President Barack Obama turned heads just days before Christmas when he announced that he is "seriously" considering following the recommendations set forth by an advisory panel, which he appointed, that suggested a major overhaul to the NSA's wholesale collection of telephone metadata.
The Obama administration has been under intense scrutiny over revelations, contained in documents leaked by NSA whistleblower Edward Snowden, regarding the depth and breadth of the agency's collection of telephone and other data. In a move to quell the uproar, Obama appointed a committee to review the matter. Among other things, it issued a host of recommendations that include major revisions to the phone-snooping program.
But a WIRED examination of a key suggestion from the "President's Review Group on Intelligence and Communications Technologies" finds those revisions will do little to improve the protection of American's calling history. In fact, it may well make the data more vulnerable to government inspection by potentially mandating that Americans' phone call records be stored for longer periods of time than many telecoms currently archive them. And there likely would be few, if any, legal barriers to law enforcement officials, from the FBI to your local police department, to clear before obtaining that data.
As it stands, the telecommunication companies have, since at least 2006, funneled all phone call metadata to the NSA under secret orders from the Foreign Intelligence Surveillance Court. (Metadata includes an account holder's records of calls received and made, any calling card numbers used in a call, the time and duration of the call and other information.) This hoovering does not require probable cause warrants that outline how and why authorities believe anyone associated with the data has committed a crime. No laws govern how the NSA may access the data — believed to hold some 1 trillion records — though the spy agency maintains it has settled on a so-called standard of "reasonable articulable suspicion" in hopes of finding the terrorist needle in a haystack.
While the NSA argues collecting and reviewing this data is vital to national security, Obama concedes more must be done to ensure some measure of privacy.
"The question we're going to have to ask, can we accomplish the same goals this program is intended to accomplish in ways that give the public more confidence that the NSA is doing what it is supposed to be doing?" Obama said Dec. 20 before heading to Hawaii for a 17-day vacation.
Under the presidential panel's recommendation, the telcos or an unnamed third party would store the metadata instead of the government having direct access to it. The proposal allows the government to continue querying the data, which the NSA currently holds for five years. A newly proposed legal standard would require "reasonable grounds" to believe the information sought is relevant to an investigation intended to protect "against international terrorism or clandestine intelligence activities." The FISA court would have to approve every request.
According to the panel, which includes former U.S. counter-terrorism czar Richard A. Clarke:
In reality, however, "privacy and liberty" remain threatened.
Notwithstanding that the FISA Court is for all intents an NSA rubberstamp that has allowed the metadata program to run in secret for seven years, the review group's proposal could grant law enforcement at any level a far larger trove of phone metadata to access. What's more, they would not need probable cause warrants to target anyone's phone metadata.
Right now, the phone companies store phone metadata for varying times. Verizon and U.S Cellular store it for about a year; Sprint for 18 months. At the other end of the spectrum, T-Mobile maintains it for seven to 10 years, and AT&T for five, according to a congressional inquiry. While Obama's review group's recommendation was short on details, everybody familiar with the plan agrees it would require telcos to store metadata for some minimum amount of time, presumably for longer than many of them already do. That means the authorities would have access to this data for far longer than they otherwise might.
According to the congressional inquiry led by Sen. Edward Markey (D-Massachusetts), eight carriers reported receiving more than 1 million requests for personal mobile phone data by law enforcement in 2013, and they and racked up millions of dollars in processing fees along the way. Not all of those requests were for phone metadata, however. There were requests for cell-site location data, web browsing habits, text message content, and voicemail, among other things. The telecoms did not break down the number of requests they received for each category.
To be sure, phone companies regularly provide law enforcement with customer calling history, usually under a subpoena. Such documentation, signed by a law enforcement agent, promises the data is relevant to an ongoing investigation. That standard is based on a 1979 Supreme Court precedent, which upheld the conviction of a Baltimore purse snatcher who unsuccessfully challenged the local phone company's decision to release his call records to the police even though the authorities did not have a probable-cause warrant. The records showed that the defendant, Michael Smith, had been calling his victim after he mugged her. (A more detailed look at that precedent can be found here.)
To give Americans a modicum of privacy, Congress must quarantine away from law enforcement officials the data the telcos would be compelled to store and only grant access to the NSA upon approval of the Foreign Intelligence Surveillance Court's approval. The NSA said it queried its vast database just 300 times last year.
"If there is this retention, you would need to make sure there are no loopholes that would undermine the entire purpose of the change," said Brett Kaufman, a National Security Project fellow with the American Civil Liberties Union.
If past is prologue, we already know the outcome.
