Another Terrorist Watchlist Leaks, This One Compiled By Thomson Reuters
from the and-by-their-lists-you-shall-know-them dept
Another terrorism-related database has leaked -- this one produced by an entity best known for its news agency. Security researcher Chris Vickery first unveiled it on Reddit.
A few years ago, Thomson Reuters purchased a company for $530 million. Part of this deal included a global database of "heightened-risk individuals" called World-Check that Thomson Reuters maintains to this day. According to Vice.com, World-Check is used by over 300 government and intelligence agencies, 49 of the 50 biggest banks, and 9 of the top 10 global law firms. The current-day version of the database contains, among other categories, a blacklist of 93,000 individuals suspected of having ties to terrorism.
I have obtained a copy of the World-Check database from mid-2014.
No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time.
Thomson Reuters' "global screening solution" pulls from hundreds of other databases, including sanctions lists, law enforcement lists, and compiled data from regulatory agencies. The collection doesn't cause too many problems in the United States, but as Joseph Cox of Motherboard points out, it's a bit more a problem when deployed in Europe.
Although World-Check is based on public information, European privacy laws impose strong restrictions on the collection, storage, and publication of information about individuals. For that reason, the database can only be used for screening purposes by customers vetted by Thomson Reuters.
The end result of all this data is a blacklist of 93,000 individuals with suspected ties to terrorism. Like other terrorism-related databases, the Thomson Reuters list also draws some interesting conclusions about certain organizations.
However, World-Check can sometimes flag those not involved in crime. As VICE News previously found, the database has listed major charities, activists, and mainstream religious institutions under the label of “terrorism.” Those include the Council on American-Islamic Relations’ (CAIR) executive director Nihad Awad; Liberal Democrat politician Maajid Nawaz, who founded the counter-extremism organisation Quilliam, and former World Bank and Bank of England advisor Mohamed Iqbal Asaria. None of these people have ever faced terrorism charges, VICE News adds.
Thomson Reuters has now closed the leak -- which, according to a statement released to Motherboard, appears to have originated outside of the company, possibly by one its contractors.
After the publication of this article, a spokesperson from Thomson Reuters wrote in an email that the company had contacted the third party responsible for the leak and that they had taken down the information. "We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident," the spokesperson added.
It also spoke to Vickery, raising the somewhat dubious defense that everyone else is doing it, why not us?
One important point that they would like to highlight (and something I'll agree with): Thomson Reuters is not the only company gathering this kind of data and putting together this type of database. They may be a leader in the industry, but it's not fair to vilify them as if they were the only company in the market.
That statement of collective guilt doesn't do much to answer Vickery's question raised during deliberations about leaking the list publicly:
At the very least, this should jump-start a little online conversation regarding the appropriateness of having private entities maintain lists utilized by government agencies and banks.
As we've seen from other terrorism blacklists, the US government is no better at drawing conclusions or checking its lists for false positives on a regular basis. The fact that Thomson Reuters database pulls from hundreds of sources is probably better than the FBI/DHS method of shrugging people onto terrorist watchlists based on hunches, surnames, or camera ownership. It's still disturbing that a private entity can control access to various services around the world by selling a watchlist to corporate customers, but there's no reason to believe this private blacklist is any worse than those compiled by various governments.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: leaks, terrorist watch lists, terrorists, watchlists
Companies: thomson reuters
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Next up
Anyone involved with CAIR is not the poster child you want when trying to create support against lists like this.
[ link to this | view in thread ]
Questions
Does it work like McCarthy-ism? If you are linked to someone on these databases, you end up on them yourself? Repeat until everyone is on the list.
If Thomson Reuters is not the only ones doing it, does that make it okay? (ISIS is not the only group that tortures people -- the US do it too, so it's all okay!)
[ link to this | view in thread ]
[ link to this | view in thread ]
Closing the Leak
Once someone has a copy, "closing the leak" is like closing the barn door after the ostrich has run out.
Talking to contractors and third parties does not actually help much if at all.
However I can understand how that would allow Thomson Reuters to feel like they have corrected a problem and that everything is okay now.
Suggestion: next step, try asking the internet to take down all copies of that information. Please.
[ link to this | view in thread ]
Re:
Is there anyone, even one single person, on this list who would actually commit a terrorist act?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
"Thomson Reuters Corporation (/ˈrɔɪtərz/) is a major multinational mass media and information firm founded in Toronto, Ontario, Canada. Its operations are headquartered at 3 Times Square in Manhattan, New York City while its legal domicile offices are located at 333 Bay Street in Downtown Toronto."
Above
blacklist of 93,000 individuals
This sounds very much like a class action law suit by 93,000 individuals who are being libellous linked to criminal activity by a private company.
[ link to this | view in thread ]
Fair enough. Let's vilify everyone that's doing this.
[ link to this | view in thread ]
Re: Closing the Leak
[ link to this | view in thread ]
Black Lists and Watch Lists are Worthless
All black/watch lists are equally vile.
Their worth is apparently is counted in dollars/cents not in terrorists apprehended.
[ link to this | view in thread ]
Part of the reason that terrorism continues to be a problem...
[ link to this | view in thread ]
Re:
Its new and improved for 2016 brining its false positive rate from 30% to only a minuscule 15%!
[ link to this | view in thread ]
Re: Questions
[ link to this | view in thread ]
Re: Part of the reason that terrorism continues to be a problem...
[ link to this | view in thread ]
Re: Re:
They did not say they reduced false positives to 15%.
They said IN SOME CASES they reduced them to 15%.
That means they know the false positive error is greater than 15%.
Imagine having a database where one out of every seven entries is known to be wrong.
Now go sell that for a million dollars.
E
[ link to this | view in thread ]
No guns for you!
[ link to this | view in thread ]
[ link to this | view in thread ]
"Right, that person telling the truth is a nousance, yet our list doesnt cover it, he's a butcher, so we'll "advertise" that the guys a killer, and leave out the butcher part..........see, not lieing......simply ommiting and blemishing the truth"
Mass media have a duty to tell the truth considering the considerable sway they have over the things thousands of people think about while viewing them, and folks need to recognise the voluntary form of hypnosis........im not saying get rid of it......there just has to be the awareness of it
Im rambling on.........ill leave this here
[ link to this | view in thread ]
It is kind of hard to say your not a state actor
[ link to this | view in thread ]
It's like jails in the US. At some point, there will be so many jailed that we just need to take everybody to a piece of land and call it United States. Oh wait.
[ link to this | view in thread ]
Essential...
I've got a little list, I've got a little list.
Of society offenders who might well be underground,
And who never would be missed, who never would be missed.
[ link to this | view in thread ]