Asset Protection BLOG - Mark Nestmann

One of the most positive developments for privacy in computer technology is the huge expansion in storage capabilities.  Today, it's possible to purchase a USB drive that fits in your pocket or your keychain and that stores eight or more gigabytes of data—plenty of capacity for most users' data. 

USB "sticks" are particularly useful when you're traveling, especially if you're using a PC in an Internet café or other public location.  They're also useful to preserve your privacy if you're traveling internationally with your laptop.  That's because customs officials in the United States—and other countries as well—can legally seize and copy the contents of any laptop carried across a U.S. border.  (I wrote about the legal background of the U.S. policy of laptop seizures here.)

However, even when you use a USB drive to hold your data, your laptop, or other PC you use with it, will still contain traces of the files you access, your Web search history and much more.  It's possible to minimize this trail using software such as Window Washer (http://www.webroot.com), it's difficult to eliminate it altogether.

To deal with this problem, you can now purchase a USB drive that includes a copy of your Web browser and e-mail reader.  When the USB stick is plugged into another PC—or your laptop—all your transactional records are stored on that USB stick, not on the other PC, including browser history and changes made to your e-mail inbox.  One product with this capability is StealthSurfer, from http://www.stealthsurfer.com.  Armorware (http://armorware.directtrack.com/z/81/CD125) has similar capabilities, plus it provides an encrypted data channel to avoid surveillance by your Internet Service Provider.

Copyright © 2007 by Mark Nestmann

In 1970, the United States for the first time imposed reporting requirements for persons moving substantial quantities of cash, or cash equivalents, across a U.S. border.  Current law requires that cash movements that exceed US$10,000 be reported via Form 105, which you can download here.

The original rationale for these controls was to help the IRS track the movement of cash to bank accounts offshore, where cash deposits were supposedly accepted with "no questions asked."  But over the years, the rationale changed from "tax evasion" to the "war on drugs," and now, most recently, to fight "terrorist financing." 

Now, the European Union has imposed its own reporting requirements for cross-border movements of cash, bank drafts and checks.  Under the new rules, anyone traveling to a EU country from outside the EU, or from a non-EU country into a member state, must report if they are carrying more than €10,000 (US$13,500) with them.  The regulations go even further than U.S. law in defining checks of any kind as cash—not just cashier's checks or traveler's checks. 

Penalties for non-compliance with this regulation vary from country to country.  In the United Kingdom, for instance, violations can lead to a fine of £5000 (US$9,900).  Customs authorities may deduct the fine directly from the cash seized.  However, these penalties are much less severe than the maximum sanctions available under U.S. law for failing to file Form 105—a fine up to US$500,000 and imprisonment up to 10 years.

The real danger of this regulation is when it's used in conjunction with existing asset forfeiture legislation now in effect throughout the EU.  For instance, under U.K. law, cash may be seized if there are "reasonable grounds to suspect that it is either the proceeds of, or is intended for use in, unlawful conduct."  This includes not just terrorism or drug-related crime, but ANY crime. 

It is undisputable that EU officials have access to data maintained by the U.S. Homeland Security Administration and other repositories of information.  What's to stop the U.K. Revenue & Customs Authority, or the equivalent authority in other EU countries, from using information retrieved from U.S. "data mining" efforts to create "reasonable suspicion" that lawfully declared cash might potentially be connected to a crime, including one that's yet to be committed? 

The answer, not surprisingly, is "nothing at all."  And that's the real problem with "cash reporting" legislation, no matter how well intended it's dressed up to appear.

Copyright © 2007 by Mark Nestmann

Personal computers are extraordinarily useful digital assistants.  But, we make them useful by entrusting to them information about ourselves.  If this information falls into the wrong hands, the results can range from embarrassing to catastrophic.

I've written previously about court decisions upholding the legal authority of the U.S. Customs Service to confiscate your laptop when you cross a U.S. border, and copy everything on it, without a warrant.  More recently, two court decisions upheld the authority of police to seize and copy the contents of home computers, including password protected files and directories, without a warrant. 

In one case, a 91-year-old man gave police permission to search a personal computer owned by his 51-year-old son, even though he had never used it.  Police copied the contents of the computer, including password-protected files, and discovered the presence of child pornography.  The 10th U.S. Circuit Court of Appeals upheld the warrantless seizure and duplication of the computer, and the owner now faces a long prison sentence.

In another case, a woman who was suspected of fraud consented to a police search of a computer she shared with her husband, again including password-protected files, which contained child pornography.  The 4th U.S. Circuit Court of Appeals again upheld the search.

These decisions mean that anyone in your household can give permission for authorities to search your PC, copy everything on it, including materials you've obviously tried to protect from being disclosed. 

Fortunately, there are several strategies you can use to protect yourself.  First, make it clear to everyone in your household that they do not have the authority to give anyone permission to search or seize your computer.  Second, restrict access to the computer itself, either by keeping it in a locked room, or locking the computer itself up in a secure container.  This creates an "expectation of privacy" that may hold up in court, especially if the search occurred without a warrant.

Third, don't rely on password protection, which can easily be bypassed  Instead, encrypt any confidential files with a program such as PGP (http://www.pgpi.com).  Even better, use PGP's "whole disk encryption" feature, which requires anyone who wants to retrieve information on the PC to enter a passphrase to gain access.  This won't prevent police, or anyone else, from copying the PC's hard disk, but without the passphrase, the information retrieved will merely consist of undecipherable gibberish.

For more strategies on protecting your computer privacy, click here.

Copyright © by Mark Nestmann

Credit cards (along with debit cards) are a convenient way to avoid carrying large sums of cash to make purchases. Under U.S. law, if a credit card is lost or stolen, your liability is limited to US$50, so long as you promptly notify the issuing bank of the loss.  (No such limit exists for debit cards, however).

However, there are hidden costs to credit and debit cards, One is privacy: in the United States, records of purchases with your card aren't your property, and can be bought, sold or rented to anyone. Naturally, government agencies have access to this data as well: your record of card purchases can lead to an IRS audit or even your placement on a terrorist watchlist.

Now, there's yet another risk to using credit or debit cards: identity theft.  It turns out that the data security standards used to guard your card records are woefully inadequate. That's how hackers managed to steal credit and debit card information on 45.7 million shoppers from retail giant TJX, the owner of T.J.Maxx, Marshalls and Bob's Stores.  The hackers gained access through a poorly secured wireless network that managed the cash registers and terminals.

Despite a market cap of nearly US$13 billion, TJX's wireless network employed less protection than many people use on their home Internet systems.  And there's zero assurance that other retailers don't have similar vulnerabilities.

So, how do you protect yourself? That's easy. Just go back to paying cash when you shop.   Cash is private, and there's no way for anyone to trace your cash transactions, much less steal your identity.

One precaution, though: beware of cash for really large purchases.  Under U.S. law, any trade or business that receives more than US$10,000 from a customer in a single transaction, or a series of related transactions, is required to make a report to the U.S. Treasury on Form 8300.  Just a word to the wise!

Copyright © by Mark Nestmann

Corporations are the traditional way to limit personal liability in a business. 

A corporation has a separate legal personality from its owners, officers, and directors.  This legal personality provides a "corporate veil" that may insulate these individuals from corporate liabilities. 

However, maintaining the corporate veil requires significant legal formalities that owners of small businesses often neglect.  More importantly, the corporate veil is irrelevant if you do something that results in a judgment against you personally.  In that event, you're responsible for paying the creditor out of your own personal assets. 

Let’s suppose that you own a 30% interest in a corporation that owns an apartment building.  You (not the corporation) get sued personally and lose.  Basically, the creditor can seize anything you own, other than what's called "exempt property" (e.g., your home, if you live in a state with a strong "homestead exemption" law, such as Florida).  Since you own that 30% interest in the form of corporate stock, you lose it.  Your creditor simply forecloses against your interest in the corporation. 

Is there a better way to own this asset?  Yes, in a business entity called a limited liability company (LLC).  A LLC is a hybrid of a partnership and a corporation.  Its owners, which are called members, are shielded from personal liability and all profits and losses pass directly to the owners without taxation of the entity itself.  LLC managers are also shielded from personal liability for the LLC's actions. 

The principal reason LLCs are superior to corporations at protecting assets is because of a legal concept called the charging order.  The charging order represents only a right to assets distributed by the LLC.  It doesn't give a creditor the right to dissolve the LLC or to force the manager of the LLC to make a distribution.  This often makes it possible to convince a creditor to settle on more reasonable terms than might otherwise be possible. 

LLCs are also simpler to administer than corporations and better when it comes to estate planning, because the ability to take "valuation discounts" for gift and estate tax purposes.  About the only situation in which a corporation is more suitable than a LLC is if free transferability of ownership interests—lacking in a LLC—is essential.  This might be the case, e.g., if you plan to take the corporation public and offer its shares on a securities exchange. 

LLCs organized in an offshore jurisdiction such as Nevis offer even more asset protection.  That's because the charging order concept sometimes breaks down, and a creditor of a member of a U.S.-registered LLC may be able to obtain a court order forcing the LLC manager to make distributions.  On the other hand, a creditor of a member of an offshore LLC with a non-U.S. manager may find it impossible to obtain jurisdiction over the manager.  Even if a U.S. court orders the non-U.S. manager to redeem the member's interest, to make a mandatory distribution, or even to dissolve the partnership, that order won't generally be enforceable in the United States.  Instead, the creditor will need to go to the offshore jurisdiction where the LLC is registered and convince a local court it's entitled to the assets in question.  Needless to say, this is a difficult and expensive undertaking.

