EFF Case Study Information

The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T on January 31, 2006, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in its massive, illegal program to wiretap and data-mine Americans’ communications. In May 2006, many other cases were filed against a variety of telecommunications companies. Subsequently, the Multi-District Litigation Panel of the federal courts transferred approximately 40 cases to the Northern District of California federal court.

In Hepting v. AT&T, EFF sued the telecommunications giant on behalf of its customers for violating privacy law by collaborating with the NSA in the massive, illegal program to wiretap and data-mine Americans’ communications. Evidence in the case includes
undisputed evidence provided by former AT&T telecommunications technician Mark Klein showing AT&T routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA.

In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against telecoms, ruling that the companies had immunity from liability under the controversial Foreign Intelligence Surveillance Act Amendments Act (FISAAA), which was enacted in response to court victories in Hepting. Signed by President Bush in 2008, the FISAAA allows the attorney general to require the dismissal of the lawsuits over the telecoms’ participation in the warrantless surveillance program if the government secretly certifies to the court that the surveillance did not occur, was legal, or was authorized by the president—certification that was filed in September of 2008.

Posting:

Why is the Hepting v. AT&T case crucial to the long-term posture of how the U.S. government can or cannot review consumer confidential information?
If Hepting v. AT&T results in “Big Brother” being allowed to eavesdrop and/or review the local and toll telephone dialing and bills of individuals, will U.S. citizens and consumers have any privacy rights left regarding use of communication technologies?
What are the information systems security implications of consumer information being shared?