Sunday, May 28, 2006

Amnesty launches

Amnesty International have launched a campaign against online censorship called From that site:
Adj. 1) Impossible to repress or control.

Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information.

The Internet is a new frontier in the struggle for human rights. Governments – with the help of some of the biggest IT companies in the world – are cracking down on freedom of expression.

Amnesty International, with the support of The Observer, is launching a campaign to show that online or offline the human voice and human rights are impossible to repress.
Amnesty's UK director Kate Allen explains:
'Open your newspaper any day of the week and you will find a report from somewhere in the world of someone being imprisoned, tortured or executed because his opinions or religion are unacceptable to his government.'

So began an article in this newspaper 45 years ago called 'The Forgotten Prisoners'. The author, Peter Benenson, urged people to call on governments to stop this persecution. The 'appeal for amnesty' that he started went on to become Amnesty International, a movement that now has 1.8 million supporters in more than 100 countries around the world and continues to stand up for freedom and justice wherever it is denied.

Much has changed in those 45 years. The Iron Curtain has been torn down and apartheid has ended; we have witnessed genocide in Rwanda and ethnic cleansing in the Balkans. And the world has moved on technologically: in 1961 people were expressing their opinions in books and newsprint; Amnesty members responded to their repression by writing letters. Now we have the internet; and Amnesty is able to mobilise its supporters online to lobby governments with emails and web-based campaigning.

Sadly what remains the same is that people are still being imprisoned for peacefully expressing their beliefs. Benenson started Amnesty after reading about two students arrested in a Portuguese cafe for raising a toast to freedom: 45 years on, we were recently made aware of three young Vietnamese people arrested after taking part in an online chatroom debate about democracy.

Governments still fear dissenting opinion and try to shut it down. While the internet has brought freedom of information to millions, for some it has led to imprisonment by a government seeking to curtail that freedom. They have closed or censored websites and blogs; created firewalls to prevent access to information; and restricted and filtered search engines to keep information from their citizens.

China is perhaps the clearest example. Its internet censorship and clampdown on dissent online is sophisticated and widespread. But Amnesty has documented internet repression in countries as diverse as Iran, Turkmenistan, Tunisia, Israel, the Maldives and Vietnam.

Another massive change since 1961 has been the rising power of multinationals, but some companies have been complicit in these abuses. So Amnesty is increasingly lobbying not just governments but powerful firms to respect the rights of ordinary people.

The internet is big business, but in the search for profits some companies have encroached on their own principles and those on which the internet was founded: free access to information. The results of searches using China-based search engines run by Yahoo, Microsoft, Google and local firms are censored, limiting the information users can access. Microsoft pulled down the work of one of China's most popular bloggers who had made politically sensitive comments. Yahoo gave information to the authorities that led to people being jailed for sending emails with political content. We do not accept these firms' arguments that it is better to have a censored Google, Yahoo or Microsoft in China than none at all.

So Amnesty International is again calling on Observer readers to join with us to take a stand for basic human freedoms. The internet has the potential to transcend national borders and allow the free flow of ideas around the world. Of course there is a need for limits to free expression to protect other rights - promoting violence or child pornography are never acceptable - but the internet still has immense power and potential.

Just by logging on to my computer I can exchange views with someone in Beijing or Washington. I can read what bloggers in Baghdad think of the situation in Iraq. I can find a million viewpoints that differ from my own on any topic. It is the greatest medium for free expression since the printing press, a meeting of technology and the social, inquisitive nature of human beings and the irrepressible force of the human voice. This is the new frontier in the battle between those who want to speak out, and those who want to stop them. We must not allow it to be suppressed.
As part of the campaign they've produced some clever html which allows you to display examples of the censored material on your own site, like this:

Saturday, May 27, 2006

US Government pushing internet data retention

ZDNet reports that:
U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller on Friday urged telecommunications officials to record their customers' Internet activities, CNET has learned.

In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years, according to two sources familiar with the discussion who spoke on condition of anonymity.

