PayPal Blocks Purchases Of Tardigrade Merchandise For Potentially Violating US Sanctions Laws

from the water-bears-are-the-new-WMDs dept

Moderation at scale is impossible. And yet, you'd still hope we'd get better moderation than this, despite all the problems inherent in policing millions of transactions.

Archie McPhee -- seller of all things weird and wonderful -- recently tried promoting its "tardigrade" line of goods only to find out PayPal users couldn't purchase them. Tardigrades are the official name for microscopic creatures known colloquially as "water bears." Harmless enough, except PayPal blocked the transaction and sent this unhelpful response:

If you can't read/see the tweet and the screenshot, here's what it says:

Just an FYI that @PayPal is currently blocking all transactions containing the word "tardigrade" in the product name or description. We've contacted them and they told us we should just stop using the word tardigrade.

And PayPal's response:

Every transaction that goes through our system, is reviewed by our internal security team. Certain words can trigger our security system. Unfortunately, this cannot be overridden. I would advise you to change the wording on your website to prevent this from happening.

PayPal's size demands the use of automated moderation. But this outcome seems inexplicable. It says the "internal security team" manually reviewed the block… and decided to keep it in place anyway. What's the point of having a "security team" if they can't override the algorithm's decision?

Then there's the question as to why "tardigrade" is blocked in the first place. It's the official name for a particularly hardy micro-animal found all over the world. Early speculation centered on the Scunthorpe Problem, suggesting PayPal blocks transactions involving forms of the word "retarded."

But it appears to be even more ridiculous than that. Tim Ellis at GeekWire received this explanation from PayPal:

A PayPal representative put the blame on the US government’s Office of Foreign Assets Control (OFAC) sanctions, which contain an entry for an industrial supply company called “Tardigrade Limited” located in the country of Cyprus. According to PayPal, the word “tardigrade” triggered a manual review process because their system determined that the payments “may potentially violate US sanction laws."

Customers have a Balkan arms dealer to blame for their inability to purchase tardigrade goods.

Slobodan Tesic (Tesic) was identified in the annex of E.O. 13818 on December 21, 2017. At the time of his designation, Tesic was among the biggest dealers of arms and munitions in the Balkans, spending nearly a decade on the United Nations (UN) Travel Ban List for violating UN sanctions against arms exports to Liberia.

[...]

Tesic also utilized Cyprus-based Tardigrade Limited (Tardigrade) to conduct business in third-party countries, particularly Arab and African countries. Tesic has also used his Serbian companies to sign contracts with Tardigrade before selling the goods to a final buyer.

So, "tardigrade" is flagged by the system as indicative of sanctions violations. But there's that term again: "manual review." Is it impossible for reviewers to distinguish between arms sales through third parties and these?

Now, it could be the manual review team didn't want to end up on the wrong side of sanctions and felt safer blocking transactions than possibly allowing an arms dealer to launder money through the sale of adorable water bear products. Or it could be the manual "review" consists of scrolling through a list of flagged items as quickly as possible and hitting the "approve all" button. Whatever it is, it ain't working. And Archie McPhee isn't the first retailer to run into this problem. Two months ago, Two Photon Art noted it had to rename its Tardigrade pin to "Water Bear Enamel Pin" to allow PayPal users to purchase it.

Erring on the side of caution seems like the smart thing to do. But when the term "manual review" accompanies "automated process," you'd think manual reviewers would see these errors for what they are, rather than allow the blocking to continue. It appears PayPal is doing a little more manual review for tardigrade-related purchases now that it's gone a bit viral, with customers experiencing delays rather than being hit with warnings their purchases have violated PayPal policies.

The upshot is stuff like this will only become more common as time goes on. The more pressure that's placed on tech companies to aggressively police content, the greater the chance harmless content will be rendered inaccessible. It's not that companies shouldn't make efforts to keep their sites free of illegal content and whatever the companies would rather not see on their sites, but automated moderation will always create issues like these. And there just aren't enough manual reviewers available to clean up algorithmic mistakes.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: content moderation, payments, sanctions, tardigrade
Companies: paypal


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Sep 2020 @ 12:37pm

    Dang! Just when I was making a breakthrough in accessing the mycelium network for the Spore Drive, Paypal started blocking payments for more tardigrades!

