Christopher Slobogin – Apr. 11, 2012
The US Department of Justice (DOJ) recently issued “Guidelines for Access, Retention, Use, and Dissemination by the National Counterterrorism Center and Agencies of Information in Datasets Containing Non-Terrorism Information” [PDF]. As this prolix title implies, the National Counterterrorism Center (NCTC), the key agency for organizing and analyzing national security intelligence, routinely acquires and accesses datasets about US citizens that contain personal details having nothing to do with terrorism. These datasets could contain information about credit card transactions, airline reservations, phone and ISP communications, bank, tax and social security records and perhaps even medical consultations. Nowhere do the guidelines mention these datasets by name, but previous intelligence practices make clear they are among the sources the NCTC wants to consult. While the government was probably collecting much of this information before the events of September 11, 2001, since that time it has clearly been aggressively engaged in doing so, through a series of programs known successively as Total Information Awareness, Terrorism Information Awareness, ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) and, most recently, “fusion centers,” where information from various sources is “fused” together.
Before promulgation of the guidelines, the government could legally retain information that is not presently linked to national security concerns for no longer than six months. The guidelines extend that period to at least five years. The impetus for this change was undoubtedly the belief that effective counter-terrorism is possible only if intelligence agencies have access to every conceivably relevant piece of information, which is less likely to occur if datasets are frequently purged.