NSA seeking private company to store its massive collection of metadata
Do you have a some data storage space lying around that you’re not using? Like a lot of space? Enough to, let's say, handle all of the information gathered from the National Security Agency’s (NSA) telephone metadata collection program? If so, do we have a deal for you.
Earlier this month, the Office of the Director of National Intelligence, the body managing all of the United States’ spying activities, put out a request for information (RFI) looking to determine if there are any commercially available systems offered by private companies capable of holding all of its phone metadata.
Metadata collected from cell phone calls includes things like the phone number of each caller, the unique serial numbers of the physical devices involved, the time and duration of the call, the precise geographic location of the callers, and if any calling cards used to make the connection.
The government is looking for systems that can provide intelligence agencies instantaneous access to the data, ensure that the data is completely secure to outside penetration, and make it so no data is provided to the agencies in question ‟unless in response to an authorized query.”
It’s still early in the process—as the RFI makes clear—meaning the government isn’t looking for active bids on the data-housing contract just yet. Instead, the agnecy just wants to know if there are systems out there capable of fulfilling its needs.
Late last year, a panel appointed President Obama in response to the widespread public reaction against the revelations of NSA whistleblower Edward Snowden pushed for a number of serious reforms to the way the government conducts its surveillance activities. One of those recommendation was to end the NSA’s in-house storage of phone records and instead move that information onto servers maintained by a private third-party. That way, the government would only be able to access this highly sensative information with a specific court order.
The government has reportedly maintained its own database of cell phone metadata since 2006.
While Obama has insisted the analysis of this metadata is an essential tool in fighting terrorism, in a speech last month, he admitted that the nation’s intelligence infrastructre needed imminent reform in order to regain the trust of the American people. Obama agreed that the government itself should stop storing the metadata internally.
However, the President noted that the panel’s suggestion about letting a third-party store the metadata had some potential drawbacks:
The review group recommended that our current approach be replaced by one in which the providers or a third party retain the bulk records, with government accessing information as needed. Both of these options pose difficult problems. Relying solely on the records of multiple providers, for example, could require companies to alter their procedures in ways that raise new privacy concerns. On the other hand, any third party maintaining a single, consolidated database would be carrying out what is essentially a government function but with more expense, more legal ambiguity, potentially less accountability -- all of which would have a doubtful impact on increasing public confidence that their privacy is being protected.
At the time of the speech, Obama did not specify precisely what entity would hold the metadata. The open-ended nature of this RFI seems to be aimed at determining the positives and negatives of different possible systems for doing so.
Recent reports have indicated that technical limitations have prevented the NSA from sucking up as much phone metadata as was widely assumed—only collecting info on somewhere in the neighborhood of 20 to 30 percent of all phone calls. So, for anyone thinking of competing for this contract, the bar may be slightly lower then you thought.
Obama has set the deadline of March 28 for transferring the holding of metadata to somewhere outside of direct government control.
Photo by DARPA/Wikimedia Commons