Adriana Sanford will be addressing the International Committee of the Senior Lawyers Division of the American Bar Association.
U.S. Treasury Publishes Final Rule on Reporting Beneficial Ownership Information
On September 29, 2022, the Financial Crimes Enforcement Network (FinCEN) issued a final rule implementing the Corporate Transparency Act’s (CTA) beneficial ownership information (BOI) reporting provisions.
Rule Brings U.S. Closer to Comply with the International Rules on Entity Transparency
In 2006 and 2016, the Financial Action Task Force Mutual Evaluations found the U.S. non-compliant with entity transparency standards.
The final rule will help bring the U.S. closer to complying with the international rules on entity transparency. However, the rules do not take effect until January 1, 2024. Reporting companies created or registered before January 1, 2024 will have one year (until January 1, 2025) to file their initial reports. The rules do not take effect until January 1, 2024. Reporting companies created or registered before January 1, 2024 must submit an initial report within one year of the effective date, the same as in the proposed rule. The rules do not take effect until January 1, 2024. Reporting companies created or registered after January 1, 2024, will have 30 days after receiving notice of their creation or registration to file their initial reports. The proposed rule required filing the initial report within 14 days of their creation or registration.
By then the international standards will have moved further. For instance, unlike the U.S., the EU and many countries include in their entity transparency standards reporting on common law trusts. In any addition, the EU and the international standard is to have public registries, allowing a broad segment of the public to view the BOI so that they can verify it and/or report discrepancies.
Access to the Beneficial Ownership Information and FinCEN Resource Issues
In the U.S. even proposed regulations on access to beneficial ownership information is not yet available. It is likely that the information on beneficial owners is kept by FinCEN and only can be accessed by financial regulators and law enforcement from federal, state, Indian tribes, and foreign governments and banks to verify Customer Due Diligence. All will likely have to request access and then await processing by FinCEN. FinCEN is already behind on releasing the other regulations on access and a revised CDD rule. FinCEN is seriously underresourced, especially in view of all the new regulatory projects. The OECD in 2018 downgraded the U.S. for timeliness in responding to requests for information and in the qualify of the information exchanged. The penalties for any misuse of the information are so harsh that banks receiving information will have to restrict it, so that they can protect themselves from any penalties.
Concessions to Formation Agents and the Business Community
The final rule has made concessions to the business community and formation agents. The rule defines a company applicant to be only two persons: the individual who directly files the document that creates the entity, or in the case of a foreign reporting company, the document that first registers the entity to do business in the United States; and the individual who is primarily responsible for directing or controlling the filing of the relevant document by another. The proposed rule stated that anyone in the chain of working on formation was considered a company applicant.
The rule, however, does not require reporting companies existing or registered at the time of the effective date of the rule to identify and report on their company applicants, as the proposed rule did. In addition, reporting companies formed or registered after the effective date of the rule also do not need to update company applicant information, as the proposed rule did.
Analysis
As I stated in my remarks on Sept. 22 at the STEP/LATAMCaribbean conference in Panama in a talk on Will the U.S. Remain the Jurisdiction of Choice for Latin Americans in the aftermath of the Enactment of the CTA, the U.S. will remain the jurisdiction of choice for both legitimate and illegitimate investors.
The current (October) issue of the IELR will have a more comprehensive discussion of the CTA BOI final rules.
France’s Conseil d’Etat Upholds €100 Million Fine Against Google for Advertising Cookie-Related Data Protection Violations
By Jonathan J. Rusch[1]
It should be no surprise to any company doing business in the European Union that if it wants to use “cookies” – small text files stored in an Internet user’s computer to identify that user — for advertising purposes, it must abide by the provisions of EU law pertaining to data privacy. Recitals 26 and 28 of the General Data Protection Regulation (GDPR) make clear that any data that can be used to identify an individual either directly or indirectly is considered personal data. Moreover, for more than a decade the EU E-privacy Directive has recognized that users have a right to refuse cookies when an entity’s website seeks to place cookies on the users’ computers.
Even so, in 2020 the French Data Protection Authority (CNIL) imposed a total of €100 million on fines on a world-leading technology company, Google, for failure to comply with the obligation to obtain users’ consent before it installed advertising cookies or other tracking devices. The CNIL did so pursuant to Article 82 of the French Data Protection Act, which transposes the E-privacy Directive. Google then appealed to the French Conseil d’État, the highest French court for cases involving public administration, in an effort to annul the fines.
