(Cyberwar.news) A new privacy update to Reagan-era Pentagon rules regarding surveillance against American citizens contains a bypass that allows the National Security Agency to continue eavesdropping on a large swath of conversations online, critics told NextGov.
”DoD Manual 5240:01: Procedures Governing the Conduct of DoD Intelligence Activities,” updated Aug. 8, was last released with every email address in existence numbered in the dozens.
The new rules, however, underscore a shift in intelligence-gathering from simply placing a wiretap on someone’s telephone line to sweeping up communications in bulk from the globalized Internet. The revision takes into consideration that most conversations today take place online and thus should be protected from illicit government surveillance, intelligence and civil liberties experts say.
However, the revision creates an exemption that does not provide privacy protection for data that is carried along international communications wires, according to an assessment by the New America Foundation’s Open Technology Institute.
The revised manual makes “kosher the kind of upstream collection that allows for really wide scale incident collection, even if very time-limited collection, of Americans’ information,” Robyn Greene, policy counsel for the institute, said, as quoted by NextGov.
In the 1980s, transatlantic conversations were cost-prohibitive, with a three-minute call between the U.S. and western Europe costing around $13. But today, such billions of conversations daily pass through undersea cables at a cost of just pennies.
That said, the world “collection” in the new rule takes on a broad new meaning, say critics. Overly broad, in fact.
In times past, data was considered captured only when it was officially accepted for use by an intel analyst. Toda, data is considered captured “when it is received,” the revised manual states.
“The clock starts to run as soon as information is collected, meaning that collected information must be promptly evaluated to determine the proper retention period,” Cody Poplin, a former Brookings Institution researcher, noted in a Lawfare blog post.
Privacy advocates maintain that the timer to preserve a user’s confidentiality begins too late. The new rules do not define short-term files such as the contents of email and metadata vacuumed from the Internet as “collections” that deserve to be protected.
“Collected information does not include: Information that only momentarily passes through a computer system; information on the internet or in an electronic forum or repository outside the component that is simply viewed or accessed by a component employee but is not copied, saved supplemented or used,” the manual states.
“It’s great” that more stored communications will now get privacy protections, but the document “fails to address the core concerns that we have about bulk collection and the impact that has on Americans’ privacy and on non-targeted foreigners’ privacy,” Greene said.
NextGov said Defense officials would not comment on the rule change, but privacy advocates and civil liberty groups vow to monitor how the rule is implemented.
The revised rules apply to all of the Defense Department and the NSA.
(c) 2016 USA Features Media.