Telephone company told the govt. to fuck off!

[KC]

05/12/2006 - WASHINGTON - Telecommunications giant Qwest refused to provide the government with access to telephone records of its 15 million customers after deciding the request violated privacy law, a lawyer for a former company executive said Friday. For a second day, the former National Security Agency director defended the spy agency's activities.

In a written statement, the attorney for former Qwest CEO Joseph Nacchio said the government approached the company in the fall of 2001 seeking access to the phone records of Qwest customers, with neither a warrant nor approval from a special court established to handle surveillance matters.

"Mr. Nacchio concluded that these requests violated the privacy requirements of the Telecommunications Act," attorney Herbert J. Stern said from his Newark, N.J., office.

The Bush administration is facing new questions about civil liberties after the disclosure that the NSA collected information on millions of Americans' everyday telephone calls.

On Friday, CIA director nominee Michael Hayden defended as lawful the secret surveillance programs he oversaw as NSA head from 1999 to 2005, but he declined to comment on the phone-calls database or specific operations.

"It's been briefed to the appropriate members of Congress," Hayden told reporters outside a Senate office. "The only purpose of the agency's activities is to preserve the security and the liberty of the American people. And I think we've done that."

Nacchio told Qwest officials to refuse the NSA requests, which kept coming until Nacchio left the company in June 2002, his lawyer said.

In contrast, AT&T Corp., Verizon Communications Inc. and BellSouth Corp. complied with the request to turn over phone records shortly after Sept. 11, 2001, USA Today first reported on Thursday.

Qwest, the No. 4 U.S. local phone company, serves customers in 14 Western states. Based in Denver, Qwest Communications International Inc. has come under fire over criminal and ethical allegations. Nacchio himself is under federal indictment on insider-trading charges.

In a statement, Verizon said press coverage has contained errors about how the company handles customer information. "Verizon will provide customer information to a government agency only where authorized by law for appropriately defined and focused purposes," the company said.

Two New Jersey public interest lawyers sued Verizon on Friday for $5 billion, claiming the phone carrier violated privacy laws by turning over customers' records. The lawsuit asks the court to stop Verizon from supplying the information without a warrant or the subscriber's consent.

Lawmakers have been pressing the Bush administration for information about the NSA's database of telephone records in advance of hearings reviewing Hayden's nomination to be CIA director, scheduled for next Thursday.

The White House on Friday reiterated its support for Hayden and the NSA's operations.

"We're 100 percent behind Michael Hayden," said press secretary Tony Snow. "There's no question about that, and confident that he is going to comport himself well and answer all the questions and concerns that members of the United States Senate may have in the process of confirmation."

Snow added that questions on classified material may have to be handled in closed sessions with select senators who are cleared for access to that information.

Some senators were trying to separate the issue of Hayden's confirmation from questions about White House decisions and the surveillance programs.

Senate Minority Leader Harry Reid, D-Nev., said he didn't yet know if collection of the phone records was illegal.

Yet Reid said he has no "specific problems" with Hayden going into the hearing process and said the Air Force general "has always proven to be a person of intellect and a person of independence."

Republicans, including Senate Armed Services Committee Chairman John Warner of Virginia, have said Hayden was relying on the advice of top government lawyers when the operations were initiated.

But Sen. Ron Wyden, D-Ore., an Intelligence Committee member, said he now questions Hayden's credibility, adding, "The American people have got to know that when the person who heads the CIA makes a statement that they are getting the full picture."

The NSA was using the data to analyze calling patterns to detect and track suspected terrorist activity, according to information the White House gave to Sen. Wayne Allard, R-Colo. "Telephone customers' names, addresses and other personal information have not been handed over to NSA as part of this program," Allard said.

Sen. Kit Bond, R-Mo., said on PBS' "NewsHour With Jim Lehrer" that "the president's program uses information collected from phone companies" — the telephone number called and the caller's number. Bond is a member of the select panel allowed access to all information on another controversial Bush program, the warrantless surveillance operations.

After meeting with Hayden on Friday, Sen. Chuck Hagel, R-Neb., said he had "absolute confidence" in the general and that his Senate confirmation hearings should provide the facts on the monitoring programs.

"He's going to have to explain what his role was. To start with, did he put that program forward, whose idea was it, why was it started?" Hagel said.

Sen. Susan Collins, R-Maine, praised Hayden as an excellent nominee. But the chairwoman of the Homeland Security and Governmental Affairs Committee said it was disconcerting "to have information come out by drips and drabs, rather than the administration making the case for programs I personally believe are needed for our national security."

[WaTcHeR]

05/16/2006 - The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.
The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren't suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

QUESTIONS AND ANSWERS: The NSA record collection program

"It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.

The three telecommunications companies are working under contract with the NSA, which launched the program in 2001 shortly after the Sept. 11 terrorist attacks, the sources said. The program is aimed at identifying and tracking suspected terrorists, they said.

The sources would talk only under a guarantee of anonymity because the NSA program is secret.

Air Force Gen. Michael Hayden, nominated Monday by President Bush to become the director of the CIA, headed the NSA from March 1999 to April 2005. In that post, Hayden would have overseen the agency's domestic call-tracking program. Hayden declined to comment about the program.

The NSA's domestic program, as described by sources, is far more expansive than what the White House has acknowledged. Last year, Bush said he had authorized the NSA to eavesdrop — without warrants — on international calls and international e-mails of people suspected of having links to terrorists when one party to the communication is in the USA. Warrants have also not been used in the NSA's efforts to create a national call database.

In defending the previously disclosed program, Bush insisted that the NSA was focused exclusively on international calls. "In other words," Bush explained, "one end of the communication must be outside the United States."

As a result, domestic call records — those of calls that originate and terminate within U.S. borders — were believed to be private.

Sources, however, say that is not the case. With access to records of billions of domestic calls, the NSA has gained a secret window into the communications habits of millions of Americans. Customers' names, street addresses and other personal information are not being handed over as part of NSA's domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information.

Don Weber, a senior spokesman for the NSA, declined to discuss the agency's operations. "Given the nature of the work we do, it would be irresponsible to comment on actual or alleged operational issues; therefore, we have no information to provide," he said. "However, it is important to note that NSA takes its legal responsibilities seriously and operates within the law."

The White House would not discuss the domestic call-tracking program. "There is no domestic surveillance without court approval," said Dana Perino, deputy press secretary, referring to actual eavesdropping.

She added that all national intelligence activities undertaken by the federal government "are lawful, necessary and required for the pursuit of al-Qaeda and affiliated terrorists." All government-sponsored intelligence activities "are carefully reviewed and monitored," Perino said. She also noted that "all appropriate members of Congress have been briefed on the intelligence efforts of the United States."

The government is collecting "external" data on domestic phone calls but is not intercepting "internals," a term for the actual content of the communication, according to a U.S. intelligence official familiar with the program. This kind of data collection from phone companies is not uncommon; it's been done before, though never on this large a scale, the official said. The data are used for "social network analysis," the official said, meaning to study how terrorist networks contact each other and how they are tied together.

Carriers uniquely positioned

AT&T recently merged with SBC and kept the AT&T name. Verizon, BellSouth and AT&T are the nation's three biggest telecommunications companies; they provide local and wireless phone service to more than 200 million customers.

The three carriers control vast networks with the latest communications technologies. They provide an array of services: local and long-distance calling, wireless and high-speed broadband, including video. Their direct access to millions of homes and businesses has them uniquely positioned to help the government keep tabs on the calling habits of Americans.

Among the big telecommunications companies, only Qwest has refused to help the NSA, the sources said. According to multiple sources, Qwest declined to participate because it was uneasy about the legal implications of handing over customer information to the government without warrants.

Qwest's refusal to participate has left the NSA with a hole in its database. Based in Denver, Qwest provides local phone service to 14 million customers in 14 states in the West and Northwest. But AT&T and Verizon also provide some services — primarily long-distance and wireless — to people who live in Qwest's region. Therefore, they can provide the NSA with at least some access in that area.

Created by President Truman in 1952, during the Korean War, the NSA is charged with protecting the United States from foreign security threats. The agency was considered so secret that for years the government refused to even confirm its existence. Government insiders used to joke that NSA stood for "No Such Agency."

In 1975, a congressional investigation revealed that the NSA had been intercepting, without warrants, international communications for more than 20 years at the behest of the CIA and other agencies. The spy campaign, code-named "Shamrock," led to the Foreign Intelligence Surveillance Act (FISA), which was designed to protect Americans from illegal eavesdropping.

Enacted in 1978, FISA lays out procedures that the U.S. government must follow to conduct electronic surveillance and physical searches of people believed to be engaged in espionage or international terrorism against the United States. A special court, which has 11 members, is responsible for adjudicating requests under FISA.

Over the years, NSA code-cracking techniques have continued to improve along with technology. The agency today is considered expert in the practice of "data mining" — sifting through reams of information in search of patterns. Data mining is just one of many tools NSA analysts and mathematicians use to crack codes and track international communications.

Paul Butler, a former U.S. prosecutor who specialized in terrorism crimes, said FISA approval generally isn't necessary for government data-mining operations. "FISA does not prohibit the government from doing data mining," said Butler, now a partner with the law firm Akin Gump Strauss Hauer & Feld in Washington, D.C.

The caveat, he said, is that "personal identifiers" — such as names, Social Security numbers and street addresses — can't be included as part of the search. "That requires an additional level of probable cause," he said.

The usefulness of the NSA's domestic phone-call database as a counterterrorism tool is unclear. Also unclear is whether the database has been used for other purposes.

The NSA's domestic program raises legal questions. Historically, AT&T and the regional phone companies have required law enforcement agencies to present a court order before they would even consider turning over a customer's calling data. Part of that owed to the personality of the old Bell Telephone System, out of which those companies grew.

Ma Bell's bedrock principle — protection of the customer — guided the company for decades, said Gene Kimmelman, senior public policy director of Consumers Union. "No court order, no customer information — period. That's how it was for decades," he said.

The concern for the customer was also based on law: Under Section 222 of the Communications Act, first passed in 1934, telephone companies are prohibited from giving out information regarding their customers' calling habits: whom a person calls, how often and what routes those calls take to reach their final destination. Inbound calls, as well as wireless calls, also are covered.

The financial penalties for violating Section 222, one of many privacy reinforcements that have been added to the law over the years, can be stiff. The Federal Communications Commission, the nation's top telecommunications regulatory agency, can levy fines of up to $130,000 per day per violation, with a cap of $1.325 million per violation. The FCC has no hard definition of "violation." In practice, that means a single "violation" could cover one customer or 1 million.

In the case of the NSA's international call-tracking program, Bush signed an executive order allowing the NSA to engage in eavesdropping without a warrant. The president and his representatives have since argued that an executive order was sufficient for the agency to proceed. Some civil liberties groups, including the American Civil Liberties Union, disagree.

Companies approached

The NSA's domestic program began soon after the Sept. 11 attacks, according to the sources. Right around that time, they said, NSA representatives approached the nation's biggest telecommunications companies. The agency made an urgent pitch: National security is at risk, and we need your help to protect the country from attacks.

The agency told the companies that it wanted them to turn over their "call-detail records," a complete listing of the calling histories of their millions of customers. In addition, the NSA wanted the carriers to provide updates, which would enable the agency to keep tabs on the nation's calling habits.

The sources said the NSA made clear that it was willing to pay for the cooperation. AT&T, which at the time was headed by C. Michael Armstrong, agreed to help the NSA. So did BellSouth, headed by F. Duane Ackerman; SBC, headed by Ed Whitacre; and Verizon, headed by Ivan Seidenberg.

With that, the NSA's domestic program began in earnest.

AT&T, when asked about the program, replied with a comment prepared for USA TODAY: "We do not comment on matters of national security, except to say that we only assist law enforcement and government agencies charged with protecting national security in strict accordance with the law."

