MAINWAY

MAINWAY is a database maintained by the United States' National Security Agency (NSA) containing metadata for hundreds of billions of telephone calls made through the largest telephone carriers in the United States, including AT&T, Verizon, and T-Mobile.

The existence of this database and the NSA program that compiled it was unknown to the general public until USA Today broke the story on May 10, 2006.

It is estimated that the database contains over 1.9 trillion call-detail records. The records include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in traffic analysis and social network analysis, but do not include audio information or transcripts of the content of the phone calls.

According to former NSA director Michael Hayden, the NSA sought to deploy MAINWAY prior to 9/11 in response to the Millennium Plot but did not do so because it did not comply with US law. Hayden wrote: "The answer from [the Justice Department] was clear: ' ... you can't do this.'" As of June 2013, the database stores metadata for at least five years. According to Pulitzer Prize winning journalist James Risen, MAINWAY was the most important of the four components that comprised the ThinThread program.

The database's existence has prompted fierce objections. It is often viewed as an illegal warrantless search and violation of the pen register provisions of the Foreign Intelligence Surveillance Act and (in some cases) the Fourth Amendment of the United States Constitution.

The George W. Bush administration neither confirmed nor denied the existence of the domestic call record database. This contrasts with a related NSA controversy concerning warrantless surveillance of selected telephone calls; in that case they did confirm the existence of the program of debated legality. That program's code name was Stellar Wind.

Similar programs exist or are planned in other countries, including Sweden (Titan traffic database) and Great Britain (Interception Modernisation Programme).

The MAINWAY equivalent for Internet traffic is MARINA.

Content
According to an anonymous source, the database is "the largest database ever assembled in the world," and contains call-detail records (CDRs) for all phone calls, domestic and international. A call-detail record consists of the phone numbers of the callers and recipients along with time, position and duration of the call. While the database does not contain specific names or addresses, that information is widely available from non-classified sources.

According to the research group TeleGeography, AT&T (including the former SBC), Verizon, and BellSouth connected nearly 500 billion telephone calls in 2005 and nearly two trillion calls since late 2001. It is reported that all four companies were paid to provide the information to the NSA.

Usage
Although such a database of phone records would not be useful as a tool in itself for national security, it could be used as an element of broader national security analytical efforts and data mining. These efforts could involve analysts using the data to connect phone numbers with names and links to persons of interest. Such efforts have been the focus of the NSA's recent attempts to acquire key technologies from high tech firms in Silicon Valley and elsewhere. Link analysis software, such as Link Explorer or the Analyst's Notebook, is used by law enforcement to organize and view links that are demonstrated through such information as telephone and financial records, which are imported into the program from other sources. Neural network software is used to detect patterns, classify and cluster data as well as forecast future events.

Using relational mathematics, it is possible to find out if someone changes their telephone number by analyzing and comparing calling patterns.

ThinThread, a system designed largely by William Binney, which pre-dated this database, but was discarded for the Trailblazer Project, introduced some of the technology which is used to analyze the data. Michael Hayden, former director of the NSA, admitted as much in an interview, saying: "But we judged fundamentally that as good as [ThinThread] was, and believe me, we pulled a whole bunch of elements out of it and used it for our final solution for these problems, as good as it was, it couldn't scale sufficiently to the volume of modern communications." Where ThinThread encrypted privacy data, however, no such measures have been reported with respect to the current system.

