AT&T Says Its Voluntary Sharing of Customer Data Is Classified

Back in October, I wondered whether companies would be able to claim they had chosen not to participate in CISA’s voluntary data sharing in their transparency reports. While CISA prohibits the involuntary disclosure of such participation, I don’t know that anything prohibits the voluntary disclosure, particularly of non-participation.

A related question is playing out right now over a shareholder resolution filed by Arjuna Capital asking AT&T to reveal its voluntary sharing with law enforcement and intelligence agencies.

The resolution asks only for a report on sharing that is not legally mandated, and exempts any information that is legally protected.

Resolved, shareholders request that the Company issue a report, at reasonable
expense and excluding proprietary or legally protected information, clarifying the
Company’s policies regarding providing information to law enforcement and
intelligence agencies, domestically and internationally, above and beyond what is legally required by court order or other legally mandated process, whether and how
the policies have changed since 2013, and assessing risks to the Company’s finances
and operations arising from current and past policies and practices.

AT&T has asked the SEC for permission to ignore this resolution based, in part, on the claim that its voluntary cooperation would be a state secret that requires AT&T to effectively Glomar its own shareholders.

Screen Shot 2016-01-14 at 10.08.35 AM

The Sidley Austin opinion cites the Espionage Act for its claim that this information is a state secret. It also pretends this is all about the NSA, when FBI and DEA play a critical role in some of the surveillance AT&T is believed to willingly participate in.

The resolution doesn’t seem to include any question specifically addressing OmniCISA participation, though it was written before final passage of OmniCISA last month.

The response from AT&T raises interesting questions about whether a telecom (or other electronic communications service provider) can be obligated for voluntary activity.

4 replies
  1. TomVet says:

    If I were an investor or shareholder of a company that blew me away that easily, I think I would “voluntarily” move my money elsewhere as fast as possible.
    If I were a customer I’d be gone even faster.

  2. Jeff Kaye says:

    They might as well admit that they DO offer such information “above and beyond what is legally required”, otherwise, why all the money spent on the Sidley Austin opinion?

    By the way, Sidley Austin was the firm which, headed by partner (and friend of George Tenet) David Hoffman, undertook the big investigation into APA’s role in the Torture scandal. The Sidley/Hoffman report was a limited hangout that burned some APA bureaucrats and criticized DoD connections, while whitewashing other connections to CIA and FBI. The raw material of the investigation produced some fascinating data, but the headlines were meant to seal the narrative that the torture was all the result of Mitchell, Jessen, and a small coterie of n’er-do-wells.

    So, seeing Sidley cover for FBI again is not a surprise. I did write about the limited hangout here:

    Meanwhile, thanks so much for your invaluable dissection of all this privacy fol-de-rol!

  3. Anon says:

    If this reasoning is accepted it would completely decimate the idea that shareholders are the actual “owners” of a company.
    Data sharing is, after all, a business decision and if the argument goes that the shareholders cannot have a say in such a critical decision then what are they?

Comments are closed.