How A Treasury Terror List Is Preventing Americans With 'Scary' Names From Using Online Services

from the scary-names dept

We’ve talked a few times before about the US Treasury Department’s Office of Foreign Assets Control, a government office theoretically designed to keep money from flowing to and from scary people in scary countries or whatever. Its work typically amounts to keeping businesses from doing business-y things with people in places like North Korea and such. On the other hand, sometimes the folks at the OFAC get their knickers in a twist over a graphic novel about some of these scary people, so it’s not like these folks have a spotless record when it comes to keeping the proper targets in its collective sights.

But a couple of stories have been trickling in having to do with non-scary people who share names too-closely associated with actual scary people suddenly being denied online services due to the OFAC scare-list. The first of these concerned a man named Muhammad Zakir Khan being refused a registration for a multiplayer video game.

Gamasutra, which broke the story, reports that when Khan submitted his request, he received an unusual denial, one explaining that his name had come up as “a match against the Specially Designated Nationals list maintained by the United States of America’s Office of Foreign Assets Control.” Epic was, in other words, refusing Khan the opportunity to try out its new game simply because his name resembles that of someone who might be financially involved with terrorism.

Khan tweeted a a screengrab of the rejection form and hashtaged it “#Islamophobia.” Surprisingly, Epic Games founder Tim Sweeney replied to another tweet about the issue, claiming that it had been caused by an “[o]verly broad filter related to US trade restrictions.”

Which, you know, good for Epic Games. And I wouldn’t really refer to this as “islamophobia” so much as I’d refer to it as broad laziness by both a government agency and a corporation. Let’s think this through for one moment. If our Treasury Department is going to cast a worried eye towards Islamic terrorism such that it compiles a list of names that businesses are refused from interacting with, and if those names come from a region of the world where there is a certain repetition of these sorts of names (Muhammad Khan sounds like it could be akin to John Smith), then how useful is this directory of scary people to begin with? The point of the list is to identify bad actors, but if innocent folks are getting caught up in it, then it isn’t serving its chief function particularly well, now is it? But no matter, says the government agency. Just add the name to the list and damn the fallout to hell.

The broader question, of course, is why an online game should be checking registrations against the CFAC list to begin with. In this particular case, it appears the check was ported over from the game engine itself.

Unreal Engine 4 has a wide range of uses, both domestic and foreign, that apparently bring it under the umbrella of trade guidelines. Under ordinary circumstances, those restrictions should only apply to people who are using the engine to create new games. (For instance, the U.S. government presumably doesn’t want ISIS to use the engine to create a recruiting game.) But when Epic used the engine to make Paragon, it accidentally left those restrictions in place. Thus, the filter shouldn’t have been there in the first place, and no one should have been banned from Paragon, regardless of whether they show up on a watch list.

As I said: government laziness and corporate laziness combine to keep an innocent person from playing a video game. Success!

Such innocent circumstances don’t appear to be replicated in the story of Noor Ahmed’s attempt to sign up for a payment app called Venmo, which is normally a cinch to register for, but for which Ahmed still isn’t able to use.

When she tried to sign up last year, Venmo refused to add her. The company sent her an email instead, asking Ahmed to provide a stack of additional information to verify her identity. What followed was the opposite of simplicity: Ahmed had to obtain paper copies of her utility bills as well bank statements, and then find a fax machine (a practically unheard of technology for many younger people) to send them to Venmo. After complying with this rigamarole, Ahmed still was unable to sign on to Venmo.

It turns out that she, like thousands of other Americans, shares a name with someone on a list created by a Treasury group called the Office of Foreign Assets Control. This list is called “Specially Designated Nationals and Blocked Persons,” and includes (on page 33) a 41-year-old Afghan man also named Noor Ahmed. The New York-based Ahmed, said she is familiar with such mix-ups.

“I was born and raised in California, but I’m taken into secondary customs at the airport no matter what because of my name,” said Ahmed. “I think it’s now extending to other parts of my life.”

Whatever your thoughts on terrorism and international politics, it’s quite clear that this isn’t helpful. It isn’t stopping a terrorist from using the app; it’s stopping a US citizen from using it. It isn’t helpfully identifying a person for a US business to steer clear of; it’s mis-identifying a US citizen. Hell, the list can’t even keep men and women straight. For the CFAC list to useful, never mind non-discriminatory, it should at least be able to keep a valid US citizen from being caught up in the web.

If it can’t manage that simple task, it’s probably worth revisiting whether this list should be employed at all.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How A Treasury Terror List Is Preventing Americans With 'Scary' Names From Using Online Services”

Subscribe: RSS Leave a comment
Anonymous Gamer says:

Gamasutra is poison

Gamers who hold free speech paramount can’t stand Gamasutra. You will get a lot more clicks and reposts of any gaming-related article that does not link to Gamasutra or mention their name. This may not be a wholly rational response; after all, the above is absolutely an important story. I’m just not spreading this because as a self-identified gamer, I simply cannot stomach helping Gamasutra in any way. And if you don’t know why, then you are just clued out. Sorry!

