2019 - Digital Security: Essential Steps at GIJC (Hamburg)
Digital security - unfortunately not available with a simple push on a button. But there are many things you can do to prevent attacks by not making yourself an easy target. In this session, journalists and organizations learn how to better protect themselves and their sources – both in democratic countries and repressive regimes. The experts of the panel show the risks that journalists and organizations have to consider: whether in everyday work in the internet, in the exchange of cross-border projects, business trips abroad, in dealing with Internet censorship or direct attacks on a journalist or organization in repressive regimes. The panelist will present a wide range of possible solutions, from riskanalysis and prevention f.e. with tools to securing the infrastructure and forensic analysis of attacks.
2018 - Moving Money: Inside the Global Watchlist for Banking across Borders at DEEPSEC (Vienna)
It's a rare glimpse of an otherwise tightly guarded datastore - and it's worrying: many innocent people and organizations find themselves in the World Check database, which protects banks against potentially dangerous customers. This was the outcome of joint research by The Times of London (Great Britain), NDR / Süddeutscher (Germany), NPO Radio 1 (Netherlands), De Tijd (Belgium), La Repubblica (Italy) and The Intercept (USA). For the first time, they had comprehensive insight into World Check thanks to a leaked copy of the dataset containing more than two million profiles as of 2014.
The World Check database is a service of the global information and media group Thomson Reuters and one of only a few major offerings for identifying potentially problematic customers for banks and financial service providers: Politically Exposed Persons (PEPs), as well as individuals and organizations in the categories of crime, money laundering and terror. Under anti-money laundering and corruption laws, banks are required to scrutinise in advance those with whom they do business. If suspicion arises, they may refuse even a basic account. The banks are required to watch closely those customers with international connections, and cross-border transfers must be considered carefully.
However, the journalists revealed that many individuals and organizations were wrongly listed: Many are demonstrably innocent, such as people and organizations against whom allegations have not been proven or that are controversial and uncomfortable, but not criminal. Examples include the human rights organization Human Rights Watch, the animal welfare organization Peta, the environmental group Greenpeace, opposition politicians from Sri Lanka and Eritrea, and American whistleblower Chelsea Manning, whose entry points to financial crime. The reason for these listings was often in the sources, which are added to a profile without any rating or weighting. Among them are state propaganda, conspiracy, even right-wing extremist sites. Official government sources from around the world are used – but activity deemed criminal in one country may be perfectly legal in another.
Confronted with the research results, Thomson Reuters spoke cautiously, citing data protection reasons. The company said the information underlying World-Check comes primarily from hundreds of government and judicial databases, regulatory and law enforcement agencies, the EU and the United Nations. It said further information, such as from blogs, only flows in to confirm other findings and is clearly marked. The findings would also be brought together by teams of specialized staff. Thomson Reuters promotes its service boasting sophisticated algorithms and a team of 250 analysts who create 25,000 new profiles and update a further 40,000 existing profiles every month.
Investigative journalists Jasmin Klofta (Germany) and Tom Wills (UK) explain how, as part of an international collaboration, they exposed World-Check. They will show how they used data mining, OSINT and traditional investigative techniques to analyse this database and discover the human impact of this Kafkaesque system, which is used by almost every major bank and many other institutions including law enforcement agencies.
Check out the programme.
2018 - Blacklisted in the global financial system at DATAHARVEST #EIJC (Belgium)
In 2014, a mosque in North London received an unwelcome letter from its bank. HSBC told the mosque's trustees their account would be closed in eight weeks because they were "outside [the bank's] risk appetite". No further explanation was given. This episode was the consequence of risk scoring, an algorithm-driven process which financial institutions use to decide whether customers may be connected to illegal activity such as terrorism and money laundering. The system brings huge potential for discriminatory impact on minority groups.
The data and algorithms used to make these decisions are secret. But last summer, an accidental leak granted us an opportunity to examine one
part of the risk scoring system. We analysed a copy of World-Check, a privately-run database listing allegedly "high risk" people and organisations. This secret database is one of the inputs used by HSBC and others to make decisions about their customers.
Our investigation showed that much of this raw data was poor quality, gleaned from Wikipedia or conspiracy-theory-promoting blogs, and included false and outdated allegations linking innocent people to terrorism or crime. Some of those accused had experienced similar consequences to Finsbury Park Mosque, because the bank's algorithm decided they were too risky. World-Check’s impact extends also to the non-profit sector, as it is used by some to evaluate potential grantees. We learned that human decision making could be subordinated to the logic of the algorithm.
We will tell the story, explain how we carried out our research, and discuss the lessons for algorithmic accountability reporting. This will
include the challenges of finding human stories to explain abstract systems and the questions raised by our work for further investigation.
Check out the programme.
2017 - "globalblacklist" at 34th Chaos Communication Congress (Leipzig)
Faced with new responsibilities to prevent terrorism and money laundering, banks have built a huge surveillance infrastructure sweeping up millions of innocent people. Investigative journalists Jasmin Klofta and Tom Wills explain how, as part of an international collaboration, they exposed World-Check, the privately-run watchlist at the heart of the system.
An accidental leak granted a rare opportunity for journalists to examine a database used to make decisions affecting people and organisations all over the world. They include a mosque that had its bank account shut without explanation, activists blacklisted for a peaceful protest, and ordinary citizens whose political activities were secretly catalogued.
We will show how we used data mining, OSINT and traditional investigative techniques to analyse the World-Check database and discover the human impact of this Kafkaesque system, which is used by almost every major bank and many other institutions including law enforcement agencies. The resulting story made front page news in the UK, Germany, Belgium, Italy, the Netherlands and the USA.
We will also ask whether we really want banks to be held responsible for the crimes of their customers? Are Financial Intelligence Units a sensible precaution, or are they pre-crime agencies?
Check out: Financial surveillance: Exposing the global banking watchlist