NSA: If Your Data Is Encrypted, You Might Be Evil, So We'll Keep It Until We're Sure
from the say-what-now? dept
There’s been plenty of commentary concerning the latest NSA leak concerning its FISA court-approved “rules” for when it can keep data, and when it needs to delete it. As many of you pointed out in the comments to that piece — and many others are now exploring — the rules seem to clearly say that if your data is encrypted, the NSA can keep it. Specifically, the minimization procedures say that the NSA has to destroy the communication it receives once it’s determined as domestic unless they can demonstrate a few facts about it. As part of this, the rules note:
In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.
In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them. And, furthermore, as we noted earlier, the basic default is that if the NSA isn’t sure about anything, it can keep your data. And, if it discovers anything at all remotely potentially criminal about your data, it can keep it, even if it didn’t collect it for that purpose. As Kevin Bankston points out to Andy Greenberg in the link above:
The default is that your communications are unprotected.
That’s the exact opposite of how it’s supposed to be under the Constitution. The default is supposed to be that your communications are protected, and if the government wants to see it, it needs to go to court to get a specific warrant for that information.