Verizon Counsel Speaks Out Against “Outsourcing” Intelligence
One of the concerns I’ve raised about HR 3361 — AKA USA Freedumber — regards who will do some of the data analysis that the NSA “data integrity analysts” currently do before the contact-chaining stage. As I’ve noted, the most privacy protective thing would be to have the telecoms do it, but that would put them in an inappropriate role of performing analysis for the intelligence community.
Apparently, Verizon agrees with that. As part of Verizon Associate General Counsel Michael Woods’ testimony to the Senate Intelligence Committee the other day, he emphasized how inappropriate it would be for the telecoms to serve as surrogates for the intelligence community. (He emphasized this in his answers as well.)
Included in the reform discussions has been the idea that the collection, searching, and perhaps even analysis, of potentially relevant data is best done not by the government, but by the private holders of that data. One recommendation that garnered particular attention was that bulk collection of telephony metadata might be replaced by a system in which such metadata is held instead either by private providers or by a private third party.
This proposal opens a very complex debate, even when that debate is restricted to just traditional telephony, but the bottom line is this: national security is a fundamental government function that should not be outsourced to private companies.
Verizon is in the business of providing communications and other services to our customers. Data generated by that process is held only if, and only for long as, there is a business purpose in doing so. Outside of internal business operations, there typically is no need for companies to retain data for extended periods of time.
If a company is required to retain data for the use of intelligence agencies, it is no longer acting pursuant to a business purpose. Rather, it is serving the government’s purpose. In this context, the company has become an agent or surrogate of the government. Any Constitutional benefit of having the data held by private entities is lost when, by compelling retention of that data for non-business purposes, the private entity becomes a functional surrogate of the government. Public trust would exist to the extent that companies are believed to be truly independent of the government. When the companies are seen as surrogates for intelligence agencies, such trust will dissipate.
Nor would outsourcing offer any promise of efficiency. Technology is changing too rapidly — telecommunications networks are evolving beyond traditional switched telephony. Voice over Internet Protocol (VoIP) technologies handle voice traffic over the Internet (as opposed to the public switched telephone networks) and already account for a substantial portion of voice traffic. Even more dramatic has been the rise of “over-the-top” applications that use peer to peer or other technologies to establish direct connections between users over the Internet. In 2012, one such application accounted for 34% of all international voice calling minutes. VoIP and over-the-top applications traverse IP networks as Internet traffic and thus do not generate CDRs or similar telephony business records. U.S. intelligence agencies would need to approach application owners to establish access equivalent to the CDRs they obtain under the existing program. The technical difficulties multiply if the intelligence agencies were to eventually seek the same sort of access to IP metadata from Internet Service Providers.
Finally, the commercial effect on U.S. companies of outsourcing collection ought to be considered. No company will be eager to undertake the increased responsibility, scrutiny, and liability entailed by having its employees become surrogates for the government in the collection of intelligence. More troubling for large companies is the negative effect in the international market of overt association with a U.S. intelligence agency.
H.R. 3361 does not include any provisions which would require data retention by telecommunications companies. For all the foregoing reasons, that is a good thing. A framework under which intelligence agencies retain and analyze data that has been obtained from telecommunications companies in a “arms length” transaction compelled by a FISA order should continue. [my emphasis]
I quote this in full not to make you laugh at the prospect of Verizon balking at “becoming” a surrogate of the government.
I think this statement was clearly meant to lay out some clear principles going forward (and I suspect Verizon is by far the most important player in USA Freedumber, so Congress may well listen). Whatever Verizon has done in the past — before Edward Snowden and after him, ODNI exposed it, alone among the telecom companies, as turning over all our phone records to the government — it has made several efforts, some half-hearted and some potentially more significant to establish some space between it and the government. If Verizon has decided it’s time to set real boundaries in its cooperation with the government I’m all in favor of that going forward.
Much of this statement is just a clear warning that Verizon won’t abide by requests to extend their data retention practices, which it terms acting as an agent of the government. That will, by itself, limit the program. As Woods explained, they don’t really need Call Detail Records that long (and I assume they need smart phone data even less). What they keep the required 18 months is just billing records, which doesn’t provide the granular data the government would want. So if Verizon refuses to change its data retention approach, it will put a limit on what the government can access.
That said, that’s clearly what a number of Senators would like to do — mandate the retention of CDRs 18 months, which would in turn significantly raise the cost of this (about which more in a later post). So this could actually become a quite heated battle, aside from what privacy activists do.
There are a few more details of this I’m particularly intrigued by (aside from Woods’ warning that the records of interest will all be Internet-based calls within very short order).
Note that Woods admits there has been some discussion of having telecoms do “analysis” (and I assume he’s not talking just about me). Given his statements, it seems Verizon would refuse that too (good!). But remember: the last round of USA Freedumbing included compensation and immunity for Booz-type contractors in addition to the telecoms, so NSA may still be outsourcing this analysis, just to other contractors (and given that this was a late add, it may have come in response to Verizon’s reluctance to do NSA’s analysis for it).
When Woods claims this is difficult, “even when that debate is restricted to just traditional telephony,” he suggests the debate may not be restricted to traditional telephony. Obviously, Verizon must still be involved in upstream production. And it either is or may well be asked to resume its involvement in Internet metadata collection, because USA Freedumber doesn’t hide the intent to return to Internet dragnet collection. Then there’s the possibility Mark Warner’s questions elicited, that the telecoms will be getting hybrid orders asking for telephony metadata as well as other things, not limited to location.
When we talk about the various ways the NSA may try to deputize the telecoms, the possibilities are very broad — and alarming. So I’m happy to hear that Verizon, at least, is claiming to be unwilling to play that role.
When an elite faction objects it’s likely the law might be redrafted to accommodate that faction.
When ordinary Americans caught up in what Feinstein calls a “driftnet” complain we’re ignored. There is simply no grass roots organization with broad public support—and hence political power—on this issue. I applaud, for instance, the Center for Democracy & Technology’s testimony, but we need something bigger, something that cant be offset by Stewart effing Baker’s testimony.
So if the NSA is successful in deputizing the telecoms does that mean that if say the ACLU ask for records, the US Marshalls will swoop in, snatch the records and take them off to an un-disclosed location?
Regarding the cost, will there be a new entry showing up on your billing statement along the lines of a Douglas Adams’ ‘sunds expln’ that charges you the cost of the government spying on you?
LOL and I was think those very same telly-coms will outsource it to their call centers around the world. What could go wrong?
Now when you call tech support and they say ‘I know what’s wrong’, they probably will be holding back…
We pay telcos/ISPs for broadband access = $ for them.
They snoop, scrape, steal all of our personal info and sell it to the highest bidding data broker for ad targeting (and whatever else it’s used for) = $$ for them.
They sell the ad companies space on their servers and broadband to serve those ads to us whether we want them or not = $$$ for them.
Just as an aside, NSA etc want this info too so they swing a deal to get paid for that also = $$$$ for them.
As the last item is paid for with our tax dollars, we are now paying twice to these companies for our data to be stolen while they are collecting four checks per subscriber to enhance their bottom line and for their bosses to pay themselves huge bonuses and perks.
I think they should just give us the service for free!
Their new jet skis have to be paid for…
Foreign publics are moving away from US internet/telecom/tech. I encourage all Americans to do the same, to the fullest extent possible, and make it public. Maybe Snowden/EFF/ACLU can’t come right out and say that, but post-Occupy activists can and should.
Why do you believe Verizon is truly trying to “set real boundaries in its cooperation with the government”?
This apparent reluctance could just be their opening move in re contract negotiations.
Thank you, bmaz, for a Sunday morning link to Deep Purple’s “Lazy” on your Twitter feed. Only ever owned that on 8 track tape, brings back memories of the I-5 between LA and UC Davis at substantial volume. Good times, great musicians.
So if the presumption that we’re all copacetic with allowing telcos to possess information necessary to process our personal phone calls and that’s the justification used first in “pen registers” but then reflexively expanded exponentially to purport to justify “no expectation of privacy whatsoever” maroons (and is the false mantra of the NSA), exactly why should anybody who operates in a legal system that has our Constitution and Bill of Rights voluntarily be telling the telecoms to bulk collect/save/search anything more than the bare minimum of what they need to connect our private calls and generate a bill for us to pay for that service? Oh, and then immunize the telecoms for handing all that over to the NSA?
This is the meat of Verizon’s objections:
Insofar as Verizon (or any other US telecom) wants to be a player in other countries, they cannot afford to have an overt association with CIA/NSA. In some countries, this link will raise objections they will have to surmount that other non-US companies do not have to deal with. In other countries, it will automatically disqualify them from operating at all. This is a huge problem for a company with international aspirations.
one can hope.
it would be tooo satisfying to see the nsa hoisted on its own pitard.
Woods’ testimony is a straightforward application of the law for any competent legal counsel (course that lets out the vast majority of US-trained lawyers.) Compliance with the binding provisions of CCPR Article 17 requires that the state party refrain from imposing mandatory retention of data by third parties. And corporate immunity breaches the legal requirement that affected persons have access to effective remedies in cases of abuse.
Congress will of course bend over for NSA and white out the law it enacted, as it did with the Geneva Conventions and the Convention Against Torture when NSA wanted to target noncombatants for murder and torture. But Verizon doesn’t have to go along. They can go over the US courts’ head to independent panels and courts.
i wonder where and if former virginia congressman rick boucher is in all this domestic electronic spying stuff.
in my view, boucher was one of the good guys in the congress and, most relevantly here, one of the house of r’s specialists in telecommunications legislation.