A measure that President Obama is considering as a way to curb the National Security Agency’s mass storage of phone data is already facing resistance — not only from the intelligence community but also from privacy advocates, the phone industry and some lawmakers.
Obama last week suggested that he was open to the idea of requiring phone companies to store the records and allowing the government to search them under strict guidelines. Currently, the agency stores those records itself, part of a sprawling collection program that came to light through documents shared by former NSA contractor Edward Snowden.
But now, industry officials, privacy advocates and congressional officials are expressing resistance to any alternatives that involve mandating phone companies to hold the data for longer periods. And other possible scenarios, including having a private third party store the records, also raise concerns, they say.
Civil libertarians consider mandated phone-company or third-party storage an unacceptable “proxy” for the NSA’s holding of the database. Last Thursday, a group of privacy advocates met with White House officials and urged them not to seek legislation to mandate data retention, among other things.
They endorsed an idea by a surveillance review group appointed by Obama to halt the NSA’s bulk storage of the phone logs. Although the panel did not recommend immediately requiring companies to retain the records, “that’s ultimately where the discussion is likely to lead,” said David Sobel, senior counsel for the Electronic Frontier Foundation, who raised the concern at the meeting. “That’s the obvious gorilla in the room.”
The phone companies, for their part, argue that storing the data for the NSA would lead to a flood of requests from local prosecutors, federal agents and divorce attorneys, unless legislation mandates it be used strictly for government counterterrorism purposes. Even then, the companies see it as a major headache.
“We don’t want to keep these records,” said an industry executive, who like several others interviewed for this story spoke on the condition of anonymity because they weren’t authorized to speak publicly. “We end up with all sorts of litigation risks, privacy risks, hacking vulnerabilities. There is a huge cost involved in just protecting them. And truthfully, we just don’t want to do it.”
One major carrier estimated that it would cost “in the range of $50 million” a year to maintain a five-year, searchable database, according to a company official.
The companies and security experts say the stored records would become an attractive target for hackers.
“We’ve always thought it was a bad idea,” said a second telecom industry executive. “What I find perplexing about this is privacy advocates don’t like the idea, the intelligence community doesn’t like the idea, and the carriers don’t like the idea. So it’s not clear whether you are solving a problem or making the problem worse.”
Industry officials also said legislating a requirement for them to hold the records would raise concerns about how broadly the mandate applies. Would it apply, for instance, to new technology firms that use voice applications?
The government could pay the companies to hold the data longer and convert it to a searchable format. After all, carriers in the 1990s resisted legislative mandates to help law enforcement wiretap criminals, then relented when the government agreed to pay companies to do it. But, said a third industry executive, “we had fights with the government all the time about what were reimbursable expenses and what weren’t. That’s not a happy model.”
The president’s surveillance review group, whose report the White House released last week, suggested that the carriers reach a voluntary arrangement with the government to hold the data. “No way,” said the industry executive.
If that arrangement fails, the review group said, then legislation to require companies to hold the records — perhaps for as long as two years — might be necessary.
“Telecoms’ long-term retention of this kind of sensitive information is itself a privacy violation,” said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, who was not at the meeting. “And the longer the information is retained, the greater the risk that it will be accessed by people who shouldn’t have access to it.”
Obama said he would consider the proposal over the holidays and make a decision in January.
On the Hill, the Senate Intelligence Committee explored the phone company alternative, a committee aide said. “We rejected that proposal because it did not meet the [NSA’s] operational needs and did not provide a clear benefit from the status quo,” said the aide. Instead the committee advanced legislation that would preserve NSA’s custodianship of the database.
House Intelligence Committee Chairman Mike Rogers (R-Mich.) said he was “reluctant” to have the companies hold the data “because I think it opens it up to more privacy violations.” But on ABC’s “This Week” on Sunday, he said it’s “a debate that we should have — and it’s probably a good one.”
In October testimony, then-NSA Deputy Director John C. “Chris” Inglis said any alternative to the NSA’s running the database must include four “essential” features. The first is privacy. Second is breadth. “It needs to be the whole haystack,” he said. “It needs to be such that when you make a query, you come away confident that you have the whole answer.”
Third is depth, he said. “You have to know that . . . you can look far enough back in time” to include plots in incipient phases. Fourth, he said, the data needs to be in a form and format that makes it available “in a timely way.” Inglis, who retired this month, added that though the NSA keeps the data for five years, three years would suffice.
Currently, the NSA gets daily dumps of “metadata” from phone companies that include billions of phone numbers dialed, call lengths and time and the specific phone line or “trunk” that carries a call. Not included are the contents of the calls themselves or the callers’ names and addresses. The NSA searches the take when it finds reasonable suspicion that a number is linked to terrorism.
The NSA gets the numbers daily because the companies have varying retention policies, which range from six months to 10 years. Moreover, much of the call data they do retain is not in an electronic format that is searchable by computer. “It’s expensive to keep things in a searchable database,” said the second industry official.
If reliance on the companies “undermines the effectiveness” of the NSA program, the review group said, the government might designate a private organization to store the metadata. Critics said that option, too, would invite hackers.
That idea is “a nonstarter,” said a senior Senate aide, who was not authorized to speak on the record. “You’d have to create an entity that you felt comfortable giving huge amounts of data to who would have the technical wherewithal to do it. Then you’d have to demonstrate why that organization having these records provides any less privacy concern than giving it to NSA, which operates under very strict privacy guidelines.”
A federal judge in a strongly-worded opinion last week concluded that the program was “almost certainly” unconstitutional. The judge also asserted that the government did not cite “a single instance” in which the program stopped an imminent attack. The review group likewise concluded that the NSA collection “was not essential to preventing attacks” and the data “could readily have been obtained in a timely manner using conventional” court orders.
And a Princeton University computer scientist, Edward Felten, has concluded that the NSA could continue to conduct its call-chain analysis in a timely fashion simply by querying the phone companies.
“The question is: Is there going to be [a] mend it, don’t end it solution? Or just an end it?’’ said Michael Sussmann, an industry lawyer. “It’ll come down to what the politics will support.”