> The parallel being, I don't see why the NSA would bother to build its own datacenters for storing data. Google's, Apple's, Microsoft's, whoever's datacenters, are the NSA's datacenters. They don't have to retain information themselves; they just have to send a FISA notice to these companies telling them to retain the information, indefinitely, until the NSA has need of it.
That's something I noted when this all blew up, was that simply keeping the NSA from getting the data was not good enough, as they could simply compel the phone company (or whoever) to hold onto it, and that we needed to be ready for something like this to be close to the "new normal".
However it could still be better to go this route, in that even though the NSA can get metadata on everyone that's 3 hops or thereabouts away from the phone company, that's still not a huge mass of data. And the phone company could notice if there was a large number of requests being made, do random audits to verify that NSA's Compliance office approved that given search, etc.
But then you would have to ensure those in the phone company with access to the logs for that program themselves have security clearances since they would in a very real sense be monitoring the progress of national security investigations (imagine if you had a sysadmin that was an AQ sympathizer noticing the NSA has penetrated a terror cell and he manages to tip off the cell in time).
That's something I noted when this all blew up, was that simply keeping the NSA from getting the data was not good enough, as they could simply compel the phone company (or whoever) to hold onto it, and that we needed to be ready for something like this to be close to the "new normal".
However it could still be better to go this route, in that even though the NSA can get metadata on everyone that's 3 hops or thereabouts away from the phone company, that's still not a huge mass of data. And the phone company could notice if there was a large number of requests being made, do random audits to verify that NSA's Compliance office approved that given search, etc.
But then you would have to ensure those in the phone company with access to the logs for that program themselves have security clearances since they would in a very real sense be monitoring the progress of national security investigations (imagine if you had a sysadmin that was an AQ sympathizer noticing the NSA has penetrated a terror cell and he manages to tip off the cell in time).