5 Years of Data Not Collected by NSA
Just days after General Keith Alexander successfully dodged questions about the NSA’s massive new data storage facility by disclaiming any responsibility for collecting US person data, the National Counterterrorism Center is preparing to extend how long they can retain US person data to 5 years.
The Justice Department is close to approving guidelines that would allow the intelligence community to lengthen the period of time it retains information about U.S. residents, even if they have no known connection to terrorism.
Senior U.S. officials familiar with the guidelines said the changes would allow the National Counterterrorism Center, the intelligence community’s clearinghouse for counterterrorism data, to keep such information for up to five years.
Currently, the center must promptly destroy any information about U.S. citizens or residents unless a connection to terrorism is evident.
I guess if you’ve got all that data storage space in UT, you’re going to need something to fill it with.
To justify this power grab, the WaPo’s sources point to two attacks that had nothing to do with the length of data retention: the Nidal Hasan attack, in which information on his conversations with Anwar al-Awlaki hadn’t been shared throughout the government, and Umar Farouk Abdulmutallab, in which his suspect status hadn’t been loaded into the no-fly list.
They don’t, however, point to a concrete example where 5 year old data of US persons might have helped solve an actual terror attack.
But thanks to this measure pushed through in almost complete secrecy, when they declare–say–your Church a terrorist organization in three year’s time, they’ll have records of your association with it in a database in UT.
Update: Here’s Charlie Savage on this. Here’s the new guidelines. And here’s the guidelines they replaced. I’ll come back to these later.
Can anyone really imagine given the state of the US government today, that their
hoarding hamstersemployees would willingly undertake to task themselves with going back into their databases to delete information that they don’t need?Nah! This is just a new set of rules to retroactively cover what they’ve already done.
Give it time and that 5 year rule will get extended to 10 years. And then 20 years. And then just as quietly as this, they’ll extend it to Forever!
@MadDog: All ready done, thank you. It’s just like the No Fly List once you’re on good luck on getting off.
@jo6pac: Yeah, kabuki fits about as well as anything.
Speaking of data storage by the US, I was perusing through NSA Director General Alexander’s written testimony (19 page PDF) about US Cyber Command before the House Armed Services committee, and came across this from page 6:
(My Bold)
What does this say about the alleged acts of Bradley Manning? If I were his defense attorney, I’d take note.
And btw, the 2008 breach of classified systems incident Alexander refers to was reported in this Los Angeles Times article.
@MadDog: And this from page 7:
Ya think? Does Stuxnet ring a bell?
@MadDog: Oh, I’ve reported on the 2008 breach a bunch of times. Because after that they swore there coudl be no more removable media. Until Lady Gaga hit.
@emptywheel: Yes, you’ve been one of the leaders with posts on that breach, but I just wanted to make sure that Alexander’s testimony didn’t leave anyone reading my quote in the dark.
Alexander didn’t provide a link in his testimony. Probably a case of innertoobz ignorance, so I thought I’d give him a wee bit of cyberhelp. *g*
OK, they can have the extension, but they have to throw away everything they’ve gathered so far.
@MadDog: And continuing to speak of data stuff, another participant in the House Armed Services committee session along with NSA Director General Alexander was Dr. James N. Miller, Principal Deputy Under Secretary Of Defense For Policy. From page 2 of his written testimony (12 page PDF):
Just so folks don’t miss it, Charlie Savage of the NYT has a piece up on the topic of EW’s post:
U.S. Relaxes Limits on Use of Data in Terror Analysis
As usual, Charlie goes the extra mile by providing online access to the new guidelines:
Via DocumentCloud, the guidelines are here.
Or to read the PDF direcly, the 32 page PDF is here.
@MadDog: Ahhhh…I missed that EW updated the post with Charlie’s stuff. When one refreshes, the downside is that the focal point returns to where on the webpage one is on. In my case, that’s at the very end of the webpage.
And let me translate what one of Charlie Savage’s sources said. From this:
To this:
(My Bold)
@MadDog: One of the key points that Charlie Savage raises (and I expect EW to have on her plate as well):
(My Bold)
Can one say data-mining? I thought you could!
Any indications that NCTC retention rules apply to agencies that share data?
Can anyone show NSA has ever intentionally dumped anything it has acquired?
@lefty665: In reading the new guidelines, it seems they are specific to the NCTC only. It would seem therefore that other agencies operate under other rules or no rules as may be the case.
I know we’re going to comment about this new set of NCTC guidelines in future EW posts, but this part jumped out at me because of the latest NSA data storage and analysis discussions here. From page 5 of the NCTC guidelines (32 page PDF):
(My Bold)
Would those be FISA Court-approved procedures like bulk 215 Orders for vacuuming up and drift netting through all domestic Internet communications for targeted triggers/keywords?
@MadDog:
So, bad as NCTC is, it may just be cover like the FBI? The real real time and predictive analysis of everything forever being the filling for Beef Hollow Rd. “guidelines do not apply”
@lefty665: As I’ll show, preexisting rules trump the 5 year rule.