ofac – Techdirt (original) (raw)
Apparently Suing Non-Profits That Highlight Terrible Shit On ExTwitter Isn’t Scaring Off More Non-Profits From Reporting On Terrible Shit On ExTwitter
from the gosh-having-a-trust-and-safety-team-sure-would-have-been-handy dept
Last summer Elon Musk sued the Center for Countering Digital Hate (CCDH) over its report about a rise in hate speech on ExTwitter. A few months ago, he sued Media Matters for their report about how ads can appear next to neoNazi content on the site. If he thought those two SLAPP suits would intimidate other groups pointing out the sketchiness of ExTwitter these days, it appears he was mistaken.
As I’ve highlighted in the past I’m not a huge fan of CCDH (or, really, Media Matters), as I think they both tend to exaggerate and remove context. CCDH’s research can be downright shoddy. But that doesn’t mean they should be sued for their speech. Of course, the intent was to scare off researchers from looking too closely at ExTwitter.
It doesn’t appear to be working, as the Tech Transparency Project (TTP — another non-profit I find to be pretty awful, and which falsely calls us a Google shill because Google sponsored a few of our events years ago, even as we regularly call out Google for being awful) has now released a report that highlights that ExTwitter may have violated US anti-terrorism laws in doing business with US-sanctioned entities, in that it found multiple paid for “verified” accounts on ExTwitter associated with terrorist-designated or sanctioned entities.
The accounts identified by TTP include two that apparently belong to the top leaders of Lebanon-based Hezbollah and others belonging to Iranian and Russian state-run media. The fact that X requires users to pay a monthly or annual fee for premium service suggests that X is engaging in financial transactions with these accounts, a potential violation of U.S. sanctions.
A blue checkmark account that bears the name and profile image of Hassan Nasrallah, the secretary-general of Hezbollah, also indicates it is “ID verified,” a service that X offers to premium subscribers as a way to prevent impersonation. X requires users to submit a government-issued ID and a selfie to get verified in this way, though it is unclear if Nasrallah did so. X says these accounts get “prioritized support.”
Two other accounts for U.S.-sanctioned entities, Iran’s Press TV and Russia’s Tinkoff Bank, had gold checkmarks. A gold checkmark indicates the account is a “Verified Organization,” and at the time of TTP’s research, cost $1,000 per month. (X has since introduced a Basic tier that costs 200permonth.)GoldcheckmarkaccountsgetallthebenefitsofX’sPremium+tierplusa200 per month.) Gold checkmark accounts get all the benefits of X’s Premium+ tier plus a 200permonth.)GoldcheckmarkaccountsgetallthebenefitsofX’sPremium+tierplusa1,000 ad credit per month.
Yikes? Yikes!
There isn’t much of a way to twist this one. Even as I have my issues with TTP, this one seems pretty straightforward. It sure looks like ExTwitter conducted financial transactions with sanctioned entities. And, also, kudos to TTP for not being chilled by Musk’s bogus lawsuits against those other orgs.
This is the kind of thing that a functioning trust & safety team prevents. Maybe Elon shouldn’t have fired all of them.
Anyway, ExTwitter tried to defend this by… removing the checkmarks from the individuals (though not the $1000/month media orgs) and trying to insist there was nothing to see here:
If you can’t see that, it says:
X has a robust and secure approach in place for our monetization features, adhering to legal obligations, along with independent screening by our payments providers. Several of the accounts listed in the Tech Transparency Report are not directly named on sanction lists, while some others may have visible account check marks without receiving any services that would be subject to sanctions. Our teams have reviewed the report and will take action if necessary. We’re always committed to ensuring that we maintain a safe, secure and compliant platform.
Yeah, but if they weren’t named on sanction lists, why did you now suddenly take away their checks after they were called out? TTP also pointed out in response that it’s not at all clear what the claim that “some others may have visible account check marks without receiving any services that would be subject to sanctions” even means, given that since nearly a year ago, to get a checkmark, ExTwitter now requires you to purchase a subscription, which would be a transaction that is likely barred by the sanctions. TTP also points out that some of the orgs are clearly listed as sanctioned by OFAC.
I mean, all of this could have been avoided, as tons of experts had suggested early on, if Elon didn’t mix up verification (which means a specific thing) with premium subscriptions, which are very different. But, of course, Elon didn’t bother listening to any experts. Instead he fired them.
There’s a separate issue in all of this as well. As you may recall, just a year ago, the Supreme Court heard a case that dated back to pre-Elon Twitter, about claims that Twitter should be held liable under anti-terrorism laws for providing accounts to those associated with terrorists, and filed by the family of a victim of terrorist attacks. As the Supreme Court correctly found last May, this was clearly way too attenuated a connection. The ruling, written by Clarence Thomas is pretty clear why simply having an account isn’t enough to trigger liability.
