Got my ACLU renewal notice in the mail
I got my ACLU renewal notice in the mail the other day. Gonna have to mail that back in soon. It's worth the dues just to know how much their very existence pisses off the right wing-nuts. >:)
What led me to join in the first place was having spent almost a year on an implementation project for Patriot Act compliance software. That was enough.
Essentially, the SDN reporting provisions of the Patriot Act are a police state's wet dream. They force businesses, at their own expense, to seek out and report any and all financial transactions conducted by anyone matching a name on a list. From a distance, it sounds fairly prudent in that the stated purpose is to keep money out of the hands of people who'd use it to kill other people.
Here's the problem: It doesn't work very well, for a number of reasons.
- The kind of surveillence requried by the Patriot Act's SDN provisions tends to work very well against law-abiding citizens, but fails miserably when applied to people who move around often, don't establish stable employment histories and change their names a lot (i.e., terrorists.)
By enforcing the Patriot Act, the government fails at its publically stated objective but still manages to put in place an essentially free infrastructure that is very effective at monitoring its own citizens' behavior. Slip something through the Senate tacked to an appropriations bill, add a new compliance list and voila... instant tracking of all 'non-traditional' religious groups, political dissidents, gun owners, bedwetters, or whomever you want. Think it can't happen? Hope you're right.
- It's very difficult to scrub and parse name data correctly, especially if you have a mix of business and individual names without an entity-type indicator of some kind. For companies like my employer, which has a lot of old, spaghetti-coded systems, no universal customer relationship management, and a compliance need to scan millions of names on a regular basis, installing and configuring the software to do this for you automatically is something of a major bitch. (Trust me on this one.) If you use compliance software 'out of the box' the way many companies do, your results aren't very accurate or consistent.
To my employer's credit, we were extremely conscious of our customers' privacy and we (by which I mean yours truly) did a lot of fine-tuning of the software to only review and report results that were right on the money, but I can guarantee you that we were the exception. I base this observation totally on the compliance vendor's feedback, and take it totally as a compliment.
- Guidelines on how to comply are very vague, but the penalties for non-compliance are severe. This tends to encourage companies to take a very cautious approach - in some cases delaying or suspending payments to anyone whose name matches the name of someone on the OFAC list until they can clear it with the Treasury Department.
The problem is, some of the names on that list are the Latino or Arabic equivalent of 'John Smith'. News flash: If your last name is Mohammed, Gonzales, Estrada or Morales and it seems to take an awfully long time to get checks in the mail from just about everyone, guess what? It's not a coincidence.