In today’s Washington Post, Richard Falkenrath defends the NSA call records program. He has this discussion of its legality:
There are, of course, strict legal limits on the ability of federal agencies such as the NSA to compel the provision of domestic information or to collect it secretly. The USA Today story, however, alleges that three telecommunications companies — AT&T, Verizon and BellSouth — provided it voluntarily. How else could one company (Qwest) decline to provide the information? Since there is no prohibition against federal agencies receiving voluntarily provided business records relating to their responsibilities, it appears that the NSA’s alleged receipt and retention of such information is perfectly legal.
The three companies reported to have supplied telephone records to the NSA also appear to be acting lawfully. The Telecommunications Act of 1934, as amended, generally prohibits the release of “individually identifiable customer proprietary network information” except under force of law or with the approval of the customer. But, according to USA Today, the telephone records voluntarily provided to the NSA had been anonymized. In addition, the Electronic Communications Privacy Act of 1986 explicitly permits telecommunications companies to provide customer records to the government if the government asks for them. So it would appear that the companies have been acting not just in the public interest, but also within the law and without encroaching on the privacy of any of their customers.
Three quick thoughts in response, taking these points in turn:
1. I think it’s right that the NSA did not act unlawfully by receiving and retaining the records. It may be a different picture if, as some stories have reported, the NSA was doing more than just receiving and retaining. But receiving and retaining alone doesn’t violate the law. If that’s all the NSA did, the issue is the liability of the phone companies, not the liability of the NSA.
2. I don’t know much about the Communications Act of 1934, so I can’t speak to this issue. Can others fill us in on whether this argument is correct? (Preferably with actual legal support rather than mere conclusions.)
3. Falkenrath is just wrong about ECPA. He states that “the Electronic Communications Privacy Act of 1986 explicitly permits telecommunications companies to provide customer records to the government if the government asks for them.” No, it doesn’t. There is no “government request” exception to the ban on disclosure.
I gather the exception Falkenrath has in mind is 18 U.S.C. 2702(c)(1), which allows disclosure if the government has a valid court order or subpoena under 18 U.S.C. 2703. But that exception only applies when the government is compelling the disclosure with a valid court order or subpoena. (There is also a curious exception allowing the government to get the names and phone numbers of suspected telemarketers in telemarketing fraud cases, but that’s obviously inapplicable here.) News reports indicate that the government did not have a court order or subpoena or other legal order. Given that, the exception does not apply.