But… also, it leaves open the possibility that doing more could very much trigger liability under anti-terrorism laws.
Because plaintiffs’ complaint rests so heavily on defendants’ failure to act, their claims might have more purchase if they could identify some independent duty in tort that would have required defendants to remove ISIS’ content. See Woodward, 522 F. 2d, at 97, 100. But plaintiffs identify no duty that would require defendants or other communication-providing services to terminate customers after discovering that the customers were using the service for illicit ends. See Doe, 347 F. 3d, at 659; People v. Brophy, 49 Cal. App. 2d 15, 33–34 (1942).14 To be sure, there may be situations where some such duty exists, and we need not resolve the issue today.
It seems pretty easy to read that paragraph to read the laws against engaging in economic transactions with sanctioned entities as triggering just that sort of duty…
You see, sometimes, trust & safety isn’t just about stopping idiots from harassing people on your site. Sometimes it’s there to help you avoid violating laws about aiding terrorists.
Filed Under: iran, ofac, russia, sanctions, terrorists, verified accounts
Companies: tech transparency project, twitter, x
Error 403: Syrians Blocked From Online Learning Platforms
from the don't-punish-victims-of-regimes dept
Individuals in dictatorships need more freedom not less. Syrians have for years been unable to work remotely or pay for remote services, even educational ones. Do we want to do the same now to Afghans, who are already in fear of the Taliban? Examining in detail the experiences of Syrians, can maybe lead us to a better solution.
Major online distance learning platforms based in the US, such as Coursera, that have emerged as crucial tools during the pandemic, are partially or fully blocked in Syria because of U.S. sanctions. While intended to weaken the Syrian government, the sanctions have also restricted access to an online learning universe that could offer critical opportunities to ordinary Syrians trapped in difficult circumstances.
With a global audience of 87 million learners, Coursera offers free lecture courses from universities around the world, including many top-tier American schools such as University of Pennsylvania, Princeton, Yale, Brown, Columbia, Stanford, Johns Hopkins and Northwestern.
But in the war-torn country, people are unable to take advantage of the online high quality courses.
Coursera is not alone: Its competitor, Udacity, is also banned in Syria. Of the major online learning platforms, the only one operating in Syria is edX, the nonprofit platform founded by MIT. However edX only offers a few courses. This is particularly problematic for a country that has often relied on these courses to innovate and create new job opportunities.
But why is Syria sanctioned?
Syria has been the target of economic sanctions imposed by the US Office of Foreign Assets Control (“OFAC”) since 1979, when the Carter administration added Syria to the State Sponsors of Terrorism list. The program includes trade embargoes, import and export restrictions, investment bans, asset freezes, and travel bans.
President Bush further expanded the U.S. Syria sanctions program in 2004 as part of the ongoing ‘War on Terror’ under the Syria Accountability and Lebanese Sovereignty Restoration Act of 2003 (SAA).
In 2011, President Obama imposed new sanctions against Syria in response to the Assad regime’s targeting of civilians in pro-democracy uprisings. The 2011 sanctions targeted the Syrian oil sector, freezing the assets of Syrian individuals and entities, prohibiting petroleum imports and investments, and prohibiting the sale of services to Syria.
What does this mean for Syrians?
The restrictions seem more symbolic than effective. IP address bans are notoriously easy to work around — to access the blocked websites, Syrians often resort to VPNs that mask their location. The problem is that VPNs are often unreliable and may interfere with the interactive experience offered by the platforms.
Even if Syrians manage to access free online learning classes via a VPN, they are unable to obtain certificates of completion, since those require a fee as and no online payment methods are available from within the country due to these same sanctions.
The same scenario applies to language tests. Syrians are unable to take TOEFL and IELTS, the two main English language proficiency tests accepted across the world, as payments made from within Syria are not accepted.
The easiest option is to take these tests in neighboring countries, such as Lebanon, but the costs of travelling are too high for the large majority of Syrians (80% live in poverty, according to UN data released in March 2021).
An alternative to IELTS and TOEFL is the Duolingo English Test, which became available in late 2020 after Duolingo managed to receive a special exemption from OFAC. While the exam can be taken online while in Syria, the fee must be paid from outside Syria. As such, people have to ask friends and relatives living in other countries to make the payment for them, a significant obstacle due to the difficulty of conducting wire transfers in the country.
Computer science students and software engineers are also unable to access some essential services offered by Microsoft’s GitHub, the world’s most-used tool for software development.
On top of all that, at a moment when much of the rest of the world is relying on digital tools to survive a pandemic, Syrians are also unable to access other online services, such as Amazon Books and Zoom, that have been crucial for online learning elsewhere.
We Need Better Legal Frameworks
People under military rule are essentially “Stateless” and should be provided opportunities to integrate into the global economy rather than kept out. The rationale for comprehensive sanctions seems to be that any money flowing into a country with a military dictator will end up in the dictator’s hands. However, this is not always the case – and allowing people a way to make a living and to educate themselves, independent of the ruling class, is likely to be in everyone’s interests in the long run.