In another prepared comment, BellSouth said: "BellSouth does not provide any confidential customer information to the NSA or any governmental agency without proper legal authority."

Verizon, the USA's No. 2 telecommunications company behind AT&T, gave this statement: "We do not comment on national security matters, we act in full compliance with the law and we are committed to safeguarding our customers' privacy."

Qwest spokesman Robert Charlton said: "We can't talk about this. It's a classified situation."

In December, The New York Times revealed that Bush had authorized the NSA to wiretap, without warrants, international phone calls and e-mails that travel to or from the USA. The following month, the Electronic Frontier Foundation, a civil liberties group, filed a class-action lawsuit against AT&T. The lawsuit accuses the company of helping the NSA spy on U.S. phone customers.

Last month, U.S. Attorney General Alberto Gonzales alluded to that possibility. Appearing at a House Judiciary Committee hearing, Gonzales was asked whether he thought the White House has the legal authority to monitor domestic traffic without a warrant. Gonzales' reply: "I wouldn't rule it out." His comment marked the first time a Bush appointee publicly asserted that the White House might have that authority.

Similarities in programs

The domestic and international call-tracking programs have things in common, according to the sources. Both are being conducted without warrants and without the approval of the FISA court. The Bush administration has argued that FISA's procedures are too slow in some cases. Officials, including Gonzales, also make the case that the USA Patriot Act gives them broad authority to protect the safety of the nation's citizens.

The chairman of the Senate Intelligence Committee, Sen. Pat Roberts, R-Kan., would not confirm the existence of the program. In a statement, he said, "I can say generally, however, that our subcommittee has been fully briefed on all aspects of the Terrorist Surveillance Program. ... I remain convinced that the program authorized by the president is lawful and absolutely necessary to protect this nation from future attacks."

The chairman of the House Intelligence Committee, Rep. Pete Hoekstra, R-Mich., declined to comment.

One company differs

One major telecommunications company declined to participate in the program: Qwest.

According to sources familiar with the events, Qwest's CEO at the time, Joe Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need a court order — or approval under FISA — to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers' information and how that information might be used.

Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial.

The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information — known as "product" in intelligence circles — with other intelligence groups. Even so, Qwest's lawyers were troubled by the expansiveness of the NSA request, the sources said.

The NSA, which needed Qwest's participation to completely cover the country, pushed back hard.

Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled.

In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.

Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.

In June 2002, Nacchio resigned amid allegations that he had misled investors about Qwest's financial health. But Qwest's legal questions about the NSA request remained.

Unable to reach agreement, Nacchio's successor, Richard Notebaert, finally pulled the plug on the NSA talks in late 2004, the sources said.

[WaTcHeR]

05.25.2006 - Imagine being the head of a major telecommunications company in the United States. You and your lawyers have developed a carefully worded privacy policy to conform with the law. In it you tell your customers that you do not share information about your customers' use of your services except for particular business purposes, and to ensure that the calls get through. You also tell your customers that you, of course, give information in response to lawful subpoenas or lawful mandates of law enforcement agencies. And that's about it.

One day, you receive a visit from agents of the National Security Agency, who make a formal "request" that you, as a patriotic American company, turn over records of telephone calls made by millions of customers in the interests of "national security." If you don't do it, the agent reminds you, you probably wont get those lucrative government contracts, and you certainly wont get any work with any classified government agencies. If you do it, you may open yourself up to class action litigation. What do you do?

Unfortunately, there currently is no way for you do go to any court and get a definitive ruling on what you are allowed – or required – to do. I propose that we open up the super-secret FISA court to allow private citizens or companies that receive requests or demands from the government to demand judicial intervention in a way that would protect national security, and act as a check and balance on any unlimited powers of the Executive Branch.

NSA monitoring millions of Americans

On Thursday, May 11, USA Today disclosed that several U.S. telephone companies gave over records relating to telephone calls made by millions of Americans to the National Security Agency in the wake of the events of September 11, 2001.

We do not know the scope of this program. As reported to date, the government requested that various telephone companies turn over calling pattern information on millions of U.S. origin telephone calls – these are reportedly calls that both originated and terminated in the United States. At least one report has suggested that the program worked as follows – the government would have a suspected al-Qaeda suspect, and would learn of telephone numbers he or she called, or merely possessed. If any of these telephone numbers were located in the United States, the NSA would then attempt to learn what these numbers were, and who these people had called. Thus, if you operate a local Dominoes pizza, and received a call from someone who received a call from someone who the government suspected was associated with a terrorist, then Dominoes would make it to the list of suspects.

The President has suggested that the program is more narrow than this, stating so in his weekly radio address on May 13, 2006.

"It is important for Americans to understand that our activities strictly target al Qaeda and its known affiliates. . . . The privacy of all Americans is fiercely protected in all our activities. The government does not listen to domestic phone calls without court approval. We are not trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to al Qaeda terrorists and its affiliates who want to harm the American people."

Does this mean that the records of telephone calls requested from the telephone companies were only those of al Qaeda and its known affiliates? Does that mean that the NSA neither sought nor received the records of phone calls of "millions of innocent Americans" so it could troll through them? Or does it mean that, while the government didn't listen in on purely domestic calls (where the source and destination were in the United States), the NSA might have obtained records of the calls made by many millions of other callers, but did so in order to "target" al Qaeda or others? Or that the President doesn't believe that reviewing the records of calls made and received constitutes "trolling" into a part of American's "personal lives?" Right now, we just don't know, and if the NSA has anything to say about it, we probably will never know.

Other reports indicate that the program may not have even been as narrow as suggested. It is possible that the NSA requested all calling data from the phone companies – that is every telephone number called by every other telephone number. Indeed, this would not be very different from what the government did with the airlines in the wake of 9/11, when it asked for records of every flight taken by every person in America, despite the fact that the airlines had promised that they wouldn't give that information out.

In the airline case, at least one federal court held that these records, being records of the airlines themselves, could lawfully be turned over to the government (in that case, NASA, not the NSA) privacy policies notwithstanding. So it is altogether possible that the NSA has requested, and the phone companies have disclosed, records of every call made and received. Assuming this to be the case, is it illegal? The answer is not so clear.

Whose data is it anyway?

The reports to date tend to indicate that the records turned over to the NSA were records of telephone calls from numbers within the United States. This would essentially be "raw data" – for example, that telephone number (202) 555-1213 called telephone number (313) 555-0802 on a particular date, at a particular time, and that the conversation lasted for a particular period of time.

There are various laws that protect the privacy of telephone records in the United States. First and foremost, there is the Fourth Amendment which provides that:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

For some reason, when this Amendment was drafted in 1791, the drafters left out the terms "telephone records" and "intercepted communications" and "Voice Over Internet Protocol." Possibly just an 18th Century oversight. Indeed, the United States Supreme Court initially found in 1928 that you can't "seize" a telephone call, and therefore the Fourth Amendment didn't apply to phone calls. It wasn't until 1967 that the Court finally realized that the Constitution protects the rights of privacy of persons, not just places, and therefore warrants were required if you wanted to listen in on the contents of communications.

The law has always recognized a distinction between listening in on the contents of a communication and just looking at data about the conversation. It is for that reason that the postal inspectors are allowed to put a "mail cover" on mail to record the outside information without a warrant.

The U.S. wiretap law, contained in Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (just called Title II for short) makes it illegal to intercept or disclose the contents of intercepted communications without an appropriate warrant, either for law enforcement purposes, or under the Foreign Intelligence Surveillance Act. For international telephone calls, the government has asserted that the inherent powers of the executive branch, or the September 18, 2001 Authorization for the Use of Military Force against those responsible for the attacks on the World Trade Center, and the Pentagon as limited authority (or so they said at the time) to listen in on the contents of international communications if the President suspects (or more accurately, if some NSA employee suspects) that they are relevant to some terrorism investigation. This program was discussed previously.

Other U.S. laws also regulate the improper disclosure of the contents of both telephone communications and electronic communications. These include the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act. However, with the exception of the provisions of the SCA discussed below, these laws (like FISA and Title III) tend to focus on the contents of the communications – what was said or typed or emailed.

Wrapper information

So what if the government wants to know what telephone numbers you called, when you called them, and how long the calls lasted? The U.S. Supreme Court, in a case called Smith v. Maryland in 1979 essentially said that the Fourth Amendment did not protect such data. You see, everybody knows, the Court reasoned, that the phone company keeps these records (unlike recording the contents of the communications). The Supreme Court noted:

"[W]e doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must 'convey' phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills. In fact, pen registers and similar devices are routinely used by telephone companies 'for the purposes of checking billing operations, detecting fraud, and preventing violations of law.' . . . Electronic equipment is used not only to keep billing records of toll calls, but also 'to keep a record of all calls dialed from a telephone which is subject to a special rate structure.'"

So, how could you expect this to be private? Even if YOU thought it might be private, the Supreme Court disabused you of this notion saying that you of course cant expect anything you give over to third parties (like the phone company) to be private. The court observed:

"When he used his phone, petitioner voluntarily conveyed numerical information to the telephone company and 'exposed' that information to its equipment in the ordinary course of business. In so doing, petitioner assumed the risk that the company would reveal to police the numbers he dialed. The switching equipment that processed those numbers is merely the modern counterpart of the operator who, in an earlier day, personally completed calls for the subscriber."

The problem with this analysis is its application then to the contents of, lets say e-mails or VoIP calls. You see, the contents of such communications are routinely "exposed" to the ISPs in the ordinary course of business. They are also routinely stored by the ISP as well – albeit for greater or shorter periods of time. While the laws noted above – mostly the ECPA and the SCA - protect the disclosure of these communications, applying the rationale of the Smith case apparently the Constitution of the United States wouldn't protect even these contents.

So does this mean that the numbers you call have no legal protection at all? Not so fast. Smith just decided that the Fourth Amendment didn't protect the numbers dialed. Congress stepped in and passed the Pen-register statute, which provided that it was illegal to install a "pen register" or "trap and trace" device (a device to record numbers dialed, etc.) without first obtaining a court order after a certification by a federal or state prosecutor, or under FISA.

However, these trap and trace statutes, either for national security under FISA or for criminal matters under the trap and trace statute, are more akin to a rifle than a shotgun. They are designed to obtain the calling records of a particular individual or small group of individuals, with a showing that the records are either relevant to a particular criminal investigation or anti-terrorism investigation. It is not designed to permit access to tens of thousands of such records (or millions) in the hope that they might later be helpful in some terrorism case. Besides, if there was a FISA warrant here, don't you think that the government would have said so? It's pretty clear that there was no trap and trace order, so the turning over the records was illegal, right? Not so fast. I love the law.

You see, there was no "trap and trace" or "pen register" installed on the phone company. In fact, the government did not even ask the phone company to create the massive databases which indicated what telephone numbers were dialed by whom and when. In fact, the phone company routinely does this on its own, for billing, call completion and anti-fraud purposes, and maybe even for load distribution, direct marketing, and other purposes as well. The law doesn't prohibit this. Indeed, the trap and trace law expressly states that it doesn't apply to a phone company or ISP's actions, "relating to the operation, maintenance, and testing of a wire or electronic communication service or to the protection of the rights or property of such provider, or to the protection of users of that service from abuse of service or unlawful use of service; or to record the fact that a wire or electronic communication was initiated or completed in order to protect such provider, another provider furnishing service toward the completion of the wire communication, or a user of that service, from fraudulent, unlawful or abusive use of service." Any lawyer with a subpoena can - and usually does – get copies of your phone bills. They are particularly useful to show things like adultery in divorce cases.

Another provision of the Stored Communications Act may also apply here, with thanks to Professor Orrin Kerr of GW University for pointing this out. Title 18 U.S.C. 2702(a)(3) generally makes it a crime for phone companies or ISP's to disclose either the contents of communications or non-content subscriber information, stating:
(a) (3) a provider of remote computing service or electronic communication service to the public [say, a phone company like Verizon or AT&T] shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications . . . to any governmental entity.

(c) Exceptions for disclosure of customer records. A provider . . . may divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications . . .)
(1) as otherwise authorized in section 2703 [18 USCS § 2703];

(2) with the lawful consent of the customer or subscriber;

(3) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service;

(4) to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency;

(5) to the National Center for Missing and Exploited Children, in connection with a report submitted thereto under section 227 of the Victims of Child Abuse Act of 1990 (42 U.S.C. 13032); or

(6) to any person other than a governmental entity.
The statute is pretty clear – it prohibits disclosure to a government entity. When I last checked, the NSA was a government agency. The statute provides for civil penalties and a private right of action against the phone companies for violations. Note here that it is the telephone companies which would be violating the law by acceding to the government's request for data, not the government by requesting the data. Of course, it is possible that the government set up some kind of secret non-governmental corporation (a non-government agency) to receive the data, which then turned it over to the NSA (an ingenious ploy to avoid the statute, since the entity providing the data to the government would not be a provider of electronic communication services.) So far, that's just supposition.

The government could also argue that, by requesting the entire database and no individual records (and by sort-of anonymizing the database) the phone companies were not turning over records “pertaining to a subscriber to or customer of such service. . .” but rather were turning over records pertaining to all subscribers in general, and no subscriber in particular. Because the goal of the statute was to protect the privacy of individuals, the government might assert, the turning over of the massive calling pattern database of all persons doesn’t implicate any individual. Of course, we all know how easily a reverse directory or other database link can be used to turn a database of numbers called into a database of subscribers.

Alternatively, the government could rely on consent, but I don't remember giving such consent, and the language of the phone company's privacy policies discussed later don't seem to support that finding. The statute also allows disclosure to protect the rights or property of the ISP or phone company (usually to prevent fraud or misuse of the network) but allowing disclosure under that exception would seem to eat the rule up entirely. In provisions modified by the USA-PATRIOT Act, the statute also allows disclosure if the phone company has a good faith belief that there is an emergency "involving danger of death or serious physical injury to any person" which requires disclosure without delay of information relating to the emergency.

While in general, preventing terrorist attacks will of course save lives, and while the disclosure of the calling pattern information might prevent future attacks, unless the government could have shown an immediate and pending attack and the disclosure of information about that pending attack, the disclosure would have seemingly violated that statute.

As Professor Kerr points out, the USA Patriot Act expanded the scope of this emergency provision, to allow the phone companies to turn over these records where there is a "good faith" belief that an emergency exists, not just a "reasonable" belief. Perhaps the NSA had this in mind when it suggested the amendment? However, the emergency provisions may not help the government. In 2004, for example, a court found that the government's argument that it was entitled to rely on the emergency provisions as an excuse for a defective search warrant was refuted by evidence that the provider (AOL in that case) did not even turn over the records requested until 6 days after the request – six days wasn't enough of an emergency to warrant the statute. The emergency provisions were really intended in cases like a kidnapping where death or bodily injury would occur if the information was not disclosed immediately. Essentially, where there was no time to get an appropriate court order, not where, as here, no order was ever going to be sought.

To date at least two class action lawsuits have been filed against the telcos for giving data to the NSA, one in Fresno, California and one in federal court in Manhattan. The Electronic Frontier Foundation had already filed a suit with other civil liberties groups against the phone companies for their voluntary participation in what the administration now calls the "Terrorist Surveillance Network," and the Department of Justice has recently requested permission to intervene in that lawsuit to assert national security as grounds to dismiss the case.

Even if the government can't stop the lawsuit under the "state secrets" doctrine, and none of the exceptions that would permit the telcos to have given the documents over to the government apply, its not completely clear that they would have liability. The statute provides one other out for the phone companies. 18 U.S.C. 2707(e) provides that the phone company won't have civil or criminal liability if they relied, in good faith on, "(1) a court warrant or order, a grand jury subpoena, a legislative authorization, or a statutory authorization (including a request of a governmental entity under section 2703 (f) of this title); (2) a request of an investigative or law enforcement officer under section 2518 (7) of this title; or (3) a good faith determination that section 2511 (3) of this title permitted the conduct complained of."

Now the provision of 2518(7) cited allows the disclosure of communications when an appropriate law enforcement official, "reasonably determines that. . ." an emergency situation exists that involves . . . conspiratorial activities threatening the national security interest, . . . and (b) there are grounds upon which an order could be entered under this chapter to authorize such interception." Essentially, this is supposed to mean that if you could have gotten a court order for the information, but you didn't because it was an emergency, and you told the phone company this, and they relied on it in good faith, then they can't be successfully sued. That's a lot of steps for the phone company to go through.

[WaTcHeR]

Protection or Non-Protection of "Customer Proprietary Network Information"

There are two other laws that might govern the privacy of the numbers dialed. First, the Federal Communications Commission mandates that phone companies protect the privacy of customer data or what is called, "Customer Proprietary Network Information" or CPNI. This CPNI is defined under the statute as "information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier." So the numbers I call, and how long I am on the phone, who I talk to, and when, would all be protected CPNI.

The statute says that, "Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories."

In essence, this means that the phone company can't give out the records of who I have called, or who has called me unless otherwise required by law – not just permitted by law.

This apparently was the interpretation taken by the CEO of Qwest communications, when he refused to turn over the records to the government. There was reportedly no subpoena, no court order under Title III, no trap and trace or pen register order, no Executive Order under the Authorization for the Use of Military Force, or no other legal compulsion to produce these records delivered to Qwest. Nothing more than a request for Qwest and the other telcos to do their patriotic duties and pony records over to the government. Thus, Qwest figured, the government was seeking CPNI in excess of legal mandate, and therefore Qwest was prohibited by law from turning it over. Or were they?

