4 March 2010

It appears that PayPal is responding to, or preparing, a Financial Crimes Enforcement Network (FinCEN) Suspicious Activity Report (SAR) about Cryptome. Cryptome's account was locked on March 3, 2010; money can come in, none can be withdrawn. PayPal has asked Cryptome to explain its "business model." The first email:

Date: Wed, 03 Mar 2010 09:45:04 -0800
From: service[at]paypal.com
To: cryptome[at]earthlink.net
Subject: Notification of Limited Account Access RXI034

Dear John Young,

As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.

We have observed activity in this account that is unusual or potentially high risk.

Case ID Number: PP-910-103-553

For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.

To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us".

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Sincerely,

PayPal Account Review Department

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link in the top right corner of any PayPal page.

PayPal Email ID PP522

Cryptome provided the information at the website as requested on March 3. Nothing happened. An email request was sent to Paypal, which answered with these instructions (which had already been followed):

From: service[at]paypal.com
To: cryptome[at]earthlink.net
Date: 3 Mar 2010 19:02:05 -0600
Subject: Limited Account

Dear John Young,

To view the details regarding your limited account access, please follow these steps:

1. Log in to your PayPal Account at https://www.paypal.com/ by entering your email address and password in the Member Log In box

2. Click on the 'Click to Resolve' link on your Account Overview page

3. Click the 'Why' link to view the Limited Account Access Details

You will be able to view what steps need to be taken to restore your account access

Please Note:

* Appeals cases and faxed documentation are worked in the order they are received

* If your account access is limited, please see the section entitled 'How can I restore my account access?' for information on how to restore your account access

If you have any further questions, please feel free to contact us again.

Thank you for using PayPal!

The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

Cryptome went to the PayPal site and found that there were no open items to be answered. Another email was sent and PayPal responded with this:

Date: Thu, 04 Mar 2010 06:16:55 -0800
From: service[at]paypal.com
to: cryptome[at]earthlink.net
subject: Request for additional information PP-910-103-553 RXI034

Dear John Young,

Your account access limitation cannot be lifted at this time. PayPal requests that you provide additional information regarding the transactions you are processing.

Please explain your business model.

We would like to obtain as much information as possible about the above transaction(s), in order to expedite this investigation.

Sincerely,

Anna
PayPal Account Review Department
PayPal, an eBay Company

Cryptome sent Anna by email information about the site. The email bounced. This morning Cryptome telephoned PayPal and spoke to an agent, who directed Cryptome to the PayPal site where she had added a new item for Cryptome to provide information. The information was entered in a form along with other explanations of transactions:

The PayPal transactions are donations to Cryptome.org a public service, non-commerical, website, for DVD copies of the open, free, archive. It is not a business. See the Wikipedia entry:

http://en.wikipedia.org/wiki/Cryptome

During the past two weeks there have been news reports about Cryptome.org that has led to an unusual increase of donations. Usually donations come in once or twice a week, as you can see from our PayPal account. Most recently donations have dropped to a customary small number after the recent surge.

Expenses for operating Cryptome.org are not fully covered by donations, by far most are paid by me.

I am a professional architect in New York City, and have provided unpaid public service parallel to professional practice since 1968. Cryptome.org is part of that contribution.

Sincerely,

John Young

The information requested by PayPal appears to fit that required to file a Suspicious Activity Report.

http://en.wikipedia.org/wiki/Suspicious_activity_report

Suspicious Activity Report

The purpose of the Suspicious Activity Report is to report known or suspected violations of law or suspicious activity observed by financial institutions subject to the regulations of the Bank Secrecy Act (BSA). In many instances, SARs have been instrumental in enabling law enforcement to initiate or supplement major money laundering or terrorist financing investigations and other criminal cases.[citation needed] Information provided in SAR forms also presents FinCEN with a method of identifying emerging trends and patterns associated with financial crimes. The information about those trends and patterns is vital to law enforcement agencies and provides valuable feedback to financial institutions.[citation needed]

[edit] Who reports suspicious activity

The report can start with anyone at a bank, from a teller to a back office clerk to a manager. They are generally trained to be alert for suspicious activity, such as people trying to wire money out of the country without identification, or someone with no job who starts depositing large amounts of cash into an account. Employees are trained to communicate their suspicion up their chain of command where further decisions are made about whether to file a report or not.

Many different financial industries are now required to file SARs. Each SAR form was specifically designed to accommodate respective institution types such as depository institutions, money services businesses (MSBs) or the securities and futures industry.

For example, MSBs such as check cashing establishments and money remitters use the SAR-MSB form, while casinos use the SARC form.

[edit] When is a SAR filed?

FinCEN requires a SAR report to be filed by a financial institution when the financial institution suspects: insider abuse by an employee; violations of law aggregating over $5,000 or more where a subject can be identified; violations of law aggregating over $25,000 or more regardless of a potential subject; transactions aggregating $5,000 or more that involve potential money laundering or violations of the Bank Secrecy Act; computer intrusion; or when a financial institution knows that a customer is operating as an unlicensed money services business.

SAR confidentiality

Unauthorized disclosure of a SAR filing is a federal criminal offense.[1] In other words, any bank employee who has a suspicion is trained to only discuss the suspicion with their supervisors, and not anyone else, including the customer who is under suspicion and coworkers. The fact that an SAR has been filed is also supposed to be a secret.

An individual or organization is precluded from discovering the existence of a SAR filed that includes their name. Financial institutions undertake an investigation process prior to filing a SAR to assure that the information reported is appropriate, complete, and accurate. This process will often include review by financial investigators, management and/or attorneys prior to filing.

One technique used by money launderers is to transfer money in small amounts to avoid triggering the amount for a SAR. The surge in small donations to Cryptome fit that pattern.

There is a possibility that a SAR was initiated by another party for suspicions about activities other than money laundering.

Cryptome will report PayPal's determination to maintain the lock, shut the account, and the funds confiscated by forfeiture to FinCEN. Or re-open it as if all is well following the Microsoft-NetSol-Gov invasive spying business model.

PayPal's policy for cooperating with law enforcement:

http://cryptome.org/isp-spy/paypal-spy.pdf

http://cryptome.org/isp-spy/paypal-spy2.pdf