Prepared Testimony of Rep. Ron Paul Before the Senate Banking, Housing and Urban Affairs Committee Subject: Financial Privacy Issues
Executive Summary - Within our constitutional constraints, we must make a distinction between government protection of and violation of financial privacy.
- There is a "market" check on privacy. In the private sector, individuals protect their financial privacy as an integral part of the market process by providing information they regard as private only to entities they trust will maintain a degree of privacy for which they approve. Individuals avoid privacy violators by "opting out" and doing business only with such privacy-respecting companies.
- Law enforcement should have access to financial information only through traditional, time-tested, court-approved means. The Bank Secrecy Act of 1970 should be repealed because it violates consumer financial privacy, imposes an unfunded mandate on the private sector, tramples states' rights and enables civil asset forfeiture and other abuses.
Chairman Gramm, Ranking Member Sarbanes, thank you for inviting me to speak on this important issue, and I applaud your leadership in calling this timely heating. Privacy is an issue that not only commands increasing attention but a discerning eye, as well. Within our constitutional constraints, we must make a distinction between government protection of and violation of privacy.In the private sector, individuals protect their financial privacy as an integral part of the market process by providing information they regard as private only to entities they trust will maintain a degree of privacy for which they approve. Individuals avoid privacy violators by "opting out" and doing business only with such privacy-respecting companies. As the ultimate monopoly power, the federal government does not afford its citizenry that same flexibility. We must not fall into the dangerous trap of making matters worse by acting hastily with good intentions.
According to Vice President A1 Gore last year, "Privacy is a basic American value - in the Information Age, and in every age. And it must be protected. We need an electronic bill of rights for this electronic age. You should have the right to choose whether your personal information is disclosed; you should have the right to know how, when, and how much of that information is being used; and you should have the fight to see it yourself, to know if it's accurate."
Unfortunately, many policy makers hold a double standard when it comes to privacy. The vice president appears to have it backwards. On one hand, the government violates basic expectations of privacy without any probable cause, but, on the other hand, it seeks to impose standards it does not uphold on private businesses--merely limiting consumer choice. While private businesses struggle to maintain the desired balance between privacy and necessary account information, the government often interferes--with disastrous results. In an effort to "protect" consumers, the government often requires the private sector to collect information that many consumers would prefer not to share and private entities would prefer not to maintain.
In an effort to recoup the costs of the government mandate, companies may then use the information in profitable, yet sometimes questionable, ways such as sharing it with affiliates or selling it. As an example of short sighted governmental actions, some would propose to put limits on "affiliate sharing" thereby making it easier for a company to recoupgovernment-imposed costs by selling personal information to third parties rather than using its discretion to further customer relationships and offer products tailored to customer tastes. The recent Know Your Customer debacle is a case in point.
These privacy areas concerned include other areas. I cannot support most of the so-called federal privacy legislation. First of all, the federal government has no constitutional authority to dictate to private parties the terms and conditions under which private records should be kept. For example, the status of private medical records should be determined by negotiations between patients and doctors, with any necessary laws and regulations being passed and enforced by
state governments. Unfortunately, as the federal government has become more and more involved in different aspects of what should properly be private sector enterprises, government privacy violations run rampant typically justified under the guise of preventing fraud against government.
Furthermore, I am concerned that many so-called "privacy protection" schemes threaten privacy by giving the federal government the authority to determine what information should, and should not, be kept confidential. There is actually a move in Congress to give third parties, such as insurance companies, a property interest in your medical records. Individual citizens can protect their privacy by refusing to deal with companies that do not provide adequate privacy protection; however, no one can refuse to deal with the ultimate monopoly--government. Thus, it is only important that privacy protections be applied by the federal government to itself and not upon private companies. Contract law is more than suitable to serve the latter end. A breach of privacy is a breach of contract for those who made information available to business entities under specified and limited terms.
A recent Postal Service Regulation demonstrates how the federal government continues to get the double standard, doubly wrong. This recent regulation tramples the privacy of the two million Americans who rent mailboxes from Commercial Mail Receiving Agencies such asMailboxes, etc.. Under this regulation, any American currently renting, or planning to rent, a commercial mailbox will have to provide the receiving agency with personal information, including two items of valid identification, one of which must contain a photograph of the applicant and one of which must contain a "serial number ..... traceable to the bearer." Of course, in most cases that number will be today's de facto national ID number -- the Social Security number.
