Ok. And there's probably a good recent example of that...
Posted Sept. 26, 2013, at 7:41 a.m.
WASHINGTON  The head of the National Security Agency delivered a vigorous defense Wednesday of his agencyÂs collection of Americans phone records for counterterrorism purposes, saying the program was helpful in investigations of the Boston Marathon bombing and the suspected plots against U.S. diplomatic outposts this summer.
ÂIt provides us the speed and agility in crises, like the Boston Marathon tragedy in April and the threats this summer, Gen. Keith Alexander said at the Billington Cybersecurity Summit, a gathering of business and government officials.
AlexanderÂs address follows calls by some leading lawmakers to end the program because of concerns that it invades Americans privacy without having proven its value as a counterterrorism tool.
In a brief interview after his talk, Alexander said the program did not help identify the Boston suspects, brothers Dzhokhar and Tamerlan Tsarnaev. But he said that by using the database of domestic phone call records, the NSA was able to determine that fears about a follow-up attack in New York City were unfounded.
That's probably a clear example of "ex post facto", er, evidence. It's not an ex post facto law though.
Should the NSA or other 3 letter agency be able to have such data on hand to allow quick searches in an emergency? Maybe, maybe not.
I think it's reasonable to assume that such data exists, and will continue to exist with or without the NSA. And it's reasonable to assume that court orders requiring whoever has that data to give it up to law enforcement will also continue to exist. Perhaps at a moment's notice - computers do continue to get faster and more capable after all.
Are we really safer or freer if the NSA can get the data instantly from Verizon (after a court order) as opposed to getting it instantly from their own server farm in Utah (after satisfying various national security requirements)? The only difference, it seems to me, is that people with different badges might be tempted to break (likely) similar privacy and access rules to access it.
I haven't been convinced.
Some have proposed that there be some sort of wall between the data that's collected and access to it. It seems to me that there is already a wall (the rules, laws and procedures), but maybe it needs to be thicker or higher. Having more people in the way between the data and the investigators might make things safer, but they might also increase the risk of unauthorized disclosure (witness Snowden).
Oh, and IIRC, the NSA can only keep the metadata for 5 years, so rest easy. ;-)
FWIW.
Cheers,
Scott.