Response

 * In response, the Bush administration defended its activities, while neither specifically confirming or denying the existence of the potentially illegal program. According to the Deputy White House Press Secretary, "The intelligence activities undertaken by the United States government are lawful, necessary and required to protect Americans from terrorist attacks."
 * Senator Arlen Specter claimed he would hold hearings with the telecommunications CEOs involved. The Senate Intelligence Committee was expected to question Air Force General Michael Hayden about the data-gathering during his confirmation hearings as Director of the Central Intelligence Agency. Hayden was in charge of the NSA from 1999 through 2005.
 * Commenting on the apparent incompatibility of the NSA call database with previous assurances by President Bush, former Republican Speaker of the House Newt Gingrich told Fox News, "I'm not going to defend the indefensible. The Bush administration has an obligation to level with the American people ... I don't think the way they've handled this can be defended by reasonable people." Later on Meet the Press, Gingrich stated that "everything that has been done is totally legal," and he said the NSA program was defending the indefensible, "because they refuse to come out front and talk about it."
 * Republican Senator Lindsey Graham told Fox News, "The idea of collecting millions or thousands of phone numbers, how does that fit into following the enemy?"
 * House Republican Caucus chairwoman Deborah Pryce said, "While I support aggressively tracking al-Qaida, the administration needs to answer some tough questions about the protection of our civil liberties."
 * Former Republican House Majority Leader John Boehner said, "I am concerned about what I read with regard to NSA databases of phone calls."
 * Democratic senator Patrick Leahy, ranking member of the Senate Judiciary Committee, said "Are you telling me that tens of millions of Americans are involved with al-Qaida? These are tens of millions of Americans who are not suspected of anything. ... Where does it stop?"
 * On May 15, 2006, FCC Commissioner Michael Copps called for the FCC to open an inquiry into the lawfulness of the disclosure of America's phone records.
 * In May 2006, Pat Robertson called the NSA wire-tapping a "tool of oppression."
 * In May 2006, former majority leader Trent Lott stated "What are people worried about? What is the problem? Are you doing something you're not supposed to?"
 * On May 16, 2006, both Verizon and BellSouth stated not only did they not hand over records, but that they were never contacted by the NSA in the first place.
 * On June 30, 2006, Bloomberg reported the NSA "asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks," citing court papers filed June 23, 2006 by lawyers in McMurray v. Verizon Communications Inc., 06cv3650, in the Southern District of New York.

Wired magazine
On May 22, 2006, it was revealed by investigative reporter Seymour Hersh and Wired magazine that the program involved the NSA setting up splitters to the routing cores of many telecoms companies and to major Internet traffic hubs. These provided a direct connection via an alleged "black room" known as Room 641A. This room allows most U.S. telecoms communications and Internet traffic to be redirected to the NSA.

According to a security consultant who worked on the program, "What the companies are doing is worse than turning over records ... they're providing total access to all the data," and a former senior intelligence official said, "This is not about getting a cardboard box of monthly phone bills in alphabetical order ... the NSA is getting real-time actionable intelligence."

Partial retraction
On June 30, 2006 USA Today printed a partial retraction about its controversial article the prior month saying: "... USA TODAY also spoke again with the sources who had originally provided information about the scope and contents of the domestic calls database. All said the published report accurately reflected their knowledge and understanding of the NSA program, but none could document a contractual relationship between BellSouth or Verizon and the NSA, or that the companies turned over bulk calling records to the NSA. Based on its reporting after the May 11 article, USA TODAY has now concluded that while the NSA has built a massive domestic calls record database involving the domestic call records of telecommunications companies, the newspaper cannot confirm that BellSouth or Verizon contracted with the NSA to provide bulk calling records to that database ..."

Denials
Five days after the story appeared, BellSouth officials said they could not find evidence of having handed over such records. "Based on our review to date, we have confirmed no such contract exists and we have not provided bulk customer calling records to the NSA," the officials said. USA Today replied that BellSouth officials had not denied the allegation when contacted the day before the story was published. Verizon has also asserted that it has not turned over such records.

Companies are permitted by US securities law (15 U.S.C. 78m(b)(3)(A)) to refrain from properly accounting for their use of assets in matters involving national security, when properly authorized by an agency or department head acting under authorization by the President of the United States. President Bush issued a presidential memorandum on May 5, 2006 delegating authority to make such a designation to Director of National Intelligence John Negroponte, just as the NSA call database scandal appeared in the media.

Lawsuits
The Electronic Frontier Foundation filed a related suit against AT&T on January 31, 2006, alleging that the firm had given NSA access to its database, a charge reiterated in the USA Today article. Verizon and BellSouth have both claimed they were never contacted by the NSA, nor did they provide any information to the agency, though US codes of law permit companies to lie about their activities when the President believes that telling the truth would compromise national security.

On June 6, 2013, in the wake of well-publicized leaks of top secret documents by former NSA contractor Edward Snowden, conservative public interest lawyer and Judicial Watch founder Larry Klayman filed a lawsuit (Klayman v. Obama) challenging the constitutionality and statutory authorization of the government's wholesale collection of phone record metadata. On June 10, the American Civil Liberties Union and Yale Law School's Media Freedom and Information Clinic filed a motion with the Foreign Intelligence Surveillance Court (FISC) asking for the secret FISC opinions on the Patriot Act to be made public in the light of the Guardian's publication of a leaked FISC court order about the collection of Verizon call records metadata. On June 11, the ACLU filed a lawsuit (ACLU v. Clapper) against Director of National Intelligence James Clapper challenging the legality of the NSA's telephony metadata collection program. Once the judge in each case had issued rulings seemingly at odds with one another, Gary Schmitt (former staff director of the Senate Select Committee on Intelligence) wrote in The Weekly Standard, "The two decisions have generated public confusion over the constitutionality of the NSA's data collection program—a kind of judicial 'he-said, she-said' standoff." The ACLU contested the decision in the Second Circuit Court of Appeals. In 2015, the appeals court ruled that Section 215 of the Patriot Act did not authorize the bulk collection of metadata, which judge Gerard E. Lynch called a "staggering" amount of information.

