Perspective: Curbing data use is key to reining in NSA

Proposed legislation and rules focus mostly on curbing data collection activities, not on controlling use of personal data

Any effort to rein in the National Security Agency (NSA) after its widespread spy activities were revealed last summer in leaked documents must focus on more than simply limiting what personal data can be collected.

The key to maintaining some semblance of privacy for ordinary citizens is to limit how any data about them collected by the spy agency is used.

In the months since Edward Snowden began leaking to the press classified documents detailing NSA surveillance activities, there's been a flurry of calls for new restrictions on how much data can be collected and few calling for limits how any data collected can be used.

Since the classified documents were exposed in June, federal lawsuits challenging the NSA's collection of phone metadata records have been filed in New York and Washington D.C. Such lawsuits face difficulties as the U.S. Supreme Court this week declined, without explanation, to hear a similar petition filed by the Electronic Privacy Information Center.

Also, several U.S. lawmakers have proposed legislation to curtail some NSA surveillance activities while adding transparency to those that remain. For instance, a bipartisan bill dubbed the USA Freedom Act, seeks to end the agency's call records collection program and make the secret FISA courts that oversee NSA surveillance requests more accountable to the public.

Meanwhile, Google, Yahoo and others have fueled new efforts to block the NSA's apparently systematic efforts to weaken encryption standards and to harvest data by allegedly tapping their data links.

Many see such efforts as fundamental to curbing the NSA's apparently insatiable appetite for collecting data under the aegis of counter-terrorism. After all, the NSA cannot misuse data that it doesn't have.

But even if all attempts at curbing the NSA's data collection activities are successful, abundant data would still be collected with few limits on how it's used.

The NSA is currently building a massive, $1.53 billion data center near Salt Lake City that it says will be able to to store and process exabytes of data -- call records, social media interactions, Internet conversations, search related data and other information culled from around the world.

It's inconceivable that all of this data is related to potential terrorist activity.

Therefore, the most important question should be: What does the NSA do with all the data it collects?

The spy agency should be required disclose its rules for handling collected data, who it can be shared with, who can access it, how its analyzed and the processes for data deletion.

The NSA insists that multiple controls are already in place to prevent misuse of the data it collects. It generally points first to the secret FISA court an example of oversight of its activities.

NSA director Keith Alexander and James Clapper, U.S. Director of National Intelligence, both maintain that the spy agency's sole focus is on detecting and deterring national security threats. The program is not designed to snoop on innocent Americans, they say.

In a keynote address at the Black Hat security conference in July, Alexander insisted that the agency does not routinely listen in on phone calls, monitor email content or collect personal data of U.S. or foreign citizens.

Alexander said only 22 NSA officials can authorize such searches and only 35 of several thousand NSA analysts can run queries on collected data. Each query must be related to an anti-terror investigation and is fully auditable, he said.

However, such claims cannot be verified. The NSA, and other government officials, claiming national security grounds, have to date stymied attempts to obtain such details about ongoing spy programs.

1 2 Page 1
The brave new world of Windows 10 license activation
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies