Paper discussing the emergence of mobile commerce in the United States and comparing development in the US with more advanced adopters of the technology across the globe.

2. resolve the regulatory uncertainty created by the conflicting duties the Bank Secrecy Act, 31 USC § 5311-5330, and the Stored Communications Act, 18 U.S.C. §§ 2701-2711, imposes on them, and

4. The uninitiated release of information to the government from the provider. While AML laws require financial institutions to report financial information to the government without a government request, under a telecom centric M-pay model, the Stored Communications Act forbids such uninitiated reporting. As the telecom centric model can work outside the purview of a bank, it creates the potential of the Stored Communications Act forbidding any uninitiated reporting of suspicious or routine financial transactions that otherwise would be reported. <br />“Under the private search doctrine, the Fourth Amendment is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official.” Eighteen U.S.C. § 2702 creates privacy safeguards by providing that a provider of an “electronic communication service” shall not divulge the contents of a communication held by it and shall not divulge information it receives on behalf of the user via an electronic transmission provided the user does not authorize such a release. The Act goes further and states that the service provider shall not knowingly release a “record or other information” pertaining to the user to “any governmental entity.” In addition to creating the crime, this title also provides for a punishment for non-commercial benefit, which is generally a fine and/or imprisonment of not more than one year for a first offense, or more than five years and/or a fine for other convictions under the statute. The Act also includes exclusions for law enforcement, but they consist of specific government requests for information and emergencies, and not routine disclosures by the telecoms to satisfy Bank Secrecy Act requirements.<br />The courts have drawn lines between a wealth transfer service that utilizes an electronic format and a communications provider providing the means for a wealth transfer. In Standefer, the court had the opposite issue, a financial institution using an ISP, in contrast to our dilemma, the telecom transferring wealth in its own right. In Standefer, Standefer, the defendant in a child pornography case, transferred a payment for access to a child pornography website using e-gold. E-gold had accepted a deposit from the defendant and allowed the defendant to fill out a form on e-gold’s website to transfer a sum to the child pornography website. In differentiating between the wealth transfer service and communications provider: <br />[t]he Court concludes that e-gold is not a service which provides users the ability to send or receive electronic communications, rather e-gold is a service which utilizes the ability to send or receive electronic communications to permit the instant transfer of gold ownership between its users.<br />(Emphasis in original). The court also cites a Senate report stating “Existing telephone companies and electronic mail companies are providers of electronic communication services,” which differentiates it from e-gold’s service. <br />Essentially, what has been created is a money laundering protection because the Stored Communications Act forbids the telecom from reporting on the electronic/radio messages. These messages fall clearly within the statute. Further, inside these messages contain the financial transaction activity. The irony is that the telecom centric M-pay enjoys greater privacy for transactions than their bank centric counterpart. This gives it a competitive advantage and opens the door for an unscrupulous telecom provider to assist in the laundering of funds. Even if the telecom wanted to report transaction information, the statute forbids it under a criminal penalty. Thus, the only way for the government to gather the information is through the subpoena or warrant process, but the concept of the Bank Secrecy Act is to provide the government the information that there is suspicious activity. We have a legislatively created Catch-22, as the telecoms have an affirmative duty to not report violations of the Bank Secrecy Act and anti-smurfing acts that were created to give the government the information needed to pursue AML activities. <br />How To Resolve The Catch-22 Regarding BSA Reporting<br />Before Congress looks into new regulatory mechanisms to combat ML, they first need to assess concerns about the market as a whole and the need to balance regulations with the need to keep the market open and free, to allow companies to experiment and innovate. “In any new market, enablement requires a blend of legal and regulatory openness, which creates the opportunity to startup and experiment, with sufficient legal and regulatory