On May 11, 2006 USA Today reported [1] that the National Security Agency (NSA) has been secretly collecting phone call records of millions of Americans, with the eventual goal of including the records for all US calls. These will be compiled into what one source for the article termed, "the largest database ever assembled in the world." The "call-detail records" collected reportedly include the phone numbers for each end of the call, the time of the call, and the duration, but not the contents of the call, in distinction to another secret NSA surveillance program uncovered by The New York Times in December 2005 [2]. The records were collected without a warrant or any authorization from any court of law (including the FISA courts). According to the story, collection of these data has been ongoing since shortly after the 9/11 terrorist attacks.
The records will be used to, "analyze calling patterns in an effort to detect terrorist activity." Another intelligence official called this, "social network analysis". Few details are known, as the program is secret and government officials will neither confirm nor deny its existence [1,3]. The USA Today story was based upon interviews with multiple sources whose names and affiliations were not revealed. For his part, President Bush stated that, "The intelligence activities I have authorized are lawful and have been briefed to appropriate members of Congress, both Republican and Democrat. The privacy of all Americans is fiercely protected in all our activities," without making specific reference to this particular program [4].
According to the USA Today story, the records were originally obtained from the phone companies AT&T, BellSouth, and Verizon, and these companies were also asked to provide periodic updates. Another major phone company, Qwest, refused to comply with the request.
There have been a number of questions surrounding this revelation, and I will touch on just a few here.
Trying to Convince Qwest
When the NSA went to the major phone companies and asked them to turn over customer's calling records, USA Today reports all the companies but Qwest acceded to the demand. Qwest's CEO reportedly was concerned about the legality of handing over the records without a warrant, and he was concerned about the liability that the company could face if they turned over the records without proper justification.
NSA officials made many different appeals for cooperation, saying that if Qwest did not turn over the records they could compromise national security. The NSA also reportedly offered to pay in turn for cooperation, and the article continues, "...the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and
hoped to get more."
Actively Avoiding Oversight?
Most striking are the following passages from the article:
"Unable to get comfortable with what NSA was proposing, Qwest's lawyers
asked NSA to take its proposal to the FISA court. According to the
sources, the agency refused.
The NSA's explanation did little to satisfy Qwest's lawyers. "They told
(Qwest) they didn't want to do that because FISA might not agree with
them," one person recalled. For similar reasons, this person said, NSA
rejected Qwest's suggestion of getting a letter of authorization from the
U.S. attorney general's office. A second person confirmed this version of
events."
It would appear, then, that the NSA was actively avoiding any sort of oversight, specifically because they were not confident their behavior would be judged to be acceptable.
Legality
I am not a lawyer, but as a concerned citizen I felt after reading about this that I should make some effort to look at the law regarding this issue. The following is what I have found and understood so far. This section has changed considerably from its original form.
When I first read about the program, I suspected that obtaining call records without a warrant of any kind was illegal, because I had read discussions about warrants for "pen register" searches before. Looking at the U.S. Code, the relevent sections seem to be Title 18, Part II, Chapter 206 and Title 50, Chapter 36, Subchapter III. Normally, when a law enforcement or intelligence agency wants to find out all numbers involved in calls to and from a specific phone, they obtain a warrant for what are called a "pen register" and a "trap and trace". A device that records all the phone numbers called from a specific phone is known as a "pen register", and recording all the phone numbers that call a specific number is known as a "trap and trace" according to of US law [5]:
"(3) the term pen register means a device or process which records or
decodes dialing, routing, addressing, or signaling information
transmitted by an instrument or facility from which a wire or electronic
communication is transmitted...
(4) the term trap and trace device means a device or process which
captures the incoming electronic or other impulses which identify the
originating number or other dialing, routing, addressing, and signaling
information reasonably likely to identify the source of a wire or
electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing..."
The law clearly states that the use of a pen register or trap and trace without a court order is illegal, unless it meets the conditions for one of several exceptions. The requirements a for warrant differ, depending on whether the warrant is sought through the normal court system or through the Foreign Intelligence Surveillence Court (FISC) that was set up by the Foreign Intelligence Surveillence Act (FISA), but in both cases a warrant is required [6,8,9]. The exception is when the records are collected by the phone company for maintenance or billing, preventing fraudulent use (i.e. cracking and phreaking), or if the phone company has the customer's permission [6]:
(a) In General.— Except as provided in this section, no person may install or use a pen register or a trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.).
