Judge Says NSA Can Continue To Destroy Evidence
from the bad-ruling dept
Well, this is unfortunate. After yesterday's back and forth between the DOJ and the EFF over the ongoing destruction of key evidence in the Jewel v. NSA case, the court ordered an emergency hearing for this afternoon. About an hour before the hearing, the DOJ presented its opposition to the temporary restraining order, arguing, basically, that it would be too damn complicated to stop destroying evidence in the case. Part of this is because the data collected under the Section 702 program apparently isn't just one big database, but is quickly fed into all sorts of other systems.. Unlike the Section 215 telephony metadata program, which resides on a discrete computer systems architecture, communications acquired pursuant to Section 702 reside within multiple databases contained on multiple systems. Those databases and systems are designed to effectuate FISC-approved minimization procedures that require (with certain limitations) the destruction (purge) upon recognition of certain communications and the age-off of certain raw data within either two years or five years from the expiration of the certification authorizing its acquisition. Halting these purges and age-offs to preserve all Section 702 material, as we understand the Court to have ordered, would require significant technical changes to these databases and systems and would have the effect of forcing NSA into non-compliance with FISC-approved minimization procedures, thus placing the entire program in legal jeopardyIn short: because we're ordered to delete some data by the law to avoid spying on Americans, to now ask us not to delete any data would violate the law that says we have to delete some data. And, to figure out how to do this would be crazy confusing, because the NSA is a giant bureaucratic machine of spying, and you can't just throw a rock into it like that. Or something:
Changes of this magnitude to database and systems architecture normally take months to engineer and test; to comply immediately with the Court’s order, the NSA may have to shut down all the databases and systems that contain Section 702 information. Such a shutdown would suspend acquisition of communications pursuant to Section 702 and analyst access to communications acquired under Section 702. NSA would lose access to what would be otherwise lawfully collected signals intelligence information on foreign intelligence targets that are vital to the performance of NSA’s foreign intelligence mission. Section 702 is the most significant tool in NSA’s arsenal for detecting, identifying, and disrupting terrorist threats to the United States and around the world. The impact of a shutdown of the databases and systems that contain Section 702 information cannot be overstated.After the hearing, the judge sided with the NSA/DOJ, basically saying that the original temporary restraining order blocking the destruction of evidence (from back in March) still stands, but that the issue of whether or not it actually also covers data collected under Section 702 will be briefed at a later date, and until that time the DOJ/NSA are free to continue destroying evidence.
If there's some sort of silver lining to all of this, it's at least the acknowledgement that the NSA really does have a minimization process to not hang onto information it's not supposed to have, and that it's not immediately easy to turn off the process of getting rid of that data. But, still, that's a small consolation, given the seriousness of the issues in the case, and the fact that the destroyed evidence may highlight more serious abuses by the NSA in conducting surveillance on Americans.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: destruction of evidence, doj, jewel v. nsa, minimization, nsa, section 702, surveillance
Companies: eff
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
It can't seriously be that hard to not destroy the evidence.
[ link to this | view in thread ]
Backups and Spiders
Secondly, they could just borrow a spider from any search engine, along with a script to copy off any relevant data. If they don't know how, any search engine company could certainly tell them, but this is so easy to do for themselves that it is also unbelievable.
[ link to this | view in thread ]
So, how do they keep the data they do need for fighting terrorism?
They can go right ahead and effectuate themselves.
[ link to this | view in thread ]
Re: So, how do they keep the data they do need for fighting terrorism?
[ link to this | view in thread ]
And the NSA/DOJ and what they claim became credible when exactly?
They claim that they can't stop the data from being deleted, but given who is making the claim, and how insanely convenient it is for all that evidence to just go up in smoke, I'd say the odds of it really being impossible to back-up relevant files(like you can do with any computer), rather than just 'personally inconvenient' is likely zero to nil.
