Privacy Oriented

By Julian Sanchez | Published: October 29, 2008 - 01:46PM CT

A good coder has as many uses for hash functions as George Washington Carver did for peanuts—but law enforcement is fond of these digital fingerprinting techniques as well, because they allow reams of data to be rapidly sifted and identified. Legal scholars, however, have spent a decade puzzling over whether the use of hash value analysis in a criminal investigation counts as a Fourth Amendment “search.” A federal court in Pennsylvania last week became the first to rule that it does—but one legal expert says an appeal is very likely.

Chief Judge Yvette Kane of the U.S. District Court for the Middle District of Pennsylvania penned the opinion in United States v. Crist, granting Robert Crist’s request for the suppression of child pornography police found on his computer. Crist had fallen behind on his rent, and his landlord hired a father-and-son pair to move the delinquent tenant’s belongings out to the curb, where a friend of one of the movers, Seth Hipple, picked up Crist’s computer. When Crist returned home, he began freaking out over his vanished machine—while Hipple was freaking out over what he’d found in a folder on the hard drive: Videos appearing to depict underage sex, which he promptly deleted.

Hipple called the East Pennsboro Township Police Department, and though the computer had been reported stolen, it soon found its way to the Pennsylvania Attorney General’s Office, where special agent David Buckwash made an image of the hard drive and began sifting through its contents using a specialized forensics program called EnCase. Rather than directly examining the contents of the hard drive, Buckwash initially ran the imaged files through an MD5 hash algorithm, producing a unique (for practical purposes) digital fingerprint, or hash value, for each one. He then compared these smaller hash values with a database of the hash values of known and suspected child porn, maintained by the National Center for Missing and Exploited Children. He came up with five definite hits and 171 videos containing “suspected” child porn. He then moved to gallery view, inspecting all the photos on the drive, and ultimately finding nearly 1,600 images that appeared to be child pornography.

None of this, however, had been done with a warrant. That raised two intriguing legal questions. First, longstanding precedent holds that if a private party, unprompted by police, conducts a search—by opening a package or briefcase, for instance—then the owner has lost their “reasonable expectation of privacy” in the searched object. That means police are in the clear if they proceed to examine whatever the private party has discovered. But it’s not always clear how this rule applies in particular cases. If a private person opens a briefcase, police might scrutinize it more closely when they take a look—but the exception clearly doesn’t mean that police can scour an entire house, ripping open mattresses and digging through closets, just because someone else has already wandered through the place. So had Crist lost his expectation of privacy in the entire hard drive, or only in the few files and folders Hipple had seen?

Even if the entire hard drive wasn’t to be considered fair game, however, a more interesting question remained: Was the analysis of hash values of the files on the hard drive a search at all? The question was first broached in a 1996 Yale Law Journal article titled “Cyberspace, general searches, and digital contraband.” The author noted an interesting quirk of Fourth Amendment jurisprudence: Courts have held that a “search” occurs when someone’s “expectation of privacy” is violated, provided that expectation is one that society is prepared to regard as “reasonable.” But they’ve also held that there is no such “reasonable expectation” as regards the possession of illegal materials, like narcotics or child porn. In 2004, the Supreme Court would rely on this logic in the case of Illinois v. Caballes to hold that a trained drug dog’s sniff, which only reveals the presence or absence of illegal drugs, does not count as a search. In the digital realm, this raised the possibility of what we might call, with a nod to novelist Erica Jong, a “zipless search“—a more or less perfect means of detecting only contraband, circumventing the Fourth Amendment’s warrant requirement.

If hash value analysis isn’t a search, then even if the state went too far in directly inspecting the hard drive, the evidence of a hash match against the NCMEC database might still be admissible. But Judge Kane rejected that logic, writing:

By subjecting the entire computer to a hash value analysis—every file, internet history, picture, and “buddy list” became available for Government review. Such examination constitutes a search.

But as George Washinton University law professor Orin Kerr, author of the Justice Department’s computer search manual, wrote on the widely-read Volokh Conspiracy blog, this is almost maddeningly brief and vague. “Which stage was the search—the creating the duplicate?” asked Kerr. “The running of the hash? It’s not really clear.” And as Kerr notes, though the court alludes to the Caballes dog-sniff ruling earlier in its opinion, it does not directly take up the question of the “zipless search,” or explain how the hash analysis differs from a dog sniff. The answer could be massively significant, since it would determine, for instance, whether law enforcement agents serving a valid warrant against one user on a huge server are entitled to scan the entire machine, rather than only their target’s files, for illicit material.

