#CyberSpaceWar, Uncategorized

U.S. Telcos Have Never Challenged #NSA Demands for Your Metadata

from wired.com: Since at least 2006 a secret spy court has continuously compelled the
nation’s carriers to hand over records of every telephone call made to,
from, or within the United States.


But none of the phone companies have ever challenged the orders in court, according to an August 29 opinion (.pdf) by the Foreign Intelligence Surveillance Court, which was declassified today.


“To this date, no holder of records who has received an Order to
produce bulk telephony metadata has challenged the legality of such an
Order
,” reads the ruling. “Indeed, no recipient of any Section 215 Order
has challenged the legality of such an Order, despite the explicit
statutory mechanism for doing so.”


The FISC orders cited Section 215 of the Patriot Act to require phone
companies like Verizon and AT&T to hand over the phone numbers of
both parties involved in all calls, the international mobile subscriber
identity (IMSI) number for mobile callers, calling card numbers used in
the call, and the time and duration of the calls.


To be sure, any challenge to the surveillance program would have been
done before the court in secret, and it’s unlikely one would have been
successful.


That carriers willfully provided the metadata without blinking a
legal eye, however, is cause for alarm, as the telcos appear to be the
only ones so far with legal standing to make a challenge to the bulk
collection orders.
The Electronic Frontier Foundation, American Civil
Liberties and others have brought challenges, but the legal fight on
whether they have the right to sue remains undecided.


The bulk collection program came to public light in June, when the Guardian published a FISC order on the topic leaked to the media outlet by NSA whistleblower Edward Snowden.

The court declassified (.pdf) an opinion today in the wake of Snowden’s leaks.


“This Court is mindful that this matter comes before it at a time
when unprecedented disclosures have been made about this and other
highly-sensitive programs designed to obtain foreign intelligence
information and carry out counterterrorism investigations. According to
NSA Director Gen. Keith Alexander, the disclosures have caused
‘significant and irreversible damage to our nation,’” according to the
opinion.


The metadata surveillance became lawful with a 2006 update to the
Patriot Act.
But it’s been reported that most major carriers were
providing the NSA with bulk metadata voluntarily before then in the wake of the 2001 terror attacks.


So the Electronic Frontier Foundation sued the nation’s carriers.
After a San Francisco federal judge refused to toss the lawsuit,
Congress in 2008 passed legislation immunizing the telcos  from ever being sued for forwarding customer data to the NSA.


“It’s disappointing that the telecoms did not stand up for their
users,” Kurt Ospahl, an EFF staff attorney, said in a telephone
interview.


The opinion declassified today spells out the court’s interpretation
of why it is legal under the Patriot Act that all calling records can be
forwarded to the NSA. It also notes that there is no adversarial
process, meaning without a third-party challenger, the court relies
solely on the government’s assertions. Every 90 days the court orders
carriers to forward all calling metadata on a rolling basis.



“To ensure adherence to its Orders, this Court has the authority to
oversee compliance … and requires the government to notify the Court in
writing immediately concerning any instance of non-compliance. According
to the government, in the prior authorization period there have been no
compliance incidents,” the court wrote.


The telcos we contacted for this story did not return calls for comment or were not immediately prepared to comment.


A day after the Guardian‘s story, however, Verizon declined to acknowledge the program but also said it was just following orders.


“Verizon continually takes steps to safeguard its customers’ privacy.
Nevertheless, the law authorizes the federal courts to order a company
to provide information in certain circumstances, and if Verizon were to
receive such an order, we would be required to comply,” Randy Milch,
Verizon’s general counsel, said in a letter to employees.


On the other hand, tech companies have been pushing for transparency.
They are demanding the NSA allow them to be more transparent about what
type of customer data they are secretly required to share with the NSA.

Interview w/Sarah Shook at Treefort 2019 (Audio)