The closed-door meeting at the Justice Department, which Gonzales had requested, according to the sources, comes as the idea of legally mandated data retention has become popular on Capitol Hill and inside the Bush administration. Supporters of the idea say it will help prosecutions of child pornography because in many cases, logs are deleted during the routine course of business.
The Justice Department appears to be seeking "voluntary" data retention, but there are also proposals to introduce federal legislation:
Two proposals to mandate data retention have surfaced in the U.S. Congress. One, backed by Rep. Diana DeGette, a Colorado Democrat, says that any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could only be discarded at least one year after the user's account was closed.

The other was drafted by aides to Wisconsin Rep. F. James Sensenbrenner, the chairman of the House Judiciary Committee, a close ally of President Bush. Sensenbrenner said through a spokesman last week, though, that his proposal is on hold because "our committee's agenda is tremendously overcrowded already."
If you haven't already thought about protecting your privacy online, now would be a good time to start. At the moment, the best way of ensuring anonymous communication is probably the EFF's Tor system. If you're running Windows, Torpark is a quick and easy way of getting started. From the Torpark FAQ:
Installation Instructions

1. Download and run the exe, it will extract Torpark.
2. Put the Torpark directory where you want it, like on a USB drive.
3. Run Torpark.exe

What is Torpark, exactly?

Torpark is a fully configured combination of Tor (The Onion Router) and Mozilla's browser technologies, enabled by John T. Haller's Portable Firefox. As of v1.5, the whole package is wrapped up in a nice single executable with file directory. No installation, no registry keys, no files left behind.

How can this be used?

Lots of ways! It can be used to circumvent censorship firewalls, like at work or in China. It can be used to bypass paying for internet access at a wifi cafe. It can be used at school computers so you can get full access to the internet. And best of all, if there is no key loggers secretly installed on the machine, nobody is going to know where you went, what you saw, who you spoke to, or what you said. It is all encrypted in a tunnel between your computer, and at least three others somewhere in the world. Only after your data has passed through the encrypted and constantly changing tunnel (a tor circuit) will it reach the internet as unencrypted. The data from surfing the internet goes through the same tunnel as well, passing back to you encrypted, where your computer uses Tor to decrypt it to the Torpark browser. When you need a secret and secure tunnel to surf the internet, Torpark is your mobile solution.

Thursday, May 25, 2006

Online Anonymity - Ryanair Edition (continued)

Ryanair are back in the High Court seeking to identify pilots who have anonymously criticised them online. According to the Belfast Telegraph:
Ryanair went to court yesterday to find out who is behind messages on its pilots website. The airline wants to know the identity of those people who go under the codenames 'ihateryanair', 'cantfly-wontfly' and others on the Ryanair European Pilots Association (REPA) website. The REPA website was set up two years ago to give "an anonymous and secure way for Ryanair pilots throughout Europe to communicate with each other". According to the website, it "allows Ryanair pilots to freely express their views on a range of industrial safety and professional issues". The membership is exclusive to Ryanair pilots, including those on contract and trainees.

In the action, which opened yesterday in the High Court, Ryanair is seeking a number of orders against Neil Johnston, an official with the trade union IMPACT; the Irish Airline Pilots Association and its British counterpart, BALPA. The airline contends it has a duty to identify the persons behind the codenames. It claims the website was established by and is controlled by IALPA and BALPA. This is denied by both pilots' associations. Ryanair is also seeking an order requiring the defendants to disclose all information within their knowledge relating to threats, intimidations and harassment of Ryanair pilots. The airline claims the defendants have refused Ryanair's requests to identify the persons behind the codenames and alleges they have sought to destroy records, registration details, databases and information relating to REPA members. Ryanair claims that unknown persons, allegedly known to the defendants, are engaged in a concerted process of intimidation, bullying, harassment and criminal activity. In an affidavit, Eddie Wilson, director of personnel with Ryanair, said that REPA, which was not a registered trade union, was set up in 2004 and its web site was designed to allow Ryanair pilots communicate with one another in a manner designed to obscure the identity of the person communicating through the use of codenames and password procedures. The defendants deny the claims and say REPA was established to facilitate the organisation of pilots employed by Ryanair in order to protect those pilots and their employment within the industry. The case continues today.
I've blogged about this case before. The defendants have already accused Ryanair of seeking to intimidate pilots from engaging in legitimate debate. It will be very interesting to see whether the High Court gives adequate weight to the freedom of expression issues at stake.

