<incom> Markoff, Questions Raised for Phone Giants in Spy Data Furor

[Soenke Zehle]

Questions Raised for Phone Giants in Spy Data Furor
By JOHN MARKOFF
Published: May 13, 2006
<http://www.nytimes.com/2006/05/13/washington/13phone.html?_r=1&th&emc=th&oref=slogin>

The former chief executive of Qwest, the nation's fourth-largest phone 
company, rebuffed government requests for the company's calling records 
after 9/11 because of "a disinclination on the part of the authorities 
to use any legal process," his lawyer said yesterday.

The statement on behalf of the former Qwest executive, Joseph P. 
Nacchio, followed a report that the other big phone companies — AT&T, 
BellSouth and Verizon — had complied with an effort by the National 
Security Agency to build a vast database of calling records, without 
warrants, to increase its surveillance capabilities after the Sept. 11 
attacks.

Those companies insisted yesterday that they were vigilant about their 
customers' privacy, but did not directly address their cooperation with 
the government effort, which was reported on Thursday by USA Today. 
Verizon said that it provided customer information to a government 
agency "only where authorized by law for appropriately defined and 
focused purposes," but that it could not comment on any relationship 
with a national security program that was "highly classified."

Legal experts said the companies faced the prospect of lawsuits seeking 
billions of dollars in damages over cooperation in the program, citing 
communications privacy legislation stretching back to the 1930's. A 
federal lawsuit was filed in Manhattan yesterday seeking as much as $50 
billion in civil damages against Verizon on behalf of its subscribers.

For a second day, there was political fallout on Capitol Hill, where 
Senate Democrats intend to use next week's confirmation hearings for a 
new C.I.A. director to press the Bush administration on its broad 
surveillance programs.

As senior lawmakers in Washington vowed to examine the phone database 
operation and possibly issue subpoenas to the telephone companies, 
executives at some of the companies said they would comply with requests 
to appear on Capitol Hill but stopped short of describing how much would 
be disclosed, at least in public sessions.

"If Congress asks us to appear, we will appear," said Selim Bingol, a 
spokesman at AT&T. "We will act within the laws and rules that apply."

Qwest was apparently alone among the four major telephone companies to 
have resisted the requests to cooperate with the government effort. A 
statement issued on behalf of Mr. Nacchio yesterday by his lawyer, 
Herbert J. Stern, said that after the government's first approach in the 
fall of 2001, "Mr. Nacchio made inquiry as to whether a warrant or other 
legal process had been secured in support of that request."

"When he learned that no such authority had been granted, and that there 
was a disinclination on the part of the authorities to use any legal 
process," Mr. Nacchio concluded that the requests violated federal 
privacy requirements "and issued instructions to refuse to comply."

The statement said the requests continued until Mr. Nacchio left in June 
2002. His departure came amid accusations of fraud at the company, and 
he now faces federal charges of insider trading.

The database reportedly assembled by the security agency from calling 
records has dozens of fields of information, including called and 
calling numbers and the duration of calls, but nothing related to the 
substance of the calls. But it could permit what intelligence analysts 
and commercial data miners refer to as "link analysis," a statistical 
technique for investigators to identify calling patterns in a seemingly 
impenetrable mountain of digital data.

The law governing the release of phone company data has been modified 
repeatedly to grapple with changing computer and communications 
technologies that have increasingly bedeviled law enforcement agencies. 
The laws include the Communications Act, first passed in 1934, and a 
variety of provisions of the Electronic Communications and Privacy Act, 
including the Stored Communications Act, passed in 1986.

Wiretapping — actually listening to phone calls — has been tightly 
regulated by these laws. But in general, the laws have set a lower legal 
standard required by the government to obtain what has traditionally 
been called pen register or trap-and-trace information — calling records 
obtained when intelligence and police agencies attached a specialized 
device to subscribers' telephone lines.

Those restrictions still hold, said a range of legal scholars, in the 
face of new computer databases with decades' worth of calling records. 
AT&T created such technology during the 1990's for use in fraud 
detection and has previously made such information available to law 
enforcement with proper warrants.

Orin Kerr, a former federal prosecutor and assistant professor at George 
Washington University, said his reading of the relevant statutes put the 
phone companies at risk for at least $1,000 per person whose records 
they disclosed without a court order.

"This is not a happy day for the general counsels" of the phone 
companies, he said. "If you have a class action involving 10 million 
Americans, that's 10 million times $1,000 — that's 10 billion."

The New Jersey lawyers who filed the federal suit against Verizon in 
Manhattan yesterday, Bruce Afran and Carl Mayer, said they would 
consider filing suits against BellSouth and AT&T in other jurisdictions.

"This is almost certainly the largest single intrusion into American 
civil liberties ever committed by any U.S. administration," Mr. Afran 
said. "Americans expect their phone records to be private. That's our 
bedrock governing principle of our phone system." In addition to 
damages, the suit seeks an injunction against the security agency to 
stop the collection of phone numbers.

Several legal experts cited ambiguities in the laws that may be used by 
the government and the phone companies to defend the National Security 
Agency program.

"There's a loophole," said Mark Rasch, the former head of computer-crime 
investigations for the Justice Department and now the senior vice 
president of Solutionary, a computer security company. "Records of 
phones that have called each other without identifying information are 
not covered by any of these laws."

Civil liberties lawyers were quick to dispute that claim.

"This is an incredible red herring," said Kevin Bankston, a lawyer for 
the Electronic Frontier Foundation, a privacy rights group that has sued 
AT&T over its cooperation with the government, including access to 
calling records. "There is no legal process that contemplates getting 
entire databases of data."

The group sued AT&T in late January, contending that the company was 
violating the law by giving the government access to its customer call 
record data and permitting the agency to tap its Internet network. The 
suit followed reports in The New York Times in December that 
telecommunications companies had cooperated with such government 
requests without warrants.

A number of industry executives pointed to the national climate in the 
wake of the Sept. 11 attacks to explain why phone companies might have 
risked legal entanglement in cooperating with the requests for data 
without warrants.

An AT&T spokesman said yesterday that the company had gotten some calls 
and e-mail messages about the news reports, but characterized the volume 
as "not heavy" and said there were responses on both sides of the issue.

Reaction around the country also appeared to be divided.

Cathy Reed, 45, a wealth manager from Austin, Tex., who was visiting 
Boston, said she did not see a problem with the government's reviewing 
call logs. "I really don't think it matters," she said. "I bet every 
credit card company already has them."

Others responded critically. Pat Randall, 63, a receptionist at an 
Atlanta high-rise, said, "Our phone conversations are just personal, and 
to me, the phone companies that cooperated, I think we should move our 
phone services to the company that did not cooperate."

While the telephone companies have both business contracts and 
regulatory issues before the federal government, executives in the 
industry yesterday dismissed the notion that they felt pressure to take 
part in any surveillance programs. The small group of executives with 
the security clearance necessary to deal with the government on such 
matters, they said, are separate from the regulatory and government 
contracting divisions of the companies.

Reporting for this article was contributed by Ken Belson, Brenda 
Goodman, Stephen Labaton, Matt Richteland Katie Zezima.