Feeds

Supreme Court confirms telco immunity on spying charges

As one door closes, the EFF opens another

  • alert
  • submit to reddit

Top three mobile application threats

The US Supreme Court has effectively ruled that the AT&T and other telecommunications companies are immune from prosecution for helping the National Security Agency (NSA) in a large-scale domestic surveillance scheme covering phone calls, emails and internet use.

The court declined to hear an appeal of Hepting v. AT&T, a case that was brought by the Electronic Frontier Foundation (EFF) in 2006 after it was revealed that then-president George Bush had given the NSA full access to the databases of AT&T and others in a nationwide surveillance sweep following the September 11 attacks. As part of the surveillance effort, equipment was also installed in telco offices to aid monitoring of US voice and data traffic.

"We're disappointed in the Supreme Court's decision, since it lets the telecommunications companies off the hook for betraying their customers' trust and violating the law by handing their communications and communications records to the NSA without a warrant," said EFF legal director Cindy Cohn. "But the fight to stop the illegal spying on the American people continues."

The NSA surveillance took place without any court oversight, which is required under the terms of the 1978 Foreign Intelligence Surveillance Act (FISA), set up in the wake of the Nixon wiretapping scandal. The law requires the government to apply for a warrant for domestic spying either before, or shortly after, it takes place.

In 2008, with the EFF case tied up in the courts, Congress passed a revision to FISA which granted retroactive immunity to any telcos for their part in the affair. The bill also allowed for the installation of domestic surveillance equipment so long as it was "reasonably designed" not to grab too much data from third parties.

Upping the ante

The Supreme Court ruling is a setback for the EFF, but the rights organization does have another trick up its sleeve. On Wednesday it filed a new brief in the case of Jewel v. NSA, which sues the NSA directly, as well as George Bush, former VP Dick Cheney, and the former attorney general Alberto Gonzales, over warrantless wiretapping.

The case was opened in 2008 after former AT&T telecommunications technician Mark Klein leaked details of an NSA intercept station at AT&T's San Francisco exchange, dubbed "Room 641A." Klein, who has subsequently written a book about the case, said he was informed that similar NSA outposts were operating across the country.

Jewel v. NSA was dismissed in 2010 after the government argued that any litigation would involve the breaking of "state secrets privilege," but the 9th US Circuit Court of Appeals ruled last year that the case could go on. The next hearing is scheduled to begin in San Francisco's federal court by the end of the year.

The EFF's latest brief argues that the evidence in the case comes from information that is already in the public domain. It includes congressional testimony, an unclassified report from the US Inspector General, and the testimony of not only Klein, but other whistleblowers that have since come forward, including three from the NSA.

Whistle while you work

A 32-year NSA employee William Blinney has testified that in the in the 1990s he helped develop a system celled Thin Thread, which automated the linking of emails, phone calls, and online activity, but operated within US privacy laws by encrypting the intercept data until a court warrant was obtained.

After September 11, he claims, members of his team confided in him that they were being asked to remove the privacy controls from collected data. He resigned shortly afterwards, but testified that the Thin Thread system was later discontinued by the NSA.

Last year, former NSA staffer and Thin Thread team member Thomas Drake told the Web 2.0 conference in San Francisco that the system was dropped in favor of a commercially developed system called Trailblazer, which ended up costing over a billion dollars and apparently did not work as advertised.

Former NSA analyst J. Kirk Wiebe has also testified that Thin Thread would have spotted the September 11 terrorists "in a relatively short period of time," had it been used. To the best of his knowledge, he said, the NSA still relies on searching for specific people from a static database and isn't able to totally link all online activity on a large scale.

Wiebe also testified to the existence of a British government version of the NSA's network – uncovered by The Register and The Sunday Times – dubbed "Mastering the Internet." This multi-billion pound system is thought to link voice and data tracking to commercial databases and to the UK government's signals intelligence offices at GCHQ, despite the agency giving El Reg a non-denial denial.

The law is the law

All this can be used in evidence, as well as a host of other publicly-available and unclassified sources, but the real issue is that the government is breaking the law by enabling large-scale wiretapping in defiance of FISA, Cohn told The Register.

"There's nothing in the revisions to FISA that says it's ok to wiretap the entire country," she said. "Nowhere does it say that this kind of dragnet wiretapping is legal."

She explained that the idea that the government's case should not even be heard by a court, despite FISA laws and the sheer volume of evidence, means it is acting above the law. At the moment the Obama administration is stalling for time, she said, but Congress has already ruled on the issue.

The San Francisco Federal Court was due to hear the EFF's case on November 2, but it was put off until December 14, with another delay not out of the question.

"When the government says this thing is secret, but we've got seven binders of testimony showing it's not, they can’t just argue the case should be shut down without a hearing," Cohn said. "It's getting further and further from the rule of law." ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
US Supreme Court supremo rakes Aereo lawman in oral arguments
Antenna-array content streamers: 'Ruling against us could dissipate the cloud'
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.