Another Terrorist Watchlist Leaks, This One Compiled By Thomson Reuters

from the and-by-their-lists-you-shall-know-them dept

Another terrorism-related database has leaked -- this one produced by an entity best known for its news agency. Security researcher Chris Vickery first unveiled it on Reddit.

A few years ago, Thomson Reuters purchased a company for $530 million. Part of this deal included a global database of "heightened-risk individuals" called World-Check that Thomson Reuters maintains to this day. According to Vice.com, World-Check is used by over 300 government and intelligence agencies, 49 of the 50 biggest banks, and 9 of the top 10 global law firms. The current-day version of the database contains, among other categories, a blacklist of 93,000 individuals suspected of having ties to terrorism.

I have obtained a copy of the World-Check database from mid-2014.

No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time.

Thomson Reuters' "global screening solution" pulls from hundreds of other databases, including sanctions lists, law enforcement lists, and compiled data from regulatory agencies. The collection doesn't cause too many problems in the United States, but as Joseph Cox of Motherboard points out, it's a bit more a problem when deployed in Europe.

Although World-Check is based on public information, European privacy laws impose strong restrictions on the collection, storage, and publication of information about individuals. For that reason, the database can only be used for screening purposes by customers vetted by Thomson Reuters.

The end result of all this data is a blacklist of 93,000 individuals with suspected ties to terrorism. Like other terrorism-related databases, the Thomson Reuters list also draws some interesting conclusions about certain organizations.

However, World-Check can sometimes flag those not involved in crime. As VICE News previously found, the database has listed major charities, activists, and mainstream religious institutions under the label of “terrorism.” Those include the Council on American-Islamic Relations’ (CAIR) executive director Nihad Awad; Liberal Democrat politician Maajid Nawaz, who founded the counter-extremism organisation Quilliam, and former World Bank and Bank of England advisor Mohamed Iqbal Asaria. None of these people have ever faced terrorism charges, VICE News adds.

Thomson Reuters has now closed the leak -- which, according to a statement released to Motherboard, appears to have originated outside of the company, possibly by one its contractors.

After the publication of this article, a spokesperson from Thomson Reuters wrote in an email that the company had contacted the third party responsible for the leak and that they had taken down the information. "We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident," the spokesperson added.

It also spoke to Vickery, raising the somewhat dubious defense that everyone else is doing it, why not us?

One important point that they would like to highlight (and something I'll agree with): Thomson Reuters is not the only company gathering this kind of data and putting together this type of database. They may be a leader in the industry, but it's not fair to vilify them as if they were the only company in the market.

That statement of collective guilt doesn't do much to answer Vickery's question raised during deliberations about leaking the list publicly:

At the very least, this should jump-start a little online conversation regarding the appropriateness of having private entities maintain lists utilized by government agencies and banks.

As we've seen from other terrorism blacklists, the US government is no better at drawing conclusions or checking its lists for false positives on a regular basis. The fact that Thomson Reuters database pulls from hundreds of sources is probably better than the FBI/DHS method of shrugging people onto terrorist watchlists based on hunches, surnames, or camera ownership. It's still disturbing that a private entity can control access to various services around the world by selling a watchlist to corporate customers, but there's no reason to believe this private blacklist is any worse than those compiled by various governments.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Jun 2016 @ 8:41am

    So I guess ISIS terrorism is fine because they're not the only ones doing it.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 30 Jun 2016 @ 9:02am

    Next up

    I imagine Facebook will be in this business soon, if it isn't already.

    Anyone involved with CAIR is not the poster child you want when trying to create support against lists like this.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 30 Jun 2016 @ 9:50am

    Questions

    What do you have to do to get off one of these lists?

    Does it work like McCarthy-ism? If you are linked to someone on these databases, you end up on them yourself? Repeat until everyone is on the list.

    If Thomson Reuters is not the only ones doing it, does that make it okay? (ISIS is not the only group that tortures people -- the US do it too, so it's all okay!)

    reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 30 Jun 2016 @ 12:29pm

      Re: Questions

      you have to die. People are on these lists because if everyone is made a terrorist it is so much easier to deal with the people you do like for petty reasons, if they have no rights as a "suspected terrorist"

      reply to this | link to this | view in chronology ]

  • icon
    johnjac (profile), 30 Jun 2016 @ 9:51am

    From Thomson Reuters site link in this article

    In many cases, false positives have been reduced from 30% to 15%.


    This does NOT strike confidence

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 30 Jun 2016 @ 9:56am

      Re:

      What about false negatives?

      Is there anyone, even one single person, on this list who would actually commit a terrorist act?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jun 2016 @ 12:03pm

      Re:

      Thats right boss, I guarantee that you will not lose emails from important clients with our new SPAM blocking technology!

