By Martin H. Bosworth

February 1, 2006
When telecommunications giant SBC bought AT&T and adopted the famous brand name as its own, it also inherited a lot of baggage, including an apparent inability to protect the privacy of its customers' records.

The company is facing a lawsuit for its part in allowing the National Security Agency (NSA) to conduct surveillance on its customers, via granting the NSA access to their vast databases of customer records and information.

AT&T is also potentially facing fines from the Federal Communications Commission (FCC) for failing to properly certify that its customers' records were safeguarded.

The Electronic Frontier Foundation (EFF) filed a class-action suit against AT&T in San Francisco yesterday (Jan. 31).

According to the filing, AT&T provided the NSA "with direct access to all or a substantial number of the communications transmitted through its key domestic telecommunications facilities, including direct access to streams of domestic, international and foreign telephone and Internet communications."

AT&T's cooperation enabled the NSA to "data-mine" the phone and Internet records for "suspicious" information, and to track communications that might lead to potential terrorist activity.

The NSA's surveillance program has been criticized for violating Americans' Fourth Amendment rights to defend against unwarranted searches and seizures. The EFF lawsuit also considers AT&T's actions a violation of the First Amendment right of freedom of speech, as well as numerous laws governing telecommunications privacy and wiretapping.

"Our goal is to go after the people who are making the government's illegal surveillance possible," Kevin Bankston, EFF staff attorney, told Wired magazine.

Failing Certification

Meanwhile, the FCC proposed fining AT&T $100,000 for failing to provide data certifying that it had complied with federal safeguards to protect customer privacy.

In the FCC's "Notice of Apparent Liability for Forfeiture," issued Jan. 30th, the agency stated that all major telecommunications companies had to verify their protection of their customers' proprietary network information ("CPNI"), or calling records.

AT&T had provided information on its customer safeguards in its prior incarnation as SBC, but not as the old AT&T corporation.

The report concluded that "AT&T has apparently failed to comply with the requirement that it have an officer certify on an annual basisthat AT&T has established operating procedures adequate to ensure compliance with the Commission's CPNI rules. For this apparent violation, we propose a forfeiture."

The $100,000 fine was also levied against telecom carrier Alltel for failing to fulfill the certification. Both companies can avoid the fine if they provide more information on their security procedures.

SBC posted earnings of $1.6 billion for the 4th quarter of 2005, after its acquisition of AT&T.

The sale of calling records to third-party companies has provoked investigations from numerous national newspapers, and calls to Congress for stronger legislation governing the protection of customers' information.

Sprint Nextel, T-Mobile, Verizon Wireless, and the states of Illinois and Missouri have all filed lawsuits against All Star Investigations, the company behind Web sites such as, implicated for selling cellphone and land line records to third parties.