That's not to say that LLCs are asset protection panaceas.  They're not, and there are significant pitfalls to avoid, particularly for LLCs with a single owner or that hold a purely passive asset portfolio.  It's possible to engage in creative planning to avoid these pitfalls, and others, but it's important to engage the services of a qualified legal practitioner rather than engaging in "do-it-yourself" asset protection planning..

Copyright © 2007 by Mark Nestmann

In case you didn't notice, May 14 was the deadline for U.S.-based Internet Service Providers to be in full compliance with an obscure law called the Communications Assistance for Law Enforcement Act (CALEA).

The original version of this 1994 law required all telephone networks to be made "wiretap-friendly" so that the FBI and other federal law enforcement agencies can activate a wiretap at the flip of a switch, without intervention by the network. Essentially, this is done by building secret "back doors" into all telephone equipment and networks to facilitate government surveillance.

Now, the CALEA requirements have been extended to the Internet. They apply to universities, public libraries, Internet cafés, and other institutions that operate networks connected to the Internet.

Law enforcement agencies are supposed to obtain a warrant before they activate a wiretap, whether it's for someone's telephone communications or Internet communications. However, it's also clear that they don't always do so, especially under the terms of President Bush's secret domestic spying initiative, which came to light in December 2005.

In this program, the super-secret National Security Agency has for at least five years listened in on an unknown number of conversations believed to be terrorist-related, without a warrant. And while the Bush administration promised in January of this year to submit all requests under this program to a secret court created to review applications for "national security" related wiretaps, on May 1, senior Bush administration officials told Congress that they could not pledge that this would actually be done.

There's every prospect that Internet wiretaps will be handled in the same cavalier manner, despite the clear provisions of a 1978 law called the Foreign Intelligence Surveillance Act, which mandates that all national security related wiretap requests be reviewed by the secret court. This "Foreign Intelligence Surveillance Court" rarely rejects a wiretap request, but even a rubber stamp is apparently too much due process for the Bush administration to deal with.

If that wasn't bad enough, there's another, even scarier, aspect of this program to consider.

The problem with "back doors" is that they can be used by anyone with the technological savvy to find them. There's increasing evidence that organized crime and foreign intelligence agencies are doing just that to telecommunications networks in the U.S. and other countries that have been made "wiretap friendly" courtesy of laws like CALEA.

In a 1997 drug trafficking case in Los Angeles, a narcotics cartel targeted by the Drug Enforcement Administration was able to "completely compromise the communications of the FBI, the Secret Service, the DEA and the LAPD," according to a secret government report leaked to the media. A few years later, revelations emerged, but were quickly hushed up, that the White House telephone system had been completely compromised by an unnamed foreign intelligence service. Similar concerns emerged in the Netherlands in 2002, when lawyers for a terror suspect claimed that Dutch wiretap transcripts ended up in the hands of the Turkish intelligence service, and again in 2005, when revelations emerged that back doors designed into telephone networks in Greece had been exploited to wiretap Greek government ministers.

And now, your e-mail, your Web browsing and everything else you do on the Internet will be subject to surveillance by anyone smart enough to find the back doors. What's more, because most Internet communications, unlike telephone communications, are not tied to a fixed location or phone number, the wiretapping infrastructure must be global, involving all the world's Internet routing structure. Perhaps that's why a few weeks ago, the U.S. Department of Homeland Security asked a company called Verisign to turn over to it what amounts to the "master keys" for the Internet. With these keys, U.S. spooks will be able to spy on any Internet user, anywhere in the world.

With the prospect of massive Internet surveillance now a reality, it's more important than ever to take precautions to protect yourself such as encrypting your e-mails using a program like PGP (http://www.pgp.com) and using Internet anonymizing services such as Armorware (http://armorware.directtrack.com/z/81/CD125).

For more suggestions on protecting your privacy on and off the Internet, click here.

Copyright © 2007 by Mark Nestmann

E-gold is one of the oldest gold-backed digital currencies around, and certainly one of the most successful.

And it's squarely in the sights of the U.S. government.

On April 30, the Department of Justice indicted the operators of E-Gold on charges of money laundering, conspiracy, and operating an unlicensed money transmission business. It also has issued 24 seizure warrants on nearly 60 accounts it says are involved in money laundering.

Between May 3 and May 9, the government forced Omnipay, E-gold's payment system, to redeem all the gold backing these accounts and convert the proceeds to a U.S. dollar account owned by the U.S. government. The gold confiscated in this civil forfeiture has a market value exceeding US$11 million.