The second question is whether Buckwash “expanded the scope of the private search” conducted by Hipple when he imaged and scrutinized Crist’s entire hard drive. In United States v. Runyan, the Fifth Circuit Court of Appeals seemed to accept the application of a “closed container” metaphor to digital storage devices. Just as the privacy interest in the contents of a package are lost once someone has opened it, the contents of a digital storage medium are fair game once it has been accessed. But as Kerr has pointed out in his paper, “Searches and Seizures in a Digital World,” physical metaphors are tricky in a world of bits. Is the computer really like a “container”? Or given the vast amounts of information a hard drive can contain, does it make more sense to think of the drive as analogous to a warehouse, where the “container” is an individual file or folder? Kerr ultimately opts for an “exposure theory” of digital searches, according to which only the information that has been displayed to a human user should be considered “searched,” leaving the privacy interest in all the other data intact. In this case, Judge Kane seemed to agree that Hipple’s “search” of a few files did not void Crist’s privacy interest in the rest of the drive, and that in any event Buckwash’s forensic analysis was qualitatively different and more extensive than Hipple’s casual examination.

Kerr, however, told Ars that he expects the government to appeal the ruling, both because the argument for counting hash analysis as a “search” is so brief, and because the court’s application of the Runyan precedent is subject to dispute.

That makes United States v. Crist a case to watch. Until now, the constitutional status of hash value analysis has been unclear. But if the Third Circuit Court of Appeals should disagree with Judge Kane’s reasoning, it could send a signal that a new era of zipless searching is at hand.

Avoiding being falsely profiled as a money launderer can be hard. Today we’ll quickly look at what the US government calls “Informal Value Transfer Systems (IVTS)”.

US Gubberment says: (IVTS) are efficient remittance systems based on trust that operate primarily within ethnic communities. IVTS include various centuries-old remittance systems centered in ethnic/national communities, the most utilized of which are Hawala/Hundi (South Asia), Fei ch’ien (China), Phoe Kuan (Thailand), and Door to Door (Philippines). Although these systems primarily service legitimate customers and purposes, criminal elements exploit IVTS to launder/transfer proceeds because of their lack of transparency and low costs. Indeed, these systems have historically proven themselves to be among the safest methods to transfer mone without visibility. IVTS provide transfers to and from areas where modern financial services are unavailable, inaccessible, unaffordable, or localities where corruption within the financial system is prevalent. The system provides rapid funds transfers (usually within hours of the transaction’s initiation), under a safeguard of trust and reliability.

Other examples of informal value transfer systems might be Pecunix, e-Dinar, Liberty Reserve, eCache, Numox, or similar Digital Currencies.

Here is what not to do if you’re using informal value transfer systems according to the US’ first Money Laundering Threat Assessment.

Suspicious transactions indicating Informal Value Transfer Systems (IVTS) activity included the following techniques:

Multiple deposits of combinations of cash, money orders, or third-party checks;

Multiple deposits of combinations of cash, money orders, or third-party checks made to the same account from different states;

Daily deposits;

Multiple structured deposits; and, multiple incoming wire transfers followed by any of the activities listed below:

1. Outgoing wire transfers, either domestic or international

2. Outgoing transfers via Automated Clearing House debits to known MSBs

3. Checks written to cash by the accountholder

4. Checks written to or endorsed by known MSBs

5. ATM cash withdrawals in remote locations, including other countries

Additional indicators useful for law enforcement in identifying an Informatl Value Transfer Systems (IVTS) operation include:

Structured deposits followed by wire transfers to unrelated businesses in Southeast/Southwest Asia;

Multiple financial ledgers (one for legitimate transfers, one for criminal activity, possibly an additional ledger for settling accounts between brokers);

A high volume of mail and packages from out of state that contain various monetary instruments such as checks or money orders;

Short telephone calls coming into the broker (instructions from the customer sending funds);

Numerous lengthy telephone calls made to overseas recipients (indicates the broker is coordinating with counterparts and placing orders); and

Fax transmittal logs. Faxes sent may be a rollup of the day’s transactions or may be single transactions. Faxes may contain the name of a sender (not necessarily a real name), beneficiary, or code used by the receiving broker to identify the beneficiary.

