Who Might Control Your Telephone Metadata

Remember last winter when President Obama called for an end to the NSA's telephone metadata collection program? He didn't actually call for an end to it; he just wanted it moved from an NSA database to some commercial database. (I still think this is a bad idea, and that having the companies store it is worse than having the government store it.)

Anyway, the Director of National Intelligence solicited companies who might be interested and capable of storing all this data. Here's the list of companies that expressed interest. Note that Oracle is on the list -- the only company I've heard of. Also note that many of these companies are just intermediaries that register for all sorts of things.

Posted on December 12, 2014 at 9:26 AM • 23 Comments

Comments

AnuraDecember 12, 2014 10:22 AM

There's this idea among many in the US that it's inherently better to outsource everything to the private sector; I have absolutely no clue why people think that, but it's pretty common.

Patrick Jarrold (PJ)December 12, 2014 11:10 AM

@Anura

Transferring the metadata collection program to a corporation is not privatizing it. Is the US government going to relinquish aceess? Are they going to allow the corporation to do the analysis? Are they going to ignore the conclusions? That's what privatization is: to allow private entities to run things without interference or help from the government.

The reason that most endeavors (excluding police, military, and the courts) are better privatized, is that any government, while necessary for those three jobs, is still the greatest threat to any individual. Corporations may violate your rights or sell your privacy to those who will violate your rights, but that's what laws are for: to prosecute private criminals. But what happens when the government violates your rights, which every one of them does to some extent? Government is supposed to have a monopoly on the use of retaliatory force, but neither they nor any private entity may initiate force. When government violates your rights, to whom do you turn? The only way to protect ourselves from government is to point out when they are initiating force rather than allowing them to fake reality.

Both privatized data collection and government data collection, without the consent (implicit or explicit) of the targets, is the initiation of force and should be criminalized, not shuffled around.

AnonDecember 12, 2014 11:28 AM

I'm a little disappointed in your views on this, Bruce.
You know the phone companies already have 2 year mandatory retention laws, so the "more people having the data" argument doesn't work, and the private data-mining argument thus falls apart too.

The real question here is what to do about about the retention length.

The government seems to take it for granted it needs 5 years of data. I'd like to see some justification of this opinion. They can go 2 years back in time using the phone company data, why do they need 5? For suspected terrorists and terrorist websites, they are under continuous surveillance using normal warrants (I hope!), so this consideration does not apply. The only valid place it applies is, for example, discovering a terrorist website 3 years late, and wanting to see people who used it over 2 years ago. I question both the use of information on people who have been inactive for 2+ years, as well of the NSA's competence if they only discover the site 2+ years late.

The real options should be between eliminating the programs altogether (both NSA programs and the retention laws) as they are clearly unconstitutional to begin with, or eliminating the programs from government databases, and allow them the querying of the existing private 2 year phone company databases (which would be undeniably a security increase at least).

Supporting the idea of the government collecting this data to improve security on such premises that the government needs or is even entitled to 5 years worth of data only moves us in the wrong direction in this argument due to potentially very flawed premises.

vas pupDecember 12, 2014 12:09 PM

Anura • December 12, 2014 10:22 AM:
"There's this idea among many in the US that it's inherently better to outsource everything to the private sector; I have absolutely no clue why people think that, but it's pretty common." My guess is that folks in US could not get the idea that the problem is not the government itself, but dysfunctional government (all branches/levels to the different degree) which they observe/contact on everyday basis. If you have bad horse, you should not discard the idea riding the horses at all. You should either tame your horse or change the horse, or may be ask other horse owner how he makes his horse be fitted to your needs. Examples of functional gov: Singapore, Germany, Switzerland, South Korea, Finland, Japan, etc. Those countries set selection procedure based on the professionalism/expertise as the main selection criteria, then all other come to consideration. Do you see same in US? As usually, my own humble opinion.

AnuraDecember 12, 2014 12:09 PM

@Patrick Jarrold (PJ)

"The reason that most endeavors (excluding police, military, and the courts) are better privatized, is that any government, while necessary for those three jobs, is still the greatest threat to any individual. Corporations may violate your rights or sell your privacy to those who will violate your rights, but that's what laws are for: to prosecute private criminals."

You're pretty naive if you think these companies would be prosecuted, given recent history. Democratic government puts control over the data in the hands of the people. The problem we have today is that we don't have Democratic control over the government, we have a handful of elites with significant influence over the government. If you privatize, it goes in the hands of the elites as well, except with LESS government oversight, not more. Absolutely nothing changes for the better, and at most it makes things much much worse.

AnuraDecember 12, 2014 12:16 PM

@vas pup

The thing that baffles me is that we also see corporations as more corrupt. On the left and the right, Wall street is commonly seen as a center of corruption in the United States.

