Related story: Legislators jump in to protect privacy

But it's not that the G-men think we're lonely -- it's that they want our bankers to spy on every financial move we make.

It's understandable that the feds want First Fed to rat out crooked customers, but the bigger surprise is that your bank already can be watching every check and charge with your name on it in an attempt to protect itself in case your marriage goes on the rocks or a loved one dies.

The proposed federal "Know Your Customer" rules would require banks to determine where you get your money and what your "normal and expected" bank transactions are.

Deciding what's normal
There are no guidelines for what types of banking business are suspicious -- that's up to each individual bank. If you deviate from what the bank has decided is normal for you, the bank is required to track your transactions and report them to a central database administered by the IRS and the Financial Crimes Enforcement Network of the U.S. Treasury Department.

The measure is backed by the FDIC, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Office of Thrift Supervision.

The purpose of Know Your Customer is to get banks and other financial institutions to help the feds track down drug-money launderers and tax cheats. Current laws, passed when the Internet was an obscure novelty, simply require banks to report cash transactions of more than $10,000 to the IRS. Over the years, crooks have simply made more small transactions to stay below the $10,000 radar -- a task made even easier by advances in online finance and banking.

The feds don't think putting Know Your Customer into law will be a problem because, the FDIC points out, banks already use tracking software to protect themselves against hackers, fraud -- and any of their own customers who might hit financial rough spots.

According to a study by Fair Isaac, a San Rafael, Calif.-based developer of bankruptcy scoring methods, the biggest banks already are buying monitoring software, such as WebTrends for Firewalls, Virtual Private Networks, TEMPEST and Spyglass. The software firms won't disclose who their clients are, but the WebTrends sales brochure mentions that the State Department Federal Credit Union began using the software to see who visits electronically and for what reason.

Just because a bank owns tracking software doesn't mean it's using it to spy on customers. Sales brochures pitch the software to banks as a way to track hackers trying to inject viruses into computer systems, while the IRS extols the programs in a September press release as the "cyberspace version of a phone wiretap."

They know where you've gone
The programs start watching a suspicious customer the moment he logs his password into his account or just e-mails the bank's online customer service representatives.

After he completes his transaction, monitoring software can follow him out of the online bank, just like an unmarked police car shadowing a suspect. If he's dealing drugs or laundering money, the bank's snooping software may document the dirty deeds. But even if he's not, the customer can click his way merrily through online investment portfolios, search engines or angry e-mail to his ex-wife, never knowing that his trail is being documented.

Last fall, the Washington, D.C.-based newsletter Privacy Times described monitoring software that banks use to identify customers who are at "high risk for bankruptcy." But the software snoops into a lot more than customer debt.

Nestor Inc.'s Bankruptcy Alert System red-flags customers who've used their credit cards to charge visits to marriage counselors, funeral expenses or visits to gambling casinos. Nestor's brochure explains that marriages break up over money and the stress of a family death skews judgement, which should make a customer worrisome to his bank.

Some monitoring software, such as TEMPEST (it periodically takes a kind of online secret snapshot of a user's screen) was developed by private firms for the Pentagon, then marketed to corporate America.

"Often, this technology is used primarily because it's been created and it's easy and the purpose for collecting the data becomes unclear," says attorney Michael Overly, author of E-Policy, a book examining electronic privacy cases.

Yes, it's legal
Isn't this kind of unauthorized electronic spying illegal? The Electronic Communications Privacy Act prohibits "intentional interception, use and disclosure of electronic communications" but makes exceptions for law enforcement agencies, including the IRS. Since systems such as Bankruptcy Alert collect and analyze electronic transactions rather than monitor ongoing Net activity, several state courts have ruled that such methods are not covered by the act.

And once your bank tells the IRS you're suspicious, the IRS may include your boss in the snooping loop, too, according to the American Civil Liberties Union.

It's perfectly legal for your boss to inspect your online activity at work, to see whether you're using the Net for business or just idle visits to chat rooms. The business technology publication CIO Magazine reports that 60 percent of firms with more than 150 employees already legally monitor workers' Internet activity with snooping software. If your boss wants to cooperate, that info can all go right to the feds.

"Electronic monitoring in the workplace is the most common complaint the ACLU receives," says Jenny Gruber, an ACLU legal director researching privacy issues.

Bankers balk at costs
While some banks already are e-spying on their own customers, other bankers are worried about the cost of the proposed Know Your Customer rules.

"The invasion of customer privacy concerns us because there isn't a way for many of our banks to do the tracking that's described without buying monitoring software," says Robert Rowe, legal counsel for the Independent Bankers Association of America. "The Federal Reserve didn't have an alternative solution when we asked. One of our banks has a customer base of 6,000 and can only afford software and not the cost of staff to do this sort of monitoring."

But it's privacy, not a banker's bottom line, that has consumers concerned -- and most of them don't want their banks getting to know them quite so intimately.

The FDIC Web site asked for public comments about the new rules in December. By Christmas, it had received more than 3,000 raging, ranting e-mail complaints from bank customers, says spokesman Paul Battey. As of Jan. 14, the FDIC had received 10,228 letters against the proposal and 12 supporting it.