Raise the Voices is an International human rights project that supports victims and their families.
Filed Under: ofac, online education, oppression, sanctions, syria
Companies: coursera
Did The Supreme Court Just Take A Sledge Hammer To Copyright's Statutory Damages?
from the possibly... dept
Last week, in a somewhat controversial decision in the TransUnion v. Ramirez case, the Supreme Court ruled, 5 to 4, that plaintiff’s in a class action lawsuit did not have standing to sue under the Fair Credit Reporting Act (FRCA). The issue may seem wholly unrelated from copyright, but in reading through the decision, it’s possible it could lead to a vastly different world for copyright going forward, because the same issues that the Court finds fault with in the FRCA also apply to copyright law — and, indeed, it’s the part of copyright law that is most widely abused in lawsuits.
I should be clear that I think the holding in the TransUnion case is problematic and seems… well… weird. But if what the majority decided is true, then I don’t see how copyright’s statutory damages can remain constitutional. Let’s dig into the case to explore why. The majority opinion, written by Justice Kavanaugh gives the basic overview right upfront:
To have Article III standing to sue in federal court, plaintiffs must demonstrate, among other things, that they suffered a concrete harm. No concrete harm, no standing. Central to assessing concreteness is whether the asserted harm has a ?close relationship? to a harm traditionally recognized as providing a basis for a lawsuit in American courts?such as physical harm, monetary harm, or various intangible harms including (as relevant here) reputational harm.
The issue in this case involved TransUnion’s credit reports damaged people by flagging their reports to say that they might be listed on an Office of Federal Assets Control (OFAC) watchlist. Basically, if TransUnion thought that someone’s name matched someone on the OFAC list, it would put that in their credit report. For a lot of people who aren’t actually on the OFAC list, that can really suck. That resulted in this lawsuit. The court found that for those on that list who could show actual damage, they had standing. But, for others who were flagged by TransUnion, but could not show any actual harm, they did not have standing to sue.
In this case, a class of 8,185 individuals sued TransUnion, a credit reporting agency, in federal court under the Fair Credit Reporting Act. The plaintiffs claimed that TransUnion failed to use reasonable procedures to ensure the accuracy of their credit files, as maintained internally by TransUnion. For 1,853 of the class members, TransUnion provided misleading credit reports to third-party businesses. We conclude that those 1,853 class members have demonstrated concrete reputational harm and thus have Article III standing to sue on the reasonable-procedures claim. The internal credit files of the other 6,332 class members were not provided to third-party businesses during the relevant time period. We conclude that those 6,332 class members have not demonstrated concrete harm and thus lack Article III standing to sue on the reasonable-procedures claim.
The constitutional analysis focuses on the power of the judiciary to deal with actual cases and controversies:
Therefore, we start with the text of the Constitution. Article III confines the federal judicial power to the resolution of ?Cases? and ?Controversies.? For there to be a case or controversy under Article III, the plaintiff must have a ??personal stake?? in the case?in other words, standing. Raines, 521 U. S., at 819. To demonstrate their personal stake, plaintiffs must be able to sufficiently answer the question: ??What?s it to you??? Scalia, The Doctrine of Standing as an Essential Element of the Separation of Powers, 17 Suffolk U. L. Rev. 881, 882 (1983).
To answer that question in a way sufficient to establish standing, a plaintiff must show (i) that he suffered an injury in fact that is concrete, particularized, and actual or imminent; (ii) that the injury was likely caused by the defendant; and (iii) that the injury would likely be redressed by judicial relief. Lujan v. Defenders of Wildlife, 504 U. S. 555, 560? 561 (1992). If ?the plaintiff does not claim to have suffered an injury that the defendant caused and the court can remedy, there is no case or controversy for the federal court to resolve.? Casillas v. Madison Avenue Assocs., Inc., 926 F. 3d 329, 333 (CA7 2019) (Barrett, J.).
So, then the open question is whether or not a law that allows a private right of action over something that is a potential, but not concrete, harm meets the standard. And the majority decides it does not. And then, it goes even further, and notes that even if Congress creates a statutory “prohibition or obligation,” courts can’t just accept that as evidence of a concrete harm:
Importantly, this Court has rejected the proposition that ?a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right.? Spokeo, 578 U. S., at 341. As the Court emphasized in Spokeo, ?Article III standing requires a concrete injury even in the context of a statutory violation.? Ibid.