On February 1, the Conseil d’État rejected Google’s position and affirmed the CNIL fines. In its decision, the Conseil d’Etat confirmed that the CNIL had the power to intervene as it did. It also found that Google had failed to provide users with clear and complete information or to obtain their prior consent to cookie placement, and had a defective cookie refusal procedure. The Conseil took note of the fact that an audit that the CNIL conducted in March 2020 disclosed “that seven cookies were automatically installed on users’ computers as soon as they visited the site, four of which were only used for advertising purposes.” During that audit procedure, Google “modified its practices in August 2020, but continued not to inform the user directly and explicitly about the purposes of its cookies and the means of objecting to them.”
The Conseil further noted that the amount of the fines that the CNIL imposed did not exceed the limit set by the French Data Protection Act, and that the fines were not disproportionate in view of the significant profits generated by the data collected through advertising cookies, and of Google’s dominant market share in France (more than 90 percent, which equates to approximately 47 million users).
Google reportedly is already looking ahead to replacing its advertising cookies with “a new system called Topics, in which advertisers will place ads via a limited number of topics determined by users’ browser activity.” At other firms doing business in the EU, however, Chief Privacy Officers and Chief Compliance Officers should take note of the Conseil d’État decision and compare the Conseil’s findings against their own cookie policies and practices. Although certain aspects of data-protection law can be exceptionally complex, providing clear guidance to internet users about prior consent to or refusal of cookies should not be.
[1] Jonathan J. Rusch is Adjunct Professor and Co-Director of the U.S. and International Anti-Corruption Law Program at American University Washington College of Law and Adjunct Professor at Georgetown University Law Center.
DIPLOMATIC DIALOGUE – ‘The Role of the Caribbean Financial Action Task Force in Anti-Money Laundering/Countering the Financing of Terrorism/Countering Proliferation Financing Compliance’
DIPLOMATIC DIALOGUE – ‘The Role of the Caribbean Financial Action Task Force in Anti-Money Laundering/Countering the Financing of Terrorism/Countering Proliferation Financing Compliance’
Thursday 10th February, 2022 | 1:00 – 3:00 p.m. Atlantic Standard Time
https://uwi.zoom.us/webinar/register/WN_I0gBP0QBReeZCbf0F8pBuQ
Jessica Byron-Reid Jessica.Byron-Reid@sta.uwi.edu
PROGRAMME
Welcome Remarks Professor Jessica Byron Director, Institute of International Relations (IIR)
Introduction of Guest Speaker Dr. Dave Seerattan Lecturer, IIR
Feature Presentation Ms. Dawne Spicer Director, Caribbean Financial Action Task Force (CFATF)
Commentary Ms. Alicia Nicholls Junior Research Fellow (Trade), Shridath Ramphal Centre, The UWI, Cavehill
Question and Answer Session
Vote of Thanks Ms. Zaynab Nakhid Postgraduate Diploma Student, IIR
GAO Publishes Report on Trafficking and Money Laundering Required by Corporate Transparency Act
GAO Publishes Report on Trafficking and Money Laundering Required by Corporate Transparency Act
On December 23, 2021, the General Accountability Office (GAO) published Report on Trafficking and Money Laundering Strategies Used by Criminal Groups and Terrorists and Federal Efforts to Combat Them (GAO-22-104807 53 pp.).
The GAO reviewed how transnational criminal organizations and terrorist groups traffic goods such as illegal drugs, engage in human trafficking, and launder money.
Reasons for and Goals of the Report
Congress included a provision in the Money Laundering Act of 2020, which was part of the National Defense Authorization Act for Fiscal Year 2021, for the GAO to review trafficking and related money laundering and create federal efforts to combat them.
The goals of the report are to describe what is known about the money laundering strategies of transnational criminal organizations and terrorists and information-sharing efforts among federal agencies to combat trafficking.
Findings- Money Laundering Techniques
Federal agencies, international organizations, and other commentators, such as non-governmental organizations, have reported that money laundering strategies used by transnational criminal organizations and terrorist groups include sophisticated techniques such as phony trade transactions or purchase and resale of real estate or art.