The receiving agency must then send the information to the Post Office, which will maintain the information in a database and make the information available to those requesting details of businesses using such mailboxes. Furthermore, the Post Office authorizes the Commercial Mail Receiving Agencies to collect and maintain photocopies of the forms of identification presented by the box renter. You might be interested to know that the Post Office is prohibited from doing this by the Privacy Act of 1974 yet the Post Office mandate their competitors do what Congress has forbidden the Post Office to do directly.
Thanks to the Post Office's federal government-granted monopoly on first-class delivery service, Americans cannot receive mail without dealing with the Postal Service. Therefore, this regulation presents Americans who wish to receive mail at a Commercial Mail Receiving Agency with a choice: either provide the federal government with your name, address, photograph and social security number, or surrender the right to receive communications from one's fellow citizens in one's preferred manner.
This regulation also provides the Post office with a list of all those consumers who have opted out of the Post Office's mailbox service.
What marketing department in America would not leap at the chance to get a list of their competitor's customer names, addresses, social security numbers, and photographs? The Post Office could even mail advertisements to those who use private mail boxes explaining how their privacy would not be invaded if they used a government box!! This, of course, is exactly the type of "sharing" the federal government denounces even when properly done by private entities. Proposals to extend the activities of the Post Office into the financial services should be rejected for a variety of reasons of which consumer privacy concerns cannot be ignored.
This law represents further proof of the slow invasion of personal privacy by government agencies. The trend is for bureaucracies to chip away at our wall of privacy little by little until the whole wall is knocked down, leaving Americans exposed with no privacy left at all.
The solution is simple -- strip the government's authority to collect personal data and allow the states to enforce privacy agreements between private actors. Our government should not be in the information-selling business but rather in the business of protecting individual rights.
When Congress passed the Bank Secrecy Act in 1970--and it should be pointed out that the act undermines, not protects, consumer financial privacy, it was argued that the act would "have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings." When its Constitutionality was challenged in California Bankers Assn v. Shultz, 416 U.S. 21 (1974), Supreme Court Justice William O. Douglas found the Bank Secrecy Act unconstitutional, writing:
"It is, I submit, sheer nonsense to agree with the Secretary that all bank records of every citizen 'have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings.' That is unadulterated nonsense unless we are to assume that every citizen is a crook, an assumption I cannot make," Justice Douglas concluded. He added, "A mandatory recording of all telephone conversations would be better than the recording of checks under the Bank Secrecy Act, if Big Brother is to have his way (emphasis added)."Supreme Court Justice Thurgood Marshall in the same case warned of the gradual erosion of our Constitutional rights and added, "(The) crucial factor is that the Government has shown no need, compelling or otherwise, for the
maintenance of such records. Surely the fact that some may use negotiable instruments for illegal purposes cannot justify the Government's running roughshod over the First Amendment fights of the hundreds of lawful yet controversial organizations like the ACLU. Congress may well have been correct in concluding that law enforcement would be facilitated by the dragnet requirements of this Act. Those who wrote our Constitution, however, recognized more important values (emphasis added)."
This act has shown that it does not have a high degree of usefulness and violates consumers' expectations of privacy fights. In fact former Federal Reserve Board Governor Larry Lindsey (" Invading financial privacy," Financial Times, March 19, 1999, p. 20) and the banking industry--as well as consumer and privacy advocates-- have questioned the efficacy of the reporting requirements. Mr. Lindsey has labeled the success of this approach of unreasonable searching without a warrant or probable cause akin to finding a needle in a haystack; such a rate of success lampoons the claims that the reporting requirements have a "high degree of usefulness" and runs counter to our fourth amendment Constitutional fights.
Erza Levine of Howrey & Simon Attorneys at Law, on behalf of a group representing Western Union Financial Services, Inc., Travelers Express Company, Inc., and other money transmitters, during the April 15, 1999 heating (the Subcommittee on General Oversight and Investigations and the Subcommittee on Financial Institutions and Consumer Credit of the House Committee on Banking and Financial Services), cautioned, "The public and many members of Congress are beginning to realize that certain aspects of the BSA (Bank Secrecy Act) program, including the filing of SAR's (Suspicious Activity Reports), involve the maintenance by the government -- at the IRS Detroit Computing Center -- of extensive data banks of unsupported allegations relatingto individuals and companies in the United States; a privacy concern generally ignored until recently. An SAR is just that -- it reflects someone's suspicions, it does not reflect proof of misconduct or wrongdoing. The (Non-Bank Funds Transmitters) Group believes that a legitimate concern exists regarding the long term maintenance of records of suspicions and rumors about individuals. This data may leak or be misused."
