We're still sifting through the documents released as part of the recent bombshells in the press discussing AT&T's "extreme willingness to help" the NSA in its mass spying programs. One area where the new documents add detail is the division of labor between AT&T and the NSA—according to the New York Times, at times "telecoms have done the sifting and forwarded messages the government believes it may legally collect." To some, including Lawfare's Timothy Edgar, this new information somewhat contradicts claims that critics have been making for years that the NSA has direct access to all the data transiting the Internet backbone. We disagree that this is what the documents actually show: for instance there's the SSO Unilateral tap shown on page 39 of the slides that has the NSA tapping right into the backbone cables.
Regardless, we do agree with Mr. Edgar that the reason this story is important is because the government continues to try to kill litigation like EFF's Jewel v. NSA on behalf of AT&T's customers by claiming that the involvement of AT&T is a state secret. Edgar notes, "the government bears much blame, as it continues to maintain the pretense such banal facts can or should be kept secret. Perhaps there could be a new marking – “still officially classified but blindingly obvious” – to cover situations like this."
But even if AT&T is doing some of the surveillance itself and handing what if finds over to the government, it doesn't absolve the NSA of legal responsibility for the surveillance acts done by AT&T.
First some law: the Fourth Amendment applies whenever a "private party acts as an ‘instrument or agent’ of the government." This rule is clear. In the Ninth Circuit, where our Jewel v. NSA case against mass spying is pending, it has been held to apply when an employee opens someone's package being shipped in order to obtain a DEA reward (US v. Walther), when a hotel employee conducts a search while the police watch (US v. Reed), and when an airline conducts a search under a program designed by the FAA (United States v. Davis), among others.
The concept behind this rule is straightforward: the government cannot simply outsource its seizures and searches to a private party and thereby avoid protecting our constitutional rights. It seems that the NSA may have been trying to do just that. But it won't work.
Saturday's stories about AT&T's cozy relationship with the NSA confirm that, for purposes of tapping into the Internet backbone, AT&T was acting as the agent of the government. For its part, AT&T denied that it engaged in any surveillance voluntarily, noting: "We do not voluntarily provide information to any investigating authorities other than if a person's life is in danger and time is of the essence." So AT&T is certainly not claiming that it acted on its own agenda. This is consistent with the funding numbers -- $188 million in 2011 and $232 million in 2010 (page 26 of the NYT release).
As the legal cases cited above explain, this means that the Fourth Amendment violations caused by the surveillance rest with the NSA regardless of who actually did the technical work of spying. The slides disclosed by the New York Times make this very clear, showing that the NSA viewed these structures as a coherent whole. For instance, while the Fairview (aka AT&T) Dataflow Diagrams on pages 47-53 of the NYT release indicate that some of the spying was "partner controlled" (marked in orange) and some "NSA controlled" (marked in yellow), both pieces are part of the NSA's overall collection and analysis schemes:
The slides even helpfully explain why in a bullet point on page 5:
We're not sure what the "legal authorities" reference means, but to the extent the NSA thought it could escape responsibility by getting AT&T to do its dirty work, that's a dodge that has been tried before. And it won't work.