Question of Where Metadata Should Reside Spurs Mixed Feelings After Panel Recommendations
Stakeholders were split Thursday on whether industry or a third party, rather than the federal government, should retain phone metadata. That was one of the 46 surveillance review group recommendations released Wednesday. The five-member independent panel, convened by the White House in early fall, proposed a wide range of changes, including targeted phone searches, data held by companies or a third party rather than government and a public advocate for the Foreign Intelligence Surveillance Court (CD Dec 19 p4).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
But the Computer & Communications Industry Association slammed the idea of companies holding the metadata for the government to query, despite a wide number of statements of praise for many recommendations. “While we're also pleased to see the Review Group address limits on the storage of bulk metadata, forcing companies or any third party to store this type of data is not a viable solution,” said CCIA Public Policy and Regulatory Counsel Ross Schulman in a statement.
There are “two separate problems with the idea of offloading the data,” Schulman told us. That proposal “creates a burden on the company itself,” potentially not for bigger players such as Verizon or Google, but likely for smaller companies or open source projects. “You're creating a fairly significant burden,” including “the time cost of compliance,” he said. The other problem, Schulman said, is that this doesn’t necessarily end any bulk surveillance of phone metadata. Moving the metadata “creates other problems in its wake” and proposing it as a solution comes potentially from “a misunderstanding on the part of some people,” he said, though he did call the National Security Agency’s storing all the data together “concerning.”
New America Foundation’s Open Technology Institute is “concerned at the review group’s suggestion that Congress may need to pass new legislation to require that communications companies continue to store years’ worth of customer data just in case the government needs it, which would amount to bulk collection by proxy,” said policy director Kevin Bankston in a statement. “The only acceptable reform to the bulk collection program is to stop the program."
"We would oppose any data retention mandate” but the recommendations went “softer than that,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, told us. She said she doubts Congress would pursue that route, due to the recommendations’ questioning whether the phone surveillance program is even effective and necessary. “I don’t see how Congress will take that next step,” she said, also pointing to potential industry resistance on data retention requirements. “The companies beat it back every time.” But the ACLU will keep an eye out for that possibility as bills progress in Congress, she said.
Rep. Adam Schiff, D-Calif., praised the retention recommendation. “I have consistently maintained that instead of collecting vast amounts of domestic phone records, we should query the records held by phone companies on a case by case basis,” said the House Intelligence Committee member in a statement, urging executive branch restructure immediately (http://1.usa.gov/1dT0X2s). “Many of these changes -- like allowing the providers to hold onto their own records -- can be accomplished without legislation and I would urge the Administration to act now.”
Greg Nojeim, senior counsel for the Center for Democracy & Technology, pointed favorably to the recommendations, specifically the suggestion phone companies hold the metadata, which he said was a voluntary best practice retention of two years rather than a statutory mandate. “This is a significant improvement over the current practice in which the FISA Court orders the phone companies to turn over their call records to the NSA every day for 90 days at a time so NSA can query the data using a looser standard,” Nojeim wrote in a blog post (http://bit.ly/1errzfH). “Some providers of cellular service now retain call detail records for a longer period of time than two years, and others for a shorter period.”
Several members of Congress praised the group’s report. Sens. Ron Wyden, D-Ore., Richard Blumenthal, D-Conn., and Al Franken, D-Minn., issued statements favorably pointing to parts of their own overhaul bills included in the recommendations. The more than 300 pages of recommendations is “a really awkward document for the Obama administration,” said Benjamin Wittes, Brookings Institution senior fellow, in a blog post, citing the administration’s defense of Patriot Act Section 215 phone surveillance, resistance to FISC court updates and insistence that the NSA needs to hold phone metadata (http://bit.ly/1ceCqaV). “To put the matter bluntly, there is no way the administration will embrace a bunch of these recommendations.” (jhendel@warren-news.com)