The Unusual Nonprofit That Helps ICE Spy on Wire Transfers

When Immigration and Customs Enforcement agents are trying to track down undocumented immigrants, they seek out all the data they can find. In Arizona, they’ve found a special trove that’s ripe for abuse.

The Transaction Record Analysis Center, or TRAC, database offers a rare glimpse into the financial lives of millions of immigrants and U.S. citizens alike. The database contains details about more than 340 million wire transfers sent via Western Union and more than two dozen other companies that immigrants rely on to send money back home.

The database contains a record of every transfer of $500 or more sent using these services to or from Mexico, Arizona, California, New Mexico, and Texas. For each transaction, TRAC captures the name and home address for both the sender and the recipient, plus dozens of other sensitive data points.

“This database is a loaded weapon lying around for the taking,” said Nathan Freed Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, which has called for TRAC to be shut down. “This is a data collection program that disproportionately sweeps in the records of poor people and immigrants, groups that the Trump administration is going out of its way to target.”

TRAC is unusual in many ways.

The data dragnet is powered by Arizona’s state attorney general using administrative subpoenas, which do not require a judge’s sign-off. But TRAC operates as a nonprofit and a clearinghouse for ICE and hundreds of other law enforcement agencies around the country to access the data. The current Arizona attorney general, Kris Mayes, a Democrat, is aggressively suing the Trump administration on numerous fronts — yet the database is an invaluable potential resource for its anti-immigrant campaign. And despite being a target of privacy advocates and lawsuits for years, TRAC has continued to suck up data.

ICE has played an outsized role in TRAC over the years, chipping in data of its own at times. ICE agents have also been top users of the database, served on TRAC’s board, and even funded its operations.

But Mayes’s office and TRAC downplayed concerns that ICE might use the data to target immigrants for deportation. The database does not contain details about immigration status, they noted, and it’s intended exclusively to investigate money laundering along the border, which was how TRAC first started more than a decade ago. Before searching the data, agents must promise not to abuse their access and declare the “underlying predicate offense” for a given query, under an agreement Mayes’s office signed with TRAC in 2023. 

But privacy advocates told The Intercept that TRAC has insufficient safeguards and unacceptable risks, particularly under President Donald Trump. The Trump administration has been shifting agents at ICE and other agencies away from investigating money launderers, with orders to prioritize deportations and raids. Agents who are grabbing U.S. citizens, lawful permanent residents, and visa holders off the streets on pretext; shipping people to a mega-prison in El Salvador based on “administrative errors”; and filing questionable search warrant applications might simply lie to access data that makes the deportation machine run a bit more smoothly. On Monday, ICE inked an agreement with the IRS to obtain data about undocumented workers, including their home addresses.

“The Trump administration has already shown that it is acting recklessly at best with who it deports and why,” said Abigail Kunkler, a legal fellow at the Electronic Privacy Information Center. “TRAC offers officials a massive grab-bag of data to root around in for transactions it can label suspicious, and there isn’t currently any oversight.”

“Limitless” Investigative Power

TRAC’s origin story is a testament to that familiar bipartisan itch to expand surveillance powers. Despite an early loss in state court over the dragnet, Mayes and her predecessors — one fellow Democrat and two Republicans — used settlement agreements and administrative subpoenas to build the database into a go-to resource for cops and federal agents nationwide.

It started with one subpoena to a single company. In 2006, then-Arizona Attorney General Terry Goddard, a Democrat and former mayor of Phoenix, demanded data from Western Union about all wire transfers of $300 or more to any location in the Mexican border state of Sonora from any location worldwide over a three-year period. He did this under the state racketeering law, A.R.S. § 13-2315, which requires financial institutions to produce records in response to “reasonable” requests from the attorney general’s office.

Western Union initially proposed providing partially anonymized data to protect its customers’ privacy.

This wasn’t acceptable to Goddard and a task force of federal and state agencies, which wanted as much data as possible — including about innocent customers’ transactions — to establish “control groups.”

Western Union fought the subpoena, and in 2007 a state appellate court ruled Goddard had exceeded his authority under the racketeering law. The Arizona Court of Appeals was concerned at the subpoena’s sheer breadth, especially its geographic coverage far beyond Arizona state lines, and ruled it was not “reasonable” under the law. 

