One official likened the NSA's collection authority to a van full of sealed boxes that are delivered to the agency. A court order, similar to the one revealed by the Guardian, permits the transfer of custody of the "boxes." But the NSA needs something else, a specific purpose or investigation, in order to open a particular box. The chairman of the Senate intelligence committee, Sen. Dianne Feinstein, said the standard was "a reasonable, articulatable" suspicion, but did not go into details.
Legally, the government can ask companies for some of these records under a provision of the PATRIOT Act called the "business records provision." Initially, it did so without court cognizance. Now, the FISC signs off on every request.
Armed with what amounts to a rubber stamp court order, however, the NSA can collect and store trillions of bytes of electromagnetic detritus shaken off by American citizens. In the government's eyes, the data is simply moving from one place to another. It does not become, in the government's eyes, relevant or protected in any way unless and until it is subject to analysis. Analysis requires that second order.
So, the govt and NSA distinguish between 'having the data' (receiving a van full of boxes, in the metaphor above) and 'subjecting the data to analysis' (opening a box, in the metaphor). They have a broad order for having the data, but need more specific sign-off to process or analyse the data.
This differentiation between 'having data' and 'analysing data' is not one we'd generally make in the IT world - because if they already have the boxes in their possession, how do we know they are getting the right permission before they open the boxes? How is any oversight possible in that situation?
> This differentiation between 'having data' and 'analysing data' is not one we'd generally make in the IT world - because if they already have the boxes in their possession, how do we know they are getting the right permission before they open the boxes? How is any oversight possible in that situation?
I don't think it is possible: that's precisely why it's not a distinction made in the IT world: we don't have the apparatus of courts and judges. In the IT world, the primary issue is about security. You have a walled garden and you don't want to let bad people in. Logistics is secondary. Whereas in the IC world, logistics appears to be the harder problem, and keeping the bad people out is already solved to their satisfaction. The challenge is to make sure everyone who needs the data has it.
I think it is reasonable to question the levels of sophistication of people on the FISC and officials who have approved the policies.
In the past for instance the ACLU has pointed out that about 2/3 of the US population lives within 100 miles of a land or coastal border, and that border security law can be construed so that all of these people are subject to searches in a way not prohibited by the fourth amendment protections.
More than I think those searches are an issue right now is the possibility that legislators could have not recognized how much of the county's population is within 100 miles of a land or coastal border.
The terminology has been pretty folksy, but it seems absurd to imagine that are very many people who don't have someone adjacent to them in their social graph who is adjacent to a node that has been suspected of being a terrorist.
If the description of how they use the data is correct, then it probably is truthful that counting the number of people whose data have been collected would index those people in such a way that their privacy would be further compromised. However, it seems plausible to guess that the scope of the call data could be estimated, and that most people's data has been collected if not analyzed, indexed and mapped.
However, is the existence of all that data an enormous liability for the future?
During the 1930s the brightest minds in the country were asking fundamental questions about the very nature of how we should organize our country, including crazy ideas involving fascism or communism which probably seemed to make more sense in the context of possible societal collaps. Later in the 50s, the brightest minds were no longer as likely to be working on public service (or on a war effort) yet a paranoia of dunces filled the government, and the country had to deal with their efforts to blacklist people and shape the country as they pleased.
What percentage of interesting people doing the best things in the world right now weren't even heard of twenty years ago or even ten? How many of them unseated someone else's vested interests and who would have preferred not to be surpassed?
Though bad things will be done by people in the future who we've never heard of before, unknown people will also be stomped on by those who are already successful, using whatever tools they can find.
The point isn't that people with wealth and power or people unheard of are more likely to do good or bad things, but that powerful tools in the wrong hands, and anything that encourages self-censoring and slows the flow of information limits possibilities and the talent pool.
It is difficult to understand how unquestioning some of the trust is when top executives really didn't seem to see how anti-competive practices like gentleman's agreement's agreements about poaching each others' employees was wrong, and Congress has such a difficult time putting anything in place to effectively limit their insider trading privileges. And finally for those who do implicitly trust officials right now, did they notice how close people they'd trust less often get to winning elections?
One official likened the NSA's collection authority to a van full of sealed boxes that are delivered to the agency. A court order, similar to the one revealed by the Guardian, permits the transfer of custody of the "boxes." But the NSA needs something else, a specific purpose or investigation, in order to open a particular box. The chairman of the Senate intelligence committee, Sen. Dianne Feinstein, said the standard was "a reasonable, articulatable" suspicion, but did not go into details.
Legally, the government can ask companies for some of these records under a provision of the PATRIOT Act called the "business records provision." Initially, it did so without court cognizance. Now, the FISC signs off on every request.
Armed with what amounts to a rubber stamp court order, however, the NSA can collect and store trillions of bytes of electromagnetic detritus shaken off by American citizens. In the government's eyes, the data is simply moving from one place to another. It does not become, in the government's eyes, relevant or protected in any way unless and until it is subject to analysis. Analysis requires that second order.
So, the govt and NSA distinguish between 'having the data' (receiving a van full of boxes, in the metaphor above) and 'subjecting the data to analysis' (opening a box, in the metaphor). They have a broad order for having the data, but need more specific sign-off to process or analyse the data.
This differentiation between 'having data' and 'analysing data' is not one we'd generally make in the IT world - because if they already have the boxes in their possession, how do we know they are getting the right permission before they open the boxes? How is any oversight possible in that situation?