Let's change the NSA question. Not "Snowden" or "are we" but "should we."
I think I want a discussion about principles instead of details.
First, remove "Snowden" from the equation -- not a factor here.
Second, let's remove any question about "what we're actually doing" -- issues of proof are actually not relevant.
Even if you think this is just "Pie in the Sky" play along for a minute, because it won't be at some point.
Start from the premise that even if it is technologically unfeasible to collect all internet and voice communications now, it will be possible at some point.
Consider the following set of information archived by individual citizen, compiled by our government in the course of national security work once it has become a fully mature process:
Start with the TIA initial database description (as this was considered plausible in 2002, it is a reasonable list):
1. personal e-mails,
2. social networks,
3. credit card records,
4. phone calls (content and metadata),
5. medical records,
6. Biometrics -- DNA
7. Biometrics -- Face picture
8. Biometrics -- Fingerprint
9. Biometrics -- gait
and add a few others that have come up.
10. Mobile phone location
11. Public surveillance video
12. License plate reader/EZ-pass information.
13. Web browsing history
And keep in mind that I am not that imaginative:
14. Any other electronic information that you know that could be collected and stored that I missed.
Now let's pretend we are policymakers who have to consider this expansionary uses of this technology and give some opinions:
1) What are limits on the use of this data? Should it be used only for Terrorism? For national security in general (leak investigation and background checks) Should it be used for international crime investigations? Should it be used for federal crime investigation? Should it be used for domestic crime investigation?
2) How long should such data be held? Should there be a mandatory expiration on this data? If so, why?
3) What are the allowed rules for its direct access? Must it be via a warrant with probable cause? Can automated "crime detection" software be run on it to detect certain heinous crimes (like pedos and human slavers)? What about all criminal activity? What about all civil criminal activities (you know, copyright violation)?
4) If some current DARPA research pans out, can algorithms be used that have some value at predicting future criminal behavior (ala Minority Report)?
5) What penalties should be levied on those in authority who misuse it? For example those who use it profit from selling the data they have access to or keep tabs on a cheating spouse? How about those who use it to gain an insider trading advantage?
6) Even if a legal framework is created, under what circumstances can the legal framework be changed? Can an executive order allow a change in the requirements to access that data to drop the requirement for a FISA court for national security reasons, for example?
7) Should participation in the biometric portions of data collection be compelled? Perhaps in school or with voter registration now that the Supreme court has cleared a path for that.
8) What access do individual citizens have to their own data? To others? Could it be used to run background checks? Can a contractor access the data and sell some analysis of the information for a fee, as they do with court records or other federal data? Can a person challenge the information in the data if they can prove it is inaccurate? If so, how onerous would that be on the government?
9) Should there be penalties for circumventing the data collection or can such activities be used as grounds for suspicion in investigating a crime? Let's say someone is murdered and there are no mobile phones in the vicinity. Would it be reasonable to search the database with a starting query being people who were not carrying their phones around the time of the murder and then start investigating those people?
= new reply since forum marked as read
Being able to install Windows 8 or unlock an Iphone does not qualify anyone to know what is possible with a supercomputer cluster and large batch of data. It seems that most folks think that they have a measure of "security through obscurity", that there's no way for anyone to look through billions of records and find a specific thing or person in a petabyte pile of data unless they were already highlighted (you know, as a "terrorist"
. They say they aren't worried at all.
They will then go and use Google and not think twice.
I have no idea how to solve this problem, unfortunately. The resources are out there. You can lead a horse to water, but you can't make it drink, right? This is my personal experience with bringing up the issue.