Telephone companies are quietly balking at the idea of changing how they collect and store Americans’ phone records to help the National Security Agency’s surveillance programs. They’re worried about their exposure to lawsuits and the price tag if the U.S. government asks them to hold information about customers for longer than they already do.
President Barack Obama is expected to announce Friday what changes he is willing to make to satisfy privacy, legal and civil liberties concerns over the NSA’s surveillance practices. One of the most important questions is whether the government will continue to collect millions of Americans’ phone records every day so that the government can identify anyone it believes might be communicating with known terrorists.
The president’s hand-picked review committee has recommended ending the phone records program as it exists. It suggested shifting the storage of the phone records from the NSA to phone companies or an unspecified third party, and it recommended new legal requirements before the government could search anyone’s phone records.
The phone companies don’t want the job. Executives and their lawyers have complained about the plan in confidential meetings with administration officials and key congressional intelligence and other committees, according to interviews by The Associated Press. Two phone executives familiar with the discussions said the cellular industry told the government that it prefers the NSA keep control over the surveillance program and would only accept changes if they were legally required. The executives spoke on condition of anonymity because they were not authorized to disclose the private discussions. But there have been public complaints, too.
“Our members would oppose the imposition of data retention obligations that would require them to maintain customer data for longer than necessary,” said Jot Carpenter, vice president of government affairs for CTIA-The Wireless Association, the trade group for the cellular phone industry.
Obama’s Review Group on Intelligence and Communications Technologies was expected to discuss the dilemma over the phone records program Tuesday at a Senate Judiciary Committee hearing. The committee will play an important role in any new legislation on the issue. Executives and industry lawyers said phone companies would reluctantly agree to become the stewards of the phone records only if current laws were changed relieving them of legal responsibilities and paying their costs. The industry is also wary of NSA insistence that the records would need to be standardized and probably held for longer periods than most firms now keep them.
Liability is a key concern for phone companies, which could be sued if hackers or others were able to gain unauthorized access to the records. Under the Patriot Act, which governs the NSA’s phone collection program, the phone companies are free of legal responsibility for disclosing customer records to the government in counterterrorism investigations. Industry lawyers say similar protections could be broadened to cover phone companies holding customer data for the NSA, but it’s unclear whether Congress would pass them.
A former top NSA lawyer and Bush administration national security official who has represented phone firms, Stewart Baker, said Congress only grudgingly granted legal protections to the phone companies in the immediate years after the 9/11 attacks.
“The phone companies were seared by their experience in Congress and can’t be enthusiastic about a return engagement,” Baker said.
Even with broader legal protections, the companies would expect to cope with a surge in demands for business records from local prosecutors, private lawyers, insurance firms and others. Companies already retain some customer records, but the duration of their storage and the kinds of records they keep vary. While T-Mobile keeps records for seven to 10 years, according to a recent Senate Commerce Committee study, other major firms — including Verizon, US Cellular and Sprint — keep them less than two years.
The government keeps Americans’ phone records for at least five years before destroying them. Obama’s review committee said phone companies could hold the same data for two years before destroying them. NSA officials have said they could compromise no lower than three years but want all the data to be standardized.
“The data has to be provided or kept in a way that allows it to be integrated” by the NSA, said the agency’s general counsel, Rajesh De, during a November hearing of the semi-independent Privacy and Civil Liberties Oversight Board, another task force examining the surveillance program.
Currently, phone companies differ in what they keep on file. For example, according to Justice Department records, Verizon maintains calling-detail records over a rolling year, disposing of them once a year passes. Sprint and Nextel keep them 18 to 24 months, while T-Mobile and AT&T divide the records into pre-paid and post-paid categories, with different durations.
Standardizing such a variety of reporting and storage requirements and holding so much more data would cause phone companies to expand their collection infrastructure and hire more lawyers and technical staff to respond to the NSA’s needs.
“It would be enormously costly and burdensome to set up and implement,” said Michael Sussmann, a Washington attorney who specializes in technology and national security issues. “However you change the system, they would have to handle a greater set of data than they collected before. And more people— of all sorts— will come looking for it.”
The cost could be high. Last week, the chairwoman of the Senate Intelligence Committee, Sen. Diane Feinstein, D-Calif., said it would cost at least $60 million to shift the records for the NSA program to phone providers. Feinstein opposes such a shift.
Keeping the records at phone companies so they could be readily searched by the government won’t satisfy privacy advocates, either.
“The government would just be outsourcing the data collection to the companies,” said David Sobel, a lawyer for the Electronic Freedom Foundation who met last week with administration officials on the issue. “From a privacy perspective, the result will be the same.”
Many of the 46 recommendations urged by the president’s review group could be carried out by Obama himself, said Benjamin Powell, former general counsel to the Director of National Intelligence.
But some of the report’s key points, including amending the Patriot Act to expand the role of phone companies, could not go forward without congressional action, Powell said.