Just now read a rather disturbing article from Sophos security. The
article describes the interpretation of the law by NSA and some of the internal
policies that they use in surveillance.
They also reveal that courts don’t always determine who’s targeted for
surveillance because that discretion is practiced by the NSA’s own analysts,
with only a percentage of decisions being reviewed by regular internal audits.
To make those decisions, NSA analysts use information including IP addresses,
potential targets’ statements, and public information and data collected by
In the absence of such information - for example, if a potential target
is using online anonymity services such as Tor, or sending encrypted email and
instant messages - agents are encouraged to assume that the target is outside
This is the part that needs to be emphasized again and again - all this hullaboo
in USA about NSA’s surveillance is about snooping on American citizens. If you
are not one, you have no rights at all and NSA has no limits to what they can
sniff out of you and how long they can keep that info. I know, it is pretty much
common sense, but when I see Indians getting all worked up about this
revelation, I sometimes feel that some of them don’t get this.
So coming back to the article, if an American is using Tor or
encrypted email or encrypted chat messages, unless the American has been
positively identified as an US citizen, he will be treated like a foreign
person - essentially with no rights.
And this part is interesting:
If communication is encrypted - particularly if a US person is using certain
types of cryptology or steganography known to have been used by “individuals
associated with a foreign power or foreign territory” - the NSA is free to
collect it and store it “indefinitely” for future reference and cryptanalysis
That is a loophole right there in my opinion - will they still keep the crypto
data if they already have the means to crack it? :-)