“The argument the Attorney General makes here would make the investigative power granted in A.R.S. § 13-2315 limitless,” the court found. “It would provide a justification for requesting financial data from anywhere in the world merely because it might serve to provide a baseline of ‘innocent data.’”

After losing the court battle over the subpoena, Goddard turned up the pressure on Western Union by suing it directly. In 2010, Western Union settled with the attorney general’s office and agreed to comply with subpoenas for data about wire transfers above $500.

Beside the higher threshold amount, the scope of data sharing under the settlement agreement was even broader than what Goddard had previously sought. Western Union agreed to share five years’ worth of historical data and give Goddard’s office “near real time” data about transactions sent to or from “the area within 200 miles north and south of the United States/Mexico border,” plus all of Arizona. Unlike the prior subpoena, this included portions of every state on both sides of the border.

The state attorney general’s office now had a data pipeline from one of the biggest players in the wire transfer industry. And it was just the beginning.

 “Unorthodox Arrangement”

In early 2014, Western Union signed a second settlement with Goddard’s successor, Republican Tom Horne. This agreement expanded the data sharing to its current scope: all wire transfers above $500 to and from the entire country of Mexico plus the entirety of four U.S. southern border states — Arizona, California, New Mexico, and Texas — regardless of proximity to the border.

By this point, the dragnet had expanded beyond Western Union too. Horne’s office sent subpoenas to at least five of its competitors in late 2013, records show, including to MoneyGram, Sigue, and Continental Exchange Solutions.

The 2014 agreement also marked the establishment of TRAC as a separate nonprofit entity, initially bankrolled by Western Union and under the control of the attorney general’s office through its board. TRAC’s first director and president served simultaneously as a special agent supervisor at the agency, records show. 

In 2015, Republican Mark Brnovich took over as Arizona’s attorney general. An early advocate for the argument that undocumented immigrants constitute an “invasion” under the U.S. Constitution, Brnovich was recently tapped as Trump’s ambassador to Serbia.

During Brnovich’s tenure, TRAC expanded rapidly, from 75 million transaction records compiled from 14 different companies in 2017 to 145 million records from 28 firms in early 2021, according to meeting minutes of TRAC’s board. In 2021 alone, TRAC added a “25% increase of data,” other minutes show. TRAC’s user base also exploded, from 300 different law enforcement agencies and 600 users in 2017 to nearly 700 agencies and 11,600 users in late 2021.

As of 2018, ICE was the top agency using the database, with almost 950 active user accounts, records show. During the Brnovich years, the agency became a key player in other ways. A top ICE agent in Phoenix joined TRAC’s board in 2017. In summer 2019, when the Western Union settlement concluded and the company was no longer on the hook to finance TRAC, ICE kicked in a year of funding.

Related

How Customs and Border Protection Illegally Tried to Unmask a Rogue Twitter Account

Around this time, ICE also started contributing data about millions of wire transfers to TRAC using its own legally dubious administrative subpoenas, according to findings published by Sen. Ron Wyden, D-Ore. in 2022 and 2023. Between 2019 and 2021, agents at two different offices of ICE’s Homeland Security Investigations sent a type of federal subpoena called a “customs summons” to multiple companies, including Western Union. By law, this type of subpoena is limited to investigations related to merchandise imports and customs duties, a limitation which agents at ICE and other DHS components have flagrantly ignored before.

Some of ICE’s subpoenas covered transactions thousands of miles from the U.S.–Mexico border, demanding data for more than a dozen additional countries spanning from the Caribbean to China and parts of Europe.

The Drug Enforcement Administration and FBI had also demanded data from certain companies, Wyden found.

“This unorthodox arrangement between state law enforcement, DHS and DOJ agencies to collect bulk money-transfer data raises a number of concerns about surveillance disproportionately affecting low-income, minority and immigrant communities,” Wyden wrote in a letter to the Justice Department’s inspector general.

After Wyden raised concerns about the legality of their subpoenas, ICE withdrew them. A few months later, an HSI agent received an award from the White House for his “innovation, creativity, and foresight” in getting TRAC access to “an additional stream of millions of financial transaction records.”

TRAC Under Mayes

Mayes narrowly won the state attorney general’s race in 2022, and she was sworn in as Wyden and the ACLU brought renewed scrutiny to TRAC. Once a Republican, Mayes switched parties in 2019, a change she attributed recently to her revulsion at the first Trump administration’s immigration crackdown.