The techniques can involve the services of professional money laundering networks or service providers in legitimate professions, such as law and accounting. For example, lawyers or accountants can create shell companies (entities with no business operations) to help criminals launder illicit proceeds. Transnational criminal organizations and terrorist groups also continue to smuggle cash in bulk or transmit money electronically across borders. The report also mentions the role of real estate agents, company service providers, and art and antiquities dealers.
Federal Efforts to Combat Trafficking and Money Laundering
Federal efforts to combat trafficking and money laundering incorporate multiple collaborative and information-sharing mechanisms and include the private sector.
- Law enforcement agencies cooperate through task forces in which they share information and analytical resources to aid in the investigation and prosecution of drug and other trafficking-related crimes.
- Federal agencies share intelligence with foreign counterparts. In particular, the Financial Crimes Enforcement Network (FinCEN), a bureau of the Department of the Treasury, shares information with more than 160 international financial intelligence agencies.
- FinCEN collaborates with law enforcement agencies to share information with financial institutions on “red flags” for trafficking, which institutions can use to identify and report suspicious transactions.
- Under Sec. 314(b) of the USAPATRIOT Act, FinCEN also coordinates a voluntary program that allows financial institutions to share information with one another to better identify and report suspicious activities that may be related to money laundering or other illicit financing.
Efforts of the Federal Government to Improve Institution Reporting and Enhance Data Analysis
The report discusses efforts by federal agencies to undertake initiatives to make information from financial institutions more available or more useful for trafficking-related investigations, and to enhance agencies’ ability to analyze such information.
FinCEN Advisories – FinCEN attempts to improve the quality of the SAR data it receives from financial institutions by issuing advisories, which include descriptions of trafficking strategies, “red flag” indicators, and other guidance developed in collaboration with law enforcement agencies. The advisories are designed to help institutions better understand what transactions or customer activities to report to law enforcement.
Information sharing between federal agencies and financial institutions.
FinCEN and law enforcement agencies have programs to share details about how financial institutions could better identify and report data for disrupting money laundering, terrorist financing, and other financial crimes. However, the information generally is shared among limited audiences. For example, in 2017, FinCEN created the FinCEN Exchange. This is a public-private program to enhance information sharing with financial institutions so that FinCEN and law enforcement agencies can receive information that will help them disrupt money laundering and other financial crimes.
Information sharing among financial institutions.
FinCEN coordinates a voluntary program for financial institutions to share information with each other. The goal of the sharing is to help financial institutions better identify and report activities they suspect may involve money laundering or terrorist activities. The program, which is authorized by Section 314(b) of the USA PATRIOT Act, allows financial institutions to share normally private information about customers or transactions when the institutions suspect money laundering or terrorist financing.
Analysis
The GAO Report does not provide analysis or recommendations, but furnishes an opportunity to reflect on the recently enacted Corporate Transparency Act. While it proffers a positive way forward to start catching up with international standards, it obviously falls below in several ways.
The collection of data is limited to those entities which must file with the Secretary of State. As a result, it will miss private trusts and other entities that do not need to file with the Secretary of State.
It remains to be seen whether the way in which FinCEN obtains and maintains the information will be in a standard format internationally so that it can be easily shared with other law enforcement and regulators.
The proposed beneficial ownership regulations under the CTA does not require verification of the information. In addition, contrary to the EU and other systems, the information is not accessible to the public. The lack of verification requirement and the inability of watch-dog non-government organizations and investigating journalists to access the information will deprive the data of a high degree of accuracy.[1] Law of accuracy will diminish its utility.
Even without the analysis and recommendations, the GAO is especially useful in showing how U.S. law enforcement collaborates to scrutinize Suspicious Activity Reports and other data of a beneficial ownership nature to develop criminal investigations and prosecutions.
[1] For a useful survey of the beneficial ownership best practices of six countries and their implications, see Kathy Nicolaou-Manias and Yuchen Wu, Beneficial Ownership and Transparency: Learning from Best Practices, 2021 TNTI 248-11, Dec. 29, 2021.
EU Commission Proposes Major Revisions for Countering Money Laundering and Terrorism Financing
On July 20, 2021, the European Commission presented a significant set of legislative proposals to strengthen the EU’s anti-money laundering and countering terrorism financing (AML/CFT) rules. The proposal will establish a new EU authority to combat money laundering. The proposals aim to improve the detection of suspicious transactions and activities, and to shut the loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.
