NSA surveillance reforms: Are telecom companies ready?
The USA Freedom Act, signed this week, has curbed the NSA's mass surveillance powers. Now the phone companies are responsible for the mass collection of metadata, creating new obstacles for the telecom industry.
Under the new legislation, the NSA will be prohibited from collecting telephone metadata. Instead, the agency will have to acquire a warrant every time it wants to access phone records, which telephone companies are now legally required to hold. NSA official would have to submit data requests via keywords in order to collect relevant data from telecom companies.
The law would also reform the Foreign Intelligence Surveillance Court (FISA) by setting up a five-person panel that would offer advice when intelligence agencies seek new interpretations of existing law. Some of their court rulings would need to be declassified.
Currently telecom companies are required under FCC regulation to store telecom data for 18 months, although there are exceptions, such as T-Mobile, who holds its metadata for 7-10 years. The Wall Street Journal reported under the new law US telecom companies will have the next six months to negotiate with the government how they are going to store phone and internet data and for how long.
The companies also to figure out how to make the metadata – number called, time of call, and duration of call – available for access by the NSA with a warrant from the Foreign Intelligence Surveillance Court.
The USA Freedom Act doesn’t stipulate for how long the data should be kept, and it might mean that telecom companies will be paying for collection infrastructure and hiring more lawyers to protect themselves from potential lawsuits.
Jot Carpenter, Vice President of Government Affairs for CTIA-The Wireless Association, a group that represents cell-phone companies, told Foreign Policy that providers were reluctant to do any additional collection on behalf of the NSA when the reforms were first suggested, since moving the responsibility of data collection is estimated to cost $60 million.
Telecom companies will be now be required to provide a so-called "two-hop function"; the metadata for the targeted individual, every number called by that person, and then every number in contact with the number in question.
"Now the phone companies will be the place where the analysis of who's in contact with whom is taking place," Jennifer Granick, Director of Civil Liberties at Stanford University's Center for Internet and Society, told National Public Radio.
The bill doesn't specify whether the phone companies may have to develop their own system for retrieving the data or that the NSA would create a workable software system for them.
NPR asked cell phone companies if they plan to regularly disclose NSA requests for metadata or if they plan to change what data they store. CREDO Mobile was one of the few companies that responded. It uses the Sprint network to serve its customers and is known for taking a politically progressive stance on issues.
"We don't know how they plan to implement this going forward under USA Freedom" Becky Bond, Vice President of CREDO told NPR. But she said that phone carriers will take the act's passage as a wakeup call to "step up and do everything within their legal rights to protect the privacy of their customers who so clearly demanded it in this fight."