From the beginning of her administration, Mayes has defended TRAC. Like her predecessors, Mayes has overseen its continued expansion using administrative subpoenas under A.R.S. § 13-2315, but her office declined to comment on how the agency squares these subpoenas with the state appellate court’s decision from 2007. As of July 2024, 22 companies were “actively producing records” to TRAC, according to an HSI newsletter.

“The subpoenas are just as illegal now as they were several years ago,” the ACLU’s Wessler said.

Mayes has also taken steps to protect TRAC against legal challenges.

Shortly before she took office, four people whose data was swept up in TRAC filed a class-action lawsuit in federal court against Western Union, MoneyGram, and other companies the plaintiffs used to send money to family abroad, as well as DHS and ICE. The plaintiffs alleged TRAC’s data sharing violates both federal and California financial privacy laws. In their defense, the companies pointed to the subpoenas they received over the years, including from Mayes’s staff.

TRAC wasn’t a defendant in the lawsuit, nor was the Arizona attorney general’s office. But in September, Mayes submitted a letter to the court defending TRAC. Mayes emphasized that she had “embraced and furthered” the program and claimed her office’s success at combating transnational criminal groups was “highly dependent” on her “ability to issue and enforce the subpoenas.” 

“Because a primary issue before this Court is the legality of the Defendant [companies’] compliance with these subpoenas, it is difficult to identify a party more interested in such litigation than the State of Arizona,” Mayes wrote.

Wessler called the letter a “pretty aggressive attempt to shut litigants out of court,” particularly since this was “private litigation in a different court in a different state.”

Mayes’s letter cited a handful of federal prosecutions in which TRAC has played a role. One in particular, which resulted in drug trafficking and money-laundering convictions in California last October, shows the sheer scope of the database.

In December 2020, two informants told federal agents that they used a small money transmitter business in Oakland to launder drug proceeds to Mexico. Cashiers had been using an unsuspecting victim’s ID and personal information as cover for the transactions.

A table included in court filings shows the data that TRAC already had on this innocent third party, along with the fraudsters. There were more than a dozen entries for wire transfers she sent to “family or friends in Mexico,” as an IRS agent wrote, as early as five years prior and for amounts between $650 and almost $3,000.

“I would be worried about whose hands this data would get into,” said Sarah Lopez, a migration scholar at the University of Pennsylvania who has studied remittances from Mexican immigrants to their communities back home, of the detailed data compiled by TRAC. “There are millions of people sending repeat transactions” via wire transfers each year between Mexico and the U.S., she said, “then multiply it by two because people are being tracked on both sides of border.”

Lopez was skeptical that the $500 threshold amount in the TRAC subpoenas — unchanged for more than a decade — was a meaningful screen to prevent excessive surveillance of immigrants’ remittances. “Five hundred dollars is not a lot of money to send,” she said, noting that immigrants often send money to help with significant one-time expenses like housing and health care, and that service fees incentivize larger transfers.

Related

How a Landlord and a Florida PR Firm Helped Trump Kick Off the Tren de Aragua Gang Panic

TRAC’s president, Rich Lebel, defended the $500 threshold as “striking the right balance” based on recent data about average remittance amounts to Mexico and recent discussions he had with companies that share their data. Two companies told TRAC that, in 2024, “nearly 80% of all of their transactions are below $500, which means TRAC only has insight into approximately 20% of all transactions,” Lebel wrote in an email.

Mayes’s letter to the court proved fatal to the class-action lawsuit over TRAC. In late September, the court dismissed the case entirely, ruling that her office had “a legally protected interest” in defending the subpoenas but could not be added to the case. In November, shortly after the election, Mayes submitted a similar letter in another federal lawsuit regarding TRAC, which is ongoing.

“Despite the lawsuit and the public scrutiny of its actions, AG Mayes’ office is doubling down on its surveillance tactics,” said Daniel Werner, a senior staff attorney with Just Futures, which represented the plaintiffs in the dismissed class action lawsuit.

A Model of Secrecy

When it comes to TRAC, Mayes has distinguished herself from Brnovich, her Republican predecessor, in one key respect: secrecy.