The proposals improve the existing EU framework by responding to emerging challenges linked to technological innovation. They take into account virtual currencies, more integrated financial flows in the Single Market and the global nature of terrorist organizations. The proposals bring convergence in the AML/CFT rules and establish a more consistent framework to ease compliance for operators subject to AML/CFT rules, especially for those active in cross-border transactions.
The Four Legislative Proposals
The initiatives consist of four legislative proposals:
- A Regulation establishing a new EU AML/CFT Authority;
- A Regulation on AML/CFT, containing directly-applicable rules, including in the areas of Customer Due Diligence and Beneficial Ownership;
- A sixth Directive on AML/CFT (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive), containing provisions that will be transposed into national law, such as rules on national supervisors and Financial Intelligence Units in Member States;
- A revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets (Regulation 2015/847/EU).
New EU AML Authority (AMLA) Proposed
The initiatives will establish a new EU Authority (AMLA) to transform AML/CFT supervision in the EU and improve cooperation among Financial Intelligence Units (FIUs). The AMLA will serve as the central authority coordinating national authorities to ensure the private sector correctly and consistently applies EU rules. AMLA will also furnish support to FIUs to improve their analytical capacity around illicit flows and make financial intelligence a key source for law enforcement agencies.
The AMLA will:
- create a single integrated system of AML/CFT supervision throughout the EU, based on common supervisory methods and convergence of high supervisory standards;
- directly supervise some of the riskiest financial institutions that operate in a large number of EU Members or require immediate action to respond to imminent risks;
- monitor and coordinate national supervisors responsible for other financial entities, as well as coordinate supervisors of non-financial entities;
- support cooperation among national FIUs and facilitate coordination and joint analyses between them, to better detect illicit financial flows of a cross-border nature.
One EU Rulebook for AML/CFT
The Single EU Rulebook for AML/CFT will harmonize AML/CFT rules across the EU, including, for instance, more detailed rules on Customer Due Diligence, Beneficial Ownership and the authorities and task of supervisors and FIUs. The initiatives will connect existing national registers of bank accounts, furnishing faster access for FIUs to information on bank accounts and safe deposit boxes. The Commission will also supply law enforcement authorities with access to this system, accelerating financial investigations and the recovery of criminal assets in cross-border cases. Access to financial information will be subject to strong safeguards in Directive (EU) 2019/1153 on exchange of information.
Extending AML/CFT Rules to the Crypto Sector
Currently EU AML/CFT rules apply to only certain types of crypto-asset service providers. The proposed initiatives will extend these rules to the entire crypto sector, obliging all service providers to conduct due diligence on their customers. The proposals will ensure full traceability of crypto-asset transfers, such as Bitcoin, and will permit prevention and detection of their possible use for money laundering or terrorism financing. Additionally, the proposals will fully apply EU AML/CFT rules to the crypto sector and prohibit anonymous crypto asset wallets.
Limit Cash Payments to € 10,000
The Commission has proposed an EU-wide limit of €0,000 on large cash payments. The limit is high enough not to question the euro as legal tender and recognizes the important role of cash. In about two-thirds of EU Members limits already exist, but the amounts vary. National limits under € 10,000 can remain in place. Limiting large cash payments makes it more difficult for criminals to launder money. Additionally, the proposes forbid anonymous crypto-asset wallets, similar to the prohibition of anonymous bank accounts.
“Black-Lists” and “Grey-lists” for Third Countries
The EU will continue to use a “black-list” and a “grey-list.” In addition to using the FATF list for its own listing, the EU will have its own list based on an autonomous assessment.
Future
The Commission proposals are in the hands of the European Parliament and Council. The future AML Authority should be operational in 2024 and will start its work of direct supervision slightly later, once the Directive has been transposed and the new regulatory framework starts to apply.
Analysis
The AMLA with direct authority over institutions with cross-border activities or institutions with problems will contribute significantly to stronger compliance. The AMLA will help establish a single integrated system of AML/CFT through common supervisory methods and convergence of high supervisory standards. It will also facilitate cooperation among FIUs and more convergence with respect to their operation.
The extension of AML/CFT rules to crypto-asset service providers and prohibition of anonymous crypto asset wallets will plug a gap in the use of virtual currency to circumvent AML/CFT regulation.
