recommended reading

Phone Companies Worry They'll Be Required to Store Customer Data for NSA

marinini/Shutterstock.com

Privacy advocates are cautiously optimistic about a number of reforms that President Obama promised to make to the National Security Agency on Friday. But Obama punted on one critical issue that has privacy groups and the telecom industry worried: Will the government require phone companies to maintain vast databases of phone records?

The most controversial revelation from the leaks by Edward Snowden is that the NSA collects records on virtually all U.S. phone calls. The records include phone numbers, call times and call durations—but not the contents of any conversations.

Ending bulk data collection, which the NSA claims is authorized under Section 215 of the Patriot Act, has been the top priority for civil liberties groups.

Obama announced on Friday that he will end the program "as it currently exists."

Starting immediately, NSA analysts will need approval from the Foreign Intelligence Surveillance Court every time they want to access the phone database. Obama also said he plans to eventually move the database out of the government's hands. The president directed Attorney General Eric Holder and top intelligence officials to come up with a plan by March 28 for turning over control of the database.

But no matter who stores the data, the NSA will want to ensure that its analysts can still access it when they want to map the connections of a potential terrorist group. That could mean the administration will ask Congress to enact a mandate requiring phone companies to store their customers' data on behalf of the NSA.

Privacy advocates warn that a data retention mandate would turn phone companies into agents of the NSA.

"To the contrary, companies should be working on ways to store less user data for less time—decreasing the risks from data breaches and intrusions like the one that just happened to Target," wrote Cindy Cohn and Rainey Reitman of the Electronic Frontier Foundation. "Data retention heads in the wrong direction for our security regardless of whether the government or private parties store the information."

Kevin Bankston, a policy director for the New American Foundation, said that if the alternative to government storage is mandatory data retention or a requirement for phone companies to turn the data over to some other third party, "the President should be prepared for a major legislative battle with key members of Congress, the technology industry and the privacy community arrayed against him."

The telecom companies themselves have no interest in new regulatory requirements for data retention. Storing the vast amounts of data would be expensive and could open the companies up to new lawsuits.

CTIA, a lobbying group representing the cellphone carriers, issued a statement emphasizing that the government can balance security and privacy "without the imposition of data retention mandates that obligate carriers to keep customer information any longer than necessary for legitimate business purposes."

Verizon, AT&T and other telecom companies are some of the most powerful lobbying forces in Washington and would likely fight any proposal for data retention.

Patrick Leahy, the Democratic chairman of the Senate Judiciary Committee, has been one of the most outspoken critics of the NSA and has introduced legislation that would end bulk collection entirely.

In a statement, he urged the administration to consider the "privacy implications of any mandate that these records be held in the private sector."

House Judiciary Committee Chairman Bob Goodlatte noted that "third party storage itself is a very difficult proposal that raises additional concerns."

Any NSA reform bills would likely have to get through both Judiciary Committees to become law.

The fight over who will control the database likely comes down to a more fundamental disagreement—whether the program is useful in the first place. The president's own review panel concluded that the bulk collection of phone records has not stopped a single terrorist attack.

Leahy also claimed the program has not made the nation safer. But Obama in his speech made clear that though he is open to some structural changes, he believes it is critical to maintain the program's capabilities.

"The telephone metadata program under Section 215 was designed to map the communications of terrorists, so we can see who they may be in contact with as quickly as possible. This capability could also prove valuable in a crisis," Obama said.

"For example, if a bomb goes off in one of our cities and law enforcement is racing to determine whether a network is poised to conduct additional attacks, time is of the essence. Being able to quickly review telephone connections to assess whether a network exists is critical to that effort."

(Image via marinini/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.