(b) Exception. The prohibition of subsection (a) does not apply with
respect to the use of a pen register or a trap and trace device by a
provider of electronic or wire communication service
(1) relating to the operation, maintenance, and testing of a wire or
electronic communication service or to the protection of the rights or
property of such provider, or to the protection of users of that service
from abuse of service or unlawful use of service; or
(2) to record the fact that a wire or electronic communication was
initiated or completed in order to protect such provider, another provider
furnishing service toward the completion of the wire communication, or a
user of that service, from fraudulent, unlawful or abusive use of service;
or (3) where the consent of the user of that service has been obtained.
None of these exceptions would be met if the NSA compelled the phone companies to do pen register and trap and trace searches. If they compelled the companies to do them without a warrant, then the NSA officials involved would be in violation of the law and subject to a fine and/or up to a year in prison. There is another possibility, however.
Although police generally need a warrant to search your home, you can certainly waive that right and voluntarily allow them to search home, and this is not a violation of the law. Likewise, the possibility has been raised [10] that the phone companies were asked to voluntarily hand over the call records that they had collected for billing purposes. Collection of such records is not defined to constitute a pen register [5]. As business records, a government agency would still need a warrant to compell the phone companies to give up the information, but nothing would stop them from asking the phone company to give up the records voluntarily. In this way, they could have the effect of a pen register or trap and trace without actually having done one, according to the letter of the law. The fact that Qwest declined to relinquish the records obviously suggests that the companies had a choice. It's not clear whether all companies asked to furnish the NSA with records were aware that they could, in fact, refuse.
Another possibility is that the Bush administration would argue that these sections of the US Code are, in fact, unconstitutional. This would be similar to one of the arguments the government has made in support of the other NSA surveillance program. Gonzales has claimed that this is war time and collecting "signals intelligence" is a fundamental incident of war. As such it is within the President's powers to wage war under article II of the Constitution and Congress cannot pass laws restricting that ability. In the other case, it is FISA that is in question, but perhaps the same argument could be applied to to this new legal issue. Until these issues are brought before the courts, they cannot be definitively settled, of course, and thus far the Justice Department has not seen fit to bring the issue before a court. It should also be noted that many legal and constitutional scholars disagree with this Gonzales' appraisal of these issues [7].
Phone Company Liabilty and Denials
If the phone companies gave their business records to the NSA voluntarily, then the officials at the NSA may not have violated the law, but it may be the case that the phone company officials did. In a more recent article [11], USA Today reports, "A communication act dating to 1934 and more recent electronic privacy laws generally require phone companies to protect the confidentiality of customers' communication," and the phone companies may have run afowl of these laws by giving the information to the government. For a layman, it's difficult to determine all the parts of federal law that may apply (not to mention state privacy laws), but of particular interest seems to be the passage [12]:
"a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity."
The penalty for violation of this law includes a fine of a minimum $1000 for each person affected. This provision and others are presumably the basis of a lawsuit being brought against
AT&T,
Verizon, and
BellSouth on behalf of their approximately 200 million customers. Damages would total over $200 billion [13]. Oddly, it appears that under this section of law, a phone company may sell the records to anyone
but the government, suggesting that the NSA could perhaps have complied with
the letter of the law if instead a
third party had bought the records and sold them to the government.
Of course, the laws regarding telecommunications are complex, and there are other portions of federal law that seem to suggest the actions of the phone company might have been legal. One passage reads [14]:
"(a) Duty to Provide.— A wire or electronic communication service provider shall comply with a request for subscriber information and toll billing records information, or electronic communication transactional records in its custody or possession made by the Director of the Federal Bureau of Investigation under subsection (b) of this section.
(b) Required Certification.— The Director of the Federal Bureau of Investigation, or his designee in a position not lower than Deputy Assistant Director at Bureau headquarters or a Special Agent in Charge in a Bureau field office designated by the Director, may—
(1) request the name, address, length of service, and local and long distance toll billing records of a person or entity if the Director (or his designee) certifies in writing to the wire or electronic communication service provider to which the request is made that the name, address, length of service, and toll billing records sought are relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States..."
Of course, this would only seem to imply legality if it were the FBI rather than the NSA that initially made the request.
The FCC is also launching an investigation of the phone companies' conduct [16].
Confusing matters further, Verizon and BellSouth have now both publically denied giving customer information to the NSA, though they both had no comment initially after the first report [15]. This would seem at first to suggest the initial story was in error, except that same Financial Times story says, "a senior administration official last week told the FT that the newspaper report was accurate," referring to the original USA Today article. It's not clear what's going on here, but there's some question as to whether it's just a matter of companies using clever wording to make statements of denial that are technically true and simply avoid the facts of their actual involvement. For example, it's speculated that what the NSA collected were long distance phone records, and the long distance sections of each company were aquired through mergers after the NSA program allegedly began. So, it's possible that they say Verizon did not give customer information to the NSA because at the time the long distance division was not part of Verizon, though it is now.
