Verizon Says It Has A First Amendment Right To Illegally Give Your Call Records To The Government

from the that's-an-interesting-way-to-look-at-things dept

The nation's biggest telcos are working hard to make the lawsuits against them for passing customer call records and other info to the government as part of its program of warrantless wiretaps disappear. AT&T's argument that it was just following government orders didn't wash with a judge, and now Verizon is claiming that its passing of information to the government is protected by the First Amendment. Yes, you read that correctly: it says the Electronic Communications Privacy Act is unconstitutional, and the information it passed to the government -- in apparent violation of it, and to comply with the sort of warrantless surveillance the ECPA was designed to prevent -- is constitutionally protected free speech. This seems tenuous at best, but it fits with Verizon's MO. The company always tries to whitewash its customer data leaks by filing lawsuits and trying to shift the blame onto pretexters and information brokers, and making the problem appear to be solely these people's activities, rather than its own inability to protect customer data. Likewise in this case, it contends that it's done nothing wrong, and that the ECPA makes the mistake of trying to prevent free speech, rather than putting restrictions on the government's ability to ask for the information. Of course, those restrictions exist (in the form of having to get a warrant), but didn't really work so well here. Verizon's complicity seems pretty obvious and its free-speech claims look like little more than a hail-mary attempt to shirk liability for disclosing the customer information. That may not be necessary, though, if the Bush administration's attempts to get Congress to pass a law giving the telcos immunity from these sorts of lawsuits are successful.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Andrew, 7 May 2007 @ 11:26am

    Seems like a violation of ECPA to me

    I was just reading about the ECPA in this pdf about laws that apply to higher education...then i saw this I decided to post what it said here

    Electronic Communications Privacy Act (ECPA)

    Unlike FERPA and HIPAA, which are specific to certain types of entities, the ECPA broadly prohibits the unauthorized use or interception by any person of the contents of any wire, oral or electronic communication.17 Protection of the “contents” of such communications, however, extends only to information concerning the “substance, purport, or meaning” of the communications.18 In other words, the ECPA likely would not protect from disclosure to third parties information such as the existence of the communication itself or the identity of the parties involved.19 As a result, the monitoring by institutions of students’ network use or of network usage patterns, generally, would not be prohibited by the ECPA.
    The ECPA also prohibits unauthorized access to or disclosure of electronically stored wire and electronic communications.20 More specifically, the ECPA imposes liability on any person who intentionally accesses without authorization a facility through which an electronic communication service is provided, or exceeds an authorization to access that facility, if that person thereby obtains, alters or prevents authorized access to a wire or electronic communication while it is in electronic storage.21 While the ECPA restricts providers of public electronic communication services (specifically, providers of public access terminals and other public services) from divulging the contents of stored electronic communications, it does not appear to place the same restrictions on providers of private electronic communication services. Institutional e-mail systems and networks most likely would constitute private electronic communication services that enjoy the relaxed restrictions of the latter category, thus allowing institutions to monitor and access student e-mail accounts. Nevertheless, college and university computer use policies often strike a balance between student privacy rights and network security concerns by authorizing inspection by the institution of student e-mails or other communications only when there is reasonable basis to suspect improper use of a computer or network. In addition, educational institutions’ networks often serve multiple communities of users (for example, students, faculty, employees, alumni, and the general public) and the correct application of the ECPA may depend on the nature of the relationship between the institution and the user. Thus, an institution’s right to monitor electronic communications, or its obligation or ability to comply with a law enforcement request, may vary depending on whether the user in question is a student, an employee, or a member of the public.
    The ECPA also contains specific exceptions allowing disclosures to law enforcement agencies under certain circumstances. Certain provisions of the USA PATRIOT Act, discussed below, substantially broaden the authority of law enforcement officials to obtain information under the ECPA. Under Section 210 of the USA PATRIOT Act, the scope of information that the government can obtain by subpoena has been expanded to include electronic communications, and law enforcement officials now can obtain information such as means and sources of payment, records of session times and duration, length of service and type(s) of service utilized, and user number or identity, including any temporarily assigned network addresses. Also, Section 212 of the USA PATRIOT Act amended the ECPA to permit communications service providers to release both content and non-content information about a wire or electronic communication to a law enforcement agency if the provider reasonably believes that the information must be provided without delay to avoid injury to any person. This provision of the ECPA was further amended, however, by the Cyber Security Enhancement Act of 2002, and it now permits communications service providers to divulge to a Federal, State, or local governmental entity the contents of a communication if the provider believes in “good faith” that “an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.’’22 In other words, in responding to an emergency situation, institutions are now allowed to release relevant information, including not just the existence but also the content of wire and electronic communications, to law enforcement officials if the institution in good faith determines that release of the information is necessary to avoid injury.
    These changes have significance for institutions that essentially function in the role of Internet service provider, and the result has been to make it more complex and burdensome to respond appropriately to requests for information from law enforcement agencies. Service providers most likely can expect that, because the government now has easier access to warrants and other authority to intercept communications of all kinds, new demands will be placed on their systems and their information processing and retrieval capability.
    The ECPA’s reach is long: a University of Delaware student who in the summer of 2002 obtained unauthorized access to the University’s computer system to give herself passing grades in three spring semester courses potentially violated the ECPA. In that case, the student allegedly called the University’s human resources office and impersonated her instructors to obtain new passwords, which in turn enabled her to log into the system as though she were her own professors. 23 No federal charges were brought under the ECPA, but the student pleaded guilty to misdemeanor charges on counts of criminal impersonation, unauthorized access to a computer system, and misuse of computer system information. She was sentenced to three years probation and ordered to pay $12,000 in restitution. Three counts of felony identity theft were dropped. The University, meanwhile, began reviewing its computer security measures and charged the student with three counts of academic dishonesty and three counts of violating the school’s “responsible computing” code.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.