NSA Retention and Collection of Crypto Data
John Young
jya at pipeline.com
Mon Sep 4 11:48:41 PDT 2006
Cryptome received via FOIA from NSA this weekend a procedures
document for COMINT affecting US persons, dated March 2004, which
mentions retention and collection of crypto-related data:
http://cryptome.org/nsa-css-1-23.htm
[Excerpt 1]
2. Retention
(S/SI) Foreign communications of, or concerning, United States persons that
are
intercepted by the United States Signals Intelligence System may be retained
in their original form or as transcribed only:
(a) if processed so as to eliminate any reference to United States persons;
(b) if necessary to the maintenance of technical data bases. Retention for
this purpose is permitted for a period sufficient to allow a thorough
exploitation and to permit access to data that are, or are reasonably
believed
likely to become, relevant to a current or future intelligent requirement.
Sufficient duration may vary with the nature of the exploitation. In the
context of a cryptanalytic effort, sufficient duration may consist of a
period
of time during which encrypted material is subject to, or of use in,
cryptanalysis. In the case of international commercial communications that
may contain the identity of United States persons and that are not
enciphered
or otherwise thought to contain secret meaning, sufficient duration is one
year unless the Deputy Director for Operations, National Security Agency,
determines in writing that retention for a longer period is required to
respond
to authorized foreign intelligence or counterintelligence requirements; or
[End excerpt 1]
[Excerpt 2]
D. (C) Signals Intelligence: Search and Development.
The United States Signals Intelligence System may conduct search and
development activities with respect to signals throughout the radio spectrum
under the following limitations:
1. Collection. Signals may be collected only for the purpose of identifying
those
signals that:
(a) may contain information related to the production of foreign
intelligence
or counterintelligence;
(b) are enciphered or appear to contain secret meaning;
(c) are necessary to ensure efficient signals intelligence collection or
to avoid the collection of unwanted signals; or
(d) reveal vulnerability of United States communications security.
[End excerpt 2]
More information about the Testlist
mailing list