certainty that there will not be arbitrary or negative change to the regulatory framework, so that providers have the confidence to invest the resources necessary” to develop and expand their industry (emphasis in original). Thus far, the United States has not passed substantial legislation, allowing the States to take the lead. <br />Another consideration is the role of the Stored Communications Act in the first place. Its goal is to protect the privacy of individuals from dissemination of their communications, especially to the government. The Fourth Amendment offers weak protections from intrusion of a person’s expectation of privacy of electronic and mobile content. The Fourth Amendment applies to the government. Non-government actors are free to look over electronic communications placed within their control, such as an email sitting in one’s email inbox on a server. Further, many electronic companies are third parties. Once content is delivered to them for storage, it may be deemed that the customer had ceded control to them, destroying a reasonable expectation of privacy. Where a reasonable expectation of privacy was non-existent, Congress legislated one.<br />From these concerns, the goal is to balance the need to effect financial reporting while protecting a Statutorily created Reasonable Expectation of Privacy (SREP) while minimizing cumbersome regulation. First, Congress must decide where to insert a new of modified regulation, under Title 47, which governs telecommunications, under Title 31 which governs financial transactions, or under Title 18, which contains the criminal code. As the conflict of regulation exists outside of Title 47, it can easily be excluded. The question becomes whether Title 31 or Title 18 should give way to the other. <br />As stated earlier, the purpose of the Bank Secrecy Act under Title 31 is to require reporting information to the government that is suspicious or would be useful in a criminal investigation. In short, the Bank Secrecy Act assists in criminal investigations for crimes found under Title 18 as it prevents banks from being used, knowingly or not, as a conduit for money laundering activities and creates a paper trail that the government can later use for investigatory purposes. The Bank Secrecy Act also provides penalties of its own, and has been held to be a separate prosecutorial offense from money laundering. <br />The Stored Communications Act is a privacy act. It also is a standalone crime with punishment. The Act’s sole function is to create an SREP, which would naturally give way to a privacy invasion under reasonable circumstances. Further, it already contains exclusions, such as releasing information for law enforcement to respond to an emergency. The Stored Communications Act sits in Title 18, whereas Bank Secrecy Act is firmly rooted in Title 31, financial transactions. It seems that taking the Stored Communications Act statute and placing it into the financial services regulatory regime could cause unintended effects and potentially expose the telecoms to excess regulation. However, taking 31 U.S.C. § 5311-5330 and inserting them into the Stored Communications Act as an exception to the prohibition to uninitiated disclosures to the government would adequately address money-laundering concerns while still adhering to Congress’ goal of securing privacy through creation of an SREP.<br />Eighteen U.S.C. § 2702 (c) should be modified to create an exception commanding the telecom to monitor and report financial transactions in accordance with 31 U.S.C. § 5311-5330. This would firmly allow telecoms to report suspicious transactions as required under Bank Secrecy Act.<br />An Additional Housekeeping Matter<br />To alleviate any ambiguities in regards to the telecoms and financial reporting, Congress should also modify the definition of a financial institution. Eighteen U.S.C. § 1956 uses the definition found under 31 U.S.C. § 5312 which defines a financial institution in very broad terms that includes a telegraph company and the general catch all that stipulates any business that the Secretary of the Treasury may deem as a financial institution as falling within the confines of the expansive definition found in 31 U.S.C. § 5312. , Congress should amend 31 U.S.C. §5312 to specifically identify the telecoms to put them on notice, which could most easily be accomplished under 31 U.S.C. §5312 (2) (S), modifying “telegraph” to the more expansive “telecommunications company.” This would serve as a clear and fair notice to the telecoms that they can be financial institutions and avoid the generic snare through a catchall phrase. <br />How to Reign Invisible NFC Transfers<br />Congress should work with the telecom providers to develop a system that will achieve the goals of law enforcement and regulators to detect and prevent money laundering while being inexpensive and convenient enough to avoid dissuading investment and innovation. Congress could seek to establish a financial monitoring and reporting requirement for the telecoms to adhere. This duty should not prove overly burdensome, as telecoms already monitor much information about the cell while it is on, creating an already established electronic infrastructure for Congress and the telecoms to exploit. Additionally, Congress and the telecoms can look to successful programs adopted in the Philippines, which includes transactions limits, transactions caps and a paper trail, i.e. deposit and withdrawal forms.