:17,221 --> 00:13:21,231
may or may not realize are on the internet
and accessible through Google. Some of
145
00:13:21,231 --> 00:13:24,250
these are from the Panama papers, so
obviously the person who put that one
146
00:13:24,250 --> 00:13:28,569
there knew what they were doing. The first
example in this result is interesting
147
00:13:28,569 --> 00:13:32,800
though because we have the word "intranet"
in the URL and we should perhaps tell this
148
00:13:32,800 --> 00:13:36,220
company that their intranet is not an
intranet.
149
00:13:36,220 --> 00:13:38,670
laughter
150
00:13:38,670 --> 00:13:40,299
Jasmin: Maybe they found out by
themselves.
151
00:13:40,299 --> 00:13:48,209
Tom: They know now, hopefully. This
example is actually from a magazine in
152
00:13:48,209 --> 00:13:52,799
Brazil which published World-Check
profiles that they obtained as part of an
153
00:13:52,799 --> 00:13:57,079
investigation. This was really useful
because we could see exactly what the data
154
00:13:57,079 --> 00:14:03,259
looks like to the end-user. This profile
belongs to Eduardo da Cunha, who was the
155
00:14:03,259 --> 00:14:07,809
former leader of the Brazilian Chamber of
Deputies and as I said it was published by
156
00:14:07,809 --> 00:14:12,879
the magazine. We can see here the
categories that he's been assigned: in
157
00:14:12,879 --> 00:14:17,829
this case he's a political individual and
he's a PEP. PEP stands for politically
158
00:14:17,829 --> 00:14:23,610
exposed person. This is a term in anti-
money-laundering legislation that means
159
00:14:23,610 --> 00:14:28,949
this person is in senior public office and
they are potentially in a position to take
160
00:14:28,949 --> 00:14:32,600
bribes and launder corrupt funds. It
doesn't mean necessarily that they've done
161
00:14:32,600 --> 00:14:36,999
anything wrong, but the money laundering
rules say that banks have to scrutinize
162
00:14:36,999 --> 00:14:41,869
these people very carefully. So if you are
a politician you might be called up by
163
00:14:41,869 --> 00:14:46,569
your bank and they would say we need to
interview you about your sources of income
164
00:14:46,569 --> 00:14:50,929
in order to establish what the legitimate
level of income is and if you exceed that
165
00:14:50,929 --> 00:14:55,800
level you'll be reported to the
authorities. The definition of PEP also
166
00:14:55,800 --> 00:15:00,899
includes the immediate family of the
public officials and we'll see that on the
167
00:15:00,899 --> 00:15:07,619
next slide. When we scroll down after the
age and date of birth we've got these
168
00:15:07,619 --> 00:15:13,549
links to other profiles: These are the
Brazilian politician's immediate family
169
00:15:13,549 --> 00:15:21,119
members, who have their own profiles. Then
further down we've got the reports, so in
170
00:15:21,119 --> 00:15:25,239
this case this politician was actually
accused of doing something wrong, it
171
00:15:25,239 --> 00:15:29,240
wasn't just that they're a politically
exposed person. There's a report of an
172
00:15:29,240 --> 00:15:34,779
allegation of corruption there and since
this profile was published it turned out
173
00:15:34,779 --> 00:15:38,939
that he was convicted of corruption. So
this is an example of a profile of
174
00:15:38,939 --> 00:15:45,540
somebody who turned out to be guilty. Now
that we understood what a profile looked
175
00:15:45,540 --> 00:15:52,199
like we started to analyze the scope of
the database.
176
00:15:52,199 --> 00:15:56,879
This table shows for each country how many
people were profiled in World-Check as it
177
00:15:56,879 --> 00:16:03,239
stood in 2014, which was the date of the
copy of the database that Chris Vickery
178
00:16:03,239 --> 00:16:09,089
found online. We're showing here for each
country with at least 5000 entries the
179
00:16:09,089 --> 00:16:13,200
number of non-PEPs, so that could be
people in the terrorism or the crime
180
00:16:13,200 --> 00:16:17,981
category or it could be various other
things. The number of PEPs: we would
181
00:16:17,981 --> 00:16:22,369
expect them to be senior public officials
but it's interesting that there are a lot
182
00:16:22,369 --> 00:16:27,689
of countries where there are tens of
thousands of PEPs and so that suggests
183
00:16:27,689 --> 00:16:32,459
that perhaps they've cast the net quite
wide there. We're also giving numbers of
184
00:16:32,459 --> 00:16:39,239
relatives of PEPs. We spent a lot of time
browsing the data for our countries and
185
00:16:39,239 --> 00:16:43,129
querying the database to understand the
types of the different types of people
186
00:16:43,129 --> 00:16:48,600
who've been included. And then everyone in
our collaboration started finding people
187
00:16:48,600 --> 00:16:52,600
who really didn't belong on the list. And
we started to ask: How did these innocent
188
00:16:52,600 --> 00:16:58,579
people end up on this watchlist?
Jasmin: We were for example really
189
00:16:58,579 --> 00:17:03,509
surprised to find Greenpeace, 16
Greenpeace activists, on the list, who
190
00:17:03,509 --> 00:17:08,049
were arrested for peacefully protesting
this "Star Wars" missile defense program
191
00:17:08,049 --> 00:17:18,529
in 2001. They were listed under the
general category "crime". That was a bit
192
00:17:18,529 --> 00:17:24,230
weird, because they did plead guilty to
criminal trespass, but never served time
193
00:17:24,230 --> 00:17:32,860
for this minor charge. But 12 years later,
they would still be on that list.
194
00:17:32,860 --> 00:17:37,539
Tom: This is another example, this time
from the UK, from a town called Chelmsford
195
00:17:37,539 --> 00:17:43,210
in the South of England. This woman is
Jackie Arnott and she was listed in the
196
00:17:43,210 --> 00:17:49,210
politically exposed persons category along
with a record of all her civic activities.
197
00:17:49,210 --> 00:17:53,820
So here she is at work, volunteering for
an organization called "Harvest for the
198
00:17:53,820 --> 00:17:58,330
Homeless". This is a local campaign in
Chelmsford that was collecting food for
199
00:17:58,330 --> 00:18:05,659
people in need. Jackie Arnott is not a
senior public official as you might expect
200
00:18:05,659 --> 00:18:10,809
a politically exposed person to be. In
fact her only connection to power seemed
201
00:18:10,809 --> 00:18:16,150
to be that her husband Allen had been the
mayor of Chelmsford, which is a ceremonial
202
00:18:16,150 --> 00:18:24,690
position. Now to a different town in the
South of England: this is leafy Kingston
203
00:18:24,690 --> 00:18:33,220
upon Thames. This is a view of the town
hall: it's all very genteel and this is
204
00:18:33,220 --> 00:18:38,659
one of Kingston's local politicians: Yogan
Yoganathan. You can see the letters MBE,
205
00:18:38,659 --> 00:18:42,630
member of the British Empire, after his
name. He was given an honour by the Queen
206
00:18:42,630 --> 00:18:47,270
for his services to local government and
community relations in Kingston upon
207
00:18:47,270 --> 00:18:52,970
Thames. Among his activities he was a
peace campaigner. He campaigned for peace
208
00:18:52,970 --> 00:19:01,480
in Sri Lanka and that led to him being
listed in World-Check and being linked to
209
00:19:01,480 --> 00:19:05,769
allegedly the Tamil Tiger terrorist
organization, which is an extremely
210
00:19:05,769 --> 00:19:10,740
serious and very upsetting claim to have
made about you, not least if you're a
211
00:19:10,740 --> 00:19:17,159
peace campaigner. The World-Check database
gave the source for this allegation as a
212
00:19:17,159 --> 00:19:23,490
Sri Lankan government website which in
2007, at the height of the civil war in
213
00:19:23,490 --> 00:19:28,960
Sri Lanka, has said: These guys in London
organising peace protests about Sri Lanka,
214
00:19:28,960 --> 00:19:34,019
they're all Tamil Tiger terrorists. And
that allegation had made its way into the
215
00:19:34,019 --> 00:19:39,450
World Check database and Mr. Yoganathan
said he was very hurt by this allegation
216
00:19:39,450 --> 00:19:44,980
and this was completely untrue and
completely without any other basis in
217
00:19:44,980 --> 00:19:50,070
fact.
