Internal government documents obtained by the Electronic Privacy Information Center have revealed that the US Department of Justice is secretly helping AT&T and other service providers evade wiretapping laws so that the US government can conduct surveillance on parts of their networks. The legal immunity comes from authorizations granted by the Justice Department through special "2511" letters that absolve carriers in the event that the surveillance is found to run afoul of federal law.
The authorization program began as a narrow cybersecurity effort to monitor government defense contractors, but has been expanded to cover critical infrastructure like energy, finance, and health care, CNET reports. Normally, the Wiretap Act prohibits such eavesdropping, unless it's necessary to the functioning of the service or unless the user gives his or her consent to be monitored. EPIC's executive director Mark Rotenberg says "Alarm bells should be going off."
"Alarm bells should be going off."
But rather than changing the law, the secret authorizations simply allow the service provider to enter an agreement with the Justice Department ensuring that they won't be prosecuted. Besides AT&T, at least one other company appears to have taken part int he program, CenturyLink. Reached for comment by CNET, a Department of Homeland Security spokesperson said, in part, "In order to protect privacy while safeguarding and securing cyberspace, DHS institutes layered privacy responsibilities throughout the department, embeds fair practice principles into cybersecurity programs and privacy compliance efforts, and fosters collaboration with cybersecurity partners."
It won't be the first time that AT&T cooperated so directly with law enforcement. It was given retroactive immunity for its role in NSA surveillance programs under the FISA Amendments Act of 2008. That law was passed two years after AT&T technician Mark Klein revealed evidence that the telecom had cooperated with the NSA, installing routing equipment inside a secret room at a network hub in San Francisco.
CISPA would formalize the program
Several court cases have attempted to challenge these surveillance activities, but so far none have resulted in a constitutional ruling. What's more, the secret 2511 authorizations may not even be necessary in the near future: if signed into law, CISPA, "would formally authorize the program," CNET reports.
AT&T, Verizon, and other service providers have unsurprisingly expressed their support for CISPA, while President Obama has threatened to veto the bill if adequate privacy protections aren't added. Whether or not he keeps his word, however, the leaked documents show that the ability of telecoms and the US government to intercept communications without a warrant or legal blowback is becoming increasingly entrenched.
This post previously omitted CenturyLink's involvement. It has also been updated to include comment from the DHS and clarification on CISPA.