Congress?s creation of a statutory prohibition or obligation and a cause of action does not relieve courts of their responsibility to independently decide whether a plaintiff has suffered a concrete harm under Article III any more than, for example, Congress?s enactment of a law regulating speech relieves courts of their responsibility to independently decide whether the law violates the First Amendment. Cf. United States v. Eichman, 496 U. S. 310, 317? 318 (1990). As Judge Katsas has rightly stated, ?we cannot treat an injury as ?concrete? for Article III purposes based only on Congress?s say-so.? Trichell v. Midland Credit Mgmt., Inc., 964 F. 3d 990, 999, n. 2 (CA11 2020) (sitting by designation); see Marbury, 1 Cranch, at 178; see also Raines, 521 U. S., at 820, n. 3; Simon v. Eastern Ky. Welfare Rights Organization, 426 U. S. 26, 41, n. 22 (1976); Muskrat v. United States, 219 U. S. 346, 361?362 (1911).
As the Court then says explicitly, just because someone will have claimed to have violated a statutory cause of action that does not automatically mean there is a concrete harm:
For standing purposes, therefore, an important difference exists between (i) a plaintiff ?s statutory cause of action to sue a defendant over the defendant?s violation of federal law, and (ii) a plaintiff ?s suffering concrete harm because of the defendant?s violation of federal law. Congress may enact legal prohibitions and obligations. And Congress may create causes of action for plaintiffs to sue defendants who violate those legal prohibitions or obligations. But under Article III, an injury in law is not an injury in fact. Only those plaintiffs who have been concretely harmed by a defendant?s statutory violation may sue that private defendant over that violation in federal court.
Indeed, the majority argues that this is, fundamentally, a separation of powers issue:
In sum, the concrete-harm requirement is essential to the Constitution?s separation of powers. To be sure, the concrete-harm requirement can be difficult to apply in some cases. Some advocate that the concrete-harm requirement be ditched altogether, on the theory that it would be more efficient or convenient to simply say that a statutory violation and a cause of action suffice to afford a plaintiff standing. But as the Court has often stated, ?the fact that a given law or procedure is efficient, convenient, and useful in facilitating functions of government, standing alone, will not save it if it is contrary to the Constitution.? Chadha, 462 U. S., at 944. So it is here.
The main dissent, written by Justice Thomas (it’s an ideologically odd pairing: Justice Thomas with the three Justices most commonly found on the other end of the ideological spectrum: Justices Breyer, Sotomayor, and Kagan) is actually fairly compelling regarding the issue of concrete harm:
The principle that the violation of an individual right gives rise to an actionable harm was widespread at the founding, in early American history, and in many modern cases. See Uzuegbunam, 592 U. S., at ___?___ (slip op., at 5?8) (collecting cases); Havens Realty Corp. v. Coleman, 455 U. S. 363, 373 (1982) (?[T]he actual or threatened injury required by Art. III may exist solely by virtue of statutes creating legal rights, the invasion of which creates standing? (citing cases; brackets and internal quotation marks omitted)). And this understanding accords proper respect for the power of Congress and other legislatures to define legal rights. No one could seriously dispute, for example, that a violation of property rights is actionable, but as a general matter, ?[p]roperty rights are created by the State.? Palazzolo v. Rhode Island, 533 U. S. 606, 626 (2001). In light of this history, tradition, and common practice, our test should be clear: So long as a ?statute fixes a minimum of recovery . . . , there would seem to be no doubt of the right of one who establishes a technical ground of action to recover this minimum sum without any specific showing of loss.? T. Cooley, Law of Torts *271.3 While the Court today discusses the supposed failure to show ?injury in fact,? courts for centuries held that injury in law to a private right was enough to create a case or controversy.
Thomas also goes back to the issue of statutory damages in copyright to prove his point:
The First Congress enacted a law defining copyrights and gave copyright holders the right to sue infringing persons in order to recover statutory damages, even if the holder ?could not show monetary loss.? Muransky v. Godiva Chocolatier, Inc., 979 F. 3d 917, 972 (CA11 2020) (Jordan, J., dissenting) (citing Act of May 31, 1790, ?2, 1 Stat. 124?125). In the patent context, a defendant challenged an infringement suit brought under a similar law. Along the lines of what TransUnion argues here, the infringer contended that ?the making of a machine cannot be an offence, because no action lies, except for actual damage, and there can be no actual damages, or even a rule for damages, for an infringement by making a machine.? Whittemore v. Cutter, 29 F. Cas. 1120, 1121 (No. 17,600) (CC Mass. 1813). Riding circuit, Justice Story rejected that theory, noting that the plaintiff could sue in federal court merely by alleging a violation of a private right: ?[W]here the law gives an action for a particular act, the doing of that act imports of itself a damage to the party? because ?[e]very violation of a right imports some damage.? Ibid.; cf. Gayler v. Wilder, 10 How. 477, 494 (1851) (patent rights ?did not exist at common law?).
But this example in the dissent now seems to serve the opposite point: and effectively argues that under the majority decision, copyright’s statutory damages may not be available at all if a plaintiff cannot show “concrete harm.”
