I've been following this story about the big telcos turning over call detail records to the NSA with some interest. In the late 90's, when I was general counsel for Cellular One of San Francisco, one responsibility of my department was subpoena compliance, and we faced the same type of question every day.
We received all sorts of subpoenas, civil and criminal, from myriad agencies and private attorneys, seeking everything from invoices to wiretaps. Sorting out what could be provided in response to what kind of process (simple private subpoena to court order) was a daunting task: Different agencies have different rights, and circumstances matter, too. We would sometimes provide records in advance of a warrant or order when a kidnapping was underway, for example.
To make our way through this maze of regulations, we had a thick guidebook, regularly updated, that spelled out exactly what could be done in virtually any set of circumstances. Every telco of any size has a guidebook like this - ours could trace its origins to AT&T's guidebook. Received a warrant by fax from the DEA? ATF is calling saying they've got a subpoena? Santa Clara County Public Defender wants phone records? The procedures were all spelled out, along with the accompanying citations to statute, and my folks who dealt with this stuff on a daily basis were very good at sorting through it. They had great relationships with their counterparts in law enforcement and would only come to me when a very difficult or high-profile call needed to be made.
Of these, the hardest calls to make were those involving exigent circumstances - do you believe what law enforcement is telling you about the circumstances and the reasons they need the information now (rather than after they've provided a warrant), and do you believe they will get you a warrant after the fact? But these questions were measured in minutes or hours - getting a warrant is not difficult or time-consuming where the facts justify it.
The current furor over the records turned over to the NSA falls under the much easier category - law enforcement bullying their way to records they may not be entitled to. You see, despite the complexity of so many agencies being subject to different rules about what can and cannot be provided, there is a simple fallback answer when the request falls in a grey zone - "I'd be happy to comply with your request as soon as you give me a warrant (or court order, for wiretaps)." The beauty of this answer is how much ground it covers. It insulates your company from liability for providing records illegally, and if for some reason you are wrong in asking for the warrant, you get a quick education from law enforcement counsel, who will point you to the exact regulation that provides for access without a warrant. Most of the time, they'll grumble and then go get a warrant or order. Sometimes they just go away, as the NSA ultimately did after being rebuffed by Qwest.
In my view, Qwest did the obvious thing in response to the NSA's request. The surprising thing is that AT&T, Verizon and BellSouth rolled over and gave the NSA these records when the simple expedient of insisting on a court order existed.