Cryptome received via FOIA from NSA this weekend a procedures document for COMINT affecting US persons, dated March 2004, which mentions retention and collection of crypto-related data: http://cryptome.org/nsa-css-1-23.htm [Excerpt 1] 2. Retention (S/SI) Foreign communications of, or concerning, United States persons that are intercepted by the United States Signals Intelligence System may be retained in their original form or as transcribed only: (a) if processed so as to eliminate any reference to United States persons; (b) if necessary to the maintenance of technical data bases. Retention for this purpose is permitted for a period sufficient to allow a thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a current or future intelligent requirement. Sufficient duration may vary with the nature of the exploitation. In the context of a cryptanalytic effort, sufficient duration may consist of a period of time during which encrypted material is subject to, or of use in, cryptanalysis. In the case of international commercial communications that may contain the identity of United States persons and that are not enciphered or otherwise thought to contain secret meaning, sufficient duration is one year unless the Deputy Director for Operations, National Security Agency, determines in writing that retention for a longer period is required to respond to authorized foreign intelligence or counterintelligence requirements; or [End excerpt 1] [Excerpt 2] D. (C) Signals Intelligence: Search and Development. The United States Signals Intelligence System may conduct search and development activities with respect to signals throughout the radio spectrum under the following limitations: 1. Collection. Signals may be collected only for the purpose of identifying those signals that: (a) may contain information related to the production of foreign intelligence or counterintelligence; (b) are enciphered or appear to contain secret meaning; (c) are necessary to ensure efficient signals intelligence collection or to avoid the collection of unwanted signals; or (d) reveal vulnerability of United States communications security. [End excerpt 2]