What a stunning display of mendacity. All they (the NSA) need is the number. I guarantee you that they can find the other data themselves, if the Telcos provide them with the numbers doing the calling and recieving.
You stated that the Communications act does not have any provision for customer privacy, I showed where it did, and you have not refuted it.
So far, you haven't provided me, or any other observor of this thread, with a shred of evidence that you know what the hell you are talking about, and have made specific (and pointed) errors about what the Communications act says.
Do you even know what the definition of aggregate is? Prove to me that call center data records, complete with phone numbers, count as aggregate data under the law, or discontinue your pompous tone. It is my contention that they do not, as aggregate data would show how many calls a large group was making without providing any of the specific calls. I'm betting you can't; you already have displayed a lack of knowledge about the contents of the Communications act, so why should you be able to provide this information?
Yes, I have. I was the one that mentioned it here in this thread earlier to as a point against your other statement that telco deregulation took place over the last 6 or 7 years. It says absolutely nothing about call data records.
SEC. 222. [47 U.S.C. 222] PRIVACY OF CUSTOMER INFORMATION.
(a) IN GENERAL.--Every telecommunications carrier has a duty to protect
the confidentiality of proprietary information of, and relating to, other
telecommunication carriers, equipment manufacturers, and customers, including
telecommunication carriers reselling telecommunications services provided by a
telecommunications carrier.
...You are correct that information such as your name, address, and phone number aren't public. Records of who you have called, the duration of the calls, and other information pertaining to your communications, aren't.
...It doesn't matter if the NSA isn't being given that info, we all know they can get that stuff easily enough; it's a matter of the info that they aren't supposed to have without a warrant, namely, records of who you have called.
FCC Commissioner Michael J. Copps: "Recent news reports suggest that some - but interestingly not all - of the nation's largest telephone companies have provided the government with their customers' calling records. There is no doubt that protecting the security of the American people is our government's number one responsibility. But in a Digital Age where collecting, distributing, and manipulating consumers' personal information is as easy as a click of a button, the privacy of our citizens must still matter. To get to the bottom of this situation, the FCC should initiate an inquiry into whether the phone companies' involvement violated Section 222 or any other provisions of the Communications Act. We need to be certain that the companies over which the FCC has public interest oversight have not gone - or been asked to go - to a place where they should not be."
Here's what the Rude Pundit wants to see: he wants Republican Senators Bill Frist, Jon Kyl, Jeff Sessions and more to have a press conference, big fuckin' press conference, with your CNNMSNBCFox in attendance, and he wants to see those sour-faced white men hold up some papers. Yeah, the Rude Pundit wants Bill Frist to announce, "These are our phone records for our home phones, our office phones, and our cell phones, personal and business. They contain every phone number called from those phones. We are handing them over, personally, to the White House, and we trust this administration to use these records fairly, with no fear of misuse now or in the future."...
...watching Republicans proudly state that they could give a **** less if an unchecked, secretive White House, at will, with no law or oversight, collected the phone records of millions of Americans so that they can justify the budget of the intelligence services for another Osama-less fiscal year. See, without offering any kind of tangible result from the program, we are supposed to believe that all the NSA is doing is looking for call patterns that'll prevent, oh, let's say, the ubiquitous dirty bomb from blowing up, because, you know, terrorists who are smart enough to acquire nuclear material and create that kind of weapon are too stupid to suspect they might oughta be careful about who they call. (Actually, that should be the mantra of many of these spying programs: "The NSA: We're Going After the Dumb Ones.")
Fishin', I'm talking directly to you with this post:
Quote:FCC Commissioner Michael J. Copps: "Recent news reports suggest that some - but interestingly not all - of the nation's largest telephone companies have provided the government with their customers' calling records. There is no doubt that protecting the security of the American people is our government's number one responsibility. But in a Digital Age where collecting, distributing, and manipulating consumers' personal information is as easy as a click of a button, the privacy of our citizens must still matter. To get to the bottom of this situation, the FCC should initiate an inquiry into whether the phone companies' involvement violated Section 222 or any other provisions of the Communications Act. We need to be certain that the companies over which the FCC has public interest oversight have not gone - or been asked to go - to a place where they should not be."
