This week two lawsuits have been filed in response to the recently publicized National Security Agency program of gathering telephone call information from major phone service providers. Both suits are class action suits targeting Verizon for their role in voluntarily providing information on what numbers hundreds of thousands of customers called since 9/11.
One suit, initiated by Daryl Hines of Beaverton Oregon, seeks $1000 per customer of Verizon Northwest (about a million people) plus $1 billion in punitive damages. The punitive damage figure is high because the likelihood of proving actual harm or establishing quantifiable damages in these cases is minimal. Hines' complaint objects to the company's voluntary delivery of call information to the NSA without first advising or obtaining permission from its customers, in violation of Section 222 of the Telecommunications Act of 1934.
Verizon is one of three companies which cooperated with the NSA in its effort to gather information to track calls from potential terrorists to known terrorists outside of the United States. The other companies involved are Bellsouth and AT&T. Qwest was solicited for the same information and refused to provide it without a warrant.
A second suit was filed this past Friday against Verizon in federal court in New York. It seeks $5 billion in damages as a class action suit and demands that Verizon cease providing customer information to the government.
The compilation and analysis of phone records was begun by the NSA in 1999, initially using publicly available data and then continued on a wider scale with data obtained from phone companies after the attack on the World Trade Center. The focus of this program was on identifying phone numbers which made frequent calls to suspected terrorists outside of the United States. This program did not involve monitoring, recording or analyzing the content of the phonecalls themselves, but may have helped to identify targets for more in-depth telecommunications surveillance, such as the controversial NSA data mining and wiretapping programs carried out withou the approval of the FISA court and the similar program launched during the Clinton Administration known as Project Echelon.
The viability of these lawsuits and the overall legality of this NSA program, hinges on the interpretation of one sub-section in the Telecommunications Act of 1934, because while the act in general protects the privacy of “Customer Proprietary Network Information”, it grants an exception in Section 222d, which says:
Nothing in this section prohibits a telecommunications carrier from using, disclosing, or permitting access to customer proprietary network information obtained from its customers, either directly or indirectly through its agents…to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services.
The argument can certainly be made - and will be made by Verizon - that the use of their phone services to provide information to or receive instructions from international terrorists constitutes an “abusive, or unlawful use” of their services. This would appear to be a very strong argument, and it is presumably on the basis of this provision in the law that the NSA felt justified in asking for the information and the phone companies felt that it was appropriate to disclose it without a warrant, as the law clearly makes such disclosure entirely discretionary. In addition, the argument that customers were harmed and deserve damages is unlikely to go very far in court as the NSA never disclosed the information or used the data in any way beyond their legitimate, stated intention of identifying likely terrorist associates.
In the wake of the suits against Verizon it's likely that similar suits will be filed against the other companies involved in the next few weeks, since the lawyers clearly sense some deep pockets ready to be picked.