All credit for the following content goes to… well, I had it going to Sapphirecapital of the Reserve-Bank Forum, but it appears he got it from FORM 7E - the U.S. “Comptroller’s Checklist of Potentially Suspicious Bank Transactions and Activities that Should Trigger Further Investigation” out of Federal Money Laundering Regulation (2004 Supplement) by Steven Mark Levy. It’s being reprinted here to spread the info and archive it here as well. So, without further ado…

The following consists of the list handled by compliance officers in banks or similar financial institutions in the US and involving USD transfers addressed to a US entity or booked through a US entity.

The Comprtoller of the Currency has provided the following list of potential red flags that should trigger further inquiry to determine whether a suspicious activity report is required. [Comprtroller's Handbook, Bank Secrecy Act/Anti-Money Laundering, 12-18 (December 2000)]

Activity Inconsistent with the Customer’s Business
• A customer opens several accounts for the type of business he or she purportedly is conducting and/or frequently transfers funds among those accounts.
• A customer’s corporate account(s) has deposits or withdrawals primarily in cash rather than checks.
• The owner of both a retail business and a check cashing service does not ask for cash when depositing checks, possibly indicating the availability of another source of cash.
• The customer engages in unusual activity in cash purchases of traveler’s checks, money orders, or cashier’s checks.
• A large volume of cashier’s checks, money orders, and/or wire transfers are deposited into an account in which the nature of the account holder’s business would not appear to justify such activity.
• A customer frequently makes large dollar transactions (such as deposits, withdrawals, or purchases of
monetary instruments) without an explanation as to how they will be used in the business, or the purchases
allegedly are for a business that generally does not deal in large amounts of cash.
• A business account history that shows little or no regular, periodic activity; the account appears to be used
primarily as a temporary repository for funds that are transferred abroad. For example, numerous deposits of cash followed by lump-sum wire transfers.
• A customer’s place of business or residence is outside the financial institution’s service area.
• A corporate customer who frequently makes large cash deposits and maintains high balances, but does not use other banking services.
• A retail business routinely makes numerous deposits of checks, but rarely makes cash withdrawals for daily operations.
• A retail business has dramatically different patterns of cash deposits from similar businesses in the same general location.
• The currency transaction patterns of a business experience a sudden and inconsistent change from normal activities.
• The amount and frequency of cash deposits are inconsistent with that observed at the customer’s place of business.
• The business frequently deposits large amounts of cash, but checks or other debits drawn against the account are inconsistent with the customer’s retail business.
• Businesses that do not normally generate currency make numerous currency transactions (i.e., a sanitation company that makes numerous deposits of cash).
• Financial transactions involving monetary instruments that are incomplete or contain fictitious payees, remitters, etc., if known.
• Unusual transfer of funds among related accounts or accounts that involve the same principal or related principals.
• A business owner, such as an owner who has only one store, who makes several deposits the same day using different bank branches.

Avoiding the Reporting or Record Keeping Requirement
• A business or new customer asks to be exempted.
• A customer intentionally withholds part of the currency deposit or withdrawal to keep the transaction under the reporting threshold.
• A customer is reluctant to provide the information needed to file the mandatory report, to have the report filed, or to proceed with a transaction after being informed that the report must be filed.
• A customer or group tries to coerce a bank employee into not filing any required record keeping or reporting forms.
• An automatic teller machine or machines (ATM) are used to make several bank deposits below a specified threshold.
• Unusually large deposits of U.S. food stamps (often used as currency in exchange for narcotics).
• A customer is reluctant to furnish identification when purchasing negotiable instruments in amounts exceeding thresholds for additional reporting.

Fund (Wire) Transfers
Wire transfer activity to/from financial Countries of Concern without an apparent business reason or when it is inconsistent with the customer’s business or history.