Related information: More consumer banking news Banking information Definitions: Banking terms

-- Posted: Feb. 5, 1999

Related story: Legislators jump in to protect privacy

But it's not that the G-men think we're lonely -- it's that they want our bankers to spy on every financial move we make.

It's understandable that the feds want First Fed to rat out crooked customers, but the bigger surprise is that your bank already can be watching every check and charge with your name on it in an attempt to protect itself in case your marriage goes on the rocks or a loved one dies.

The proposed federal "Know Your Customer" rules would require banks to determine where you get your money and what your "normal and expected" bank transactions are.

Deciding what's normal
There are no guidelines for what types of banking business are suspicious -- that's up to each individual bank. If you deviate from what the bank has decided is normal for you, the bank is required to track your transactions and report them to a central database administered by the IRS and the Financial Crimes Enforcement Network of the U.S. Treasury Department.

The measure is backed by the FDIC, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Office of Thrift Supervision.

The purpose of Know Your Customer is to get banks and other financial institutions to help the feds track down drug-money launderers and tax cheats. Current laws, passed when the Internet was an obscure novelty, simply require banks to report cash transactions of more than $10,000 to the IRS. Over the years, crooks have simply made more small transactions to stay below the $10,000 radar -- a task made even easier by advances in online finance and banking.

The feds don't think putting Know Your Customer into law will be a problem because, the FDIC points out, banks already use tracking software to protect themselves against hackers, fraud -- and any of their own customers who might hit financial rough spots.

According to a study by Fair Isaac, a San Rafael, Calif.-based developer of bankruptcy scoring methods, the biggest banks already are buying monitoring software, such as WebTrends for Firewalls, Virtual Private Networks, TEMPEST and Spyglass. The software firms won't disclose who their clients are, but the WebTrends sales brochure mentions that the State Department Federal Credit Union began using the software to see who visits electronically and for what reason.

Just because a bank owns tracking software doesn't mean it's using it to spy on customers. Sales brochures pitch the software to banks as a way to track hackers trying to inject viruses into computer systems, while the IRS extols the programs in a September press release as the "cyberspace version of a phone wiretap."

They know where you've gone
The programs start watching a suspicious customer the moment he logs his password into his account or just e-mails the bank's online customer service representatives.

After he completes his transaction, monitoring software can follow him out of the online bank, just like an unmarked police car shadowing a suspect. If he's dealing drugs or laundering money, the bank's snooping software may document the dirty deeds. But even if he's not, the customer can click his way merrily through online investment portfolios, search engines or angry e-mail to his ex-wife, never knowing that his trail is being documented.

Last fall, the Washington, D.C.-based newsletter Privacy Times described monitoring software that banks use to identify customers who are at "high risk for bankruptcy." But the software snoops into a lot more than customer debt.

Nestor Inc.'s Bankruptcy Alert System red-flags customers who've used their credit cards to charge visits to marriage counselors, funeral expenses or visits to gambling casinos. Nestor's brochure explains that marriages break up over money and the stress of a family death skews judgement, which should make a customer worrisome to his bank.

Some monitoring software, such as TEMPEST (it periodically takes a kind of online secret snapshot of a user's screen) was developed by private firms for the Pentagon, then marketed to corporate America.

"Often, this technology is used primarily because it's been created and it's easy and the purpose for collecting the data becomes unclear," says attorney Michael Overly, author of E-Policy, a book examining electronic privacy cases.

Yes, it's legal
Isn't this kind of unauthorized electronic spying illegal? The Electronic Communications Privacy Act prohibits "intentional interception, use and disclosure of electronic communications" but makes exceptions for law enforcement agencies, including the IRS. Since systems such as Bankruptcy Alert collect and analyze electronic transactions rather than monitor ongoing Net activity, several state courts have ruled that such methods are not covered by the act.

And once your bank tells the IRS you're suspicious, the IRS may include your boss in the snooping loop, too, according to the American Civil Liberties Union.

It's perfectly legal for your boss to inspect your online activity at work, to see whether you're using the Net for business or just idle visits to chat rooms. The business technology publication CIO Magazine reports that 60 percent of firms with more than 150 employees already legally monitor workers' Internet activity with snooping software. If your boss wants to cooperate, that info can all go right to the feds.

"Electronic monitoring in the workplace is the most common complaint the ACLU receives," says Jenny Gruber, an ACLU legal director researching privacy issues.

Bankers balk at costs
While some banks already are e-spying on their own customers, other bankers are worried about the cost of the proposed Know Your Customer rules.

"The invasion of customer privacy concerns us because there isn't a way for many of our banks to do the tracking that's described without buying monitoring software," says Robert Rowe, legal counsel for the Independent Bankers Association of America. "The Federal Reserve didn't have an alternative solution when we asked. One of our banks has a customer base of 6,000 and can only afford software and not the cost of staff to do this sort of monitoring."

But it's privacy, not a banker's bottom line, that has consumers concerned -- and most of them don't want their banks getting to know them quite so intimately.

The FDIC Web site asked for public comments about the new rules in December. By Christmas, it had received more than 3,000 raging, ranting e-mail complaints from bank customers, says spokesman Paul Battey. As of Jan. 14, the FDIC had received 10,228 letters against the proposal and 12 supporting it.

Related information: More consumer banking news Banking information Definitions: Banking terms

-- Posted: Feb. 5, 1999