The NSA Will Apparently Still Be Accessing The Old Phone Metadata It Said It Would No Longer Be Accessing

from the 'reform'-as-in-'maintain-status-quo' dept

The NSA's bulk phone metadata collection may no longer technically be a "collection" (the NSA now has to seek responsive metadata from telcos using targeted court orders), but that doesn't mean the agency isn't still seeking ways to keep the "dragnet" in "dragnet surveillance."

The NSA was only supposed to have access to previously collected bulk metadata for "analytic purposes." Apparently, "analyzing" the data also means searching the data, as was pointed out by FISA Court on Twitter (not affiliated at all with the actual FISA Court).

Fascinating: the Court will let NSA compare old bulk call data to new responses for a while.
The court finds that the USA Freedom Act did not expressly dictate limits on use of the metadata collected under Section 215 previous to the enactment of the surveillance reform bill. Because of this lack of statutory specificity, the court has agreed to grant NSA both access and extended retention of the data for two reasons.

The first is to verify the completeness of phone records obtained with targeted FISC orders.
[F]or a period ending on February 29, 2016, appropriately trained and authorized technical personnel will have access to the BR Metadata solely for the purpose of verifying the completeness and accuracy of call detail records produced under the targeted (i.e., non-bulk) production orders issued by the Court after November 28, 2015. According to the government, verification will involve a comparison of the two sets of records (i.e., the BR Metadata and call detail records received pursuant to subsequent, targeted orders). See Government Response at 9. NSA technical personnel will compare the number of call detail records produced for a specific selection term with the number of call detail records identified in response to a query of the BR Metadata using the same identifier. See id at 9-10. Such comparisons will help provide assurance that the new collection process is working as intended.
Extended retention of the bulk metadata will be permitted because the records themselves are still the subject of multiple lawsuits.

Analysis of the data will also double as a search of the data, mixing newly-obtained phone records with the old ones and muddying the line between what is explicitly permitted under USA Freedom and what isn't explicitly forbidden.

Once the NSA has obtained the responsive records, they will stay in the agency's hands for five years, presumably. At that point, they will become part of the larger collection -- some of which will never be destroyed.
Information obtained or derived from call detail records which has been previously disseminated in accordance with approved minimization procedures will not be recalled or destroyed.[2] Also, select query results generated by pre-November 29, 2015, queries of the bulk records that formed the basis of a dissemination in accordance with approved minimization procedures will not be destroyed.

[2] This practice does not differ from similar circumstances where, for example Court-authorized electronic surveillance and/or physical search authorities under Title I or III expire. While raw (unminimized) information is handled and destroyed in accordance with applicable minimization procedures, prior authorized disseminations and the material underpinning those disseminations are not recalled or otherwise destroyed.
It would appear that minimization, as far as the NSA is concerned, occurs at the point of handover from telcos. Records considered "minimized" by the FISA Court include those swept up by the agency's contact chaining, and these also will be compared to the "old" database for analytical purposes. As Marcy Wheeler explains, the dragnet isn't dead yet.
This means that everyone within two or three degrees of a target that the NSA has found interesting — potentially over the last decade — will remain available and subject to NSA’s analytical toys from here on out.
So, while some of the bulk metadata "ages off" at the five-year point, the NSA apparently considers "material" it has previously disseminated to other agencies or to its own analysts to be excluded from this time limit. How much data that involves is only known to the agency, which is being trusted to abide by the stipulations of the USA Freedom Act and destroy its Section 215 records once given the go-ahead from the FISA Court.

Filed Under: database, fisa court, metadata, nsa, phone records, section 215, surveillance

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 8 Dec 2015 @ 12:39pm

    Admittedly, i don't blame the NSA for not wanting to recall derivative datasets. It's a huge pain.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.