The connecting of existing national registers of bank accounts along with the national beneficial ownership registers for companies and trusts will facilitate financial investigations and asset recovery.
Unfortunately, the use of its own grey and black lists will contribute to the proliferation of such lists internationally, causing more limits and closures of correspondent bank accounts and financial exclusion for persons in small jurisdictions.
For additional information see Questions and Answers: AntiMoney Laundering and Countering Financing of Terrorism (AML/CFT) and Factsheet: Stronger EU rules to fight financial crime, Anti-money laundering and countering the financing of terrorism legislative package, and Proposal on centralised bank account registeries.
The next issue (August) of the IELR will have a more comprehensive discussion of the EU Commission’s AML/CFT initiatives.
U.S. and EU Progress on Several International Enforcement issues at Justice & Home Affairs Ministerial Meeting in Lisbon
On June 22, 2021, the Portuguese Presidency of the Council of the European Union hosted the EU-U.S. Ministerial Meeting on Justice and Home Affairs in Lisbon and made progress on count-terrorism, violent extremism, Passenger Name Record (PNR) data exchange. They also discussed developing bilateral and multilateral instruments to combat cybercrime, using artificial intelligence, and developing well-managed and humane migration policies.
Overview
They underscored the need to cooperate against terrorism, including prevention, permanent vigilance, adaptation, and resilience from all relevant actors.
The U.S. and EU underscored their strong concern with the rise of violent extremism. They cited crimes inspired by hate speech, racism and xenophobia both in Europe and the U.S. Violent extremism constitutes a direct threat to democratic societies. It requires renewed attention by law enforcement, judicial authorities, the private sector and civil society. The U.S. and EU pledged to expand their information exchanges on violent extremist groups, especially those with transnational linkages.
The U.S. and EU underscored the importance of the Passenger Name Record (PNR) data exchange to prevent, detect, investigate and prosecute terrorism, combat serious crime, including child exploitation, and protect the safety of citizens.
Digital Aspects and Cybercrimes
The U.S. and EU discussed the need to cooperate to shape a digital future based on their shared democratic values. They acknowledged the potential benefits and risks of suing Artificial Intelligence technologies for law enforcement and the judiciary. They discussed the need to develop and use such technologies in a trustworthy way in conformity with human rights obligations.
They discussed current and upcoming EU efforts on combating illegal content online, including the need to improve the cooperation between the authorities and online platforms to detect ongoing criminal activity. The U.S. and EU pledged to continue cooperating to most effectively exercise their lawful authorities to combat serious crime both online and offline.
The two sides will focus on combating ransomware, including through law enforcement action, raising public awareness on how to protect networks, the risks of paying criminals responsible, and encouraging those states that have not cooperated to arrest and extradite or effectively prosecute criminals on their territory.
Concerning bilateral and multilateral instruments to combat cybercrime, the U.S. and EU reinforced their commitment to negotiate as soon as possible an Eu-U.S. agreement facilitating access to e-evidence to cooperate in criminal matters. They welcomed the recent approval by the Committee of State Parties to the Budapest Convention of the draft text of the Second Additional Protocol of the Budapest Convention, which is the main instrument for international cooperation on cybercrime. They observed the framework of negotiations on a possible future United Nations international legal instrument on cybercrime and committed to continue to closely coordinate their respective positions.
Migration and Travel
The two sides underscored the importance of well-managed and humane migration and discussed their respective efforts to develop comprehensive and enduring migration and asylum policies. Humanitarian protection should be available to qualifying persons. Unmeritorious claims must be detected quickly, including through information sharing and modern identity management techniques. Unmeritorious claims must be prevented from overwhelming migration systems or public confidence in them.
The agenda requires cooperation with third countries of origin, transit and destination. These jurisdiction also have a responsibility to discourage people from enlisting smugglers and traffickers and endangering the lives of migrants who take dangerous, irregular journeys. Both sides reaffirmed their interest in expanding the transatlantic dialogue on migration and mobility, focusing on sharing lessons learned, exploring complementary pathways to migration, addressing the root causes of migration, improving the return and readmission of irregular migrants and enhancing cooperation in and combatting migrant smuggling.