<br />NFC transfers occur P2P, bypassing the cell phone tower, thereby avoiding scrutiny by cellular telecommunications companies, i.e. making the transaction invisible. This essentially creates the problem of allowing electronic transfers of money without anyone learning about the movement until the ultimate receiver of funds chooses to enter it into the system. It can be presumed that this end receiver would have put forth the effort into properly having had laundered the money, thereby using only clean money. <br />While these transactions are invisible, the cell phone is not. The cell phone is “always” in communication with cell towers, regardless of calling status, to provide its location and identify itself on the network. The reason for these “check-ins” is so the telecom can bill their clients according to use, allow service, and provide location finding/GPS services and comply with Wireless E911. Further, cell phones are individually identifiable. To further understanding, a brief explanation of what happens when a user turns a cell phone on follows:<br />All cell phones have special codes associated with them. These codes are used to identify the phone, the phone's owner and the service provider. <br />Let's say you have a cell phone, you turn it on and someone tries to call you. Here is what happens to the call: <br />When you first power up the phone, it listens for an [System Identification Code] SID … on the control channel. The control channel is a special frequency that the phone and base station use to talk to one another about things like call set-up and channel changing. If the phone cannot find any control channels to listen to, it knows it is out of range and displays a quot;
no servicequot;
message. <br />When it receives the SID, the phone compares it to the SID programmed into the phone. If the SIDs match, the phone knows that the cell it is communicating with is part of its home system. <br />Along with the SID, the phone also transmits a registration request, and the [Mobile Telephone Switching Office] MTSO keeps track of your phone's location in a database -- this way, the MTSO knows which cell you are in when it wants to ring your phone. <br />The MTSO gets the call, and it tries to find you. It looks in its database to see which cell you are in. <br />The MTSO picks a frequency pair that your phone will use in that cell to take the call. <br />The MTSO communicates with your phone over the control channel to tell it which frequencies to use, and once your phone and the tower switch on those frequencies, the call is connected. Now, you are talking by two-way radio to a friend. <br />As you move toward the edge of your cell, your cell's base station notes that your signal strength is diminishing. Meanwhile, the base station in the cell you are moving toward (which is listening and measuring signal strength on all frequencies, not just its own one-seventh) sees your phone's signal strength increasing. The two base stations coordinate with each other through the MTSO, and at some point, your phone gets a signal on a control channel telling it to change frequencies. This hand off switches your phone to the new cell <br />(emphasis in original). Let's say you're on the phone and you move from one cell to another -- but the cell you move into is covered by another service provider, not yours. Instead of dropping the call, it'll actually be handed off to the other service provider. <br />If the SID [System Identification Code] on the control channel does not match the SID programmed into your phone, then the phone knows it is roaming. The MTSO [Mobile Telephone Switching Office] of the cell that you are roaming in contacts the MTSO of your home system, which then checks its database to confirm that the SID of the phone you are using is valid. Your home system verifies your phone to the local MTSO, which then tracks your phone as you move through its cells. And the amazing thing is that all of this happens within seconds ... <br /> <br />As can be seen, many things are going on while the cell phone is engaged in communications, regardless of calling status. This constant communication could provide the missing link to ensure adequate reporting of NFC transfers. Congress may seek to prod the telecoms to develop the technology, software, or just initiative to develop a way for the telecom to monitor for NFC transactions that have