Congress has renewed its efforts to combat international money laundering in recent months. In the House of Representatives, Representative Jim Leach (R-IA) has introduced H.R. 3886, the International Counter-Money Laundering Act(Bill Summary & Status), which has moved swiftly through the Banking Committee and is now positioned to move to the House floor. In the Senate, John Kerry (D-MA) has introduced an identical bill, S. 2972.

They would also force U.S. financial institutions to profile consumers for unusual activity, identify situations in which money laundering may be taking place, and reveal "suspicious" activity to federal law enforcement agencies. These provisions are similar to the "Know Your Customer" rule proposed in 1998, which would have forced domestic financial institutions to reveal individual account information to law enforcement agencies. The rule was hotly contested and ultimately was withdrawn in the spring of 1999. These provisions of H.R. 3886/S. 2972 are simply an international "Know Your Customer" rule.

The legislation would waive liability in money-laundering cases for any financial institution that agreed to disclose information and to work with federal law enforcement and regulatory authorities. In other words, American financial institutions would have to violate their customers' financial privacy or assume liability for their patrons' potentially illegal business. In effect, these bills would force banks to spy on their customers. Furthermore, banks would employ computer software to make customer "profiles," and then could share this information with affiliates or sell it to third parties in order to recover the cost of data collection.

Just as predicted when the original "Know Your Customer" bill was dropped. It is coming back in smaller pieces and trying to sneak in. Here is some backgroud information on the original "Know Your Customer" bill. All entries are also archived as part of the Privacy Digest site.

• 1998/12/08 Tuesday, December 8, 1998
  FDIC.gov - Know Your Customer. Financial institutions would be expected to make sure their existing practices can distinguish between formal, ongoing customer relationships and transient transactions that may be connected to illegal activities.

  I haven't read all the small print yet, but it sounds like the FDIC wants your bank to tell the government if you do anything non-standard(to be defined by your bank) in your bank account. An example could be the depositing of cash from the sale of your car. This deposit could be questioned thereby requiring you to explain(with documentation) its source. Even more paperwork to keep track of

  • Proposed Regulation (12 CFR 326) Full text of the Federal Register notice inviting comments on the proposed regulation requiring banks to develop Know Your Customer programs.
  • Full text of the Financial Institution Letter from the FDIC to insured banks and savings institutions describing proposed requirements for Know Your Customer programs.
  • FDIC press release on the proposed regulation that would require banks to have a Know Your Customer program.
  • Comments@fdic.gov --Electronic mailbox for sending comments on the FDIC's Know Your Customer proposed regulation. This comment period ends March 8, 1999
• 1999/03/01 Monday, March 1, 1999
  Washington Post - Banking With Big Brother. On Dec. 7, 1998, the Federal Deposit Insurance Corp.(FDIC) posted for comment a notice of a proposed federal banking regulation. It was a kindly, unassuming Little-Engine-That-Could sort of regulation. You could tell so by its very name: It was the "Know Your Customer" rule.

  A simple regulation, one that any child could understand. In the words of the official notice, the Know Your Customer rule "would require each . . . bank to develop a program designed to determine the identity of its customers; determine its customers' sources of funds; determine the normal and expected transactions of its customers; monitor account activity for transactions that are inconsistent with those normal and expected transactions; and report any transactions of its customers that are determined to be suspicious."

  What this meant is that, by April 1, 2000, every FDIC bank in the country would be required to establish a program to systematically spy upon all of its customers, record the results of this spying and rat out to the Feds any suspicious customer.

  Know Your Customer Proposal - CBA Background.

  The California Bankers Association is a nonprofit professional association incorporated in California, and represents virtually all of the commercial banks in the state.  CBA issued its formal comment letter dated February 25, 1999.  Click below to review.  Please feel free to use or adapt in your own letters.

  Pressure to withdraw proposal coming from all sides.  The regulators are continuing to receive negative comment letters by the thousands.  The chair of the Senate Banking Committee, the Comptroller of the Currency and Rep. Ron Paul of Texas (author of a bill to defeat Know Your Customer) are among the top Washington figures voicing their concerns about Know Your Customer.  Nevertheless, CBA asks that its members do not abandon their efforts to send comments and talk with the legislators.

  Even if the proposal is withdrawn, the agencies are extremely likely to issue further KYC "guidance" in the form of Q&As, interpretations, examination guidelines and the like, none of which need to be subject to public comment.  Indications are that some guidance has already been drafted.  The existing SAR regulations require that banks must be able to identify any transaction that has "no apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage..."  Based on this broad language, banks are now and may be made subject to further requirements to understand customers and transactions at an untenable level

  Know Your Customer - CBA repsonse.

