The Guardian today published a 9 page document from the NSA, signed by US Attorney General Eric Holder, outlining how the NSA treats communications data that is collected “inadvertently” from United States citizens.
If you were hoping that the government would, upon realizing that it had snagged communications data from domestics, delete the contents and walk away, prepare for disappointment. Here’s the first key passage of the document:
Read carefully, information collected can be maintained for five years, and this data is anything that was picked up due to a ‘limitation’ on the NSA’s ability to pare down what come in its door. This creates a perverse incentive for the NSA to collect as broadly as it can, as whatever it can’t filter up front may be more than useful later on; the technical limitations inherent to its systems them may be the precise tools it wants in place.
What are the circumstances under which the NSA might hold on to domestic communication information? Let’s find out:
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
The NSA can hold onto the private communications information that it hoovered by accident provided that it “reasonably believes” contains important information concerning foreign entities, or contains evidence of crime, past or future, or contains “technical data base information” concerning potential vulnerabilities, or could contain information about the destruction of life or property.
That is an incredibly broad set of circumstances; what counts as “foreign intelligence information,” for example, could be construed any number of ways. The cause of harm to property is also exceptionally vague; does it extend to digital property, or intellectual property?
The Guardian sums the above succinctly: the above rules “allow [the] NSA to use US data without a warrant.” Ding.
The issue here is that the NSA is widely believed to be tapping directly into the core fiber bundles of the Internet. And as such, is storing unfathomable amounts of data. Data that it could never filter to any granular level during collection. As such, anything and everything that a United States citizen does online could be collected, and held – under a vague hand-wave at one of the above categories – without the need for a warrant or any public notice.
That’s simply unacceptable.
Top Image Credit: Alberto P. Veiga
Get the TNW newsletter
Get the most important tech news in your inbox each week.