occurred and their amounts while the cell phone is transmitting its System Identification Code for network registration. In essence, Congress would create a duty for the telecoms to monitor for financial transactions occurring on their networks. <br />The result of these monitored and recorded NFC transactions would allow for compliance of Bank Secrecy Act reporting and recording standards. It would also provide a way for law enforcement to gather evidence if this technology were to develop to allow regular NFC transactions between people engaged in an illegal business, such as narcotics sales or prostitution. The suspects’ ability to hide or destroy evidence would be greatly hindered by a monitored network. Further, as these are electronic communications, they would also be protected by the Stored Communications Act, preventing unauthorized disclosure to government or private parties. This approach, if feasible, could satisfy Congress’ goals of privacy under Stored Communications Act with law enforcement and regulatory needs under Bank Secrecy Act and AML. However, as with many things, this is easier said than done, and the proper course of action would be for the Congress and telecoms to work together to formulate a satisfactory mutual solution.<br />A second option, one that is used in the Philippines is also available. In the Philippines, a company, Globe Telecom, offers P2P wealth transfers under the telecom centric model. It operates under a closed system, where the user can only transfer wealth to other Globe Telecom customers. In order to establish an account, the user must open the account in person, allowing Globe Telecom to perform traditional due diligence. Further, all withdrawals require a form to be filled out before funds are given. Probably most importantly, there are strict limits to the amounts of daily and monthly amounts that can be transferred, which are quite low. The financial caps, in effect, prices out ML activity, as the amounts are too small to launder money. Globe Telecom also monitors transactions.<br />While this can serve as a potential model for implementation in the US, it also has drawbacks. Namely, being a closed payment system could severally limit the telecoms and merchants ability to allow for transfers of wealth due to problems with service compatibility. Further, if one telecom becomes the dominant provider of m-commerce, it could monopolize the industry, as users and merchants may be reluctant to having to sign up for multiple cellular agreements to effect trade, and would naturally use only the most popular one. This restraint on trade would ultimately hurt the consumer, as their choice would be limited, and limited opportunities could result in limited innovation and certainly limited competition. Additionally, the SIM may be hacked and reprogrammed, thereby defeating built in NFC controls.<br />While Global Telecom’s solution may not be a perfect match for the expansive US telecommunications industry, it is worthy to note that Global Telecom has taken proactive measures to monitor financial transactions for irregular and suspicious activities. This monitoring occurs outside the NFC context, it does show that telecoms can efficiently monitor for illegal activities and seek to take counter measures to prevent or disrupt them. Another valuable tool that Globe uses is the withdrawal caps. These caps can be analogized to the ATM withdrawal caps in the United States, especially in response to suspicious activities. In short, there are opportunities and examples that Congress and the telecoms can look to develop appropriate safeguards to allow m-pay and m-banking to flourish.<br />Digital Know Your Customer<br />Another area that the Congress and telecoms can work to prevent and detect money laundering and enforcement of the Bank Secrecy Act is through proper due diligence, or Know Your Customer. KYC is a set of principals laid out by FATF that instruct banks how to prevent ML and Bank Secrecy Act violations by properly identifying customers, learning their habits, purposes for accounts, etc. As the digital world has expanded, it would be worthwhile to explore and recommend Digital Know Your Customer (DKYC) protocols that telecoms, regardless of whether they follow the bank or telecom centric m-pay or m-banking model, should enact, as physical distance will increase between customers and their accounts as they opt for more convenient methods of wealth transfers. <br />An interesting recommendation was made in a working paper of the Asian Development Bank, which discussed biometrics in the cell phone handset. Currently, there are wide variety of biometric handset security features available, including voice, facial and fingerprint recognition. However, the potential of hacking of the SIM was still possible, potentially allowing for defeating these countermeasures. Notwithstanding the caution, biometrics in other areas has helped prevent fraud. Research in the use of biometrics for visa application in Canada found:<br />Field trial enrolments [sic] for visa applications totalled [sic] 14,854. Of those 14,854 enrolments [sic], 394 matches were made because of multiple enrolments [sic]. Those match results show that biometric technology is a highly effective way to manage client identity:<br />97% of the fingerprint and facial biometrics enrolled were of high quality.