Wednesday, May 24, 2006

Yet another argument against ID cards: Error exposes 26m US veterans to ID theft

Just in case you were wondering we worry about vast government databases, the Times gives us a reminder:
AS IF war wounds and post-traumatic stress were not enough, millions of US military veterans face the risk of identity theft.

Personal data on 26.5 million veterans fell into the hands of criminals when a laptop and computer disks were stolen from a government official who had taken the information home without permission. The data contains the name, date of birth and social security number of everyone discharged from the American Armed Forces since 1975.

The security breach is second in scale only to the hacking attack on CardSystems Solutions last June, which compromised the accounts of 40 million credit card holders. But it is potentially even more damaging because the stolen information contains social security numbers, which can be used to obtain credit cards and loans in a victim’s name.

Veterans reacted with fury at the prospect of having their identities stolen by criminals who might run up huge debts in their names.

Tuesday, May 23, 2006

Innocent people branded criminals on government database: the victims' stories

The Mail on Sunday has more on the victims of the UK Criminal Records Bureau:
One of those whose lives have been ruined by the CRB is 19-year-old Emma Budd, from Maesteg, Glamorgan, who is still fighting to have her records amended after being wrongly accused of having two convictions for theft. She was rejected for two jobs teaching disabled children as a result of the mistake and has now spent almost two years trying to have the error rectified.

In 2004, she applied for a position at the National Children's Home and paid £34 for the CRB check - only to be told to her horror that she had two alleged 'convictions' for theft.

Emma said: 'I have never stolen anything in my life. But I was devastated - I felt like a criminal even though I knew I wasn't one. I disputed the results. I had to go down to the police station and have my fingerprints taken. It was mortifying.'

She added: 'The police blamed the Criminal Records Bureau for the mistake and the CRB blamed the police. It was all down to the bureaucracy. Nobody would take the blame.'

Finally the police told her that her name had been cleared and she applied to work as a home carer - but to her amazement, the required criminal records check again listed her as a convicted thief.

She has now been reassured that her records have been amended but says she will not believe this until she sees it working in practice.

David Mansfield, 58, was prevented from taking up a post as an assistant for children with learning difficulties at a local college after the CRB wrongly identified him as a peddler of hardcore pornography.

Mr Mansfield, from Hertford, who spent a lifetime working in the transport division of the NHS before taking early retirement, said: 'The CRB record claimed I had been convicted for selling hardcore pornography in Bournemouth in 1972. It was absolutely ridiculous.

'It was a horrible slur on my character and I was determined to clear my name. But you find you're dealing with a nebulous, faceless bureaucracy which makes it worse.

'It was hard work to get any replies and I was always chasing them. But I was determined to have my name cleared because it meant I would be debarred from doing any community or social or voluntary work.

'Eventually, the CRB admitted they had made a mistake and sent me £150 as an ex-gratia payment, but there was no apology.'
The Mail on Sunday editorial draws the obvious conclusions:
The apparatus of vigilance cannot be trusted to use its existing powers well or wisely. After all the recent revelations of Home Office incompetence, the disclosure that almost 1,500 citizens have been wrongly said to have criminal records is less shocking than it would once have been.

Even so, the scale of this bungle ought to be a strong warning against the Government's halfcompleted and so far voluntary plans to put us all on a national identity database.

Such a system would be far larger, far more all-embracing and far more open to misuse and confusion than the Criminal Records Bureau. And, given the gullible reliance of bureaucrats on official records, imagine the endless battles to clear names and overcome identity confusion that are bound to result.

Thousands of us will be constantly having our fingerprints retaken to persuade inflexible jobsworths that we are not terrorists or child molesters.

On the basis of its performance so far, the official claim that ID cards will be a protection against identity theft may well turn out to be the opposite of the truth. The State, whose job it is to safeguard the people, instead stole the good names from hundreds of decent individuals. Those who had nothing to hide turned out to have plenty to fear.

