As I noted yesterday, part of the effort to pass the USA Freedom Act involved what I call a “data handshake:” A deal whereby all four major telecoms would keep call detail records 2 years, without a mandate to do so.
At Foreign Policy, I have more details on this — with a focus on how this works with the Business Records law that authorizes the phone dragnet.
The terms of the data handshake are the most interesting part. This promise is not in writing. According to Feinstein it is a “personal testament.” (And of course it wasn’t in the bill, where privacy advocates might have objected to it.) The telecom companies could say they were retaining the data for business purposes, though, until now, they’ve had no business purpose to keep the records.
The government has repeatedly told courts that under Section 215, the NSA can only ask telecoms for business records they already hold. Yet Feinstein seems to have revealed, perhaps unintentionally, that under the new law the telecom companies would be willing to hold records at least an extra six months just so the government could presumably spy on their customers, if necessary. And in order to keep the records available under the law, the companies would claim they were keeping the records for business reasons. By doing this orally, no records could be obtained under discovery in a customer lawsuit or leaked by an NSA whistleblower like Edward Snowden. The telecoms could claim that they are not agents of the nation’s spies, even after they seem to have agreed to a handshake deal making them into just that.
Compare agreeing to this data handshake with what Verizon said in June.
At a Senate hearing in June, Verizon’s Associate General Counsel Michael Woods explained that Verizon keeps call detail records for just 12 to 18 months. “We don’t have data five years back,” Woods explained in response to a question from Collins. “All collection would be from our ordinary business records.”
In June, Woods made clear that Verizon objected to holding call detail records longer. His written testimony insisted that “national security is a fundamental government function that should not be outsourced to private companies.” He described that if a telecom company were asked to “retain data for the use of intelligence agencies,” it would be serving as “an agent” of the government.
Now, as I conclude in my piece, the telecoms that agreed to the data handshakes were probably calculating, correctly, that their customers would be better off if they held the records for 6 months longer than they needed to given their business needs than having the government hold them at all. I get the logic behind this deal.
But it is indefensible. The law, as written, cannot oblige Verizon to hold these records. The reason it can’t is because the law was never intended to set up an intrusive dragnet. Had it done so –and hopefully if the government tries to do so now — then it would have been publicly debated. And the program’s inefficacy would have been a much bigger issue.
The strong-arming of telecoms, presumably including Verizon, into this data handshake ought to refocus efforts to find a better solution to get the government the coverage it actually needs, but without inventing dragnets that have not shown to be useful.