President Obama will propose that the NSA end its bulk collection of phone data in a legislative proposal to be unveiled soon. The proposal would require phone companies to maintain data for 18 months—which is standard practice—rather than the five years the NSA has been maintaining records for. The phone companies were adamantly opposed to having to take on that burden of keeping records for five years.
Under the proposal, they said, the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order.This is an improvement, but is not without problems. The proposal would still allow the government to obtain "related records for callers up to two phone calls, or 'hops,' removed from the number that has come under suspicion." Those requests could come from multiple providers, if the related calls weren't made with the same provider as the initial caller. That means, as Marcy Wheeler points out, "ten or hundred of thousands of innocent people" will still be subject to the "full array of NSA's tradecraft."
More analysis below the fold.
A big key to the problem is what Marcy calls the "pizza joint review": What happens when the number that is linking all of these disparate callers is a pizza joint, and every customer is subject to having their data collected just because they frequent that restaurant? It's happened before.
So who, under this new system, will do the pizza joint analysis?This is a better solution than the status quo, but it isn't an answer to all the privacy concerns the two-hop standard allows, nor does it answer the questions of the Foreign Intelligence Surveillance Court as essentially a rubber stamp. Thus far, how the Obama proposal will address FISC issues isn't clear, though he has endorsed the idea of a public advocate arguing against the NSA in the FISC, one of the recommendations of his NSA review board.
If the phone companies do it […], it will mean even more intensive data mining of customer data while it remains in their hands.
If the NSA does it, it means a lot more totally innocent people will have their data turned over to NSA to do as they wish.