That One Guy (profile) says:

The fatal flaw...

Of course the real weakness of such systems is that they make one huge, erroneous assumption:

Bad guys can’t change their names or use different ones.

If a given person’s name is on the list, and they really do have nefarious intent, it’s not difficult at all for them to simply use a forged ID and completely bypass the checks, leaving yet another system that impacts primarily the innocent, while not even terribly inconveniencing the ones it’s meant to catch.

Rich Kulawiec (profile) says:

Re: The fatal flaw...

That’s one of the flaws. Another is that people can change their names to ones on the list, either on an ad hoc basis or via the usual legal mechanisms.

These lists are inherently racist and xenophobic: there is no way, for example, that “John Smith” will ever, EVER end up the list even if a John Smith blows up the White House. They’re reserved for scary brown people with scary names from scary countries, and their purpose isn’t to stop terrorism: it’s to provide the comfortable illusion that something is being done.

Richard (profile) says:

Re: Re: Re:2 The fatal flaw...

And that is why Zakir Khan was correct in labeling it islamaphobia.

Actually it isn’t – for two reasons

1) Islamaphobia isn’t actually a thing. ( A phobia is an irrational fear – Islamaphobia is not necessarily a fear and it is definitely not irrational.)

2) Just because you have a name with historical Islamic associations doen’t mean that you are a Muslim. Christian Bale isn’t necessarily a Christian. Sam Harris has a name with Judeo Christian associations – he is an atheist.

Thise who label something like this as Islamaphobia are themselves trying to hijack the situation to advance a political cause. – You know what Christopher Hitchens (Not a Christian – despite his name) said about it.

Anonymous Coward says:

Re: Re: Re:3 The fatal flaw...

Islamaphobia isn’t actually a thing. ( A phobia is an irrational fear

Let me clue you into something that you should have learned in high-school. Words often have more than the literal meaning of their components. When you try to dictionary-pedant away the entire concept that word represents to the people using the word you are just admitting you are wrong.

> Just because you have a name with historical Islamic associations doen’t mean that you are a Muslim.

Lol, more pedantry for the fail. Just because there are corner cases don’t change the common case.

Richard (profile) says:

Re: Re: Re:4 The fatal flaw...

Let me clue you into something that you should have learned in high-school. Words often have more than the literal meaning of their components.

This is true with “natural” words – however when you are dealing with words that have been devised to serve a political purpose then it makes sense to deconstruct them in order counter the purposes of their inventors.

Rich Kulawiec (profile) says:

Re: Re: Re:2 The fatal flaw...

Exactly so. Keep in mind that this is the same infrastructure that’s shown that it can’t distinguish Arabs from Turks, Muslims from Sikhs, Indians from Pakistanis…but can very clearly distinguish Caucasians from African-Americans, Jews from Lutherans, Italians from French.

This lack of awareness, of ethnic and religious and national distinctions, serves the actual cause of fighting terrorism poorly: how can you possibly claim to have definitive information on anyone if you can’t get a few basic facts right? And it also abuses, insults, and discriminates against many people who are completely innocent and just trying to get through their day.

This is not how competent agencies work. This is not how the United States is supposed to work. They and we should be better than this.

Winston Smith says:

Re: Re: The fatal flaw...

Well said. It is theatre of the absurd. Like Enron paying actors to act like busy employees whenever media reps were touring.

Insane policies by insane people.


Here in Salt Lake City, meter maids (mostly beefy males with pony tails, loud mouths to yell at people walking outside the lines, ride around in gangs on bikes ( it takes three of them to photograph and ticket a car) – all wearing jackets emblazoned with the words, “Compliance Enforcement.”

nasch (profile) says:

Re: The fatal flaw...

Of course the real weakness of such systems is that they make one huge, erroneous assumption:

Bad guys can’t change their names or use different ones.

IMO that isn’t the fundamental weakness, but it points to it: it’s not a list of people, it’s a list of names. That means that even if the dangerous people are correctly identified, false positives are guaranteed, in addition to the problem of changing names or aliases leading to false negatives.

Anonymous Coward says:

Re: The fatal flaw...

Bureaucratic CYA.

When something, somewhere, blows up and some foreign-name is attached, and the next Woodward and Bernstein wannabe digs up that name in one obscure email: heads roll as Congress tut-tuts about ‘Intelligence Failures.’

Solution: Put every name that may conceivably show up in anything that begins with “T” on a watch list. Exclude names of celebrities, elected and appointed officials, and anyone else that actually matters so they don’t run to the press and embarrass you.

Narcissus says:

Terrorist manual in the making

I remember that a while ago some scaremonger said that terrorists are now using game chats for communications. In that light the check might make some sense. Not that I believe terrorists do that but what do I know.

However, even if you believe that, it should be easy to solve. A little additional info like a copy of an ID or an SSN should be sufficient to confirm your non-terrorist status. Of course an e-mailed scan would be much better than a fax.