Don't ever accuse me of not knowing what I'm talking about again. Mkay?
I'm not interested in whatever legal cases you wish to cite. I'm interested in the fact that you claimed that section 222 of the Federal Communications act didn't apply at all to our current issue, and both I and the FCC commissioner disagreed with you.
I don't have anything left to say to you. Oh, I could argue all day about how this isn't the same as a pen register search, and caselaw and facts about pen register searches, but you've decided that it's more important to look like an ass than to be correct.
So what's the point? It would be a waste of my time, and you'd never admit that you were wrong.
Instead, I'll just think of you and laugh every time something else goes wrong for the Republicans this year.
(a) Application of the Fourth Amendment depends on whether the person invoking its protection can claim a "legitimate expectation of privacy" that has been invaded by government action. This inquiry normally embraces two questions: first, whether the individual has exhibited an actual (subjective) expectation of privacy; and second, whether his expectation is one that society is prepared to recognize as "reasonable." Katz v. United States, 389 U.S. 347 . Pp. 739-741.
Why should I say I'm wrong? I'm obviously not. While you have the FCC Commissioner saying that Section 222 might be involved I have the USSC saying it's not.
Further Thoughts on the Lawfulness of the Newly Disclosed NSA Program
Marty Lederman
* * *
3. The Stored Communications Act. This is the statute that Kate Martin emphasizes in her post.
18 USC 2702(c) prohibits a provider of electronic communication service from divulging to a governmental entity any "record or other information pertaining to a subscriber to or customer of such service" other than the contents of communications, unless the disclosure comes within one of the exceptions of 2702(c). (Somewhat surprisingly, section 2702 does not prohibit the provider from disclosing such information to non-governmental entities -- although other statutes (such as 47 USC 222, see below) may limit such disclosures.) Most of the 2702(c) exceptions are certainly inapplicable here. [UPDATE: Orin Kerr explains here why the other 2702(c) exceptions are inapposite. It appears that one of those exceptions might be at the heart of the Administration's defense of the program. According to a story in tomorrow's Washington Post, the government might be relying on the exemption found in subsection 2702(c)(2), which permits disclosure "with the lawful consent of the customer or subscriber." The theory is quite alarming:
One government lawyer who has participated in negotiations with telecommunications providers said the Bush administration has argued that a company can turn over its entire database of customer records -- and even the stored content of calls and e-mails -- because customers "have consented to that" when they establish accounts. The fine print of many telephone and Internet service contracts includes catchall provisions, the lawyer said, authorizing the company to disclose such records to protect public safety or national security, or in compliance with a lawful government request. . . . Verizon's customer agreement, for example, acknowledges the company's 'duty under federal law to protect the confidentiality of information about the quantity, technical configuration, type, destination, and amount of your use of our service,' but it provides for exceptions to 'protect the safety of customers, employees or property.' Verizon will disclose confidential records, it says, "as required by law, legal process, or exigent circumstances."
Yeah, that argument is sure to go over well with the public: Turns out that the millions of us have all agreed (in the fine print) to this data-mining program. Orin Kerr is fairly dismissive of this argument, based on the doctrine in the context of the analogous wiretap statute that what is required is not constructive consent but "consent in fact."]
If I'm right about this, then the only possible exception to 2702(c)'s prohibition relevant to the NSA program is found in section 2702(c)(1), which permits any disclosure "authorized in section 2703." And the only conceivably pertinent provision of section 2703, in turn, is subsection 2703(c), which provides as follows:
(1) A governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity--
(A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure by a court with jurisdiction over the offense under investigation or equivalent State warrant;
(B) obtains a court order for such disclosure under subsection (d) of this section;
(C) has the consent of the subscriber or customer to such disclosure;
(D) submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title); or
(E) seeks information under paragraph (2).
