Protection from prying NSA eyes

A (Classified) proposal

The Essential Guide to IT Transformation

Comment From the US Fourth Amendment, the Stored Communications Act and US wiretap laws to the Pen-register statute, Mark Rasch looks at legal protections available to the telecommunications companies and individual Americans in the wake of the NSA's massive spying program.

Imagine being the head of a major telecommunications company in the United States. You and your lawyers have developed a carefully worded privacy policy to conform with the law. In it you tell your customers that you do not share information about your customers' use of your services except for particular business purposes, and to ensure that the calls get through. You also tell your customers that you, of course, give information in response to lawful subpoenas or lawful mandates of law enforcement agencies. And that's about it.

One day, you receive a visit from agents of the National Security Agency (NSA), who make a formal "request" that you, as a patriotic American company, turn over records of telephone calls made by millions of customers in the interests of "national security". If you don't do it, the agent reminds you, you probably wont get those lucrative government contracts, and you certainly won't get any work with any classified government agencies. If you do it, you may open yourself up to class action litigation. What do you do?

Unfortunately, there currently is no way for you do go to any court and get a definitive ruling on what you are allowed – or required – to do. I propose that we open up the super-secret FISA court to allow private citizens or companies that receive requests or demands from the government to demand judicial intervention in a way that would protect national security, and act as a check and balance on any unlimited powers of the Executive Branch.

NSA monitoring millions of Americans

On Thursday, 11 May, USA Today disclosed that several US telephone companies gave over records relating to telephone calls made by millions of Americans to the National Security Agency in the wake of the events of 11 September, 2001.

We do not know the scope of this program. As reported to date, the government requested that various telephone companies turn over calling pattern information on millions of US origin telephone calls – these are reportedly calls that both originated and terminated in the United States.

At least one report has suggested that the program worked as follows: the government would have a suspected al-Qaeda suspect, and would learn of telephone numbers he or she called, or merely possessed. If any of these telephone numbers were located in the United States, the NSA would then attempt to learn what these numbers were, and who these people had called. Thus, if you operate a local Dominoes pizza, and received a call from someone who received a call from someone who the government suspected was associated with a terrorist, then Dominoes would make it to the list of suspects.

The President has suggested that the program is more narrow than this, stating so in his weekly radio address on 13 May, 2006.

"It is important for Americans to understand that our activities strictly target al Qaeda and its known affiliates...The privacy of all Americans is fiercely protected in all our activities. The government does not listen to domestic phone calls without court approval. We are not trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to al Qaeda terrorists and its affiliates who want to harm the American people."

Does this mean that the records of telephone calls requested from the telephone companies were only those of al Qaeda and its known affiliates? Does that mean that the NSA neither sought nor received the records of phone calls of "millions of innocent Americans" so it could troll through them? Or does it mean that, while the government didn't listen in on purely domestic calls (where the source and destination were in the United States), the NSA might have obtained records of the calls made by many millions of other callers, but did so in order to "target" al Qaeda or others? Or that the President doesn't believe that reviewing the records of calls made and received constitutes "trolling" into a part of American's "personal lives?" Right now, we just don't know, and if the NSA has anything to say about it, we probably will never know.

Other reports indicate that the program may not have even been as narrow as suggested. It is possible that the NSA requested all calling data from the phone companies – that is every telephone number called by every other telephone number. Indeed, this would not be very different from what the government did with the airlines in the wake of 9/11, when it asked for records of every flight taken by every person in America, despite the fact that the airlines had promised they wouldn't give that information out.

In the airline case, at least one federal court held that these records, being records of the airlines themselves, could lawfully be turned over to the government (in that case, NASA, not the NSA) privacy policies notwithstanding. So it is altogether possible that the NSA has requested, and the phone companies have disclosed, records of every call made and received. Assuming this to be the case, is it illegal? The answer is not so clear.

Whose data is it anyway?

The reports to date tend to indicate that the records turned over to the NSA were records of telephone calls from numbers within the United States. This would essentially be "raw data" – for example, that telephone number (202) 555-1213 called telephone number (313) 555-0802 on a particular date, at a particular time, and that the conversation lasted for a particular period of time.

There are various laws that protect the privacy of telephone records in the United States. First and foremost, there is the Fourth Amendment which provides that:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

For some reason, when this Amendment was drafted in 1791, the drafters left out the terms "telephone records" and "intercepted communications" and "Voice Over Internet Protocol". Possibly just an 18th Century oversight. Indeed, the United States Supreme Court initially found in 1928 that you can't "seize" a telephone call, and therefore the Fourth Amendment didn't apply to phone calls. It wasn't until 1967 that the Court finally realised that the Constitution protects the rights of privacy of persons, not just places, and therefore warrants were required if you wanted to listen in on the contents of communications.

Build a business case: developing custom apps

Next page: Wrapper information

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.