• Periodic wire transfers from a personal account(s) to bank secrecy haven countries.
• Large incoming wire transfers on behalf of a foreign client with little or no explicit reason.
• Frequent or large volume of wire transfers to and from offshore banking centers.
• Large, round dollar amounts.
• Funds transferred in and out of an account on the same day or within a relatively short period of time.
• Payments or receipts with no apparent links to legitimate contracts, goods, or services.
• Transfers routed through multiple foreign or domestic banks.
• Unexplained repetitive or unusual patterns of activity.
• Deposits of funds into several accounts, usually in amounts of less than $3000, which are consolidated subsequently into one master account and transferred, often outside of the country.
• Instructions to a financial institution to wire transfer funds abroad and to expect an incoming wire transfer of funds (in an equal amount) from other sources.
• Regular deposits or withdrawals of large amounts of cash, using wire transfers to, from, or through
countries that either are known sources of narcotics or whose laws are ineffective in controlling the laundering of money.
• Many small incoming wire transfers of funds received or deposits made using checks and money orders, with all but a token amount almost immediately being wire transferred to another city or country, in a manner inconsistent with the customer’s business or history.
• Large volume of wire transfers from persons or businesses that do not hold accounts.

Insufficient or Suspicious Information by Customer
• The reluctance of a business that is establishing a new account to provide complete information about the
purpose of business, its prior banking relationships, names of its officers and directors, and information
about the location of the business.
• A customer’s refusal to provide the usual information necessary to qualify for credit or other banking services.
• A spike in the customer’s activity with little or no explanation.
• A customer desires to open an account without providing references, a local address, or identification (passport, alien registration card, driver’s license, or social security card); or refuses to provide any other
information the financial institution requires to open an account.
• Unusual or suspicious identification documents that the financial institution cannot readily verify.
• The discovery that a customer’s home/business phone is disconnected.
• No record of past or present employment on a loan application.
• A customer makes frequent or large transactions and has no record of past or present employment experience.
• The customer’s background is at variance with his or her business activities.
• The customer’s financial statements differ from those of similar businesses.

Other Suspicious Customer Activity
• Substantial deposit(s) of numerous $50 and $100 bills without apparent business purpose.
• Mailing address outside the United States.
• Frequent exchanges of small dollar denominations for large dollar denominations.
• Certificate(s) of deposit or other investment vehicle used as loan collateral.
• A large loan is suddenly paid down with no reasonable explanation of the source of funds.
• Frequent deposits of large amounts of currency wrapped in currency straps that have been stamped by other banks.
• Frequent deposits of currency wrapped in currency straps or currency wrapped in rubber bands that are
disorganized and do not balance when counted.
• Frequent deposits of musty or extremely dirty bills.
• A customer who purchases cashier’s checks, money orders, etc., with large amounts of cash.
• A professional service provider, such as a lawyer, accountant, or broker, who makes substantial deposits of cash into client accounts or in-house company accounts, such as trust accounts and escrow accounts.
• A customer insists on meeting bank personnel at a location other than their place of business.
• Domestic bank accounts opened in the name of a casa de cambio (money exchange house), followed by
suspicious wire transfers and/or structured deposits (under a specified threshold) into these accounts.
• Suspicious movements of funds from one bank into another bank and back into the first bank. For example:
< purchasing cashier’s checks from bank A;
< opening up a checking account at bank B;
< depositing the cashier’s checks into a checking account at bank B; and
< wire transferring the funds from the checking account at bank B into an account at bank A.
• Offshore companies, especially those located in bank secrecy haven countries, asking for a loan from a domestic U.S. bank, or for a loan secured by obligations of offshore banks.
• Use of loan proceeds in a manner inconsistent with the stated loan purpose.
• A person or business that does not hold an account and that purchases a monetary instrument with large denominated bills.
• A customer who purchases a number of cashier’s checks, money orders, or traveler’s checks for large amounts under a specified threshold, or without apparent reason.
• Couriers, rather than personal account customers, make the deposits into the account.
• Money orders deposited by mail, which are numbered sequentially or have unusual symbols or stamps on them.

The following is a substantial list of potential abusive activities employees may encounter.
Employees need to be alert to these situations and report their suspicions to their supervisor. Bank employees should always think of the following steps when confronted with suspicious activities:

• Evaluate the transaction, situation, or the individual causing suspicions considering the following common warning
signs.
• Assemble appropriate supporting transaction records.
• Discuss your suspicions with a supervisor or senior officer.
• If not satisfied with supervisor’s action, go to someone higher up, preferably to the security officer.