  The California Bankers Association is a nonprofit professional association incorporated in California, and represents virtually all of the commercial banks in the state.  CBA first delivered comments on the Know Your Customer ("KYC") proposal on December 2, 1998, before it was formally issued, to express our vigorous opposition based on policy grounds.  After meetings with representatives from the various regulating agencies culminating in the January 22, 1999 meeting in Washington D.C., and upon conferring with our member banks, CBA now believes the proposal cannot be satisfactorily reformed and, accordingly, asks that it be withdrawn.

• 1999/03/07 Sunday, March 7, 1999
  Political News from Wired News - Anti-Privacy Bank Rules Crushed.

  By an 88 to 0 vote, the Senate approved a change to an education bill being debated. The amendment blocks banking regulators from proceeding with the so-called Know Your Customer plan.

  "If you ever wondered whatever happened to the people in the former Soviet Union who used to run things there and now are permanently out of work, the answer is they're all in the Clinton administration, and they're running the banking authorities of this country," said Phil Gramm, a Texas Republican who chairs the Banking Committee, in a speech on the Senate floor.

  FDIC - Know Your Customer.

• 1999/03/25 Thursday, March 25, 1999
  New York Times - free registration required Flood of E-Mail Credited With Halting U.S. Bank Plan.

  Though e-mail has historically been viewed as ineffective in influencing government, Federal bank regulators withdrew a proposal on Tuesday to monitor individuals' bank transactions because of hundreds of thousands of e-mail messages that protested the proposal, federal officials said.

  From early December to mid-March, the Federal Deposit Insurance Corporation (FDIC) received 257,000 comments -- an unprecedented number for the agency -- on the proposed "Know Your Customer" policy, which would require banks to monitor customers' bankin patterns and report inconsistencies to Federal regulators in the name of detecting potential money-launders. More than 80 percent of those comments, about 205,000, arrived by e-mail. About 50 comments favored the proposal.

  Approximately 40,000 to 1 against the program. Sounds like the public has spoken unequivocally.

  Defend Your Privacy! (sponsored by Libertarian Party) is one of the organizing sites for the campaign to stop KYC ("Know Your Customer")

  Due to the overwhelming opposition expressed against Know Your Customer, it now appears that the FDIC and other bank regulators will withdraw it. However, the battle isn't over yet.
  
  Consider the comments of FDIC spokesman David Barr: "We could write a policy statement that still gets a program in place, but takes into account comments. [We could] just give bankers some guidance out there as to what a Know Your Customer program should entail. When our examiners come in to an institution, they'll look for a Know Your Customer program."
  
  Apparently the FDIC doesn't care what the American people think. They seem determined to enact it one way or another. To stop Know Your Customer once and for all will probably require legislation.
  
  Congressman Ron Paul (R-TX) has already introduced "The Know Your Customer Sunset Act" (HR 516), which would prohibit the FDIC, the Federal Reserve, or any other agency from implementing any form of KYC regulation.

  Unfortunately this opinion that the FDIC will try and get the effect of the regulation even if the actual regulation is stopped is also held by some industry organizations.

  Know Your Customer Proposal - CBA Background. The California Bankers Association is a nonprofit professional association incorporated in California, and represents virtually all of the commercial banks in the state.  CBA issued its formal comment letter dated February 25, 1999.  Click here to review. Please feel free to use or adapt in your own letters.

  Pressure to withdraw proposal coming from all sides.  The regulators are continuing to receive negative comment letters by the thousands.  The chair of the Senate Banking Committee, the Comptroller of the Currency and Rep. Ron Paul of Texas (author of a bill to defeat Know Your Customer) are among the top Washington figures voicing their concerns about Know Your Customer.  Nevertheless, CBA asks that its members do not abandon their efforts to send comments and talk with the legislators.

  Even if the proposal is withdrawn, the agencies are extremely likely to issue further KYC "guidance" in the form of Q&As, interpretations, examination guidelines and the like, none of which need to be subject to public comment.  Indications are that some guidance has already been drafted.  The existing SAR regulations require that banks must be able to identify any transaction that has "no apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage..."  Based on this broad language, banks are now and may be made subject to further requirements to understand customers and transactions at an untenable level

• 2000/04/06 Thursday, April 6, 2000
  Privacy International - The 2000 US Big Brother Awards.

  On April 5, 2000, Privacy International presented the 2nd annual "Big Brother" awards to the government and private sector organizations which have done the most to invade personal privacy in the United States. The ceremony took place at the Computers, Freedom, and Privacy 2000 Conference.