[ link to this | view in thread ]
This statement sure sound weaselly, and I'd wager they are distorting the order (again) to circumvent its intent; they can understand the Court to have ordered whatever fits their desired interpretation. It should be trivially easy and within the law to produce copies of information to serve as evidence in a federal court case, and if it isn't, how can such a system comply with existing laws for records retention; further, how can we possibly retain our right to redress the grievance? It places an onerous and insurmountable burden on the plaintiff if the defendant can simply avoid producing evidence, and it seems they've jury-rigged their database(s) to do just that.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Once there's a backup of 'Jewel' that exists outside the databases, it no longer matters if information inside the databases 'rolls off' after 2-5 years.
Ahhahahah! The NSA can engineer and construct multi-trillion dollar databases, but they have no idea how to copy information off those databases.
Give me a break! It's laughable. In other words, the DOJ just confused the judge with a while bunch of technical mumbo-jumbo, and the judge turned around and said ok I believe you, because your the DOJ, pure as snow.
Ahhhahahahah, what a mockery.
[ link to this | view in thread ]
Re:
Oh it gets worse. Assuming they're for once telling the truth(unlikely, but for the sake of argument) consider how it can take sometimes years to go through the process of case-appeal-case-appeal, and with a system like that in place it would be trivially easy for them to simply delay any case until all the relevant data/evidence is destroyed.
The idea that they set up the system like that to 'protect the peoples' rights'? Yeah, no chance in hell.
[ link to this | view in thread ]
[ link to this | view in thread ]
- waive the 'no standing' defense in return
- reverse the burden of evidence. The DOJ can still decide if that is a price worth paying, of if they can find a way to preserve the evidence after all
- run any search the EFF may want to run, and preserve any data that may result
- turn over to the court very detailed metadata of the data destroyed (quantity, origin, data stored, reason stored, legal basis for storing, ...)
- order storage of representative samples, i.e., keep x% data selected in a statistically meaningful way
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
How do we know?
[ link to this | view in thread ]
Re: How do we know?
Grr! I am very careful regarding there, they're & their. How'd I screw it up?
[ link to this | view in thread ]
The silver lining isn't that deep.
If there's some sort of silver lining to all of this, it's at least the acknowledgement that the NSA is willing to tell a court that it really does have a minimization process to not hang onto information it's not supposed to have, and that it's not immediately easy to turn off the process of getting rid of that data.
The NSA's track record, and that of its "overseers", suggests that there might be a gap between what it says is true and what is actually true. Just a small gap. Like a teeny-tiny one. Maybe 300 million "targets", give or take. Little gap, I swear.
[ link to this | view in thread ]
You swallowed the cool-aid
Uh, according the constitution the NSA is not supposed to record communications without a warrant. They are, however, recording what they can get from all internet traffic.
They are clearly already operating in breach of the law. That's not their current problem. Their problem may be just fabrication, but it also may be that they don't have the capacity to retain all of their wiretappings because they are, illegally, tapping everything they can.
The NSA most certainly does not have minimization processes to not hang onto information it's not supposed to have: if they are not supposed to have it, it means they are not supposed to collect it in the first place.
What the NSA will have are minimization processes to not hang onto information it cannot afford to hang onto for technical reasons. For even the best indexable storage devices in the world, the Internet is a bit large.
When we are talking about non-indexable devices, things become easier. The NSA could most certainly prepare a streamout of data to tapes. But it's not likely the EFF or whoever could make a lot of use of several containers full of magnetic tape.
Not everyone has the processing power of the NSA...
[ link to this | view in thread ]
Re:
There is no need for the NSA to feed local police departments information since they have all the same equipment and cool hacker-turned-legit sometimes-asian goth chicks.
I mean just watch NCIS Miami or Bones, you don't see the NSA swooping in and solving crimes do you?
[ link to this | view in thread ]
Re: The silver lining isn't that deep.
[ link to this | view in thread ]
Re: Re: How do we know?
[ link to this | view in thread ]
They are lying through their teeth
If that does not preserve their records on them, they are not doing their job anyway.
[ link to this | view in thread ]
Re: Re:
We have the FBI for local stuff the police are ill equipped to handle. & shows that demonstrate this (Criminal Minds, & Numb3rs, when it was on).
