Testing, testing

Bart Gellman noted something I had also noticed (in addition to noting that Obama embraced Big Data in his speech — his whole story is worth reading).

In another significant footnote, Obama said the limits he ordered “shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.” Signals intelligence development, or “sigdev” in NSA parlance, is the discovery of untapped communication flows and the invention of new surveillance methods to exploit them.
For example, NSA Director Keith Alexander revealed last summer that his agency had collected location data from mobile phones in the United States.

Here’s the language in question.

Consistent with this historical practice, this d irective articulates principles to guide why, whether, when, and how the United States conducts signals intelligence activities for authorized foreign intelligence and counterintelligence purposes. 3

3 Unless otherwise specified, this directive shall apply to signals intelligence activities conducted in order to collect communications or information about communications, except that it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.

This is something we’re seeing throughout the NSA programs (and we’re not seeing any real auditing or checks on this activity) as I have been noting with respect to the data integrity analysts who have access to the phone dragnet. The NSA uses real data to develop its new toys. And while there are some limits on the finished intelligence products that can be produced from such development, there doesn’t seem to be any protection for the data that gets used.