That’s a very big deal in the copyright context. For years, we’ve pointed out the problematic nature of statutory damages in copyright. Under copyright law, if the work is registered before the infringement, statutory damages are available. And the whole theory behind them is that it’s supposedly difficult to show the concrete harm of infringement, and therefore, you don’t need to show any actual harm to get statutory damages, and those damages are wholly unrelated to any actual harm. As we noted a decade ago, this makes it “too attractive to sue.” Basically, the possible payout from statutory damages, without having show any actual harm or damages at all, is massively distortionary.
And, now, looking at this ruling, it seems that there’s an open argument if copyright plaintiffs will now be able to rely on statutory damages if they can’t show any harm at all. This wouldn’t completely take away statutory damages, but would, at the very least require plaintiffs to show some kind of harm.
Of course, when it comes to copyright law, one of the things we’ve noted is that courts seem to ignore every other precedent and treat everything related to copyright as if it’s different. And, if this issue ever comes back to the court, I’d predict we’d see that same thing again. Judges will bend over backwards to insist that copyright is somehow “different.” And it’s possible that the majority ruling has an escape valve for that: it mentions repeatedly that part of the way of judging whether or not there’s concrete harm is whether or not the issue is “traditionally recognized as providing a basis of a lawsuit in American courts.” And, as the Thomas dissent makes clear, that’s definitely been the case for copyright law and statutory damages going back basically to the beginning.
However, I do wonder if there’s another interesting opening here on that: while in the early 2000s, Larry Lessig pushed a variety of failed cases to try to argue that the massive changes brought about by more recent copyright law changes raised constitutional issues. The Supreme Court rejected those arguments (wrongly in my opinion), but I do wonder if this ruling in TransUnion, at the very least, raises questions about statutory damages under the 1976 Copyright Act, since it covers so much more content, for so much longer, than was “traditional” under copyright law for the first two centuries of the country.
Filed Under: concrete harm, copyright, ofac, ramirez, statutory damages, supreme court
Companies: transunion
Slack Banning Random Iranian Ex-Pats Shows Why Making Tech Companies Police The Internet Is Crazy Stupid
from the this-is-a-bad-idea dept
On Thursday morning, I started seeing a bunch of tweets pop up in my feed from people of Iranian backgrounds, who no longer lived in Iran, who were having their entire Slack groups shut down, with the company blaming US laws regarding sanctions on Iran.
Slack closed my account today!
I?m a PhD student in Canada with no teammates from Iran!
Is Slack shutting down accounts of those ethnically associated with Iran?!
And what?s their source of info on my ethnicity?#slack #UsSanctions pic.twitter.com/mY8Ltczq8v
— Amir (@a_h_a) December 19, 2018
So @SlackHQ decided to send me this email. No way to appeal this decision. No way to prove that I'm not living in Iran and not working with Iranians on slack. Nope. Just hello we're banning your account. pic.twitter.com/giqYQcMJYz
— Amir Omidi (@aaomidi) December 20, 2018
Yesterday, @SlackHQ sent me an email. My accounts on various Slack teams had been immediately deactivated, with no prior warning. The reason? I've visited family in Iran and used Slack when there. Only my work's paid-for Enterprise account works still. pic.twitter.com/0GFO3E0oqW
— Sareh (@Sareh88) December 20, 2018
Dear #Slack, instead of kicking out Iranians from your platform you could follow other disgusting solutions like what #Oracle and #Google do; return an error for every request with an Iranian IP. I'm NOT even in Iran!!!
This is literally #Racism pic.twitter.com/sbfjKDd9Jv— Reza Bigdeli (@rezabigdeli6) December 20, 2018
@SlackHQ closed my account linked to my @TU_Muenchen email with workspaces related to university and research in Germany! This is both sad and stupid…#slack pic.twitter.com/DlUoKmjM7U
— Mahdi Saleh (@mahdi_slh) December 19, 2018
Hey @SlackHQ – my account was just deactivated "in order to comply with economic sanctions, etc"…is this because I took a HOLIDAY to Iran?!
— James Lambie (@jimlambie) December 20, 2018
There are a lot more reports like this, but that was just the first batch I found with a quick search. Slack’s explanation to the press seems… lacking:
?We updated our system for applying geolocation information, which relies on IP addresses, and that led to the deactivations for accounts tied to embargoed countries,? the representative said. ?We only utilize IP addresses to take these actions. We do not possess information about nationality or the ethnicity of our users. If users think we?ve made a mistake in blocking their access, please reach out to feedback@slack.com and we?ll review as soon as possible.?
All of the blocked people talking about it on Twitter note that they don’t live in any sanctioned country — though many admit to having visited those countries in the past (often years ago) and probably checking in on Slack while they were there. That… is not how the sanctions system is supposed to work. In another press statement Slack tries to pin the blame on the US government:
?Slack complies with the U.S. regulations related to embargoed countries and regions. As such, we prohibit unauthorized Slack use in Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine. For more information, please see the US Department of Commerce Sanctioned Destinations , The U.S. Department of Treasury website, and the Bureau of Industry and Security website.?