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Response to: Anonymous Coward on Jun 6th, 2014 @ 6:41pm
Not that I trust the NSA, I don't.
[ link to this | view in thread ]
That was slick!
Unless, of course, the NSA, well, you know, simply lied once again in order to prevent the legal system from interfering with their activities and in doing so, learning that their activities, were, well, you know, illegal and such... I mean, it would not exactly be the first time they lied about such things.
I must admit though, to turn the FISC orders around and use them as a defense, is bordering on genius and, well, to be honest, I really didn't think they had that sort of intelligence in their ranks.
Live and learn eh.
[ link to this | view in thread ]
Re: Response to: Anonymous Coward on Jun 6th, 2014 @ 6:41pm
How do they pull out data that they want to use for special projects, if they do not have a method of isolation and extraction already in place? Obviously if they need to preserve soon to be eradicated data in order to use it in an investigation, they have the means to prevent it from being erased and to pull it from whatever computer network archives it is stored in, easily and quickly. That would be an absolute necessity in the designing of such a system.
I'm beginning to think that the NSA cannot actually speak without shit falling out of its mouth. Its like they've been lying so long they no longer know how to do anything else.
[ link to this | view in thread ]
Surprising Solidarity
Nice to see that nobody here was fooled by the "too complicated" BS excuse the NSA gave the courts.
Sad to see that the courts are still willing to let the NSA get away with everything, as long as they have at least a reasonably acceptable lie handy.
Or maybe I'm giving the courts too much credit in thinking they are smart enough to see through the obvious BS excuse, and just want to please the administration... perhaps they actually believed the NSA. That would be even sadder.
[ link to this | view in thread ]
Re: That was slick!
Does that mean that operating according to the Fourth Amendment (namely based on warrants for specific information) is not even feasible with their setup?
"I am sorry, Dave, but I am afraid I can't do that."?
So they have set up a big machinery that will not facilitate specific searches or court orders.
What does it require to change the operating parameters? A SWAT team?
Eisenhower sent the army to desegregate the Southern schools. But you can hardly send the army to change the operating parameters of the NSA since the NSA is the army.
How does oversight work when the technicians trump the courts, because "reasons"?
"If we didn't get to contemn the courts, we'd have to work harder to acquire blackmail material. We've already stopped zero terrorist plots, and being accountable would let that number drop significantly."
[ link to this | view in thread ]
Re: Surprising Solidarity
It may also be possible that some courts are operating under their normal rules, but the NSA isn't, then use 'National Security' as a standard of obfuscation.
[ link to this | view in thread ]
[ link to this | view in thread ]
Depends on their system design
The front end data collection process for each source is likely to be putting that raw data into a large circular buffer, such that incoming data overwrites the oldest data stored — the length of the buffer and the average data rate thus control how long you end up keeping that raw data. While the raw data is still in that buffer it can be queried and extracted, but to stop destroying old data you would have to stop collecting any new data that is going to overwrite it.
Now each data source that they're monitoring is going to have its own buffer like this which is probably placed very close to the point where the data is collected, and the system will be designed to do the querying and extraction locally as well. This means that the bandwidth between that buffer and the NSAs external storage (such as that big data center in Utah) can be much smaller than the incoming raw data rate, so they just can't copy all of the buffered data to offline storage; there's just too much data in the buffers for that.
This could also explain why they claim that they're not "collecting" data on everyone; until they actually enter a query that will select a particular data item and send it back to their data center, all those circular buffers are just holding the past history temporarily and aren't doing anything with it. If they wait too long it will get overwritten, thus fulfilling their limited time legal requirements.
[ link to this | view in thread ]
That's the purported reason they're destroying this evidence. It may not be the real one.
[ link to this | view in thread ]
Re: Depends on their system design
'We can't stop old data from being destroyed/overwritten' is very different than 'We can't create copies of data we currently have', even if they seem to be trying to say that the first automatically means the second is true, and if it is, then the system is a huge mess, and all but useless given the entire justification for scooping up all the data is supposed to be to 'help them connect the dots', a rather difficult task when the 'dots' can be removed completely outside your control.