  The "Orwell" statutes was be presented to the government agencies, companies and initiatives which have done most to invade personal privacy. A "Lifetime Achievement" awards was also be presented. The 1999 Big Brother Awards< were held in Washington, DC in April 1999. Winners included the FBI, Microsoft, Rep. Bill McCullum, the Know Your Customer proposal (ed. emphasis added) and Elenysis. Last year's event was so sucessful that we had to flee the country to do it again

Slashdot | AmEx To Offer "Disposable" Credit Card Numbers.

Salon.com Technology | Put that chip where the sun don't shine. Soon you can have a tracking chip implanted in your body. Is this a great technological breakthrough -- or Big Brother's last laugh?

Alas, this is not as far-fetched or as futuristic as it sounds. The whoa-dude notion of surveillance chips being installed in human beings is poised to cross over from the realm of science fiction into everyday reality, and soon. One technology with the deliciously sci-fi name of the "Digital Angel," a prototype of which will be unveiled next month, could be implanted under the skin and used to monitor not only the chip-wearer's location, but vital signs like heart rate and body temperature. Other devices, worn externally like bracelets or pagers, are already in use and invite us to embrace electronic monitoring in specific environments -- like a theme park, college campus or construction site -- for our fun, health or safety.

For more info on Digital Angel, see our archive for Monday, August 14, 2000.

Business News from Wired News - Carnivore to Continue Munching.

The FBI said its Carnivore system will continue to munch on intercepted communications while an outside review is taking place.

Some House legislators suggested Wednesday that the government should suspend use of the Internet surveillance tool, but the Department of Justice refused.

Government Executive Daily Briefing - Agencies told to beef up privacy protection.

The federal government has long been the most pervasive collector of Americans' sensitive personal information. The 1974 Privacy Act, passed in the wake of the Nixon White House's release of individual Internal Revenue Service and FBI records, restricts the dissemination of personal information by federal agencies and requires that when the information is collected, the individual be told of the ways in which it could be used.

The Privacy Act put in place checks on the transfer of information from one agency to another. But the law also set up 12 exceptions, including one that permits law enforcement agencies to obtain records without a subpoena and another that allows federal agencies to share any information for what they designate as "routine uses" after publishing in the Federal Register a statement of their intent to release the information.

Critics say that the law, which was designed in an era of mainframe computers but which now operates in an era of networked personal computers, is out of date by at least three generations of computer technology. That criticism, along with the increased interest in Internet privacy issues, prompted the Clinton Administration to require a privacy policy covering all federal agency Web sites. The Office of Management and Budget is responsible for enforcing the policy.

Newsbytes - Survey - Privacy Not High Priority For E-Businesses.

E-businesses place privacy low on their list of priorities and appear most worried about hackers and other security issues, a survey has found.

The survey, part of the Cutter Consortium's E-Business Trends, Strategies and Technologies report released today, pegged security, cost and reliability as the three most important issues among e-businesses, followed by user connection speed, lack of standards and finally, privacy.

"From that, it's pretty obvious that businesses are concerned about being hacked or being exposed to the public, but aren't so sensitive about protecting customer data," Cutter consultant Chris Pickering told Newsbytes today.

Federal Trade Commission (FTC) - Warranty Protection for High-Tech Products and Services.

ACTION: Initial Notice Requesting Academic Papers and Public Comment and Announcing Public Forum.

SUMMARY: The Federal Trade Commission plans to hold a public forum to examine warranty protection for software and other computer information products and services that are marketed to consumers, and seeks academic papers and public comment to inform this examination.

DATES: Papers and written comments are requested to be submitted on or before September 11, 2000. The forum will be held during the fall of 2000.

ADDRESSES: Six hard copies of each paper and written comment should be submitted to: Secretary, Federal Trade Commission, Room H-159, 600 Pennsylvania Ave., N.W., Washington, D.C., 20580. Alternatively, the Commission will accept papers and comments submitted to the following email address: "software-comments\@ftc.gov." The content of any papers or comments submitted by email should be organized in sequentially numbered paragraphs. All submissions should be captioned "High-Tech Warranty Project -- Comment, P994413."

Slashdot | Comments To FTC On UCITA Due Soon. Comments to the FTC regarding the Warranty Protection for High-Tech Products and Services forum are due by September 11.

internet.com's Electronic Commerce Guide - Privacy Policies Revisited. An opinion piece from one of the industry folks who thinks that just because you use understandable language to tell the customer "We are going to sell your data to whomever we wish", its OK. While it is nice to use language that a non lawyer can understand. It would be better if they actually said something that the customer wanted to hear.

Newsbytes - Privacy Bill Could Move Despite Short Schedule - Schumer .

