Everyday Scientist (NotScience)

NSA collects Americans phone records: A legal Analysis

May 12, 2006 at 6:43 pm | jordan | law

Yesterday, the media revealed that the AT&T, Verizon, and Bell South handed over millions of Americans’ phone records to the National Security Agency. Source. This is after Bush swore up and down that the secret domestic wiretapping he was doing was only on international connections, i.e., connections between someone in the US and someone abroad, and only on those somehow suspected of terrorist connections. That statement can sort of still stand because the current records aren’t being wiretapped, even though they most likely include US-to-US phone calls of people including those unsuspected of terrorism. But the fact that this surveillance program differs from the domestic wiretapping program hardly absolves it of legal problems.

The Stored Communications Act section 2707 clearly says that phone companies can hand over records if at least one of five exemptions is met: (i) a warrant; (ii) a court order; (iii) the customer’s consent; (iv) for telemarketing enforcement; or (v) by administrative subpoena. (i) and (ii) are out because the NSA didn’t go through the courts, FISA or otherwise. (iv) is out because, well, the NSA has nothing to do with telemarketing. And (v) is out because the NSA lacks administrative subpoena authority. Source. This leaves (iii), customer consent.

And this is exactly the exemption Bush is going for. The argument is that we gave our consent upon signing the initial phone contract. Source. Maybe somewhere in small print at the bottom the contract says it says we consent to having our phone records sent to whomever the company wants, whenever it wants.

But the question of consent is tricky, and a simply general waiver doesn’t necessarily equal legal consent. Consent traditionally is wrapped up with reasonable expectations. That is, is it reasonable for a consumer to expect a general waiver in its contract with the phone company to permit the phone company to turn in a list of the consumer’s phone calls to the NSA?

Consider the following caselaw (as found and quoted verbatim from Deirdre K. Mulligan’s, REASONABLE EXPECTATIONS IN ELECTRONIC COMMUNICATIONS: A CRITICAL
PERSPECTIVE ON THE ELECTRONIC COMMUNICATIONS PRIVACY ACT, from George Washington Law Review (August 2004) :

1. Stoner, 376 U.S. at 487-88 (holding that hotel clerk did not have authority to consent to search of hotel room).

2. Chapman, 365 U.S. at 616-17 (holding that a landlord lacks authority to consent to search of property used by tenant).

3. United States v. Barth, 26 F. Supp. 2d 929, 936-37 (W.D. Tex. 1998) (finding a reasonable expectation of privacy in computer files on hard drive turned over to repair technician for purpose of fixing computer).

4. United States v. Most, 876 F.2d 191, 197-98 (D.C. Cir. 1989) (finding a reasonable expectation of privacy in contents of bag left with store clerk).

5. United States v. Barry, 853 F.2d 1479, 1481-83 (8th Cir. 1988) (finding a reasonable expectation of privacy in locked suitcase stored at baggage counter).

6. United States v. Matlock, 415 US 164, 171 (1974) (finding third-party consent to search requires that the third party have joint access or control of the property for most purposes).

These cases deal with a 3rd party disclosing private matters to a law enforcement agency. They focus on reasonable expectations and the privacy right found in the Fourth Amendment. The Fourth Amendment, if you want to know, is as follows:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Not more much to say about this. Basically, just consider whether a reasonable person could expect that her or his phone records could, at any time, be handed over to the NSA. I don’t think the Bush argument floats.

If these phone companies are found to have violated the Stored Communications Act, they are subject to some hefty costs. Source. But what happens to the Bush administration for breaking the law? Well, I suppose we’ll just have to wait till our red country turns blue.