Thursday, May 11, 2006

The government is tracking you (in case you didn't already know)

[This post has been updated; see below for more.]

An article in USA Today reports that the NSA has created a massive database of Americans' phone calls:
The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren't suspected of any crime.


The NSA's domestic program, as described by sources, is far more expansive than what the White House has acknowledged. Last year, Bush said he had authorized the NSA to eavesdrop — without warrants — on international calls and international e-mails of people suspected of having links to terrorists when one party to the communication is in the USA. Warrants have also not been used in the NSA's efforts to create a national call database.

In defending the previously disclosed program, Bush insisted that the NSA was focused exclusively on international calls. "In other words," Bush explained, "one end of the communication must be outside the United States."

As a result, domestic call records — those of calls that originate and terminate within U.S. borders — were believed to be private.

Sources, however, say that is not the case. With access to records of billions of domestic calls, the NSA has gained a secret window into the communications habits of millions of Americans. Customers' names, street addresses and other personal information are not being handed over as part of NSA's domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information.
AT&T, BellSouth, Verizon, and SBC are all being paid by the NSA to participate; Qwest is "the lone holdout among the big telecommunications companies."

And, as with the warrantless wiretapping program, it appears that this program is illegal:
Under Section 222 of the Communications Act, first passed in 1934, telephone companies are prohibited from giving out information regarding their customers' calling habits: whom a person calls, how often and what routes those calls take to reach their final destination. Inbound calls, as well as wireless calls, also are covered.

The financial penalties for violating Section 222, one of many privacy reinforcements that have been added to the law over the years, can be stiff. The Federal Communications Commission, the nation's top telecommunications regulatory agency, can levy fines of up to $130,000 per day per violation, with a cap of $1.325 million per violation. The FCC has no hard definition of "violation." In practice, that means a single "violation" could cover one customer or 1 million.
Bush's response (as quoted by CNN) to this report was, "We are not mining or trolling through the personal lives of innocent Americans." If tracking every single call millions of Americans make isn't rooting through "innocent Americans'" personal lives, I'd like to know what is.

[Update: ThinkProgress has more information on why the program is likely illegal:]
1. It violates the Stored Communications Act. The Stored Communications Act, Section 2703(c), provides exactly five exceptions that would permit a phone company to disclose to the government the list of calls to or from a subscriber: (i) a warrant; (ii) a court order; (iii) the customer’s consent; (iv) for telemarketing enforcement; or (v) by “administrative subpoena.” The first four clearly don’t apply. As for administrative subpoenas, where a government agency asks for records without court approval, there is a simple answer – the NSA has no administrative subpoena authority, and it is the NSA that reportedly got the phone records.

2. The penalty for violating the Stored Communications Act is $1000 per individual violation. Section 2707 of the Stored Communications Act gives a private right of action to any telephone customer “aggrieved by any violation.” If the phone company acted with a “knowing or intentional state of mind,” then the customer wins actual harm, attorney’s fees, and “in no case shall a person entitled to recover receive less than the sum of $1,000.”

(The phone companies might say they didn’t “know” they were violating the law. But USA Today reports that Qwest’s lawyers knew about the legal risks, which are bright and clear in the statute book.)

3. The Foreign Intelligence Surveillance Act doesn’t get the telcos off the hook. According to USA Today, the NSA did not go to the FISA court to get a court order. And Qwest is quoted as saying that the Attorney General would not certify that the request was lawful under FISA. So FISA provides no defense for the phone companies, either.

[Update 2: And the LA Times has come up with another law that this program appears to violate:]
The Electronic Communications Privacy Act of 1986 was passed when cellphones and the Internet were emerging as new forms of communication. Section 2702 of the law says the providers of "electronic communications … shall not knowingly divulge a record or other information pertaining to a subscriber or customer … to any government entity."

Companies that violate the law are subject to being sued and paying damages of at least $1,000 per violation per customer.


[In 1967], the [US Supreme] court said a government agent listening to a private phone call was the equivalent of a search. That ruling, in Katz vs. United States, required police and federal agents thereafter to obtain a search warrant from a judge before they wiretapped a phone.

Still, phone records are not the same as phone conversations, and the high court refused to extend the privacy protections of the 4th Amendment to a list of dialed phone numbers.

"We doubt that people in general entertain any actual expectation of privacy in the [phone] number they dial," the court said in the 1979 case of Smith vs. Maryland. This ruling gave the police freedom to obtain phone records without a warrant.

To close that loophole, Congress enacted the Electronic Communications Privacy Act, forbidding the phone companies to divulge phone records.

The law includes several exceptions. For example, phone records may be disclosed "with the lawful consent of the customer." Another exception involves "any emergency involving danger of death or serious physical injury." In such a situation, the "provider in good faith" may give the requested phone records to a government official.

No comments: