

Secret court says yes when NSA seeks authority to spy - forgotAgain
http://www.deseretnews.com/article/865581300/Secret-court-says-yes-when-NSA-seeks-authority-to-spy.html

======
forgotAgain
1,788 of 1,789 request were granted. The outlier was one that was withdrawn.

------
300bps
>The order leaked to the media organization details that the numbers of both
parties on a call are given to the U.S. government, as well as location data,
the length of the call, the time and duration of all calls and "unique
identifiers."

Setting aside the fact that the government likely does not have the right to
gather this information, the biggest question I have is how secure is this
information?

Do they log every time a government employee queries this data? Can government
employees take copies of the data? What security protections are in place to
prevent foreign or domestic hackers from accessing the data?

This whole thing gives me the willies similar to when I found out that my
employer was using proxy software from BlueCoat to strip out every site's SSL
certificate and replacing it with its own so they could see all your
unencrypted SSL traffic. They then store that unencrypted data which
presumably includes logins and passwords to employee's unrelated bank accounts
and other highly sensitive private information. Even if they have the right to
monitor this type of activity, I don't believe anything gives them the right
to store the data long-term because of the tremendous risk it presents to
innocent people.

