NSA Retention and Collection of Crypto Data

John Young jya at pipeline.com
Mon Sep 4 11:48:41 PDT 2006

Cryptome received via FOIA from NSA this weekend a procedures 
document for COMINT affecting US persons, dated March 2004, which 
mentions retention and collection of crypto-related data:


[Excerpt 1]

2. Retention

(S/SI) Foreign communications of, or concerning, United States persons that
intercepted by the United States Signals Intelligence System may be retained 
in their original form or as transcribed only:

  (a) if processed so as to eliminate any reference to United States persons;

  (b) if necessary to the maintenance of technical data bases. Retention for
  this purpose is permitted for a period sufficient to allow a thorough
  exploitation and to permit access to data that are, or are reasonably
  likely to become, relevant to a current or future intelligent requirement.
  Sufficient duration may vary with the nature of the exploitation. In the
  context of a cryptanalytic effort, sufficient duration may consist of a
  of time during which encrypted material is subject to, or of use in,
  cryptanalysis. In the case of international commercial communications that
  may contain the identity of United States persons and that are not
  or otherwise thought to contain secret meaning, sufficient duration is one
  year unless the Deputy Director for Operations, National Security Agency,
  determines in writing that retention for a longer period is required to
  to authorized foreign intelligence or counterintelligence requirements; or

[End excerpt 1]

[Excerpt 2]

D. (C) Signals Intelligence: Search and Development.

The United States Signals Intelligence System may conduct search and 
development activities with respect to signals throughout the radio spectrum 
under the following limitations:

1. Collection. Signals may be collected only for the purpose of identifying
signals that:

  (a) may contain information related to the production of foreign
  or counterintelligence;

  (b) are enciphered or appear to contain secret meaning;

  (c) are necessary to ensure efficient signals intelligence collection or
  to avoid the collection of unwanted signals; or

  (d) reveal vulnerability of United States communications security.

[End excerpt 2]

More information about the cypherpunks-legacy mailing list