The same statute specifically excludes from coverage "aggregate" subscriber information, which it defines as "collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed." For this data, the phone company, "may use, disclose, or permit access to aggregate customer information" for any purposes, apparently. So if the identifying information is stripped out – that is, all that is disclosed to the NSA is records that one telephone number called another at a particular date and time, the information may be entitled to no legal protection. It's not content information, so not protected under ECPA or SCA. Its not protected under the Fourth Amendment under Smith v. Maryland. Its not CPNI, so not protected under that law. This is true despite the fact that it is trivial to turn this "aggregate" information from which customer identity has been stripped into identifiable information by cross referencing any directory or other database. Legal limbo. What is worse, courts have held that even if the phone company is improperly releasing CPNI, you cant go to court to get an injunction to prevent it, and you have to show that you were personally damaged (and have to specify your actual damages) resulting from the release. Since the NSA is unlikely to tell you whether your records have been reviewed and what was done with them, it will be impossible to demonstrate damages.

Privacy policies

Finally, there are the privacy policies of the carriers themselves. I have previously written about companies not following their privacy policies because the government has made requests of them.

Verizon promises its customers that, "Access to databases containing customer information is limited to employees who need it to perform their jobs - and they follow strict rules when handling that information" while also reminding them that, "ubject to legal and safety exceptions, Verizon will share individual customer information only with persons or entities outside the company when the customer has consented, or when we have advised the customer of the opportunity to 'opt-out' (to choose not to have the information disclosed)." Apparently, sharing with the NSA fit within these "legal and safety" exceptions.

AT&T similarly claims to protect privacy, with the caveat that, "We must disclose information, when requested, to comply with court orders or subpoenas. We will also share information when necessary to prevent unlawful use of communications services, when necessary to repair network outages, and when a customer dials 911 and information regarding their location is transmitted to a public safety agency." Nothing there about disclosing information on request by the NSA.

Some have suggested that these telco privacy policies created consent to the production of these records. The Washington Post quoted, "[o]ne government lawyer who has participated in negotiations with telecommunications providers" who reportedly said, "the Bush administration has argued that a company can turn over its entire database of customer records - and even the stored content of calls and e-mails - because customers 'have consented to that' when they establish accounts. The fine print of many telephone and Internet service contracts includes catchall provisions, the lawyer said, authorizing the company to disclose such records to protect public safety or national security, or in compliance with a lawful government request."

Now that would be a dangerous and unreasonable interpretation of these privacy policies. Indeed, saying that you may turn a record over in response to a "lawful" demand essentially puts the cart before the horse - interpreting a demand which is not unlawful as therefore being a lawful demand or request. Moreover, these "consent" loopholes could be used not only to disclose calling pattern data, but the contents of e-mails, telephone calls, instant messages, chat room conversations – indeed, anything, since federal law generally permits disclosure with consent of one party.

All of this puts not only the telephone companies, but others who receive "classified" demands or requests from the government for information that would otherwise violate a company's legal privacy requirements or privacy guarantees in a quandary. For example, the Department of Justice filed a report with Congress in early May that indicated that they issued more than 9,700 "National Security Letters" – classified demands for information, akin to a subpoena but without any judicial oversight.

A modest (but Classified) proposal

One idea would be to allow the recipient of a National Security Letter, or a sealed or classified subpoena or demand for documents, or of a friendly "request" by a secret government agency for information to have access to a super-secret court, similar to the construction of the FISA court. As currently constructed, the FISA court's sole reason for existence is to review and ultimately approve (occasionally to modify, and extremely rarely to reject) applications by the government for wiretap, interception, or search or seizure orders. These applications are handled in secret, and the applications themselves are always ex parte – that is, with only one party (the government) present. Indeed, there is no party like an ex parte!

Why not open the process up a bit? Allow those aggrieved by classified demands or requests for information to go to the court in camera and under seal, with privacy, secrecy and national security protected, and ask the court whether they are permitted to and/or required to do what the government requests or demands? The court could then review the governments' stated rationale for the information, and their legal authority for the demand or request, and if reasonable and supported by the law, grant it. If not, the court could enjoin the enforcement or the request. The court might be empowered to go even further – granting the recipient of the demand or request with immunity from liability for complying, or requiring the government to post a bond or indemnify the recipient from liability for complying. In other words, determining whether the actions are legal before they are done.

Wait a second, a court actually adjudicating things? What has this country come to?

[WaTcHeR]

ACLU launches anti-surveillance campaign

05.25.2006 - NEW YORK - A civil rights group filed complaints in more than 20 states Wednesday over allegations that phone companies shared customer records with the government's biggest spy agency.

The American Civil Liberties Union believes the phone program was the latest example of "a longer-term abuse of power by the executive branch," said executive director Anthony D. Romero.

The ACLU filed complaints with state utility commissions and attorneys general, and demanded the Federal Communications Commission look into the matter.

The group also placed full-page ads in eight large-city newspapers asking the public to join the complaints, saying in bold type: "AT&T, Verizon and Other Phone Companies May Have Illegally Sent Your Phone Records to the National Security Agency." Readers were urged to add their names to complaints on the ACLU Web site.

Romero said the ACLU sought to pressure the FCC and its chairman, Kevin Martin, to investigate the telephone records program even though Martin has said the agency does not have the power to review classified information.

Romero said the investigations were necessary because Congress has been "curiously silent."

President Bush and other administration officials have neither confirmed nor denied a USA Today report that the NSA is collecting the calling records of ordinary Americans in its effort to detect the plans of al-Qaida and other terrorist organizations.

Bush has said the administration's anti-terrorism surveillance programs are legal and constitutional.

Megan Gaffney, a spokeswoman for government lawyers in New York, declined to comment on the subject Wednesday.

Carol Rose, executive director of the ACLU in Massachusetts, said four mayors had complained to the state's utility regulatory board. State law requires the board to conduct public hearings when a mayor complains.

Chicopee, Mass., Mayor Michael D. Bissonnette said he joined the requests because privacy was fast becoming the key civil rights issue.