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 14 Sep 2020 @ 1:05pm

    wow,

    Seems like the USA/Swiss/Israel/Russia dont like the competition.
    (weapon sales)

    reply to this | link to this | view in chronology ]

  • icon
    zeiche (profile), 14 Sep 2020 @ 1:12pm

    let's look further down the road...

    assuming in time more words will be added to the ban list, and also assuming these words will not be be easily removed from the list, will we reach a point where all available words will be banned? what do we do then, switch to l33tspeak or pig latin?

    reply to this | link to this | view in chronology ]

    • icon
      Norahc (profile), 14 Sep 2020 @ 1:30pm

      Re: let's look further down the road...

      It wouldn't surprise me if Paypal blocked the word Tardis for being too similar to tardigrade.

      reply to this | link to this | view in chronology ]

    • identicon
      Bobvious, 14 Sep 2020 @ 2:35pm

      Re: let's look further down the road...

      Wait until Slobodan Tesic starts trading as Trump Limited or Pence Limited or Apple Limited or ....... Let the trolling begin.

      reply to this | link to this | view in chronology ]

  • icon
    TKnarr (profile), 14 Sep 2020 @ 1:50pm

    The problem is likely that this involves the OFAC lists. The government's rules about those are pretty strict and not very sensible. If the OFAC servers return a hit, PayPal likely doesn't have the option of second-guessing it. By the same token, though, PayPal shouldn't properly be running the name/description of merchandise items through the OFAC query process. The name of the purchaser, yes, possibly the name of the supplier or manufacturer if known, but not item names/descriptions.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Sep 2020 @ 1:56pm

      Re:

      The problem is likely that this involves the OFAC lists. The government's rules about those are pretty strict and not very sensible. If the OFAC servers return a hit, PayPal likely doesn't have the option of second-guessing it.

      It's entirely up to PayPal to determine how they choose to implement filtering for OFAC matches. The government does not have any specific requirements.

      Therefore, PayPal absolutely can second-guess and override any automated filtering hits. They'd just bear the responsibility if they screwed up and let something pass that they shouldn't.

      Source: I used to work for a website hosting company and one of my responsibilities was reviewing automated OFAC hits for accuracy. Our developers were involved in extensive discussions with OFAC on how our filters should work.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 14 Sep 2020 @ 11:48pm

        Re: Re:

        "They'd just bear the responsibility if they screwed up and let something pass that they shouldn't."

        That's likely why this is failing. PayPal are a large target for both government and criminals. When push comes to shove, what decision are they most likely to make - a decision that allows small artists to sell cheap novelty items but opens up a small possibility that it's just a cover for something that leaves them in violation, or a decision that causes the little guy to suffer but causes them no actual damage themselves?

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Sep 2020 @ 2:10pm

      Re:

      Pretty sure that’s it. Banks and payment processors are required to scan cross-border payments against the OFAC list. Many banks will do this for domestic payments, too, and even for non-monetary messages exchanged over payments networks. Other countries have similar lists. The penalties are also severe, as in up to “your CEO is going to jail.” Deutsche Bank was fines $258M a couple of years ago, but they were actively circumventing the system.

      Commercial software for doing these scans generally use pretty broad text matching logic—you can’t just check the sender/receiver name. Add to this the fact that the lists are pretty big and generic and you end up getting a LOT of false positives. Banks are happy to manually review false positives for multi-million dollar wire payments. For millions of $9.95 transactions this would be impractical.

      reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 15 Sep 2020 @ 11:36am

      Re:

      Might be fun to see what happens if you got companies on the OFAC lists to start selling products named for unpopular US politicians. Would those politicians suddenly be unable to use PayPal?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Sep 2020 @ 2:12pm

    Keyword filters cant even stop teenagers from swearing in videogames, so whoever thought one could stop international arms dealers needs to be fired for gross incompetence.

    reply to this | link to this | view in chronology ]

  • icon
    GHB (profile), 14 Sep 2020 @ 2:22pm

    Yikes.

