Perhaps the most controversial spying program revealed by former National Security Agency contractor Edward Snowden was the agency's hoarding of Americans' phone records.
Congress wants to change that program.
The House has passed legislation that would end the NSA's bulk collection of Americans' calling data and let phone companies hold the records instead.
As a Senate panel found last week, that proposal could run into trouble.
The reform passed by the House would require the NSA to have a judge's order before going to the phone companies for individual calling records. That's a big change from what the agency has been doing — collecting that data on its own and holding it for five years.
Sen. Dianne Feinstein, D-Calif., who chairs the Intelligence Committee, has been a staunch defender of the NSA's current program.
"I happen to believe it is lawful and that it has been effective," she said. "But I recognize that the situation is such that change is needed."
So late last week, Feinstein held a hearing to examine how the House bill would change the law. Seated at the witness table was NSA Deputy Director Richard Ledgett. Feinstein wanted to know if he thought existing law requiring phone companies to hold on to their billing records for a year and a half worked for the NSA.
"We believe that the 18-month retention period would be sufficient," Ledgett said. "If the companies were to change their practices, we'd advise the committee."
"So you're saying you're confident that the companies will retain the call records for 18 months?" Feinstein asked.
"We actually can't say that," Ledgett answered. "They'll retain the records for as long as their business requirements dictate they retain their records."
Sen. Angus King, I-Maine, pointed out that the bill does not require phone companies to retain their records for any set period of time. When Verizon Vice President Michael Woods took the witness chair, King asked about a minimum requirement for holding on to calling records.
"We would be very much opposed to it," Woods answered.
Woods told King that most people now have unlimited calling plans, so Verizon no longer has much need to hang on to its calling records — nor does it want to.
"Our general principal in these records is that we do not keep them for longer than the business purpose, because we have learned that the longer we keep records beyond what we need them, the greater the risks to the privacy of our customers," Woods said.
If the phone companies don't keep those records, there's no way for the NSA to know if they'll be there if needed, potentially crippling the agency's ability to track contacts. Even forcing the companies to hold the records is problematic, according to another witness, Harley Geiger of the Center for Democracy and Technology.
"A data-retention mandate would be an enormous burden, both in terms of technological infrastructure, particularly for small companies and startups, but it would also result in loss of user trust and potential problems with privacy and data breach," Geiger said. "We urge you not to go down the road of a data-retention mandate."