The U.S. and EU continued to endorse safe and secure mobility and the exchange of information on their respective measures towards the gradual resumption of non-essential international travel. Both sides pledged to restart secure travel between the U.S. and EU as soon as possible, based on the principles of mutual cooperation, efficient operation of the international travel system and scientific evidence.
Analysis
The initial meeting of the Justice and Home Affairs Ministers of the two sides during the Biden Administration went quite well. Clearly, the priority of the Biden Administration for bilateral and multilateral cooperation contrasted with the America 1st unilateral approach of the Trump Administration. The visit of President to the NATO meeting and the EU itself as well as his removal of tariffs and support for the minimum global taxation and other initiatives of the OECD and EU were well received.
The threats of terrorism, organized crime, extremist and hate groups, cybercrime, and illegal migration are common to both sides.
The current issue of the IELR will have a more in depth discussion of the implications of the meeting.
G7 Vows to Act on Corruption, Ransomware, Forced Labor, and Illicit Financing
On June 13, 2021, at the conclusion of its meeting the G7 announced in its Communiqué joint action against several criminal and international enforcement matters.
Corruption, Illicit Financial Activities, and Misuse of Shell Companies
The Communique recognizes “the need action on corruption, including by sharing information on illicit financial activities, tacking the misuse of shell companies, and curtailing the ability of illicit actors to hide wealth.”
As part of its G7 Fact Sheet the Biden Administration underscored how on June 3, 2021 President Biden declared efforts to combat corruption a “core U.S. National interest,” and issued a National Security Student Memorandum on the Fight Against Corruption to elevate this effort.
The G7 Fact Sheet states the U.S. will tackle “the misuse of shell companies, limiting the ability of bad actors to launder dirty money in real estate purchases, improving corruption-related information sharing, and reforming foreign assistance to focus on anticorruption as a cross-cutting priority.” [1] The Fact Sheet says the U.S. welcomes the G7 commitment to take collection action in combatting corruption.
Ransomware
The Communique states the G7 reiterates its interest in stable and predictable relations with Russia. In that regard, it states that it will “identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes.”[2] The Biden Administration’s G7 Fact Sheet states the transnational criminal enterprises committing ransomware leverage infrastructure, virtual currency, and money laundering networks. They target victims worldwide, often operating “from geographic locations that offer a permissive environment for carrying out such malicious cyber activities.”
The G7 Fact Sheet states the international community –both governments and private sector actors – must cooperate to ensure that “malicious cyber activity is investigated and prosecuted, that we bolster our collective cyber defenses, and that States address the criminal activity taking place within their borders.”
Removing Forced Labor from Global Supply Chains
The Communique expresses concern about the use of all forms of forced labor in global supply chains, including state-sponsored forced labor of vulnerable groups and minorities and supply chains of the agricultural, solar, and garment sectors – the main supply chains of concern in Xinjiang, China.
G7 leaders agreed to uphold human rights and international labor standards, and protecting individuals from forced labor. Hence, they commit to ensuring all global supply chains are free from the use of forced labor. They propose to identify areas for increased cooperation and collective efforts to eradicate the use of all forms of forced labor in global supply chains, in accordance with international and national law.[3]
International Human Rights Concerns
The Communique mentions concerns about international human rights violations in Russia, Belarus, Myanmar, and Ethiopia’s Tigray region.
Analysis
The commitments in the G7 Communique to stronger international enforcement initiative are importance for setting and reinforcing international enforcement cooperation. The nature of the G7 meetings and communiques limit the commitments to broad policy statements. The follow up comes from action by international organizations, such as the EU, the OECD, the World Bank Group, and national governments. The limits of the Communiques are inability to implement the broad policy decisions, including when governments and policies change from time to time.
[1] G7 Communique, paragr. 48.
[2] G7 Communique, paragr. 51.
[3] G7 Communique, paragr. 29.
ANOM: A global covert investigation conducted through an encrypted app trap
Sara Kaufman[1]
On June 8, 2021, the Federal Bureau of Investigation (FBI) and Australia’s Federal Police (AFP) publicly announced the arrests of more than 800 individuals utilizing a FBI-controlled encrypted platform to facilitate their criminal activities.[2] ANOM, a highly popular encryption platform amongst criminals worldwide, was secretly used as a surveillance tool in an investigation known as “Operation Trojan Shield” in order to discreetly observe and curtail the criminal activities in Australia and beyond.[3]
As technology has grown over the years, criminals have utilized hardened encrypted devices as a tool to obstruct any federal investigations against them. Encrypted devices are tools that both send and retrieve encrypted electronic communications, allowing criminals to openly discuss their activities with confidence that their contents will remain secure.[4] For many years, contents in encrypted devices did in fact remain secure; communication was often limited to a self-selected group of individuals using the same encryption platform. Law enforcement agents therefore would be unable to collect evidence regarding the conversations that criminals were having on their encrypted devices.