[ link to this | view in thread ]
Haven't they had months to do this? Or are they just going to hide behind their contradictory interpretations as an excuse for not starting to implement this months ago
[ link to this | view in thread ]
Re: Backups and Spiders
However, the minimization rules I have seen in the publicly available documents require that information about U. S. persons be purged immediately when recognized as such. Changing existing procedures for that would, indeed, force that agency into noncompliance with its own internal controls, FISC orders, and the law under which the program is authorized, as the brief argues, in part.
Stipulating that the statement is true that the Section 702 collections that are the primary or exclusive target of the brief comprise multiple interrelated databases, and admitting the possibility that NSA has decent software development practices, several months may not be unreasonable for implementing the implied changes.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: The silver lining isn't that deep.
You might wish to argue that they did not follow them, but there seems to be no evidence for such a claim other than a few NSA employees who were punished or dismissed for personal use of some of the data.
[ link to this | view in thread ]
Re: Depends on their system design
All things considered, it might not be completely unreasonable to argue that this does not constitute "spying" or even "collection" to the extent this is done by machine, for example based on comparison of source/destination IP address with known network structure. It would also, of course, be reasonable to argue that any agency that has a sniffer on the internet trunks needs very careful supervision, and that certainly would include the NSA, GCHQ, CSEC, ASD, and GCSB, as well as all employees of the companies who maintain the communication facilities.
[ link to this | view in thread ]
Once they're gone....
[ link to this | view in thread ]
Re: Once they're gone....
[ link to this | view in thread ]
The NSA and DOJ are so full of shit.
[ link to this | view in thread ]
Surprised? I'm not.
That's called a conflict of interest and our government is long past the days where it would go out of its way to avoid taking advantage of such things.
I'd of been shocked if the ruling had gone the other way.
[ link to this | view in thread ]
Re: How do we know?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: You swallowed the cool-aid
Different rules apply to different kinds of communication. Telephone content is legally different from telephone company business records (the "metadata"), for example. The issue in this article appears to be mostly or entirely Section 702 collections, which are foreign targeted and for which warrants may not be required under the existing minimization rules for handling incidental capture of domestic data and data pertaining to U. S. citizens abroad.
"They are clearly already operating in breach of the law."
Actually, they are not. That is precisely the controversy in front of the court.
The poster plainly is unfamiliar with the history of the FISA and its various reauthorizations and amendments, or with the general contents of Executive Order 12333. As I noted earlier, it is possible that the laws and order are being violated, but no real evidence of that seems to be available.
[ link to this | view in thread ]
Re: Re: How do we know?
On the other hand, it is probable, and in agreement with the published NSA slides, that a large part of the data that is acquired, for some meaning of "acquired", is discarded almost immediately, for example:
a. because both source and destination IP addresses are in the U. S.;
b. because it clearly is noise (e. g., cat videos not to or from a targeted area);
c. because it is a search for, or search result from, a query of no intelligence interest (e. g., my search for information about domestic dishwashers).
Such information normally would not be placed in a database, and the claim in the governments brief that significant changes could be required to retain it is reasonably plausible, although possibly somewhat overstated.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Some things to keep in mind about the NSA is that its programs were
- designed based on laws passed by the US Congress and signed by the contemporary President - several Congresses and Presidents.
- developed by civilian and military government employees and US citizen contractors who, apart from being in the most intelligent tenth or so of the population, are mostly not distinguishable from the population as a whole, in particular in their concern for civil rights;
- supervised by NSA management; the NSA legal office, the Inspector Generals of the NSA and DoD; the Attorney General; and a court composed of federal judges appointed by the President with the advice and consent of the Senate and designated for the Foreign Intelligence Surveillance Court by the Chief Justice of the Supreme Court (also appointed by the President with the advice and consent of the Senate).
- reported upon regularly to the Intelligence Committees of the Senate and the House of Representatives.
One may take this either as evidence that the entire government is, or is becoming, a tyranny or as evidence that controls are in place that might or might not be considered adequate.