"This is likely the greatest invasion of consumer privacy in our nation's history," he said.

The ACLU said its complaints were filed in Arizona, Colorado, Connecticut, Delaware, Florida, Iowa, Kansas, Massachusetts, Missouri, Nebraska, Nevada, New Jersey, New York, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Vermont, Virginia and Washington.

The ads were taken out in newspapers in Portland, Ore., Seattle, New York, Philadelphia, Chicago, Miami, Boston and San Francisco.

[KC]

Key Portions of Critical Documents Unsealed in AT&T Surveillance Case


AT&T has set up a secret, secure room for the NSA in at least one of the company's facilities—a room into which AT&T has been diverting its customers' emails and other Internet communications in bulk—according to evidence in key documents partially unsealed today in the Electronic Frontier Foundation's (EFF's) class-action lawsuit against the telecom giant. "Now the public can see firsthand the testimony of Mark Klein, a former AT&T employee who was brave enough to step forward and provide evidence of the company's illegal collaboration with the NSA," said EFF Staff Attorney Kevin Bankston. "Today we have released some of the evidence supporting our allegation that AT&T has given the NSA direct access to its fiber-optic network, such that the NSA can read the email of anyone and everyone it chooses—all without a warrant or any court supervision, and in clear violation of the law."

More here- www.eff.org/legal/cases/att/

[lm]

Class Action Lawsuit Filed Against AT&T by Texas Journalists and Lawyers

AUSTIN, Texas--(BUSINESS WIRE)--May 19, 2006--On May 18, 2006, a class action lawsuit was filed against AT&T, Inc., by Austin attorney R. James George, with George & Brothers, LLP, in the local division of the U.S. District Court for the Western District of Texas (James C. Harrington, Richard A. Grigg, Louis Black, The Austin Chronicle, Michael Kentor, et al. v. AT&T, Inc., Case No. A06CA374LY). The suit was filed on behalf of Texas subscribers or customers who have had telephone records divulged by AT&T to the National Security Agency (NSA) and includes subclasses of journalists, reporters, newspaper editors, and lawyers, all of whom are duty-bound to maintain confidentiality with respect to their sources and clients.

One of the lead plaintiffs, attorney Richard A. Grigg, currently represents an individual detained in the U.S. Government's detention center in Guantanamo Bay, Cuba. Though he may not communicate with his client over the phone, Mr. Grigg uses AT&T telecommunications equipment and services to communicate with other habeas attorneys concerning his client and his client's case.

[WaTcHeR]

U.S. Wants Companies to Keep Web Usage Records

The Justice Department is asking Internet companies to keep records on the Web-surfing activities of their customers to aid law enforcement, and may propose legislation to force them to do so.

The director of the Federal Bureau of Investigation, Robert S. Mueller III, and Attorney General Alberto R. Gonzales held a meeting in Washington last Friday where they offered a general proposal on record-keeping to a group of senior executives from Internet companies, said Brian Roehrkasse, a spokesman for the department. The meeting included representatives from America Online, Microsoft, Google, Verizon and Comcast.

The attorney general has appointed a task force of department officials to explore the issue, and that group is holding another meeting with a broader group of Internet executives today, Mr. Roehrkasse said. The department also met yesterday with a group of privacy experts.

The Justice Department is not asking the Internet companies to give it data about users, but rather to retain information that could be subpoenaed through existing laws and procedures, Mr. Roehrkasse said.

While initial proposals were vague, executives from companies that attended the meeting said they gathered that the department was interested in records that would allow them to identify which individuals visited certain Web sites and possibly conducted searches using certain terms.

It also wants the Internet companies to retain records about whom their users exchange e-mail with, but not the contents of e-mail messages, the executives said. The executives spoke on the condition that they not be identified because they did not want to offend the Justice Department.

The proposal and the initial meeting were first reported by USA Today and CNet News.com.

The department proposed that the records be retained for as long as two years. Most Internet companies discard such records after a few weeks or months.In its current proposal, the department appears to be trying to determine whether Internet companies will voluntarily agree to keep certain information or if it will need to seek legislation to require them to do so.

The request comes as the government has been trying to extend its power to review electronic communications in several ways. The New York Times reported in December that the National Security Agency had gained access to phone and e-mail traffic with the cooperation of telecommunications companies, and USA Today reported last month that the agency had collected telephone calling records. The Justice Department has subpoenaed information on Internet search patterns — but not the searches of individuals — as it tries to defend a law meant to protect children from pornography.

In a speech in April, Mr. Gonzales said that investigations into child pornography had been hampered because Internet companies had not always kept records that would help prosecutors identify people who traded in illegal images.

"The investigation and prosecution of child predators depends critically on the availability of evidence that is often in the hands of Internet service providers," Mr. Gonzales said in remarks at the National Center for Missing and Exploited Children in Alexandria, Va. "This evidence will be available for us to use only if the providers retain the records for a reasonable amount of time," he said.

An executive of one Internet provider that was represented at the first meeting said Mr. Gonzales began the discussion by showing slides of child pornography from the Internet. But later, one participant asked Mr. Mueller why he was interested in the Internet records. The executive said Mr. Mueller's reply was, "We want this for terrorism."

At the meeting with privacy experts yesterday, Justice Department officials focused on wanting to retain the records for use in child pornography and terrorism investigations. But they also talked of their value in investigating other crimes like intellectual property theft and fraud, said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, who attended the session.

"It was clear that they would go beyond kiddie porn and terrorism and use it for general law enforcement," Mr. Rotenberg said.

Kate Dean, the executive director of the United States Internet Service Provider Association, a trade group, said: "When they said they were talking about child pornography, we spent a lot of time developing proposals for what could be done. Now they are talking about a whole different ball of wax."

At the meeting with privacy groups, officials sought to assuage concerns that the retention of the records could compromise the privacy of Americans. But Mr. Rotenberg said he left with lingering concerns.

"This is a sharp departure from current practice," he said. "Data retention is an open-ended obligation to retain all information on all customers for all purposes, and from a traditional Fourth Amendment perspective, that really turns things upside down."

Executives of several Internet companies that participated in the first meeting said the department's initial proposals seemed expensive and unwieldy.

At the meeting scheduled for today with executives of Internet access companies, Justice Department officials plan to go into more detail about what types of records they would like to see retained and for how long, said a Justice Department official who spoke on condition of anonymity. "It will be much more nuts-and-bolts discussions," he said, adding that the department would stop short of offering formal proposals.

[WaTcHeR]

06.22.2006 - AT&T has issued an updated privacy policy that takes effect Friday. The changes are significant because they appear to give the telecom giant more latitude when it comes to sharing customers' personal data with government officials.

The new policy says that AT&T -- not customers -- owns customers' confidential info and can use it "to protect its legitimate business interests, safeguard others, or respond to legal process."

The policy also indicates that AT&T will track the viewing habits of customers of its new video service -- something that cable and satellite providers are prohibited from doing.

Moreover, AT&T (formerly known as SBC) is requiring customers to agree to its updated privacy policy as a condition for service -- a new move that legal experts say will reduce customers' recourse for any future data sharing with government authorities or others.

The company's policy overhaul follows recent reports that AT&T was one of several leading telecom providers that allowed the National Security Agency warrantless access to its voice and data networks as part of the Bush administration's war on terror.

"They're obviously trying to avoid a hornet's nest of consumer-protection lawsuits," said Chris Hoofnagle, a San Francisco privacy consultant and former senior counsel at the Electronic Privacy Information Center.

"They've written this new policy so broadly that they've given themselves maximum flexibility when it comes to disclosing customers' records," he said.

AT&T is being sued by San Francisco's Electronic Frontier Foundation for allegedly allowing the NSA to tap into the company's data network, providing warrantless access to customers' e-mails and Web browsing.

AT&T is also believed to have participated in President Bush's acknowledged domestic spying program, in which the NSA was given warrantless access to U.S. citizens' phone calls.

AT&T said in a statement last month that it "has a long history of vigorously protecting customer privacy" and that "our customers expect, deserve and receive nothing less than our fullest commitment to their privacy."

But the company also asserted that it has "an obligation to assist law enforcement and other government agencies responsible for protecting the public welfare, whether it be an individual or the security interests of the entire nation."

Under its former privacy policy, introduced in September 2004, AT&T said it might use customer's data "to respond to subpoenas, court orders or other legal process, to the extent required and/or permitted by law."

The new version, which is specifically for Internet and video customers, is much more explicit about the company's right to cooperate with government agencies in any security-related matters -- and AT&T's belief that customers' data belongs to the company, not customers.

"While your account information may be personal to you, these records constitute business records that are owned by AT&T," the new policy declares. "As such, AT&T may disclose such records to protect its legitimate business interests, safeguard others, or respond to legal process."

It says the company "may disclose your information in response to subpoenas, court orders, or other legal process," omitting the earlier language about such processes being "required and/or permitted by law."

The new policy states that AT&T "may also use your information in order to investigate, prevent or take action regarding illegal activities, suspected fraud (or) situations involving potential threats to the physical safety of any person" -- conditions that would appear to embrace any terror-related circumstance.

Ray Everett-Church, a Silicon Valley privacy consultant, said it seems clear that AT&T has substantially modified its privacy policy in light of revelations about the government's domestic spying program.

"It's obvious that they are trying to stretch their blanket pretty tightly to cover as many exposed bits as possible," he said.

Gail Hillebrand, a staff attorney at Consumers Union in San Francisco, said the declaration that AT&T owns customers' data represents the most significant departure from the company's previous policy.

"It creates the impression that they can do whatever they want," she said. "This is the real heart of AT&T's new policy and is a pretty fundamental difference from how most customers probably see things."

John Britton, an AT&T spokesman, denied that the updated privacy policy marks a shift in the company's approach to customers' info.

"We don't see this as anything new," he said. "Our goal was to make the policy easier to read and easier for customers to understand."

He acknowledged that there was no explicit requirement in the past that customers accept the privacy policy as a condition for service. And he acknowledged that the 2004 policy said nothing about customers' data being owned by AT&T.

But Britton insisted that these elements essentially could be found between the lines of the former policy.

"There were many things that were implied in the last policy." He said. "We're just clarifying the last policy."

AT&T's new privacy policy is the first to include the company's video service. AT&T says it's spending $4.6 billion to roll out TV programming to 19 million homes nationwide.

The policy refers to two AT&T video services -- Homezone and U-verse. Homezone is AT&T's satellite TV service, offered in conjunction with Dish Network, and U-verse is the new cablelike video service delivered over phone lines.

In a section on "usage information," the privacy policy says AT&T will collect "information about viewing, game, recording and other navigation choices that you and those in your household make when using Homezone or AT&T U-verse TV Services."

The Cable Communications Policy Act of 1984 stipulates that cable and satellite companies can't collect or disclose information about customers' viewing habits.

The law is silent on video services offered by phone companies via the Internet, basically because legislators never anticipated such technology would be available.

AT&T's Britton said the 1984 law doesn't apply to his company's video service because AT&T isn't a cable provider. "We are not building a cable TV network," he said. "We're building an Internet protocol television network."

But Andrew Johnson, a spokesman for cable heavyweight Comcast, disputed this perspective.

"Video is video is video," he said. "If you're delivering programming over a telecommunications network to a TV set, all rules need to be the same."

AT&T's new and former privacy policies both state that "conducting business ethically and ensuring privacy is critical to maintaining the public's trust and achieving success in a dynamic and competitive business climate."

Both also state that "privacy responsibility" extends "to the privacy of conversations and to the flow of information in data form." As such, both say that "the trust of our customers necessitates vigilant, responsible privacy protections."

The 2004 policy, though, went one step further. It said AT&T realizes "that privacy is an important issue for our customers and members."

The new policy makes no such acknowledgment.