Your personal information is for sale: Job applicants subjected to illegal record checks

The Times has revealed yet more abuse of UK government databases:
THOUSANDS of people have been subjected to illegal background checks when they applied for jobs that did not require vetting, according to a report on the Criminal Records Bureau.

As demand for checks from the bureau grows, there are increasing concerns that employers are misusing the system.

Job applicants have been subjected to scrutiny when they applied to be refuse workers, dog wardens, car park attendants and train drivers. On one occasion checks were sought on people applying to take part in a television game show.

Disclosure of information should occur only when people are applying for jobs that involve working with children and vulnerable adults or certain financial and security- related occupations.

Sunday, May 21, 2006

Yet another reason to oppose ID cards: Innocent people branded criminals on government database

Reuters reports that:
The [UK] government, already under pressure over a series of blunders in its immigration and prison services, has confirmed it wrongly branded around 1,500 innocent people as criminals due to a computer mix-up.

It said the Criminal Records Bureau (CRB), which carries out checks on people who have applied for jobs working with children or vulnerable adults, had confused the innocent people with convicted criminals because they had similar or identical names.

The names were stored on a police database.
Bear in mind that these are just the mistakes we know about: the people who were persistent or lucky enough to establish the truth. How many other people have had their reputations and careers ruined because of government incompetence? And the official response to this outrage? Apologies? Vows that it will never happen again? Far from it:
"We make no apology for erring on the side of caution. We are talking about the protection of children and vulnerable adults," a Home Office spokesman said.
There you have it. Far from being sorry, the government feels that it is appropriate to ruin the lives of the innocent. Exactly how branding innocent people as criminals protects children is left to the imagination of the reader.

Friday, May 19, 2006

Lib Dems: UK Government unable to protect existing databases, new ID card database an even juicier target

"Organised crime will try and crack the identity cards database — the National Identity Register (NIR) — the Liberal Democrats have warned.

Last year it was revealed that the identities of 13,000 civil servants had been stolen and used by criminals to make fake tax credit claims.

Liberal Democrat home affairs spokesman, Nick Clegg, said the theft was a 'terrible omen' for the forthcoming ID cards scheme.

Clegg said, if organised criminals are capable of infiltrating the Department for Work and Pensions (DWP), 'it is clear they will target the identity cards database, where the stakes are even higher.'

Clegg said in a statement: 'The government's claims that ID cards will cut identity fraud look increasingly unrealistic. If the ID cards database is breached, people could find their iris scans and fingerprints — as well as personal data and national insurance numbers — stolen.'"

Thursday, May 18, 2006

Irish users most aware of data retention

According to Google Trends Irish users are most likely to search on the terms "data retention" - outstripping the next country (the UK) by over two to one.I'm going to take this as a sign that Digital Rights Ireland is succeeding in raising public awareness of the issue.

UK plans to put your bedroom online - literally

The Labour party seems to have forgotten its past campaigns to keep the State out of the bedroom. From Contractor UK:
Digital pictures showcasing the interiors of taxpayers’ homes will be posted on the internet under freshly laid plans to be considered by the Deputy Prime Minister.

Under the scheme to revaluate 22 million homes, council tax snoopers could be given digital cameras to snap inside people’s homes, including their bathrooms, bedrooms and conservatories.

Confidentiality inside the home is an “old fashioned attitude” and taxpayers should feel no need to “hide” their expenses or value of their property, said Paul Sanderson, director of modernisation for the tax inspectors.

Instead, photographs of the property, details and “everything” about how much residents paid for their house, or rent, should be posted on publicly accessible website.

His suggestions have caused outrage among politicians and taxpayer alliances, while also raising fears among internet commentators.

Their concern centres on property information, including photographs, being sold in bulk to junk mailers and marketing companies, in light of the government’s decision to sell private data provided by the DVLA.

“Householders are already angry at the fact that camera-wielding tax inspectors can barge inside their family homes to record the number of bedrooms, size of their garage and their conservatory,” said Caroline Spelman, the Conservative minister.

