NSA call database

The United States' National Security Agency (NSA) maintains a database containing hundreds of billions of records of telephone calls made by U.S. citizens from the four largest telephone carriers in the United States: AT&T, SBC, BellSouth (all three now called AT&T), and Verizon.

The existence of this database and the NSA program that compiled it was unknown to the general public until USA Today broke the story on May 10, 2006. It is estimated that the database contains over 1.9 trillion call-detail records. According to Bloomberg News, the effort began approximately seven months before the September 11, 2001 attacks.

The records include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in traffic analysis and social network analysis, but do not include audio information or transcripts of the content of the phone calls.

The database's existence has prompted fierce objections. It is often viewed as an illegal warrantless search and a violation of the pen register provisions of the Foreign Intelligence Surveillance Act and (in some cases) the Fourth Amendment of the United States Constitution.

The George W. Bush administration neither confirmed nor denied the existence of the domestic call record database. This contrasts with a related NSA controversy concerning warrantless surveillance of selected telephone calls; in that case they did confirm the existence of the program of debated legality. The program's code name is Stellar wind.

Similar programs exist or are planned in other countries, including Sweden (Titan traffic database) and Great Britain (Interception Modernisation Programme)

Lawsuit
The Electronic Frontier Foundation filed a related suit against AT&T on 31 January 2006, alleging that the firm had given NSA access to its database, a charge reiterated in the USA Today article. Verizon and BellSouth have both claimed they were never contacted by the NSA, nor did they provide any information to the agency, though US codes of law permit companies to lie about their activities when the President believes that telling the truth would compromise national security.

Internet monitoring
On May 22, 2006, it was revealed by investigative reporter Seymour Hersh and Wired magazine that the program involved the NSA setting up splitters to the routing cores of many telecoms companies and to major Internet traffic hubs. These provided a direct connection via an alleged "black room" known as Room 641A. This room allows most U.S. telecoms communications and Internet traffic to be redirected to the NSA. The NSA used them to eavesdrop and order police investigations of tens of thousands of ordinary Americans without judicial warrants.

According to a security consultant who worked on the program, "What the companies are doing is worse than turning over records ... they’re providing total access to all the data", and a former senior intelligence official said, "This is not about getting a cardboard box of monthly phone bills in alphabetical order ... the N.S.A. is getting real-time actionable intelligence."

On June 30, 2006 USA Today printed a partial retraction about its controversial article the prior month saying: "... USA TODAY also spoke again with the sources who had originally provided information about the scope and contents of the domestic calls database. All said the published report accurately reflected their knowledge and understanding of the NSA program, but none could document a contractual relationship between BellSouth or Verizon and the NSA, or that the companies turned over bulk calling records to the NSA. Based on its reporting after the May 11 article, USA TODAY has now concluded that while the NSA has built a massive domestic calls record database involving the domestic call records of telecommunications companies, the newspaper cannot confirm that BellSouth or Verizon contracted with the NSA to provide bulk calling records to that database ..."

Denials
Five days after the story appeared, BellSouth officials said they could not find evidence of having handed over such records. "Based on our review to date, we have confirmed no such contract exists and we have not provided bulk customer calling records to the NSA," the officials said. USA Today replied that BellSouth officials had not denied the allegation when contacted the day before the story was published. Verizon has also asserted that it has not turned over such records.

Companies are permitted by US securities law (15 U.S.C. 78m(b)(3)(A)) to refrain from properly accounting for their use of assets in matters involving national security, when properly authorized by an agency or department head acting under authorization by the President. This legalese essentially means that companies can falsify their accounting reports and lie about their activities when the President decides that it is in the interests of national security to do so. President Bush issued a presidential memorandum on May 5, 2006 delegating authority to make such a designation to Director of National Intelligence John Negroponte, just as the NSA call database scandal appeared in the media.

Qwest Communications
The USA Today report indicated that Qwest's then CEO, Joseph Nacchio, doubted the NSA's assertion that warrants were unnecessary. In negotiations, the NSA pressured the company to turn over the records. Qwest attorneys asked the NSA to obtain approval from the United States Foreign Intelligence Surveillance Court. When the NSA indicated they would not seek this approval, Qwest's new CEO Richard Notebaert declined NSA's request for access. Later, T-Mobile explicitly stated they do not participate in warrantless surveillance.

Contents of the database
According to the article, the database is "the largest database ever assembled in the world", and contains call-detail records (CDRs) for all phone calls, domestic and international. A call-detail record consists of the phone numbers of the callers and recipients along with time and duration of the call. While the database does not contain specific names or addresses, that information is widely available from non-classified sources.

According to the research group TeleGeography, AT&T (including the former SBC), Verizon, and BellSouth connected nearly 500 billion telephone calls in 2005 and nearly 2 trillion calls since late 2001. It is reported that all four companies were paid to provide the information to the NSA.

Uses of the database
Although such a database of phone records would not be useful on its own as a tool for national security, it could be used as an element of broader national security analytical efforts and data mining. These efforts could involve analysts using the data to connect phone numbers with names and links to persons of interest. Such efforts have been the focus of the NSA's recent attempts to acquire key technologies from high tech firms in Silicon Valley and elsewhere. Link analysis software, such as Link Explorer or the Analyst's Notebook, is used by law enforcement to organize and view links that are demonstrated through such information as telephone and financial records, which are imported into the program from other sources. Neural network software is used to detect patterns, classify and cluster data as well as forecast future events.

Using relational mathematics it is possible to find out if someone changes their telephone number by analyzing and comparing calling patterns.

ThinThread, a system which pre-dated this database, but was discarded for the Trailblazer Project, may have introduced some of the technology which is used to analyze the data. Where ThinThread encrypted privacy data, however, no such measures have been reported with respect to the current system.

Government and public response

 * In response, the Bush administration defended its activities, while neither specifically confirming or denying the existence of the potentially illegal program. According to the Deputy White House Press Secretary, "The intelligence activities undertaken by the United States government are lawful, necessary and required to protect Americans from terrorist attacks."
 * Senator Arlen Specter has said that he will hold hearings with the telecommunications CEOs involved. The Senate Intelligence Committee is expected to question Air Force General Michael Hayden about the data-gathering during his confirmation hearings as Director of the Central Intelligence Agency. Hayden was in charge of the NSA from 1999 through 2005.
 * Commenting on the apparent incompatibility of the NSA call database with previous assurances by President Bush, former Republican Speaker of the House Newt Gingrich told Fox News, "I’m not going to defend the indefensible. The Bush administration has an obligation to level with the American people... I don’t think the way they’ve handled this can be defended by reasonable people."
 * Later on Meet the Press, Gingrich stated that "everything that has been done is totally legal," and he said the NSA program was defending the indefensible, "because they refuse to come out front and talk about it."
 * Republican Senator Lindsey Graham told Fox News, "The idea of collecting millions or thousands of phone numbers, how does that fit into following the enemy?"
 * House Republican Caucus chairwoman Deborah Pryce said, "While I support aggressively tracking al-Qaida, the administration needs to answer some tough questions about the protection of our civil liberties."
 * Former Republican House Majority Leader John Boehner said, "I am concerned about what I read with regard to NSA databases of phone calls."
 * Democratic senator Patrick Leahy, ranking member of the Senate Judiciary Committee, said "Are you telling me that tens of millions of Americans are involved with al-Qaida? These are tens of millions of Americans who are not suspected of anything. ... Where does it stop?"
 * On May 15, 2006, FCC Commissioner Copps called for the FCC to open an inquiry into the lawfulness of the disclosure of America's phone records.
 * In May, 2006, Pat Robertson called the NSA wire-tapping a "tool of oppression."
 * In May 2006, former majority leader Trent Lott stated "What are people worried about? What is the problem? Are you doing something you're not supposed to?"
 * On May 16, 2006, both Verizon and BellSouth stated not only did they not hand over records, but that they were never contacted by the NSA in the first place.
 * On June 30, 2006, Bloomberg reported the NSA "asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks," citing court papers filed June 23, 2006 by lawyers in McMurray v. Verizon Communications Inc., 06cv3650, in the Southern District of New York.

Polls

 * In a new Newsweek poll of 1007 people conducted between May 11 and May 12, 2006, 53% of Americans said that "the NSA's surveillance program goes too far in invading privacy " and 57% said that in light of the NSA data-mining news and other executive actions the Bush-Cheney Administration has “gone too far in expanding presidential power" while 41% see it as a tool to "combat terrorism" and 35% think the Administration’s actions were appropriate.


 * According to a Washington Post telephone poll of 502 people, conducted on May 11, 63% of the American public supports the program, 35% do not; 66% were not bothered by the idea of the NSA having a record of their calls, while 34% were; 56% however thought it was right for the knowledge of the program to be released while 42% thought it was not. These results were later contradicted by further polls on the subject, specifically a USA Today/Gallup poll showing 51% opposition and 43% support for the program.

Political action
The Senate Armed Services Committee was scheduled to hold hearings with NSA whistle-blower Russell Tice the week following the revelation of the NSA call database. Tice indicated that his testimony would reveal information on additional illegal activity related to the NSA call database that has not yet been made public, and that even a number of NSA employees believe what they are doing is illegal. Tice also told the National Journal that he "will not confirm or deny" if his testimony will include information on spy satellites being used to spy on American citizens from space. However, these hearings did not occur and the reason why is unknown.

Claims
Spurred by the public disclosure of the NSA call database, a lawsuit was filed against Verizon on May 12, 2006 at the Federal District Court in Manhattan by Princeton, N.J.-based attorneys Carl Mayer and Bruce Afran. The lawsuit seeks $1,000 for each violation of the Telecommunications Act of 1996, and would total approximately $5 billion if the court certifies the suit as a class-action lawsuit.
 * New Jersey

On May 12, 2006, an Oregon man filed a lawsuit against Verizon Northwest for $1 billion.
 * Oregon

On May 13, 2006, a complaint in Maine was filed by a group of 21 Maine residents who asked the Public Utilities Commission (PUC) to demand answers from Verizon about whether it provided telephone records and information to the federal government without customers' knowledge or consent. Maine law requires the PUC to investigate complaints against a utility if a petition involves at least 10 of the utility's customers.
 * Maine

Shortly after the NSA call database story surfaced, a San Francisco lawsuit, Hepting v. AT&T, was filed by the Electronic Frontier Foundation.
 * California (E.F.F.)

Justice Department response
The Los Angeles Times reported on May 14, 2006, that the U.S. Justice Department called for an end to an eavesdropping lawsuit against AT&T Corp., citing possible damage from the litigation to national security.

The US government indicated in an April 28 Statement of Interest in the AT&T case, that it intends to invoke the State Secrets Privilege in a bid to dismiss the action.

Legal status
The NSA call database was not approved by the Foreign Intelligence Surveillance Court (FISC) as required by the Foreign Intelligence Surveillance Act (FISA). The FISC was established in 1978 to secretly authorize access to call-identifying information and interception of communications of suspected foreign agents on U.S. soil. Stanford Law School's Chip Pitts has a good overview of the relevant legal concerns in The Washington Spectator.

Separate from the question of whether the database is illegal under FISA, one may ask whether the call detail records are covered by the privacy protection of the Fourth Amendment of the U.S. Constitution. This is unclear. As the U.S. has no explicit constitutional guarantee on the secrecy of correspondence, any protection on communications is an extension by litigation of the privacy provided to "houses and papers". This again is dependent on the flexuous requirement of a reasonable expectation of privacy.

The most relevant U.S. Supreme Court case is Smith v. Maryland. In that case, the Court addressed pen registers, which are mechanical devices that record the numbers dialed on a telephone; a pen register does not record call contents. The Court ruled that pen registers are not covered by the Fourth Amendment: "The installation and use of a pen register, [...] was not a 'search,' and no warrant was required." More generally, "This Court consistently has held that a person has no legitimate expectation of privacy in information he [...] voluntarily turns over to third parties."

The data collecting activity may however be illegal under other telecommunications privacy laws.

The Stored Communications Act
The 1986 Stored Communications Act (18 U.S.C. § 2701) forbids turnover of information to the government without a warrant or court order, the law gives consumers the right to sue for violations of the act.
 * "A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication...only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure"

However, the Stored Communications Act also authorizes phone providers to conduct electronic surveillance if the Attorney General of the United States certifies that a court order or warrant is not required and that the surveillance is required:


 * [Telephone providers] are authorized to...intercept...communications or to conduct electronic surveillance...if such provider...has been provided with a certification in writing by...the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required.

The Act provides for special penalties for violators when "the offense is committed...in violation of the Constitution or laws of the United States or any State."

Finally, the act allows any customer whose telephone company provided this information to sue that company in civil court for (a) actual damages to the consumer, (b) any profits by the telephone company, (c) punitive damages, and (d) attorney fees. The minimum amount a successful customer will recover under (a) and (b) is $1,000:


 * "The court may assess as damages in a civil action under this section the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000. If the violation is willful or intentional, the court may assess punitive damages. In the case of a successful action to enforce liability under this section, the court may assess the costs of the action, together with reasonable attorney fees determined by the court." (18 U.S.C. § 2707(c) damages)

Communications Assistance for Law Enforcement Act
President Clinton signed into law the Communications Assistance for Law Enforcement Act of 1994, after it was passed in both the House and Senate by a voice vote. That law is an act "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes." The act states that a court order isn't the only lawful way of obtaining call information, saying, "A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization."

Historical background
The FISC was inspired by the recommendations of the Church Committee, which investigated a wide range of intelligence and counter-intelligence incidents and programs, including some U.S. Army programs and the FBI program COINTELPRO.

In 1971, the US media reported that COINTELPRO targeted thousands of Americans during the 1960s, after several stolen FBI dossiers were passed to news agencies. The Church Committee Senate final report, which investigated COINTELPRO declared that: Too many people have been spied upon by too many Government agencies and too much information has been collected. The Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power. The Government, operating primarily through secret informants, but also using other intrusive techniques such as wiretaps, microphone "bugs," surreptitious mail opening, and break-ins, has swept in vast amounts of information about the personal lives, views, and associations of American citizens. Investigations of groups deemed potentially dangerous -- and even of groups suspected of associating with potentially dangerous organizations -- have continued for decades, despite the fact that those groups did not engage in unlawful activity.

Legality
The legality of blanket wiretapping has never been sustained in court, but on July 10, 2008 the US Congress capitulated to the administration in granting blanket immunity to the administration and telecom industry for potentially illegal domestic surveillance.