Jasmin: So remember when we said, you
218
00:19:50,070 --> 00:19:56,240
should remember this slide because of the
beautiful words "reputable sources". If
219
00:19:56,240 --> 00:20:00,440
you read a little bit further Thomson
Reuters says: "researchers are bound to
220
00:20:00,440 --> 00:20:07,670
comply with strict research criteria and
must remain objective at all time". Well
221
00:20:07,670 --> 00:20:13,560
it seems that the research team was a
little bit flexible on these rules. The
222
00:20:13,560 --> 00:20:18,100
reasons why innocent people showed up on
the list were very often the problem of
223
00:20:18,100 --> 00:20:25,019
these "reputable" sources and handling
them. Now we would like to show you some
224
00:20:25,019 --> 00:20:29,669
of the sources and we put together a
little ranking for you.
225
00:20:29,669 --> 00:20:35,950
laughter
Jasmin: You might all know that one. Yeah,
226
00:20:35,950 --> 00:20:42,549
Wikipedia. We thought we give number 5 to
Wikipedia. In thousands of profiles World-
227
00:20:42,549 --> 00:20:49,649
Check used Wikipedia as a source. Well
here you still might think: okay it's only
228
00:20:49,649 --> 00:20:55,020
for general information, so maybe it's
fine. What about the next one?
229
00:20:55,020 --> 00:21:00,669
Tom: Well at number 4 we have conspiracy
sites: this one is called cyberclass.net
230
00:21:00,669 --> 00:21:05,259
and it has all the educational resources
you might need on alternative accounts of
231
00:21:05,259 --> 00:21:11,130
the 9/11 attacks. World-Check research has
also cited it in a profile of a British
232
00:21:11,130 --> 00:21:15,940
businessman, which of course was
used by the banks.
233
00:21:15,940 --> 00:21:21,320
Jasmin: Number 3, also really interesting:
We found state-run sites or state-run
234
00:21:21,320 --> 00:21:27,230
propaganda you must say, also used as
sources, for example China Daily. It's the
235
00:21:27,230 --> 00:21:32,720
biggest newspaper in China and state-owned
and even though it's not an official organ
236
00:21:32,720 --> 00:21:40,980
of the Chinese Communist Party, it's
considered to be a quasi-party newspaper.
237
00:21:40,980 --> 00:21:46,509
Because of this commentary that you see on
the right side, it's saying that there's a
238
00:21:46,509 --> 00:21:51,519
terrorist group, the Tibetan Youth
Congress, the prominent diaspora
239
00:21:51,519 --> 00:21:58,950
organization, is listed as a terrorist
group on World-Check. What we found
240
00:21:58,950 --> 00:22:04,450
pretty, I don't know how to say it.. the
research team used this article as the
241
00:22:04,450 --> 00:22:12,290
only source for this profile recording the
Chinese government's accusations.
242
00:22:12,290 --> 00:22:17,360
Tom: At number 2 we have a website that
unfortunately you might have heard of:
243
00:22:17,360 --> 00:22:23,539
Hundreds of listings referenced reports on
Breitbart. At the time, Breitbart was
244
00:22:23,539 --> 00:22:27,730
selectively reporting on what it called
"black crime" and there was a whole tag
245
00:22:27,730 --> 00:22:32,549
page for what they called "black crime".
There were hundreds of listings that
246
00:22:32,549 --> 00:22:38,320
referred to reports that have been carried
on Breitbart. But number 1 ...
247
00:22:38,320 --> 00:22:42,950
Jasmin: Our number 1 ...
Tom: We have Stormfront which, if you
248
00:22:42,950 --> 00:22:48,740
haven't heard of it, it's a forum for
white supremacists. It was founded in 1995
249
00:22:48,740 --> 00:22:54,530
by a former Ku Klux Klan member and there
were several listings that referred to
250
00:22:54,530 --> 00:23:00,840
Stormfront. Among them listings for two
black British people containing links to a
251
00:23:00,840 --> 00:23:06,570
discussion thread on the forum.
Jasmin: So the problem really is that
252
00:23:06,570 --> 00:23:11,929
World-Check uses all the sources that they
can find, which is fine, but it seems that
253
00:23:11,929 --> 00:23:17,409
they don't differ between a news site, a
propaganda site, extremist sites, whatever
254
00:23:17,409 --> 00:23:24,070
site. And all the sources and information
they collect, but they don't weight it or
255
00:23:24,070 --> 00:23:28,660
rate it or assess the information. So for
example, if a state attorney accuses a
256
00:23:28,660 --> 00:23:33,799
person or if a competitor blackened
somebody in a media report, the
257
00:23:33,799 --> 00:23:38,570
information gets into the World-Check
database without any filtering and there
258
00:23:38,570 --> 00:23:45,010
is no final verification of this or any
accusation.
259
00:23:45,010 --> 00:23:49,940
Tom: World-Check found an interesting way
to deal with this problem of unreliable
260
00:23:49,940 --> 00:23:55,730
sources or potentially unreliable sources:
In the profiles they've added this general
261
00:23:55,730 --> 00:24:02,659
legal notice. Here they mention that
everyone who views this database should
262
00:24:02,659 --> 00:24:08,299
carry out independent checks to verify the
information. They later added a further
263
00:24:08,299 --> 00:24:13,259
disclaimer saying: If this profile
contains negative allegations it should be
264
00:24:13,259 --> 00:24:20,740
assumed that such allegations are denied.
