In two different places, the White Paper justifying the Section 215 dragnet discusses the FCC’s requirements that telecoms retain phone records.
First, without describing what current requirements are or where they came from, it claims current requirements are insufficient to meet national security needs.
If not collected and held by the NSA, telephony metadata may not continue to be available for the period of time (currently five years) deemed appropriate for national security purposes because telecommunications service providers are not typically required to retain it for this length of time.
But then, later, it uses the FCC requirement that telecoms retain records for 18 months as part of its claim that it is no big deal that the government uses these orders to collect information prospectively.
Section 215 orders are not being used to compel a telecommunications service provider to retain information that the provider would otherwise discard, because the telephony metadata records are routinely maintained by the providers for at least eighteen months in the ordinary course of business pursuant to Federal Communications Commission regulations. See 47 C.F.R. § 42.6. In this context, the continued existence of the records and their continuing relevance to an international terrorism investigation will not change over the 90-day life of a FISC order.
It’s a pretty breathtaking selective reliance on FCC regulations. Because, as this post explains, the current 18-month retention requirement actually came about in response to a DOJ request in 1985 based, in part, on their need to access the records for the two purposes for which Section 215 can be used against Americans, terrorism and spying.
Not only does this federal regulation provide a legal retention obligation, but it is also unrelated to the “business purposes” of the telephone companies and in fact was promulgated by the FCC at the specific request of the DOJ in order to aid in terrorism investigations. The retention period had previously been six months, but the DOJ petitioned the FCC to extend it precisely because such telephone records “are often essential to the successful investigation and prosecution of today’s sophisticated criminal conspiracies relating, for example, to terrorism . . . and espionage.” The FCC therefore extended the legal retention period for as long as the DOJ said was necessary.
DOJ/NSA/ODNI may believe that this regulation, which became effective in 1986, is outdated or no longer adequate, but pretending that it (and many similar state regulations) doesn’t exist or that those agencies couldn’t have done more to update or expand this regulation to suit the Executive branch’s current “needs” undermines their argument.
And, as the post further describes, at the precise moment when the government was rolling out the adoption of this use of Section 215 in 2006, the FCC asked but DOJ did not push for an extension of the retention requirements.
In fact, in early 2006, the FCC itself proactively solicited comments on the 18-month retention regulation and the DOJ submitted these comments which — in light of what we know now and the government’s current arguments — is rather remarkable.
First, the DOJ’s comments are dated April 28, 2006, which was reportedly just a month before the DOJ/FBI securedthe first Foreign Intelligence Surveillance Court order for bulk collection of U.S. telephone metadata for the NSA under the “business records” provision.
Second, while the DOJ noted problems with the regulation (including that “some” phone companies read it narrowly and argued it would not apply if certain billing methods were used) the DOJ nevertheless stressed the regulation’s continuing importance for counterterrorism, stating that telephone records were a “critical tool in the fight against global terrorism” that had “enabled . . . national security agencies to prevent terrorist acts and acts of espionage.” Moreover, the DOJ stressed its role in setting the legal retention period at 18 months.
Third, the DOJ in fact suggested — in a footnote, near the end — that the FCC “should explore” whether “the existing 18-month rule should be extended,” yet surprisingly the DOJ did not forcefully argue for such an extension.
Perhaps the second White Paper citation above reveals why: because, while DOJ didn’t want to simply extend the retention requirement to the 5-year period it claims it needs (because then it wouldn’t have an excuse to create its own database), it needed the existence of a retention requirement that was longer than its reauthorization period to justify the prospective collection of records (which is legally one of the most egregious parts of this practice).
But now that we know how the timing all fits together, DOJ’s actions in response FCC’s invitation for a longer deadline repeat the Bush Administration’s earlier implementation of the illegal wiretap program even as Congress was legislating changes to FISA: it shows there were more appropriate means of accomplishing the desired objective that the government chose not to use.
Mind you, one more thing is almost certainly going on: with expanded use of VOIP, the phrase “telecommunications service provider” has expanded meaning over what it had in 1985, and VOIP providers presumably present an entirely different set of records collection issues. And FCC regulations apply very differently to cable providers than they do to telecom providers.
All that said, it’d be nice if DOJ would just commit to whether these FCC regulations exist for the precise purpose that DOJ has chosen instead to use Section 215 for.