      Its new and improved for 2016 brining its false positive rate from 30% to only a minuscule 15%!

      reply to this | link to this | view in chronology ]

      • icon
        Ehud Gavron (profile), 30 Jun 2016 @ 12:59pm

        Re: Re:

        No.

        They did not say they reduced false positives to 15%.

        They said IN SOME CASES they reduced them to 15%.

        That means they know the false positive error is greater than 15%.

        Imagine having a database where one out of every seven entries is known to be wrong.

        Now go sell that for a million dollars.

        E

        reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 30 Jun 2016 @ 9:55am

    Closing the Leak

    I can understand why a media organization like Thomson Reuters may not be familiar with how digital information works in the 21st century, so I'll make allowance.

    Once someone has a copy, "closing the leak" is like closing the barn door after the ostrich has run out.

    Talking to contractors and third parties does not actually help much if at all.

    However I can understand how that would allow Thomson Reuters to feel like they have corrected a problem and that everything is okay now.

    Suggestion: next step, try asking the internet to take down all copies of that information. Please.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jun 2016 @ 10:16am

      Re: Closing the Leak

      Ostrich, terrorists, why did I think of Riotous Assembly by Tome Sharpe, it wouldn't have anything to do with competence would it?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 9:58am

    Wikipedia
    "Thomson Reuters Corporation (/ˈrɔɪtərz/) is a major multinational mass media and information firm founded in Toronto, Ontario, Canada. Its operations are headquartered at 3 Times Square in Manhattan, New York City while its legal domicile offices are located at 333 Bay Street in Downtown Toronto."

    Above
    blacklist of 93,000 individuals

    This sounds very much like a class action law suit by 93,000 individuals who are being libellous linked to criminal activity by a private company.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 9:59am

    They may be a leader in the industry, but it's not fair to vilify them as if they were the only company in the market.

    Fair enough. Let's vilify everyone that's doing this.

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 30 Jun 2016 @ 10:38am

    Black Lists and Watch Lists are Worthless

    It's still disturbing that a private entity can control access to various services around the world by selling a watchlist to corporate customers, but there's no reason to believe this private blacklist is any worse than those compiled by various governments.

    All black/watch lists are equally vile.

    Their worth is apparently is counted in dollars/cents not in terrorists apprehended.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 30 Jun 2016 @ 11:39am

      Part of the reason that terrorism continues to be a problem...

      ... is that our efforts to counter terrorism value making money than they do reducing terrorism.

      reply to this | link to this | view in chronology ]

      • icon
        Padpaw (profile), 30 Jun 2016 @ 12:35pm

        Re: Part of the reason that terrorism continues to be a problem...

        More so considering how much our governments spend supporting terrorism just so they can justify fighting it.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 6:18pm

    No guns for you!

    Wonder how many lists will be added to the background check? Can I make a list?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2016 @ 7:43pm

    So 93,000 people out of 7,000,000,000+ (~0.001%) might be bad people. We often talk about not making the majority suffer for the actions of a minority. So why does the majority of the world's population have to suffer ridiculous laws because a minority might be bad?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jul 2016 @ 4:20am

    And then how long before banks base their lending decisions on one of these lists, employers hiring based on these lists, service companies servicing based on these lists.........simply for the virtue of being on a list that in time, eventually the bleeming daly lama will be on giving how the requirements to be on a list will keep on expanding, and then used as the tool its eventually going to become.

    "Right, that person telling the truth is a nousance, yet our list doesnt cover it, he's a butcher, so we'll "advertise" that the guys a killer, and leave out the butcher part..........see, not lieing......simply ommiting and blemishing the truth"


    Mass media have a duty to tell the truth considering the considerable sway they have over the things thousands of people think about while viewing them, and folks need to recognise the voluntary form of hypnosis........im not saying get rid of it......there just has to be the awareness of it

    Im rambling on.........ill leave this here

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jul 2016 @ 9:14am

    It is kind of hard to say your not a state actor

    when you do stuff like this. Whether that will reflect on the safety of their journalists remains to be seen. But if I was slinging ganda' for these guys, I'd be a little concerned.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 1 Jul 2016 @ 11:07am

    Of course, before adding people to these lists a very careful investigation is conducted to avoid false positives and avoid screwing innocent people, right, right?

    It's like jails in the US. At some point, there will be so many jailed that we just need to take everybody to a piece of land and call it United States. Oh wait.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 1 Jul 2016 @ 11:39am

    Essential...

    As someday it may happen that a victim must be found,
    I've got a little list, I've got a little list.
    Of society offenders who might well be underground,
    And who never would be missed, who never would be missed.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.