Legal loophole emerges in NSA spy program

An AT&T attorney hints that the White House authorized the company to open its network to surveillance.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
5 min read
SAN FRANCISCO--An AT&T attorney indicated in federal court on Wednesday that the Bush administration may have provided legal authorization for the telecommunications company to open its network to the National Security Agency.

Federal law may "authorize and in some cases require telecommunications companies to furnish information" to the executive branch, said Bradford Berenson, who was associate White House counsel when President Bush authorized the NSA surveillance program in late 2001 and is now a partner at the Sidley Austin law firm in Washington, D.C.

Bradford Berenson Bradford Berenson

Far from being complicit in an illegal spying scheme, Berenson said, "AT&T is essentially an innocent bystander."

AT&T may be referring to an obscure section of federal law, 18 U.S.C. 2511, which permits a telecommunications company to provide "information" and "facilities" to the federal government as long as the attorney general authorizes it. The authorization must come in the form of "certification in writing by...the Attorney General of the United States that no warrant or court order is required by law."

Information that is not yet public "would be exculpatory and would show AT&T's conduct in the best possible light," Berenson said. But he did not acknowledge any details about the company's alleged participation in the NSA's surveillance program, which has ignited an ongoing debate on Capitol Hill and led to this class-action lawsuit being filed in January by the Electronic Frontier Foundation.

Some legal experts say that AT&T may be off the hook if former Attorney General John Ashcroft, who was in office at the time the NSA program began, provided a letter of certification. (Other officials, including the deputy attorney general and state attorneys general, also are authorized to write these letters.)

"If the certification exists, AT&T is in pretty good shape," said Marc Rotenberg, executive director of the Electronic Privacy Information Center and co-author of a book on information privacy law.

EFF's lawsuit alleges that the telecommunications company let the NSA engage in wholesale monitoring of Americans' communications in violation of privacy laws. Confidential documents that EFF unearthed during the course of the suit--kept under seal and still not public--allege that AT&T gave the government full access to its networks in a way that let millions of e-mail messages, Web browsing sessions and phone calls be intercepted.

AT&T's ace in the hole?
If a letter of certification exists, AT&T could have an ace in the hole. A second section of federal law says that a "good faith" reliance on a letter of certification "is a complete defense to any civil or criminal" lawsuit.

During the hearing Wednesday before U.S. District Judge Vaughn Walker, Deputy Assistant Attorney General Carl Nichols also hinted that such a letter exists. Nichols said that there are undisclosed "facts that AT&T might want to present in its defense."

AT&T's legal defense?

An obscure section of federal law says that AT&T may have legally participated in the NSA surveillance program -- if, that is, it received a "certification" from the attorney general.

That section says: "Notwithstanding any other law, providers of wire or electronic communication service... are authorized to provide information, facilities, or technical assistance to persons authorized by law to intercept wire, oral, or electronic communications... if such provider... has been provided with... a certification in writing by... the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required, setting forth the period of time during which the provision... is authorized... No provider of wire or electronic communication... shall disclose the existence of any interception or surveillance or the device used to accomplish the interception or surveillance..."

But, Nichols added, those facts relate to classified information that are "state secrets" and would jeopardize national security if they were disclosed. A hearing on the Bush administration's request to dismiss the case on national security grounds has been scheduled for June 23.

For its part, AT&T has remained silent about the extent of its alleged participation in the NSA surveillance scheme, which initially was thought to apply only to international calls but now may encompass records of domestic phone calls and more. Verizon and BellSouth, for instance, took steps to distance themselves from a USA Today report that said their call databases were opened to the NSA. BellSouth on Thursday demanded a retraction. But AT&T wouldn't comment.

Marc Bien, a spokesman for AT&T, told CNET News.com on Wednesday: "Without commenting on or confirming the existence of the program, we can say that when the government asks for our help in protecting national security, and the request is within the law, we will provide that assistance."

The next tussle in this lawsuit is likely to center on how far the "state secrets" concept can extend. Is AT&T able to divulge the text of any certification letter, without saying exactly what information it turned over as a result? Must the mere existence of a certification letter remain secret?

Injecting additional complexity is 18 U.S.C. 2511's prohibition on disclosure. It says that telecommunication companies may not "disclose the existence of any interception or surveillance or the device used to accomplish the interception or surveillance"--except if required by law. Unlawful disclosures are subject to fines.

EFF claims that the existence of a letter of certification should not be classified. Cindy Cohn, an EFF attorney, told the judge on Wednesday that it is "not a state secret because the statute has a whole process" governing it.

"If you have a certification, let's see it," EFF attorney Lee Tien said in an interview after the hearing.

For his part, Berenson, the former attorney for President Bush who's now representing AT&T, complained about allegations that his client is violating the law. It's unfortunate that EFF "chose to use words like 'criminal tendency' and 'crimes,'" Berenson said. AT&T "is one of the great companies of the United States. To attach those kinds of labels is reckless at best."

Berenson's biography says he worked for Bush on the "war on terrorism" and the USA Patriot Act. Since leaving the White House, Berenson has written letters to Congress (click here for PDF) calling for renewal of the Patriot Act and has co-founded a group called Citizens for the Common Defence that advocates a "robust" view of presidential authority. It filed, for instance, an amicus brief (click here for PDF) before the Supreme Court in the Hamdi case arguing that a U.S. citizen could be detained indefinitely without trial because of the war on terror.