But that’s bullshit. The sanctions rules don’t say you have to cut off completely anyone who ever connected from a sanctioned country. The Verge (linked above) spoke to an Oxford researcher with knowledge in this area:
?They are either incompetent at OFAC interpretation or racist,? said Oxford researcher Mahsa Alimardani, who specializes in communication tools in Iran.
[….]
?Detecting an Iranian IP address on a paid account (which is presumed to be for business) login as a violation of sanctions is a wrong interpretation of these regulations,? Alimardani says. ?At best it?s over-regulation to prevent any sort of misunderstanding or possible future hassle with OFAC.?
Of course, as former Facebook Chief Security Officer Alex Stamos notes in his own tweet on this topic, this is exactly what happens when you have vague rules with strong punishment, and expect internet platforms to magically police the web:
This is a warning of what you get with regulation that:
- Puts enforcement responsibility on a tech platform
- Without real guidelines/safe harbor of how to interpret
- Over-penalizes false positives
- Has no appeals process in the actual legal system
Get ready for more! https://t.co/vBUar6Nnap
— Alex Stamos (@alexstamos) December 20, 2018
And of course, we’re seeing more and more and more of that. FOSTA does that in the US. The GDPR is doing that around the globe. The EU Copyright Directive will do that. The EU Terrorist Content Regulation will do it. And a bunch of other regulations targeting the internet as well. That’s why some of us keep warning that these laws are going to lead to widespread censorship and suppression of free speech. Because that’s how it always works out. If you threaten internet platforms with huge penalties for failing to block content, but leave the details pretty vague, they’re going to make decisions like that and simply kick people off their services entirely, rather than face liability. It’s a recipe for disaster — and one that seems to be favored by tons of clueless regulators, politicians, and plenty of people who just don’t realize how much harm they will cause.
Filed Under: iran, iranians, ofac, sanctions, technology
Companies: slack
PayPal Stops A Payment Just Because The Payee's Memo Included The Word 'Cuba'
from the read-the-news-lately? dept
Earlier this year, we discussed how a Treasury Department watchlist under the purview of the Office of Foreign Assets Control was mucking up all kinds of legitimate business because some partakers in said business had scary sounding (read: Islamic) names. Everyone began referring to this watchlist as a “terrorist watchlist”, as most of the stories concerned people, including American citizens, who either have names that are close to the names of terrorist suspects worldwide or because certain banks can’t tell when someone is writing the name of their dog in the memo section, mistaking that name for the name of an Islamic terror group, because why not?
But as it turns out, this hilariously frustrating example of bureaucratic ineptitude isn’t limited to global terrorism. It also apparently applies to decades old embargo rivalries, too. Mark Frauenfelder details a wonderful story about how his wife, a book editor, used PayPal to pay for a book review about Cuba, only to have the payment suspended and the notices from PayPal begin to fly.
Carla included a message to Ben in the Paypal transaction, which read, “Hi Ben – Your Castro’s Cuba review is up! Thanks so much! Carla.”
As soon as she pressed the send button, she got a pop-up message on the PayPal site that informed her that the payment was being held for review. This had never happened before and she had no idea why PayPal was holding up the transaction. Last night, an email arrived from PayPal. It turns out, the problem arose because Carla’s message included the forbidden word “Cuba” (and/or possibly “Castro”).
Mark embedded the entire email PayPal sent in his post, but you’re not going to find much useful within it. It basically just says that using words like “Cuba”, which is a country oft discussed in the United States, and “Castro”, which is a crazy common last name, triggered the company’s compliance controls to meet OFAC requirements. As such, PayPal is asking Carla to write an essay for the class explaining why she would dare write those words in a payment for a book review.
To ensure that activity and transactions comply with current regulations, PayPal is requesting that you provide the following information via email to compliancetransactions@paypal.com:
1. Purpose of payment 0B463347YT949791N attempted on August 16, 2016 in the amount of $30.00USD, including a complete and detailed explanation of the goods or services you intended to purchase. Please also explain the transaction message: “Hi Ben – Your Castro’s Cuba review is up! Thanks so much! Carla.”
Read that part of PayPal’s email. Now read it again. This is bureaucracy at its finest, with a $30 payment triggering all kinds of alarms because of a friendly message about a review. Two things stand out to me. First, exactly what kind of nefarious deeds are both carried out for thirty dollars and then signed off with a friendly memo in the payment section like this? Second, if PayPal is really concerned here, exactly what are they expecting to learn from the “complete and detailed explanation” they are requesting from Carla? Would a Cuban operative using their system do anything other than lie in this explanation? Is the OFAC so strict that it requires these checks, but so lax that the checks amount to the honor system?
