On Tuesday, June 2, 2015, Barack Obama signed the USA FREEDOM Act into law. Among other reforms, the USA FREEDOM Act adopts a series of modifications to federal foreign intelligence gathering statutes and procedures to prohibit the National Security Agency from engaging in the bulk collection of telephone records. As a consequence, telecommunications carriers will now have to process requests for records that the NSA previously collected itself.
The USA FREEDOM Act will not impose any new data retention requirements on carriers. Rather, the Act allows carriers to continue implementing their own business record retention policies. However, under federal law and FCC rules, carriers already are required to retain various customer records. For example, carriers offering toll telephone services must retain billing records on long distance calls for 18 months. These records must contain the name, address, and phone number of the caller; the number dialed; and the date, time, and length of the call.
Other preexisting obligations include the following:
- Carriers have an obligation to maintain secure and accurate records of all interceptions of communications or access to call-identifying information for a reasonable period of time under CALEA (47 C.F.R. § 1.20004(b))
- Telecommunications Relay Service providers must retain call detail records for at least five years (47 C.F.R. § 64.604)
- Eligible telecommunications carriers participating in the Lifeline program currently must retain call detail records for three years (47 C.F.R. § 54.417), although the FCC is expected to extend this retention requirement to ten years at this month’s FCC Open Meeting
- Providers of services for E-Rate and the Connect America Fund must retain documents pertaining to their delivery of services for at least ten years (47 C.F.R. § 54.516, as amended by the Connect America Fund and E-Rate Orders)
- Telecommunications firms also are subject to various state-level data retention laws in states where they operate
Under the USA FREEDOM Act, these requirements remain unchanged. However, companies must make sure that the records they turn over to law enforcement comply with the terms of the Act. Whereas prior FCC definitions of call detail records included location information (e.g., the definition of Customer Proprietary Network Information (CPNI) under Section 222 of the Communications Act), the USA FREEDOM Act explicitly excludes cell site location information and GPS information from the definition of call detail records (§ 107 (k)(3)). As a result, carriers may have to remove location information from their records before turning them over to law enforcement under the Act.
As a result of the USA FREEDOM Act, it is likely that carriers will face an increased number of law enforcement requests in the future. Therefore, it is important that carriers review their data retention practices to ensure compliance with all applicable laws and rules.