The Guardian today published a 9 page document from the NSA, signed by US Attorney General Eric Holder, outlining how the NSA treats communications data that is collected “inadvertently” from United States citizens.
If you were hoping that the government would, upon realizing that it had snagged communications data from domestics, delete the contents and walk away, prepare for disappointment. Here’s the first key passage of the document:
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
Read carefully, information collected can be maintained for five years, and this data is anything that was picked up due to a ‘limitation’ on the NSA’s ability to pare down what come in its door. This creates a perverse incentive for the NSA to collect as broadly as it can, as whatever it can’t filter up front may be more than useful later on; the technical limitations inherent to its systems them may be the precise tools it wants in place.
What are the circumstances under which the NSA might hold on to domestic communication information? Let’s find out:
The NSA can hold onto the private communications information that it hoovered by accident provided that it “reasonably believes” contains important information concerning foreign entities, or contains evidence of crime, past or future, or contains “technical data base information” concerning potential vulnerabilities, or could contain information about the destruction of life or property.
That is an incredibly broad set of circumstances; what counts as “foreign intelligence information,” for example, could be construed any number of ways. The cause of harm to property is also exceptionally vague; does it extend to digital property, or intellectual property?
The Guardian sums the above succinctly: the above rules “allow [the] NSA to use US data without a warrant.” Ding.
The issue here is that the NSA is widely believed to be tapping directly into the core fiber bundles of the Internet. And as such, is storing unfathomable amounts of data. Data that it could never filter to any granular level during collection. As such, anything and everything that a United States citizen does online could be collected, and held – under a vague hand-wave at one of the above categories – without the need for a warrant or any public notice.
That’s simply unacceptable.
Top Image Credit: Alberto P. Veiga