MAINWAY


MAINWAY is a database maintained by the United States' National Security Agency containing metadata for hundreds of billions of telephone calls made through the four largest telephone carriers in the United States: AT&T, SBC, BellSouth and Verizon.
The existence of this database and the NSA program that compiled it was unknown to the general public until USA Today broke the story on May 10, 2006.
It is estimated that the database contains over 1.9 trillion call-detail records. The records include detailed call information for use in traffic analysis and social network analysis, but do not include audio information or transcripts of the content of the phone calls.
According to former NSA director Michael Hayden, the NSA sought to deploy MAINWAY prior to 9/11 in response to the Millennium Plot but did not do so because it did not comply with US law. Hayden wrote: "The answer from was clear: '... you can't do this.'" As of June 2013, the database stores metadata for at least five years. According to Pulitzer Prize winning journalist James Risen, MAINWAY was the most important of the four components that comprised the ThinThread program.
The database's existence has prompted fierce objections. It is often viewed as an illegal warrantless search and violation of the pen register provisions of the Foreign Intelligence Surveillance Act and the Fourth Amendment of the United States Constitution.
The George W. Bush administration neither confirmed nor denied the existence of the domestic call record database. This contrasts with a related NSA controversy concerning warrantless surveillance of selected telephone calls; in that case they did confirm the existence of the program of debated legality. That program's code name was Stellar Wind.
Similar programs exist or are planned in other countries, including Sweden and Great Britain.
The MAINWAY equivalent for Internet traffic is MARINA.

Content

According to an anonymous source, the database is "the largest database ever assembled in the world," and contains call-detail records for all phone calls, domestic and international. A call-detail record consists of the phone numbers of the callers and recipients along with time, position and duration of the call. While the database does not contain specific names or addresses, that information is widely available from non-classified sources.
According to the research group TeleGeography, AT&T, Verizon, and BellSouth connected nearly 500 billion telephone calls in 2005 and nearly two trillion calls since late 2001. It is reported that all four companies were paid to provide the information to the NSA.

Usage

Although such a database of phone records would not be useful on its own as a tool for national security, it could be used as an element of broader national security analytical efforts and data mining. These efforts could involve analysts using the data to connect phone numbers with names and links to persons of interest. Such efforts have been the focus of the NSA's recent attempts to acquire key technologies from high tech firms in Silicon Valley and elsewhere. Link analysis software, such as Link Explorer or the Analyst's Notebook, is used by law enforcement to organize and view links that are demonstrated through such information as telephone and financial records, which are imported into the program from other sources. Neural network software is used to detect patterns, classify and cluster data as well as forecast future events.
Using relational mathematics, it is possible to find out if someone changes their telephone number by analyzing and comparing calling patterns.
ThinThread, a system designed largely by William Binney, which pre-dated this database, but was discarded for the Trailblazer Project, introduced some of the technology which is used to analyze the data. Michael Hayden, former director of the NSA, admitted as much in an interview, saying: "But we judged fundamentally that as good as was, and believe me, we pulled a whole bunch of elements out of it and used it for our final solution for these problems, as good as it was, it couldn't scale sufficiently to the volume of modern communications." Where ThinThread encrypted privacy data, however, no such measures have been reported with respect to the current system.

Response

''Wired'' magazine

On May 22, 2006, it was revealed by investigative reporter Seymour Hersh and Wired magazine that the program involved the NSA setting up splitters to the routing cores of many telecoms companies and to major Internet traffic hubs. These provided a direct connection via an alleged "black room" known as Room 641A. This room allows most U.S. telecoms communications and Internet traffic to be redirected to the NSA. The NSA used them to eavesdrop and order police investigations of tens of thousands of ordinary Americans without judicial warrants.
According to a security consultant who worked on the program, "What the companies are doing is worse than turning over records... they're providing total access to all the data," and a former senior intelligence official said, "This is not about getting a cardboard box of monthly phone bills in alphabetical order... the NSA is getting real-time actionable intelligence."

Partial retraction

On June 30, 2006 USA Today printed a partial retraction about its controversial article the prior month saying: "... USA TODAY also spoke again with the sources who had originally provided information about the scope and contents of the domestic calls database. All said the published report accurately reflected their knowledge and understanding of the NSA program, but none could document a contractual relationship between BellSouth or Verizon and the NSA, or that the companies turned over bulk calling records to the NSA. Based on its reporting after the May 11 article, USA TODAY has now concluded that while the NSA has built a massive domestic calls record database involving the domestic call records of telecommunications companies, the newspaper cannot confirm that BellSouth or Verizon contracted with the NSA to provide bulk calling records to that database..."