    It is one thing they rely on automation, but it is a bad thing they are unwilling to fix or improve its automation.

    Makes me wonder what if bad people can exploit this by simply avoiding such keywords.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Sep 2020 @ 3:21pm

      Re: Yikes.

      Makes me wonder what if bad people can exploit this by simply avoiding such keywords.

      Like exactly all the people doing something which is in fact illegal. This is one of those DRM-type problems, where you don't affect the intended targets, just normal people trying to do normal daily things.

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 14 Sep 2020 @ 7:34pm

      Re: Yikes.

      That's crazy talk that is, everyone knows criminals are far too honest to use false or otherwise misleading labels for their activities and/or plans.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 14 Sep 2020 @ 11:50pm

      Re: Yikes.

      "Makes me wonder what if bad people can exploit this by simply avoiding such keywords."

      They can, it just leaves PayPal plausible deniability, which they don't have if a name on the list is used.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Sep 2020 @ 4:08pm

    Just think how many deaths have been prevented by forcing terrorists, druglords, earbud smugglers, and other existential threats to civilization to FILL OUT FALSE BILLS OF LADING when they import their weapons of mass incivility!

    "Have you anything to declare?"

    "Only a dozen vials of Sar--um--WARFARin and a tac-PRACtical fiss-FRISSonal device."

    "What's 'frisson'?"

    "Oh, it's a kind of hair curler."

    "NOT SO FAST, my fine furtive friend! Do those vials have ... ROUND CORNERS?"

    "It's a fair cop, gov."

    reply to this | link to this | view in chronology ]

  • icon
    mrtraver (profile), 14 Sep 2020 @ 6:54pm

    When I read the headline I wondered why PayPal was blocking the sale of time machines that look like police boxes.

    I know better now.

    reply to this | link to this | view in chronology ]

  • icon
    Tanner Andrews (profile), 15 Sep 2020 @ 4:17am

    The Really Amazing Thing

    Evidently, there are still people out there who trust paypal with their money. It is not clear why this would be.

    reply to this | link to this | view in chronology ]

    • icon
      Samuel Abram (profile), 15 Sep 2020 @ 5:53am

      Re: The Really Amazing Thing

      Let's be real, Cryptocurrency has its problems too, such as volatile fluctuations in value and shady and/or clueless people involved in it (if you don't think the latter is problematic, I subscribed to a bitcoin mailing list who didn't even figure out how to BCC and then everybody knew my email address. Why should I deal with such people?)

      reply to this | link to this | view in chronology ]

  • icon
    crade (profile), 15 Sep 2020 @ 7:06am

    "you'd think manual reviewers would see these errors for what they are, rather than allow the blocking to continue"

    They clearly explained that the keyword triggers can't be overridden. (which is dumb, sure, but no need to pretend it's not there). There is no contradiction, they never said the purpose of the manual review was for overriding the keyword trigger and there is plenty of other things they could be using the review for.

    The result of the manual review here may just have been that they told them they can remove the keyword instead of reporting them for sanctions violations.

    Paypal had to settle for sanctions violations with the U.S. government several years ago who knows what ridiculous terms they had to agree to.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Sep 2020 @ 1:15pm

    Paypal's stupidity and slowness to learn earns itself a Tardy Grade.

    reply to this | link to this | view in chronology ]

  • identicon
    bob, 16 Sep 2020 @ 12:55am

    PayPal was right

    PayPal was right to block this sale. Just imagine if you tossed over the cube wall a tardigrade hand grenade stress ball, that might surprise someone.

    Do you realize how dangerous for others it would be if you cut the lights and used the glow in the dark night vision finger puppets to ambush your coworkers?

    Sure office warfare will be set back a few years but at least you won't be hit with the chemical attack tardigrade air freshener. Do you even realize how powerful the water bear scent is?

    PayPal is just looking out for all the office victims that can't compete with only their aincent Nerf technology.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.