Or is it possible that government oversight has reached a level at which it does no good other than to serve as a useful reminder of what a pain in the ass it is?
Filed Under: castro, cuba, ofac, payments
Companies: paypal
Not Funny: How The OFAC Is Outlawing Even The Lamest Attempts At Humor Over Terrorist Fears
from the humor-me dept
It’s only been a couple months since we discussed some of the problems stemming from the US Treasury Department’s terrorism scary names of brown people list, namely that non-scary people with names similar or identical to maybe actual scary people suddenly can’t seem to use online services. Some term this “Islamophobia”, whereas I prefer to mark it as the type of government laziness combined with carpet-bomb approaches to governance that is far too common. Add to that the fact that banking institutions are also suddenly being tasked with checking their payment services against this watchlist, nabbing all kinds of innocents in the process, and you have a process that could be funny if it weren’t so frustrating.
But, when it comes to terrorism, we’re legislating funny out of the equation altogether, it seems. For example, one man’s $42 payment to a friend to reimburse him for drinks has been held in limbo because he tried to get funny in the memo section of the payment.
Telling a friend you’re paying him back for “ISIS beer funds!!!” is not a particularly good joke. I knew this as I was typing it at 2am on a Sunday, but what I did not know is that it’s an even worse joke on Venmo because the federal government will detain your $42.
Almost immediately after I hit send, Venmo—you know, the app that allows people to send money to each other via their phones—blasted an e-mail into my inbox. The company wanted to “better understand a recent payment.”
Obviously this started because of some automatic flag on the word “ISIS.” And for that, one can hardly blame Venmo. Is it unlikely that a terrorist is going to send $42 to another terrorist to pay him back for alcohol, of all things, as part of their terrorist-y network? Sure, that’s unlikely. But do we want the financial system running some general check against common terror groups and references to make sure money isn’t falling into their hands? Of course.
But when Ben Guarino responded to Venmo to try to explain, choosing to call the whole thing a typo error instead of an admittedly lame joke, that meant that someone from Venmo was manually looking at the situation. And the result wasn’t any better.
Venmo wasn’t buying it. “Unfortunately,” wrote someone who signed the e-mail as Heather, “due to OFAC regulations, we are not allowed to give the funds back to you or issue a refund.” Because I don’t regularly bump into terrorists or sicarios at Whole Foods, I had no clue what an OFAC was. As it goes, the Treasury Department’s Office of Foreign Assets Control is a decades-old institution, quietly working to keep money out of the hands of America’s enemies. In 1962, the Division of Foreign Assets Control—which President Harry Truman had used to block transfers destined for North Korea and China—metamorphosed into OFAC. This association now has to deal with tipsy hipsters grasping at wit through instant payment apps.
And that’s where this whole practice breaks down into the land of the dumb. Look, Guarino’s joke was both dumb and not particularly funny, by my estimation. But here’s the thing: if your terrorist money-traps are nabbing hipster dudes trading 42 whole dollars for drinks, with a full explanation of where the drinks were had as well, then the program is no longer serving its purpose. Instead, we should admit that we’ve let fear grip our government institutions to such a degree that those institutions are trying to pass off annoying our citizens as a necessary trade for our safety. If that isn’t the stated goal of terrorism, I don’t know what is.
As of this writing, the OFAC still has Guarino’s $42 sitting in limbo, having given him a case number for his request to have it released and nothing else. And America lived to see another day, I suppose.
Filed Under: isis, money, ofac, payments, terrorism
Companies: venmo
How A Treasury Terror List Is Preventing Americans With 'Scary' Names From Using Online Services
from the scary-names dept
We’ve talked a few times before about the US Treasury Department’s Office of Foreign Assets Control, a government office theoretically designed to keep money from flowing to and from scary people in scary countries or whatever. Its work typically amounts to keeping businesses from doing business-y things with people in places like North Korea and such. On the other hand, sometimes the folks at the OFAC get their knickers in a twist over a graphic novel about some of these scary people, so it’s not like these folks have a spotless record when it comes to keeping the proper targets in its collective sights.
But a couple of stories have been trickling in having to do with non-scary people who share names too-closely associated with actual scary people suddenly being denied online services due to the OFAC scare-list. The first of these concerned a man named Muhammad Zakir Khan being refused a registration for a multiplayer video game.
Gamasutra, which broke the story, reports that when Khan submitted his request, he received an unusual denial, one explaining that his name had come up as “a match against the Specially Designated Nationals list maintained by the United States of America’s Office of Foreign Assets Control.” Epic was, in other words, refusing Khan the opportunity to try out its new game simply because his name resembles that of someone who might be financially involved with terrorism.
Khan tweeted a a screengrab of the rejection form and hashtaged it “#Islamophobia.” Surprisingly, Epic Games founder Tim Sweeney replied to another tweet about the issue, claiming that it had been caused by an “[o]verly broad filter related to US trade restrictions.”
