I haven’t had time to do a full post on the Presidential Policy Directive Obama rolled out with his speech the other day (besides pointing out how Obama sets it up to be disappeared when inconvenient). But Bart Gelllman noted something I had also noticed (in addition to noting that Obama embraced Big Data in his speech — his whole story is wroth reading).
In another significant footnote, Obama said the limits he ordered “shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.” Signals intelligence development, or “sigdev” in NSA parlance, is the discovery of untapped communication flows and the invention of new surveillance methods to exploit them.
For example, NSA Director Keith Alexander revealed last summer that his agency had collected location data from mobile phones in the United States.
Here’s the language in question.
Consistent with this historical practice, this d irective articulates principles to guide why, whether, when, and how the United States conducts signals intelligence activities for authorized foreign intelligence and counterintelligence purposes. 3
3 Unless otherwise specified, this directive shall apply to signals intelligence activities conducted in order to collect communications or information about communications, except that it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.
This is something we’re seeing throughout the NSA programs (and we’re not seeing any real auditing or checks on this activity) as I have been noting with respect to the data integrity analysts who have access to the phone dragnet. The NSA uses real data to develop its new toys. And while there are some limits on the finished intelligence products that can be produced from such development, there doesn’t seem to be any protection for the data that gets used.
You’d think, in the wake of a rather powerful demonstration of the power of techs, there’d be some awareness of how dangerous creating such exceptions for the techs. But you’d be wrong.
One more note: Obama explicitly imposes these limits only on communications data, not on things like bank data or pressure cooker purchase data. A reporter actually asked the White House, rather persistently, about all this Section 215 (or NSL) collection, and they basically admitted they’re not going to provide the same protections (judicial review of queries) because no one is talking about it.
Which tells you what they’re really concerned about.