In November 2014, an appeals court in Washington heard arguments in the case Klayman v. Obama. During the hearings, Justice Department attorney H. Thomas Byron defended the NSA's collection of phone records and stated that "the government doesn't and never has acquired all or nearly all of the telephone call data records."

Claims

 * New Jersey

Spurred by the public disclosure of the NSA call database, a lawsuit was filed against Verizon on May 12, 2006 at the Federal District Court in Manhattan by Princeton, N.J. based attorneys Carl Mayer and Bruce Afran. The lawsuit seeks $1,000 for each violation of the Telecommunications Act of 1996, and would total approximately $5 billion if the court certifies the suit as a class-action lawsuit.


 * Oregon

On May 12, 2006, an Oregon man filed a lawsuit against Verizon Northwest for $1 billion.


 * Maine

On May 13, 2006, a complaint in Maine was filed by a group of 21 Maine residents who asked the Public Utilities Commission (PUC) to demand answers from Verizon about whether it provided telephone records and information to the federal government without customers' knowledge or consent. Maine law requires the PUC to investigate complaints against a utility if a petition involves at least 10 of the utility's customers.


 * California (E.F.F.)

Shortly after the NSA call database story surfaced, a San Francisco lawsuit, Hepting v. AT&T, was filed by the Electronic Frontier Foundation.

Justice Department response
On May 14, 2006, the Los Angeles Times reported that the U.S. Justice Department called for an end to an eavesdropping lawsuit against AT&T Corp., citing possible damage from the litigation to national security.

In an April 28 Statement of Interest of the AT&T case, the US government indicated that it intends to invoke the State Secrets Privilege in a bid to dismiss the action.

Legal status
The NSA call database was not approved by the Foreign Intelligence Surveillance Court (FISC) as required by the Foreign Intelligence Surveillance Act (FISA). The FISC was established in 1978 to secretly authorize access to call-identifying information and interception of communications of suspected foreign agents on U.S. soil. Stanford Law School's Chip Pitts provided an overview of the relevant legal concerns in The Washington Spectator.

Separate from the question of whether the database is illegal under FISA, one may ask whether the call detail records are covered by the privacy protection of the Fourth Amendment of the U.S. Constitution. This is unclear. As the U.S. has no explicit constitutional guarantee on the secrecy of correspondence, any protection on communications is an extension from litigation of the privacy provided to "houses and papers." This again is dependent on the flexuous requirement of a reasonable expectation of privacy.

The most relevant U.S. Supreme Court case is Smith v. Maryland. In that case, the Court addressed pen registers, which are mechanical devices that record the numbers dialed on a telephone; a pen register does not record call contents. The Court ruled that pen registers are not covered by the Fourth Amendment: "The installation and use of a pen register, ... was not a 'search,' and no warrant was required." More generally, "This Court consistently has held that a person has no legitimate expectation of privacy in information he ... voluntarily turns over to third parties."

The data collecting activity may however be illegal under other telecommunications privacy laws.

Stored Communications Act
The 1986 Stored Communications Act (18 U.S.C. § 2701) forbids turnover of information to the government without a warrant or court order, the law gives consumers the right to sue for violations of the act.

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication ... only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure

However, the Stored Communications Act also authorizes phone providers to conduct electronic surveillance if the Attorney General of the United States certifies that a court order or warrant is not required and that the surveillance is required:

[Telephone providers] are authorized to ... intercept ... communications or to conduct electronic surveillance ... if such provider ... has been provided with a certification in writing by ... the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required.

The Act provides for special penalties for violators when "the offense is committed ... in violation of the Constitution or laws of the United States or any State."

Finally, the act allows any customer whose telephone company provided this information to sue that company in civil court for (a) actual damages to the consumer, (b) any profits by the telephone company, (c) punitive damages, and (d) attorney fees. The minimum amount a successful customer will recover under (a) and (b) is $1,000:

"The court may assess as damages in a civil action under this section the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000. If the violation is willful or intentional, the court may assess punitive damages. In the case of a successful action to enforce liability under this section, the court may assess the costs of the action, together with reasonable attorney fees determined by the court."