Which, you know, good for Epic Games. And I wouldn’t really refer to this as “islamophobia” so much as I’d refer to it as broad laziness by both a government agency and a corporation. Let’s think this through for one moment. If our Treasury Department is going to cast a worried eye towards Islamic terrorism such that it compiles a list of names that businesses are refused from interacting with, and if those names come from a region of the world where there is a certain repetition of these sorts of names (Muhammad Khan sounds like it could be akin to John Smith), then how useful is this directory of scary people to begin with? The point of the list is to identify bad actors, but if innocent folks are getting caught up in it, then it isn’t serving its chief function particularly well, now is it? But no matter, says the government agency. Just add the name to the list and damn the fallout to hell.
The broader question, of course, is why an online game should be checking registrations against the CFAC list to begin with. In this particular case, it appears the check was ported over from the game engine itself.
Unreal Engine 4 has a wide range of uses, both domestic and foreign, that apparently bring it under the umbrella of trade guidelines. Under ordinary circumstances, those restrictions should only apply to people who are using the engine to create new games. (For instance, the U.S. government presumably doesn’t want ISIS to use the engine to create a recruiting game.) But when Epic used the engine to make Paragon, it accidentally left those restrictions in place. Thus, the filter shouldn’t have been there in the first place, and no one should have been banned from Paragon, regardless of whether they show up on a watch list.
As I said: government laziness and corporate laziness combine to keep an innocent person from playing a video game. Success!
Such innocent circumstances don’t appear to be replicated in the story of Noor Ahmed’s attempt to sign up for a payment app called Venmo, which is normally a cinch to register for, but for which Ahmed still isn’t able to use.
When she tried to sign up last year, Venmo refused to add her. The company sent her an email instead, asking Ahmed to provide a stack of additional information to verify her identity. What followed was the opposite of simplicity: Ahmed had to obtain paper copies of her utility bills as well bank statements, and then find a fax machine (a practically unheard of technology for many younger people) to send them to Venmo. After complying with this rigamarole, Ahmed still was unable to sign on to Venmo.
It turns out that she, like thousands of other Americans, shares a name with someone on a list created by a Treasury group called the Office of Foreign Assets Control. This list is called “Specially Designated Nationals and Blocked Persons,” and includes (on page 33) a 41-year-old Afghan man also named Noor Ahmed. The New York-based Ahmed, said she is familiar with such mix-ups.
“I was born and raised in California, but I’m taken into secondary customs at the airport no matter what because of my name,” said Ahmed. “I think it’s now extending to other parts of my life.”
Whatever your thoughts on terrorism and international politics, it’s quite clear that this isn’t helpful. It isn’t stopping a terrorist from using the app; it’s stopping a US citizen from using it. It isn’t helpfully identifying a person for a US business to steer clear of; it’s _mis_-identifying a US citizen. Hell, the list can’t even keep men and women straight. For the CFAC list to useful, never mind non-discriminatory, it should at least be able to keep a valid US citizen from being caught up in the web.
If it can’t manage that simple task, it’s probably worth revisiting whether this list should be employed at all.
Filed Under: ofac, office of foreign asset control, terrorists, treasury department, watch list
Graphic Novel Declared A Terrorist Operation By US Government, Advance Money Seized
from the insanity dept
This story is almost too bizarre to believe. Journalist David Axe wrote a graphic novel about “the Lord’s Resistance Army” rebel group in the Democratic Republic of Congo (which many people may be aware of due to the controversial viral “Kony 2012” story from earlier this year). No matter what you think of the situation with Kony, it seems bizarre that the book itself (which is just about Kony) should be declared a product of a terrorist organization and the money associated with it frozen. But… that’s apparently what happened.
In 2010 I went to the Democratic Republic of Congo to report on the Lord’s Resistance Army rebel group. In 2011 I wrote a graphic novel script based on my reporting and artist Tim Hamilton agreed to draw it. Cartoonist Matt Bors edited the story and early this year the Dutch Website Cartoon Movement serialized the art online, following which book publisher Public Affairs acquired the paperback rights. And last month, the federal Office of Foreign Assets Control confiscated the majority of the advance payment, claiming that we were laundering the money for onward transfer to a terrorist organization.
Yes, you read that right: the feds believe Tim and I are terror financiers.
This seems like a massive overreaction by the US government (and, perhaps, a First Amendment violation). The graphic novel appears to be a journalistic account of Joseph Kony’s actions in central Africa:
In the press release that Axe and Hamilton sent out about this, they were told that book’s title, Army of God, “threw up a red flag.” You would think that once that red flag went up, some bureaucrat somewhere would then have looked at the damn book and realized that it’s not some terrorist conspiracy. I guess that’s too much to ask.
Filed Under: david axe, graphic novel, joseph kony, ofac, terrorism, tim hamilton, us government