This is an interesting legal concept, that
265
00:24:20,740 --> 00:24:25,049
you can carry these extremely damaging
accusations that people are linked to
266
00:24:25,049 --> 00:24:29,870
terrorist groups, but of course you can
tell your customers to assume that the
267
00:24:29,870 --> 00:24:35,489
allegations are denied and to check the
information out themselves. We found many
268
00:24:35,489 --> 00:24:41,019
people on the list that had encountered
difficulties with their banks and that
269
00:24:41,019 --> 00:24:46,370
raises the question of whether some banks
and users of the list were able to heed
270
00:24:46,370 --> 00:24:51,149
this warning and launch their own
investigations after seeing adverse claims
271
00:24:51,149 --> 00:24:56,491
in World-Check. In fact, somebody I spoke
to as part of my research who works for a
272
00:24:56,491 --> 00:25:01,880
bank said that they were under such
pressure that if they found an adverse
273
00:25:01,880 --> 00:25:07,769
listing in World-Check, it would be
extremely difficult for them to disprove
274
00:25:07,769 --> 00:25:16,649
it, you know, given the time that was
available. This is one issue. But besides
275
00:25:16,649 --> 00:25:21,840
the problems with the sources and the lack
of verification of the information there
276
00:25:21,840 --> 00:25:26,721
is another reason why innocent people have
ended up in this watchlist: Our research
277
00:25:26,721 --> 00:25:31,289
showed that the database carries entries
for people who are merely accused or
278
00:25:31,289 --> 00:25:36,740
investigated over possible crimes without
being charged or convicted. Reports of
279
00:25:36,740 --> 00:25:40,899
minor convictions are kept on file for
years after the event as we saw with
280
00:25:40,899 --> 00:25:46,029
Greenpeace. and sometimes people had been
cleared of their charges but their entries
281
00:25:46,029 --> 00:25:50,029
hadn't been updated to reflect that
information. So innocent people just kept
282
00:25:50,029 --> 00:25:56,330
being guilty in the world of the database.
Jasmin: For example like him, so please
283
00:25:56,330 --> 00:26:01,950
meet the terrorist Andrej Holm, or at
least that's what World-Check suggested
284
00:26:01,950 --> 00:26:07,360
for a couple of years. Holm, maybe some of
you know him, is a very well-known
285
00:26:07,360 --> 00:26:13,950
sociologist and later he was a short time,
in German "Baustaatssekretär". Maybe in
286
00:26:13,950 --> 00:26:18,740
English at something like housing
secretary in the Berlin State Government.
287
00:26:18,740 --> 00:26:22,760
He was targeted by the Federal
prosecutor's office ten years ago. The
288
00:26:22,760 --> 00:26:29,090
suspicion was: Membership in a terrorist
group. He was arrested at the end of July
289
00:26:29,090 --> 00:26:35,649
2007 and detained for 3 weeks. Holm had
obviously been investigated because he had
290
00:26:35,649 --> 00:26:40,769
being critical of the displacement of
poorer people and cities and he wrote it
291
00:26:40,769 --> 00:26:48,480
in a very similar way or similar words to
a left-wing extremist group active at that
292
00:26:48,480 --> 00:26:54,559
time. But in the end the suspicion that he
could be a member himself proved totally
293
00:26:54,559 --> 00:27:04,250
unfounded and in 2010 all procedures
against Holm were discontinued. He was
294
00:27:04,250 --> 00:27:10,929
even compensated for his imprisonment. In
the end for the state and justice Holm was
295
00:27:10,929 --> 00:27:18,099
innocent. But when Holm wanted to become a
customer at Norisbank two years later in
296
00:27:18,099 --> 00:27:24,500
2012, the institute refused to open his
bank account and that even without any
297
00:27:24,500 --> 00:27:32,739
explanation. That was when Holm still did
not know that he was on the watchlist of
298
00:27:32,739 --> 00:27:39,559
World-Check. When we told him and we
talked to him he said: I have a bad
299
00:27:39,559 --> 00:27:44,320
feeling when my life is recorded there
without me being aware of it or having any
300
00:27:44,320 --> 00:27:50,309
influence on it. Even years later such an
entry can permanently make life
301
00:27:50,309 --> 00:27:56,299
significantly more difficult. But
apparently there are institutions that
302
00:27:56,299 --> 00:28:02,350
rely on World-Check or similar databases.
When we talked to the Norisbank they said
303
00:28:02,350 --> 00:28:07,789
that the Name List screening, that's what
it's called, was an essential part of
304
00:28:07,789 --> 00:28:14,009
fulfilling the legal requirements for
combating financial criminality. It's
305
00:28:14,009 --> 00:28:18,830
about preventing money laundering, they
said. And the due diligence check would
306
00:28:18,830 --> 00:28:25,929
use many different databases as data
sources. I found a little bit funny that
307
00:28:25,929 --> 00:28:31,840
they wouldn't talk about at all about the
case from Mr. Holm and they said: They
308
00:28:31,840 --> 00:28:39,740
cannot give any information because
of data protection reasons.
309
00:28:39,740 --> 00:28:44,490
Tom: We saw in the marketing brochure that
Thomson Reuters say that 49 of 50 of the
310
00:28:44,490 --> 00:28:50,580
world's biggest banks use World-Check. We
had a pretty strong idea that most of the
311
00:28:50,580 --> 00:28:55,720
big-name banks would be using it. But for
my UK audience I wanted to confirm that
312
00:28:55,720 --> 00:28:59,889
the high street names that my readers
would be familiar with had used this
313
00:28:59,889 --> 00:29:05,289
database. I had information that the Co-
operative Bank among several other big
314
00:29:05,289 --> 00:29:10,950
names had used World Check and I asked
them to confirm that that was the case.
315
00:29:10,950 --> 00:29:16,559
And this is what they said: "I can confirm
that the Co-operative Bank doesn't use and
316
00:29:16,559 --> 00:29:22,160
has not used World-Check." Well, this was
an interesting response. I went back to
317
00:29:22,160 --> 00:29:29,649
Google and I did a site-search on LinkedIn
for World-Check and the Co-operative Bank
318
00:29:29,649 --> 00:29:36,059
and this is what I found: This is Michael,
he says he is a high-risk case-analyst at
319
00:29:36,059 --> 00:29:43,959
the Co-operative Bank and his previous
position in 2015: he was an anti-money-
320
00:29:43,959 --> 00:29:48,989
laundering analyst and this gives the
description of his responsibilities. At
321
00:29:48,989 --> 00:29:53,980
the bottom there you can see that that
included exiting customers where necessary
322
00:29:53,980 --> 00:29:59,279
if they were found outside the bank's risk
appetite, which is a euphemism for: he can
323
00:29:59,279 --> 00:30:04,429
close your account if you're too risky. So
this was quite obviously a considerable
324
00:30:04,429 --> 00:30:09,610
responsibility and then further down in
the job description he says that he used
325
00:30:09,610 --> 00:30:17,080
systems including World-Check to make
these decisions.
326
00:30:17,080 --> 00:30:22,490
So I went back to the Co-operative Bank
press spokesperson and sent them an
327
00:30:22,490 --> 00:30:28,909
attachment to see what they had to say
about this. And the reply came: "I can
328
00:30:28,909 --> 00:30:33,950
confirm that we do not use World-Check and
any access to that database the bank had
329
00:30:33,950 --> 00:30:39,940
was in excess of 5 years ago." So they
admitted that they had used the database,
330
00:30:39,940 --> 00:30:45,929
but they're now saying that they don't use
it anymore. I think this is an indication
331
00:30:45,929 --> 00:30:51,639
of exactly how much secrecy there is on
the part of the banks and resistance to
332
00:30:51,639 --> 00:30:55,549
any kind of accountability. You know,
they're questioned by a journalist from a
333
00:30:55,549 --> 00:31:00,200
national newspaper, they give completely
inaccurate information about whether they
334
00:31:00,200 --> 00:31:05,099
had used this system and only admitted it
when they were confronted with evidence to
335
00:31:05,099 --> 00:31:09,799
the contrary. You know, if you're a Co-
operative Bank customer, you really ought
336
00:31:09,799 --> 00:31:15,119
to have a right to know what is being done
with your data and how decisions about you
337
00:31:15,119 --> 00:31:20,029
are being made. This is all enshrined in
data-protection law and this seems to be
338
00:31:20,029 --> 00:31:27,470
at odds with all of those principles.