The whole process is obviously stupid though. It’s now clear what terrorists need to do: They should all use common American names, like the aforementioned John Smith. If they play their (credit)cards right they can block the funds of a large chunk of US citizens.

Anonymous Coward says:

typical attitude of USA security forces. they can be as awkward as hell, so they will be as awkward as hell! not a single person in the agencies thinks there is anything wrong with what is happening to those on the lists, nor do they care!
i thought all this complete scare-mongering went out with the ‘reds under the bed’ at the end of the 50s-60s. seems i was wrong!

Anonymous Coward says:

Self fulfilling prophecy.

I have put your name on the list. You are now branded a _____. Though you have done nothing wrong other than having this name, we will now use the full power of the government to harass you every chance we get. We will continue to harass you until you break down and lash out in a ______-ic fashion. Then we will have been correct all along that you were a _______.

Fill in the blanks.

Anonymous Coward says:

Re: Re:

Easily. Really easily. “Eh, not my problem” is easy to fall into, especially if you’re busy.

This goes double for “undifferentiated routine stuff” type things like account management. Very few applications do anything really unusual for account management (which is why things like facebook login are practical), so why spend time looking at it closely?

Anonymous Coward says:

> After complying with this rigamarole, Ahmed still was unable to sign on to Venmo.

Evidence that (a) following this list is a new and burdensome procedure for Venmo, and (b) that Venmo has not got identification procedures working yet.

If their identification procedures were working, she’d have been able to sign on. Perhaps they were unable to correctly use what she sent them. Perhaps they asked for the wrong things. I can’t guess usefully.

But since Venmo did not correct their procedure – and work with Ms Ahmed – bringing the incident into the news spotlight is the correct answer.

Positive reinforcement, in Epic’s case. Negative in Venmo’s.

Groaker (profile) says:


Almost all parts of government, and all governments practice censorship. I first became aware that the US did so when an entire issue of Sandoz’s journal “Triangle” was censored in the late ’70s or early 80’s.

This occurred because the issue contained research on a particular use of a pharmaceutical that had not been approved by the FDA.

Yes, Sandoz is big pharma. But how can the US justify censoring apolitical data? Yet it has been going on for decades and centuries. Keep ’em ignorant and happy.

Y Pennog Coch (profile) says:

re: Gamasutra is poison

Ye Clipping Fogs, this is a most unusual car-crash of a thread. Doesn’t fit any category of trolling I’ve ever seen before. You throw a cat on the table, and then you pick it up and throw it down again, and then you repeat until the poor thing is dead and everybody at the table gives in and talks about your wretched dead cat. I’m going to christen this the “Chopped Dead Cat and Ham” Strategy.

Meanwhile, hundreds (thousands?) of innocent Americans _still_ can’t access financial services and _still_ get extra attention at the airport. But oh no let’s not talk about that.

Anonymous Gamasutra-hater, if this is your ethics then I’m glad you’re not in journalism.

Spaceman Spiff (profile) says:

What's in a name?

I was once “detained” by ICE when returning from a vacation in Mexico. They didn’t say why, but it was obvious that my name was similar or the same as some Irish “terrorist” (there are a lot of Boyles in Ireland with the first name of “Bill” or “William”). After a few minutes and perusal of my passport, they apologized and let me go.

That Anonymous Coward (profile) says:

On paper this was a simple system.
The magic technology would automagically check the people signing up against the list and it would know who was bad and who was good.
The problem is this tech only exists as a plot device in movies. They expect the problem will be solved by someone else and no one would object to keeping “bad people” from being able to do more bad things.

They add all sorts of names to these lists, because in their world they’ve never met different people with the same name (other than those Smith guys they see at the hotels). Ignoring people who mentioned this might be a stupid system, they built it… then it HAS to keep running because “bad things”. Isn’t being delayed/denied things a small price to pay to be safe? People line up in cattle lines and hand over their children to be felt up by peopled hired from the tops of pizza boxes because a name matched.

This is more crap law passed as kneejerk reactions, which causes way more problems than it will ever solve. One might like to note that this list kept 2 people from using services without hassle, yet bankers laundered huge piles of cash and didn’t even miss lunch.

Anonymous Coward says:

If it can't manage that simple task

Well first, it isn’t a simple task. Further this is probably a relatively small blip in terms of the scale of this problem. It is probable that somebody innocent has taken a hellfire missile in the ass courtesy of a badly written regexp by now.

Though we ARE getting better at it. During WWII, there were whole towns that were leveled by accident. (oops)

No worries though. My expectation is that terrorist keyword sampling will eventually be integrated directly into Amazon Echo (or an equivalent device) user profiles… Say the rights words, and zap. Your dead.

It’ll certainly create a whole new hobby for people who are into swatting, or hacking wrt54’s. the fun thing is how many people in privileged positions don’t realize those microphones are ALWAYS on. Judges, lawyers, shrinks etc, are keeping these in their offices. They auto update. Duh…

Who’d have thought during the cold war that all you had to do to create a global sensor net, was to make a little box that told people how awesome they were all day.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...