NSA Scandals: FCPA Compliance Game Changer?
Government Serveillance & Anti-Corruption Compliance
Businesses and private citizens once took it for granted that their phones, emails, and inter-offices were private and secure. However, after recent news events, many are now questioning if those means of communication could now incorporate a third-party—the government. Those concerned with the FCPA and other Anti-Corruption compliance laws should also wonder what impact will these recent discoveries potentially have.
Surveillance News Summary
Late last week, the British Newspaper, The Guardian, revealed that The Obama administration has been collecting telephone records from U.S. Verizon customers under a top-secret court order obtained in April. This order allows the government to obtain metadata: phone numbers on both sides of the call, call duration, location, date, and time of call. Still, the order has yet to allow the government to listen in on the calls or gain further data, without going through proper consents and channels (ABC).
The purpose of acquiring this information, according to Mark Rossini, a former senior FBI official detailed to the CIA, would be to collect numbers in a massive database to merge and compare with others that the NSA picks up. The NSA would then use that information to look for patterns of activity related to subjects of U.S. investigations. “This pertains to terrorism, spying, industrial espionage, cyber, etc.” said Rossini. “This is all done to keep America safe and economically secure and ahead,” he added. The response from Verizon, was boiler-plate but at no point denied the veracity of The Guardian’s claim, “Verizon continually takes steps to safeguard its customers’ privacy. Nevertheless, the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply” (ABC).
The Guardian also released another article claiming that the NSA has “direct access to the systems of Google, Facebook, Apple, and other US Internet giants.”The access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers, and live chats, the document says.” The article continues, “The law allows for the targeting of any customers of participating firms who live outside the U.S., or those Americans whose communications include people outside the U.S. It also opens the possibility of communications made entirely with the U.S. being collected without warrants.” Believe this or not, this is more alarming than Verizon scandal, as unlike the Verizon scandal where only metadata is being stored, “this surveillance can include the content of communications” (The Guardian).
What companies are involved in PRISM? Micosoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. “The extent and nature of the data collected from each company varies,” says The Guardian. The article goes on to say, “Companies are legally obliged to comply with requests for users’ communications under US law, but the PRISM program allows the intelligence service direct access to the companies’ servers.” The PRISM program, renders any form of consent unnecessary, and “it allows the agency (NSA) to directly and unilaterally seize the commination off the companies’ servers”(The Guardian).
The document obtained by The Guardian indicates it was created in order to overcome “shortcomings of FISA warrants in tracking suspected foreign terrorists.” The implication is that “because FISA required individual warrants and confirmations that both the sender and receiver of a communication were outside the US” that it delayed or limited their ability to enforce the law. The article then further explains the extent to which these various governmental agencies, FBI, CIA, and NSA, are involved or implicated in the PRISM program (The Guardian).
Finally, in an article written last Friday by the American Spectator, we learned about a spy satellite run by the NSA, United Kingdom, Australia, New Zealand, and Canada. This satellite, “scans millions of phone calls, e-mail message, and faxes each hour, searching for keywords.” The most interesting part of the article was its specific implication in FCPA enforcement. “A February report by the European Union alleged that Echelon has been used for economic espionage. Former CIA Director James Woolsey told a German newspaper in early March that Echelon collects “economic intelligence.” One example Woolsey gave was espionage aimed at discovering when foreign companies are paying bribes to obtain contracts that might otherwise go to American Companies. Woolsey elaborated on his views in a condescending March 17 Wall Street Journal oped, justifying Echelon spying on foreign companies because some foreigners do not obey the US Foreign Corrupt Practices Act.”
How could this affect Compliance Professionals?
So why am I writing about this on a blog that focuses on anti-corruption and compliance? Because, while it currently doesn’t play a factor, it could potentially play a factor in the way that Anti-Corruption and FCPA related laws are enforced and prosecuted. Currently, the bulk of cases prosecuted by the DOJ or SEC come as a result of whistleblowing. However, in the future, with the capability of the government to sort through phone records, the contents of emails, Facebook, Skype, Google, etc., without a warrant, could they come from another sources? Could companies be targeted? Will enforcement change?
Currently it takes months or years to develop a solid FCPA case and most of those end up with fines and some type of penalty. Could that change to a new way of enforcement where the government targets a company, identifies corruption, gathers evidence, and instead of going through the motions, simply calls them to schedule a meeting, slapping a fine and a series of actionable tasks for the company in question? It’s not happening now, but that is a question. And, fine, let’s take a step back; let’s assume that will never happen. Under the FCPA we focus on anti-bribery, however, with our current emphasis on national security, I think there is a serious question to ask for any company that operates in high CPI areas where terrorist cells or money laundering outfits to terrorist cells operate. How well do you know your agents? How well do you know their relationships? How well do you know the companies they are affiliated with? Are there red-flags that low-level DPL type screenings might not uncover? I am not trying to scare anyone but at the same time, there is a tremendous amount of information available to governmental agencies. It’s imperative the companies and individuals protect themselves with as much information as they can.
John Batchelor is an Investigative and Anti-Corruption Consultant at Kreller Business Information Group, Inc. His current clients include Oil/Gas, Defense, Energy, Software, Pharmaceutical, Medical Device, and Outside Counsel. If you have any thoughts or questions please feel free to email him at firstname.lastname@example.org