On Tuesday Wendy Grossman reported in the Register about her visit to the NSA's Cryptologic Museum. As she reports the NSA sems to want to keep the museum's entrance secret:
A few of us got through the metal detectors before the National Security Agency (NSA) realised we were in the wrong place. We had arrived, expunged of all electronic devices from mobile phones to cameras, at the Visitors' Centre, a security outpost for visiting security personnel, instead of the National Cryptologic Museum 370 metres away by eagle. Oops.
One interesting thing happened worth sharing: When I missed the turn for the museum, I had to drive through the guard booth. Because I officially entered the NSA premises uninvited, I was pulled aside into the parking lot by security.
In some ways its kind of fun that a museum dedicated to secrecy should have a secret entrance but on the whole I would think it better if they worked a bit harder to reduce the chances that visitors get lost.
Moving on to the more serious side of the NSA and its data mining of telephone info (CDRs - Call Detail Records). At the Volokh Conspiracy Orin Kerr seems to think that this program was on shaky legal ground. On the other hand over at Powerline, John Hinderaker looks at basically the same statute and says that it looks fine. The question seems to be whether 18 U.S.C. 2702 overrides 18 U.S.C. 2709 or vice versa. These are two sections of "STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS" part of US law.
Personally I tend to agree with Mr Hinderaker's view but the issue is somewhat murky because 2709 seems to imply the provision of targeted CDRs and 2702(c)(6) does seem to specifically exclude government access to bulk CDRs in the way that USA Today and others report that the NSA obtained them. Also 2709 only refers to the FBI and not to the NSA so (note: I am not a lawyer) it could well be that in fact the program is illegal - or was illegal before the revised patriot act of 2006.
However, and this is the more important issue, the strict legality or otherwise question is IMO a red herring. As 2702(c) states CDRs are effectively considered public information that may be disclosed to any non-governmental 3rd party at the discretion of the operator (i.e. if the 3rd party has paid the telco some money) so all the civil liberties morons are missing the point. If you ask Americans (or for that matter probably Canadians, French and everyone else in the "west"), whether they would prefer to have their CDRs sold to telemarketers or analysed by the government to stop terrorism then I think that they would plump for the latter over the former. As former spook notes this kind of data-mining and network analysis is a proven strategy to isolate potentially suspicious activity for further investigation (under the usual warrents etc etc). BTW the computational analysis required is enormous - there are IIRC over half a billion US phone numbers and billions of phone calls are made each day - so the CDR data for the USA probably runs into petabytes and as a result the only way to make this work is to move outward from existing suspects. This means that when they get their act together the racism crowd are almost certain to start screaming about discrimination because it is nearly 100% certain that any suspects identified from this analysis will be (duh) dark-skinned and muslim.
It seems clear to me that the UK's 7/7 attacks succeeded in part because the UK authorities did not do this kind of analysis. I'm not certain (since IANAL) but I would not be at all surprised if the Data Protection Act made such analysis effectively illegal, but given the ZANU Labour's love of trampling over civil liberties in other areas I am amazed that they did not change the law to permit them to do this. Probably they didn't actually do it because the UK government is apparently unable to run large computer projects and hence would have been unable to get the job done at any date before 2026.
I despise l'Escroc and Vile
Pin