Image credit: Report of the Auditor General of Canada, November 2004.
A recent run-of-the-mill telemarketing call from one of Canada’s largest credit companies took on a threatening tone. Who knew that owning a credit card, purchases on which produced redeemable points for free groceries, also entailed an insidious tradeoff that invaded our privacy and left a chilling aftertaste?
Informed that failure to answer certain questions would result in forfeiture of the card, I resigned myself to 10 minutes of wasted time. Following the usual gobbledygook about disclosure, I was asked if anyone in my immediate and extended family had ever “held one of the following offices or positions in or on behalf of a foreign country: a head of state or government; a member of the executive council of government or member of a legislature; a deputy minister (or equivalent); an ambassador or an ambassador's attaché or counsellor; a military general (or higher rank); a president of a state-owned company or bank; a head of a government agency; a judge; or a leader or president of a political party in a legislature.”
The question was chilling, for though I could honestly answer no, whose business was it to ask? It concerned me that immigrants might be flagged if they answered affirmatively, and perhaps asked further questions about their relationship to, for example, overseas political parties that the Canadian government deemed unsavoury.
Recovering my composure, I asked to speak with a supervisor, who informed me that “like any financial institution in Canada we are required by law to collect this information,” and that the answers would have no effect on my credit rating. If that were the case, I pressed, why were they asking these personal questions, and with whom were they sharing the answers?
The answer was eerie: the company needed to determine, on behalf of the federal government, whether I or any family member would be what’s known as a “politically exposed foreign person.” But how did they determine who, of their 1.5 million cardholders, to call? The Canadian government, the supervisor explained (in the same tone he’d adopt if he were going over car giveaway contest rules), provides the company a list of cardholders to question.
“They tell us, ‘We need you people to read these cardholders this legal disclosure, get a clear yes or no at the end of it, and tell us once you’ve had it updated.’ We make a note on the account that it has been done. We pull the information and send it to the government.”
When I asked to see the company’s policy with respect to any mandate to undertake investigative work on behalf of the government, I was told, “Anything about our internal policy for generating accounts that we will ask questions along those lines is internal policy and unfortunately nobody’s going to be able to disclose that information to you.”
The supervisor asked if there was “anything else we can do for you today,” but I hung up the phone.
FINTRAC at 15
An Internet search employing language from my questioning led me to the source of this disturbing call: the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), a measure passed in 2000 by the Chretien Liberals that created the Financial Transactions and Reports Analysis Centre (FINTRAC), a “financial intelligence” unit that sounded about as threatening as an actuarial table.
Since FINTRAC’s mission is “detection and deterrence of money laundering and terrorist financing,” it appeared that the calls my credit card company was making played into the tiresome trope that terrorism is imported with immigrants to Canada. Nevertheless, since June 2008, according to the FINTRAC website, “financial entities, securities dealers, money services businesses and life insurance companies, brokers and agents have to determine if their clients are politically exposed foreign persons.”
While the suite of “anti-terror” measures introduced in 2001 drew far more attention, with the understandably frightening prospect of preventative detention and secret investigatory hearings, FINTRAC’s mandate and practice quietly touch just about every resident of the country. As of March 2012, FINTRAC’s databases were home to some 165 million reports containing personal information on Canadian residents.
According to Canada’s privacy commissioner, “These reports might include transactions such as, but not limited to, down payments for house and vehicle purchases, wire transfers received by international students residing in Canada, or funds sent by parents in Canada to children who are studying abroad.”
FINTRAC’s enabling legislation requires some 300,000 entities—everything from casinos, accountants and banks to life insurance companies, real estate firms and dealers in precious metals and stones—to collect and hold personal client information that is transmitted to FINTRAC, often without the knowledge or consent of the individual. In 2006, amendments to the act enabled FINTRAC to share even more such personal information with law enforcement and security agencies, the Canada Revenue Agency (CRA), and the Canada Border Services Agency (CBSA). The Senate standing committee on national security heard last December that FINTRAC made 1,143 disclosures to law enforcement agencies in 2013-14, a 25% increase over the previous reporting year. Of those, 234 were allegedly connected to terrorist financing.
Reporting the transfer of large amounts of money—any cross-border movement equal to or greater than $10,000 must be reported to FINTRAC—is likely to ensnare a lot of people with perfectly legitimate reasons who will nonetheless risk the stain of suspicion. For example, a group of Canadian Muslims attending the Mecca pilgrimage may have entrusted such amounts of cash to their group leader, whose name will be duly reported from the airport before departure. When that information is shared with other government agencies, will it lead to future airport shakedowns, either at home or in an overseas point of entry?
Casting a wide net
It would appear, however, that no amount of money is too small to trigger what is known as a “suspicious transaction report (STR),” the measure by which a bank or real estate agent, in playing the role of community cop, lets FINTRAC know something may be amiss.
In her 2013 audit of FINTRAC, former federal privacy commissioner Jennifer Stoddart found numerous STRs “where there were no reasonable grounds to suspect money laundering or terrorist financing activities.” One young professional who purchased three bank drafts worth $100,000 was reported because “the amount of money simply did not match his age,” while a shopkeeper who deposited into a bank account a grand total of $570 in 100, 50, 20 and 10 dollar bills was similarly reported, though with no explanation.
