NSA Case Puts Companies on Notice
It's a no-win situation for telecom providers.
Grant Gross, IDG News Service
A shadowy "three letter" U.S. government agency calls your company and
asks for copies of your private customer data ... the kind you don't
share with outsiders and can get sued for losing. The agency says it
needs the data to track terrorists, but won't get too specific about
how.
This is more than an academic exercise. According to reports in USA
Today, major U.S. telecom carriers turned over the telephone records
of millions of residents to the U.S. National Security Agency for use
in tracking domestic terrorist communications.
Obey the Government, Get Sued
Reports about the program have put the telecom carriers in a difficult
position. AT&T, BellSouth, and Verizon all face class-action lawsuits,
filed in recent days, seeking $200 billion in damages for violating
customer privacy.
With the threat of another September 11-style attack on one side and
cherished Fourth Amendment protections on the other, telecom carriers
are damned if they do and damned if they don't, says Jeff Kagan, an
independent telecom analyst.
Reports about the phone-call monitoring claim AT&T, BellSouth, and
Verizon turned over customer information. Qwest, another "Baby Bell,"
did not. That company denied the NSA request when government agents
could not produce a court-issued warrant, said Herbert J. Stern,
lawyer for ex-CEO Joseph Nacchio.
Stand Your Ground, Go to Court
Telecom carriers aren't alone in receiving government requests for
private data. Google this year fought a Department of Justice request
for search records in a case involving the Child Online Protection
Act. In March, a Freedom of Information Act request revealed that the
Department of Justice also subpoenaed 34 ISPs, including Verizon and
major Internet search and security firms in that case. According to
the documents obtained by InformationWeek, some of those companies,
including Verizon, objected to the requests, citing the sensitivity of
the data being requested.
Bolstered by the PATRIOT Act, the Federal Bureau of Investigation has
increased the use of National Security Letters, an arcane tool with
roots in the Cold War that allows the government to demand customer
records and sensitive data without court approval. Under PATRIOT Act
provisions, recipients are barred from even acknowledging that they
received such a letter.
The companies in question in the NSA case maintain that the requests
were not for wiretapping access and that they were complying with the
law when they turned over the call records. With no end in sight to
the war on terror and the U.S. government casting an ever wider net in
its search for domestic terrorists, companies need to weigh their
options carefully, said Jody Westby, CEO of Global Cyber Risk, an IT
consultancy.
Companies have several options, including fighting the requests in
court. When weighing the public relations and stock-price risks,
companies may find that the public expectation of privacy trumps
government demands, Westby said. "Whether or not the government
follows its due process, companies have an obligation to follow
theirs," he explained.