Saturday, May 13

NSA was afriad of FISA Court? Do tell...

Glenn Greenwald points out a key passage from the USA Today Article. The NSA didn't go to FISA because they knew the court would have told them "No, Way!".

Ya think?

Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events. More

The question I have is, since FISA and court orders are usually only required when a suspect refuses to cooperate, exactly where does that put us since Verizon, AT&T and Bellsouth all agreed to supply this information?

As many of us have written, including myself here and here, the likelyhood that the request to gain access to these records could have possibly gotten past the rubber-stamp FISA court are somewhere deep south of slim and fucking nil.


How much of that point is rendered moot by the voluantary compliance of the Telcoms? As has already been discussed, the type of information sought by the government (that which would have been available via use of a pen and register or trap device) would have normally required a FISA Warrant 18 USC 3121 - but we've all seen CSI right? A warrant is only required if the cops ask you for something and you don't want to give it too them - on the other hand if you agree to let the white-gloved man open your trunk where the bundles of wet drippping rags of blood are stashed -- that's your ass pal.

So based on a technicality, at this point I doesn't seem that this NSA Phone Log program neccesarily violated FISA.

But is FISA the only law at stake here?

The issue needs to be focused on the actions of Verizon, AT&T and Bellsouth. Although previous Supreme Court decisions have stated that the phone numbers called and call time information is the property of the Telcom companies, not it's customers, there is still the issue of the Stored Communications Act which prohibits companies from voluanteering this information without the presense of a warrant. 18 U.S.C. 2702(c), 2703 (c).

2702(c) Exceptions for Disclosure of Customer Records.-- A provider described in subsection (a) may divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a)(1) or (a)(2))--
    (1) as otherwise authorized in section 2703;
    (2) with the lawful consent of the customer or subscriber;
    (3) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service;
    (4) to a governmental entity, if the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information;
    (5) to the National Center for Missing and Exploited Children, in connection with a report submitted thereto under section 227 of the Victims of Child Abuse Act of 1990 (42 U.S.C. 13032); or
    (6) to any person other than a governmental entity.

Uh oh - I think Ma Bell's in trouble, unless they can successfully argue that their grant of this request was based on a clear Emergency Involving IMMEDIATE danger of death or serious physical injury!

But could the NSA or FBI even ask for it without a court order?

2703 (c) Records Concerning Electronic Communication Service or Remote Computing Service.--
(1) A governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity--
(A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure by a court with jurisdiction over the offense under investigation or equivalent State warrant;
(B) obtains a court order for such disclosure under subsection (d) of this section;
(C) has the consent of the subscriber or customer to such disclosure; or [1]
(D) submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title); or
(E) seeks information under paragraph (2).

So it seems to me, that absent a warrant or court order - the telecom company CAN NOT DIVULGE this information unless they have the consent of the customer. Did they? Could it be in the fine print?

In the Verizon Privacy Policy it is noted that the company may disclose information.

Disclosure of Information Outside Verizon
As a rule, Verizon will notify you and give you the opportunity to "opt out" when we disclose telephone customer information outside of Verizon. In fact, we generally keep our records of the services you buy and the calls you make private, and will not ordinarily disclose this information to outside parties without your permission. However, we do release customer information without involving you if disclosure is required by law or to protect the safety of customers, employees or property.

The policy further notes that Verizon will comply with Court Orders, but not that they will volantarily provide this information to the FBI, NSA or other agency - and arguably under the Stored Communications Act, they can't voluanteer YOUR information without your approval.

Just as an aside, I noticed from looking at AT&T Privacy Information that they are connected to SBC, and we already know that this program wasn't just limited to phone calls, it involved emails as well - and I know from experience that SBC is linked to YAHOO MAIL. (That's right, all those free addresses are probably now stored at NSA!!)

Anyway both AT&T and Bellsouth admit in their privacy documentation that they will comply with a court order - neither of them admit that they'll roll over and bark when the goverment throws them a fat classified contracting bone - the type of which they threated to deny Qwest if they didn't comply.

Ok, let's assume for a second that Qwest was wrong and Verizon was right, that under the "Emergency" conditions of the SCA (Update from Comments: where of course the never-ending War On Terra is a perfect permenent "Emergency") they could lawfully share this information with the NSA without a court order and without notifying their customers - could they then grant access only to the phone numbers and call times?

Under section 2703(2), which details the types of information that can be shared, once all other requirements (court order, etc) have been met - apparently not.

(2) A provider of electronic communication service or remote computing service shall disclose to a governmental entity the--
    (A) name;
    (B) address;

    (C) local and long distance telephone connection records, or records of session times and durations;
    (D) length of service (including start date) and types of service utilized;
    (E) telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and
    (F) means and source of payment for such service (including any credit card or bank account number),

Name, Address and Credit Card Info is to be and can be provided? Hel-lo! Are we supposed to believe that the NSA asked for call times and numbers only while building the "Biggest. Database. Ever." but didn't bother to also connect-the-dots to each persons name, address and card info when they had the chance?

If you believe that one you can spank my ass and call me "Dusty Scooter Duke Nine-Fingers" all night long.

[Update:Perhaps this is why former NSA Signint Officer Russel Tice says - we ain't seen nothing yet!]


No comments: