RSS
Did Verizon have to hand over your phone records?
Why businesses don't stick up for customers when the government comes knocking
 
Telecom companies have more leeway in turning over consumer data than you think.
Telecom companies have more leeway in turning over consumer data than you think. Spencer Platt/Getty Images

It turns out the government can "hear you now."

Yesterday, The Guardian's Glenn Greenwald published a classified order from the Foreign Intelligence Surveillance Court, revealing that the National Security Agency has been collecting call records from every Verizon customer in the United States.

The top secret order, known as a FISA (Foreign Intelligence Surveillance Act) warrant, directs Verizon to provide customer data "on an ongoing daily basis."

However, the news that America's largest telecom company is handing over its customers' data on a daily basis hasn't dinged its share price. By midday Thursday, Verizon stock jumped more than 80 cents a share.

In an internal memo to employees, Verizon general counsel Randy Milch said the company has "no comment on the accuracy of The Guardian newspaper story or the documents referenced."

But while "Verizon continually takes steps to safeguard its customers' privacy," Milch wrote, the law "authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply."

It's still not clear whether Verizon, which boasts more than 115 million subscribers, is the only provider that has received such a broad request from the NSA. But data requests for user information are hardly uncommon.

Last month, the Associated Press revealed that the Justice Department had secretly subpoenaed several months' of its journalists' phone records while investigating the leaked details about a thwarted bomb plot in Yemen. And in a separate case, The Washington Post reported that federal prosecutors — while investigating a State Department contractor accused of leaking — had issued a warrant to seize a Fox News reporter's Gmail records.

And back in 2006, USA Today reported that the Bush administration had secretly collected the phone records of tens of millions of Americans, including AT&T and Verizon customers.

Requests to companies for subscriber data are typically made using search warrants or subpoenas. But in cases involving national security, the government can also seek to use secret FISA warrants or National Security Letters (NSL).

According to a Justice Department report, the government made 212 applications to obtain business records using FISA warrants and sent out 15,229 NSL requests in 2012 alone.

And while many of these requests, including routine subpoenas, usually forbid recipients from disclosing their existence to users, that doesn't mean companies' hands are tied.

"If you get an order, you can challenge its legality in the FISA court," said David Cole, a law professor at Georgetown University. But Cole said such challenges carry many disincentives, including the fact that they are expensive to litigate and unlikely to succeed.

Since 1979, federal courts have embraced a "third party disclosure doctrine," which says there is no constitutional expectation of privacy for information shared with third parties, such as telephone companies. In a Supreme Court case last year involving warrantless GPS tracking, Justice Sonia Sotomayor called the third party doctrine "ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."

But until Congress passes legislation to limit the government's scope, Cole says there's little reason for companies to mount an attack in court.

"After a cost-benefit analysis, many companies probably figure 'It's not worth our while,'" Cole said. "'It's not our privacy that's at stake, so why waste the time and effort?' I assume the thing they would be concerned about is their reputation among consumers, but since this is all secret and subject to gag orders and the like, where's the incentive to challenge?"

Furthermore, since companies are prohibited from discussing FISA warrants or NSLs, any legal challenges would occur in secret and out of public view.

"I don't know that if they were challenging the orders we would know about it," Cole said.

But in a rare move, Google in April filed a petition to fight a government-issued NSL, Karen Gullo reported at Bloomberg. (A federal judge rejected that petition last week.)

"The people who are in the best position to challenge the practice are people like Google," Matt Zimmerman, an attorney for the Electronic Frontier Foundation, told Bloomberg at the time. "So far no one has really stood up for their users."

However, according to the EFF, a nonprofit that monitors digital privacy, it's Twitter — not Google — that sets the gold standard for protecting user privacy.

The social media site earned six stars from the EFF's annual privacy scorecard, which ranks companies based on a set of "best practices," including whether they require warrants before turning over data, inform users about data requests, publish law enforcement guidelines, challenge data requests in court, or lobby on Capitol Hill.

And among the 18 companies included in the 2013 survey, Verizon performed the worst, earning zero stars.

When asked if Verizon could comment on what efforts, if any, the company makes to quash subpoenas or appeal court orders that demand production of customers' or subscribers' information, Verizon's chief communications officer, Peter Thonis, said he could not comment. ("Nope," he wrote in an email.)

It turns out there's plenty of incentive for tech and telecom companies not to challenge requests for user data.

Phone tracking data, for example, is a revenue source for companies. Some carriers even charge "'surveillance fees' to police departments to determine a suspect's location, trace phone calls and texts, or provide other services," said Eric Lichtblau at The New York Times last year.

Lichtblau's report prompted Rep. Edward Markey (D-Mass.) to contact several telecom providers — including AT&T, T-Mobile, Verizon, Sprint, and others — to find out if they were cashing in on law enforcement requests.

In its defense, AT&T shot back that it employs "100 full time workers and operates on a 24x7 basis" to respond to law enforcement requests, and that while the company does not "market" its customer data to law enforcement, it is "compensated for the process of collecting and providing that data" — presumably to recoup some of its labor costs.

These telecom companies could be just "caught in the middle of something they were never designed to do," said Chris Neiger at The Motley Fool. "Verizon likely knew this could negatively impact them if this information leaked out, and that their reputation would be hurt because of it," Neiger said. "These companies exist to sell ads, data plans, cell service and other offerings to willing customers. The fact that local and federal agencies step in and muddy the waters is unfortunate for both customers and the businesses."

 
Sergio Hernandez is business editor of The Week's print edition. He has previously worked for The DailyProPublica, the Village Voice, and Gawker.

THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER

Subscribe to the Week