This time the carriers have really stepped in it.

A few weeks ago I defended them against a suit by the Electronic Frontier Foundation (EFF), which essentially charged AT&T with obeying the Communications Assistance for Law Enforcement Act (CALEA).

The EFF suit is silly. Carriers are required to obey the law, which mandates the installation of equipment that monitors traffic patterns in the network. Former AT&T technician and so-called whistle-blower Mark Klein, in his statement to the EFF, accused AT&T of installing in one of its Internet data centers a Narus STA 6400, which is a semantic traffic analyzer.

Klein evidently finds this action questionable. I don't. If you check out the Narus Web site, the device is specifically designed to enable CALEA compliance.

As I said in previous columns, complying with CALEA may be bad for network security, but it is the law.

So does this mean I find AT&T, Verizon and BellSouth in the clear if, as has been reported recently (though denied by all three), they've provided the National Security Agency (NSA) with call-record-detail databases?

Absolutely not. The two cases are entirely separate, and the distinction is important.

According to stories in USA Today and elsewhere, the carriers have made available to the NSA internal databases that contain calling records for hundreds of millions of people. That's not the same thing as installing a Narus box in the network - not even close.

The internal databases the carriers have purportedly handed over are homegrown software applications that contain internal customer information regarding phone calls made on the legacy (TDM) network, and are used by the carriers for internal customer management. They were never required (or intended) for use as part of CALEA.

Is handing over these databases legal? Probably not.

I'm not a legal expert, but according to the folks who are, turning over the call-detail records without a warrant is possibly in violation of the Communications Act of 1934, which prohibits publishing information regarding their customers' calling habits. (An interesting - and salient - legal question is whether providing such information to the government equates to publishing it.)

And it's almost certainly in violation of the 1986 Stored Communications Act, which specifically and clearly forbids phone companies from turning over records to any government entity without a warrant or court order - exactly what the carriers are alleged to have done.