(2) A provider of electronic communication service or remote computing service shall disclose to a governmental entity the--
(A) name;
(B) address;
(C) local and long distance telephone connection records, or records of session times and durations;
(D) length of service (including start date) and types of service utilized;
(E) telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and
(F) means and source of payment for such service (including any credit card or bank account number),
of a subscriber to or customer of such service when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under paragraph (1).
None of the provisions of subsections 2703(c)(1)(A)-(D) is applicable here. Thus, under subsections 2703(c)(1)(E) and (c)(2), the NSA could compel such disclosure only pursuant to "an administrative subpoena authorized by a Federal or State statute." And there appears to have been no such administrative subpoena here. Ergo, the service providers appear to have violated section 2702(c).
[UPDATE: Previous discussion found here on National Security Letters moved to the end of this post.]
4. The Telecommunications Act of 1996. As I noted in my earlier post, 47 USC 222(a) & (c)(1) provide that every telecom carrier has a "duty" to protect the confidentiality of proprietary information of, and relating to, their customers, and that "[e]xcept as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories."
The information disclosed to the NSA would appear to be customers' "proprietary information," defined in section 222(h)(1) as "(A) information that relates to the quantity, . . . destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and (B) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier."
Accordingly, and without knowing more, the disclosure of such information to the NSA appears to have violated the Telecom Act of 1996, because it was not "required by law."
* * * *
The upshot of all this is that the NSA appears to have induced certain telecom providers to violate 18 USC 2702(c) and 47 USC 222.
Once again, however, I'm hardly an expert on these statutory questions, and I've spent only a couple of hours on them. Therefore I welcome any and all corrections, clarifications and other suggestions.
[UPDATE: In an earlier iteration of this post, I suggested that perhaps the Administration could have obtained the requisite authorization to require the disclosure under 2703(c)(2), and could have avoided application of 47 USC 222, by use of the so-called "national security letter" provisions of 18 USC 2709. I now have reason to think, however, that this was a mistake: Proper use of section 2709 likely would not permit the wholesale collection of the sort of undifferentiated database of phone records at issue here -- especially not by the NSA.
Section 2709, as amended by the USA PATRIOT Act of 2001, provides that a service provider "shall comply with a request for subscriber information and toll billing records information, or electronic communication transactional records in its custody or possession made by the Director of the Federal Bureau of Investigation," if the FBI Director or his designee certifies in writing "that the name, address, length of service, and toll billing records sought are relevant to an authorized investigation to protect against international terrorism . . . . , provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States." (Prior to the PATRIOT Act, the Director had to certify that there was reason to believe either that the information sought pertains to a person or entity that is a foreign power or an agent of a foreign power or that communications facilities registered in the name of that person or entity have been used to communicate with someone engaged in international terrorism or clandestine intelligence activities. The PATRIOT Act eliminated those much more substantial burdens. See also section 215 of the PATRIOT Act, 50 USC 1861, which authorizes the FBI Director, on the basis of a similar sort of certification, to apply for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism.)
In my previous post, I suggested that if only the FBI Director had tendered such a certification (an "NSL") to the service providers here, those providers would have been required to provide the records that they turned over to the NSA, which presumably would have nullified the prohibitions found in sections 2702(c) and 47 USC 222. But I am now led to understand that there are several reasons why that was not an option here. The principal reason is that section 2709 does not contemplate the sort of undifferentiated data-mining requests at issue here; instead, it requires the FBI Director to seek the records of particular persons (hence the requirement of specifying a "name, address, length of service, and toll billing records"). Also, the request must be in the service of an "authorized investigation" -- a term of art that I am told refers to an FBI investigation (not an NSA investigation) that is subject to particular regulations established by Executive Order 12,333, which limits the subject matter of investigations, sets standards for such investigations, requires intenral DOJ oversight, etc. (More along these lines from Kate Martin here.) In addition, any certified FBI investigation emerging from a phone-records database such as this one might well be deemed an "investigation of a United States person . . . conducted solely on the basis of activities protected by the first amendment" (those first amendment activities being phone conversations), which would disqualify it under the plain terms of section 2079 itself. Finally, if the FBI Director were to attempt to use an open-ended NSL for a fishing expedition to obtain from a service provider a vast swath of phone records of multitudes of persons, that might well raise serious Fourth Amendment questions in its own right, because even subpoenas must be sufficiently limited in scope, relevant in purpose, and specific in directive so that compliance will not be unreasonably burdensome. See, e.g., Donovan v. Lone Steer, Inc., 464 U.S. 408, 415 (1984). See, for example, Doe v. Ashcroft, 334 F. Supp. 2d 471, 494-506 (S.D.N.Y. 2004) (declaring that an NSL issued pursuant to section 2709 itself violated the Fourth Amendment).]