Denials

Five days after the story appeared, BellSouth officials said they could not find evidence of having handed over such records. "Based on our review to date, we have confirmed no such contract exists and we have not provided bulk customer calling records to the NSA," the officials said. USA Today replied that BellSouth officials had not denied the allegation when contacted the day before the story was published. Verizon has also asserted that it has not turned over such records.
Companies are permitted by US securities law ) to refrain from properly accounting for their use of assets in matters involving national security, when properly authorized by an agency or department head acting under authorization by the President of the United States. This legalese essentially means that companies can falsify their accounting reports and lie about their activities when the President decides that it is in the interests of national security to do so. President Bush issued a presidential memorandum on May 5, 2006 delegating authority to make such a designation to Director of National Intelligence John Negroponte, just as the NSA call database scandal appeared in the media.

Lawsuits

The Electronic Frontier Foundation filed a related suit against AT&T on January 31, 2006, alleging that the firm had given NSA access to its database, a charge reiterated in the USA Today article.
Verizon and BellSouth have both claimed they were never contacted by the NSA, nor did they provide any information to the agency, though US codes of law permit companies to lie about their activities when the President believes that telling the truth would compromise national security.
On June 6, 2013, in the wake of well-publicized leaks of top secret documents by former NSA contractor Edward Snowden, conservative public interest lawyer and Judicial Watch founder Larry Klayman filed a lawsuit challenging the constitutionality and statutory authorization of the government's wholesale collection of phone record metadata. On June 10, the American Civil Liberties Union and Yale Law School's Media Freedom and Information Clinic filed a motion with the Foreign Intelligence Surveillance Court asking for the secret FISC opinions on the Patriot Act to be made public in the light of the Guardian's publication of a leaked FISC court order about the collection of Verizon call records metadata. On June 11, the ACLU filed a lawsuit against Director of National Intelligence James Clapper challenging the legality of the NSA's telephony metadata collection program. Once the judge in each case had issued rulings seemingly at odds with one another, Gary Schmitt wrote in The Weekly Standard, "The two decisions have generated public confusion over the constitutionality of the NSA's data collection program—a kind of judicial 'he-said, she-said' standoff." The ACLU contested the decision in the Second Circuit Court of Appeals.
In 2015, the appeals court ruled that Section 215 of the Patriot Act did not authorize the bulk collection of metadata, which judge Gerard E. Lynch called a "staggering" amount of information.
In November 2014, an appeals court in Washington heard arguments in the case Klayman v. Obama. During the hearings, Justice Department attorney H. Thomas Byron defended the NSA's collection of phone records and stated that "the government doesn't and never has acquired all or nearly all of the telephone call data records."

Claims

;New Jersey
Spurred by the public disclosure of the NSA call database, a lawsuit was filed against Verizon on May 12, 2006 at the Federal District Court in Manhattan by Princeton, N.J.-based attorneys Carl Mayer and Bruce Afran. The lawsuit seeks $1,000 for each violation of the Telecommunications Act of 1996, and would total approximately $5 billion if the court certifies the suit as a class-action lawsuit.
;Oregon
On May 12, 2006, an Oregon man filed a lawsuit against Verizon Northwest for $1 billion.
;Maine
On May 13, 2006, a complaint in Maine was filed by a group of 21 Maine residents who asked the Public Utilities Commission to demand answers from Verizon about whether it provided telephone records and information to the federal government without customers' knowledge or consent. Maine law requires the PUC to investigate complaints against a utility if a petition involves at least 10 of the utility's customers.
;California
Shortly after the NSA call database story surfaced, a San Francisco lawsuit, Hepting v. AT&T, was filed by the Electronic Frontier Foundation.

Justice Department response

On May 14, 2006, the Los Angeles Times reported that the U.S. Justice Department called for an end to an eavesdropping lawsuit against AT&T Corp., citing possible damage from the litigation to national security.
In an April 28 of the AT&T case, the US government indicated that it intends to invoke the State Secrets Privilege in a bid to dismiss the action.