Arguments that these regulations deter crime are not substantiated empirically nor does the argument convince bankers. One bank corporate compliance manager wrote to the regulators protesting the Know Your Customer rule, "The intended targets of the regulations (i.e., the criminals) will likely find ways to get around these requirements . . . It seems unlikely that individuals who smuggle drugs, commit murder or engage in other criminal acts will be seriously discouraged from those acts by the prospect of having to lie to a banker."
Richard W. Rahn, Senior Fellow of the Discovery Institute, argues in his book, The End of Money and the Struggle for Financial Privacy, that the rapid development and dissemination of technology is going to force policy makers to make different choices than we did in the past. Now is the time to reevaluate past decisions in a relatively lower-
tech period and reaffirm our pledge of support to respect our constituents' privacy expectations. We need to pass H.R. 518, the Bank Secrecy Sunset Act, and force a review of our policies regarding financial privacy.
In light of the public outcry against the violation of financial privacy in the Know Your Customer rule, it is no small wonder that consumers are now protesting the existing Know Your Customer policies under the Bank Secrecy Act compliance manual and calling for the review or repeal of the Bank Secrecy Act itself.
In a letter to financial regulators regarding the ill-fated Know Your Customer proposal, the Consumer Federation of America, Consumers Union and U.S. Public Interest Research Groupwrote a joint letter urging not only the immediate withdrawal of the proposal but added, "we believe that, additionally, the underlying current regulations of the Bank Secrecy Act need review as well." Passing HR 518, the Bank Secrecy Sunset Act, would accomplish that goal by forcing a three-year debate of the issue. The group letter asked, "Why is the burden on the consumer to explain his or her life to the satisfaction of the bank's inspector or the bank's computer, when he or she has done nothing wrong? No warrant would be required, no court order, no probable cause." The American Association of Retired People (AARP) wrote to the financial regulators about its concern with the "wholesale breach of the firewall protecting the individual's right to financial privacy."
The American Bankers Association (Financial Privacy in America: A Review of Consumer Financial Services Issues, June 1998 report) explained that consumers are "increasingly well-informed and aggressive in addressing perceived risks to their personal privacy" such as the current "Know Your Banker" campaign being launched by some citizens groups. It adds, "For businesses to succeed, they must satisfy consumer needs and demands as efficiently and accurately as possible. This is a 'market' check on privacy." Congress should review current laws and regulations accordingly.
Since "misrepresentations" are a deceptive act, the Federal Trade Commission believes that "identity theft" already violates the Federal Trade Commission Act's prohibition of "unfair or deceptive acts or practices in or affecting commerce" and would warrant filing an FTCA Section 13(b) action in federal court to obtain equitable relief.
Governmental violations of privacy such as the Bank Secrecy Act impose a great cost with little benefit. The Independent Bankers Association of America's letter to regulators regarding the Know Your Customer proposal read, "There has been no indication of instances when these reports have been successfully utilized in the prosecution of criminal activities . . . Therefore,given the lack of demonstration of benefits from any prior reporting that has been required under the Bank Secrecy Act, it is clear to the IBAA that the costs of the proposal would outweigh any minuscule benefits many thousand times over... The IBAA and others have encouraged law enforcement officials to share the results of these efforts with banks, but there has been little
evidence that would convince banks that their compliance with the Bank Secrecy Act is providing useful information leading to prosecution and conviction of criminals."
American Bankers Association surveyed their members ("Money Laundering Deterrence and Bank Secrecy Act Research Report," 1990) and found that after nearly two decades of reporting requirements and with 86% of responding banks already having a Know Your Customer policy in place (and with a ninefold increase in Currency Transaction Report filings in the previous four years), only 7% of responding banks were "aware of any prosecution cases that resulted from their filing of CTRs, or from their reporting of a suspicious currency transaction.
The Law Enforcement Alliance of America reports that between 1987-1996 banks filed more than 77 million Currency Transaction Reports with the U.S. Treasury. From this, 7,300 defendants were charged in 3,000 money laundering cases, but only 580 were convicted. This is less then one/1,000 of 1%! More than 99.999% of those that had their privacy invaded were law-abiding citizens going about their own personal financial business, referring to a Journal of Commerce article, 10 December 1996, which cites Department of Justice figures.
