[wnsire]

>"We canno't provide details about why your account is closed and won't reactivate it"

This type of behaviour should be banned by the European Union.

You should be provided with the exact reason of why your account is being closed , regardless of who is the provider of the service.

It's unacceptable that companies like Microsoft, Facebook, Airbnb feel entitle to behave like this knowing how critical the service provided by those companies are for some organization. Plus the fact that those suspensions are usually done automatically by an algorithm powered by Machine Learning or something similar.

This type of mechanism could destroy an entire organization if the account of CEOs , CTOs, CFOs are suddenly locked down without possibility to access their emails , their contacts, their meetings and others business critical information.

This is outrageous.

[stouset]

Often times companies are legally barred from disclosing this information. For example, in the financial services sector, if a person’s account is linked to certain forms of financial crimes, it is strictly illegal for the company to tell the owner why their account was suspended and/or funds frozen.

The intent is to not reveal that the account had been linked to (for example) financing of terrorist organizations, but in reality I think it causes more problems than it solves. A real criminal who has their account shut down is probably going to be pretty aware of what the reason is. On the other hand, many times something like this can happen due to a mistake by a government agency, an account takeover, or some other situation where the owner of the account has no idea what went wrong or how to fix it, and finds themselves blackballed by multiple financial institutions with no recourse.

I’m not a fan of PayPal by any shot, but I would wager a nontrivial number of the customer support nightmare stories we’ve all read actually come down to this, and their hands are completely tied.

[wnsire]

> Often times companies are legally barred from disclosing this information.

You are talking specifically about the financial and banking industry. Working in the banking industry , compliance regulation prevents banks from communicating about why your funds are frozen so the SEC can investigate and determine whether are not a fraud or suspicious activity were committed.

Such thing does not exist in the IT Industry. Microsoft ran their in house auditing tools , determined the account was suspiscious , set a flag "is_suspicious" as "true" in their database and the next day a batch ran and suspsended their account.

IT Audit for GAFA is 100% automated , there is no human interaction unlike Banking , Insurance and Finance.

Hence, the fact that BFA must communicate after the investigation about what fraud you committed to properly charge you in court and banned you from the services( You can even be banned in an entire country from owning a bank account depending on the severity ) but they must tell you why.

That is not the case for tech, it is completely unregulated which is why it's making me this upset.

[stouset]

Microsoft is a large company with many services, and some of them may intersect with this type of regulation through law enforcement. The financial sector isn’t the only area of business that have these types of restrictions, and it’s often significantly easier from a business and engineering perspective to block an account entirely than to cherry pick which services can and cannot be used.

This is particularly true when products frequently gain new features or integrations with other company-provided services, as changes in one system might allow an account that’s partially suspended to be able to perform legally-forbidden actions in another (think: something like iMessage gaining Apple Pay support). Yes, you can solve these things with engineering, but not only can that easily cost more than it’s worth, but you also open yourself to massive company risk if you fuck it up and regulators catch wind.

[splonk]

> The financial sector isn’t the only area of business that have these types of restrictions, and it’s often significantly easier from a business and engineering perspective to block an account entirely than to cherry pick which services can and cannot be used.

Yeah, I used to work on a fraud detection team for another company, where some guy got some traction online complaining about how his payment account got shut down. All sorts of bluster about how he scrupulously followed the terms and conditions and how he couldn't possibly be doing anything fraudulent and how we were stealing his money, and lots of bad publicity in threads like this.

Turns out the FBI was investigating the guy for hosting child porn on another service using the same account, and we weren't allowed to respond in any way to his complaining online. So we shut down all his accounts and couldn't really do anything to defend ourselves against his complaints.

In my experience, like 90+% of the loudest complainers of account shutdowns are completely full of it, and are guilty of very obvious violations that they somehow fail to mention when blogging about it. I'm not going to say that false positives from machine learning systems never happen, but people who loudly complain about their accounts being frozen don't have a good track record, and since most companies aren't going to discuss exactly why they got shut down in the open, the prevailing narrative seems to be that the large faceless corporation doesn't care.

[Stranger43]

How is that justified as compatible with a fair justice system, or have we kind of given up on this when it comes to dealing with modern financial services, or Internet services?

Or is it just as the mentioning of terrorist mean that we leave the confines of modern democracy and enters the territory of fascists policies, as we become what we fight?

the fact that accounts are locked and funds frozen by hacked together system dependent on irrational machine learning algorithms and never heard in open court is the premise for any number of dark dystopian science fiction stories and deeply scary and yet we seem to keep enacting laws and frameworks that rewards companies like Microsoft for arbitrary enforcement by making it impossibly expensive to challenge punishment dished out private enforcers(microsoft/facebook/youtube etc.) who can be punished by the state for not enforcing aggressively enough

[marcosdumay]

> How is that justified as compatible with a fair justice system

It's not. It's also not practiced exactly that way.