Confusion over financial regulations and unclear reporting requirements has led some entities to over-report in an abundance of caution. One lawyer felt compelled to turn in his long-time client because he was unsure whether or not to report a home purchase in which the deposit was released directly to the seller instead of the seller’s lawyer.
Two federal inquiries (the O’Connor and Iacobucci Commissions) that critiqued the creation and subsequent sharing of inaccurate and inflammatory information, leading to the overseas detention and torture of four Canadian citizens, are potent reminders of how the free flow of personal information has dire consequences.
Stoddart’s 2009 privacy audit of FINTRAC found exactly those kinds of inflammatory allegations in the agency’s Terrorist Property Reports (TPRs), which allege certain properties in or outside Canada are owned or controlled by terrorists. Almost half of those reports had been filed on the basis of a “possible match” to terrorist listings. Disturbingly, “Where identity could not be confirmed, FINTRAC did not pursue further analysis; however, the information remained in FINTRAC’s database. The practice, by default, was to retain these reports regardless of whether or not there was knowledge, belief, or suspicion of terrorist affiliation.”
In other words, a Muslim cleric who runs a rural summer camp—anonymously reported but never confirmed as a terrorist property—stays in a database that is shared with CBSA, CSIS and the RCMP, with utterly predictable consequences for that individual as well as anyone who regularly attends his mosque.
The presumption of guilt and a desire to play spy games, which underlies so much of state security, appears to be affecting decision-making at FINTRAC as well. The privacy commissioner found one instance of this trend when FINTRAC encouraged a financial institution that was unsure what to submit regarding a large cash transaction to send along whatever it felt was important, even if it was excessive.
“FINTRAC acknowledged that although the data in question was information that technically should not be included and would certainly cause problems in regards to privacy, it may be of added value to have additional information on the transaction for intelligence or analytical purposes,” Stoddart wrote. She noted her concern that “a reporting entity could interpret the message conveyed by FINTRAC in the above example as applying to other types of reports and information.” Thus, the compelling rationale of “intelligence” and “analysis” becomes a one-size-fits-all justification for increased collection and sharing of personal information.
A growing database
FINTRAC continues to hold extraneous personal information, including Social Insurance Numbers, health card and related medical information, as well as an unknown number of STRs that did not meet the $10,000 threshold.
In 2013, the privacy commissioner found that FINTRAC’s practice of collecting and retaining such information presents “a significant risk to privacy by making accessible information which should never have been obtained.” This latest finding follows on a 2009 call to destroy extraneous FINTRAC holdings, to which the agency replied it did not have the technological capacity to do so. Since then, they have politely refused this request altogether. Instead, FINTRAC is developing a separate database, allegedly inaccessible to their analysts, to store the information that is supposed to be deleted.
FINTRAC’s self-image as a group of brave number-crunchers playing their part in a world at war is based on the untested assumption that money is a key driver in terrorism plots. As Tufts University international business professor Ibrahim Warde points out in The Price of Fear: The Truth Behind the Financial War on Terror, in a culture that refuses to explore the social and political roots of non-state terrorism, money becomes a default “cause,” even though relatively little is required to conduct a terrorist attack, “and such amounts can easily bypass the formal banking system.”
Given the elastic definition of terror, and the need to produce convictions, minor financial irregularities or petty crime are easily elevated to “terrorist financing” cases, a finding underscored by the 9/11 Commission. Indeed, as author Jonathan Randal points out, the “war against terrorist finances” has “nabbed few bad guys, ruined many innocents, frozen little hot money, and vastly complicated worldwide banking for the greater glory of a burgeoning American bureaucracy.”
As the collection, retention, and sharing of personal information is set to escalate even further with the Harper government’s new anti-terrorism legislation (C-51), a January 2015 survey found 90% of Canadians had privacy concerns, with 73% saying they feel they have less protection of their personal information in their daily lives. And the truth is they’re right. Transparency in the digital age is limited to non-existent.
A March 2014 report from University of Toronto researchers found Canadian Internet service providers scored an average 1.5 out of 10 on issues like warrantless provision of information to government authorities, with millions of such requests granted annually to state security agencies.
Ultimately, most Canadians are caught in a conundrum that arises out of financial arrangements we all make to survive in a cruel economy. Indeed, the fine print of my lengthy, previously unread credit card agreement informs me that my “personal information may also be stored, accessed, or used outside of Canada [where it would be] subject to the laws of that jurisdiction.”
In other words, if the information is sitting on a U.S. server or has been shared with the FBI, it then is subject to provisions of the U.S. Patriot Act, under whose mandate a personal credit card donation to an overseas relief agency in a troubled country could cause someone problems crossing the U.S. border.
Meantime, like their brethren in the more clearly identified state security world (i.e., CSIS and the RCMP), FINTRAC seems rather insouciant about its appearance of lawlessness. As the Ottawa Citizen reported in March 2014, “Canada’s anti–money laundering agency believes it can legally collect and keep personal information such as social insurance numbers, despite the objections of the federal privacy commissioner.”
While I still do not know why I was flagged by FINTRAC (was it for being outspoken on issues of national security or signing a petition condemning the TD Bank’s closing of bank accounts for customers suspected of Iranian heritage?), it is reasonable to expect that the annoying dinner-hour telemarketing phone calls are sure to get a lot more interesting.
Matthew Behrens is a freelance writer and social justice advocate who co-ordinates the Homes not Bombs non-violent direct action network. He has worked closely with the targets of Canadian and U.S. "national security" profiling for many years.