“I suspect that people will be further shocked to discover that this private information would then be published on the internet for anyone to see and sold to junk mailers.”

The internet plan aims to reduce the number of people appealing against council tax payments by letting them use the website to compare their home’s value with neighbours’.
"Confidentiality inside the home is an 'old fashioned attitude'"? Words fail me. Fortunately, the drafters of the European Convention on Human Rights had something to say about this: "Everyone has the right to respect for his private and family life, his home and his correspondence."

More generally, this episode illustrates how seemingly unrelated areas of public policy impact on privacy. If a tax system requires disproportionate amounts of private information in order to function, the solution is not to put that information online for the world to see but to reform the system so that it is less privacy invasive, and to carry out privacy impact assessments before new tax policies are adopted.

Wednesday, May 17, 2006

High Court gives disappointing decision on video surveillance

In Atherton v. DPP the High Court has considered, apparently for the first time, the admissibility of evidence obtained by video surveillance.

The case concerned a defendant accused of damaging a neighbour's hedge. The neighbour resorted to video surveillance to catch the perpetrator, and placed a video camera in an upstairs window of a house across the street. From there, the camera recorded the neighbour's front garden, but also the front garden, driveway, door and windows of the defendant's adjoining semi-detached house.

The defendant argued that the resulting video footage of him was obtained unlawfully and in breach of his constitutional rights, particularly where it involved surveillance of his dwelling. This was rejected, however, by Peart J. who held that:
I am satisfied that the taking of video footage of the hedge and in so doing the front of the accused’s house is not an act which constitutes an unconstitutional invasion of the right to privacy as contended by Mr O’Higgins. First of all, it is obvious that the front of the accused’s house is something which is visible from the public road – perhaps only with the use of a ladder, but nonetheless visible. It is certainly visible from the upstairs of the house opposite, from which the footage was taken. In my view there is no meaningful distinction between the evidence of what was happening to the hedge in the garden opposite that house being given in the form of video footage, and that very same evidence being given by the owner of the house opposite if he arranged things so that he was standing at the same window as the camera was set up at and observing himself what was happening. He would undoubtedly be permitted to give evidence viva voce of anything which he observed happening in the garden into which he was looking, and it could not possibly be seriously contended that if that person also saw the accused re-entering his house through the front door, and while the door was open saw also into the hallway, that in some way that person had breached the accused’s right to privacy by seeing what he saw. The camera has done no more and no less than that.

Of course, a different view might easily be taken if the act of setting up the camera in the required position involved a trespass upon the property of the person to be observed. That is a different matter altogether. But that is not the position in this case. The point was made by Mr O’Higgins that this camera in the way it was set up had the capacity to see into rooms at the front of the accused’s house if the curtains were open. But in my view the problem with that submission is that the same arises if a person were to place himself at the window opposite and in the event that the owner happened to leave the curtains open.

I do not believe either that the accused’s application is assisted by the evidence given by the Garda that up to 70% of the footage contained in the frame of the video is taken up with the front of the accused’s house, rather than the hedge itself. One way or another I cannot see that there has been any breach of the accused’s right of privacy in relation to his dwelling and its curtilage – especially in the absence of any trespass or other unlawfulness. It is not necessary in these circumstances to consider whether the balancing of the rights was correctly undertaken by the District Judge was correctly carried out. There simply has been no breach as far as I can see, and therefore no justification of a breach need be investigated and considered.
This judgment is unusual, to say the least, and it is significant that no authority is cited by Peart J. for his ruling. Three points are particularly problematic. First, it relies on the fact that the area was visible from the public road (with the aid of a ladder!) or from the facing houses to deny that any privacy interest existed. This approach is entirely inconsistent with the caselaw of the European Court of Human Rights which made it clear in Peck v. the United Kingdom that privacy rights could subsist even in respect of CCTV footage of public areas. Secondly, it focuses on the fact that there was no trespass to the defendant's property. It is unclear, however, why this should be relevant. The tort of trespass deals with property rights - not privacy rights. Whether there is a physical invasion of the defendant's space should not be determinative. Indeed, the "trespass doctrine" has, after an ignoble history, been long since abandoned in the United States - see Katz v. United States, and there is no apparent reason why it should be resurrected here. Finally, the decision equates video surveillance with the view of a person who might place themselves at the window. This is to overlook, however, the pervasive and permanent nature of video surveillance - there is a qualitative difference between occasional transient views and continuous, permanently recorded, surveillance.

