Don't have the transcript but to paraphrase the bit about NSA reform it was basically "We can set up a shell operation to do all the dirty work, we can't guarantee that it won't be even dirtier and less under congressional control, but we can definitely do that if you want us to"
Does that mean we can sue the company and the individuals involved, for tresspassing and vandalizing equipment to enable sigint for internal corporate data? Will they be subject to the Computer Fraud and Abuse Act the same as everyone else? Can we catch and prosecute individuals participating in operations that involve crimes (vandalism/b&e/sabotage) by enabling sigint on corporations' servers and networking equipment? And if such individuals are armed during an occasional physical incursion into corporate infrastructure, can they be shot in self defense?
More fundamentally, let's follow the money.
Who is going to fund this corporation? If they take money from the USG, money which is then paid to corporations to persuade those corporations to give up personal data or allow network taps and collocated spying equipment, that is no different from the current situation.
I think people forgot that the original reason there was a FISC order to turn over the phone records was because the telecom companies had already been doing it, and were quite happy to cooperate.
But they felt there would be recrimination if the fact that it was voluntary on their part came out and so requested to be ordered to do so (if that makes sense).
But you're right, at best there will be a third-party private company setup to hold the records and act as an "independent" review of the request, since none of the telecoms want to maintain the records themselves, since now that it's public it would risk discovery motions in every random case until the end of time.
And now that we would have an "independent" third party watching the NSA, who watches the watchers? At least NSA analysts are trained from Day 0 about the Constitution, USSID 18, FISA, etc. Who monitors the shell company to verify that they're not doing evil things with the database? Perhaps we could have FBI constantly monitor their comms and at least spread the risk around.
" At least NSA analysts are trained from Day 0 about the Constitution, USSID 18, FISA, etc." And we all know how well that worked out. What's your point? The NSA is currently not doing it's job.
> And we all know how well that worked out. What's your point? The NSA is currently not doing it's job.
AFAICT the NSA analysts have been operating under the assumption that they are following the law as written and interpreted by the Courts (Supreme and FISC), and handling incidental abuses that they discover via the same types of procedures (albeit more strict) used in other branches of government.
The fact that the lawyers and courts happen to disagree on your personal interpretation of the law and Constitution doesn't mean they weren't trying to follow it.
And however bad their actions are, there's no telling how bad it will get when you introduce profit motive.