Communications Assistance for Law Enforcement Act
President Clinton signed into law the Communications Assistance for Law Enforcement Act of 1994, after it was passed in both the House and Senate by a voice vote. That law is an act "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes." The act states that a court order isn't the only lawful way of obtaining call information, saying, "A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization."

Historical background
The FISC was inspired by the recommendations of the Church Committee, which investigated a wide range of intelligence and counter-intelligence incidents and programs, including some U.S. Army programs and the FBI program COINTELPRO.

In 1971, the US media reported that COINTELPRO targeted thousands of Americans during the 1960s, after several stolen FBI dossiers were passed to news agencies. The Church Committee Senate final report, which investigated COINTELPRO declared that:

"Too many people have been spied upon by too many Government agencies and too much information has been collected. The Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power. The Government, operating primarily through secret informants, but also using other intrusive techniques such as wiretaps, microphone 'bugs,' surreptitious mail opening, and break-ins, has swept in vast amounts of information about the personal lives, views, and associations of American citizens. Investigations of groups deemed potentially dangerous – and even of groups suspected of associating with potentially dangerous organizations – have continued for decades, despite the fact that those groups did not engage in unlawful activity."

Legality
The legality of blanket wiretapping has never been sustained in court, but on July 10, 2008 the US Congress capitulated to the administration in granting blanket immunity to the administration and telecom industry for potentially illegal domestic surveillance. The bill was passed during the crucible of the 2008 presidential campaign, and was supported by then-Sen. Barack Obama, D-Ill., who was campaigning against Sen. John McCain, R-Ariz., for the presidency.

Obama provided qualified support for the bill. He promised to "carefully monitor" the program for abuse, but said that, "Given the legitimate threats we face, providing effective intelligence collection tools with appropriate safeguards is too important to delay. So I support the compromise." It is difficult to argue that appropriate safeguards are in place, when CDRs from all the major telecommunications companies are provided to the NSA.

The Foreign Intelligence Surveillance Court has released an opinion, dated August 29, 2013, written by U.S. District Judge Claire Eagan of the Northern District of Oklahoma, in which she said "metadata that includes phone numbers, time and duration of calls is not protected by the Fourth Amendment, since the content of the calls is not accessed." In the option, Judge Eagan said "data collection is authorized under Section 215 of the Patriot Act that allows the FBI to issue orders to produce tangible things if there are reasonable grounds to believe the records are relevant to a terrorism investigation." The option authorized the FBI to "collect the information for probes of 'unknown' as well as known terrorists." According to the New York Times, "other judges had routinely reauthorized the data collection program every 90 days."

Political action
The Senate Armed Services Committee was scheduled to hold hearings with NSA whistle-blower Russell Tice the week following the revelation of the NSA call database. Tice indicated that his testimony would reveal information on additional illegal activity related to the NSA call database that has not yet been made public, and that even a number of NSA employees believe what they are doing is illegal. Tice also told the National Journal that he "will not confirm or deny" if his testimony will include information on spy satellites being used to spy on American citizens from space. However, these hearings did not occur and the reason why is unknown.

Polls

 * In a Newsweek poll of 1007 people conducted between May 11 and 12, 2006, 53% of Americans said that "the NSA's surveillance program goes too far in invading privacy " and 57% said that in light of the NSA data-mining news and other executive actions the Bush-Cheney Administration has "gone too far in expanding presidential power" while 41% see it as a tool to "combat terrorism" and 35% think the Administration's actions were appropriate.
 * According to a Washington Post telephone poll of 502 people, conducted on May 11, 63% of the American public supports the program, 35% do not; 66% were not bothered by the idea of the NSA having a record of their calls, while 34% were; 56% however thought it was right for the knowledge of the program to be released while 42% thought it was not. These results were later contradicted by further polls on the subject, specifically a USA Today/Gallup poll showing 51% opposition and 43% support for the program.

Qwest Communications
The USA Today report indicated that Qwest's then CEO, Joseph Nacchio, doubted the NSA's assertion that warrants were unnecessary. In negotiations, the NSA pressured the company to turn over the records. Qwest attorneys asked the NSA to obtain approval from the United States Foreign Intelligence Surveillance Court. When the NSA indicated they would not seek this approval, Qwest's new CEO Richard Notebaert declined NSA's request for access. Later, T-Mobile explicitly stated they do not participate in warrantless surveillance.