So we put all of the findings from the
339
00:31:27,470 --> 00:31:33,309
different countries to Thomson Reuters and
they didn't really come back to us on any
340
00:31:33,309 --> 00:31:37,820
of their specific cases, but they gave us
a statement. One of the things they said
341
00:31:37,820 --> 00:31:42,480
was that "Individuals can contact us, if
they believe any of the information held
342
00:31:42,480 --> 00:31:49,929
is inaccurate and we would urge them to do
so." This is quite tricky, if your bank is
343
00:31:49,929 --> 00:31:55,260
not allowed to tell you, why your account
has been closed. The bank is certainly not
344
00:31:55,260 --> 00:32:00,980
allowed to show you your listing on World-
Check. We have to admit that you can
345
00:32:00,980 --> 00:32:05,019
submit a subject access request to Thomson
Reuters, if you have a hunch that you
346
00:32:05,019 --> 00:32:09,340
might be on the list, and then you can
find out and obviously you could challenge
347
00:32:09,340 --> 00:32:15,010
your information. But whether that would
be acted upon is another question. Thomson
348
00:32:15,010 --> 00:32:20,639
Reuters said they provide identifying
information such as dates of birth and
349
00:32:20,639 --> 00:32:26,360
this will be verified with reputable and
official sources. On some of the
350
00:32:26,360 --> 00:32:31,460
unreliable sources they said: "If blog
content appears it is only as a supporting
351
00:32:31,460 --> 00:32:37,039
source for that secondary information and
is clearly identified as such". We don't
352
00:32:37,039 --> 00:32:41,710
know if they've made improvements to the
database since 2014, so it may be that
353
00:32:41,710 --> 00:32:46,429
things are different from the snapshot we
saw, but that's what they said.
354
00:32:46,429 --> 00:32:51,119
And then they said: "In conclusion, it's
important to point out that the inclusion
355
00:32:51,119 --> 00:32:55,950
in World-Check does not imply guilt of any
crime and every record states, if this
356
00:32:55,950 --> 00:33:00,269
profile contains negative allegations it
should be assumed that such allegations
357
00:33:00,269 --> 00:33:04,679
are denied. The accuracy of the
information found in the underlying media
358
00:33:04,679 --> 00:33:08,510
sources should be verified with the
profile subject before any action is
359
00:33:08,510 --> 00:33:13,740
taken." One final point they made is that
there are competing databases to World-
360
00:33:13,740 --> 00:33:19,289
Check. So LexisNexis and Dow Jones also
produce watchlists and we don't know if
361
00:33:19,289 --> 00:33:26,810
there are similar problems with those
lists. Why has this happened? You know, we
362
00:33:26,810 --> 00:33:31,539
mentioned that banks are under huge
pressure from governments to weed out
363
00:33:31,539 --> 00:33:36,940
terrorists and money launderers among
their customer bases and what's the
364
00:33:36,940 --> 00:33:41,499
environment in which this has come about?
We don't have a full answer to this
365
00:33:41,499 --> 00:33:47,789
question, but I want to show you one email
that gives a sense of the atmosphere and
366
00:33:47,789 --> 00:33:52,750
the paranoia that has led
to the current regime.
367
00:33:52,750 --> 00:33:57,870
So this email is from a man who says he's
the World Check's General Counsel. It was
368
00:33:57,870 --> 00:34:06,510
sent in 2002 to a US Treasury consultation
and so this is a public document. He
369
00:34:06,510 --> 00:34:10,820
declares his interests, he says he works
for a company that sells a product to help
370
00:34:10,820 --> 00:34:16,270
financial institutions conduct money
laundering checks. Obviously this is a
371
00:34:16,270 --> 00:34:20,489
short time after 9/11 and he argues that
under the Patriot Act financial
372
00:34:20,489 --> 00:34:25,600
institutions must be proactive about
tackling money laundering. He exerts the
373
00:34:25,600 --> 00:34:28,949
considerable moral pressure, even going so
far as to suggest that the banks were
374
00:34:28,949 --> 00:34:33,090
helping the terrorists by their lack of
action. So he writes: "The U.S. is in a
375
00:34:33,090 --> 00:34:37,729
war on terror and the front lines of the
war are at the doorsteps of every US
376
00:34:37,729 --> 00:34:43,540
financial institution. US financial
institutions are inadvertently aiding and
377
00:34:43,540 --> 00:34:49,810
abetting domestic terror against American
citizens." This is just one company's
378
00:34:49,810 --> 00:34:53,801
viewpoint, I'm sure the US Treasury took
in lots of different viewpoints when they
379
00:34:53,801 --> 00:34:58,800
were forming this legislation, but I think
this gives a nice sense of the kinds of
380
00:34:58,800 --> 00:35:04,790
arguments that were being made. If you
want more on the wider context of this
381
00:35:04,790 --> 00:35:09,350
there's a really good book called
"Speculative Security" by Marieke de Goede
382
00:35:09,350 --> 00:35:17,180
which goes into this in more detail.
So can the system be improved or repaired?
383
00:35:17,180 --> 00:35:21,070
Again, we don't give an answer to this
question but some thoughts have occurred
384
00:35:21,070 --> 00:35:27,510
to us: There could be better selection of
sources used to compile this kind of list.
385
00:35:27,510 --> 00:35:33,260
Perhaps you would narrow it down a bit
more to the official sanctions lists and
386
00:35:33,260 --> 00:35:36,690
people who are actually convicted of
crimes. Those kinds of categories of
387
00:35:36,690 --> 00:35:42,560
sources, maybe news reports in reputable
outlets, perhaps news reports that are
388
00:35:42,560 --> 00:35:47,750
confirmed by more than one outlet, that
kind of thing. You could also indicate the
389
00:35:47,750 --> 00:35:53,760
quality of the information. So if you're
going to insist on republishing the fact
390
00:35:53,760 --> 00:35:57,810
that the Sri Lankan government has accused
a person of terrorism, maybe you would
391
00:35:57,810 --> 00:36:03,320
flag up that the Sri Lankan government
certainly at that time did not have a good
392
00:36:03,320 --> 00:36:07,520
record for reliability on who it was
accusing of being terrorists. You could
393
00:36:07,520 --> 00:36:12,550
also give rights of reply to people: So on
your credit history you can go to a credit
394
00:36:12,550 --> 00:36:18,540
reference agency, see what is said about
you and reply to the criticisms of you
395
00:36:18,540 --> 00:36:22,610
that are made there. They could think
about doing that. There is an initiative
396
00:36:22,610 --> 00:36:28,480
to make an open-source sanctions watchlist
at opensanctions.org, which of course
397
00:36:28,480 --> 00:36:33,040
brings lots of advantages and everyone can
see what is said about them on the list.
