recommended reading

Phone Companies Worry They'll Be Required to Store Customer Data for NSA


Privacy advocates are cautiously optimistic about a number of reforms that President Obama promised to make to the National Security Agency on Friday. But Obama punted on one critical issue that has privacy groups and the telecom industry worried: Will the government require phone companies to maintain vast databases of phone records?

The most controversial revelation from the leaks by Edward Snowden is that the NSA collects records on virtually all U.S. phone calls. The records include phone numbers, call times and call durations—but not the contents of any conversations.

Ending bulk data collection, which the NSA claims is authorized under Section 215 of the Patriot Act, has been the top priority for civil liberties groups.

Obama announced on Friday that he will end the program "as it currently exists."

Starting immediately, NSA analysts will need approval from the Foreign Intelligence Surveillance Court every time they want to access the phone database. Obama also said he plans to eventually move the database out of the government's hands. The president directed Attorney General Eric Holder and top intelligence officials to come up with a plan by March 28 for turning over control of the database.

But no matter who stores the data, the NSA will want to ensure that its analysts can still access it when they want to map the connections of a potential terrorist group. That could mean the administration will ask Congress to enact a mandate requiring phone companies to store their customers' data on behalf of the NSA.

Privacy advocates warn that a data retention mandate would turn phone companies into agents of the NSA.

"To the contrary, companies should be working on ways to store less user data for less time—decreasing the risks from data breaches and intrusions like the one that just happened to Target," wrote Cindy Cohn and Rainey Reitman of the Electronic Frontier Foundation. "Data retention heads in the wrong direction for our security regardless of whether the government or private parties store the information."

Kevin Bankston, a policy director for the New American Foundation, said that if the alternative to government storage is mandatory data retention or a requirement for phone companies to turn the data over to some other third party, "the President should be prepared for a major legislative battle with key members of Congress, the technology industry and the privacy community arrayed against him."

The telecom companies themselves have no interest in new regulatory requirements for data retention. Storing the vast amounts of data would be expensive and could open the companies up to new lawsuits.

CTIA, a lobbying group representing the cellphone carriers, issued a statement emphasizing that the government can balance security and privacy "without the imposition of data retention mandates that obligate carriers to keep customer information any longer than necessary for legitimate business purposes."

Verizon, AT&T and other telecom companies are some of the most powerful lobbying forces in Washington and would likely fight any proposal for data retention.

Patrick Leahy, the Democratic chairman of the Senate Judiciary Committee, has been one of the most outspoken critics of the NSA and has introduced legislation that would end bulk collection entirely.

In a statement, he urged the administration to consider the "privacy implications of any mandate that these records be held in the private sector."

House Judiciary Committee Chairman Bob Goodlatte noted that "third party storage itself is a very difficult proposal that raises additional concerns."

Any NSA reform bills would likely have to get through both Judiciary Committees to become law.

The fight over who will control the database likely comes down to a more fundamental disagreement—whether the program is useful in the first place. The president's own review panel concluded that the bulk collection of phone records has not stopped a single terrorist attack.

Leahy also claimed the program has not made the nation safer. But Obama in his speech made clear that though he is open to some structural changes, he believes it is critical to maintain the program's capabilities.

"The telephone metadata program under Section 215 was designed to map the communications of terrorists, so we can see who they may be in contact with as quickly as possible. This capability could also prove valuable in a crisis," Obama said.

"For example, if a bomb goes off in one of our cities and law enforcement is racing to determine whether a network is poised to conduct additional attacks, time is of the essence. Being able to quickly review telephone connections to assess whether a network exists is critical to that effort."

(Image via marinini/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.