New Mexico law is so devoid of any established authority for this practice, a reasonable prosecutor, upon the exercise of diligent research could determine that the practice was very probably unlawful. - Judge John Paternoster, Eighth Judicial District of New Mexico

The National Security Agency isn’t the only agency that’s willing to flout the laws of the land in order to obtain your telephone records. As we’re learning from a case out of New Mexico, local prosecutors may be to willing to ignore rights enshrined in the Constitution for an unfair advantage in criminal cases.

The case at hand involves the office of the District Attorney for the Eight District of New Mexico, which covers three counties in Northern New Mexico, including Taos. D.A. Donald Gallegos and one of his subordinates are facing disciplinary charges after they were caught issuing at least 91 bogus subpoenas to eight telephone companies for customer call records.

The subpoenas came to light during the prosecution of a 2013 armed robbery at an electric cooperative. Suspecting it was an inside job, the Taos police department worked with the prosecutor’s office to begin issuing subpoenas to telecoms for records related to dozens of phone records. Several batches of subpoenas were discovered related to other cases.

The problem is the District Attorney had no authority to issue “stand-alone subpoenas” under court rules, state law, or the New Mexico Constitution [PDF, PDF]. Prosecutors are only allowed to subpoena records when they represent a party in a case, (i.e. a grand jury has been convened or a criminal case has been filed) and they cannot use subpoenas during the police investigative process. Instead the prosecutor attached a generic case number—the kind usually reserved for miscellaneous court matters, such as bond forfeitures and oaths of office—not cellphone records requests.

The subpoenas weren’t signed by a judge or authorized by a grand jury. They weren’t even the right form [PDF] for issuing requests for records. As such, the subpoenas did not include the "essential" language alerting the recipient of remedies and protective measures. Rather, the documents threatened contempt of court sanctions for any telephone provider that failed to hand over the records.

Judge John Paternoster threw out the indictment of one of the robbery suspects in April due to “gross prosecutorial misconduct,” issuing the following damning conclusions [PDF]:

A stand-alone subpoena, in improper form, issued and signed by a prosecutor in aid of police investigation, before a criminal cause is properly commenced, as in the instant facts is simply without precedent, analogy or lawful authority in New Mexico law.

And

The subpoenas in question were issued by the prosecutor without any judicial oversight, and allowed the police to obtain evidence during a criminal investigation without meeting the requirements of Article II 10 of the Constitution of New Mexico.

And

It is objectively unreasonable for the prosecutor to believe that his conduct was lawful.

And

The prosecutor had no reasonable basis in law for issuing the subpoenas and had no reasonable basis in law to present the evidence to the grand jury, and therefore acted in objective bad faith, and tainted the grand jury with evidence.

Judicial smackdowns don’t come much harder than that. The district attorney is appealing, but at the same time the oversight body authorized by the New Mexico Supreme Court to review allegations of attorney misconduct has completed its own investigation. The Disciplinary Board is now pursuing formal professional misconduct charges against the lawyers [PDF, PDF].

That process will play out over the next few months, but in the meantime there’s another piece of the puzzle worth addressing. If the subpoenas were so obviously illegal, why didn’t a single one of the telecommunications company question their legitimacy?

According to the filings, eight telecommunications providers complied with the questionable subpoenas and handed over customer call records. They are:

Verizon

AT&T (Cingular)

T-Mobile

Commnet

Cricket (since acquired by AT&T)

Level 3 Communications

MetroPCS

Sprint/Nextel

As we told each of these providers in a letter [PDF], EFF strongly believes that part of a telecommunication company’s cost of doing business in any particular state is to ensure that local law enforcement requests for customer data comply with state law. That is particularly true when state laws, such as New Mexico’s, contain stronger legal protections than those that exist under the Fourth Amendment to the U.S. Constitution or the federal Stored Communications Act.

We are asking the involved companies to take a few concrete actions in response to the bad-subpoena scandal:

First, they should go back and review all subpoenas that the district attorney’s issued, determine if other subpoenas it received were similarly defective and release the actual numbers of subpoenas they processed that may have been illegal.

Second, they should review their own legal process to identify how the company’s legal compliance team assesses the validity of subpoenas under state law. Then they should institute new polices to make sure it doesn’t happen again.

Finally, they should confirm whether the customers targeted by the subpoenas were informed of the existence of these subpoenas. If not, customers should be informed immediately.

So far, T-Mobile is the only provider to respond to our letter. While Senior Corporate Counsel Patricia Cauldwell indicated that they were unaware of the controversy until we brought it to their attention, she argued that T-Mobile acted in good faith and defended the company’s practice of rejecting requests when they appear to be defective.

“[W]e would not expect to see a prosecutor in New Mexico use subpoenas like these again in a criminal investigation before convening a grand jury and we expect that the judicial system in New Mexico is well capable of correcting the problem,” Cauldwell wrote [PDF].

We’re not convinced that’s a safe bet. The telecommunications industry is very well aware that the public is becoming more and more skeptical of how these companies interact with intelligence and law enforcement agencies. But for all the NSA and FBI’s questionable practices, local law enforcement agencies are just as prone to shenanigans.

Phone companies need to not only tell cops to come back with a warrant or subpoena, but come back with one that’s actually legal.