Could Your Data Firm Be the Next NSA Contractor?

One Proposal From Obama Admin Would Store Data With Third Parties

By Published on .

Agency could store date with third parties.
Agency could store date with third parties.
Most Popular

Data could be the next collaborative corporate-government frontier.

During his January 17 speech explaining the National Security Agency's surveillance program, which is reliant on obtaining massive amounts of phone call data, President Barack Obama ordered the establishment of a "mechanism" that "preserves the capabilities we need without the government holding this bulk meta-data."

Any decisions on how such a data-management operation would proceed are preliminary. One concept floated by a federal review board that evaluated the NSA program would be for a third party to store data on behalf of the NSA. Before discussing the concept, the President prefaced it with an understatement: "This will not be simple."

Not only would gearing up for such a high security project be a daunting undertaking, there are few companies with the current infrastructure to handle the job, much less ones that would want to deal with the legal and political headaches involved.

Still, government contracts are lucrative, and there are sure to be lots of firms that would bid on such an enormous, long-term project.

Who's got the goods? Marketing and credit data giants like Acxiom, Epsilon, Experian and Transunion spring to mind. Though these firms have been subject to scrutiny about privacy concerns by federal lawmakers, they also serve all levels of government.

Foot in the door
There are more than 720 federal data-management-related purchase orders from the last five years, according to SmartProcure, which tracks government contracts and spending, said Craig Calvert, the firm's director of communications.

Acxiom has a government-services division that has counted the U.S. State, Defense and Homeland Security Departments as clients, according to SmartProcure. The company reported the State Department spent around $935,000 in the last 12 months with Acxiom, which supplied it with IT and data-related services and staff.

"I cannot imagine a situation where the data could be handled in any manner that was part of the same systems that they use for marketing," said Becky Burr, chief privacy officer and deputy general counsel of data firm Neustar. Ms. Burr stressed that Neustar had not been approached about any potential NSA data project.

The telecoms who've already provided data about who's calling whom might also be in the running for a would-be NSA data storage gig, though some observers suggest such a setup would pose a conflict of interest. Certainly Verizon would not be too keen on AT&T holding its data for the NSA.

Other players
Large tech services firms like Oracle, Microsoft, HP and IBM might also be considered for the job. Or a defense-industry darling such as Lockheed-Martin might throw its hat in the ring, then hand parts of the contract work to a subcontractor.

"The IBMs and the Lockheeds, they'd bid on these things as the overall contractors," then subcontract components to other firms, said Ross Shanken, founder and CEO of lead targeting firm LeadID, who spent 13 years with telecom data provider Targus Info, which was acquired by Neustar in 2011.

President Obama pointed out the potential high costs of an outside data-management solution during his speech, noting, "any third party maintaining a single, consolidated data-base would be carrying out what is essentially a government function with more expense, more legal ambiguity and a doubtful impact on public confidence that their privacy is being protected."

Meanwhile, the government is reportedly constructing an NSA data storage center in Utah.

In addition to privacy concerns of everyday citizens, marketers could have something to worry about if a company storing their proprietary data -- think CRM or loyalty program information -- were ever awarded an NSA data-storage contract.

Companies holding CRM data for retailers and other marketer clients already have stringent processes for segregating data held for one client from other client data troves.

But "they should worry that at the very core level, data gets legs, and it's really easy for data to travel even when it's not supposed to travel," said Mr. Shanken.