NSA's long history of paying carriers for data

Recent revelations continue a decades-long trend, and some experts say the payments can serve as a restraint.

abstract network security

The Washington Post’s late-August report on the U.S. intelligence community’s $52 billion “Black Budget” included details of ongoing programs to tap into telecommunications carriers’ international traffic flow. Almost $280 million was budgeted for the surveillance capabilities in fiscal 2013, declining from a peak of $394 million in fiscal 2011, according to the documents.

Drawing on documents provided by former National Security Agency (NSA) analyst Eric Snowden, the Post reported that the federal government had paid millions to major telecommunications carriers via the NSA-managed Corporate Partner Access Project, in order to access “high volume circuit and packet switched networks.” Some “passive” or “upstream” data collection programs, originally designed to capture data as it moved onto international telecommunications networks, date back to the 1970s.  

Neither Verizon nor AT&T responded to FCW’s requests for comment, although telecommunications carriers are allowed by federal law to seek reimbursement for costs incurred to provide access to their network by federal authorities.

Law enforcement and intelligence agencies have been struggling for decades to maintain their ability to monitor telecommunications traffic as network technology evolves. As a result, telecommunications carriers have been told to make their increasingly digitized networks more amenable to court-ordered law enforcement or government access.

For instance, the 1994 Communications Assistance for Law Enforcement Act (CALEA) required telecommunications providers to reconfigure network technology to allow easier government access. Under CALEA, carriers are reimbursed by the federal government for reasonable costs incurred in providing the network capabilities and access. The FBI is currently pushing to expand the law to include voice over Internet protocol (VoIP) services and peer-to-peer communications tools.

Such wiretaps can be expensive. A 2003 Frost & Sullivan study, for instance, estimated government agencies spent around $50,000 per wiretap, and carriers could spend as much as half a million dollars on a switch to make it CALEA compliant.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the report that intelligence agencies were paying millions for access they already had legal rights to was disturbing. “It turns surveillance into a potential revenue stream” for telecommunications carriers, he said in an interview with FCW.  

The $284 million the government has budgeted for the surveillance, Rotenberg said, “is a substantial amount.” He said telecommunications carriers may be tempted to see the requests as a possible profit center and pad them with extras. That quest for profit “may make carriers less willing to stand up for users’ rights.”

Telecommunications attorney Stewart Baker disagreed. Baker, a partner at Washington, D.C.-based Steptoe & Johnson, said paying millions in expenses associated with tapping into carriers’ facilities might actually dampen the federal efforts to listen in.

Baker knows the legal territory. He spent three and a half years at the Department of Homeland Security, where he created and staffed that agency’s 250-person Policy Directorate and was responsible for policy analysis across the department. He also headed a government-private sector coalition that helped major telecommunications equipment manufacturers and carriers break a deadlock with law enforcement on CALEA in 2004. And before that, he served as NSA’s general counsel from 1992 to 1994.

The recently disclosed payments, Baker said, are in line with those for other digital wiretapping programs that came about with the 1994 enactment of CALEA.

“I’ve long argued in the context of CALEA that requiring government to pay for wiretap costs can diminish the number of wiretaps," he said.  "The cost means that government has to think carefully” before implementing a surveillance order.

“Suppose EPIC had important evidence buried in its network that would stop a crime but it would cost $20,000 to find the evidence," Baker suggested.  "Would EPIC say ‘we would have to do the search for free to avoid the revenue stream?’"

In a June article for Foreign Policy, titled “Why the NSA needs your Phone calls, and Why You (Probably) Shouldn’t Worry About it,” Baker argued that the NSA is shackled by federal law prohibiting it from collecting information on Americans. The article was written in the wake of reports detailing NSA’s PRISM program that allowed it to tap into phone records and communications metadata maintained by telecommunications companies.

Baker argues that the NSA is further hobbled in its information-gathering by a law that requiring the government to "minimize" collection and use of information about Americans. He said the requirement has spawned elaborate rules that strictly limit what the NSA can do with information it has already collected.

Rotenberg admits to being a devil’s advocate in his speculation about profit motives. “I’m being a bit facetious here,” he allowed, but “there is inadequate oversight for the commercial transactions and the cost to provide services.”

More NSA oversight could be coming. In early August, Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) vowed to undertake a major review of all intelligence data-collection programs involving Americans. She told The Hill that the review would be a “primary order of business for the committee this fall and will be used to develop proposals to increase transparency and improve privacy protections for these vital national security programs."

The committee, however, didn’t respond to FCW’s questions about whether the intelligence community payments to telecom carriers would be addressed in those hearings.