398
00:36:33,040 --> 00:36:36,430
And I think there's also the wider
question of whether we actually want banks
399
00:36:36,430 --> 00:36:42,120
to have this responsibility of predicting
and foreseeing crime among their
400
00:36:42,120 --> 00:36:46,390
customers. Do we want the private sector
to do that job or do we want that
401
00:36:46,390 --> 00:36:50,540
responsibility to be squarely on the
judicial system or on the criminal justice
402
00:36:50,540 --> 00:36:56,140
system? So with that ...
Jasmin: So...
403
00:36:56,140 --> 00:36:58,140
Tom: Go on.
Jasmin: No, go on.
404
00:36:58,140 --> 00:37:00,430
Tom: We'll be very happy to take your
questions and these are all contact
405
00:37:00,430 --> 00:37:03,730
details, so thank you very
much for your attention.
406
00:37:03,730 --> 00:37:14,815
applause
407
00:37:14,815 --> 00:37:16,120
Herald: Thank you very much for this
408
00:37:16,120 --> 00:37:20,250
super-interesting talk. I have good news
for all of you: we have about 20 minutes
409
00:37:20,250 --> 00:37:25,060
time for Q&A, so please pile up at the
microphones, if you have any questions, of
410
00:37:25,060 --> 00:37:30,550
which I am sure there are many. We are
going to start with one question from the
411
00:37:30,550 --> 00:37:33,120
Internet.
Internet-Question: Considering the
412
00:37:33,120 --> 00:37:40,410
database is still online has it undergone
changes to conform to GDPR?
413
00:37:40,410 --> 00:37:46,390
Tom: I don't think we have any information
on that, sorry.
414
00:37:46,390 --> 00:37:50,640
Herald: Alright, thanks, let's start with
another question from microphone number 1.
415
00:37:50,640 --> 00:37:55,770
Mic1: Thank you. If he was the general
council for the World Check company, at
416
00:37:55,770 --> 00:38:01,170
what point was it acquired by Thomson
Reuters? Or was it already part of Thomson
417
00:38:01,170 --> 00:38:04,970
Reuters?
Tom: It wasn't at that point, it was some
418
00:38:04,970 --> 00:38:09,070
years later. An interesting point actually
about his job title is that, if you go on
419
00:38:09,070 --> 00:38:15,110
his LinkedIn page, he does have a law
degree, this guy, but his job title at
420
00:38:15,110 --> 00:38:18,500
world check in 2002 was not General
Council, but a Head of Business
421
00:38:18,500 --> 00:38:21,590
Development. I don't know, if that's just
a mistake on his LinkedIn.
422
00:38:21,590 --> 00:38:25,670
Herald: Maybe another question from
microphone number 3.
423
00:38:25,670 --> 00:38:32,430
Mic3: So I want to know, if I make a
request to access my data will that put me
424
00:38:32,430 --> 00:38:38,170
on the list?
And my actual question is: Where did they
425
00:38:38,170 --> 00:38:43,600
get the names from? Because essentially
the analyst that does 220 profiles a day,
426
00:38:43,600 --> 00:38:48,180
does he get to pick the names?
Jasmin: Yes. So if you put a request to
427
00:38:48,180 --> 00:38:53,270
World Check your name will not be on the
list afterwards. So you can do it if you
428
00:38:53,270 --> 00:38:57,980
want. And this is how it works: The
research team goes through the internet
429
00:38:57,980 --> 00:39:02,110
and looks for articles and picks out names
and puts them in.
430
00:39:02,110 --> 00:39:08,060
Mic3: Ok, so they should be people, who
don't go on Stormfront essentially to pick
431
00:39:08,060 --> 00:39:12,120
names. Because is that what's happening?
Like they hire people and they go on
432
00:39:12,120 --> 00:39:17,470
Stormfront all day and randomly pick
names? No, but seriously?
433
00:39:17,470 --> 00:39:21,420
Jasmin: I don't know, if they do it like
that, but somehow they came up with the
434
00:39:21,420 --> 00:39:23,740
source, yes.
Mic3: Okay, thanks!
435
00:39:23,740 --> 00:39:29,530
Herald: Microphone number 4.
Mic4: Hey, thanks for the talk. You've
436
00:39:29,530 --> 00:39:33,060
mentioned a few people that were on there
wrongfully, but what percentage are
437
00:39:33,060 --> 00:39:36,810
actually wrong on there of the profiles
that you viewed?
438
00:39:36,810 --> 00:39:42,680
Tom: We don't have a percentage, we think
it's a minority, there are lots of people,
439
00:39:42,680 --> 00:39:47,190
who did do bad things and get onto the
list. But of course it undermines the
440
00:39:47,190 --> 00:39:52,450
credibility of the entire database, when
there are you know many many examples that
441
00:39:52,450 --> 00:39:58,720
we were able to find without even it's not
like we read all 2 million profiles, so
442
00:39:58,720 --> 00:40:01,160
who knows. But obviously it's a very good
question.
443
00:40:01,160 --> 00:40:03,910
Jasmin: I think it's an excellent
question, but I have to admit that we
444
00:40:03,910 --> 00:40:07,890
didn't review all the 2.2 million
profiles.
445
00:40:07,890 --> 00:40:14,700
Herald: Alright, mic number 2, please.
Mic2: Thank you for your work on this
446
00:40:14,700 --> 00:40:20,580
really important subject. I myself ended
up on that list and lost my bank for two
447
00:40:20,580 --> 00:40:26,910
years because of it. With how essential
banking is in the modern world to get
448
00:40:26,910 --> 00:40:33,580
paid, to pay your bills, to do anything,
what options to people who have had their
449
00:40:33,580 --> 00:40:37,570
banks or organizations like Finsbury Park
that have had their banks closed and on
450
00:40:37,570 --> 00:40:42,230
these lists have? Especially with their
lists being so ubiquitous amongst all of
451
00:40:42,230 --> 00:40:46,880
the major banks?
Tom: Well, Finsbury Park Mosque went to
452
00:40:46,880 --> 00:40:52,300
court, and they sued Thomson Reuters
successfully and after that Thomson
453
00:40:52,300 --> 00:40:56,830
Reuters changed the listing and admitted
that they had been wrong to list them in
454
00:40:56,830 --> 00:41:00,790
the terrorism category. Obviously that's
not an option that's available to
455
00:41:00,790 --> 00:41:05,871
everybody, I think the first step is to
request your data from Thomson Reuters to
456
00:41:05,871 --> 00:41:10,990
see exactly what was being said about you
and then go from there. But it's very
457
00:41:10,990 --> 00:41:14,510
difficult.
Jasmin: But for example Mr. Holm, he
458
00:41:14,510 --> 00:41:19,820
didn't get a account at Norisbank, but he
ended up in another bank that didn't use
459
00:41:19,820 --> 00:41:23,840
World Check and that was the Berliner
Sparkasse.
460
00:41:23,840 --> 00:41:29,780
Herald: Alright, I think it's the
internet's turn again to ask a question.
461
00:41:29,780 --> 00:41:34,370
Internet-Q: Would you agree that the
purpose of such a list is to protect not
462
00:41:34,370 --> 00:41:39,650
only the banks from rotten customers, but
also the public from terrorism or the bad
463
00:41:39,650 --> 00:41:45,800
businesses that could harm us? And if yes,
isn't that sacrificing a few for the
464
00:41:45,800 --> 00:41:51,360
benefit of many?
