The National Security Agency has been exploring options for relinquishing its massive database of telephone records that include searching across phone companies’ data for numbers linked to those of suspected terrorists, and having the firms search daily against a watch list of suspect numbers, according to people briefed on the deliberations.
The agency was expected to deliver to the White House this week some proposals for storing the data outside of government hands — a goal President Obama announced in January to ease concerns about potential NSA abuse of its vast store of records about Americans’ phone calls.
“At the end of the day, this is going to be a policy decision, with legal implementation,” NSA Deputy Director Rick Ledgett said in a recent interview, noting that the agency does not make policy or law. “But what we’re doing, along with the [FBI], is advising on the parameters that would make the program valuable.”
Ledgett’s predecessor, John C. Inglis, last year spelled out four requirements to Congress for any new storage system: privacy protections, depth, breadth and agility. Ledgett added a fifth: value to the FBI.
“This program,” he said, “has to be useful to the FBI.” The NSA collects data on phone calls, but not actual call content, in an effort to find clues to terrorist plots and networks.
Earlier this month, the Office of the Director of National Intelligence solicited ideas from industry to achieve, among other things, “near-simultaneous real-time access” to data across several providers. Obama asked the director of national intelligence and the attorney general to develop options by March 28.
The technology exists to carry out searches across several data systems linked in some fashion, industry and government officials say. That includes the ability to search beyond the first set of query results to retrieve the numbers of people who were in contact with those in the first set.
“The technologists at NSA who try to figure out how to do that say that it can be done,” said one former U.S. official, who like several others spoke on the condition of anonymity to discuss sensitive matters. “It’s computationally difficult,” the official said. “But it’s doable.”
The House Intelligence Committee considered the option last year, and some members were comfortable with such searches as long as one phone company didn’t get information about a number from another phone company that it didn’t already have, an aide said. The Senate Intelligence Committee rejected the approach.
There also are policy and legal questions, including who would do the searching and what legal standard should be met before queries of the records are made.
“We’re not looking for a solution that is technically more efficient or more agile” than the current system, the former official said. “We’re looking for a solution that gives the public more confidence that the data will not be abused.”
The watch list option would involve the NSA providing suspect numbers to the phone companies to run against their databases. But the option would lack historic depth. Right now, the NSA holds records for five years. Some phone companies hold data for less time, and those with flat-rate plans often do not keep toll records for billing purposes.
There would be no historical cache that might yield a link to a terrorist network. But, officials said, an NSA analysis has shown that more than 75 percent of the cases where such data were useful involved records no older than two years.
The challenge, officials say, is to craft a solution that enables discovery of links to an overseas number of a suspected terrorist — to find out whether the person using that number has ever made a call to, or been called by a number in, the United States. Typically, phone companies cannot easily search for records of non-subscribers. Doing so would take considerable time, industry officials say.
However, by pre-sorting the data so that they can be searched by the calling number and the called number, queries can be conducted faster, said Yaser S. Abu-Mostafa, a computer science professor at the California Institute of Technology. From a technological perspective, he said, “my general impression is all of that would be a piece of cake for an organization with the type of resources that the NSA has.”
Any alternative to the NSA database must resolve more fundamental concerns, reform advocates say. Data queries must be linked to a specific investigation, and Congress should ban the bulk collection or analysis of data of Americans who are not part of an investigation, said Harley Geiger, senior counsel at the Center for Democracy & Technology.
Some congressional supporters of the program say they think a compromise can be achieved even if it means accepting, for instance, that the phone companies may hold the data in some cases for no more than 18 months.
“When you’re facing losing something, 18 months is better than nothing, and can still reveal important potential links to suspected terrorists,” said one congressional aide, who was not authorized to speak about the matter publicly. The aide was referring to the prospect that Congress will not renew the legal authority underpinning the program when it expires next year.