A measure that President
Obama last week suggested that he was open to the idea of requiring phone companies to store the records and allowing the government to search them under strict guidelines. Currently, the agency stores those records itself, part of a sprawling collection program that came to light through documents shared by former NSA contractor
But now, industry officials, privacy advocates and congressional officials are expressing resistance to any alternatives that involve mandating that phone companies hold the data for longer periods. And other possible scenarios, including having a private third party store the records, also raise concerns, they say.
Civil libertarians consider mandated phone-company or third- party storage an unacceptable "proxy" for the NSA's holding of the database. Last week, a group of privacy advocates met with
They endorsed an idea by a surveillance review group appointed by Obama to halt the NSA's bulk storage of the phone logs. Although the panel did not recommend immediately requiring companies to retain the records, "that's ultimately where the discussion is likely to lead," said
The phone companies, for their part, argue that storing the data for the NSA would lead to a flood of requests from local prosecutors, federal agents and divorce attorneys, unless legislation mandates that it be used strictly for government counterterrorism purposes. Even then, the companies see it as a major headache.
"We don't want to keep these records," said an industry executive, who, like several others interviewed for this story, spoke on the condition of anonymity because they weren't authorized to speak publicly. "We end up with all sorts of litigation risks, privacy risks, hacking vulnerabilities. There is a huge cost involved in just protecting them. And, truthfully, we just don't want to do it."
One major carrier estimated that it would cost "in the range of
The companies and security experts say the stored records would become an attractive target for hackers.
"We've always thought it was a bad idea," said a second telecom industry executive. "What I find perplexing about this is, privacy advocates don't like the idea, the intelligence community doesn't like the idea, and the carriers don't like the idea. So it's not clear whether you are solving a problem or making the problem worse."
Industry officials also said that legislating a requirement for them to hold the records would raise concerns about how broadly the mandate applies. Would it apply, for instance, to new technology firms that use voice applications?
The government could pay the companies to hold the data longer and convert it to a searchable format. After all, carriers in the 1990s resisted legislative mandates to help law enforcement wiretap criminals, then relented when the government agreed to pay companies to do it.
But, said a third industry executive, "we had fights with the government all the time about what were reimbursable expenses and what weren't. That's not a happy model."
The president's surveillance review group, whose report the
If that arrangement fails, the review group said, then legislation to require companies to hold the records - perhaps for as long as two years - might be necessary.
Obama said he would consider the proposal over the holidays and make a decision in January.
Currently, the NSA gets daily dumps of "metadata" from phone companies that include billions of phone numbers dialed, call lengths and times, and the specific phone line or "trunk" that carries a call. Not included are the contents of the calls themselves or the callers' names and addresses. The NSA searches the take when it finds reasonable suspicion that a number is linked to terrorism.
The NSA gets the numbers daily because the companies have varying retention policies, which range from six months to 10 years. Moreover, much of the call data they do retain is not in an electronic format that is searchable by computer.
Phone companies say the move would be costly and could lead to a flood of requests from local prosecutors and federal agents.
Experts say keeping the records could expose the companies to potential litigation, privacy violations, hacking and other risks.
Privacy advocates say the NSA should halt bulk storage of the phone logs.