Outsourcing the NSA's phone-call database
This undated photo provided by the National Security Agency (NSA) shows its headquarters in Fort Meade, Md.
The Obama administration has outlined a plan to replace the National Security Agency's bulk collection of phone data, the New York Times reports. Instead of maintaining its own five-year record of all phone calls, the NSA would ask a court for individual sets of records, and then get those records from the phone companies. The House Intelligence Committee has a similar recommendation.
Which raises the question of what new burdens these rules would place on telecom companies.
The short answer: Not much. Under the proposals we’ve heard about, the telecom companies would be required to keep 18 months of data. Which happens to be what they keep already.
This would be a level of intrusiveness we should all be used to, says James Lewis, senior fellow at the Center for Strategic and International Studies.
"The phone companies collect this information no matter what, right? It’s your phone bill," he says. "And the NSA—or any other federal agency—can always get it with a court order."
As the 2005 revelation of warrantless wiretapping highlighted, phone companies have generally turned over whatever data the government asks for. So they won’t need to set up new systems for responding to NSA requests.
"They already have offices that process these court orders," says Lewis. "So now these offices will have one more request to process."
Volume should be no problem. NSA officials say they searched their own database a total of 288 times in 2012. And looked at fewer than 6,000 phone numbers.
Steven Bradbury, who was a justice department lawyer in the George W. Bush administration, would prefer to see the NSA have access to all five years of records.
However, he says asking the phone companies to hang onto it just wasn’t a practical idea.
"They don’t want to do that, they don’t have a need to do that for their own businesses, and they don’t have the capacity to do it," he says. "That would, as a practical matter, result in a contractor keeping the data."
He thinks security could be an issue. Companies like Target have suffered well-publicized data breaches recently.
And federal IT contracting has gotten a bad rep after the botched rollout of healthcare.gov.
However, Bradbury is thinking of another example: "Remember, too, that Edward Snowden was an employee of an outside contractor," he says.