Jasmin: I think, you shouldn't sacrifice a
465
00:41:51,360 --> 00:41:56,550
few for the many, because it would be so
easy to make it better. We saw that these
466
00:41:56,550 --> 00:42:04,740
sources were so obviously weird and wrong
and so, I think it wouldn't be necessary,
467
00:42:04,740 --> 00:42:09,190
if they were to check the list a lot
better.
468
00:42:09,190 --> 00:42:17,560
Herald: Mic number 1, please.
Mic1: Hi, great presentation. Did you find
469
00:42:17,560 --> 00:42:22,650
any evidence of banks and such
organizations on disclosing information
470
00:42:22,650 --> 00:42:27,160
about their customers towards Thomson
Reuters?
471
00:42:27,160 --> 00:42:32,640
Tom: I don't think we saw any sign of
that. It does look like they stick to the
472
00:42:32,640 --> 00:42:37,760
public sources. There were various entries
that had three-letter acronyms next to
473
00:42:37,760 --> 00:42:42,370
them like CIA and various things. But I
think in all of those cases it turned out
474
00:42:42,370 --> 00:42:47,760
that the CIA, or whoever, had said
something publicly about that person. So
475
00:42:47,760 --> 00:42:53,010
it didn't seem that there was any covert
cooperation in either direction.
476
00:42:53,010 --> 00:42:58,400
Herald: Mic number 3, please.
Mic3: Thank you for your work. Obviously,
477
00:42:58,400 --> 00:43:03,080
it's disheartening to see such sites as
Stormfront and Breitbart being, well,
478
00:43:03,080 --> 00:43:10,080
cited as sources. In your work did you
find how much of the of the data was
479
00:43:10,080 --> 00:43:15,660
supported by these so-called "reputable
sources", these extremist sites as the
480
00:43:15,660 --> 00:43:19,540
category.
Jasmin: How many?
481
00:43:19,540 --> 00:43:26,980
Tom: It depended on the site. I think
Breitbart was hundreds of entries. They
482
00:43:26,980 --> 00:43:30,850
were focused around a particular country,
which wasn't the US, it was another
483
00:43:30,850 --> 00:43:35,810
country. Which suggested to us that
potentially it had been a researcher, who
484
00:43:35,810 --> 00:43:40,460
had a particular fondness for Breitbart,
who had decided to use that as a source.
485
00:43:40,460 --> 00:43:45,820
So there seem to be a lot of variation
between different countries in the mix of
486
00:43:45,820 --> 00:43:51,130
sources that have been used.
Herald: Mic number 4, please.
487
00:43:51,130 --> 00:43:55,720
Mic4: Hi, thanks. I work on cryptocurrency
stuff, so obviously have a long-standing
488
00:43:55,720 --> 00:44:01,560
interest in financial privacy and
openness. There was a really interesting,
489
00:44:01,560 --> 00:44:06,060
although terribly written book, I would
not recommend it, but was written by
490
00:44:06,060 --> 00:44:11,970
someone, who was at US Treasury and
crafted kind of post 9/11 policy around
491
00:44:11,970 --> 00:44:16,000
sanctions. One of the things he said in
the book was immediately after 9/11 they
492
00:44:16,000 --> 00:44:20,890
were willing to put people on the
sanctions list and block you from the
493
00:44:20,890 --> 00:44:26,150
entire international financial system at
80% certainty level. So if they're about
494
00:44:26,150 --> 00:44:31,630
80% confident that you are somehow related
to terrorism, they would just kick you
495
00:44:31,630 --> 00:44:37,450
out. So I was wondering, if.. because I
know a lot of the interest in preventing
496
00:44:37,450 --> 00:44:41,360
mass surveillance is all about making it
more expensive, so as to force people to
497
00:44:41,360 --> 00:44:45,990
target it more specifically. I was
wondering, if you had any thoughts on what
498
00:44:45,990 --> 00:44:51,350
kind of direction people should be
thinking about going in terms of forcing
499
00:44:51,350 --> 00:44:57,510
more targeting of preventing people from
international financial access. Instead of
500
00:44:57,510 --> 00:45:02,220
allowing it to be so broad and you know
controlled by so few.
501
00:45:02,220 --> 00:45:12,350
Tom: Use cash.
Jasmin: These were already some good
502
00:45:12,350 --> 00:45:19,940
thoughts.
Tom: I mean, I think we should ask our
503
00:45:19,940 --> 00:45:23,610
government for accountability on this kind
of surveillance, as we would with a
504
00:45:23,610 --> 00:45:29,230
communication surveillance or any other
kind of surveillance. But we've only just
505
00:45:29,230 --> 00:45:33,720
looked at one part of this system, we've
looked at this one watchlist, but this is
506
00:45:33,720 --> 00:45:39,320
part of a whole range of stuff that's
going on. So I think we should continue to
507
00:45:39,320 --> 00:45:42,440
look at financial surveillance alongside
other forms of surveillance.
508
00:45:42,440 --> 00:45:48,880
Herald: Alright, Mic number 2, please.
Mic2: I have a question concerning the
509
00:45:48,880 --> 00:45:53,260
Financial Action Task Force, which is an
intergovernmental organization
510
00:45:53,260 --> 00:45:58,950
compromising both European Union countries
and GCC. Have you confronted them with the
511
00:45:58,950 --> 00:46:04,760
work that thousand in the banks are doing?
Jasmin: I didn't.
512
00:46:04,760 --> 00:46:09,010
Tom: We haven't been to them directly, but
one of the really useful things that we
513
00:46:09,010 --> 00:46:14,100
pick it up from the Financial Action Task
Force is that their definition of politically
514
00:46:14,100 --> 00:46:20,550
exposed person talks about senior public
officials and this database seemed to go
515
00:46:20,550 --> 00:46:26,170
way further than that. So there seems to
be an interesting discussion going on
516
00:46:26,170 --> 00:46:32,110
about where the limits of this kind of
surveillance should be drawn. You might
517
00:46:32,110 --> 00:46:36,250
take the view that heads of state, there's
not really any problem with surveilling
518
00:46:36,250 --> 00:46:41,410
their financial activity, but when you
start to cast the net wider then this kind
519
00:46:41,410 --> 00:46:43,910
of thing seems to have more worrying
implications.
520
00:46:43,910 --> 00:46:48,140
Herald: Internet, if you got a question,
fire away.
521
00:46:48,140 --> 00:46:52,790
Internet-Q: It looks like Thomson Reuters
basically says you can't disclose the
522
00:46:52,790 --> 00:46:58,680
information you find in our system,
because we have the copyright on it. So
523
00:46:58,680 --> 00:47:02,540
are there any jurisdictions that have a
law that would require banks to report
524
00:47:02,540 --> 00:47:06,830
what information was used to determine
that someone was considered a risk?
525
00:47:06,830 --> 00:47:12,080
Jasmin: No, there's no law that the banks
has to say it, but as Tom mentioned before
526
00:47:12,080 --> 00:47:18,140
the people that think that they're on a
list they can confront will check with
527
00:47:18,140 --> 00:47:21,150
this.