Legal status

The NSA call database was not approved by the Foreign Intelligence Surveillance Court as required by the Foreign Intelligence Surveillance Act. The FISC was established in 1978 to secretly authorize access to call-identifying information and interception of communications of suspected foreign agents on U.S. soil. Stanford Law School's Chip Pitts provided an overview of the relevant legal concerns in The Washington Spectator.
Separate from the question of whether the database is illegal under FISA, one may ask whether the call detail records are covered by the privacy protection of the Fourth Amendment of the U.S. Constitution. This is unclear. As the U.S. has no explicit constitutional guarantee on the secrecy of correspondence, any protection on communications is an extension by litigation of the privacy provided to "houses and papers."
This again is dependent on the flexuous requirement of a reasonable expectation of privacy.
The most relevant U.S. Supreme Court case is Smith v. Maryland.
In that case, the Court addressed pen registers, which are mechanical devices that record the numbers dialed on a telephone; a pen register does not record call contents. The Court ruled that pen registers are not covered by the Fourth Amendment: "The installation and use of a pen register,... was not a 'search,' and no warrant was required." More generally, "This Court consistently has held that a person has no legitimate expectation of privacy in information he... voluntarily turns over to third parties."
The data collecting activity may however be illegal under other telecommunications privacy laws.

Stored Communications Act

The 1986 Stored Communications Act forbids turnover of information to the government without a warrant or court order, the law gives consumers the right to sue for violations of the act.
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication... only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure

However, the Stored Communications Act also authorizes phone providers to conduct electronic surveillance if the Attorney General of the United States certifies that a court order or warrant is not required and that the surveillance is required:
are authorized to... intercept... communications or to conduct electronic surveillance... if such provider... has been provided with a certification in writing by... the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required.

The Act provides for special penalties for violators when "the offense is committed... in violation of the Constitution or laws of the United States or any State."
Finally, the act allows any customer whose telephone company provided this information to sue that company in civil court for actual damages to the consumer, any profits by the telephone company, punitive damages, and attorney fees. The minimum amount a successful customer will recover under and is $1,000:

Communications Assistance for Law Enforcement Act

President Clinton signed into law the Communications Assistance for Law Enforcement Act of 1994, after it was passed in both the House and Senate by a voice vote. That law is an act "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes." The act states that a court order isn't the only lawful way of obtaining call information, saying, "A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization."

Historical background

The FISC was inspired by the recommendations of the Church Committee, which investigated a wide range of intelligence and counter-intelligence incidents and programs, including some U.S. Army programs and the FBI program COINTELPRO.
In 1971, the US media reported that COINTELPRO targeted thousands of Americans during the 1960s, after several stolen FBI dossiers were passed to news agencies. The Church Committee Senate final report, which investigated COINTELPRO declared that:

Legality

The legality of blanket wiretapping has never been sustained in court, but on July 10, 2008 the US Congress capitulated to the administration in granting blanket immunity to the administration and telecom industry for potentially illegal domestic surveillance. The bill was passed during the crucible of the 2008 presidential campaign, and was supported by then-Sen. Barack Obama, D-Ill., who was campaigning against Sen. John McCain, R-Ariz., for the presidency.
Obama provided qualified support for the bill. He promised to "carefully monitor" the program for abuse, but said that, "Given the legitimate threats we face, providing effective intelligence collection tools with appropriate safeguards is too important to delay. So I support the compromise." It is difficult to argue that appropriate safeguards are in place, when CDRs from all the major telecommunications companies are provided to the NSA.
The Foreign Intelligence Surveillance Court has released an opinion, dated August 29, 2013, written by U.S. District Judge Claire Eagan of the Northern District of Oklahoma, in which she said "metadata that includes phone numbers, time and duration of calls is not protected by the Fourth Amendment, since the content of the calls is not accessed." In the option, Judge Eagan said "data collection is authorized under Section 215 of the Patriot Act that allows the FBI to issue orders to produce tangible things if there are reasonable grounds to believe the records are relevant to a terrorism investigation." The option authorized the FBI to "collect the information for probes of 'unknown' as well as known terrorists." According to the New York Times, "other judges had routinely reauthorized the data collection program every 90 days."

Political action

The Senate Armed Services Committee was scheduled to hold hearings with NSA whistle-blower Russell Tice the week following the revelation of the NSA call database. Tice indicated that his testimony would reveal information on additional illegal activity related to the NSA call database that has not yet been made public, and that even a number of NSA employees believe what they are doing is illegal. Tice also told the National Journal that he "will not confirm or deny" if his testimony will include information on spy satellites being used to spy on American citizens from space.
However, these hearings did not occur and the reason why is unknown.

Polls

The USA Today report indicated that Qwest's then CEO, Joseph Nacchio, doubted the NSA's assertion that warrants were unnecessary. In negotiations, the NSA pressured the company to turn over the records. Qwest attorneys asked the NSA to obtain approval from the United States Foreign Intelligence Surveillance Court. When the NSA indicated they would not seek this approval, Qwest's new CEO Richard Notebaert declined NSA's request for access. Later, T-Mobile explicitly stated they do not participate in warrantless surveillance.