Companies that provided these encrypted devices were generally aware that their target audience is utilizing their products for criminal activity; in March 2018, the CEO of Phantom Secure, Vincent Ramos, and four other principals of the company were indicted for aiding and abetting the distribution of cocaine. During his plea hearing in October 2018, Ramos admitted that Phantom Secure laundered drug trafficking proceeds, as well as aided and abetted the importation, exportation, and distribution of illegal substances across international borders.[5] Phantom Secure was not the first, nor would it be the last, of the many encrypted devices to appear on the black market to plan and executive criminal activity.
Operation Trojan Shield
While the FBI previously dismantled hardened encryption companies utilized amongst criminals to communicate – such as Phantom Secure – new platforms would emerge as substitutes for their predecessors. In “Operation Trojan Shield,” various European law enforcement agencies, the FBI and AFP collaborated with a confidential source to construct, market, and upkeep the next encrypted communication platform to arise on the black market.[6]
The devices themselves were encrypted but the FBI, AFP, and the confidential source collaborated to build a master key into the existing encryption system.[7] This allowed law enforcement to decrypt and store messages as they were transmitted. For devices located outside of the U.S., an encrypted “BCC” of each sent message is routed to an “iBot” server located outside of the U.S. The message is then decrypted with the master key and then immediately re-encrypted with the FBI encryption code. The newly encrypted message is then passed to a second FBI-owned iBot server to be decrypted for viewing within the U.S.[8] Given the high level of technical care and expertise needed to set up this master key process, the collaboration between the FBI, AFP, confidant, and other European law enforcement agencies was needed to ensure that ANOM could be launched effectively and discreetly within criminal networks.
ANOM could only be used on devices sold within the black market and were stripped of the ability to make calls or send emails. In order to get a hold of an ANOM-encrypted device, each criminal had to be green-lighted by another criminal who was already using the software.[9] Each ANOM user was identified by a Jabber Identification – similar to a smartphone PIN – was chosen by each user to identify themselves as opposed to using their real names.[10] The high level of exclusivity and security behind ANOM increased the confidence that users that their communications would remain private.
Results of the investigation
As high-profile criminals such as Hakan Ayik praised ANOM and encouraged its use to their associates, thousands of criminals worldwide began utilizing ANOM devices to openly discuss their activities. Between October 2019 and May 2021, a total of 11,800 ANOM devices were registered in over 90 countries, with the highest number of users based in Germany, the Netherlands, Spain, Australia, and Serbia.[11]
Considering the strong reputation that ANOM had amongst criminals, plans to import, export, or distribute drugs were sent between encrypted devices without the use of coded language.[12] Text messages shown in a search warrant affidavit filed May 18, 2021, display open conversation regarding cocaine hidden in French diplomatic packages or underneath layers of bananas in shipping trucks.[13]
Through the surveillance of ANOM users, law enforcement agencies from the U.S., Australia, and the European Union were able to seize numerous tons of drugs and millions of dollars in cash.[14] Australian police officers also claim to have acted on 20 “threats to kill,” thereby protecting many innocent civilians who may have otherwise lost their lives.[15]
Although the criminals that utilized ANOM encrypted devices strongly advocated for their high level of security, this could not be further from the truth. The review of messages sent on ANOM devices has opened numerous high-level public corruption cases internationally, as well as investigations of distributors for money laundering, international drug trafficking, and obstruction of justice.[16]
While new encrypted platforms used to emerge once their predecessors were taken down by the FBI, Operation Trojan Shield severely damages the trusted foundation of encrypted devices for communications amongst criminal actors. Though the use of new technology such as encryption devices has allowed discreet criminal activity to go undetected, law enforcement across the globe has proven that, with joint efforts, they can utilize the same tools for their benefit.