Tom: And I think in some jurisdictions
528
00:47:21,150 --> 00:47:28,920
there are exemptions from subject access
request rights for anti money laundering
529
00:47:28,920 --> 00:47:34,110
purposes. I'm not sure exactly how big a
part that plays but that may be part of
530
00:47:34,110 --> 00:47:38,820
the reason why banks think that they can
just deny people any answers to why these
531
00:47:38,820 --> 00:47:42,790
decisions have been made.
Herald: Mic number 1, please.
532
00:47:42,790 --> 00:47:47,510
Mic1: Thank you for the excellent talk.
You mentioned that legal regulations
533
00:47:47,510 --> 00:47:52,900
require that banks use some kind of
blacklist. Do you know what criteria these
534
00:47:52,900 --> 00:47:58,800
regulations cite? So quality control
doesn't seem to be among them. Could you
535
00:47:58,800 --> 00:48:02,520
start your own list and send it to banks?
Jasmin: You're right, quality control
536
00:48:02,520 --> 00:48:08,210
seems not to be part of it. But the
regulation is, for example, the, I don't
537
00:48:08,210 --> 00:48:10,460
know the English word, "Sorgfaltspflicht"
(due diligence obligations) for the
538
00:48:10,460 --> 00:48:17,520
customer. You have to make sure that the
customer is not a criminal or a terrorist.
539
00:48:17,520 --> 00:48:24,100
And there are many regulations asking for
it. For example, the EG money laundering
540
00:48:24,100 --> 00:48:34,490
law from starting 1991 and then it got newer in
2001, 2005. So that's mainly the part that
541
00:48:34,490 --> 00:48:38,680
we focused on because it's the part
that's important for the World Check
542
00:48:38,680 --> 00:48:42,930
database.
Herald: Alright, Mic number 3, please.
543
00:48:42,930 --> 00:48:47,840
Mic3: Thanks for the talk. You did find a
lot of people who are on the list
544
00:48:47,840 --> 00:48:54,090
wrongfully and I'm curious if you informed
them that they are on the list or if you
545
00:48:54,090 --> 00:48:58,210
informed the company that they had these
people on the list that shouldn't be
546
00:48:58,210 --> 00:49:03,990
there. Especially I'm interested what
happened to the Greenpeace activists you
547
00:49:03,990 --> 00:49:08,590
mentioned. Do you have any information if
they are still on the list or not?
548
00:49:08,590 --> 00:49:15,080
Jasmin: All the cases that we showed to
you, all the ones we talked to, we
549
00:49:15,080 --> 00:49:20,450
confronted them and we asked them, if we
can publish their case and all of them
550
00:49:20,450 --> 00:49:31,140
went to World Check and asked if they are
on the list, and asked also to delete them
551
00:49:31,140 --> 00:49:37,420
on the list and I think in almost all the
cases the people actually were deleted.
552
00:49:37,420 --> 00:49:46,090
Tom: I think in some of them at least.
And as Jasmin said, we were very careful
553
00:49:46,090 --> 00:49:51,250
only to publish people's names, if they
had given their consent for us to do that.
554
00:49:51,250 --> 00:49:57,000
The response I got from Jackie Arnott, who
was the woman in pink, who you saw in the
555
00:49:57,000 --> 00:50:00,570
presentation, was that the last time she
had any adverse attention from the
556
00:50:00,570 --> 00:50:05,500
authorities was when she went on holiday
in the 1980s to the Eastern Block and she
557
00:50:05,500 --> 00:50:12,790
got a phone call from the British Foreign
Office to say: "What are you doing? Going
558
00:50:12,790 --> 00:50:16,640
over there?" And this was what came to her
mind, when we told her about her listing
559
00:50:16,640 --> 00:50:21,130
in World Check.
Herald: Thanks. Mic number 4, please.
560
00:50:21,130 --> 00:50:25,941
Mic4: Thanks, in the LinkedIn profile you
showed there were a few other systems, I
561
00:50:25,941 --> 00:50:30,810
think Dow Jones and one other, do they
suck as badly as World Check?
562
00:50:30,810 --> 00:50:36,160
Jasmin: Well we did check them and there
was no leak yet. But if there will be,
563
00:50:36,160 --> 00:50:41,090
maybe we can tell you next year. Applause
Herald: Alright, Mic number 2.
564
00:50:41,090 --> 00:50:48,950
Mic2: Hi, thank you. Can you go one slide
back? Thank you. I was wondering, because
565
00:50:48,950 --> 00:50:54,530
you said that their sources were like
terribly wrong and weird and I was
566
00:50:54,530 --> 00:50:57,680
wondering, if we assume that they are not
wrong and weird, but they're there that
567
00:50:57,680 --> 00:51:02,300
they are working perfectly well and that
all of these questions like the answer to
568
00:51:02,300 --> 00:51:07,230
all these questions was: It's working
perfectly well. Who would be the
569
00:51:07,230 --> 00:51:15,310
people, who it's working perfectly well
for? And who especially is targeted here?
570
00:51:15,310 --> 00:51:21,200
And is there any possibility of action in
that scenario, in this possible world, in
571
00:51:21,200 --> 00:51:25,980
which this was working perfectly well as
it is?
572
00:51:25,980 --> 00:51:31,870
Tom: I think maybe there are two different
answers for the politically exposed
573
00:51:31,870 --> 00:51:37,190
persons and for the people accused of
terrorism. I think for politically exposed
574
00:51:37,190 --> 00:51:42,700
persons, to me, you can make quite a strong
case that senior public officials should be
575
00:51:42,700 --> 00:51:46,760
subject to the financial surveillance. You
know, if you are a prime minister and
576
00:51:46,760 --> 00:51:50,270
suddenly you have millions of pounds
flowing through your bank account, maybe
577
00:51:50,270 --> 00:51:56,100
that's a legitimate..
Mic2: No, sorry. I was not asking, what
578
00:51:56,100 --> 00:52:00,970
are the perfect normative conditions under
which this would function. I was asking,
579
00:52:00,970 --> 00:52:08,182
given the state of things as it is now was
the perfect way of working, who would it
580
00:52:08,182 --> 00:52:15,010
be perfect for? Who is the real
beneficiary of this wrong and weird way of
581
00:52:15,010 --> 00:52:20,730
working? That's my question.
Tom: Well, I don't think it benefits the
582
00:52:20,730 --> 00:52:26,560
public. Because I don't think this is a
real serious way of stopping terrorism and
583
00:52:26,560 --> 00:52:31,270
I'm not even sure that it's a real serious
way of stopping political corruption.
584
00:52:31,270 --> 00:52:35,890
Because actually we looked into some of
the cases that came out through the Panama
585
00:52:35,890 --> 00:52:41,100
papers and similar things, which showed
sometimes that banks had looked at a
586
00:52:41,100 --> 00:52:46,020
person's World Check listing, seen that
they were in the watch list, but said:
587
00:52:46,020 --> 00:52:51,820
This is actually a very lucrative client.
So we're going to keep banking them. So
588
00:52:51,820 --> 00:52:54,970
there are two sides to it and I think
that's a very important question.
589
00:52:54,970 --> 00:52:59,280
Herald: Internet, it's your turn again.
Internet-Q: Tom, considering the
590
00:52:59,280 --> 00:53:04,030
proprietor of your newspaper, Rupert
Murdoch, was there any kind of pressure as
591
00:53:04,030 --> 00:53:09,780
to what you published about them?
