Probably this is at CYA ("Cover Your Ass") security [1] in action. Everybody knows these terms are not very useful on these lists, but also want to make sure they don't end up having to explain why all other names were listed, but the something as obvious as this was left out.
Your government can either provide you with freedom or it can provide you with security.
I see no reason to believe government can provide either. And in fact, I'd say government is always, by definition, an assault on the former of the two.
No different from being detained and banned from boarding if you joke about a bomb at an airport.
There isn't much incentive for TSA or OFAC agents to apply common sense or attempt to detect irony. Because (1) that requires mental effort, (2) if you get it wrong and decide someone is serious when they were joking, it doesn't hurt you any other than needing to waste some time on paperwork, and (3) if you get it wrong and decide someone is joking when they were serious, then you've put people's lives in jeopardy, terminated your career, and perhaps opened yourself up for legal liability.
Where private is defined as "financial transaction through an intermediary who is bound by several laws regarding the laundering or potential illegal use of money".
I understand your point. However, this is the modern way of physically handing $10 bucks you owe to your friend. Similarly, a private e-mail, which is now scanned and indexed by the government along with everyone else's e-mail, is the modern equivalent of sending snail mail 50 years ago, in which there was 0% chance any higher power would have read and catalogued your letter.
We shouldn't have to live in the past because the government takes advantage of technological progress with massive power grabs. The potential for devastating abuse is so great. Imagine how this power would have been abused over the past century, if it existed then.
I can't imagine the incredible stupidity that led to this regulation. As if terrorists are actually going to use the acronym ISIS. They don't even use that acronym when talking about themselves. In fact, I don't think anyone outside the US uses that acronym. Even if they did, I doubt they would be that stupid to use it in an actual money transfer. They are not as stupid as the people making these regulations.
But I disagree with the author. Sounds like the moral of the story is to not send money online whenever possible and when not possible, to always use a benign description, even if it's a lie.
Well, OFAC seeks to regulate transactions with proscribed groups and individuals. Normal banking covers this in part with "know your customer" (KYC) rules and processes, but I guess Venmo decided it needs to cast a wider net. In this case, I wouldn't blame OFAC; they just got a suspicious activity report and now have to act on it.
I worked on a project with uk banks, there is an international sanction list that is people and organisations and they name match them so this name is on the list hence why it was caught, it isn't very technical.
This seems somewhat pointless - surely anyone trying to tranfer fudns to a terrorist organisation would not use its real name.
I'd also expect quite a lot of false positives if they're simply flagging all transactions containing the word "ISIS", and not just from jokes.
Isis is also the name of the river flowing through Oxford, and hence a part of the name of many legitimate entities with a connection to the surrounding area. Within the unviersity of Oxford, the technology transfer office is "ISIS innovations", and the men's reserve boat race crew is called Isis. There's an ISIS neutron source at the Rutherford Appleton Laboratory. It also appears in the name of branches of larger organisations (eg. the "Rotary Club of Oxford Isis" and "Oxford Isis Toastmasters"), plus various private businesses (including Isis security and the Isis guest house).
Can someone explain the legal justification under which the government can direct a private entity to indefinitely seize a third party's assets with no due process?
It's called Civil Forfeiture. The money was arrested and charged with a crime. Since he's not a party the crime, unless he wants to admin being a party to it, he can't defend the cash. Since it can't defend itself, there is no need for the trial as it is going to lose by default; therefore, the cash can be taken. Makes one's blood boil.
I don't think that's what's occurring here; no crime is alleged to have occurred, he admitted being party to whatever was going on, and OFAC has directed Venmo to withhold his assets, they haven't directly appropriated them.
I don't have much sympathy - that's a pretty dumb thing to write.
Of course in 99.9999% of cases this is just some dumb joke. But look at it from the FBI's (or whoever's) perspective: if this just happens to be the one time it isn't the press will be all over them saying "My God, how could you not take this seriously?" And the first priority of any bureaucracy is the protection of the bureaucracy.
I think Venmo is more at fault here than the government.
The government prohibits asset transfers between a certain public list of organizations. This list happens to include an organization called "ISIS". Implementing that prohibition is Venmo's problem.
Venmo then wrote a program to just scan all transactions against the list and auto-block all matches, as the least-effort path to compliance.
