Posted on

The Electronic Data Privacy Act Can Defend Against ICReach

A new report from The Intercept shows that  850 billion records of metadata can be accessed by intelligence and law enforcement agencies through a search engine created by NSA. ICReach is expansive, but it’s not invincible. States can block some of the effects of this program in practice by passing the Electronic Data Privacy Act.

Last year, people were just learning about metadata and its usefulness. Some argued that metadata is not content so don’t worry, while techies tirelessly wrote on the fact that metadata is more revealing than actual content.

Rebecca Guenther and Jaqueline Radebaugh describe the basic function of metadata in Understanding Metadata.

The main purpose of metadata is to facilitate in the discovery of relevant information, more often classified as resource discovery. Metadata also helps organize electronic resources, provide digital identification, and helps support archiving and preservation of the resource. Metadata assists in resource discovery by “allowing resources to be found by relevant criteria, identifying resources, bringing similar resources together, distinguishing dissimilar resources, and giving location information.”

Metadata includes tracking information, IP addresses you visit and other “information about information.” Consider what someone could learn about you with access to your browsing history and other such metadata.

Eventually this led to a White House investigation, proposal, and even a court ruling. All were useless in curbing the metadata collection. ICReach, the metadata search engine falls under executive order 12333 for collection purposes. This method of collection could easily be amended or repealed by President Obama by ending executive order 12333, but no such action has occurred.

Ryan Gallegher writes in the Intercept piece about the purpose of ICReach.

“Though one 2010 internal paper clearly calls it “the ICREACH database,” a U.S. official familiar with the system disputed that, telling The Intercept that while “it enables the sharing of certain foreign intelligence metadata,” ICREACH is “not a repository [and] does not store events or records.” Instead, it appears to provide analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.”

The intelligence community also anticipated the evolution of ICReach.

“Using ICREACH, the NSA planned to boost the amount of communications “events” it shared with other U.S. government agencies from 50 billion to more than 850 billion, bolstering an older top-secret data sharing system named CRISSCROSS/PROTON, which was launched in the 1990s and managed by the CIA.”

Simply put, federal agencies use this database to access metadata. That information can then be shared with state and local law enforcement through fusion centers, or directly to them by the Special Operations Division (SOD). We know this kind of information sharing happens on a regular basis.

Metadata belonging to Americans gets caught in the dragnet. The Intercept reports that “minimization” does not occur, but the word has an alternate meaning.

“The idea with minimization is that the government is basically supposed to pretend this information doesn’t exist, unless it falls under certain narrow categories,” Goitein said. “But functionally speaking, what we’re seeing here is that minimization means, ‘we’ll hold on to the data as long as we want to, and if we see anything that interests us then we can use it.”

There is little hope in curbing the NSA’s practice of collecting information on Americans, but we can at least address the practical effects by prohibiting state and local agencies from obtaining this kind of data gathered without a warrant.

The Electronic Data Privacy Act  protects privacy by disallowing use of unconstitutionally gathered data and information at the state level.

First off, it tells the agencies in the state, “Get a Warrant” for data

A (state) government entity may not obtain the stored data, or transmitted data of an electronic device without a search warrant issued by a court upon probable cause.

Secondly, provides minimization that ICReach data sharing does not.

A (state) government entity may not use, copy, or disclose, for any purpose, the stored data, or transmitted data of an electronic device that is not the subject of the warrant that is collected as part of an effort to obtain the stored data, or transmitted data of the electronic device that is the subject of the warrant.

The data described shall be destroyed in an unrevoverable manner by the government entity no later than 24 hours after the data is collected.

When passed into law, the Electronic Data Privacy Act not only stops state and local law enforcement from gathering data without a warrant, it also stops it from obtaining such data mined from federal databases and shared with the state. If the state does obtain warrentless data, it would be inadmissible in court. While it does not stop the feds from gathering information without a warrant, and would not shut down ICReach, it would end a practical effect in that state  – a net-win for privacy.

ICReach is the intelligence communitiy’s search engine for metadata does not just target foreigners, but also Americans. We can enable a filter at the state level to limit data sharing between federal agencies to state agencies, provide minimization, and reveal to affected individual that they are under surveillance.

Call your representatives and tell them to introduce the Electronic Data Privacy Act in your state! Click here for Model Legislation.

Leave a Reply

Your email address will not be published.