Guest Blogger: NSA Again Violates the Law
By Kate Martin
Director, Center for National Security Studies
Today, USA Today reported that the NSA has been secretly collecting the phone records of millions of Americans. The President held a news briefing in which he carefully failed to deny that the program exists. Such surveillance, if not authorized by the FISA court, is illegal. Depending on how it was conducted, it may also have been a crime.
Compiling a data-base of the phone calls of millions of Americans is not likely to find actual terrorists, but is a dangerous threat to the privacy and associational rights of Americans. The NSA is apparently building a database of everyone’s associations, which can then be supplemented with the vast array of other information available to the government.
The administration deceived the American public and the Congress about its activities when it failed to disclose this program. The existence of the program goes to the heart of the recent debates about the Patriot Act, NSA eavesdropping and data-mining.
It is illegal for the NSA to obtain records of phone numbers from the telephone companies unless the FISA court authorized it. The Stored Communications Act prohibits the telephone companies from disclosing such information to the government unless they receive a subpoena or a court order for the records. 18 U.S.C. 2702(c), 2703 (c).
In the case of the NSA, the Foreign Intelligence Surveillance Court would have to issue such an order. It does not appear that it has done so, apparently because the NSA worried that it would not approve such wholesale collection of information.
Moreover, if the NSA obtained such information in real time – using a pen register or trap and trace device – those who did so would be guilty of criminal conduct. (The law on pen registers and trap and trace devices provides that no one may use such a device without obtaining a court order either under the criminal wiretap law or the Foreign Intelligence Surveillance Act. 18 USC 3121.)
Some background: in 1979, the Supreme Court held that no search warrant was required for a pen register recording the numbers dialed from a particular phone number because the use of such a device was not a search under the Fourth Amendment. Smith v. Maryland, 442 U.S. 735 (1979). The Court’s analysis that there was no reasonable expectation of privacy in the phone numbers dialed by an individual rested at least in part on the fact that the pen register obtained limited information. Whether that analysis would apply given new technological surveillance capabilities is not clear.
In all events, Congress thereafter acted to protect the privacy of such information. Just as in the case of the bank secrecy law protecting the privacy of bank records, after the Supreme Court held that such records were not protected by the Fourth Amendment because they were held by the bank, rather than the individual, Congress required the government to obtain a court order for pen registers and trap and trace devices, 18 USC 3121 et seq., and a court order or subpoena for records of past telephone calls.
While the law provides several means for the government to obtain records showing what phone numbers were called or dialed by a particular phone number, in every instance, either a subpoena or court order is required. It appears that the NSA obtained the records of millions of Americans without having the required court order.
If the NSA used a pen register or trap and trace device in real time, it was required to obtain an order from the FISA court, either under the specific pen register provisions, 50 USC 1841 et seq. or under the provisions for electronic surveillance generally, 50 USC 1801 et seq. Under the electronic surveillance provisions, the NSA would have to show the court that the person whose calls were being targeted was an agent of a foreign power. Under the pen register provision, the NSA would have to show the court that the information was relevant to an ongoing terrorism investigation. Despite the low standard for a pen register, it is unlikely that the FISA court would have approved wholesale pen registers on every phone in America.
If the NSA obtained stored records, rather using a real time pen register, it would have to obtain an order from the FISA court under section 215 of the Patriot Act. That section contained an even lower standard for obtaining information.