Legislation to prevent employers from surreptitiously monitoring their workers' Internet activities should pass Congress this year despite an election-year-shortened legislative schedule, Sen. Charles Schumer, D-N.Y., told Newsbytes today.

"This legislation has such broad support, I think it has a (good chance of passing) because of the consensus and because we've drafted it carefully," Schumer said after testifying this afternoon before a House subcommittee hearing on privacy legislation.

Schumer, who proposed the Senate version of the privacy bill in July, testified today before the House Constitution Subcommittee in favor of an identical House bill, sponsored by Rep. Bob Barr, R-Ga.

ZDNet: News: Feds improve online privacy policies. But they still have a long way to go.

MS-NBC - Federal sites score poorly on privacy. Nearly half of federal agencies fail to comply with federal guidelines on informing people about how information collected on government Web sites is being used, a new government report says. In addition, 23 of 70 agencies surveyed disclosed personal information to third parties, including industry organizations, product manufacturers and retailers.

CNET.com - News - E-Business - An explosion in exposure. Microsoft, Amazon.com and IKEA stumble, baring people's files, email addresses and other personal information.

Publish: Today's News - AICPA Launches WebTrust Privacy Program .

The American Institute of Certified Public Accountants (AICPA) and the world's leading accounting firms recently announced the WebTrust Program for Online Privacy, a comprehensive e-business privacy tool that protects consumers and e-commerce users.

This tool enables online businesses to comply with and verify adherence to all key international privacy laws, regulations and standards. The WebTrust Program provides businesses with a built-in tool to respond to and help resolve customer concerns about privacy matters.

"Online privacy protection can't be solved merely by technology, software or promises," said Anthony Pugliese, Director of Assurance Services for the AICPA. "WebTrust's Program for Online Privacy blends the best technology tools with a comprehensive online privacy audit to provide a complete privacy solution."

Sounds interesting. Now the trick is what are their standards and how good is the verification and followup? Remember TRUSTe sounded good but they had terrible enforcement. I haven't heard of a single member of TRUSTe being punished for their violations.

Silicon.com - Privacy groups slam 'revised' spam rules.

The UK government's plan to ease regulations on unsolicited 'spam' email has today been met with angry reactions from privacy groups.

An announcement from the DTI stating that it will rely on ISPs to regulate themselves, with the help of the Direct Marketing Association (DMA), provoked an outcry amongst privacy groups who claim that as spam becomes a greater problem, the government will be forced to re-think its decision.

St. Petersburg Times - Nelson says he'll preserve privacy. The Democrat wants to limit how banks and insurance companies use personal data.

On Wednesday, Nelson promised to put consumer privacy at the forefront of the Senate race, advocating a series of restrictions on how banks and insurance companies use their clients' personal data.

"We've reached the point in the information age where we must come to grips with privacy rights before it is too late," the Insurance Commissioner said at a Tallahassee news conference the morning after winning the Democratic nomination to succeed U.S. Sen. Connie Mack.

New York Times - free registration required Privacy Testimony to Begin.

Several recent polls list online privacy at or near the top of consumer concerns, and politicians are sensitive to that with the November elections fast approaching. While legislators today expressed a common concern that consumers face the possibility of significant privacy violations, little immediate action is likely given that there is less than a month left before this Congress adjourns.

Dozens of privacy bills have been introduced this session, but uncertainty over the proper approach, combined with the topic's complexity, has meant that little legislation has passed. Still, many experts expect the next Congress, which will be sworn in next January, to move aggressively on privacy, and the bills that have been debated in this Congress will provide a framework.

The statutory and constitutional framework governing electronic surveillance has been outpaced by technological change, online privacy advocate James Dempsey, senior staff counsel for the Center for Democracy and Technology, told senators. In fact, the last sweeping privacy legislation passed was in 1986, some witnesses noted, before widespread use of the Internet.

Slashdot | Norwegian Ecocrime to Monitor Net-usage. The article itself DN ajour. The article is in Norwegian, but a one line summary from Slashdot says: Ecocrime feels that the increase in internet related crime makes it necessary to demand all internet users to identify themselves online

CNET.com - News - E-Business - AmEx to offer "disposable" credit card numbers. Under the initiative, American Express cardholders will be able to obtain a one-time-use credit card number for online purchases, sources familiar with the technology tell CNET News.com.

U.S. Copyright Office, Index of IReply Comments
Joint Study on 17 U.S.C. Sections 109 and 117
Required Pursuant to DMCA Section 104
Filed in Response to 65 FR 35673

Slashdot | DMCA Study Reply Comments Posted.