Menu
Belgium, Netherlands investigate alleged NSA spying on bank payments data

Belgium, Netherlands investigate alleged NSA spying on bank payments data

The NSA reportedly unlawfully accessed SWIFT payments data

The Belgian and Dutch Data Protection Authorities (DPAs) said Wednesday that they will investigate the security of SWIFT, which runs an international bank messaging system, following allegations that the U.S. National Security Agency unlawfully accessed SWIFT data.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is member-owned and exchanges millions of standardized financial messages for more than 10,000 financial institutions in 212 countries each day. SWIFT is based in La Hulpe, Belgium, a municipality close to Brussels, and has an operating center in the Netherlands, where traffic is processed and stored.

On Sept. 15, a report from German magazine Der Spiegel alleged that an NSA program has been collecting global financial data, including credit card transactions and SWIFT data. The program is called "Follow the Money" and it feeds the financial information into a system called "Tracfin," according to Der Spiegel, which based its story on documents leaked by former NSA contractor Edward Snowden.

Beginning in June, documents leaked by Snowden to several news organizations have unleashed a series of disclosures about NSA spying internationally, setting off debate about the surveillance programs.

After publication of the report, SWIFT officials testified before the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) on Sept. 24. During that testimony, officials said it had no evidence to suggest that there has ever been any unauthorized access to the system or its data.

"There is in itself no reason to doubt this internal audit," said Lysette Rutgers, a spokeswoman of the Dutch Data Protection Authority (CBP), which will be conducting the investigation together with the Belgian Data Protection Authority (CPP). "But we are a supervisory authority and we will not depend on what an organization says," she said.

The DPAs will be conducting an investigation on whether third parties could have gained unauthorized or unlawful access to European citizens' bank data, they said in a news release.

If the U.S. indeed has gained direct access to that data, it could have handled the information in a manner contrary to the privacy terms in the Terrorist Finance Tracking Program II Agreement (TFTP agreement) that SWIFT is subject to, they said. This agreement between the European Union and the U.S. enables the U.S. to request data on bank transactions through a special procedure in order to fight terrorism.

However, the European Parliament though voted in October to suspend the TFTP because of the allegations that the NSA had spied on SWIFT data without going through legal channels. The Parliament has no formal powers to suspend an international agreement. However, the European Commission, the E.U.'s executive body, must take under advisement Parliament's votes on such deals.

The TFTP agreement includes strictures on how SWIFT data may be used as well as on external oversight of this use, the DPAs said.

Rutgers declined to comment on possible sanctions SWIFT could face or on how long the inquiry would take.

It is much too early to talk about possible sanctions, said CPP spokeswoman Eva Wiertz in an email. "Moreover, the Belgian DPA cannot impose sanctions," she said, adding that if the DPA determines Belgian privacy laws are breached it can pass its findings on to the public prosecutor. The investigation will take at least a few weeks, she said.

SWIFT is cooperating with the Belgian and Dutch Data Protection Authorities, the organization said in a statement on its website. "There is no evidence at this time to suggest that there has been any form of confidentiality breach. SWIFT takes these matters extremely seriously and looks forward to confirming the positive outcome of this DPA review," it said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitySwiftprivacy

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments