The Brennan Center for Justice has taken on the herculean task of explaining all of the ways that surveillance agencies are collecting, storing and sharing the private data on U.S. citizens. It's all in a
new report, and it's disquieting, to say the least. The report focuses on the "misses"—all of the information that is collected that is completely innocuous, that shows no nefarious activity at all. What happens with
that information is particularly problematic.
One might expect that this information would NOT be retained, let alone extensively shared among agencies. To the contrary, there are a multitude of laws and directives encouraging broader retention and sharing of information—not only within the federal government, but with state and local agencies, foreign governments, and even private parties. [...]
Against this backdrop, this report analyzes the retention, sharing, and use by federal law enforcement and intelligence agencies of information about Americans not suspected of criminal activity. It examines five distinct categories of information. The categories are Suspicious Activity Reports, assessments, National Security Letters, searches of electronics at the border, and information acquired by the National Security Agency.
Among these data sets, this report finds that in many cases, information carrying no apparent investigative value is treated no differently from information that does give rise to reasonable suspicion of criminal or terrorist activity. Basically, the chaff is treated the same as the wheat. In other cases, while the governing policies do set certain standards limiting the retention or sharing of non-criminal information about Americans, the restrictions are weakened by exceptions for vaguely-described law enforcement or national security purposes. Depending on the data set, presumptively innocuous information may be retained for periods ranging from two weeks to five years to 75 years or more.
The reports' authors conclude that the "widescale collection and retention of personal information about Americans not suspected of criminal activity invites abuse without any significant demonstrated benefit." How can it benefit when there's no differentiation in how innocuous information is treated from how potentially useful information is treated? When the NSA is collecting so much data and not, as the report says, sifting the wheat from the chaff, can all these mountains of data really hold the key to protecting the nation? One technology expert, Bruce Schneier,
suggests it's the opposite: “If you’re looking for a needle in a haystack, a bigger haystack doesn’t help. [...] In general, if you look at all the successes we have against the 'bad guys,' they come from following the leads ... you don’t need to surveil every American.” The firehose of information—with no apparent mechanism in place to sort it—could be obscuring any real threats the NSA might be picking up.
Brennan doesn't suggest ending the surveillance program wholesale, but does have solutions that lawmakers working to reform surveillance programs should carefully consider: 1) make the policies and decisions about how citizens are surveilled accessible and transparent; 2) prohibit the retention and sharing of information that does not provide reasonable suspicion of criminal activity; 3) reform the outdated 1974 Privacy Act to bring it up to date with technology; 4) increase public oversight over the National Counterterrorism Center, the massive data center that is the hub for the sharing of our personal information; and 5) real oversight that includes "regular and robust audits of federal agencies’ retention and sharing of non-criminal information about Americans."