Requiring AT&T Inc., T-Mobile US Inc. and other telecommunications companies to retain bulk phone records for U.S. spy programs is costly and risks exposing customer data to hackers, industry and privacy groups said.
A White House advisory committee on National Security Agency spy programs recommends that U.S. carriers, instead of the NSA, hold phone records of millions of citizens, said an administration official familiar with the panel’s report. The official requested anonymity because the findings haven’t been made public by the White House.
The report says the NSA should be able to have access to the phone data, which includes numbers dialed and call durations. It attempts to address criticism of the program, in which the NSA collects metadata under court orders, by requiring companies to collect and retain the records.
“I expect our members would oppose the imposition of data retention obligations that would require them to maintain customer data for longer than necessary,” Jot Carpenter, vice president of government affairs for CTIA-The Wireless Association, said in an e-mailed statement. The trade group represents AT&T, T-Mobile and other carriers.
President Barack Obama appointed the Review Group on Intelligence and Communications Technology in August in response to an international and domestic backlash against U.S. surveillance programs exposed in documents leaked by former government contractor Edward Snowden. The documents revealed the extent of communications and data swept up by the NSA’s programs globally. Snowden is in Russia under temporary asylum.
The panel also recommends the phone records could be held by a third-party organization, the administration official said.
The report was submitted to the White House today and contains more than 40 recommendations, Caitlin Hayden, a spokeswoman for Obama’s National Security Council, said in an e-mailed statement. The administration’s internal review of spy programs will be completed in January and the report will then be made public, she said.
Shifting the responsibility for maintaining bulk phone records doesn’t change the sweeping nature of the surveillance program or eliminate potential violations of U.S. citizens’ constitutional rights, said Kevin Bankston, policy director for the Washington-based Open Technology Institute, a policy and research organization.
“It’s just bulk collection by proxy,” Bankston said. “We urge the president to put a definitive end to the bulk collection program, rather than treating every American like a terrorist suspect.”
Bulk phone records are held for five years by the NSA, and requiring carriers to retain the data creates “an attractive target not only for our intelligence agencies but for garden variety police officers, civil litigants and divorce lawyers, cyber-criminals and foreign spies,” Bankston said.
Having the phone companies hold the data would be “a shell game” that doesn’t ensure American citizens the right to privacy, said Zeke Johnson, director of the security and human rights program at Amnesty International USA.
Hayden said the review “is looking across the board at our intelligence gathering to ensure that as we gather intelligence, we are properly accounting for both the security of our citizens and our allies, and the privacy concerns shared by Americans and citizens around the world.” She declined to comment on the contents of the report.
T-Mobile, based in Bellevue, Washington, declined to comment, company spokesman Timothy O’Regan said in an e-mail. AT&T, based in Dallas, declined to comment, spokesman Michael Balmoris said in an e-mail.
NSA Director General Keith Alexander told a Senate Judiciary Committee hearing on Dec. 11 that he knew of no alternatives to the bulk records collection and that making changes to it might leave the U.S. vulnerable to another terrorist attack.
Senator Dianne Feinstein, a California Democrat and chairman of the Senate intelligence committee, opposes storing the metadata with the carriers. She introduced a bill that would preserve the ability of the NSA to collect the records. An NSA analysis presented to Feinstein found significant costs to phone companies to retain the data.
However, Representative Adam Schiff, a California Democrat who serves on the House intelligence committee, praised the proposal to prevent the NSA from retaining the records.
“I have consistently maintained that instead of collecting vast amounts of domestic phone records, we should query the records held by phone companies on a case by case basis,” Schiff said in a statement.
“The task force finding is yet another confirmation that restructuring the program is both technically feasible and more protective of the privacy interests of the American people.”
It wasn’t clear if the review group would recommend that Google Inc., Microsoft Corp., Yahoo! Inc. and other Internet companies be allowed to disclose how many government orders they receive to turn over user data and how many accounts are affected by those orders.
The companies have lobbied Congress and the administration to curb government surveillance programs and for permission to publicly disclose the data.
It would be “horribly disappointing” if the review group, or Obama, doesn’t commit to letting the companies have transparency, Bankston said.
Johnson, of Amnesty International, said, “Transparency is critical and the government has an obligation to disclose information on the scope of the surveillance program.”
Google spokeswoman Niki Fenwick said in an e-mail the Mountain View, California-based company declined to comment. Microsoft, based in Redmond, Washington, also declined to comment, spokeswoman Kim Kuresman said in an e-mail. Yahoo, based in Sunnyvale, California, declined to comment, spokeswoman Sarah Meron said by phone.