It's not Venmo's money, so they don't care. Most people whose legitimate transfers get blocked in this filter don't have a media platform to complain about it, so they aren't worried about negative publicity.
Finally, in terms of risk analysis, false positives are much cheaper than false negatives. If they allow a legally prohibited transfer through, then they're going to face a firestorm from the government. Expensive.
But if they block many legitimate transfers, they only annoy a few users and at most have to issue a few refunds. Cheap.
Actually having a human involved in the decision would cost them more, and expose them to more risk.
So, simple dumb keyword filters control our private finances now.
Venmo is probably just following what banks and other fintech companies are doing already. They don't even have to write anything themselves, there are commonly used third-party OFAC services like LexisNexis where you throw your transaction data over the wall, they come back with the verdict, you then just follow instructions and cross compliance off your list of things to worry about.
43 comments
[ 5.9 ms ] story [ 115 ms ] threadHmmm, not sure sure that's what I would take away from this.
[1] https://www.schneier.com/blog/archives/2007/02/cya_security_...
I see no reason to believe government can provide either. And in fact, I'd say government is always, by definition, an assault on the former of the two.
Found the anarchist.
It's a shame there is no transparency in this system.
I'm hoping for an entertaining populist civil disobedience campaign over this.
http://www.businessinsider.com/companies-with-the-name-isis-...
There isn't much incentive for TSA or OFAC agents to apply common sense or attempt to detect irony. Because (1) that requires mental effort, (2) if you get it wrong and decide someone is serious when they were joking, it doesn't hurt you any other than needing to waste some time on paperwork, and (3) if you get it wrong and decide someone is joking when they were serious, then you've put people's lives in jeopardy, terminated your career, and perhaps opened yourself up for legal liability.
... because they avoid responsibility for the damages of their willfully negligent actions.
Right, because every incident that they have to report and log is additional work and justification for budgetary increase.
We shouldn't have to live in the past because the government takes advantage of technological progress with massive power grabs. The potential for devastating abuse is so great. Imagine how this power would have been abused over the past century, if it existed then.
But I disagree with the author. Sounds like the moral of the story is to not send money online whenever possible and when not possible, to always use a benign description, even if it's a lie.
What kind of morons are writing these scanning bots?
smh
Ridiculous.
I'd also expect quite a lot of false positives if they're simply flagging all transactions containing the word "ISIS", and not just from jokes.
Isis is also the name of the river flowing through Oxford, and hence a part of the name of many legitimate entities with a connection to the surrounding area. Within the unviersity of Oxford, the technology transfer office is "ISIS innovations", and the men's reserve boat race crew is called Isis. There's an ISIS neutron source at the Rutherford Appleton Laboratory. It also appears in the name of branches of larger organisations (eg. the "Rotary Club of Oxford Isis" and "Oxford Isis Toastmasters"), plus various private businesses (including Isis security and the Isis guest house).
https://www.isisweb.mod.uk/webisis/navigate.do
https://www.cs.cornell.edu/Info/Projects/Isis/
https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United...
Cool thing is police now out steal thieves in the U.S. for the group most likely to take your stuff:
https://www.washingtonpost.com/news/wonk/wp/2015/11/23/cops-...
Of course in 99.9999% of cases this is just some dumb joke. But look at it from the FBI's (or whoever's) perspective: if this just happens to be the one time it isn't the press will be all over them saying "My God, how could you not take this seriously?" And the first priority of any bureaucracy is the protection of the bureaucracy.
The government prohibits asset transfers between a certain public list of organizations. This list happens to include an organization called "ISIS". Implementing that prohibition is Venmo's problem.
Venmo then wrote a program to just scan all transactions against the list and auto-block all matches, as the least-effort path to compliance.
It's not Venmo's money, so they don't care. Most people whose legitimate transfers get blocked in this filter don't have a media platform to complain about it, so they aren't worried about negative publicity.
Finally, in terms of risk analysis, false positives are much cheaper than false negatives. If they allow a legally prohibited transfer through, then they're going to face a firestorm from the government. Expensive.
But if they block many legitimate transfers, they only annoy a few users and at most have to issue a few refunds. Cheap.
Actually having a human involved in the decision would cost them more, and expose them to more risk.
So, simple dumb keyword filters control our private finances now.