Vyan

Thursday, May 11

NSA Tracking Tens of Millions of Domestic Calls

USA Today has reported that the NSA surveillance program, rather than being restricted to "international calls" by suspected terrorist agents into and out of the U.S., has instead been contracting with AT&T, BellSouth and Verizon to create a massive database of domestic calls.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren't suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

QUESTIONS AND ANSWERS: The NSA record collection program

"It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.

The three telecommunications companies are working under contract with the NSA, which launched the program in 2001 shortly after the Sept. 11 terrorist attacks, the sources said. The program is aimed at identifying and tracking suspected terrorists, they said.

Coincidentally, President Bush's fresh new choice to replace Porter Goss as the head of the CIA, General Michael Hayden - the man who doesn't seem to know what the 4th Amendment says - appears to have already admitted to this program in an interview from 2002.

I have met personally with prominent corporate executive officers. (One senior executive confided that the data management needs we outlined to him were larger than any he had previously seen). [...] And last week we cemented a deal with another corporate giant to jointly develop a system to mine data that helps us learn about our targets.
This program is clearly illegal and has been carried out without a court order in clear violation of the 4th amendments prohibition of "reasonable search and seizure" - how could any of this information ever be used in court under the fruits of the poison tree rule?

Moments ago
, the President in response to the USA Today report stated.

Today there are new claims about other ways we are tracking down al Qaeda to prevent attacks on America. I want to make some important points about what the government is doing and what the government is not doing.

First, our international activities strictly target al Qaeda and their known affiliates. Al Qaeda is our enemy, and we want to know their plans. Second, the government does not listen to domestic phone calls without court approval. Third, the intelligence activities I authorized are lawful and have been briefed to appropriate members of Congress, both Republican and Democrat. Fourth, the privacy of ordinary Americans is fiercely protected in all our activities.

We're not mining or trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to al Qaeda and their known affiliates. So far we've been very successful in preventing another attack on our soil.


But is the process of tracking phone calls genuinely legal?
Under Section 222 of the Communications Act, first passed in 1934, telephone companies are prohibited from giving out information regarding their customers' calling habits: whom a person calls, how often and what routes those calls take to reach their final destination. Inbound calls, as well as wireless calls, also are covered....

In the case of the NSA's international call-tracking program, Bush signed an executive order allowing the NSA to engage in eavesdropping without a warrant. The president and his representatives have since argued that an executive order was sufficient for the agency to proceed. Some civil liberties groups, including the American Civil Liberties Union, disagree....

In December, The New York Times revealed that Bush had authorized the NSA to wiretap, without warrants, international phone calls and e-mails that travel to or from the USA. The following month, the Electronic Frontier Foundation, a civil liberties group, filed a class-action lawsuit against AT&T. The lawsuit accuses the company of helping the NSA spy on U.S. phone customers.

Last month, U.S. Attorney General Alberto Gonzales alluded to that possibility. Appearing at a House Judiciary Committee hearing, Gonzales was asked whether he thought the White House has the legal authority to monitor domestic traffic without a warrant. Gonzales' reply: "I wouldn't rule it out." His comment marked the first time a Bush appointee publicly asserted that the White House might have that authority.

Further according to one DKos Poster who called to complain to his cell phone provider Cingular Wireless, which is a subsidiary of AT&T and Bellsouth, was directed to the following URL. http://www.cingular.com/...

The following are excerpts of their privacy policy:

We will not sell or disclose your personal information to unaffiliated third parties without your consent except as otherwise provided in this Policy. We may use information about who you are, where and when you browse on the Web, where your wireless device is located, and how you use our network to provide you better service and enrich your user experience when you sign up or use any of our products or services.

[snip...]

Under federal law, you have a right, and we have a duty, to protect the confidentiality of information about your telephone usage, the services you buy from us, who you call, and the location of your device on our network when you make a voice call. This information is sometimes referred to as "Customer Proprietary Network Information," or "CPNI." We share CPNI and other personal information about you with affiliates of AT&T and BellSouth Corporation (the parent companies of Cingular) that provide telecommunications services to which you also subscribe. Before sharing CPNI in any other way, we will first notify you of your rights under the law, describe how we intend to use the CPNI, and give you an opportunity to opt out of such usage (or, when required by law, to opt in

Some more background on CPNI.

n the United States, CPNI (Customer Proprietary Network Information) is information that telecommunications services such as local, long distance, and wireless telephone companies acquire about their subscribers. It includes not only what services they use but their amount and type of usage. The Telecommunications Act of 1996 together with clarifications from the Federal Communications Commission (FCC) generally prohibits the use of that information without customer permission, even for the purpose of marketing the customers other services. In the case of customers who switch to other service providers, the original service provider is prohibited from using the information to try to get the customer back. CPNI includes such information as optional services subscribed to, current charges, directory assistance charges, usage data, and calling patterns.

