In the wake of the continuing National Security Agency’s surveillance scandal, in which the NSA allegedly surveilled not only on terrorism suspects but also American citizens and foreign leaders, many of the implicated telecommunication utilities that have been accused of releasing consumer data to the government have attempted to justify their actions, ensuring customers and shareholders that they only shared the minimum required by law.
AT&T though, chose to take a different route.
In November, Trillium Asset Management and the New York State Common Retirement Fund were among the activists that filed proposals for the shareholder meetings for AT&T and Verizon. The proposals would call on the companies to issue semi-annual reports on the “metrics and discussion regarding requests for customer information by U.S. and foreign governments.”
In a letter sent last Thursday to the Securities and Exchange Commission, AT&T argued that it protected customers’ call data and cooperated with government requests “only to the extent required by law.” However, the company asserts that it does not have to recognize the shareholders’ proposal, as information in regards to aiding foreign surveillance activities is likely classified. As such, discussing the issue will place the company in violation of the law, AT&T argued.
Divided loyalties
This places AT&T in a legal quagmire. The company, in its opposition to the proposal, is saying that the company’s ownership does not have a right to know how the company complies with the law. However, if the company succeeds, it will avoid a messy fight during the shareholders’ meeting about the company’s cooperation with the federal government.
One point of potential contention is the recent revelation that the Central Intelligence Agency has paid AT&T more than $10 million a year for access to the company’s phone records database in order to assist with overseas counterterrorism investigations. This agreement, according to government sources, was voluntary and not compelled by court order.
“AT&T is trying to prevent the vital issue of customer privacy from coming before its shareholders. This issue is an important one for customers and shareholders alike and we feel strongly that it should be on AT&T’s ballot this spring,” said Eric Sumberg, spokesman for New York State Comptroller Thomas P. DiNapoli. “Customer trust is critical for any business, but nowhere is it more so than for those corporations that handle our personal data and communications.”
The company argues that the transparency reports requested by the protesters — as are produced by Microsoft, Twitter, Yahoo, Facebook and LinkedIn — fail to differentiate NSA requests from all law enforcement requests and do not offer detailed information about the requests. For example, Google rounded up its disclosure numbers to the nearest thousand, based on a deal the company reached with the Department of Justice.
“In fact, all six Internet companies referenced in the (shareholder’s) proposal state that they are not allowed to publicly disclose any such information in their Transparency or Law Enforcement Request Reports,” said AT&T. “Therefore, because the proposal is over-broad, it is excludable.”
AT&T may also feel emboldened when considering that many of the petitioners that are pushing for the proposal are known activists. Trillium, which is focused on sustainable and responsible investing, has posted shareholders’ proposals in the past to challenge various issues, such as AT&T’s opposition to “network neutrality.”
While these proposals typically do not pass, they are useful to raising attention to the issue.
“Often the utility of such resolutions is to generate conversation with and among management, particularly if the company has refused to engage in other ways,” said Christine Bader, a lecturer on human rights and business at Columbia University.
Verizon has yet to publicly respond to its shareholders’ proposal.
Spying out-of-control
The NSA operated their electronic surveillance programs under the Foreign Intelligence Surveillance Act, which defines the procedures in which physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers.”
Via authorization from the attorney general, federal law enforcement agencies can — for as long as a year — engage in surveillance against foreign targets, granted that no information about any American citizen or permanent resident is collected.
Likewise, a warrant for collection can be secured from the Foreign Intelligence Surveillance Court — a classified court managed by the Chief Justice of the United States — if Americans are to be involved. The court, before issuing the warrant, must have assurances that the surveillance on Americans will be minimized.
In recent disclosures from FISC, obtained by the Electronic Frontier Foundation under the Freedom of Information Act, at least one judge on the court, presiding Judge Reggie Walton, was disturbed by the NSA’s repeated privacy violations in its collection of phone records and by the misleading statements administration officials gave about how the government carried out the surveillance. In 2009, the NSA told the court that “from a technical standpoint, there was no single person who had a complete understanding” of its phone records “architecture”.
This led to “daily violations” for more than two years of American call records “not the subject of any FBI investigation and whose call detail information could not otherwise have been legally captured in bulk,” according to Walton. An example of such violations occurred in 2006, when an internal review found that the NSA has — through one of its partner agencies — collected and included credit card numbers in its database.
The NSA didn’t delete the improperly-gathered information. In response, it offered that “to destroy records in the [redacted] that contain credit card numbers, NSA would have to destroy a swath of records in addition to those few containing credit card numbers.” It pledged that under a future data-management program, “the fields containing credit card information will not be included in the data transfer and will be purged.”
“The rules that the NSA operates under are so permissive. And yet, the NSA has managed to violate them repeatedly,” said Jameel Jaffer, the deputy legal director for the American Civil Liberties Union, to NPR. “I don’t think that’s an indication that the courts can’t oversee these kinds of programs. It’s an indication that the particular oversight process that we have in place right now, doesn’t work.”
The Electronic Community’s response
With revelations from NSA whistleblower Edward Snowden that the NSA and the United Kingdom’s GCHQ went as far as to plant agents in online games such as World of Warcraft and Second Life to ascertain if the game services are being used for terrorist communication and that the NSA tracked and recorded visits to pornographic websites in an attempt to potentially blackmail those who are “radicalizing others through incendiary speeches,” the murkiness and seeming overreach of the intelligence community’s surveillance efforts is enough to put all at unease.
In response, Google, Yahoo, Facebook, AOL, Apple, LinkedIn, Microsoft and Twitter have launched ReformGovernmentSurviellance.com. The announced principles of the campaign include a limitation of the government’s authority to collect user information, greater oversight over the collection of this information, increased transparency of the process, a stop to blanket international surveillance and the establishment of a framework that will prevent international conflicts over data surveillance.
“The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution,” the group wrote in a letter to President Obama and members of Congress. “This undermines the freedoms we all cherish…It’s time for a change.”
“Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information,” wrote Facebook CEO Mark Zuckerberg. “The U.S. government should take this opportunity to lead this reform effort and make things right.”
President Obama told MSNBC’s Chris Matthews that proposed changes calling for self-policing of the NSA is likely to come next month. However, the president told an audience of college students during an episode of “Hardball” last Thursday that he felt that no serious faults existed with the NSA and that the changes are mainly to build public confidence.
“The people at the NSA, generally, are looking out for the safety of the American people,” Obama said. “They are not interested in reading your emails. They’re not interested in reading your text messages. … And we’ve got a big system of checks and balances, including the courts and Congress, who have the capacity to prevent that from happening.”
But as news emerged that the same surveillance techniques used by the intelligence community are being used by local law enforcement, the need to define boundaries for proper collection of private data has never been higher.
Per documents collected by USA TODAY, for more than 125 police agencies in 33 states, one-quarter have mined cell tower data to target specific cell phones, at least 25 own a StingRay — or a mobile fake cell tower — that tricks cellphones into connecting with it (most of these purchases were funded by the federal government), and with 36 refusing to disclose if or how they use these surveillance tactics, the sanctity of the public’s privacy is seriously threatened.