Referring to the same 1987-1996 data, Larry Lindsey, former Federal Reserve Board member now at the American Enterprise Institute, compared in the Financial Times article, "Invading financial privacy," the usefulness of these reports to the "proverbial needle in a haystack" with a ratio of 25,000 reports to one case brought and 0.2 convictions. After quoting from the fourth amendment to the constitution, he added, "It would seem clear that the current money- laundering practices are the kind of blanket search that the writers of the constitution sought to prohibit.Somehow 'probable cause' does not seem to mesh with the one-in-25,000 odds that the currency transactions reports provide."
Responding to justifications of such a gross violation of the Founding Fathers' intent, Mr. Lindsey explained, "freedom has been buffed under the kind of convoluted reading of plain English that George Orwell warned about...Logic that amounts to 'criminals use money, therefore the use of money should be suspect' sounds somewhat Orwellian." He ended by saying he had no answer when a woman asked him, "You people in Washington think we're all criminals, don't you?"
Of course, "suspicious" activity is inherently subjective and prone to abuse. Georgetown University law professor David Cole compiled a list of characteristics included in the" drug-courier profiles" used by U.S. law enforcement officers (http://www.ora.com/people/staff/sierra/flum/98.10.htm). These included: Arrived late at night. Arrived early in the morning. Arrived in afternoon ... One of first to deplane. One of last to deplane. Deplaned in the middle ... Bought coach ticket. Bought first class ticket ... Used one-way ticket. Used round-trip ticket ... Traveled alone. Traveled with a companion ... Wore expensive clothing. Dressed casually. In short, everyone anywhere at any time could fit a" suspicious profile" according to U.S. customs officials.
Even use of currency laced with cocaine should not be suspect when one considers Federal Bureau of Investigation Laboratories showing 90% of money samples in selected cities contaminated with cocaine (Discover magazine, October 1998). The Journal of Forensic Sciences, May 1998, found that close to 93% of its sample--and 100% of $20 bills--tested positive for cocaine, "In fact, most Americans handle small amounts of cocaine every day, not as packets sold by drug dealers but on dollar bills that line their pockets." Yet such specious implications of guilt of money laundering are used by law enforcement in the pursuit of civilasset forfeiture.
Consider the increasing abuse of asset forfeiture. Explains Judge John Yoder (in The End of Money and the Struggle for Financial Privacy by Richard W. Rahn), "When I set up the Asset Forfeiture Office, I thought I could use my position to help protect citizens' rights, and tried to ensure that the US Department of Justice went after big drug dealers and big time criminals, rather then minor offenders and innocent property owners. Today, overzealous government agents and prosecutors will not think twice about seizing a yacht or car if they find two marijuana cigarettes in it, regardless of where they came from. I am now ashamed of, and scared of, the monster I helped to create...Today, asset forfeiture laws are also more likely to be used to intimidate someone who is innocent, than to go after someone who is a big time criminal or drug dealer."
It is argued that one need not worry if one "isn't doing anything wrong." Hosep Krikor Bajakajian and his wife know better. While attempting to board an international flight, Mr. Bajakajian was arrested. His only "crime" was failing to report carrying more than $10,000 in legally-obtained money. Despite the fact that the maximum fine for not reporting such behavior to the proper authorities was only $5,000, the U.S. Customs officials sought to confiscate the entire $357,144 he was carrying!
While the U.S. Supreme Court ruled last summer in U.S.v. Bajakajian (No. 96-1487) that the forfeiture of the entire amount of money "would be grossly disproportional to the gravity of his offense," it illustrates one of the perils of our money laundering statutes for law-abiding citizens." When the government confiscates a person's home or business, the person is often harmed far more than if they had been given a brief jail sentence," explains Tom Gordon of Forfeiture Endangers American Rights (FEAR). "The safeguards against government overreaching should be just as strict for protecting property as they are for protecting liberty."An increasing number of Americans are becoming wrapped up in this Kafkaesque policy and point out the abuse of asset forfeiture, intimidation and disproportionate penalties. At a minimum, we should reduce the regulatory burden (especially on small, rural community banks), eliminate the felony possibility where one acts without criminal intent, and restore public confidence in our financial system. (Even though the formal Know Your Customer rule was withdrawn, the compliance manual of the Bank Secrecy Act still contains an explicit requirement for a Know Your Customer policy,
http://www.bog.frb, fed.us/boarddocs/SupManual/) The best approach is to repeal the Bank Secrecy Act which would free banks to tailor policies against fraud and embezzlement best suited to its community rather than conform to the one-size-fits-all approach from Washington beltway financial assaults on our privacy.