<br />When facial and fingerprint recognition were combined, the system made matches in 100% of cases.<br />Verification was accurate in 96% of cases …<br /> While not completely alleviating concerns about SIM hacking, this study seems to support that biometrics can help prevent fraud. Fraud can allow cell phone users to swap accounts, establish false accounts, etc, so that they may be able to avoid financial transfer caps or to be able to structure transactions to avoid Bank Secrecy Act reporting requirements. <br />Another concern is whether biometrics can be cost effective or if imposing a new standard for m-commerce would cost too much. This maybe a red herring; however, as this technology already exists in other countries:<br />Japan’s leading cell phone provider, NTT DoCoMo, has recently launched the P930i, a new handset with the ability to recognize its owner’s face, and automatically lock down if anyone else tries to use it.<br />Simply storing three simple snapshots of your face on this cool new camera phone allows this innovative security feature to take effect, and protect your data from thieves and other prying eyes.<br />The feature is currently limited to the Japanese market, but with the help of new facial recognition applications, other countries aren’t far behind. Face Tracker, for example, a clever new piece of software from FotoNation makes it possible to follow a person’s face and auto-detect the best camera settings to take their picture.<br />While this example is not dispositive, it does show that the market is adapting to the new realities in the m-commerce world, so imposing heightened standards, such as biometrics as a form of DKYC would not impose an undue burden on the telecom industry.<br />Conclusion<br />Today, the United States is experiencing a new wave in the way business is conducted in the form of being able to use one’s cellular telephone to conduct business and banking transactions, i.e. engage in M-commerce. M-commerce has the ability to bring a new class of people who are traditionally underserved into the banking industry. Further, this development also will bring a new level of convenience to the consumer in the purchasing of various goods and services. This convenience also poses some regulatory concerns, especially in areas where various regulatory schemes seem to contradict each other. These contradictions can create uncertainty in the marketplace, potentially limiting investment, or worse, being exploited by unscrupulous telecom players to contravene various reporting and AML regulations, allowing for a black market to flourish, resulting in a greater reward for criminal behavior and potentially assisting terrorists in their nefarious schemes. <br />These uncertainties and risks can be adequately dealt with though, through modifying the current regulations, namely the Bank Secrecy Act and Stored Communications Act. Further, the goals of these acts, financial reporting and individual privacy, respectively, can be accommodated through a modification that adopts the Bank Secrecy Act under an exception of the Stored Communications Act. This adoption would allow the telecom to legally report financial transactions conducted through their communications without having to worry about violating the criminal code forbidding such disclosures. <br />The nature of banking is changing. Customers no longer need to go to the bank and meet with a teller in order to conduct a financial transaction. People no longer need to meet their banker before establishing an account with them. These personal contacts were at the heart of the traditional due diligence that a banker performed before establishing an account. With these changes in mind, it is important for Congress to work with the telecommunications industry in order to develop a Digital Know Your Customer protocol, possibly even utilizing biometrics to ensure financial transactions are properly conducted and reported.