More Mass Surveillance: FOIA Docs Reveal Illegal Snooping On US Residents’ Financial Transactions

If it can conceivably be considered a third party record," the government is going to seek warrantless access to it. The Third Party Doctrine - ushered into existence by the Supreme Court in 1979 - says there's no expectation of privacy in information shared with third parties. That case dealt with phone records. People may prefer the government stay out of their personal conversations, but the Smith v. Maryland ruling said that if people shared this info with phone companies (an involuntary sharing" since this information was needed to connect calls and bill phone users), the government could obtain this information without a warrant.

That ruling led to things like the NSA collecting all phone records created by users of multiple phone service providers or law enforcement agencies harvesting location data in bulk using nothing more than self-issued subpoenas.

The abuse of the Third Party Doctrine has led for calls to have this overturned, either by court rulings or legislation. Senator Ron Wyden has been on the forefront of this effort to bring an end to more than four decades of warrantless freebies for government agencies.

He's also the one who first called attention to misuse of the Third Party Doctrine to engage in mass surveillance of customers utilizing certain financial services. Last March, he asked the DHS Inspector General to open an investigation into ICE's (illegal) use of subpoenas to obtain records about every money transfer over $500 originating in or headed to California, Arizona, New Mexico, Texas, and Mexico.

The DHS has yet to oblige Wyden's request. And this mass surveillance now involves more than DHS agencies. As the ACLU reports, this practice is now part of everyday law enforcement work in Arizona. This is what the ACLU has discovered, thanks to more than 200 documents obtained via public records requests.

The state attorney general apparently saw what ICE was doing and liked it. Here's what's been happening in Arizona since Wyden first raised the alarm about warrantless access to money transfer records:

The records show the state of Arizona sending at least 140 illegal subpoenas to money transfer companies to compel them to turn over customers' private financial data, amassing it in a huge database and giving virtually unfettered access to thousands of officers from hundreds of law enforcement agencies across the country. The database, run by an organization called the Transaction Record Analysis Center (TRAC), contained 145 million records of people's financial transactions as of 2021, and we have reason to believe it's still growing.

The recipients of these illegal subpoenas are financial services utilized most frequently by the unbanked and members of marginalized communities: Western Union, MoneyGram, and others that facilitate the transfer of money to immigrants' families back in their home countries.

The state AG likely knows this is illegal. A state court decision in 2007 held that the subpoenas were overbroad, a violation of the state's constitution. But instead of trying to comply with the law, the AG's office applied pressure, finally forcing Western Union to give it what it wanted.

Unsatisfied, the Arizona attorney general sued Western Union under a state anti-money laundering law, and in 2010 the two sides reached a settlement. Western Union agreed to turn over records of all money transfers exceeding $500 to or from the Southwest border states and to or from Mexico for the next four years.

A second agreement was signed in 2014, one that allowed TRAC to retain these records indefinitely. That agreement expired in 2019 and the AG approached the DHS for assistance, triggering the program Ron Wyden called out in 2022.

Having the program ruled illegal and losing the assistance of DHS/ICE hasn't slowed anything down. The documents obtained by the ACLU detail an ever-expanding program that isn't limited to the one company the state AG managed to arm wrestle into submission.

The documents we obtained reveal the enormous scale of this surveillance program. According to the minutes of TRAC board meetings we obtained, the database of people's money transfer records grew from 75 million records from 14 money service businesses in 2017 to 145 million records from 28 different companies in 2021. By 2021, 12,000 individuals from 600 law enforcement agencies had been provided with direct log-in access to the database. By May 2022, over 700 law enforcement entities had or still have access to the TRAC database, ranging from a sheriff's office in a small Idaho county, to the Los Angeles and New York police departments, to federal law enforcement agencies and military police units.

The documents show the federal government is still pitching in, even if it can't actually take over this data haul for the state AG - something that would at least make it legal under the US Constitution. The ACLU points out the DEA has issued its own subpoenas, adding even more records to the state's TRAC database. And ICE and CBP have provided funding for TRAC, presumably with the understanding they'll be given access to the financial records the AG is illegally collecting in bulk.

And, of course, Ron Wyden is back on top of this, asking yet again for DHS oversight to take a look at this flagrant abuse by its component agencies.

In his letter to the DOJ Inspector General today, Wyden said the program included far more states and foreign nations than the government disclosed in briefings, based on information Wyden learned from briefings with three other money transfer companies - Euronet (RIA Envia), MoneyGram and Viamericas.

Wyden revealed in the letter that the data included records for transfers of $500 or more between any U.S. state and 22 foreign nations and one U.S. territory: Dominican Republic, Ukraine, Tortola (British Virgin Islands), Bolivia, the U.S. Virgin Islands, Peru, Columbia, Ecuador, Venezuela, Hong Kong, St. Martin/St. Maarten, Curacao, China, Argentina, Canada, Spain, Panama, France, Malaysia, Costa Rica, Thailand, Bahamas and Barbados.

Additionally, Viamericas said it had received subpoenas for bulk money transfer records from the FBI and U.S. Drug Enforcement Agency. MoneyGram said it had received bulk money transfer record subpoenas from the DEA.

That's Wyden rather politely saying the DHS has lied to him and other members of Congress in the past. He's also pointing out this program involves far more than a single state agency and a single foreign country. And all of it targets people the government (at all levels) feels won't fight back: people with limited financial options, many of which are at the mercy of the US government when it comes to staying in the United States. It's not just illegal (at least in the state of Arizona), it's abuse of power to place some of the most powerless residents of the United States under the government's microscope.