Constitutional Issues
I should mention briefly, that you may wonder whether this NSA program violates the 4th amendment. In 1978, the Supreme Court found in the case of Smith v. Maryland that records of phone numbers called are not protected under the 4th amendment, because there is no "reasonable expectation of privacy" [10]. So, at least according to the SCOTUS, phone call records like the ones collected in the NSA program do not require a warrant under 4th amendment. This was apparently why laws were passed to specifically require warrants for these searches.
Conclusion
The details of this situation are rather confusing, but it still seems fairly clear that the NSA is collecting records about the domestic phone calls of millions of Americans (most of whom are not suspects in any crime) in order to look for patterns that may reveal terrorist activity. This was done in secret, without warrants, and the NSA seems to have been actively avoiding any legal oversight. It can be argued that the NSA may have broken the law by collecting these records, or (if the records were given up voluntarily) it may have simply encouraged or payed phone companies to illegally divulge private information. Because of the secrecy of the program, many details are not clear, nor is the government's reasoning for why this program is legal. It's not clear yet how phone company denials of cooperation fit in with the rest of this picture.
References
- Leslie Cauley. "NSA has massive database of Americans' phone calls." USA Today May 11, 2006
<http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm>
- The program first publicized in the December 16, 2005 New York Times article "Bush Lets U.S. Spy on Callers Without Courts" involved the NSA evesdropping without a warrant on the actual content of phone calls where one caller is overseas and the other is in the US.
- "Bush: U.S. doesn't eavesdrop on phone calls of ordinary Americans." CNN.com May 16, 2006
<http://www.cnn.com/2006/POLITICS/05/16/bush.calls.ap/>
- President's Radio Address. May 16, 2006
<http://www.whitehouse.gov/news/releases/2006/05/20060513.html>
- US Code TITLE 18, PART II, CHAPTER 206, § 3127 (3) and (4)
<http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003127----000-.html>
- US Code TITLE 18, PART II, CHAPTER 206, § 3121 (a), (b), and (d)
<http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003121----000-.html>
- Nolan et al. "ON NSA SPYING: A LETTER TO CONGRESS." The New York Review of Books Volume 53, Number 2, February 9, 2006
<http://www.nybooks.com/articles/18650>
- "Pen register." Wikipedia, The Free Encyclopedia. 16 May 2006, 07:04 UTC. 17 May 2006, 05:20
<http://en.wikipedia.org/w/index.php?title=Pen_register&oldid=53465600>.
-
US Code TITLE 50, CHAPTER 36, SUBCHAPTER III, § 1842
<http://www4.law.cornell.edu/uscode/html/uscode50/usc_sec_50_00001842----000-.html>
- There are provisions for other exceptions under FISA in the case of an emergency or war (Title 50, § 1843 and § 1844), but these only apply for a limited time (48 hrs, or 15 days, respectively) and are apparently not relevant to this program, since it has allegedly been ongoing for almost 5 years.
- Daveed Gartenstein-Ross, "NSA Nonesense." National Review Online 12 May, 2006
<http://article.nationalreview.com/?q=MDZjMDllOTRlYmFlMmQ3ZGEzNDJjNzExYjZiNGMxZWM=>
- Joan Biskupic, "Gathering data may not violate privacy rights, but it could be illegal." USA Today 12 May, 2006
<http://www.usatoday.com/news/washington/2006-05-12-data-gathering_x.htm>
- US Code TITLE 18, PART I, CHAPTER 121, § 2702 (a) (3)
<http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002702----000-.html>
- US Code TITLE 18, PART I, CHAPTER 121, § 2709 (a), and (b) (1)
<http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002709----000-.html>
- " BellSouth, AT&T added to NSA lawsuit." CNN.com 17 May, 2006
<http://www.cnn.com/2006/POLITICS/05/16/NSA.suit/index.html>
- Paul Taylor. "Verizon denies giving NSA phone records." Financial Times 16 May, 2006
<http://news.ft.com/cms/s/4874b5c0-e52e-11da-80de-0000779e2340.html>
- Steve Marshall, "FCC Commissioner Calls for Probe of NSA Phone Spying." KNX 1070 Newsradio 16 May, 2006
<http://www.knx1070.com/pages/36080.php>