LessThanObviousDecember 12, 2014 1:23 PM

Moving some things from Public to Private Sector sounds good in theory. People tend to believe private industry can do things with more agility and cost effectiveness. That is often true when business does things for itself, but I suspect when business does things for the federal government it doesn't hold up. Business salivates when they hear about big government contracts, because there is an assumption that there will be enough slush to line their pockets. In some cases government work goes to the lowest bidder who is often bound to do a shitty job in implementation. There is no magic bullet, whether it private or public it's simply the cost efficiency, security and quality of work product that counts.

Where do we store data that we wish they weren't storing? Unless we make a determination that Third Party Doctrine only applies to criminal investigations and court proceedings, but not to the rights of corporations, I don't think it matters. I wish we would vigorously test that distinction through the courts.

DanielDecember 12, 2014 1:35 PM

@Anon 11:28

Welcome to the club. I've been pissing into the wind on this issue for at least a decade. My deep concern is that at some point in time five years is going to become a conditioned response and then it will be "tradition" and then it's a lost cause.

The five year limit for data retention actually was initially a financial data retention rule to prevent money laundering. Then it got picked up by other other parties because that's what the government did. The reason that five years was chosen was because that was the statute of limitations of one of the major money laundering laws. The thinking was that if the data was gone before five years it was, in effect, a backdoor way of lowering the statute of limitations because no data means no prosecution. The problem with that logic is that it presumes there was any justification for the five year legal limit to begin with. Well, that limit stems from the Al Capone days when a money laundering investigation might take two or three years.

So what we have is assumption built upon assumption with no one ever willing to go back and challenge the underlying premise. But bring the whole five year issue up to an FBI agent and watch them squawk like live turkey being plucked.

Content retention limits are in my view THE privacy issue. But no one wants to deal with them because it is difficult.

AnuraDecember 12, 2014 1:56 PM

@LessThanObvious

It's based on the idea that businesses strive for efficiency, which translates to lower prices in a competitive market. The problem is that not all markets are competitive, and not all businesses are very good at being efficient. So while some businesses may strive for efficiency, it doesn't necessarily mean they are more efficient than government (economies of scale tends to favor government) and it doesn't necessarily mean it benefits the consumer, it could be more costly to the consumer to line the pockets of the owners. Reports on private prisons have shown they have not saved tax payers any money, and the American Health Care system is the least efficient in the world.

A lot of what people see as government costing so much is with things like construction, where no one actually looks into why it costs so much. A great example is the often-criticized high-speed rail project in California. Yes, it's way over budget; not because of inefficiency, it's because of the cost of land acquisition.

When it comes to natural monopolies, I would much rather have public services than contracted out services wherever possible, because the contracting is where the corruption is. I think there would be significantly less corruption if oil drilling, mining, power plants, and similar enterprises in the US were all ran by public departments. You would have no incentive for dumping toxic waste, and no-one lobbying against the environment for personal financial gain - the debate would be 100% about the costs to the citizens and taxpayers.

vas pupDecember 12, 2014 3:29 PM

Anura • December 12, 2014 12:16 PM
"The thing that baffles me is that we also see corporations as more corrupt. On the left and the right, Wall street is commonly seen as a center of corruption in the United States". My guess is the paradigm implemented by SCOTUS decision in Citizens United case when it was decided that corporations could put unlimited amount of money into election on behalf of their prospective agent within the government is 'cancer' for legislative branch and executive/judicial branch - those officials who are elected. Revolving door when today somebody doing oversight of particular industry/business, and then immediately after leaving gov position becoming a member of the board of such corporations is 'cancer' for executive branch. By the way, recently it was suggested that police officer should have video camera and record all interactions with a public for sake of creating proof of his/her proper actions or misconduct.
I guess that ALL court procedures should be recorded as well for the same purpose, but NOT to broadcast to the public (trial is not a theater - like OJ Simpson trial), but for Jury so they could watch over recording of the whole process before verdict, for BAR disciplinary commission in case of misconduct of officers of the court including judges, for appeal court, for US Marshals if threats were made during trial). That may improve judicial branch functioning dramatically and technology is cheap (with no substantial spending/investment). Yes, there is space for improvement, but no political will (after election in particular when all promises could be dropped until next election campaign).

AlanSDecember 12, 2014 3:43 PM

@Anura

In ideology at least, Americans appear deeply opposed to government running things as private markets are supposed to be more efficient. In practice, both political parties have overseen a massive expansion of government since the 1930s. Public versus private? One isn't necessarily better than the other. One needs both. The problem is that what we get stuck with is often the collusion of government and powerful corporations against the public interest and regulation for private benefit disguised as deregulation and the 'free market'. Add imperial misadventures into the mix for even more fun.

Adam Smith's Wealth of Nations is a polemic against against this type of collusion (not a manifesto for 'free market' ideology as most neoclassical economists would have people believe).

Bauke Jan DoumaDecember 12, 2014 4:36 PM

Nice to know all those names, all those companies...
They presumably have airtight privacy policies and oh yeah ... -- security.
First one to pwn when it counts gets a free virtual beer.

Enjoy your weekends.

