Want CNET to notify you of price drops and the latest stories?

NSA cooperation: OK for e-mail, IM companies?

White House wanted immunity for phone companies over possible cooperation with NSA, but new bill also would shield e-mail, IM providers.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
5 min read
A new Senate bill would protect not only telephone companies from lawsuits claiming illegal cooperation with the National Security Agency. It would retroactively immunize e-mail providers, search engines, Internet service providers and instant-messaging services too.

The broad language appears in new legislation that a Senate committee approved by a 13-to-2 vote on Thursday during a meeting closed to the press and public. It enjoys the support of the panel's Democrats and Republicans.

It goes further in crafting an impenetrable legal shield than similar proposals in the House of Representatives, such as the so-called Restore Act (PDF), which immunizes only "communications service providers." Bowing to pressure from President Bush, House Democrats postponed a vote on the Restore Act last week.

The broader Senate bill (PDF) would sweep in Web sites, e-mail providers and more. "My suspicion is the scope of the immunity provision is the most revealing way to assess the scope of the underlying authority," said Marc Rotenberg, director of the Electronic Privacy Information Center.

The disparity is striking because telecommunications companies--not major providers of Web-based services like Google, Yahoo, AOL and Microsoft--have been frequently named as complicit in illegal NSA surveillance. Yet under the Senate proposal, those companies would become immune from any lawsuits.

"Private companies who received legal assurances from the highest levels of government should not be dragged through the courts for their help with national security," Sen. John Rockefeller (D-W.V.), the Intelligence Committee chairman and the bill's primary Democratic sponsor, said in a statement. "The onus is on the administration, not the companies, to ensure that the request is on strong legal footing, and if it is not, it is the administration that should be held accountable."

A demand for retroactive immunity
After news reports said AT&T and other major telecommunications carriers opened their networks to the NSA after September 11, 2001, dozens of civil lawsuits were filed. A decision on whether the lawsuits will be permitted to proceed is expected from the 9th Circuit Court of Appeals in San Francisco at any time.

President Bush has insisted on retroactive legal immunity, and the Justice Department on Friday gave the Senate bill a preliminary thumbs-up, though it said further changes will likely be necessary before it's satisfied.

"The bill has many good components, and we appreciate the serious work done on this bill in the Senate Intelligence Committee," spokesman Dean Boyd said. "We appreciate that the bill has strong liability provisions."

The Senate bill overrides every other law, including state laws, criminal laws and privacy laws, when saying that lawsuits against companies must be "promptly" dismissed, as long as the attorney general certifies that the cooperation was authorized. The definition covers any company that has "access" to "electronic communications" that are stored or in transit. It would almost certainly pull the plug on the 9th Circuit lawsuits, including the one brought by the Electronic Frontier Foundation last year.

While some information has dribbled out regarding how companies like AT&T allegedly worked hand in hand with the NSA, less is known about how much cooperation might take place with e-mail and instant-messaging providers.

Some companies, including Yahoo and Google, refused to comment in a survey conducted by CNET News.com last year that asked: "Have you turned over information or opened up your networks to the NSA without being compelled by law?" Others, like Comcast and BellSouth, did reply in the negative.

During an appearance before a congressional committee last year about Chinese Internet censorship, Yahoo was pressed by Rep. Brad Sherman, a California Democrat, about whether it would cooperate with the NSA in the absence of legal authorization. Yahoo's general counsel, Michael Callahan, said the company would not provide law enforcement with e-mail without "proper legal process." But when asked whether Yahoo's requirements would be lowered if the NSA requested e-mail, Callahan refused to comment.

Still, there's no evidence that any extralegal cooperation has ever taken place, and some of the same companies have taken very public steps to protect their customers' privacy in the past. Google fought the Justice Department's subpoena for excerpts from its database, and an EarthLink attorney was the first person to publicly disclose the existence of the FBI's Carnivore surveillance system.

The Senate bill's immunization would extend to companies involved with surveillance beyond that requested by the NSA. It says Internet companies cannot be held liable for secretly cooperating with the CIA, the Defense Department, the Office of the Director of National Intelligence, the Defense Intelligence Agency, the State Department, the Treasury Department, Homeland Security and other intelligence-related organizations that may be even more shadowy.

One type of immunization would extend from September 11, 2001, to January 17, 2007, the day the Justice Department announced that the secret NSA program would be revamped and brought under the scrutiny of the Foreign Intelligence Surveillance Court. The other immunization grant would continue into the future.

The next stop for the Senate bill is the Judiciary Committee. It's unclear exactly when that panel will take up the bill, but it's not going to be this week, a Democratic committee aide said Monday. That uncertainty exists largely because members of that panel have requested--but still have not received--sufficient information about how the Bush administration's spying programs worked and what involvement telephone companies had, the aide added.

In addition, Sen. Christopher Dodd (D-Conn.), a 2008 presidential hopeful, has vowed to take a procedural step that would prevent the bill from going to a vote, as long as it cloaks corporations with legal protections.

"I will do everything in my power to stop Congress from shielding this president's agenda of secrecy, deception and blatant unlawfulness," he said in a statement last week. Democratic Sen. Patrick Leahy and Republican Sen. Arlen Specter, the top senators on the Judiciary Committee, both have expressed skepticism about retroactive immunity.

Under existing law, electronic communications providers already are exempted from all liability--as long as the attorney general has delivered a "certification in writing that no warrant or court order is required by law."

Other sections of the Senate bill permit the attorney general and the national-intelligence director to sign off on wiretaps without court approval. They could authorize such snooping for up to a year, provided that the target is "reasonably believed to be outside the United States" and a U.S. person isn't being "intentionally" targeted in the process.