Arizona-Led Effort Spies on Americans' Financial Transactions

If you’ve sent or received money to or from somebody in Mexico, law-enforcement agencies have probably tracked your transactions.

In fact, if you’ve sent money across American borders at all, Big Brother is likely watching. In what began as an Arizona-led effort before going nationwide, a not-so-independent nonprofit organization has been indiscriminately compiling sensitive financial information and making it available to law-enforcement agencies across the country.

Last year, Sen. Ron Wyden (D–Ore.) revealed that “Homeland Security Investigations used a form of subpoena power to order two companies to turn over every money transfer over $500, to and from California, Arizona, New Mexico, Texas and Mexico. This data was shared with hundreds of federal, state and local government agencies, who can search it without any court oversight, through a non-profit created by the Arizona Attorney General.”

His office subsequently discovered the surveillance was worse than originally believed.

“The program included far more states and foreign nations than the government disclosed in briefings,” Wyden’s office announced this week. The government demanded data from many other companies, including Euronet (RIA Envia), MoneyGram and Viamericas, and “included records for transfers of $500 or more between any U.S. state and 22 foreign nations and one U.S. territory.” Agencies demanding data included not just the Department of Homeland Security (DHS) and Arizona, but also the FBI and Drug Enforcement Administration (DEA) under the Department of Justice.

The American Civil Liberties Union (ACLU) also dug for information and has published more than 200 documents revealing details of the program which fed a vast database of sensitive data.

“The database, run by an organization called the Transaction Record Analysis Center (TRAC), contained 145 million records of people’s financial transactions as of 2021, and we have reason to believe it’s still growing,” reports the ACLU.

The surveillance dates to 2006, when Arizona’s attorney general sought details from Western Union about money transfers to and from the Mexican state of Sonora. That led to a legal battle settled in 2010 when “Western Union agreed to turn over records of all money transfers exceeding $500 to or from the Southwest border states and to or from Mexico for the next four years,” notes the ACLU.

TRAC was established in 2014 as a nominally independent repository for intercepted financial records. While supposedly a separate organization, it was originally funded by Western Union and under the control of the Arizona attorney general’s office.

That agreement expired in 2019, at which time DHS took over funding TRAC and joined the arrangement to compel financial disclosures with customs summonses, a type of subpoena badly abused by this mass application. By this time many companies were being forced to surrender data on private transactions for perusal by a large number of law enforcement agencies.

Ironically, while the original 2006 effort targeting transactions between Americans and Sonora had been rejected by Arizona courts as “overbroad,” that didn’t prevent the surveillance operation from growing vastly broader. In addition to federal subpoena power, Arizona continued to gather money transfer records using the same authority originally rejected by the courts under much narrower circumstances.

Once compiled by TRAC, the extensive collection of financial records was available to a wide array of local, state, federal, and military law-enforcement agencies.

“The database of people’s money transfer records grew from 75 million records from 14 money service businesses in 2017 to 145 million records from 28 different companies in 2021,” reports the ACLU. “By 2021, 12,000 individuals from 600 law enforcement agencies had been provided with direct log-in access to the database.”

Rather than investigations of past crimes, many demands for financial records could best be described as speculative fishing expeditions. A June 2021 subpoena from the Arizona attorney general’s office demanded data “relating to each send and receive transaction of $500 and greater, sent to or from the states of Arizona, California, New Mexico, Texas and to or from the country of Mexico, on a bi-weekly schedule as each such period becomes available, beginning with July 1, 2021 and ending with June 30, 2022.”

While many of the demands originated with Arizona authorities, TRAC board minutes from 2021 report that the organization “has provided or is currently providing assistance to the Financial Crimes Task Force, the Special Operations Division of DEA, and has been assisting with complicit agent investigations in PA, FL, OH, OK, CO, and CA. TRAC is in discussion with FBI in Boston, MA and is collaborating in a sex trafficking investigation in Camden, NJ.”

The surveillance operation has tried to stay current with evolving financial technology. Among the 28 money service businesses surrendering data to TRAC as of 2021 were four Bitcoin ATM companies.

A decade after Edward Snowden revealed mass interception of communications by the National Security Agency, it’s obvious that government officials are still very comfortable with bulk surveillance. Without trying to narrow their focus to specific suspects or crimes, they hoover up the details of our financial relationships. Coupled with recent efforts to extend such surveillance to cryptocurrencies, which were explicitly developed to enable private, permissionless transactions, they clearly want everything involving money under their scrutiny and control.

Wyden has asked the DHS inspector general to look into the financial surveillance operation and “investigate the program’s origins, how the program operated, and whether the program was consistent with agency policy, statutory law, and the Constitution.” More recently, he also asked the Justice Department’s inspector general to “examine the role that DOJ-component agencies, including the FBI and DEA, have played in forcing companies to turn over customer data to TRAC and the querying and use of TRAC data by DOJ component agencies.”

That’s a nice start, but it’s not enough. Whether or not federal officials conclude that other federal officials were wrong to violate Americans’ financial privacy, government agencies should not be permitted to engage in bulk surveillance, period. TRAC and related operations should be shut down, as well as any other operation that engages in similar abuses.