The Telecom Industry Should Be Embarrassed by Its Silence on Surveillance

What's to come?
Nov. 21 2013 2:13 PM

Bad Connection

The telecom industry should be embarrassed by its silence on surveillance.

Richard Salgado
Richard Salgado, director of law enforcement and information security matters for Google, confers with Pablo Chavez, Google director of public policy, while testifying before the Senate Judiciary Committee's Privacy, Technology, and the Law Subcommittee Nov. 13, 2013.

Photo by Win McNamee/Getty Images

This article originally appeared in the New America Foundation’s Weekly Wonk. Future Tense is a partnership of New America, Slate, and Arizona State University.

On Nov. 13, I spent my morning in a hearing room on Capitol Hill talking about how I’d spent my summer: helping to build a broad coalition of privacy and free speech advocates, tech investors and trade associations, and Internet companies large and small, to press for greater transparency around the National Security Agency’s surveillance programs. The hearing was my last public appearance as the Center for Democracy & Technology’s free expression director, before starting this week in my new role as the policy director of the New America Foundation’s Open Technology Institute.

Also sitting at the witness table was a representative from Google, who, like me, was there in support of the Surveillance Transparency Act of 2013. That bill would allow companies—and require the government—to publish basic statistics about how the NSA is using its national security surveillance authorities to access information about Internet and telecommunications service providers’ customers. Also in the hearing room, at least in spirit, was everyone else in our coalition: think tanks like OTI; nonprofit advocacy organizations from across the political spectrum, from the ACLU to Americans for Tax Reform; Internet giants like Apple, Facebook, Microsoft, and Twitter; and newer Internet players like Tumblr and Dropbox.

All of them had signed the first coalition letter in July pressing for transparency legislation, and a second joint letter in September supporting the bill that Sen. Al Franken, D-Minn., introduced in response. Many of the same companies have filed briefs with the secretive Foreign Intelligence Surveillance Act Court, seeking permission to give the public basic facts about what they do—and don’t do—when the government comes calling for their users data. Yahoo is also pressing the court to release its secret legal opinion from 2008, when the company unsuccessfully challenged one of its surveillance orders. And, just a couple of weeks ago, six of the Internet giants finally took another important step that we in the civil liberties and privacy community have been hoping they would take. Putting aside the fact that they are often competitors, they issued a new letter making clear for the first time that they don’t just want surveillance transparency—they also want substantial reform of our surveillance laws to better protect their users’ privacy.

This broad and unprecedented alliance, united to demand more transparency and accountability around the NSA’s access to our personal data, stood behind me as I delivered my testimony. But do you know who didn’t have my back? Who hasn’t stepped up to support surveillance transparency, much less surveillance reform? Who, despite—or because of—being as deeply involved as anyone can be in the NSA’s dragnet, has had nothing to say other than “no comment”?

The telcos.

In the current debate over NSA spying, the telecommunications companies that provide all of us with our telephone and Internet service, the giant corporations like AT&T and Verizon that own the phone lines and cell towers and fiber optic cables and Internet exchange points that carry all of our data—and that the NSA is tapping into—are nowhere to be seen.

The telcos’ failure to work with the privacy community to protect their users against government overreach, in contrast with the Internet companies who’ve joined our coalition, is especially disappointing considering that they are the ones who should be helping the most.

We know, thanks to FISA court orders leaked by Edward Snowden, that the telcos are giving all of our phone records to the NSA. We also know that the telcos have never challenged the orders to hand over those records. We know—and have known for years, thanks to whistle-blowers like former AT&T technician Mark Klein—that they are letting the NSA tap into key Internet exchange points across the country. We know that those taps give the NSA direct “upstream” access to 75 percent of our Internet traffic and we know that the NSA is scanning all of our international communications for suspicious keywords. We know that the NSA, at least for a while, was hoovering up location data from the telcos cellphone networks, and we know that there’s a program code-named NUCLEON that involves surveillance of the actual content of our phone calls, though the full extent of that program is still unknown.

Yet we get nothing from the telcos. No comment, no justification, and no support, even if only on the issue of transparency. The opposite, in fact: One Verizon executive publicly mocked the Internet companies’ push or transparency as “grandstanding,” while AT&T has privately been arguing to policymakers that transparency should only be the responsibility of the government, not the companies.

It’s no surprise the telcos aren’t fans of transparency reporting by companies, even as more and more Internet companies are issuing transparency reports: Their numbers would stink. When it comes to phone records, we already know that the answer to “how many users’ data did you hand over?” will be “everyone.” Meanwhile, for Internet data, the closest to an accurate answer that the telcos can likely give is “we don’t know, we just gave the government the keys to everything.”

It’s also no surprise that the telcos don’t want to tattle on their friends in the intelligence community, since they’ve been keeping one another’s secrets since World War II. Indeed, the code-name for the AT&T Internet upstream surveillance program—“BLARNEY”—seems to be an in-joke reference to “SHAMROCK,” the infamous spying program uncovered by the intelligence investigations of the ’70s, in which AT&T’s predecessor corporation ITT secretly handed over a copy of every single telegram that was transmitted into or out of the country for decades.

The telcos have other reasons not to upset the U.S. government. The telecommunications industry is highly regulated by the FCC. It needs the Justice Department to approve its mergers. It has a well-established revolving door between its legal compliance teams and the law enforcement and intelligence communities. And, of course, the U.S. government is the industry’s single biggest client, with huge contracts—not least with the Defense Department. So, why rock the boat? Especially when the last time the telcos got swept up in a surveillance scandal, the NSA went to bat for them in Congress and lobbied for the FISA Amendments Act. That law, passed in 2008, not only legalized what the NSA had previously been doing illegally—it gave the telcos an unprecedented retroactive immunity to kill the lawsuits brought against them. (Full disclosure: I helped litigate one of those cases, Hepting v. AT&T, when I was a senior attorney at the Electronic Frontier Foundation.)

One final reason why the telcos haven’t sided with the Internet companies and their users in the NSA debate is that they haven’t been under the same economic pressure. Companies like Facebook and Google have hundreds of millions of international users, and so many of them are concerned about their privacy in the wake of the Edward Snowden revelations that some are projecting U.S. cloud companies will lose billions as a result. Of course, the telcos are the ones that are carrying all of the Internet traffic to and from the American Internet cloud—and also carrying masses of traffic that’s simply passing through the US. Yet the telcos haven’t been facing the same international economic pressure that the cloud companies … until now.

Now, the pressure on the telcos is building. The continuing proliferation of transparency reports from Internet companies, and the ever-growing coalition pushing for surveillance transparency and accountability, is putting the telcos inaction in stark relief. Countries like Brazil are talking about building new fiber optic lines so that they can route their traffic around the U.S., while German email providers are touting “Email Made in Germany” such that the data won’t leave the country and be transmitted through the United States. European regulators angered by AT&T’s collaboration with the NSA are resisting the company’s attempts to acquire mobile provider Vodaphone, while companies like Oracle that build the hardware on which the telcos rely are facing NSA fallout in the Chinese market.

Investors are starting to pay attention, too. Open MIC, a nonprofit organization that works to reform the media ecosystem by empowering shareholder activists, has just announced that a coalition of investors has filed shareholder proposals at AT&T and Verizon calling on the companies to publish semiannual reports detailing how often they have shared information with U.S. or foreign governments and what type of customer information has been shared; the proposals are scheduled to be voted on at the companies’ annual meetings in May 2014.

That type of pressure from investors concerned about corporate social responsibility will hopefully soon grow as a result of an innovative initiative being developed at New America in partnership with the University of Pennsylvania, the Ranking Digital Rights project. Spearheaded by senior research fellow Rebecca MacKinnon, author of the groundbreaking digital rights manifesto Consent of the Networked: The Worldwide Struggle for Internet Freedom, that project is developing a methodology for ranking the world’s most powerful information and communications technology companies based on how well their practices and policies protect human rights—and especially the rights to privacy and free expression. When it comes to ranking digital rights, transparency will be a key component.

If the telcos want to avoid a failing grade on transparency, it’s not too late. We just need one telco that’s willing to break ranks and stand with its users, to fight for its right to tell us what the government is doing, and work with us to ensure that whatever is being done is consistent with our statutory, constitutional, and human rights. Siding with its customers isn’t just the right thing for a telco to do, it’s the smart thing to do: Whichever telco is brave enough to step up will reap untold rewards in good publicity and user trust, both here and abroad. It will also join in a coalition that’s eager for new allies in its mission to restore the reputation of the US Internet industry and the privacy rights of Internet users around the world. That alliance is only going to grow, and with it, the pressure on the telcos to do something—anything—to help. And we do need that help, badly.

All we need is one good telco …

But two would be better.

Correction, Nov. 21, 2013: Due to a photo provider error, the caption on the photo in this article misidentified Pablo Chavez, Google director of public policy, as Richard Salgado's assistant.

This article is part of Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.

Kevin Bankston is the policy director at the New America Foundation’s Open Technology Institute.