Questions Raised for Phone Giants in Spy Data Furor
By John Markoff
Those companies insisted yesterday that they were vigilant about their customers' privacy, but did not directly address their cooperation with the government effort, which was reported on Thursday by USA Today. Verizon said that it provided customer information to a government agency "only where authorized by law for appropriately defined and focused purposes," but that it could not comment on any relationship with a national security program that was "highly classified."
Legal experts said the companies faced the prospect of lawsuits seeking billions of dollars in damages over cooperation in the program, citing communications privacy legislation stretching back to the 1930's. A federal lawsuit was filed in Manhattan yesterday seeking as much as $50 billion in civil damages against Verizon on behalf of its subscribers.
For a second day, there was political fallout on Capitol Hill, where Senate Democrats intend to use next week's confirmation hearings for a new C.I.A. director to press the Bush administration on its broad surveillance programs.
As senior lawmakers in Washington vowed to examine the phone database operation and possibly issue subpoenas to the telephone companies, executives at some of the companies said they would comply with requests to appear on Capitol Hill but stopped short of describing how much would be disclosed, at least in public sessions.
"If Congress asks us to appear, we will appear," said Selim Bingol, a spokesman at AT&T. "We will act within the laws and rules that apply."
Qwest was apparently alone among the four major telephone companies to have resisted the requests to cooperate with the government effort. A statement issued on behalf of Mr. Nacchio yesterday by his lawyer, Herbert J. Stern, said that after the government's first approach in the fall of 2001, "Mr. Nacchio made inquiry as to whether a warrant or other legal process had been secured in support of that request."
"When he learned that no such authority had been granted, and that there was a disinclination on the part of the authorities to use any legal process," Mr. Nacchio concluded that the requests violated federal privacy requirements "and issued instructions to refuse to comply."
The statement said the requests continued until Mr. Nacchio left in June 2002. His departure came amid accusations of fraud at the company, and he now faces federal charges of insider trading.
The database reportedly assembled by the security agency from calling records has dozens of fields of information, including called and calling numbers and the duration of calls, but nothing related to the substance of the calls. But it could permit what intelligence analysts and commercial data miners refer to as "link analysis," a statistical technique for investigators to identify calling patterns in a seemingly impenetrable mountain of digital data.
The law governing the release of phone company data has been modified repeatedly to grapple with changing computer and communications technologies that have increasingly bedeviled law enforcement agencies. The laws include the Communications Act, first passed in 1934, and a variety of provisions of the Electronic Communications and Privacy Act, including the Stored Communications Act, passed in 1986.
Wiretapping - actually listening to phone calls - has been tightly regulated by these laws. But in general, the laws have set a lower legal standard required by the government to obtain what has traditionally been called pen register or trap-and-trace information - calling records obtained when intelligence and police agencies attached a specialized device to subscribers' telephone lines.
Those restrictions still hold, said a range of legal scholars, in the face of new computer databases with decades' worth of calling records. AT&T created such technology during the 1990's for use in fraud detection and has previously made such information available to law enforcement with proper warrants.
Orin Kerr, a former federal prosecutor and assistant professor at George Washington University, said his reading of the relevant statutes put the phone companies at risk for at least $1,000 per person whose records they disclosed without a court order.
"This is not a happy day for the general counsels" of the phone companies, he said. "If you have a class action involving 10 million Americans, that's 10 million times $1,000 - that's 10 billion."
The New Jersey lawyers who filed the federal suit against Verizon in Manhattan yesterday, Bruce Afran and Carl Mayer, said they would consider filing suits against BellSouth and AT&T in other jurisdictions.
"This is almost certainly the largest single intrusion into American civil liberties ever committed by any U.S. administration," Mr. Afran said. "Americans expect their phone records to be private. That's our bedrock governing principle of our phone system." In addition to damages, the suit seeks an injunction against the security agency to stop the collection of phone numbers.
Several legal experts cited ambiguities in the laws that may be used by the government and the phone companies to defend the National Security Agency program.
"There's a loophole," said Mark Rasch, the former head of computer-crime investigations for the Justice Department and now the senior vice president of Solutionary, a computer security company. "Records of phones that have called each other without identifying information are not covered by any of these laws."
Civil liberties lawyers were quick to dispute that claim.
"This is an incredible red herring," said Kevin Bankston, a lawyer for the Electronic Frontier Foundation, a privacy rights group that has sued AT&T over its cooperation with the government, including access to calling records. "There is no legal process that contemplates getting entire databases of data."
The group sued AT&T in late January, contending that the company was violating the law by giving the government access to its customer call record data and permitting the agency to tap its Internet network. The suit followed reports in The New York Times in December that telecommunications companies had cooperated with such government requests without warrants.
A number of industry executives pointed to the national climate in the wake of the Sept. 11 attacks to explain why phone companies might have risked legal entanglement in cooperating with the requests for data without warrants.
An AT&T spokesman said yesterday that the company had gotten some calls and e-mail messages about the news reports, but characterized the volume as "not heavy" and said there were responses on both sides of the issue.
Reaction around the country also appeared to be divided.
Cathy Reed, 45, a wealth manager from Austin, Tex., who was visiting Boston, said she did not see a problem with the government's reviewing call logs. "I really don't think it matters," she said. "I bet every credit card company already has them."
Others responded critically. Pat Randall, 63, a receptionist at an Atlanta high-rise, said, "Our phone conversations are just personal, and to me, the phone companies that cooperated, I think we should move our phone services to the company that did not cooperate."
While the telephone companies have both business contracts and regulatory issues before the federal government, executives in the industry yesterday dismissed the notion that they felt pressure to take part in any surveillance programs. The small group of executives with the security clearance necessary to deal with the government on such matters, they said, are separate from the regulatory and government contracting divisions of the companies.
--------
Reporting for this article was contributed by Ken Belson, Brenda Goodman, Stephen Labaton, Matt Richteland Katie Zezima.