UPDATE: The three best words in blogging: Welcome Instapundit readers!

UPDATE 2: I was listening to Hewitt on this story and missed that the NYT story was picked up by the Wall Street Journal and the Washington Post. The former was pointed out by a reader. While both those papers hold some blame for any fallout from the exposure of the program, it was not their original story, and I don't see how they could have published it without the NYT's publication.

I can't contribute too much to the outrage ongoing over the NYT/LAT exposure of the classified program US counterterrorism units use for surveillance of suspected terrorists' financial transactions. What I can talk a little about is the nature of SWIFT transactions generally. My knowledge comes both as a consumer when I worked overseas and as a researcher into the flow of workers' remittances around the world.

SWIFT is, in essence, a messaging service, processing about 11 million such messages each day. The messages may be for payments of cash, transfer of securities, trade credit or other messages. About three-fourths of the messages are for the first two types. The messages contain a numeric code of what type of transactions is contemplated; so, for example, transactions involving traveler's checks have their own code and are most likely to pass through surveillance uninspected. Then there are specific phrases that mean a specific type of transaction. By restricting one's purview to certain phrases under certain codes, the search grid probably can be controlled down to a fairly narrow range. As the link above points out, the record examined here looks very similar to the phone records said to have been examined:

A SWIFT consists of a one-page document containing the name and code of the originating bank, the date and time, the address and code of the receiving bank, the name and internal code of the officer initiating the transmission, the names and numbers of the accounts involved in the transfer, a description of the asset being transferred, the MT category of the transmission, and acceptable, standardized phrases as described above.

SWIFT transactions are typically large size because the cost of using the system is substantial. When I lived in Ukraine I only used SWIFT for receiving sums of about $10000, typically quarterly, for payment of expenses. The information on the slip that I would receive had codes for the banks, the accounts being transferred from and to (in both those cases, mine -- I could not get dollars without a Ukrainian bank account) and the amount to be transferred.

About 90% of the messages between banks are sent via SWIFT. If al Qaeda wanted to be sure to keep its activity private, it would want to use telex or phone messages -- older technologies pre-dating SWIFT. It can use a mail payment from bank to bank. Those are still possible and some banks use them, many in the developing world. But it slows down the transfer process; for example, the mail transfer gets caught up in two countries' postal systems.

Another way to conduct transfer that I saw a little of in Armenia is the hawala system. (Obviously they weren't called this and weren't instituted as a result of Islamic banking practices. But the principal form exists in many developing countries.) In short, someone takes money from someone in the sending country and makes a phone call to his friend in the receiving country with instructions on who to pay and how much. The hawalas will settle up later on with a settlement payment between them. I saw these most often as family-based. The sender and receiver of funds (as opposed to the two hawala operators) is very difficult to trace. Hawalas are already under investigation by counterterrorism experts. I notice that Counterterrorism Blog writes as if the SWIFT operation is over. I'm not as sure it would, because hawalas are vulnerable to surveillance -- any Muslim grocery store is going to be checked -- and telexes are really slow and just as possibly tapped by an NSA probe as a telephone call.

SWIFT has issued a statement about the NYT article.

In the aftermath of the September 11th attacks, SWIFT responded to compulsory subpoenas for limited sets of data from the Office of Foreign Assets Control of the United States Department of the Treasury. Our fundamental principle has been to preserve the confidentiality of our users� data while complying with the lawful obligations in countries where we operate. Striking that balance has guided SWIFT through this process with the United States Department of the Treasury.

SWIFT negotiated with the U.S. Treasury over the scope and oversight of the subpoenas. Through this process, SWIFT received significant protections and assurances as to the purpose, confidentiality, oversight and control of the limited sets of data produced under the subpoenas. Independent audit controls provide additional assurance that these protections are fully complied with.

SWIFT is a co-operative of banks and makes profits that transfer back to the members. If many people switched away from SWIFT because of these actions it might cause some to ask the organization to stop sharing information. But I doubt this happens.