Instead, this appears to be a case where a balancing exercise would have been appropriate: and such a balancing exercise would probably have come to the same conclusion - that the video surveillance was not especially intrusive and was justified in the circumstances. By denying that any privacy right exists, however, the court sets an undesirable precedent.

[It may be worth contrasting this decision with the views of the Data Protection Commissioner in respect of CCTV cameras on the Luas line. In that case it was accepted that there was a breach of the Data Protection Acts where back gardens were being monitored by the Luas CCTV cameras. While there is certainly a greater expectation of privacy in a back garden, those gardens were presumably visible by travellers on the Luas line, which would have ruled out any privacy interest if we were to apply the reasoning of Peart J.]

Update (16/8/2007): Eoin Carolan has a very interesting piece in the Dublin University Law Journal ("Stars of Citizen TV" (2006) 13(1) DULJ 326) discussing Atherton.

Your personal information is for sale: Eircom and Garda computers edition

Billy Flynn (the private detective who exposed much of the Garda wrongdoing being investigated by the Morris Tribunal) has recently confirmed that your Eircom telephone records are for sale to the highest bidder, and that there is corrupt access to the Garda Pulse computer system. In an interview with Village Magazine he gives further details:
Central to the success of Billy Flynn in the McBrearty affair was his acquisition of the phone logs of Garda John O'Dowd, from whose phone extortionist calls were made to associates of the McBreartys. In all, he obtained the phone logs of over 30 people, most of them related to Garda phones. In the course of the extended interview with Village he disclosed that another investigator, a retired garda, is able to tap into the Garda Pulse system (ie, the Garda computer), but he (Billy Flynn) is not in a position to do that.

Billy Flynn explained: 'I was driving home from Dublin to Enfield and I gave a hitchhiker a lift. He was not a usual hitchhiker, something had happened his car and he was in a hurry to get to a destination before public transport would get him there. On the way I discovered he worked in Eircom and as he was getting out of the car I asked if he could help me. I told him what I had in mind and he said he would.

'Afterwards I would meet him in an agreed location. I would drive up and we would exchange envelopes, his containing the phone logs I needed and I remunerating him.'
Does anybody really believe that data retention information (including details of your emails and internet use) won't be abused in the same way?

Thursday, May 11, 2006

US Data Retention Exposed

USA Today has revealed that the US has been engaged in secret data retention of telephone calls since 2001:
The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren't suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

"It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.

The three telecommunications companies are working under contract with the NSA, which launched the program in 2001 shortly after the Sept. 11 terrorist attacks, the sources said. The program is aimed at identifying and tracking suspected terrorists, they said.

The sources would talk only under a guarantee of anonymity because the NSA program is secret.

A disturbing aspect is the way in which the telecom companies agreed to voluntarily (and apparently illegally) hand over this information (in return, it should be noted, for substantial payment). Credit should be given to the one major company which resisted:
One major telecommunications company declined to participate in the program: Qwest.

According to sources familiar with the events, Qwest's CEO at the time, Joe Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need a court order — or approval under FISA — to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers' information and how that information might be used.

Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial.

The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information — known as "product" in intelligence circles — with other intelligence groups. Even so, Qwest's lawyers were troubled by the expansiveness of the NSA request, the sources said.

The NSA, which needed Qwest's participation to completely cover the country, pushed back hard.

Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled.

In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.

Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.

In June 2002, Nacchio resigned amid allegations that he had misled investors about Qwest's financial health. But Qwest's legal questions about the NSA request remained.

Unable to reach agreement, Nacchio's successor, Richard Notebaert, finally pulled the plug on the NSA talks in late 2004, the sources said.