The CPNI rules do not prohibit the gathering and publishing of aggregate customer information nor the use of customer information for the purpose of creating directories.

Under the Telecom Act of 1996 Service Providers must protect customer information:

(a) In general

Every telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier.

    (b) Confidentiality of carrier information

    A telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts.

    (c) Confidentiality of customer proprietary network information
    (1) Privacy requirements for telecommunications carriers
    Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.

However, there are some exceptions...

(d) Exceptions
Nothing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to customer proprietary network information obtained from its customers, either directly or indirectly through its agents—

    (1) to initiate, render, bill, and collect for telecommunications services;

    (2) to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services;

    (3) to provide any inbound telemarketing, referral, or administrative services to the customer for the duration of the call, if such call was initiated by the customer and the customer approves of the use of such information to provide such service; and

    (4) to provide call location information concerning the user of a commercial mobile service (as such term is defined in section 332 (d) of this title)—

      (A) to a public safety answering point, emergency medical service provider or emergency dispatch provider, public safety, fire service, or law enforcement official, or hospital emergency or trauma care facility, in order to respond to the user’s call for emergency services;

      (B) to inform the user’s legal guardian or members of the user’s immediate family of the user’s location in an emergency situation that involves the risk of death or serious physical harm; or

      (C) to providers of information or database management services solely for purposes of assisting in the delivery of emergency services in response to an emergency.

Also this confidentially requirement is not absolute and contains a loophole for "aggregate" information.

(c) Confidentiality of customer proprietary network information


    (1) Privacy requirements for telecommunications carriers
    Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.

    (2) Disclosure on request by customers
    A telecommunications carrier shall disclose customer proprietary network information, upon affirmative written request by the customer, to any person designated by the customer.

    (3) Aggregate customer information
    A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information other than for the purposes described in paragraph (1). A local exchange carrier may use, disclose, or permit access to aggregate customer information other than for purposes described in paragraph (1) only if it provides such aggregate information to other carriers or persons on reasonable and nondiscriminatory terms and conditions upon reasonable request therefor.

My own suspicion is that the Bush Administration is going to attempt to use the arguement that this program qualifies under the "emergency" exception and is only designed to gather "Aggregate" data - but whether that dodge of the Telecom Acts specific privacy requirements is suffucient remains to be seen, and is frankly rather doubtful as Glenn Greenwald points out today the kind of information described by the USA Today article seems to include that recorded by a Pen Register device (only on a much larger scale) and is already covered under FISA.

Additionally georgia10 has pointed out that disclosing this kind of electronically stored information without a court order, even without FISA, is illegal as a cybercrime under 18 U.S.C. section 2702,

Meanwhile, the legality of the already revealed domestic surveillance program remains in great doubt - the NSA has refused to provide appropriate security clearances the Department of Justice - which would allow them to investigate and verify the legallity of how things are being conducted. From the AP:

Security issue kills domestic spying inquiry
NSA won't grant Justice Department lawyers required security clearance

WASHINGTON - The government has abruptly ended an inquiry into the warrantless eavesdropping program because the National Security Agency refused to grant Justice Department lawyers the necessary security clearance to probe the matter.

The inquiry headed by the Justice Department's Office of Professional Responsibility, or OPR, sent a fax to Rep. Maurice Hinchey, D-N.Y., on Wednesday saying they were closing their inquiry because without clearance their lawyers cannot examine Justice lawyers' role in the program.

"We have been unable to make any meaningful progress in our investigation because OPR has been denied security clearances for access to information about the NSA program," OPR counsel H. Marshall Jarrett wrote to Hinchey. Hinchey's office shared the letter with The Associated Press.

... "Without these clearances, we cannot investigate this matter and therefore have closed our investigation," wrote Jarrett.

So here we have a situation where the President promises that his actions are legal, even though the FISA Law specifically states that it is the sole and exclusive method in with surveillance of this type will be conducted, we also the revelation that the government has conducted warrantless physical searches. Then, when the Congress begins to grumble about investigating the NSA program the White House practically twists their arms off in order to shut that investigation down, and when the governments own lawyers in the DOJ want to investigate - they get blocked.

Despite the Presidents claims, we already know that these activities are not limited to suspected members of al Qaeda and their associates. So just what is going on here? Have we started a War thousands of miles a way in order to "protect freedom" only to have it gradually stripped away at home? No more Habeas Corpus? Illegal search and seizure, kidnapping, secret detention and torture, and possibly even assasination are now viable options?

I strongly suspect, that's exactly what is going on.

Vyan

No comments: