The White House has secretly given telecommunications companies such as AT&T the authority to intercept traffic sent over parts of their networks on behalf of the government — an activity that may violate federal wiretapping laws, in exchange for immunity from those very same laws.
The authorization comes as part of an expansion of a secret surveillance program originally restricted to the monitoring of defense contractors' Internet links.
The program's expansion to include all "critical infrastructure" means that government contractors working in the energy, health care and finance sectors are also subject to government eavesdropping.
In order to get the telecommunications companies to agree to the measure, which may be a violation of the Wiretap Act, the Justice Department said it would grant them immunity with special edicts known as "2511 letters."
"The Justice Department is helping private companies evade federal wiretap laws," Marc Rotenberg, executive director of the Electronic Privacy Information Center, told CNET. "Alarm bells should be going off."
The Wiretap Act is a common name for U.S. criminal code section 2511, which was largely created by the Omnibus Crime Control and Safe Streets Act of 1968 and the Electronic Communications Privacy Act of 1986. [See also: 10 Ways the Government Watches You ]
The only companies identified by name as participants in the program are AT&T and CenturyLink, a rapidly growing telecommunications firm based in Monroe, La., that in 2011 acquired Qwest Communications and now operates in more than 35 states.
A government official said other companies have signed memoranda of agreement and are being processed and certified to participate, CNET reported.
Rotenberg provided CNET with more than 1,000 pages of government documents that showed that the National Security Agency and the Department of Defense led the way to authorize the clandestine surveillance program. The discussions involved NSA Director and U.S. Cyber Command head Gen. Keith Alexander.
The documents showed that industry representatives had reservations about the expansion of the program, but the expansion eventually won Justice Department approval.
Making it legal may not, in fact, be legal
Internet service providers are limited by law in their ability to monitor Internet traffic on their own networks, except with the user's lawful consent or during a "necessary incident."
However, the 2511 letters give companies that violate the Wiretap Act immunity from prosecution.
It's unclear whether the immunity only covers violations of the Wiretap Act at the government's behest or if other, potentially self-serving, violations — such as eavesdropping on a competing company — would also be protected from prosecution.
It's also unclear how many 2511 letters the Justice Department has sent.
Whether the White House has the authority to offer telecoms immunity from the Wiretap Act is up for debate.
In a report analyzing President Barack Obama's recent cybersecurity executive order, which let government agencies share information with private companies, the nonpartisan Congressional Research Service postulated a hypothetical scenario similar to the one revealed today and wasn't sure it would be legal.
"It may not be possible for an executive order to authorize telecommunications providers to engage in more aggressive monitoring of communications networks to help identify cyber threats or attacks in real time," the CRS report said. "Such an executive action would contravene current federal laws protecting electronic communications."
However, if the revived Cyber Intelligence Sharing and Protection Act (CISPA) becomes law, it would supersede all other federal and state privacy laws, effectively authorizing the surveillance program without the need for 2511 letters or other legal gymnastics.
CISPA passed the House last week, but an unnamed Senate staffer told US News and World Report the Senate will not take up the legislation, making its passage into law unlikely.