The current issue of the IELR will have a more comprehensive discussion of the law enforcement initiative and its implications.
[1] Legal assistant, Berliner Corcoran & Rowe LLP; B.A., Amherst College.
[2] Rachel Pannett and Michael Birnbaum, FBI-controlled ANOM app ensnares scores of alleged criminals in global police sting, The Washington Post, June 7, 2021, https://www.washingtonpost.com/world/2021/06/08/fbi-app-arrests-australia-crime.
[3] Cheviron Aff. ¶ 14, May 18, 2021. https://www.justice.gov/usao-sdca/press-release/file/1402426/download.
[4] Cheviron Aff. ¶ 9, supra.
[5] Cheviron Aff. ¶ 10, supra.
[6] Ben Westcott, For years, the underworld thought its phones were safe. They fell for an encrypted app trap, CNN, June 9, 2021, https://www.cnn.com/2021/06/08/australia/afp-fbi-ANOM-app-operation-ironside/index.html.
[7] Cheviron Aff. ¶ 13, supra.
[8] Id.
[9] Ben Westcott, supra.
[10] Cheviron Aff. ¶ 14, supra.
[11] Cheviron Aff. ¶ 19, supra.
[12] Cheviron Aff. ¶ 29, supra.
[13] Cheviron Aff. ¶ 14, supra.
[14] Ben Westcott, supra.
[15] ANOM: Hundreds arrested in massive global crime sting using messaging app, BBC.COM, June 8, 2021, https://www.bbc.com/news/world-57394831.
[16] Cheviron Aff. ¶ 20, supra.
U.S. Tax Court Rules Against Constitutional Challenge to Passport Denial for Delinquent Taxpayers
On March 30, 2021, the United States Tax Court granted summary judgment to the Internal Revenue Service with respect to a taxpayer debtor/physician’s constitutional challenge to the IRS’ certification of the delinquent tax debt under IRC, § 7345. The taxpayer’s outstanding tax balance was close to $500,000 and so the IRS turned to a new tool in its collection toolbox – § 7345.1. Under this section, the IRS certified that Robert Rowen, the taxpayer, had a seriously delinquent tax debt to the Treasury secretary, who then transmitted the certification to the State Department. The IRS notified Rowen of the certification. At the time of the suit and the Tax Court’s opinion, the State Department had not taken any action concerning Rowen’s passport. Nevertheless, Rowen petitioned the Tax Court, challenging the IRS’s certification as unconstitutional and a violation of the Universal Declaration of Human Rights (UDHR).
Opinion
The court held that the certification does not deny his right to travel or his rights under the UDHR.
Judge Emin Toro authored the court’s opinion and observed that this is the first time the court has considered the merits of certification under 26 U.S. § 7345. Judge Toro observed that §7345 was enacted as part of the Fixing America’s Surface Transportation Act (FAST Act). The opinion explains that the IRS certifies the delinquent tax debt and sends it to the Treasury secretary, who must then transmit the certification to the State Department. The State Department can revoke, deny, or limit a tax delinquent individual’s passport.
The opinion rejected Rowen’s argument that § 7345 violates his due process rights under the Fifth Amendment since it forbids international travel. Rowen claimed such travel is a fundamental right. The opinion ruled that claim was meritless since the plain text of the statute does not prohibit international travel. The opinion observed that § 7345 only certifies that an individual has a serious tax delinquency. Thereafter, the State Department makes any passport-related decisions. The opinion also rejected Rowen’s claim that §7345 violates his right to travel under the UDHR, since the statute does not impose a limit on the right to travel.
According to the opinion, Rowen’s procedural due process and statute of limitations claims do not have merit because he did not make such arguments in his summary judgment motion. In addition, Rowen to not introduce evidence establishing that the period of limitations has elapsed. The opinion found that the IRS’s certification was not erroneous and that the IRS met the requirements for certification under § 7345. Hence, the IRS was entitled to summary judgment.
Judge Paige Marvel wrote a concurring opinion, stating that the court’s opinion does not foreclose a constitutional challenge in a future case with appropriate facts and squarely presented arguments to the entire tax collection mechanism created by FAST.
Analysis
Clearly the taxpayer’s petition and request for summary judgment were flawed in their efforts to challenge one of the new mechanisms to collect taxes.
The current issue of the IELR will discuss the implications of the case in more detail.