Curbing Data Use is Key to Reining in NSA
Any effort to rein in the National Security Agency after its widespread spy activities were revealed in leaked documents must focus on more than simply limiting what personal data can be collected.
Tue, November 19, 2013
Computerworld — Any effort to rein in the National Security Agency (NSA) after its widespread spy activities were revealed last summer in leaked documents must focus on more than simply limiting what personal data can be collected.
The key to maintaining some semblance of privacy for ordinary citizens is to limit how any data about them collected by the spy agency is used.
In the months since Edward Snowden began leaking to the press classified documents detailing NSA surveillance activities, there's been a flurry of calls for new restrictions on how much data can be collected and few calling for limits how any data collected can be used.
Since the classified documents were exposed in June, federal lawsuits challenging the NSA's collection of phone metadata records have been filed in New York and Washington D.C. Such lawsuits face difficulties as the U.S. Supreme Court this week declined, without explanation, to hear a similar petition filed by the Electronic Privacy Information Center.
Also, several U.S. lawmakers have proposed legislation to curtail some NSA surveillance activities while adding transparency to those that remain. For instance, a bipartisan bill dubbed the USA Freedom Act, seeks to end the agency's call records collection program and make the secret FISA courts that oversee NSA surveillance requests more accountable to the public.
Meanwhile, Google, Yahoo and others have fueled new efforts to block the NSA's apparently systematic efforts to weaken encryption standards and to harvest data by allegedly tapping their data links.
Many see such efforts as fundamental to curbing the NSA's apparently insatiable appetite for collecting data under the aegis of counter-terrorism. After all, the NSA cannot misuse data that it doesn't have.
But even if all attempts at curbing the NSA's data collection activities are successful, abundant data would still be collected with few limits on how it's used.
The NSA is currently building a massive, $1.53 billion data center near Salt Lake City that it says will be able to to store and process exabytes of data -- call records, social media interactions, Internet conversations, search related data and other information culled from around the world.
It's inconceivable that all of this data is related to potential terrorist activity.
Therefore, the most important question should be: What does the NSA do with all the data it collects?
The spy agency should be required disclose its rules for handling collected data, who it can be shared with, who can access it, how its analyzed and the processes for data deletion.