Contrary to often expressed opinion, it is not "obvious" that any of the reported activities violate either the Fourth Amendment or the law. Fourth Amendment law is both voluminous and complex, and skilled attorneys disagree about how to apply it in particular cases. That is what the case in hand is about.
Demonizing the NSA or others in the Executive branch, or judges who may be hearing cases that involve them, is not useful. It also goes against the basic agreement that underlies all representative democratic regimes: that we accept the output of the legislative and legal processes (including the laws against corruption in office) even when we disagree with them.
It is certain that the technical facilities available to the NSA and other intelligence agencies (and a large number of private sector organizations and individuals) have the potential for serious abuse. Depending on point of view there is little evidence for that at present, or none. It is certain as well that it is necessary to keep these intelligence programs and activities under close watch; review their operation often to identify actual, potential, or perceived misuse; and review their internal and external controls to identify potential areas for abuse (or where they might be limiting the legitimate use of a program).
[ link to this | view in thread ]
Re: Re: Re: How do we know?
This would not be cause to discard the data. The NSA is no doubt aware of the fact that IP addresses aren't anything like a reliable indicator of where the packets actually originate or end up. It is trivial to make communications appear to originate and end in the US when in fact neither end is in the US.
"because it clearly is noise"
How could they determine this? Those cat videos may contain steganographic communications.
"because it is a search for, or search result from, a query of no intelligence interest (e. g., my search for information about domestic dishwashers)."
This has the same problem as the noise issue. Communications could easily be encoded in search parameters. When you click on a link in nearly all search engine results, the search parameters used to find that link are included in the referral URL. This could be leveraged to encode communications through the use of code words.
These are all issues that I'm certain the NSA (et al) are well aware of, and is probably a big part of why they have a stated goal of capturing and keeping all communications by everybody.
[ link to this | view in thread ]
b. Again, unless other selectors apply, capturing the average YouTube stream probably is low priority.
c. The objection seems to presume that commercial search engines and web sites have a rather larger degree of corruption than seems likely.
A back of the envelope calculation suggests that NSA's Utah data center has enough floor space to accommodate storage for a couple of weeks of aggregate internet protocol data. They are pruning the data early and often. They may have a goal of scanning everything, but claims about plans to retain all of it do not compute, especially on an assumption that the intelligence agencies might be interested in something beyond IP traffic, like voice.
[ link to this | view in thread ]
Re:
It isn’t paranoia when there’s valid reason for suspicion and distrust. There is a legitimacy problem in that our government’s actions don’t conform to the law or that they are rewriting them and throwing up roadblocks to our challenges.
Some things to keep in mind about the NSA is that its programs were
• designed based on laws that were passed by a Congress that admits it was intentionally kept in the dark about various aspects of these programs
• enabled by secrecy that undermines our right to representation
• developed and run by people who may have no more (or possibly less) intelligence than is average and who are equally as capable as others of ethics violations
• supervised by a management that has intentionally obfuscated facts, lied under oath, and has been found to overstep their authority even by the FISA court
It is obvious that any government program that denies rights and liberties, such as the right to be free from unwarranted searches, is tyrannical; any such law passed, without first amending the Constitution, lacks legitimacy.
Demonizing the NSA and the Executive is incredibly useful and has actually already started to produce at least token change from companies like Google and Microsoft. The fact is that we are increasingly losing our liberty and representation, since we can’t be represented in proceedings where we lack informed consent. When the founding fathers felt they lacked representation, they roused a rabble, and, if you don’t want to continue to see rights erosions, that is the kind of statesmanship we need now; the NSA must undergo a major correction, and the only way that will happen is with vocal disagreement with their policies and with any entity—government or corporation—that is enabling or siding with them.
It is certain that the NSA has already abused its powers; e.g. loveint, and will continue to do so unless they are sufficiently challenged. We are supposed to have the Constitutional right to mount such legal challenge to redress grievances, so why do they keep stymieing those efforts? It’s almost certainly because we won’t like what we find.
