Another Terrorist Watchlist Leaks, This One Compiled By Thomson Reuters

from the and-by-their-lists-you-shall-know-them dept

Another terrorism-related database has leaked -- this one produced by an entity best known for its news agency. Security researcher Chris Vickery first unveiled it on Reddit.

A few years ago, Thomson Reuters purchased a company for $530 million. Part of this deal included a global database of "heightened-risk individuals" called World-Check that Thomson Reuters maintains to this day. According to Vice.com, World-Check is used by over 300 government and intelligence agencies, 49 of the 50 biggest banks, and 9 of the top 10 global law firms. The current-day version of the database contains, among other categories, a blacklist of 93,000 individuals suspected of having ties to terrorism.

I have obtained a copy of the World-Check database from mid-2014.

No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time.

Thomson Reuters' "global screening solution" pulls from hundreds of other databases, including sanctions lists, law enforcement lists, and compiled data from regulatory agencies. The collection doesn't cause too many problems in the United States, but as Joseph Cox of Motherboard points out, it's a bit more a problem when deployed in Europe.

Although World-Check is based on public information, European privacy laws impose strong restrictions on the collection, storage, and publication of information about individuals. For that reason, the database can only be used for screening purposes by customers vetted by Thomson Reuters.

The end result of all this data is a blacklist of 93,000 individuals with suspected ties to terrorism. Like other terrorism-related databases, the Thomson Reuters list also draws some interesting conclusions about certain organizations.

However, World-Check can sometimes flag those not involved in crime. As VICE News previously found, the database has listed major charities, activists, and mainstream religious institutions under the label of “terrorism.” Those include the Council on American-Islamic Relations’ (CAIR) executive director Nihad Awad; Liberal Democrat politician Maajid Nawaz, who founded the counter-extremism organisation Quilliam, and former World Bank and Bank of England advisor Mohamed Iqbal Asaria. None of these people have ever faced terrorism charges, VICE News adds.

Thomson Reuters has now closed the leak -- which, according to a statement released to Motherboard, appears to have originated outside of the company, possibly by one its contractors.

After the publication of this article, a spokesperson from Thomson Reuters wrote in an email that the company had contacted the third party responsible for the leak and that they had taken down the information. "We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident," the spokesperson added.

It also spoke to Vickery, raising the somewhat dubious defense that everyone else is doing it, why not us?

One important point that they would like to highlight (and something I'll agree with): Thomson Reuters is not the only company gathering this kind of data and putting together this type of database. They may be a leader in the industry, but it's not fair to vilify them as if they were the only company in the market.

That statement of collective guilt doesn't do much to answer Vickery's question raised during deliberations about leaking the list publicly:

At the very least, this should jump-start a little online conversation regarding the appropriateness of having private entities maintain lists utilized by government agencies and banks.

As we've seen from other terrorism blacklists, the US government is no better at drawing conclusions or checking its lists for false positives on a regular basis. The fact that Thomson Reuters database pulls from hundreds of sources is probably better than the FBI/DHS method of shrugging people onto terrorist watchlists based on hunches, surnames, or camera ownership. It's still disturbing that a private entity can control access to various services around the world by selling a watchlist to corporate customers, but there's no reason to believe this private blacklist is any worse than those compiled by various governments.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: leaks, terrorist watch lists, terrorists, watchlists
Companies: thomson reuters


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Jun 2016 @ 8:41am

    So I guess ISIS terrorism is fine because they're not the only ones doing it.

    link to this | view in chronology ]

  • identicon
    Pixelation, 30 Jun 2016 @ 9:02am

    Next up

    I imagine Facebook will be in this business soon, if it isn't already.

    Anyone involved with CAIR is not the poster child you want when trying to create support against lists like this.

    link to this | view in chronology ]

  • icon
    DannyB (profile), 30 Jun 2016 @ 9:50am

    Questions

    What do you have to do to get off one of these lists?

    Does it work like McCarthy-ism? If you are linked to someone on these databases, you end up on them yourself? Repeat until everyone is on the list.

    If Thomson Reuters is not the only ones doing it, does that make it okay? (ISIS is not the only group that tortures people -- the US do it too, so it's all okay!)

    link to this | view in chronology ]

    • icon
      Padpaw (profile), 30 Jun 2016 @ 12:29pm

      Re: Questions

      you have to die. People are on these lists because if everyone is made a terrorist it is so much easier to deal with the people you do like for petty reasons, if they have no rights as a "suspected terrorist"

      link to this | view in chronology ]

  • icon
    johnjac (profile), 30 Jun 2016 @ 9:51am

    From Thomson Reuters site link in this article

    In many cases, false positives have been reduced from 30% to 15%.


    This does NOT strike confidence

    link to this | view in chronology ]

    • icon
      DannyB (profile), 30 Jun 2016 @ 9:56am

      Re:

      What about false negatives?

