The inspector general at the National Security Agency revealed that the agency’s various databases and cloud pose risks on civil liberties and individual privacy.
A December audit suggests that the agency’s move in keeping some data for ‘too long’ could pose risks and violates Executive Order 12333 or the provisions on the United States Intelligence Activities.
In addition, it is found out that the Source System of Record, which is responsible for NSA’s data deletion efforts and retention controls, exceeded the five-year legal retention period. The SSR official data resource ‘has retained a small percentage of a large number of SIGINT data objects beyond legal and policy retention limits.”
The audit also reviewed the compliance efforts of the agency and found out that supporting retention compliance is insufficient and limited. What comes to a surprise is the outdated retention policy, which dates back to March 2015.
Agency auditors already proposed a series of recommendations to enhance the data storage and retention policies of the NSA. According to some sources, there are a total of 11 recommendations but only four can be used.
“The [Office of Inspector General’s] findings reflect significant risks of noncompliance with legal and policy requirements for retention of SIGINT data. These requirements include established minimization procedures for NSA SIGINT authorities, meaning that the deficiencies we identified have the potential to impact civil liberties and individual privacy,” states the audit.
Items Should be Deleted
The agency needs to comply with the legal requirements to avoid security and privacy threats. The goal is to perfect compliance and prevent threats to the cloud. As to the December audit, one percent of the items should have been deleted due to retention provisions.
“As required by law and agency policies, on an ongoing basis, NSA deletes the data that was lawfully collected in connection with the agency’s foreign signals intelligence mission, balancing privacy concerns with the need to have relevant data available for analysis in connection with national security threats,” NSA said.
The news about the outdated retention policies came after the renewed congressional scrutiny used by government agencies to obtain warrants. This warrant provides information on the ongoing investigation into President Donald Trump’s 2016 presidential campaign.
Earlier this year, NSA warned users of Microsoft Windows to check their systems for risks of ‘devastating’ and wide-ranging impact due to BlueKeep.