[ link to this | view in thread ]
LOVINT is a particularly inappropriate example of NSA institutional misbehavior. The violators were identified based on NSA's internal controls and procedures or confessed when it appeared likely they would be caught, the cases were handled according to applicable military or civil service procedures and mostly resulted in loss of job, and they were reported to the FISC as required. There are better examples in the incorrect capture of domestic traffic due to incorrect filter implementation and capture of domestic telephone traffic due to incorrect entry of an area code. Like LOVINT violations, neither of these indicates systematic abuse, and both were reported to the FISC as required. All three, however, indicate that internal design and operational controls warrant attention.
The Constitutional right to mount a legal challenge to the predecessor of the Patriot Act Section 215 metadata program appears to be the substance of Jewel v. NSA, which is yet to be decided. The government's brief is part of the process, as is the plaintiff's brief seeking the temporary restraining order from which the government seeks relief.
[ link to this | view in thread ]
Replicated Personal Data??? No thank you
[ link to this | view in thread ]
Re: tddial Jun 8th, 2014 @ 9:01pm
The text and the authority it purportedly grants are valid only to the extent that they are consistent with the Constitution. The government has repeatedly shown contempt for the Constitution and sought to misread the law at every opportunity.
The government is welcome to argue it should be permitted to destroy evidence, but as other posters have pointed out, the system described by the DOJ is either not an accurate representation of how NSA actually operates or it is broken by design. I see no way to reconcile the ideas that:
1) NSA can collect this data, but only retain it for a specified period of time.
2) Retaining it for longer than that time would be unconstitutional even when the sole purpose of such extended retention is to determine whether its existence demonstrates a violation of law and the subject of the retained information has not only consented to such limited purpose preservation, but specifically requested the court to order such preservation.
3) NSA lacks the technical means to retain this data without halting the entire operation.
4) NSA destruction of evidence must occur under circumstances such that there is no possibility for a court-appointed neutral party to review any of the evidence prior to its destruction, nor any possibility for a court-appointed neutral party to retain custody of any portion of the evidence.
5) DOJ lawyers lack the awareness to recognize what is ordered until they have exhausted every vaguely plausible misunderstanding of the order.
[ link to this | view in thread ]
Re:
The NSA was ordered to preserve evidence of Fourth Amendment violations of some Americans private communications and they destroyed it. The DOJ says if they had preserved the evidence, they would have had to shut down and seize their own servers for retaining data on Americans in violation of the law.
So what the DOJ must be saying is that if they order you to preserve evidence for trial, you must destroy it in order to avoid being shut down. Once you have destroyed the evidence, you are free to continue operations uninterrupted. Right?
[ link to this | view in thread ]
Confused:
1. Evidence of a process running and the details of that process and logs of that process should be sufficient evidence as to wrong doing -- if 702 / 792 are referenced.
2. Controls within the process and system definition developed to execute the process should also be sufficient evidence -- taking into account rules built into the development.
3. Why do we want a copy of the communications the database is 'logging' as a means of evidence? Isnt the platforms existance, performance, process, and controls enough to secure a breach of moral, ethical, and possibly constinutional rights?
I do not understand why we feel a copy of the detailed communications being logged is necessary. I do believe copying or halting the destruction of the communications being logged would be a huge security risk -- further endangering citizens.
Would someone please educate me on what is required -- from an evidenciary perspective -- to prove a breach or constitutional rights?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Backups and Spiders
Unless I'm reading this whole thing wrong, data on US citizens is erased from the archives (that apparently has no backups) as soon as it becomes known to be data on US citizens.
That would mean that any information that NSA has on any US citizen, would already be gone, erased as soon as it was identified as such and re-designated as erasable, so the automated purge could take place.
This process would HAVE TO BE a manual operation as somebody would have to 1. become aware that certain data was about a US citizen and then 2. alter the designation of that particular set of documents from collectible to erasable, before 3. any automated process could act upon and erase that data.
If the data "is still being erased" after the courts have said to stop erasing the pertinent data, then somebody is still re-designating collectible data as erasable so that the system can act upon it, if the whole process is real.