Tom: About World Check, well, that's a
592
00:53:09,780 --> 00:53:15,310
question for the internet, isn't it? No.
Herald: Microphone number 1, please.
593
00:53:15,310 --> 00:53:19,790
Mic1: Yeah, two questions. The first is
about deletion: Did I get it right that
594
00:53:19,790 --> 00:53:26,821
there's no established mechanism or
process, as well as it is known, for
595
00:53:26,821 --> 00:53:32,061
deletion of datasets in that database?
596
00:53:32,061 --> 00:53:38,270
So they claim how many thousands
sounds of records they add and they
597
00:53:38,270 --> 00:53:45,060
update. So there is some procedure for
reading but none for deletion. It's
598
00:53:45,060 --> 00:53:52,880
obviously weird. The second is about
asking them what they have in the records,
599
00:53:52,880 --> 00:53:59,460
if they have a record about me, for example,
could I just ask them? And they should
600
00:53:59,460 --> 00:54:08,680
answer me? Are there some conditions, are
there costs for it? And maybe guessing:
601
00:54:08,680 --> 00:54:16,040
How would they react if, say, 15000 people
would ask the question?
602
00:54:16,040 --> 00:54:22,480
Jasmin: About the deletion of data, you're
totally right. There seems to be no
603
00:54:22,480 --> 00:54:31,230
process in reviewing the data that all the
data that shouldn't be in there is not in
604
00:54:31,230 --> 00:54:37,170
there anymore. That's a problem, because
as we know everybody has the right to
605
00:54:37,170 --> 00:54:44,100
be forgotten in the internet. And to the
second question, you can ask them, you can
606
00:54:44,100 --> 00:54:50,190
go there and write them an email and ask
them, if you're included in the database.
607
00:54:50,190 --> 00:54:56,320
But what they say if 15000 people would
ask them, I don't know. Maybe you can ask
608
00:54:56,320 --> 00:54:58,320
them that.
Tom: And remember they're very productive,
609
00:54:58,320 --> 00:55:02,840
they could do 220 profiles in a month, I
was writing them, so truly they can handle
610
00:55:02,840 --> 00:55:07,780
15,000 requests, I think.
Herald: Mic number 3, please.
611
00:55:07,780 --> 00:55:15,270
Mic3: Have you found any evidence that the
customers were pushing sources on World
612
00:55:15,270 --> 00:55:19,440
Check, that some of the customers might
have used them just as a filtering
613
00:55:19,440 --> 00:55:26,340
mechanism and push sources that wouldn't
be normally checked?
614
00:55:26,340 --> 00:55:35,010
Tom: We don't have any evidence of that.
But you do raise an important point, that
615
00:55:35,010 --> 00:55:38,830
some of the banks said: Well, we use lots
of sources. And some of the banks said: Of
616
00:55:38,830 --> 00:55:42,950
course, we wouldn't just go on a World
Check listing. But again, it's very
617
00:55:42,950 --> 00:55:48,430
difficult to know exactly what was the
information that HSBC considered, when
618
00:55:48,430 --> 00:55:51,800
they closed the mosque's account, because
that is all subject to secrecy.
619
00:55:51,800 --> 00:55:58,520
Herald: Mic number 4, please.
Mic4: Can I please also ask you to go to
620
00:55:58,520 --> 00:56:00,670
the previous slide?
Jasmin: Of course.
621
00:56:00,670 --> 00:56:07,530
Mic4: I think the problem is we are
focusing too much on the list itself. I
622
00:56:07,530 --> 00:56:13,420
have difficulties imagining that we can
control all these lists, which are
623
00:56:13,420 --> 00:56:17,590
circulating, which are being created by
different companies. I think the problem
624
00:56:17,590 --> 00:56:22,860
arises, when they are used. So I don't
know if we can really achieve through
625
00:56:22,860 --> 00:56:28,170
legislation or through some kind of
control better sources, better information
626
00:56:28,170 --> 00:56:36,130
quality, or whatever. Maybe it should be
at the point where they are used I in
627
00:56:36,130 --> 00:56:44,330
banks, there should be really the
legislative mechanism, the kind of legal
628
00:56:44,330 --> 00:56:50,180
mechanism to solve this. I am imagining,
for instance, if the bank uses sources
629
00:56:50,180 --> 00:56:58,090
like these and denies the person to open
an account. Or the same case with all
630
00:56:58,090 --> 00:57:03,830
these lists which exist for phone
companies and lots of lists like that in
631
00:57:03,830 --> 00:57:09,620
different sectors, if that person is
denied the account opening, there could be
632
00:57:09,620 --> 00:57:14,910
a mechanism by which the person would
force the bank or the institution to
633
00:57:14,910 --> 00:57:20,770
disclose the sources and to initiate some
kind of legal procedure. This would mean..
634
00:57:20,770 --> 00:57:26,901
Herald: Would you be so kind as to develop
a question? Because a lot of other people
635
00:57:26,901 --> 00:57:30,170
still have questions and we have only a
few minutes left, thank you very much.
636
00:57:30,170 --> 00:57:33,351
applause
Mic4: The question is: Do you think it
637
00:57:33,351 --> 00:57:37,350
should be rather that we focus on the
banks or the points, where this
638
00:57:37,350 --> 00:57:41,930
information is used, rather than talk
about the companies which make these lists?
639
00:57:41,930 --> 00:57:45,490
Jasmin: I think that's a really good
question, because it's actually a question
640
00:57:45,490 --> 00:57:49,830
of who takes the responsibility for a
decision? And the funny thing is that
641
00:57:49,830 --> 00:57:54,180
World-Check puts all the weird sources in
it, but still says: "Oh general legal
642
00:57:54,180 --> 00:58:00,260
sentences, you have to check by
yourself.." and then the bank says: "No,
643
00:58:00,260 --> 00:58:04,480
in World Check, there was a list and this
name was on the list." So right now we
644
00:58:04,480 --> 00:58:10,190
have the scenario that people don't feel
responsibility and I think that's the
645
00:58:10,190 --> 00:58:13,050
problem.
Herald: Alright, we have time for exactly
646
00:58:13,050 --> 00:58:16,540
one last question and I hope you don't
mind, if I give it to the internet,
647
00:58:16,540 --> 00:58:20,440
because everybody else has the chance to
catch the speakers later. So if there's
648
00:58:20,440 --> 00:58:23,520
one, please fire away.
Internet-Q: Are there any high-profile
649
00:58:23,520 --> 00:58:28,790
politicians on the list?
Tom: Yes, I mean the politicians that you
650
00:58:28,790 --> 00:58:32,950
would expect to be on the list, heads of
state, were on the list, so I guess at
651
00:58:32,950 --> 00:58:38,270
least that part of the system is working.
Herald: Please give another huge round of
652
00:58:38,270 --> 00:58:42,906
applause to our speakers but this super
informative talk. Thank you so much.
653
00:58:42,906 --> 00:58:44,764
Tom: Thank you!
654
00:58:44,764 --> 00:58:50,925
34c3 postroll
655
00:58:50,925 --> 00:59:08,867
subtitles created by c3subtitles.de
in the year 2019. Join, and help us!