Under Brnovich, the attorney general’s office released hundreds of documents about TRAC’s internal operations to the ACLU. These included nearly 140 subpoenas sent to more than 20 companies, meeting minutes from the TRAC board, and user lists.

Over the past year, The Intercept submitted multiple records requests to Mayes’s office, seeking updated versions of many of these materials plus other records. The agency sent the same documents it released to the ACLU and materials about TRAC’s operations under prior administrations. But it refused to release almost any records about how TRAC currently works, including documents that would show how its database has grown and shed light on its relationship with ICE and the Department of Homeland Security.

Mayes’ office now claims it would violate A.R.S. § 13-2315 itself to disclose any more of the TRAC subpoenas. “We are correcting the previous administration’s error and following the law,” wrote Richie Taylor, Mayes’s communications director, in an email.

“Their argument is wrong and borderline frivolous,” Wessler told The Intercept, noting that the statute clearly shields the data obtained by the subpoenas but says nothing about the subpoenas themselves. “An attempt to shield these subpoenas behind a spurious claim of secrecy is galling.”

For basic materials like TRAC’s meeting minutes, Mayes’s office now claims that it has no obligation under Arizona law to provide them since TRAC is formally a separate entity. When The Intercept asked TRAC directly for these same materials, it claimed, in turn, not to be subject to public records requests given its nonprofit status.

“The Public Records Law is an important part of Arizona law, but it simply doesn’t apply to TRAC,” wrote attorney Andy Gaona, which represents TRAC, in a letter in December.

Although a distinct creature on paper, TRAC has been “supervised directly” by the attorney general’s office, as a 2019 manual described the relationship. For years, TRAC’s bylaws gave the attorney general the power to personally select its board of directors and designate its chair. These provisions were still in TRAC’s bylaws as of September 2019, the most recent copy released by the attorney general’s office.

The current TRAC board chair, defense attorney Andrew Pacheco, who took the role in 2022, was chief of the attorney general’s criminal division before going into private practice. While working at the agency, he “supervised the activities of the Transaction Record Analysis Center,” according to his firm bio. The prior TRAC chair, Paul Ahler, served simultaneously as the agency’s criminal division chief.

“It just can’t be that the AGO can shield these public records by creating a nonprofit entity whose board it controlled, and that exists solely to ingest records obtained by the AGO,” Wessler argued, referring to the attorney general’s office.

Mayes’s office said that the attorney general no longer has this level of authority over TRAC but said it did not have a copy of the current bylaws to substantiate this. “TRAC is governed entirely independent of the Attorney General’s Office,” Lebel, TRAC’s president, wrote. TRAC declined to provide its current bylaws as part of The Intercept’s records request.

Other records show close coordination over the years between agency officials and TRAC staff — who sometimes used official government email addresses — including on the subpoenas that fuel the database.

TRAC’s deputy director, Liz Barrick, who joined TRAC in 2018 after several years working at the attorney general’s office, drafted many of the administrative subpoenas herself, records show, which she would forward to her former colleagues at the agency to review and sign before they were sent to the companies.

At one point in early 2018, Lebel and Barrick worked up subpoenas for wire transfers to and from an entirely new state: Georgia, which TRAC wanted to investigate as a “hub of racketeering activities.” For weeks, the pair emailed the attorney general’s office about the proper scope of the subpoenas. When one of the companies expressed concerns, Barrick responded with the agency’s position about modifying the subpoena. 

TRAC staff also coordinated with ICE as the agency prepared to send its own data demands to Western Union, emails show. In 2019, Barrick emailed an ICE official some “language to be included in the subpoena.” A few months later, Ahler checked in with Barrick: “What is the status of our federal administrative subpoena to Western Union?”

And in 2021, when Western Union’s lawyer requested a meeting with the attorney general’s office about a recent subpoena, Barrick was added to the call.

TRAC and Mayes’s office both declined to answer whether their staff still collaborate on the subpoenas.

“TRAC really appears to operate more like a department of the AGO and not an independent organization,” said EPIC’s Kunkler. “The AG’s attempt to weaponize technicalities to avoid disclosing information looks an awful lot like intentionally laundering their actions through a nonprofit to avoid disclosure.”

The post The Unusual Nonprofit That Helps ICE Spy on Wire Transfers appeared first on The Intercept.