Share story

Requiring AT&T, T-Mobile US and other telecommunications companies to retain bulk phone records for U.S. spy programs is costly and risks exposing customer data to hackers, industry and privacy groups said.

A White House advisory committee on National Security Agency spy programs recommends that U.S. carriers, instead of the NSA, hold phone records of millions of citizens, said an administration official familiar with the panel’s report. The official requested anonymity because the findings haven’t been made public by the White House.

The report says the NSA should be able to have access to the phone data, which includes numbers dialed and call durations. It attempts to address criticism of the program, in which the NSA collects metadata under court orders, by requiring companies to collect and retain the records.

“I expect our members would oppose the imposition of data-retention obligations that would require them to maintain customer data for longer than necessary,” said Jot Carpenter, vice president of government affairs for CTIA-The Wireless Association. The trade group represents AT&T, T-Mobile and other carriers.

President Obama appointed the Review Group on Intelligence and Communications Technology in August in response to an international and domestic backlash against U.S. surveillance programs exposed in documents leaked by former government contractor Edward Snowden.

The panel also recommends the phone records could be held by a third-party organization, the administration official said.

The report was submitted to the White House on Friday and contains more than 40 recommendations, said Caitlin Hayden, a spokeswoman for Obama’s National Security Council.

The administration’s internal review of spy programs will be completed in January and the report will then be made public, she said.

Shifting the responsibility for maintaining bulk phone records doesn’t change the sweeping nature of the surveillance program or eliminate potential violations of U.S. citizens’ constitutional rights, said Kevin Bankston, policy director for the Open Technology Institute, a policy and research organization.

“It’s just bulk collection by proxy,” Bankston said. “We urge the president to put a definitive end to the bulk-collection program, rather than treating every American like a terrorist suspect.”

Bulk-phone records are held for five years by the NSA, and requiring carriers to retain the data creates “an attractive target not only for our intelligence agencies but for garden-variety police officers, civil litigants and divorce lawyers, cybercriminals and foreign spies,” Bankston said.

Having the phone companies hold the data would be “a shell game” that doesn’t ensure American citizens the right to privacy, said Zeke Johnson, director of the security and human-rights program at Amnesty International USA.

Hayden said the review “is looking across the board at our intelligence gathering to ensure that as we gather intelligence, we are properly accounting for both the security of our citizens and our allies, and the privacy concerns shared by Americans and citizens around the world.”

She declined to comment on the contents of the report.

T-Mobile, based in Bellevue, declined to comment, said company spokesman Timothy O’Regan said in an email. AT&T also declined to comment.

NSA Director General Keith Alexander told a Senate Judiciary Committee hearing on Wednesday that he knew of no alternatives to the bulk-records collection and that making changes to it might leave the U.S. vulnerable to another terrorist attack.

Sen. Dianne Feinstein, a California Democrat and chairwoman of the Senate intelligence committee, opposes storing the metadata with the carriers.

She introduced a bill that would preserve the ability of the NSA to collect the records. An NSA analysis presented to Feinstein found significant costs to phone companies to retain the data.

However, Rep. Adam Schiff, a California Democrat who serves on the House intelligence committee, praised the proposal to prevent the NSA from retaining the records.

“I have consistently maintained that instead of collecting vast amounts of domestic phone records, we should query the records held by phone companies on a case-by-case basis,” Schiff said in a statement.

“The task-force finding is yet another confirmation that restructuring the program is both technically feasible and more protective of the privacy interests of the American people.”

It wasn’t clear if the review group would recommend that Google, Microsoft, Yahoo and other Internet companies be allowed to disclose how many government orders they receive to turn over user data and how many accounts are affected by those orders.

The companies have lobbied Congress and the administration to curb government-surveillance programs and for permission to publicly disclose the data.

It would be “horribly disappointing” if the review group, or Obama, doesn’t commit to letting the companies have transparency, Bankston said.

Johnson, of Amnesty International, said, “Transparency is critical and the government has an obligation to disclose information on the scope of the surveillance program.”

Google spokeswoman Niki Fenwick declined to comment.

Microsoft and Yahoo also declined to comment.