Obama's NSA overhaul may require phone carriers to store more data | Reuters

By Mark Hosenball and Alina Selyukh

WASHINGTONThu Apr 3, 2014 6:46pm EDT

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 kms) south of Salt Lake City, Utah, December 17, 2013.

Credit: Reuters/Jim Urquhart

WASHINGTON (Reuters) - President Barack Obama's plan for overhauling the National Security Agency's phone surveillance program could force carriers to collect and store customer data that they are not now legally obliged to keep, according to U.S. officials.

One complication arises from the popularity of flat-rate or unlimited calling plans, which are used by the vast majority of Americans.

While the Federal Communications Commission requires phone companies to retain for 18 months records on "toll" or long-distance calls, the rule's application is vague for subscribers of unlimited phone plans because they do not get billed for individual calls.

That could change if the Obama administration pushes through with a proposal to require carriers - instead of the NSA - to collect and store phone metadata, which includes dialed numbers and call lengths but not the content of conversations. Under the administration's proposal, the phone companies would be required to turn over the data to the NSA in response to a court-approved government request.

U.S. officials said the carriers might be forced to create new mechanisms to ensure that metadata from flat-rate subscribers could be monitored. They said these issues will require further discussion between the White House, Congress and industry.

"These are very complex systems," said one industry source familiar with data storage policies. "I doubt there are companies out there that have a nice, neat, single database that can tell you how long records are kept universally."

To great fanfare last month, the Obama administration unveiled a proposal to end the NSA's bulk collection of millions of records of phone calls. But the announcement glossed over key practical issues in implementing the new procedures.

The potential gap in records for flat-rate subscribers, as well as the telecommunications companies' strong opposition to onerous data retention requirements, underscores the still-fluid nature of the NSA reforms.

"We applaud these proposals to end Section 215 bulk collection, but feel that it is critical to get the details of this important effort right," Verizon Communications Inc General Counsel Randal Milch said in a blog post last week, referring to Section 215 of the Patriot Act, the law that authorized the NSA program.

"At this early point in the process, we propose this basic principle that should guide the effort: the reformed collection process should not require companies to store data for longer than, or in formats that differ from, what they already do for business purposes," Milch wrote.

Obama's proposal, whose full details have yet to be formally released, is a response to public outcry over revelations by former NSA contractor Edward Snowden about the spy agency's bulk collection of phone records.

A senior Obama administration official said: "As questions arise with respect to the proposal, we look forward to working through them with Congress and relevant stakeholders."

CHANGING BUSINESS NEEDS

One former senior U.S. official said that because of the growing popularity of unlimited-calling plans, over the years the NSA program ended up collecting less and less of the metadata it was legally authorized to acquire.

This former official, and a non-government expert who had access to details of the NSA program, said that the agency recently had only been collecting 25 percent to 33 percent of the total U.S. metadata it was authorized to collect.

"The change in the nature of billing data means that there's a lot less such data than there used to be," said Stewart Baker, a former senior official at both the NSA and the Department of Homeland Security.

Another former U.S. official said he believed phone companies were still obliged to supply the NSA with some kind of record of the metadata other than billing records.

The NSA can request business records from phone companies, and carriers do generally keep some phone records for business purposes, such as to manage traffic flow in networks or monitor traffic exchanges with other carriers, said the first industry source.

However, those databases are fluid, complex and rarely comprehensive, as they are driven by constantly changing network needs. And that has become a key concern for phone companies in the proposed changes to NSA surveillance.

"It strips from us the ability to make business decisions as the technology evolves," the industry source said. "It would cause us to continue to collect stuff that we don't need."

If NSA wants to search flat-rate subscribers' metadata, it would only be able to do so on calls going forward from the date that the search is requested, since no earlier data could easily be retrieved, officials said.

Under the proposal, the NSA would have to get approval from the secret Foreign Intelligence Surveillance Court to examine phone data for information about calls made to or from a U.S. number.

A bill drafted by the House Intelligence Committee would allow the NSA itself to directly request metadata from a phone company under a broad authorization from the FISA court. But the court would later be required to review metadata NSA collected to see if the spying had been legitimate.

AT&T Inc declined to comment. Sprint Corp said, "We are reviewing the Obama administration's proposal with great interest and look forward to seeing additional details."

(Editing by Warren Strobel and Tiffany Wu)

http://www.reuters.com/article/2014/04/03/us-usa-security-obama-idUSBREA3228O20140403