Feeds

Supreme Court confirms telco immunity on spying charges

As one door closes, the EFF opens another

  • alert
  • submit to reddit

High performance access to file storage

The US Supreme Court has effectively ruled that the AT&T and other telecommunications companies are immune from prosecution for helping the National Security Agency (NSA) in a large-scale domestic surveillance scheme covering phone calls, emails and internet use.

The court declined to hear an appeal of Hepting v. AT&T, a case that was brought by the Electronic Frontier Foundation (EFF) in 2006 after it was revealed that then-president George Bush had given the NSA full access to the databases of AT&T and others in a nationwide surveillance sweep following the September 11 attacks. As part of the surveillance effort, equipment was also installed in telco offices to aid monitoring of US voice and data traffic.

"We're disappointed in the Supreme Court's decision, since it lets the telecommunications companies off the hook for betraying their customers' trust and violating the law by handing their communications and communications records to the NSA without a warrant," said EFF legal director Cindy Cohn. "But the fight to stop the illegal spying on the American people continues."

The NSA surveillance took place without any court oversight, which is required under the terms of the 1978 Foreign Intelligence Surveillance Act (FISA), set up in the wake of the Nixon wiretapping scandal. The law requires the government to apply for a warrant for domestic spying either before, or shortly after, it takes place.

In 2008, with the EFF case tied up in the courts, Congress passed a revision to FISA which granted retroactive immunity to any telcos for their part in the affair. The bill also allowed for the installation of domestic surveillance equipment so long as it was "reasonably designed" not to grab too much data from third parties.

Upping the ante

The Supreme Court ruling is a setback for the EFF, but the rights organization does have another trick up its sleeve. On Wednesday it filed a new brief in the case of Jewel v. NSA, which sues the NSA directly, as well as George Bush, former VP Dick Cheney, and the former attorney general Alberto Gonzales, over warrantless wiretapping.

The case was opened in 2008 after former AT&T telecommunications technician Mark Klein leaked details of an NSA intercept station at AT&T's San Francisco exchange, dubbed "Room 641A." Klein, who has subsequently written a book about the case, said he was informed that similar NSA outposts were operating across the country.

Jewel v. NSA was dismissed in 2010 after the government argued that any litigation would involve the breaking of "state secrets privilege," but the 9th US Circuit Court of Appeals ruled last year that the case could go on. The next hearing is scheduled to begin in San Francisco's federal court by the end of the year.

The EFF's latest brief argues that the evidence in the case comes from information that is already in the public domain. It includes congressional testimony, an unclassified report from the US Inspector General, and the testimony of not only Klein, but other whistleblowers that have since come forward, including three from the NSA.

Whistle while you work

A 32-year NSA employee William Blinney has testified that in the in the 1990s he helped develop a system celled Thin Thread, which automated the linking of emails, phone calls, and online activity, but operated within US privacy laws by encrypting the intercept data until a court warrant was obtained.

After September 11, he claims, members of his team confided in him that they were being asked to remove the privacy controls from collected data. He resigned shortly afterwards, but testified that the Thin Thread system was later discontinued by the NSA.

Last year, former NSA staffer and Thin Thread team member Thomas Drake told the Web 2.0 conference in San Francisco that the system was dropped in favor of a commercially developed system called Trailblazer, which ended up costing over a billion dollars and apparently did not work as advertised.

Former NSA analyst J. Kirk Wiebe has also testified that Thin Thread would have spotted the September 11 terrorists "in a relatively short period of time," had it been used. To the best of his knowledge, he said, the NSA still relies on searching for specific people from a static database and isn't able to totally link all online activity on a large scale.

Wiebe also testified to the existence of a British government version of the NSA's network – uncovered by The Register and The Sunday Times – dubbed "Mastering the Internet." This multi-billion pound system is thought to link voice and data tracking to commercial databases and to the UK government's signals intelligence offices at GCHQ, despite the agency giving El Reg a non-denial denial.

The law is the law

All this can be used in evidence, as well as a host of other publicly-available and unclassified sources, but the real issue is that the government is breaking the law by enabling large-scale wiretapping in defiance of FISA, Cohn told The Register.

"There's nothing in the revisions to FISA that says it's ok to wiretap the entire country," she said. "Nowhere does it say that this kind of dragnet wiretapping is legal."

She explained that the idea that the government's case should not even be heard by a court, despite FISA laws and the sheer volume of evidence, means it is acting above the law. At the moment the Obama administration is stalling for time, she said, but Congress has already ruled on the issue.

The San Francisco Federal Court was due to hear the EFF's case on November 2, but it was put off until December 14, with another delay not out of the question.

"When the government says this thing is secret, but we've got seven binders of testimony showing it's not, they can’t just argue the case should be shut down without a hearing," Cohn said. "It's getting further and further from the rule of law." ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.