BANK EMPLOYEE ACTIVITIES
• Lavish lifestyle cannot be supported by an employee’s salary.
• Absence of conformity with recognized systems and controls, particularly in private banking.
• Reluctance to take a vacation.

BANK-TO-BANK TRANSACTIONS
• Significant changes in currency shipment patterns between correspondent banks.
• Increase in large amounts of cash without a corresponding increase in the filing of mandatory currency transaction reports.
• Deposits with a Federal Reserve Bank or its branches are disproportionate to the previous historical volume or volumes of similarly sized depository institutions.
• Significant turnover in large denomination bills that would appear uncharacteristic given the bank’s location.
• Inability to track the true account holder of correspondent or concentration account transactions.
• A large increase in small denomination bills and a corresponding decrease in large denomination bills with no corresponding currency transaction report filings.
• The rapid increase in the size and frequency of cash deposits with no corresponding increase in non-cash deposits.

BRANCH OPERATIONS

BSA Exemption and CTR Red Flags
• Transaction activity for customers that appears to be unreasonably high given the type and location of the business.
• Exempt entities list contains numerous customers with minimal review procedures.
• CTRs are frequently incomplete or inaccurate.

Currency Red Flags
• Teller cash frequently exceeds limitation set in the bank’s security program.
• Large volume of cash being deposited into a customer’s account whose business would not generate this level of cash.
• Cash deposit to a correspondent account by means other than armored car.
• Large turnover in large bills or an excess of small bills from the bank accompanied by the bank’s demand for large bills not normally seen in this sized bank.

Deposit / Withdrawal Discrepancies
• Kiting situations, where a large number of small checks are deposited and a few large checks are written off the account and the average account balance is generally held at very low levels given the account activity
• A large volume of deposits to several different accounts with frequent transfers of a significant portion of the balances to one account
• Checks on the account are frequently paid against uncollected funds and account balance is consistently low

Official Check Red Flags
• Significant volume of official checks and traveler checks sold for cash
• A large volume of official checks deposited into a customer’s account whose business would not normally support this type of activity

Cash Shipment Red Flags
• Cash shipments which appear large in comparison to the number of CTRs filed
• Increase in cash shipments without a proportional increase in the number of accounts

WIRE TRANSFERS

Number and Size of Wires
• Significant number of wire transfers to/from offshore banks
• Wire transfers to/from countries known to be used to evade BSA rules
• Frequent or large wire transfers against uncollected funds
• Wire transfers involving currency exceeding $10,000

Circumvention of Wire Transfer Controls
• Continual circumvention of wire transfer internal controls, such as ignoring approval limits
• Splitting transactions to evade authority limitations
• Lack of control of password access
• Recurrent wire transfer errors and customer complaints about errors

LENDING

Lending Production/Documentation
• Disproportionate lending out of the bank’s normal territory
• Loan production a factor in officer bonuses
• Requests for large loans coupled with unsolicited buyout offers from third parties
• Loan purpose not noted
• Loan purpose inaccurately recorded

Deposit / Loan Activity Links
• Promise of large dollar deposits in exchange for favorable treatment on lending decision (e.g., deposit not
pledged as collateral)
• Brokered deposit transactions where the broker’s fees are paid for through loan proceeds
• Loan or deposit solicitations from entities or individuals who claim to have access to large deposits from confidential sources

Offshore Issues
• Loans to offshore companies or immediate transfer of loan proceeds to offshore companies
• Loans secured by obligations of offshore companies
• Loan transactions supported by offshore “shell” bank
• Loans collateralized by investments located in countries known to be used to evade BSA rules

CREDIT CARD AND ELECTRONIC FUNDS TRANSFERS

Controls
• No separation of duties between area issuing cards and area issuing PIN
• Substandard controls over unissued cards and PINs
• Substandard controls over returned mail which may contain returned

ATM or credit cards
• Substandard controls of credit limit increases
• Substandard control over name and address changes
• No daily transaction limits established on ATM withdrawals

Operational
• Frequent failure of payment authorization system
• Unusual mail delay of cards and PINs to customers
• Circumventions of approval limits on credit cards by merchants

MISCELLANEOUS
• Frequent overrides of internal controls or intentional circumvention of bank policy
• Unresolved and frequently occurring exceptions report
• Accounts out of balance

THIRD PARTY OBLIGATIONS
• Closely held companies value is not sustained by audited financial information
• Inadequate credit information on third party obligor
• Inadequate documentation on guarantees

THE PURPOSE OF THIS CHECKLIST IS TO DESCRIBE RECOMMENDED PROCEDURES FOR THE IDENTIFICATION OF PERSONS WHO ATTEMPT TO INITIATE SUSPICIOUS TRANSACTIONS INVOLVING ANY TYPE OF ACCOUNT

On occasion, persons may request the institution to accept deposits and release cash to them under unusual or suspicious circumstances. The institution may have no authority to deny deposits or to withhold funds on deposit. In many instances the institution is obligated to accept deposits to
accounts and release funds. However, when the best interests of the customer and the institution would be served by at least delaying the transaction, do so if at all possible.

To protect the customer’s interests and the integrity of the institution, the following procedures shall be implemented by all employees when a suspicious or unusual transaction is requested:

• The employee receiving the withdrawal request shall satisfactorily identifythe person making the request in accordance with institution policy and procedure.

• Verify that funds on deposit are not subject to any holds.

• The person making the withdrawal request shall sign all required documents in the employee’s presence.

• Any customer or other person requesting the delivery of a large sum of money in cash should be offered a cashier’s check, teller’s check or other negotiable document instead.

• If the person requesting the withdrawal will not accept a negotiable document, the office manager or designee should talk to the customer to verify the necessity for a cash withdrawal.

• If it appears that the customer could be the intended victim of a criminal scheme, the institution security officer should be contacted immediately. Contact with the local law enforcement agency should be made by the security officer or designee.

If a customer frequently deposits or withdraws large amounts of cash in a manner that is suspicious, the security officer should be notified of the circumstances. If appropriate, a Suspicious Activity Report should be filed.

Employees presented with deposits or withdrawals in excess of regulatory limits will be required to complete all necessary forms, and should contact a supervisor when suspicious deposits and/or withdrawals occur.

An internal report describing suspicious activity must be forwarded to the security officer within 24hours of any incident involving significant or unusual deposit or withdrawal activity.

From RollingStone’s article about China’s “Golden Shield”:

In Shenzhen one night, I have dinner with a U.S. business consultant named Stephen Herrington. Before he started lecturing at Chinese business schools, teaching students concepts like brand management, Herrington was a military-intelligence officer, ascending to the rank of lieutenant colonel. What he is seeing in the Pearl River Delta, he tells me, is scaring the hell out of him — and not for what it means to China.”

I can guarantee you that there are people in the Bush administration who are studying the use of surveillance technologies being developed here and have at least skeletal plans to implement them at home,” he says. “We can already see it in New York with CCTV cameras. Once you have the cameras in place, you have the infrastructure for a powerful tracking system. I’m worried about what this will mean if the U.S. government goes totalitarian and starts employing these technologies more than they are already. I’m worried about the threat this poses to American democracy.”

Herrington pauses. “George W. Bush,” he adds, “would do what they are doing here in a heartbeat if he could.”

Fortunately, somebody actually cares that this kind of thing not be setup in the US. Unfortunately, this man cannot see that the US has already devolved into a totalitarian regime.

Eliot Spitzer’s downfall raises a question: Is there a fail-safe way to pay for naughty things? (with inserted comments from the Privacy Oriented blogger)

FORBES / Nathan Vardi
March 2008 (in April 7th Edition of Forbes)

New York’s governor was felled not by “Kristen”–but by Osama bin Laden. Since Sept. 11 stronger anti-money laundering rules and new technology have made it tougher to hide dirty transactions of all sorts. As a result, the feds are just as likely to nab a high-profile john as they are a terrorist or drug dealer. “It’s very difficult to avoid creating a paper trail,” says Gregory Baldwin, a lawyer specializing in money laundering issues in Miami. “If you try too hard, you can trip a wire.” In other words, it’s easier to cheat on a spouse than to cheat the system. Here are five ways spenders try to cover their tracks.

1. Wires/Transfers.

If accusations in court filings and the rumors are true, Spitzer’s mistake was to wire funds to QAT, a front company used by the Emperors Club V.I.P. There was a time when money wiring (via, say, Western Union) was a good way to move dirty money undetected. But now such transfers, especially to suspicious entities, raise red flags. Both banks and money services are required to record wire transfers of $3,000 or more and take note of who received the money. That’s what helped nail Matthew Thompkins, a New Yorker who was sentenced last year to 23 years for operating a national underage prostitution ring. He moved a total of $850,000, in increments of less than $3,000 at a time, via U.S. Postal Service money orders and Western Union transfers. Financial institutions are required to keep an especially careful eye on so-called politically exposed persons, usually meaning foreign government officials. But many banks have decided to expand the definition to include U.S. politicians.

2. Credit cards. You’d think felons would know better, yet that’s partly how the feds collected evidence against Dennis Paris. Convicted of running a Hartford, Conn. sex-trafficking ring that used underage girls (including a 14-year-old), Paris has been fined $1.5 million and is facing life in prison. Court documents make these claims: Pretending to operate an escort service and using front companies with innocuous names, Paris walked around town with a mobile credit-card processor. His clients paid for prostitutes with Visa, MasterCard and Discover cards. Sex chits were processed by First Data Corp.

Discover Financial Services says it got wise to Paris–it won’t say how–and shut down his account within three months. Visa, MasterCard and First Data decline to comment. Neither First Data nor the card companies have been accused of wrongdoing.

The use of credit cards to pay for unsavory goods or services (especially, pornography) happens more than credit card companies admit. But these companies do have software designed to spot suspicious transactions, which must be reported to the feds. The industry shares a database to help identify illegal behavior, not only to help the government stop criminals but also to mitigate fraud losses, which run into billions. “Think algorithms and models and different software and Web crawlers,” says Christine Elliott, an American Express spokesperson. Despite the safeguards, however, Amex cards were used to purchase sex from the Emperors Club, according to the criminal complaint, apparently without triggering the criminal investigation.

3. Prepaid cards. “Spitzer should have used a stored-value card and put money on that,” says Gregory Calpakis, executive director of the Association of Certified Anti-Money Laundering Specialists in Miami. “It is almost an untraceable instrument.” Prepaid cards have become a big money laundering concern for the feds. American Express sells gift cards with denominations as high as $500 that can be purchased at retailers anonymously (that is, with cash) and without limit. The company points out that customers can’t bank with the card or use it outside the U.S. But other stored-value cards, often branded by Visa or MasterCard, can be accessed for cash via atms worldwide and reloaded with cash online or at checkout counters without a bank account or face-to-face identity verification. Law enforcers have seen drug dealers use these cards, and they fear that terrorists rely on them, too.

(Blogger comment: These types of pre-paid cards are getting harder and harder to come by.)

Sallie Wamsley-Saxon pleaded guilty in February to running a prostitution service in Charlotte, N.C., using prepaid cards from Green Dot Corp. to move cash, say court filings. Over a two-year period she took in fees from prostitutes (sometimes via her PayPal account) and transferred $120,501 to her Green Dot cards, each with a $2,500 maximum. She used the funds partly to pay for the hookers’ hotel rooms, according to court filings. “What we do is a reasonable measure to know the identity of each customer,” says John Ricci, general counsel for Green Dot, which apparently didn’t get wise to Wamsley-Saxon (someone tipped off the cops) but cooperated with the investigation.

(Blogger comment: Why would anyone use Green Dot cards? They require a Social Security Number!)

4. Digital currency. According to the Justice Department, between 1999 and 2005 child pornographers, hackers and identity thieves made use of e-gold, an online payment system in the Caribbean. Users provide an e-mail address to e-gold, then go to a currency exchange (like Cambist.net) to swap greenbacks, euros, yen and so forth for digital currency backed by gold; from there the customer is free to conduct anonymous transactions anywhere in the world. The feds indicted e-gold last year for money laundering and illegal money transmitting because it operated without an appropriate license. The company pleaded not guilty, and its lawyer, Andrew Ittleman, says e-gold fully complied with anti-money-laundering laws and did not need a license to operate.

(Blogger comment: Don’t use e-gold or Cambist.net - There are much better alternatives for both services. E-GOLD LTD, the Nevis company, is run out of Florida by Florida residents on servers located in Florida and is owned by a Delaware company with offices in Florida. Much better alternatives for holding digital gold or other currencies and keeping private are Pecunix or WebMoney or Liberty Reserve, and probably soon-to-be, e-grams. Likewise, Cambist.net has bad service and there are better alternatives.)

5. Cash. Unless you’re unlucky enough to get marked bills, cash is still very hard to trace, says Fred L. Abrams, a New York City asset-recovery lawyer. Client No. 9 (Kristen’s benefactor) eventually arrived at that insight, paying $4,300 in bills in his final dealings with the Emperors Club, says the complaint.

Deposits or withdrawals that total more than $10,000 within the same day automatically prompt a currency transaction report to the federal government. Smaller amounts will also be picked up by software monitors if they fit a suspicious pattern. Slicing up transactions to avoid detection–a.k.a. structuring–is illegal. Structuring and money laundering account for half the 600,000 suspicious activity reports banks now file with the feds annually, compared with 162,720 sars at the start of the decade. (In a bizarre case, Riggs Bank, the Wall Street Journal reported, filed sars on former U.S. Senator Bob Dole, after regular withdrawals of up to $8,000 in 2004; no wrongdoing was ever alleged.)

So what’s the safe way to get a wad of cash out of the bank? Take it in small and regular doses. Withdrawing $1,200 every week for a high earner is probably not going to trigger an alarm, says Clemente Vazquez-Bello, a lawyer in Miami who advises banks on anti-money-laundering regulations. And if it does, have a good explanation ready. You’re within your rights to be a big spender at restaurants and flea markets where credit cards are not accepted.

Have a good explanation for taking cash out of my bank account? OK, I’ve got one: It’s my money and it’s none of your damn business what I’m doing with it! Moreover, I’m perfectly within my rights to withdraw every damn dime of my money from my bank account, in cash, at any time, with no explanation. I have a right to spend all the money I own any way and anywhere I please.

Pity America’s poor civil libertarians. In recent weeks, the papers have been full of stories about the warehousing of information on Americans by the National Security Agency, the interception of financial information by the CIA, the stripping of authority from a civilian intelligence oversight board by the White House, and the compilation of suspicious activity reports from banks by the Treasury Department. On Thursday, Justice Department Inspector General Glenn Fine released a report documenting continuing misuse of Patriot Act powers by the FBI. And to judge from the reaction in the country, nobody cares.

A quick tally of the record of civil liberties erosion in the United States since 9/11 suggests that the majority of Americans are ready to trade diminished privacy, and protection from search and seizure, in exchange for the promise of increased protection of their physical security. Polling consistently supports that conclusion, and Congress has largely behaved accordingly, granting increased leeway to law enforcement and the intelligence community to spy and collect data on Americans. Even when the White House, the FBI or the intelligence agencies have acted outside of laws protecting those rights — such as the Foreign Intelligence Surveillance Act — the public has by and large shrugged and, through their elected representatives, suggested changing the laws to accommodate activities that may be in breach of them.

Civil libertarians are in a state of despair. “People don’t realize how damaging it is to a democratic society to allow the government to warehouse information about innocent Americans,” says Mike German, national security counsel at the American Civil Liberties Union.

Or do they? In all the examples of diminished civil liberties, there are few, if any, where the motivating factor was something other than law and order or national security. There are no scandalous examples of the White House using the Patriot Act powers for political purposes or of individual agents using them for personal gain. The Justice IG report released Thursday, for example, examined some 50,000 National Security Letters issued in 2006 to see whether the FBI misused that specialized kind of warrantless subpoena. The IG found some continuing abuse of the power, but blamed it for the most part on sloppiness and bad management, not nefarious intent. In a press release accompanying the report, Fine said, “The FBI and Department of Justice have shown a commitment to addressing these problems.”

There may, nonetheless, be reasons to feel wary of the civil liberties vs. security trade-off into which Americans have bought. If the misuse documented in the Justice IG report stems from incompetence, Americans may not be getting the security they bargain for in sacrificing their civil liberties. It’s also possible the Justice IG may yet find among the abused Patriot Act powers examples of an FBI agent stalking his girlfriend or doing a favor for a political operative friend. Fine is still preparing a report on the illegal use of “exigent letters” in unauthorized demands for records from business.

For now, however, civil libertarians will have to continue to argue that the danger lies not in how the government’s expanded powers are being used now, but how they might be used in the future. “The government can collect information about the average citizen without any concern for their rights, but the citizen can’t find out what the government is doing, and that’s inimical to government of we the people,” says the ACLU’s German. So far, that argument hasn’t convinced the people.