BoppingAroundDecember 12, 2014 5:08 PM

Anura,

I have heard that one of possible reasons might be that you cannot make FOIA requests to a private company.

HeraldDecember 12, 2014 5:50 PM

Fall out from Snowden effect.

The last thing we want is to let corporate america and wall street get their hands on NSA data. Sadly, Mr. Snowden had indirectly contributed to this cause.

ThothDecember 12, 2014 6:17 PM

If you believe that those corporations are really mindful corporations, then that is unlikely the case. The US Govt would not put their precious data in the hands of "private organisations" that have the potential to lobby them or refuse to turn over data when asked. Those unknown companies are probably Government fronts pretending to do businesses. Just shell companies. How about Oracle ? It's still under US Govt control and they are very obedient organisations to be friends of the Government.

Why would Anura and me say that ? There's a saying that there's no such thing as a free meal and it's very true. The US Govt won't entrust so much important data to an entity without understanding them or having complete control of the entity "safekeeping" their precious data.

We have to be mindful that the Government's data (so called NSA data) is actually the logs and metadata collected of the people of the USA and of each and every individual targeted by US Govt's unlawful and high absurd surveillance and world domination ambitions. In a sense, the data belongs to these victims that have been spied on. Also, the data of the US Govt is the data of the people of USA because it is the people that ultimately owns the nation and the Govt as the shepherd. A Govt without people is useless and vice versa.

The US Govt (and Five Eyes) owes the US people and the world a ton of explanations for highly intrusive and probably illegal actions that definitely breaches a person's rights of privacy.

What is the likelihood the US Govt would let go of those stolen data from individuals and let a private company take charge and process data requests under proper procedures ? Highly unlikely or even impossible that the Powerful would release power (data is power).

Walls Street events are just a cover for US operations.

HeraldDecember 12, 2014 6:35 PM

@ Thoth:What is the likelihood the US Govt would let go of those stolen data from individuals and let a private company take charge and process data requests under proper procedures ? Highly unlikely or even impossible that the Powerful would release power (data is power).

This is where Mr. Snowden's revelations can be used to shake things up, loosen the established quo for progressiveness, a progression towards true fascist control in the claim of democracy.

I don't support collection in the first place, but letting this data go across into private boundary is even more dangerous.

ThothDecember 12, 2014 8:53 PM

@Herald
Snowden's leaks serve as a double edged sword. On one hand, he confirmed everyone's suspicion of US/UK (Five Eyes) involvements and activities and their methods. On the other hand, it provides smoke screen and justification on both the Govt camp and Civil Rights camp. He just provided raw data and it simply depends on how we interpret things.

His revelations might have caused some changes in the Govt's plans and made them more determined in their plans to mislead the public. On the other hand it gives the public a heads up on what's behind closed iron doors.

Now, it's up to how the rest of the world is educated ... by misinformation and twisting of sources or by proper knowledge and understanding.

The Govt would definitely seek the chance to further their agendas like any other enterprises (as Govt is a "National Enterprise"). One way is deception... deeper deceptions and misrepresentation to the public (and also to their so-called enemies).

The root of all these collected data is due to how the public and private sectors go about handling data.

Most people shrug their shoulders when it comes to security. They will claim they have nothing to hide and claim pure ignorance and unwillingness to defend themselves until something bad happens. That's the people's fault. If they are willing to sacrifice their own privacy, then they should not expect protection. It takes effort to practice protective measures and put them in place.

The second thing that dooms day is the industry. The Govt tries to influence the industry so that they can retain power. The industry itself is greedy for huge profits with less efforts (as usual). The industry, like the Govt, can be ruled by a bunch of ignorant people or people who cannot be trusted. Data is power (and resource) in this digital age and so, they go about harvesting data.

The Govt afraid of "going dark" attempts to fool the industry and people on security. Spreading rumours, inserting backdoors, giving wrong information and mis-educating people by telling people that "trust in the Govt", "nothing to hide" or "surrender yourself and be loyal" is a show of nationalism to stir up nationalistic ideologies or as a force not to be messed with (threaten the people).

Using these aspects, we can see how it takes three hands to clap and cause what we are seeing now.

My advise is still the same ... proper education as the primary corrective procedures. Show people what is wrong and let them decide. That is what Snowden's leaks are about (with a backlash). Yes, it might have enabled fascists Govts to take advantage to further their agenda which might take place sooner or later. Maybe the leaks could have been done in a more conscious and controlled manner ? Who knows.

BoppingAroundDecember 13, 2014 9:32 AM

> Most people shrug their shoulders when it comes to security. They will claim they have nothing to hide and claim pure ignorance and unwillingness to defend themselves until something bad happens.

There is a joke regarding the lax attitude towards backups by some system administrators, 'there are two kinds of sysadmins: those who do not perform back-ups and those who already do.'

Seems this does apply to privacy and security too.

DougDecember 14, 2014 4:57 AM

I am just about at a place that says 'let all information be public'. End rhetoric concept of digital privacy and call it a day.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.