The NSA is saying that this particular set of documents was not recognised as pertaining to a US citizen until after the court demanded they preserve the data, otherwise, it would already have been purged, according to the laws they now claim to be concerned about breaking, if they do not purge the now-known-to-be-about-US-Citizen data.
Nope. The NSA is doing the only thing they do better than spying on the world. They're lying to the world.
Again.
No surprises there.
Reality.
===========
They knew the data was about a US citizen. They keep lots of data on lots of US citizens. The whole story about the system they use being single minded and clunky is a sham.
Its state of the art equipment paid for by the US taxpayers.
The data is kept on a system that is basically a huge interactive database, designed specifically to allow the easy isolation and extraction of data, as well as the easy re-designation of all data for easy erasure - with multiple backups.
They extracted a copy of the data from the system and used it as evidence against a US citizen. Since nobody re-designated the data as erasable, it remains on the system and in the backups.
The courts figured out the NSA was using the data illegally and lying about it and demanded they preserve the same data for the courts to examine.
The NSA immediately started purging the damning data so that the courts could not discover the proof that the NSA had indeed known from the start that the data was about a US citizen, and in so doing realize that maintaining databases on millions of US citizens was indeed policy.
The courts said stop erasing data.
The NSA kept on erasing the damning evidence of their crimes and to gain needed time, they have used the very laws that demanded they originally erase such data, as an excuse to keep on erasing the evidence of their wrong doing.
They have to keep erasing the data over such a long period of time because it is held in multiple backups and has had multiple copies made for their own internal use and these copies and backups are now a tad difficult to track down and they have to get every copy before any court investigation allows a search of their database.
Just a bunch of crooks covering their tracks - as usual.
Case closed.
[ link to this | view in thread ]
Re: Depends on their system design
The NSA is collecting ALL the data and then, according to their own description, deleting any that is found to be pertaining to US citizens. That means that ALL the data has to be examined by a human, and if determined to be about a US citizen, by a human, have its designation changed from "keep" to "purge", by a human.
To be a fully automated system, the computer could only make such decisions by reading the data's origin, if it has such - as is the case with emails and phone calls - and erase any that carry an American origin.
But, if this were the case, it would mean that all such data pertaining to US citizens would have already been erased, utterly eliminating the need for the NSA to keep on manually erasing the data day after day as they claim to the courts they must now do in this case.
The rest of the data is kept for how ever many years the current laws allow and then and only then is it (apparently) purged from the database.
This part of the process could indeed be automated by date easily, but again, if any such data might allow them to prosecute an enemy later when more associated data turned up, it would need to be preserved via some mechanism, just in case.
What you are describing, is a system where ALL collected data is homogenous and can be purged because the incoming data is only momentarily important, and needs to be erased to make room for new incoming data on a limited size buffer. If a glut of new data is incoming, then held data will be purged quicker than normal, and the reverse is also true. A buffer limited system would only be used for data whose pertinence lasted a very short time, like weather reports, or airline flight data and then became useless, or redundant.
The NSA supposedly holds data as long as the law allows and needs to make determinations of content and pertinence before erasure of any part of the collection is considered, which utterly eliminates the possibility that they would use the type of system you describe.
[ link to this | view in thread ]
Privilege
[ link to this | view in thread ]
Re: Re: Depends on their system design
The NSA apparently has access to a quantity of data, both IP and telephone, that exceeds by orders of magnitude what could be examined by intelligence agencies that collectively employ in the neighborhood of 100,000 people, quite a few of them managers and support staff. The data quantity also exceeds by orders of magnitude what it would be possible to store for any reasonable period, although techniques like deduplication could be used for mitigation. But beyond any doubt they use programmed filters to ignore or discard a great deal of the data to which the have access.
