ODNI Tasks Researchers With Figuring Out How To Store Section 215 Collections Off-Site
from the still-looking-at-the-symptoms,-rather-than-the-sickness,-however dept
One of the few stipulations in Obama's NSA reforms was to transfer the Section 215 collections to a third party and out of the NSA's direct control. The assumption is that these records will be held by those generating them -- the telcos. But the telcos have made it apparent that, while they have no problem asking "how high" whenever the NSA says, "jump," they have no interest in storing the records onsite. The administration didn't specifically order anyone to take control of the records, basically punting the issue to Congress and the DOJ and "allowing" them to sort it out.
For better or worse, the ODNI has already taken action toward fulfilling the president's order.
The Office of the Director of National Intelligence has paid at least five research teams across the country to develop a system for high-volume, encrypted searches of electronic records kept outside the government's possession. The project is among several ideas that could allow the government to store Americans' phone records with phone companies or a third-party organization, but still search them as needed.These researchers' suggestions will be weighed against anything the DOJ or Congress has to offer, albeit with a slight hometeam advantage. There are some protections the ODNI has specified that may make its conclusions preferable to others, in terms of data security at least, and possibly provide more flexibility for shifting records to whatever entity(ies) is left holding the metadata bag.
Under the research, U.S. data mining would be shielded by secret coding that could conceal identifying details from outsiders and even the owners of the targeted databases, according to documents obtained by The Associated Press and interviews with researchers, corporate executives and government officials…This would ease the logistics problem and (theoretically) reduce the possibility of abuse. But it doesn't eliminate every problem, including the "why" of collecting and storing millions of irrelevant phone records. While it will reduce the odds of abuse, it doesn't eliminate that prospect. Another concern is the fact that the use (as opposed to the collection and storage) of the data will still be removed from any meaningful oversight.
An encrypted search system would permit the NSA to shift storage of phone records to either phone providers or a third party, and conduct secure searches remotely through their databases. The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure that its analysts were not leaking information or abusing anyone's privacy during their data searches. And the technique could also be used by the NSA to securely search out and retrieve Internet metadata, such as emails and other electronic records.
On a more positive note, the encrypted search requirement would stave off hacking attempts and prevent the phone companies from knowing which records have been searched. Of course, while preventing the phone companies from knowing what's going on with their records does some damage to the recently loosened restrictions on government access reporting, it does at least eliminate one of the telcos' objections to maintaining the collected data onsite. (Although it can be argued that the telcos -- Verizon and AT&T especially -- have been so compliant over the years that storing data onsite won't be remarkably different than storing it at NSA data centers.)
There are some pluses to the ODNI's efforts, but the question of why the collection is needed still hasn't been answered. The administration's cosmetic reforms placed a few restrictions on the Section 215 program but completely avoided addressing the overall uselessness of the Fourth Amendment-skirting program. As the program morphs to meet the few requirements given, the NSA's supporters are likely to greet each change with more proclamations of the damage being done to national security. (Not that they haven't started already…)
Ultimately, the NSA has no need to keep the data onsite, considering it will now have to seek court approval before searching the database. It will still have some leeway to bypass the judicial constraints thanks to National Security Letters, but for the most part, it's a return to its 2009 restraints as ordered by FISC judge Reggie Walton after observing "systemic abuse" of the bulk records collections. With this in place, the agency can't really argue that uninterrupted, direct access is needed as it will be something it no longer has, onsite or not. Placing another small hurdle simply makes it a bit more difficult to abuse the collection and, after having free rein for so many years, a little friction is exactly what the agency needs to experience.