      Is there anyone, even one single person, on this list who would actually commit a terrorist act?

      link to this | view in chronology ]

      • icon
        DannyB (profile), 30 Jun 2016 @ 9:57am

        Re: Re:

        Nevermind. Not thinking. If there are no actual terrorists on the list, then it has 100 % false positives.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jun 2016 @ 12:03pm

      Re:

      Thats right boss, I guarantee that you will not lose emails from important clients with our new SPAM blocking technology!

      Its new and improved for 2016 brining its false positive rate from 30% to only a minuscule 15%!

      link to this | view in chronology ]

      • icon
        Ehud Gavron (profile), 30 Jun 2016 @ 12:59pm

        Re: Re:

        No.

        They did not say they reduced false positives to 15%.

        They said IN SOME CASES they reduced them to 15%.

        That means they know the false positive error is greater than 15%.

        Imagine having a database where one out of every seven entries is known to be wrong.

        Now go sell that for a million dollars.

        E

        link to this | view in chronology ]

  • icon
    DannyB (profile), 30 Jun 2016 @ 9:55am

    Closing the Leak

    I can understand why a media organization like Thomson Reuters may not be familiar with how digital information works in the 21st century, so I'll make allowance.

    Once someone has a copy, "closing the leak" is like closing the barn door after the ostrich has run out.

    Talking to contractors and third parties does not actually help much if at all.

    However I can understand how that would allow Thomson Reuters to feel like they have corrected a problem and that everything is okay now.

    Suggestion: next step, try asking the internet to take down all copies of that information. Please.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jun 2016 @ 10:16am

      Re: Closing the Leak

      Ostrich, terrorists, why did I think of Riotous Assembly by Tome Sharpe, it wouldn't have anything to do with competence would it?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 9:58am

    Wikipedia
    "Thomson Reuters Corporation (/ˈrɔɪtərz/) is a major multinational mass media and information firm founded in Toronto, Ontario, Canada. Its operations are headquartered at 3 Times Square in Manhattan, New York City while its legal domicile offices are located at 333 Bay Street in Downtown Toronto."

    Above
    blacklist of 93,000 individuals

    This sounds very much like a class action law suit by 93,000 individuals who are being libellous linked to criminal activity by a private company.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 9:59am

    They may be a leader in the industry, but it's not fair to vilify them as if they were the only company in the market.

    Fair enough. Let's vilify everyone that's doing this.

    link to this | view in chronology ]

  • identicon
    Personanongrata, 30 Jun 2016 @ 10:38am

    Black Lists and Watch Lists are Worthless

    It's still disturbing that a private entity can control access to various services around the world by selling a watchlist to corporate customers, but there's no reason to believe this private blacklist is any worse than those compiled by various governments.

    All black/watch lists are equally vile.

    Their worth is apparently is counted in dollars/cents not in terrorists apprehended.

    link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 30 Jun 2016 @ 11:39am

      Part of the reason that terrorism continues to be a problem...

      ... is that our efforts to counter terrorism value making money than they do reducing terrorism.

      link to this | view in chronology ]

      • icon
        Padpaw (profile), 30 Jun 2016 @ 12:35pm

        Re: Part of the reason that terrorism continues to be a problem...

        More so considering how much our governments spend supporting terrorism just so they can justify fighting it.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 6:18pm

    No guns for you!

    Wonder how many lists will be added to the background check? Can I make a list?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 7:43pm

    So 93,000 people out of 7,000,000,000+ (~0.001%) might be bad people. We often talk about not making the majority suffer for the actions of a minority. So why does the majority of the world's population have to suffer ridiculous laws because a minority might be bad?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jul 2016 @ 4:20am

    And then how long before banks base their lending decisions on one of these lists, employers hiring based on these lists, service companies servicing based on these lists.........simply for the virtue of being on a list that in time, eventually the bleeming daly lama will be on giving how the requirements to be on a list will keep on expanding, and then used as the tool its eventually going to become.

    "Right, that person telling the truth is a nousance, yet our list doesnt cover it, he's a butcher, so we'll "advertise" that the guys a killer, and leave out the butcher part..........see, not lieing......simply ommiting and blemishing the truth"


    Mass media have a duty to tell the truth considering the considerable sway they have over the things thousands of people think about while viewing them, and folks need to recognise the voluntary form of hypnosis........im not saying get rid of it......there just has to be the awareness of it

    Im rambling on.........ill leave this here

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jul 2016 @ 9:14am

    It is kind of hard to say your not a state actor

    when you do stuff like this. Whether that will reflect on the safety of their journalists remains to be seen. But if I was slinging ganda' for these guys, I'd be a little concerned.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 1 Jul 2016 @ 11:07am

    Of course, before adding people to these lists a very careful investigation is conducted to avoid false positives and avoid screwing innocent people, right, right?

    It's like jails in the US. At some point, there will be so many jailed that we just need to take everybody to a piece of land and call it United States. Oh wait.

    link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 1 Jul 2016 @ 11:39am

    Essential...

    As someday it may happen that a victim must be found,
    I've got a little list, I've got a little list.
    Of society offenders who might well be underground,
    And who never would be missed, who never would be missed.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.