5 Years of Data Not Collected by NSA

Just days after General Keith Alexander successfully dodged questions about the NSA’s massive new data storage facility by disclaiming any responsibility for collecting US person data, the National Counterterrorism Center is preparing to extend how long they can retain US person data to 5 years.

The Justice Department is close to approving guidelines that would allow the intelligence community to lengthen the period of time it retains information about U.S. residents, even if they have no known connection to terrorism.

Senior U.S. officials familiar with the guidelines said the changes would allow the National Counterterrorism Center, the intelligence community’s clearinghouse for counterterrorism data, to keep such information for up to five years.

Currently, the center must promptly destroy any information about U.S. citizens or residents unless a connection to terrorism is evident.

I guess if you’ve got all that data storage space in UT, you’re going to need something to fill it with.

To justify this power grab, the WaPo’s sources point to two attacks that had nothing to do with the length of data retention: the Nidal Hasan attack, in which information on his conversations with Anwar al-Awlaki hadn’t been shared throughout the government, and Umar Farouk Abdulmutallab, in which his suspect status hadn’t been loaded into the no-fly list.

They don’t, however, point to a concrete example where 5 year old data of US persons might have helped solve an actual terror attack.

But thanks to this measure pushed through in almost complete secrecy, when they declare–say–your Church a terrorist organization in three year’s time, they’ll have records of your association with it in a database in UT.

Update: Here’s Charlie Savage on this. Here’s the new guidelines. And here’s the guidelines they replaced. I’ll come back to these later.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

18 replies
  1. MadDog says:

    Can anyone really imagine given the state of the US government today, that their hoarding hamsters employees would willingly undertake to task themselves with going back into their databases to delete information that they don’t need?

    Nah! This is just a new set of rules to retroactively cover what they’ve already done.

    Give it time and that 5 year rule will get extended to 10 years. And then 20 years. And then just as quietly as this, they’ll extend it to Forever!

  2. MadDog says:

    Speaking of data storage by the US, I was perusing through NSA Director General Alexander’s written testimony (19 page PDF) about US Cyber Command before the House Armed Services committee, and came across this from page 6:

    “…The cyber threat continues to mature, posing dangers that far exceed the 2008 breach of our classified systems we discussed last fall. Our leaders from President Obama on down have emphasized this point, and for good reason. Our nation now depends on access to cyberspace and the data and capabilities residing there; we are collectively vulnerable to an array of threats ranging from network instability to criminal and terrorist activities to state-sponsored capabilities and actions that are progressing from exploitation to disruption to destruction. While I hasten to say that we have not suffered disastrous or irreparable harm in cyberspace from any of these risk categories, we must be prepared to counter this evolving threat…”

    (My Bold)

    What does this say about the alleged acts of Bradley Manning? If I were his defense attorney, I’d take note.

    And btw, the 2008 breach of classified systems incident Alexander refers to was reported in this Los Angeles Times article.

  3. MadDog says:

    @MadDog: And this from page 7:

    “…In addition, we believe that state actors have developed cyber weapons to cripple infrastructure targets in ways tantamount to kinetic assaults; some of these weapons could potentially destroy hardware as well as data and software…”

    Ya think? Does Stuxnet ring a bell?

  4. emptywheel says:

    @MadDog: Oh, I’ve reported on the 2008 breach a bunch of times. Because after that they swore there coudl be no more removable media. Until Lady Gaga hit.

  5. MadDog says:

    @emptywheel: Yes, you’ve been one of the leaders with posts on that breach, but I just wanted to make sure that Alexander’s testimony didn’t leave anyone reading my quote in the dark.

    Alexander didn’t provide a link in his testimony. Probably a case of innertoobz ignorance, so I thought I’d give him a wee bit of cyberhelp. *g*

  6. EH says:

    OK, they can have the extension, but they have to throw away everything they’ve gathered so far.

  7. MadDog says:

    @MadDog: And continuing to speak of data stuff, another participant in the House Armed Services committee session along with NSA Director General Alexander was Dr. James N. Miller, Principal Deputy Under Secretary Of Defense For Policy. From page 2 of his written testimony (12 page PDF):

    “…The capabilities of state and non-state actors to exploit, disrupt, or even destroy…information systems are increasing…

    …More recently, critical infrastructure has been targeted, including our electric grid and the financial-services sector…”

  8. MadDog says:

    @MadDog: Ahhhh…I missed that EW updated the post with Charlie’s stuff. When one refreshes, the downside is that the focal point returns to where on the webpage one is on. In my case, that’s at the very end of the webpage.

  9. MadDog says:

    And let me translate what one of Charlie Savage’s sources said. From this:

    “…There is a genuine operational need to try to get us into a position where we can make the maximum use of the information the government already has to protect people,” said Robert S. Litt, the general counsel in the office of the Director of National Intelligence, which oversees the National Counterterrorism Center…”

    To this:

    “…There is a genuine operational need to try to get us into a position where we can make the maximum use of the information the government already has on US citizens,” said Robert S. Litt, the general counsel in the office of the Director of National Intelligence, which oversees the National Counterterrorism Center…”

    (My Bold)

  10. MadDog says:

    @MadDog: One of the key points that Charlie Savage raises (and I expect EW to have on her plate as well):

    “…The previous guidelines (7 page PDF) for sharing information with the counterterrorism center were issued by Attorney General Michael Mukasey in 2008.

    They set up three tracks by which the center could retrieve information gathered by another agency: by doing a limited search itself for certain data, by asking another agency to perform such a search, or — in cases whether neither was sufficient — by replicating the database and analyzing the information itself…

    [snip]

    …the first two tracks for searching the databases that remain under the control of the original agencies prohibit “pattern analysis.” But that restriction does not apply to databases the center has copied…”

    (My Bold)

    Can one say data-mining? I thought you could!

  11. lefty665 says:

    Any indications that NCTC retention rules apply to agencies that share data?

    Can anyone show NSA has ever intentionally dumped anything it has acquired?

  12. MadDog says:

    @lefty665: In reading the new guidelines, it seems they are specific to the NCTC only. It would seem therefore that other agencies operate under other rules or no rules as may be the case.

  13. MadDog says:

    I know we’re going to comment about this new set of NCTC guidelines in future EW posts, but this part jumped out at me because of the latest NSA data storage and analysis discussions here. From page 5 of the NCTC guidelines (32 page PDF):

    “…a) NCTC will access, acquire, retain, use, and disseminate information, including United States person information, (i) pursuant to the relevant standards of Executive Order 12333, as amended; ii) as consistent with the National Security Act of 1947, as amended; and (iii) as authorized by law or regulations, including applicable privacy laws. These Guidelines do not apply to information the retention, use, and dissemination of which is governed by court order or court approved procedures…”

    (My Bold)

    Would those be FISA Court-approved procedures like bulk 215 Orders for vacuuming up and drift netting through all domestic Internet communications for targeted triggers/keywords?

  14. lefty665 says:

    @MadDog:

    So, bad as NCTC is, it may just be cover like the FBI? The real real time and predictive analysis of everything forever being the filling for Beef Hollow Rd. “guidelines do not apply”

Comments are closed.