[elevenfist]

This isn't really a secret interpretation, I and a lot of people I knew noticed the same thing over a decade ago by reading the privacy policies of tech companies. Reading the data requires a warrant. Recording the data doesn't.

[jwtadvice]

The important aspect for the NSA's interpretation is that algorithms can look at and process the data and create metadata or synopsis information from it.

Having an intelligence system ingest this metadata and synopsis is not considered "collection".

Essentially, if it can be automated, it isn't collection. If a human gets pulled into the loop to look at data, that's when it's collected. However, a human could be shown a synopsis or an inference about an American target and this could still not be collection, as the summary information being viewed isn't considered the person's private records.

Basically a loophole in a loophole. I'll be happy to keep databases of, and run software over, our national security records. I won't collect any of it, though. I won't even look at it. I'll just get summaries of the information contained in it from my algorithms - and if I want to look at a specific document I'll punch a rubber stamp on it first.

[andreyf]

And what will you need to show to obtain said rubber stamp? This is not secret, either:

Search for "how FISA works" here: http://www.belfercenter.org/sites/default/files/legacy/files...

[killjoywashere]

Curiously, a fair amount of genetic research is done this way: the genetic info is PHI, but the covered entity holds the data and the computer capacity. The researcher just pushes an algorithm to the cluster and gets aggregate results back.

[TechnicalVault]

That's the idea, but in practice GA4GH is still working on the API's and protocols to make this work in an automated and containerised fashion for modern genetic data. We do often send the algorithm to the data but mostly by way of granting an account to collaborators and them sshing into a remote cluster because copying 120 terabyte datasets is no fun.

[nyolfen]

well, it's a secret interpretation of a particular executive order (EO 12333 signed by reagan, if you're curious), in the sense that it's not obvious on its face from reading the order that one should come to the same interpretation as they have, and that they don't officially divulge that interpretation.

prior to snowden, almost everybody (you and your clever colleagues excluded, obviously) would think it was paranoid to believe this was the case. at least, there's no way i could make the leap from:

'EULA's state that recording activity on a company's servers by that company [i assume this is what you mean?] doesn't require a warrant but the government reading it does'

to:

'the government records incomprehensible amounts of domestic traffic but it doesn't count as warrantless surveillance because they don't read most of it'

[lern_too_spel]

EO 12333 doesn't redefine collection. Data collected abroad under 12333 is still "acquired" according to the definition in the NSA's documents leaked by Snowden. Do you have any documents that you can point to that say otherwise?

[nyolfen]

i should have been less ambiguous, sorry -- USSID 18 is derived from EO 12333, and USSID 18 nominally provides protections to US citizens from being spied upon; USSID 18 also is what has a secret interpretation by NSA lawyers that most people would probably feel is not in the spirit of the EO. here's a very nice writeup:

https://www.eff.org/deeplinks/2014/06/primer-executive-order...

section 4 outlines collection policy, beginning on page 6 of the pdf:

https://www.dni.gov/files/documents/1118/CLEANEDFinal%20USSI...

[lern_too_spel]

Section 9 of that document defines "collection" to mean what you would expect it to mean.

[nyolfen]

the issue is that there is a secret interpretation of it, as i explained in each of the above posts

edit: if the term' collection' is your major gripe, i apologize -- i rewatched the video i cited and the term is actually 'intercept', not 'collect'

[lern_too_spel]

Why don't any of Snowden's documents confirm that they're using this interpretation and instead show that they are interpreting it as everyone else does?

[1_2__3]

What bearing does a private company's privacy policy have on warrants? I think I see what you're getting at but what a private company consider warrant-worthy or not is irrelevant when discussing the governments position.