There is always a maximum duration for those things, and after that duration secrecy is gone.

Also, before locking somebody's account, the law enforcement people have to get in front of a judge, and make a really good case for why it should happen. Normally judges do not like people asking for unilateral actions (on most places judges are very competent lawyers, and if there is something that lawyers really love is their antagonistic system for decision making).

Money laundering laws are not like anti-terrorism ones.

[Stranger43]

The problem here is that when it's the banks doing it there really is'nt a court involved, nor police there simply is an algorithm spotting something and usually that's the end of the story.

If the block was followed by mandatory court action by whoever made the block with failure to successfully prosecute resulting in compensation paid to unjustly accused, there would be balance but thats also not how this kind of block works, as the courts are usually not involved when it's the banks/services own mandatory anti-fraud process thats being invoked, and not the police conducting an investigation prior to an actual open court case.

The problem is that private organizations are being asked to police their customers on their own under a framework thats basically outside of the justice systems, under penalty of fines by a justice system, that is not issuing the same fines when the private organization punish the innocent.

Again the problem is we have a mechanism that made some sense when nothing ever happened without sooner or later happening in a court that can/will punish the police for false arrest when/if the resulting prosecution fails, that due to the fact that a false/incorrect negative action no longer have consequences for those making it happen, especially as it happens under the pretense of being done but a free private organization by private organization that are theoretically free to reject customers even if that rejection is practically ordered by the state.

[marcosdumay]

Wait, are you talking from the US? Are banks blocking their customer's money there without the government intervention?

I haven't heard about something like this happening anywhere, but it's not hard to imagine it, unfortunately.

[stouset]

No, situations like described are almost exclusively a result of a governmental request.

[ceejayoz]

Someone who has a) been committing financial crimes and b) finds their funds frozen will probably be able to connect the dots.

If they're barred by law from saying why, fine. If not, they should have to provide at least some reason, and a way to appeal.

[avip]

In such case, I'd expect the reply to include "unfortunately, we're legally barred from providing any further details".

[saagarjha]

Well, then, in that case you've basically just told them you closed the account because you suspected it of being involved in {money laundering, funding terrorism, fulfilling the drug trade}.

[ceejayoz]

You don't think the person doing money laundering and finding their accounts frozen won't have figured that out already?

"Gee, it must've been that meme I posted the other day."

[earenndil]

It provides a defense -- you can say 'I wasn't laundering money' if that's their claim for what you did, and you can possibly provide evidence that you weren't laundering money; there's no way for you to say that you weren't violating an unknown term because you don't know what that is.

[stouset]

It’s not up to the companies, who (in my experience) largely hate having their hands tied. Legally, saying something like this can be construed as giving information to the target of the investigation, and doing so can result in fines and even jail time.

It’s dumb, and of course a guilty person will know exactly what happened, and of course hearing a response that their account has been closed and they cannot appeal or get any information as to why is going to make it even more blindingly obvious.

[pasbesoin]

"Because terrism" is becoming an all-too-ready and "unassailable" excuse for any action an institution doesn't want to justify nor clarify.

Past a point, this becomes like those building regulations and other points of governance, that are not actually publicly available.

And your democracy fails. Because how can people govern, including themselves, when they don't even know what the rules are? Where the "lines" are?

Maybe, ultimately, it would be more useful to effectively inform the public about such funding, than to hide it away.

Also, there's been another round of conversation in the last some days, about "cashless" payment systems and societies.

What happens, when some initiative or data point -- or someone's personal agenda -- flags you as "suspect"?

When your cards are suddenly deactivated, your accounts frozen, and no one will tell you why? Nor for how long?

This secret behavior -- this secrecy -- needs some serious and effective limitations.

Or we are all going to be at risk of violating society's "terms of service", and made pariah, without explanation nor recourse.

Slippery slope...

[DoofusOfDeath]

> "Because terrism"

Sincere question: what are you conveying by using that spelling of (I assume) "terrorism"?

[pasbesoin]

A colloquialism, plus a hesitation to use the correctly spelled word, what with all the scraping and data aggregation/analysis going on these days.

I don't support it. I also don't want to be flagged for simply discussing it.

Of course, this simple tactic may be futile, on my part.

Which sort of brings us back to the colloquialism.

[jdietrich]

>This type of behaviour should be banned by the European Union.

It probably already is. Under Article 15 of the GDPR, you have the right to access personal data and to an explanation of how that data will be processed. A database entry saying "this account has breached clause x.y of our ToS" constitutes personal data within the scope of GDPR.

Under article 16, you have the right to correct any inaccurate data. Under Article 22, you have the right to opt-out of any wholly automated decision-making process that "produces legal effects concerning him or her or similarly significantly affects him or her".

Article 23 does impose some restrictions on those rights, e.g. in matters of national security, defence or criminal justice, but those restrictions are narrow and specific. If someone tells you "your account is banned and we can't give you any further information", they're likely in breach of the GDPR.

https://gdpr-info.eu/chapter-3/

[hkai]

You can thank American and European governments for that. They extorted money from private companies for "due diligence violations" and now they will ban you and close your account on any smallest suspicion of financial impropriety or connections with sanctioned individuals or countries.

As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.

Corporations are panicking. They spend billions of dollars on due diligence now and this is the result you are seeing. They don't want to spend even more billions of dollars on fines.

Obviously they can't tell you "transferring over 500 USD per month to Africa looked dodgy to us, so we closed your account". They are keeping details secret, which makes sense because next time you'd just circumvent their checks.

[jstarfish]

> You can thank American and European governments for that. They extorted money from private companies for "due diligence violations" and now they will ban you and close your account on any smallest suspicion of financial impropriety or connections with sanctioned individuals or countries.

> As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.

That is ridiculous. Modern companies have no problem Hoovering up and analyzing vast amounts of intelligence on consumers for marketing purposes. PayPal almost certainly has liasons with any number of three-letter agencies that also feed them intel related to criminal or terrorist activity. Link analysis and graph database software has reached commodity status; it's affordable and available. Directing them to do something to stop transactions between accounts known to be affiliated with terrorism is a reasonable request.

If their solution to money laundering bans accounts based on something so naive as terms found in a street address, their unbounded, colossal incompetence is not the fault of any government. PayPal has never had their shit together-- run-of-the-mill fraudsters have no problem keeping accounts open, but yours will eventually be seized without notice or explanation.

[candiodari]

> That is ridiculous. Modern companies have no problem Hoovering up and analyzing vast amounts of intelligence on consumers ...

Meanwhile the EU imposed a 3 billion dollar fine on Google for, and this is sadly not a joke, depreffing incredibly annoying shopping comparison sites, specifically this one [1][2] and a few others. Go on, visit it. And then tell me how much the quality of the internet is lowered by making that site harder to find.

(the real reason: the Kelkoo CEO, and I'm not even joking, convinced a secretary of the EU competition commisioner (the previous one) that they were a viable EU-based competitor to Google. Yes, really, that's the level of intelligence the EU commission had, they believed that Kelkoo would be doing internet search engines better than Google)

What exactly makes you think that when we're talking lesser amounts they'd be more careful ? Doesn't it make more sense that when they want something, like say, imposing sanctions or find someone that may have spied on them, they don't just go "all info on these users or it's a $100 million fine" ?

Because reality is more like "Block this list of users because the police chief's wife's tennis partners' ball producer's 2-year old niece says they stole a teddy from her dog or it's a $1 billion fine. Oh never mind she found it. Did you block em yet ? BLOCK EM !"

[1] http://www.kelkoo.co.uk/

[2] https://www.politico.eu/pro/politico-pro-morning-tech-google... (non-paywalled mirror @ http://blog.digitalmedialicensing.org/?p=3823 )

[morsma]

This is the correct answer.

[Shank]

I agree that companies should provide more transparency, but I think that this should be provided as a remediation process to get an account back into compliance, rather than termination reason. If companies were able to give you actionable steps or why your account was flagged, that would let them have a way forward to retain a customer as well as provide answers.

On the converse, though, termination without reason does serve a purpose. For example, if this was because of illegal content being stored on the service, Microsoft may be complying with law enforcement and doesn’t want to tip off the suspect.

I strongly believe account remediation is better than all out termination, and that termination should only be enacted in the most severe of cases (repeat offenses or potentially criminal conduct).

[gruez]

>Microsoft may be complying with law enforcement and doesn’t want to tip off the suspect.

the suspect is already going to be tipped off by the fact his account is banned

[paulpauper]

although I can see how this can be abused. Imagine if I create 10000+ spam Facebook accounts and they all get disabled, am I entitled to a written explanation for why each account got disabled?

[ceejayoz]

Sure, why not? An automated form reply stating "Your account was blocked for the following spam posts" with a way to appeal false positives.

You might even require a $5 bond to appeal or something, to prevent spurious appeals.

[dublinben]

This just teaches the abusive users which behavior was caught, so they can learn to be better at evading that scrutiny in the future. It is completely counterproductive for a company to provided banned users with a detailed reason for their ban.

[ceejayoz]

Spammers have plenty of ability to A/B test these things to determine which posts trigger and which don't.

Meanwhile, normal users are left totally confused, with zero recourse and potentially a loss of important data and other significant repercussions.