By using civil forfeiture laws to make these seizures, the government was able to close down the 58 accounts without accusing the owners of any crime. Indeed, the government doesn't need to reveal anything to the owners for at least 30 days, possibly longer. Until the government actually files a civil forfeiture complaint, these owners can do nothing to defend themselves or recover their assets.

It seems likely that E-gold was targeted because it permits the essentially anonymous transfer of money outside the banking system. Although there's a permanent record of all transfers, users only need a valid email address to use the services. The indictment of E-gold paints a lurid picture of the system being used by child pornographers, identity thieves, and investment scams, although founder Douglas Jackson claims that on numerous occasions, the company has voluntarily shut down accounts possibly tied to criminal activity.

Despite the indictments, E-gold is open for business—indeed, in the course of writing this blog, I opened an account there, although I haven't funded it.

Time will tell how the E-gold saga will play out. In the meantime, I wouldn't be surprised to see a mass exodus of E-gold's customers to other companies.

One company that offers services similar to E-gold—albeit with a strict "know your customer" policy—is Goldmoney.com. I have a Goldmoney account, and recommend it highly if only as a way to purchase an electronic form of gold that is 100% backed by gold bullion that can't be debased by a central bank.

Copyright © 2007 by Mark Nestmann

Earlier this week, the FBI arrested six men accused of plotting an attack at Fort Dix, N.J., home to several thousand U.S. military personnel.

The attack represented a "new form of terrorism," according to an FBI spokesperson: "They operate under the radar...they strike when they feel it is right whenever that might be."

What new form of terrorism, you might ask? Pizza delivery! It turns out that one of the accused terrorist plotter often made pizza deliveries to Fort Dix and to nearby McGuire Air Force Base. He believed that under the guise of delivering a pizza, he could penetrate security at the base, and help bring about an attack "to kill as many soldiers as possible," according to the indictment.

Far be it from me to criticize the successful dismantling of a terrorist cell by the FBI.  But a "new form of terrorism?" Hardly.

There are an exceedingly small number of real terrorists, and they ALL seek to "blend in" with the larger population in order to carry out their actions. Blending in as a pizza delivery person to penetrate security at a military base is hardly a unique strategy.

Naturally, the arrests are already being used to justify support for a national ID card and other initiatives that would compromise civil liberties. But I have a simpler solution.

Rather than force pizza delivery persons to carry a biometric national ID card (or perhaps have it implanted in their hand), or turn pizza delivery services over to the FBI, why not require all deliveries of food and other non-essential items to military bases go to a secure location away from large groups of people or equipment?

Otherwise, if you work on a military base or other "secure" location, the next time you order pizza, the dialog might go something like this next time it's delivered:

"That'll be $9.95 for the pizza and $19.95 for the 'pizza terror screening.' And please don't forget the tip."

Copyright © 2007 by Mark Nestmann

Wouldn't it be great if you could bank at an institution akin to the "First Bank of Financial Privacy," with your account and transaction records protected from prying eyes?

In a nutshell, that was the service offered until recently by an Iowa man named Robert Arant, out of his  home in Des Moines. 

Arant allegedly told customers of his "warehouse bank," Olympic Business Systems, that he could make their banking transactions untraceable and keep their identities secret. Hundreds of people signed up for his financial privacy services, which were available for fixed fees ranging from US$75 and up.

Arant says his service is perfectly legal, but unfortunately for his customers, and for him, the IRS disagrees. Last month, it shut down Arant's $28 million "bank," froze its accounts, and seized its records. A civil complaint filed under seal in U.S. District Court charges that Arant promoted abusive tax shelters and unlawfully interfered with federal tax laws.

This isn't the first time the IRS has targeted "warehouse banks." In 2000, it dismantled a US$186 million warehouse bank scheme based in Oregon that involved more than 900 depositors. The organizers were sentenced in 2005 to up to four years in prison. In 2004, a similar warehouse bank was shut down in California. 

While the organizers of warehouse banks may sincerely believe that they're not subject to U.S. tax and customer identification requirements, failure to adhere to these requirements will quickly attract the attention of the IRS. Moreover, customers of such "banks" may come in for unwelcome attention as well—not to mention having their accounts frozen. 

If you're looking for financial privacy, you won't find it in a warehouse bank. A much better place to find it is in an offshore bank account, in a jurisdiction with strict bank secrecy laws, such as Austria or Switzerland. And even there, if you're a U.S. citizen or resident, you'll be required to disclose the existence of the account to the U.S. Treasury—but at least your account activity will be "off the radar screen" of asset tracking services, direct marketing companies, litigious lawyers, or someone merely curious about your financial affairs. 

Click here to learn more about legal ways to protect your financial privacy.

Copyright © 2007 by Mark Nestmann