In the case of internet protocol traffic, such programmed filters might reject based on IP addresses, protocol, content type, email address, email body content, or possibly other characteristics. With appropriate equipment, something similar to Wireshark would be useful and automatic. Such devices would be imperfect and can be expected to be configured to err in the direction of overcollection subject to downstream capacity constraints. Manual review might begin at that point or be preceded by more complex automated filters, but eventually data would be available to intelligence analysts, who are required to eliminate "US Person" data that is not subject to legal collection. "US Persons" includes both foreign nationals legally in the US as and US citizens in other countries. Sorting these cases probably has a large manual component and deletions are legally required to be done immediately on recognition. Remaining data may be retained for varying periods specified in law, but remains subject to a legal and FISC-ordered requirement for immediate removal should it later be found to refer to US persons and its retention not authorized as part of an investigation. The same legal and court orders require it to be purged at the end of its lawful retention period.
As many have stated, it probably would be relatively straightforward to suspend the time based purging, but changes to upstream automated and manual minimization procedures might well be both complicated and time consuming to make.
[ link to this | view in thread ]
Some things to keep in mind about the NSA is that its programs were
- designed based on laws passed by the US Congress and signed by the contemporary President - several Congresses and Presidents.
- developed by civilian and military government employees and US citizen contractors who, apart from being in the most intelligent tenth or so of the population, are mostly not distinguishable from the population as a whole, in particular in their concern for civil rights;
- supervised by NSA management; the NSA legal office, the Inspector Generals of the NSA and DoD; the Attorney General; and a court composed of federal judges appointed by the President with the advice and consent of the Senate and designated for the Foreign Intelligence Surveillance Court by the Chief Justice of the Supreme Court (also appointed by the President with the advice and consent of the Senate).
- reported upon regularly to the Intelligence Committees of the Senate and the House of Representatives.
One may take this either as evidence that the entire government is, or is becoming, a tyranny or as evidence that controls are in place that might or might not be considered adequate.
Contrary to often expressed opinion, it is not "obvious" that any of the reported activities violate either the Fourth Amendment or the law. Fourth Amendment law is both voluminous and complex, and skilled attorneys disagree about how to apply it in particular cases. That is what the case in hand is about.
Demonizing the NSA or others in the Executive branch, or judges who may be hearing cases that involve them, is not useful. It also goes against the basic agreement that underlies all representative democratic regimes: that we accept the output of the legislative and legal processes (including the laws against corruption in office) even when we disagree with them.
It is certain that the technical facilities available to the NSA and other intelligence agencies (and a large number of private sector organizations and individuals) have the potential for serious abuse. Depending on point of view there is little evidence for that at present, or none. It is certain as well that it is necessary to keep these intelligence programs and activities under close watch; review their operation often to identify actual, potential, or perceived misuse; and review their internal and external controls to identify potential areas for abuse (or where they might be limiting the legitimate use of a program).
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Depends on their system design
The NSA apparently has access to a quantity of data, both IP and telephone, that exceeds by orders of magnitude what could be examined by intelligence agencies that collectively employ in the neighborhood of 100,000 people, quite a few of them managers and support staff. The data quantity also exceeds by orders of magnitude what it would be possible to store for any reasonable period, although techniques like deduplication could be used for mitigation. But beyond any doubt they use programmed filters to ignore or discard a great deal of the data to which the have access.
In the case of internet protocol traffic, such programmed filters might reject based on IP addresses, protocol, content type, email address, email body content, or possibly other characteristics. With appropriate equipment, something similar to Wireshark would be useful and automatic. Such devices would be imperfect and can be expected to be configured to err in the direction of overcollection subject to downstream capacity constraints. Manual review might begin at that point or be preceded by more complex automated filters, but eventually data would be available to intelligence analysts, who are required to eliminate "US Person" data that is not subject to legal collection. "US Persons" includes both foreign nationals legally in the US as and US citizens in other countries. Sorting these cases probably has a large manual component and deletions are legally required to be done immediately on recognition. Remaining data may be retained for varying periods specified in law, but remains subject to a legal and FISC-ordered requirement for immediate removal should it later be found to refer to US persons and its retention not authorized as part of an investigation. The same legal and court orders require it to be purged at the end of its lawful retention period.
As many have stated, it probably would be relatively straightforward to suspend the time based purging, but changes to upstream automated and manual minimization procedures might well be both complicated and time consuming to make.
[ link to this | view in thread ]