Back to News & Commentary

Getting the Innocent out of the NSA’s Shadow Database

Patrick Toomey,
Deputy Director,
ACLU National Security Project
Share This Page
May 28, 2014

There’s a lot the Senate can and should do to improve upon the version of the USA Freedom Act passed by the House of Representatives last week. (My colleague Gabe Rottman outlines some of the most necessary changes here.) That includes one of the most troubling aspects of the agency’s phone-records program: the shadow database of Americans’ phone records, otherwise known as the “corporate store.” Trouble is, the bill’s language, as passed out of the House, makes it impossible to know whether the provision would actually add urgently needed privacy protections.

As I’ve explained previously, the “corporate store” is an NSA database that intelligence officials almost never discuss, yet it likely contains an enormous number of Americans’ phone records. For years, it’s where the NSA has pooled the phone records of every person within one, two, or three “hops” of a target. One independent government review estimated that the NSA added more than 120 million call records to the corporate store in 2012 alone, through just 300 queries of the raw phone data it collects in bulk. You can also look at it this way: To be added to the corporate store today, you would have to do little more than order take-out from the same restaurant as an NSA target. And once you’re in there, NSA analysts can analyze and data-mine your sensitive information any way they want.

(For a full explanation of the corporate store, click here.)

The new legislative proposal would address this backdoor into Americans’ phone records by directing the government to adopt procedures that “require the prompt destruction” of all phone records the NSA “determines are not foreign intelligence information.” That’s a good start, but it still leaves all the important details for another day and puts them in the hands of the very same intelligence agencies that have been secretly exploiting Americans’ phone records for years.

With a few revisions, however, the Senate could significantly strengthen this provision to more fully protect Americans’ privacy:

  • The Senate should mandate a specific timeline for NSA to purge data that does not have demonstrable intelligence value. Right now, the provision does not define what it means by “prompt,” nor does it explain what a determination of foreign-intelligence value involves. Instead, a “review it, or lose it” rule should apply. By default, NSA should be required to purge data that it has not affirmatively concluded has intelligence value.
  • The Senate should impose specific limits on the NSA’s use of data that remains in the corporate store. To begin with, it should adopt the unanimous recommendation of the Privacy and Civil Liberties Oversight Board to restrict queries of the corporate store with the same “reasonable, articulable suspicion” standard that applies to NSA’s queries of the raw phone data.
  • The Senate should limit retention of data in the corporate store to counterterrorism purposes, not any foreign intelligence purpose. Queries of the raw phone data can only be conducted for counterterrorism purposes. The same rules should apply to the corporate store.
  • The Senate should ensure that the FISA Court approves – and publishes – any minimization procedures governing the retention and dissemination of data in the corporate store, rather than leaving the procedures solely up to executive branch officials to adopt and apply in secret.

Senators should seize the opportunity to strengthen their colleagues’ much-needed reforms to the corporate store. Americans who have done nothing wrong shouldn’t have to fear that their government is analyzing their personal data simply because they happened to dial the same number as an NSA target.

Learn more about government surveillance and other civil liberty issues: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook.

Learn More About the Issues on This Page