You choose, we deliver
If you are interested in this story, you might be interested in others from The Journal Gazette. Go to www.journalgazette.net/newsletter and pick the subjects you care most about. We'll deliver your customized daily news report at 3 a.m. Fort Wayne time, right to your email.

U.S.

  • Farmers ordered to report pig virus infections
     MILWAUKEE – The federal government is starting a new program to help monitor and possibly control the spread of a virus that has killed millions of pigs since showing up in the U.S. last year.
  • Police: Man ate pot candy before shooting wife
    A Denver man accused of killing his wife while she was on the phone with a 911 dispatcher ate marijuana-infused candy before the attack, according to search warrants released Thursday.
  • Homeland Security reissues immigrant asylum rules
    The Homeland Security Department has reissued asylum rules to immigration officials amid concerns that they are misinterpreting how to decide which immigrants get to see a judge for asylum claims.
Advertisement

Who should keep data if not the NSA?

Phone companies: Liability too big

– A measure that President Barack Obama is considering as a way to curb the National Security Agency’s mass storage of phone data is already facing resistance – not only from the intelligence community but also from privacy advocates, the phone industry and some lawmakers.

Obama last week suggested that he was open to the idea of requiring phone companies to store the records and allowing the government to search them under strict guidelines. Currently, the agency stores those records itself, part of a sprawling collection program that came to light through documents shared by former NSA contractor Edward Snowden.

But now, industry officials, privacy advocates and congressional officials are expressing resistance to any alternatives that involve mandating phone companies to hold the data for longer periods. And other possible scenarios, including having a private third party store the records, also raise concerns, they say.

Civil libertarians consider mandated phone-company or third-party storage an unacceptable “proxy” for the NSA’s holding of the database. Last week, a group of privacy advocates met with White House officials and urged them not to seek legislation to mandate data retention, among other things.

They endorsed an idea by a surveillance review group appointed by Obama to halt the NSA’s bulk storage of the phone logs. Although the panel did not recommend immediately requiring companies to retain the records, “that’s ultimately where the discussion is likely to lead,” said David Sobel, senior counsel for the Electronic Frontier Foundation, who raised the concern at the meeting. “That’s the obvious gorilla in the room.”

The phone companies, for their part, argue that storing the data for the NSA would lead to a flood of requests from local prosecutors, federal agents and divorce attorneys, unless legislation mandates it be used strictly for government counterterrorism purposes. Even then, the companies see it as a major headache.

“We don’t want to keep these records,” said an industry executive, who like several others interviewed for this story spoke on the condition of anonymity because they weren’t authorized to speak publicly. “We end up with all sorts of litigation risks, privacy risks, hacking vulnerabilities. There is a huge cost involved in just protecting them. And truthfully, we just don’t want to do it.”

One major carrier estimated it would cost “in the range of $50 million” a year to maintain a five-year, searchable database, according to a company official.

The companies and security experts say the stored records would become an attractive target for hackers.

“We’ve always thought it was a bad idea,” a second telecom industry executive said. “What I find perplexing about this is privacy advocates don’t like the idea, the intelligence community doesn’t like the idea, and the carriers don’t like the idea. So it’s not clear whether you are solving a problem or making the problem worse.”

Industry officials also said legislating a requirement for them to hold the records would raise concerns about how broadly the mandate applies. Would it apply, for instance, to new technology firms that use voice applications?

The government could pay the companies to hold the data longer and convert it to a searchable format. After all, carriers in the 1990s resisted legislative mandates to help law enforcement wiretap criminals, then relented when the government agreed to pay companies to do it. But, said a third industry executive, “we had fights with the government all the time about what were reimbursable expenses and what weren’t. That’s not a happy model.”

The president’s surveillance review group, whose report the White House released last week, suggested that the carriers reach a voluntary arrangement with the government to hold the data. “No way,” the industry executive said.

If that arrangement fails, the review group said, then legislation to require companies to hold the records – perhaps for as long as two years – might be necessary.

“Telecoms’ long-term retention of this kind of sensitive information is itself a privacy violation,” said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, who was not at the meeting. “And the longer the information is retained, the greater the risk that it will be accessed by people who shouldn’t have access to it.”

Obama said he would consider the proposal over the holidays and make a decision in January.

On the Hill, the Senate Intelligence Committee explored the phone company alternative, a committee aide said. “We rejected that proposal because it did not meet the NSA’s operational needs and did not provide a clear benefit from the status quo,” the aide said. Instead the committee advanced legislation that would preserve NSA’s custodianship of the database.

House Intelligence Committee Chairman Mike Rogers, R-Mich., said he was “reluctant” to have the companies hold the data “because I think it opens it up to more privacy violations.” But on ABC’s “This Week” on Sunday, he said it’s “a debate that we should have – and it’s probably a good one.”

In October testimony, then-NSA Deputy Director Chris Inglis said any alternative to the NSA’s running the database must include four “essential” features. The first is privacy. Second is breadth. “It needs to be the whole haystack,” he said. “It needs to be such that when you make a query, you come away confident that you have the whole answer.”

Third is depth, he said. “You have to know that … you can look far enough back in time” to include plots in incipient phases. Fourth, he said, the data needs to be in a form and format that makes it available “in a timely way.”

Advertisement