Telecom Surveillance Company GC Talks Data Collection, Privacy Concerns
Subsentio GC Joel Margolis describes his company as a 'bridge between government, industry and the privacy interests of the subscriber' of a telecommunications carrier.
January 07, 2019 at 01:00 AM
7 minute read
The original version of this story was published on Corporate Counsel
Joel Margolis, general counsel of Subsentio/courtesy photo
Big Brother isn't always doing the watching—or the listening. Wiretapping at the government's behest has become a growing business for some private companies, including Virginia-based Subsentio, a Latin word meaning “notice secretly.”
Founded in 2004, Subsentio LLC initially served small U.S.-based phone companies by helping them respond to requests for private customer information that government investigators made under the Communications Assistance for Law Enforcement Act. But Subsentio expanded its reach in 2015 with the acquisition of a division of its rival Neustar Inc. Now, Subsentio works with some of the world's largest telecommunication service providers.
Subsentio's general counsel and vice president of government affairs, Joel Margolis, served as a senior director at Neustar from 2008 to 2010, before he joined Subsentio in 2011. He began his career, which has revolved around the communications industry and has involved stints in the private sector and government work, as a staff attorney at the Federal Communications Commission in the 1980s. He also was assistant deputy chief counsel as DEA's delegate to Department of Justice working groups from August 2004 through April 2008.
Margolis, who recently asked the U.S. Department of Commerce's Bureau of Industry and Security to streamline export controls for surveillance tech, spoke with Corporate Counsel on Thursday. This is a condensed version of the interview originally on Corporate Counsel.
Corporate Counsel: What, exactly, does Subsentio do?
Joel Margolis: Let's say you're a communications service provider in virtually any country around the globe. You're bound to be subject to two kinds of public safety mandates in pretty much any country. You'll have to facilitate lawful intercepts on criminal and terrorist suspects who use your network. And you'll have to disclose stored records, such as billing records that are associated with those suspects. So every service provider must ask, “What's the best way to comply with those mandates?”
You basically have three choices. You can try to develop and operate your own technical solution for your network. Very few industry competitors have the engineering or legal expertise to do that. Option two: You can purchase a technical solution from a solution vendor and then operate it by having your legal department assemble your own compliance program. That's a common approach, but it could get expensive, especially for complex networks. And that's why option three emerged. Option three is you can retain Subsentio to perform all the engineering and legal tasks for you on an outsourced basis and at a bundled price.
Have you seen a shift over the last few years where carriers that have been handling this in-house are now turning to you?
It's hard to say. There are thousands of communications service providers just in the U.S. I'm very reluctant to generalize without having the benefit of any type of survey. But the more Subsentio's name has gotten out there the more our phone has been ringing with demand, especially from international clients.
Why do you think that international growth happening?
This is my own speculation, but what we know is there are nonstop threats of terrorism around the world. Criminal organizations are becoming increasingly global and that gives them a huge advantage. Oftentimes, the law enforcement agency trying to find them has no jurisdiction over them. At the same time, communications networks are becoming more global in nature. Layer on top of that the growing and legitimate demands for privacy on the part of communications describers. If you add all those trends together, you'll find governments raising the expectation level on service providers to do a better job of both hoping to monitor the terrorists and criminals on the one hand and protecting privacy on the other.
But what would happen if Subsentio or a client experienced a data breach?
Let me first say this. I'm also a certified information privacy professional in addition to my law degree. Privacy is very near and dear to my heart. I can speak for the company when I say we are obsessively, compulsively, rigorously concerned about protecting the privacy of this communications data. In fact, I can say, and I'll knock on wood, but to date Subsentio has not suffered one single data breach in all the years we've been in business and in all the countries and with all the clients we serve.
We have a system in place so that we will immediately investigate it, shut off the source of the problem, restore operations and we will immediately notify the client involved because the client has the obligation to notify the affected subscribers. The client is the one who is primarily subject to whatever the national or state law is for these breach notification processes. And Subsentio is on the hook because we signed service agreements with those clients and in the service agreements we commit to maintain state-of-the-art practices to protect privacy.
Who oversees or regulates Subsentio? Is there someone watching to make sure you all aren't being too intrusive?
There is no government agency authorized to do that. Nor is there any third party, like a trustee, that you could go to, as internet website hosts do, to get that kind of independent confirmation. So for now we're left to our own devices. But the liability for a breach can be so high that it has a very sobering effect. If there's a breach of a large network or if we sustain a breach, because we represent some large networks, who knows what the damage could be. Lawyers would scramble and assemble a class action lawsuit, which could easily go into the millions of dollars even for a single breach. We're so deathly afraid of that kind of nonregulatory enforcement that we keep our noses pretty clean.
I imagine that you're often caught in a tug-of-war between law enforcement, service providers and privacy advocates.
We don't think of it as a tug-of-war. Subsentio is the honest broker. We're more like a bridge between government, industry and the privacy interests of the subscriber. When an issue arises where law enforcement wants a disclosure of some personal information and the client has reservations about whether to disclose it, we can advise the client and say, “Here are the pros and cons of disclosing and not disclosing. Here are how the three different interests play out. Here's the potential liability.” We give them a menu of options. Ultimately, the client is the boss. The client is the principal in our principal agency relationships. We give them the best advice and let them decide. That's why the in-house counsel of our clients love us. We can serve as their back office. We give them the benefit of our wisdom. But we're not a law firm. Instead, we compliment the legal talent that the company has, which may be in-house or outside counsel.
Are there times where law enforcement puts pressure on you to pressure your clients to disclose certain types of information that the client doesn't want to disclose?
That's very rare. There's a stereotype about aggressive law enforcement that we haven't found in practice. In the times when law enforcement overreaches—and there are occasions when that happens—what we do is, with the client's approval, we'll call up the law enforcement agent, cite to the law and ask them, what legal grounds are you standing on? Maybe you know something we don't. But we're so well-versed on the law, when we make a statement of law to a law enforcement agent, they tend not to question it.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 2Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 3NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
- 4A Meta DIG and Its Nvidia Implications
- 5Deception or Coercion? California Supreme Court Grants Review in Jailhouse Confession Case
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