It is important to note that the Patriot Act specifically provided that the FBI did not need a court order, but could use a National Security Letter – a form of administrative subpoena – to obtain such records. The Congress specifically withheld such subpoena authority from the NSA. The FBI investigates people or groups when it has some predication, however minimal that there is a nexus to terrorist activity. The NSA has no such limitation and thus wasn’t given this broad subpoena power by the Congress. Instead the Congress required the NSA to convince the FISA court that the information would be relevant.
The President evidently decided, that he could ignore even that minimal requirement intended to insure some basic accountability by the NSA and to safeguard Americans’ privacy.
UPDATE:
Since yesterday, more questions have been asked:
Could the FBI simply have obtained the same information using a National Security Letter (NSL) administrative subpoena and then shared the information with the NSA?
The short answer is no.
Some have suggested that the administration could have obtained the same information through the FBI. But this misunderstands the respective roles of the agencies and the limits on FBI and NSA activity. As the NSA would have been first to admit before its cooptation by the White House, it did not do “domestic intelligence.” That was the province of the FBI even when the intelligence concerned foreign threats. The NSA had strict rules protecting information about Americans that it came across, and more fundamentally did not aim its giant satellites and computers at domestic phone and e-mail traffic. The threat to Americans’ privacy from the unselective and enormous computing power of the NSA was too great.
The FBI on the other hand, operates with greater transparency, reports to the Attorney General, not the intelligence czar or the Secretary of Defense, and conducts specific targeted foreign intelligence investigations. As FBI officials repeatedly stress, their terrorism and foreign intelligence investigations start from known facts and look at individual potential suspects. (Which is not to say that they do not do data-mining, but it begins from a different premise.) The Attorney General issues rules governing those investigations. Again, while those rules are weaker than they should be, they do presume targeted investigations; not in the words of General Hayden the “driftnet” over Americans’ phone calls described by USA today.
Accordingly, when Congress gave the FBI the power to issue an NSL administrative subpoena for telephone records in an intelligence investigation, it did not give the FBI the authority to subpoena all records on everyone. When Congress first provided for secret FBI counterintelligence access to stored telephone records in 1986, it limited its access to records concerning a suspected spy or terrorist, i.e., an “agent of a foreign power” under the FISA. Congress broadened the reach of that NSL power in the Patriot Act in 2001 when it deleted the required nexus to a suspected spy or terrorist, and allowed the FBI secret access to telephone records “relevant to an authorized investigation to protect against international terrorism.” 18 USC 2709 (as amended by section 505 of the Patriot Act.). While that amendment has been criticized by all of us in the civil liberties community, it was not without any limit at all. In restricting seizures of records to those relevant to an authorized investigation, Congress incorporated the Attorney General rules as well as its understanding about how FBI investigations proceed.
FBI officials over the years have repeatedly told me that they do not simply collect all data on Americans and would not do so. While they may well collect more data than they should, only unprecedented White House orders could result in the FBI attempting to use its NSL authority to obtain all the phone records that the NSA has now collected. And certainly Congress has never authorized such collection by the FBI.
Could the FISA Court properly issue an order authorizing the NSA to obtain all these records?
We don’t know if the FISA court issued an order, although it seems doubtful. Unlike the telephone calls with Al Qaeda for which a FISA warrant could probably have been obtained, it is not at all clear that the FISA court could properly authorize seizure of all the phone records of all Americans.
In my post yesterday (above), I suggested that the NSA could have sought an order under section 215 of the Patriot Act regarding business records. Upon reflection, I’m not so sure. Given the detailed statutory scheme protecting telephone records, including the pen register laws, the Stored Communications Act and FISA, it would make little sense to conclude that Congress meant to enact a broad override to those protections in section 215. While that section requires a FISA court order, before the recent Patriot Act reauthorization, it contained an almost meaningless standard for issuing that order. The better reading of the law would be to require the NSA to obtain an order under either the pen register or electronic surveillance provisions of the FISA. In neither event, is it likely that they could have obtained an order authorizing seizure of all the phone records of all Americans.