[besselheim]

It makes sense to collect everything possible, then discard what you don't need later, because when conducting an investigation you don't know in advance which data are of interest.

If your communications are intercepted, stored, but then never looked at, and eventually deleted - this is functionally equivalent to having never been collected at all.

[whatshisface]

There's one big difference: if your data was never collected, then a breach (internal or external) doesn't endanger it. If it was "collected but never looked at," then it's subject to the integral of every mistake, malicious action or rule change from now until they loose it. One of the major things that Snowden revealed was that random nobodies had huge access to sigint material.

[besselheim]

It's the responsibility of the communicating parties to protect themselves against interception if they consider this to be an unacceptable risk. Using end to end encryption for message content secrecy, and obfuscating message routes using e.g. Tor to help mask source and destination pairs.

[toyg]

The US government can break TOR and pretty much everything else when they really want. That’s no protection.

[besselheim]

Do you have any evidence of this?

[toyg]

https://arstechnica.com/tech-policy/2016/02/judge-confirms-w...

https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-to...

https://www.theverge.com/2014/7/3/5868159/new-report-says-th...

https://lists.torproject.org/pipermail/tor-talk/2011-March/0...

[tgragnato]

We have already had proofs of the LEAs inability to keep TS information safe, expect a worse level of protection for routinely intercepted phone calls, emails, ...

It's very very difficult (some people say impossible) to assure 100 percent that people's data have been safely stored and transmitted for their whole retention lifetime.

[besselheim]

That's an argument for ensuring that such data is properly secured, not an argument against collecting it in the first place.

[tgragnato]

If you ask me, keep one or the other. The inability to maintain the operational reliability of a datastore (including backups), does not inspire confidence.

Assuming this is an incident and not a coverup.