<br />Bibliography<br />Articles<br />Geoff Duncan, Cell Phones to Gain Face Recognition?, October 20, 2005, available at http://news.digitaltrends.com/news-article/8580/cell-phones-to-gain-face-recognition<br />Kerry Burke and Larry Mcshane, Citibank limits ATM cash in city, January 3rd 2008, available at http://www.nydailynews.com/money/2008/01/03/2008-01-03_citibank_limits_atm_cash_in_city-2.html<br />Marshall Brain et al., How Cell Phones Work, available at http://www.howstuffworks.com/cell-phone.htm/printable (last visited April 14, 2009)<br />Mary Catherine O'Connor, Chase Offers Contactless Cards in a Blink, May 24, 2005, available at http://www.rfidjournal.com/article/articleview/1615/1/1/<br />Matthew Clark Matthew Clark, A texting entrepreneur embodies spirit of a new Rwanda, April 9, 2009, available at http://news.yahoo.com/s/csm/20090409/wl_csm/orwanda3<br />Telecommunication Industry News, New Cell Phone Features Facial-Recognition Security, October 30, 2006, available at http://www.teleclick.ca/2006/10/new-cell-phone-feature-facial-recognition-security-feature/<br />Cases<br />Dodd v. United States, 545 U.S. 353 (2005)<br />Rivera-Mercado v. Scotiabank De Puerto Rico-Int’l, 571 F. Supp.2d 279 (D.Puerto Rico, 2008)<br />United States v. Ortiz, 738 F. Supp. 1394 (S.D.Fla.,1990)<br />United States v. Standefer, No. 06-CR-2674-H, 2007 WL 2301760 (S.D. Cal . Aug. 8, 2007)<br />Warshak v. United States, 532 F.3d 521 (6th Cir. 2008)<br />Dictionaries<br />Black’s Law Dictionary, Financial Institution, (8th ed. 2004) <br />Black's Law Dictionary, money service business (8th ed. 2004)<br />The Free Dictionary, Legal Dictionary, Money Laundering, available at http://legal-dictionary.thefreedictionary.com/money+laundering, (last visited April 14, 2009)<br />Law Review Articles<br />Jonathan Weinberg, Tracking RFID, 3 I/S: J. L. & Pol'y for Info. Soc'y 777 (2008)<br />Orin S. Kerr, A User's Guide To The Stored Communications Act, And A Legislator's Guide To Amending It, 72 Geo. Wash. L. Rev. 1208 (2004)<br />Ross Panko, Banking on the USA PATRIOT Act: An Endorsement of the Acts Use of Banks to Combat Terrorist Financing and a Response to its Critics, 122 Banking L.J. 99 (2005)<br />Reports<br />David Porteus, The Enabling Environment for Mobile Banking in Africa, 2006, http://www.bankablefrontier.com/assets/ee.mobil.banking.report.v3.1.pdf (last visited April 14, 2009)<br />Financial Crimes Enforcement Network, Money Laundering Prevention, A Money Services Business Guide, available at http://www.msb.gov/materials/en/prevention_guide.html#Background%20on%20Money%20Laundering (last visited April 14, 2009)<br />International Money Laundering Information Bureau, Money Laundering - Some Measures To Prevent It, http://www.imlib.org/page7_wcwdo.html (last visited April 14, 2009)<br />James C. McGrath, Micropayments: The Final Frontier for Electronic Consumer Payments, 2006, available at http://www.philadelphiafed.org/payment-cards-center/publications/discussion-papers/2006/D2006JuneMicropaymentsCover.pdf (last visited April 14, 2009)<br />John Forbes, Effects of Cell phones on Anit-Money Laundering/Combating Financial Terrorism (AML/CFT) Wire Remittance Operations, 2007, http://www.adb.org/Documents/Others/OGC-Toolkits/Anti-Money-Laundering/documents/AML-Cell-Phone-Effects.pdf (last visited April 14, 2009)<br />Julia Cheney, An Examination of Mobile Banking and Mobile Payments: Building Adoption as Experience Goods?, 2008, http://www.philadelphiafed.org/payment-cards-center/publications/discussion-papers/2008/D2008MobileBanking.pdf (last visited April 14, 2009)<br />Financial Action ask T Force, The 40 Recommendations, http://www.fatf-gafi.org/document/28/0,3343,en_32250379_32236930_33658140_1_1_1_1,00.html#r4 (last visited 28 March 2009)<br />Statutes<br />18 U.S.C. § 1956<br />18 U.S.C. § 2510<br />18 U.S.C. §§ 2701-2711 <br />31 U.S.C. § 5311-5330<br />Websites<br />Amazon.com Corporate Website, Amazon Payments, available at <br />https://payments.amazon.com/sdui/sdui/index.htm (last visited March 22, 2009).<br />E*Trade Corporate Website, Complete Savings, available at https://us.etrade.com/e/t/welcome/completesavings, (last visited March 28, 2009).<br />EZPass Website, About EZPass FAQs, available at http://www.ezpass.com/static/faq/index.shtml (last visited March 22, 2009).<br />Government Printing Office, GPO Access, available at http://www.gpoaccess.gov/uscode/browse.html (last visited April 14, 2009).<br />Financial Action Task Force, About the FATF, http://www.fatf-gafi.org/pages/0,3417,en_32250379_32236836_1_1_1_1_1,00.html (last visited April 14, 2009).<br />Speedpass Commercial Website, Questions & Answers: Getting Started, available at<br />https://www.speedpass.com/forms/frmFaqs.aspx?pPg=faqStarted (last visited March 22, 2009).<br />United States Treasury, Money Laundering: A Banker’s Guide to Avoiding Problems, 2002, available at http://www.occ.treas.gov/moneylaundering2002.pdf (last visited April 14, 2009).<br />Wikipedia, e-gold, available at http://en.wikipedia.org/wiki/E-gold, (last visited April 10, 2009).<br />Wikipedia, Mobile Phone Tracking, available at http://en.wikipedia.org/wiki/Mobile_phone_tracking (last visited April 14, 2009).<br />Wikipedia, Subscriber Identity Module, available at http://en.wikipedia.org/wiki/Subscriber_Identity_Module (last visited April 5, 2009).<br />Wikipedia, Wireless Enhanced 911, available at http://en.wikipedia.org/wiki/E911#Wireless_Enhanced_911 (last visited April 14, 2009).<br />