Like most things a politician or spook says... what is actually going to happen isn't clear.
1) The NSA merely outsources the same thing it is doing now. That would be the worst of all scenarios. Where they set up a psuedo private entity to store all the business records that the NSA is forcing businesses to hand over without a constitutionally valid warrant. That option would merely continue today's unconstitutional practices and outsource the data storage provider. Literally just outsourcing the management of the building NSA built to some third party company. Complete BS and potentially even more dangerous to privacy.
2) The government passes a law specifying certain types of business records that must be kept on hand for a certain amount of time. For instance phone records need to be kept for 5 years, email logs or website logs need to be kept for 3 years and sms messages need to be kept for 1 year or something like that. However, exempt individuals from these data retention requirements because that could be abused to penalize people arbitrarily. And then work with the largest companies to standardize how the data needs to be transmitted in the case of a valid warrant (or I'll grant the need to just turn on the flow of real time data about everything to the NSA during briefly defined times of national emergency as ordered by the president and approved by congress, such as on the day of 9/11 when there were active attacks going on). In this scenario, data stays with the businesses that generated the records in the first place and goes no further without a constitutionally valid warrant or in times of imminent and great peril in which case privacy as a primary concern goes out the window, as it should when bombs are exploding and bullets flying.
But this is the issue. Will the government and industry honestly approach the option of data retention in place or as the initial reactions suggest will the NSA merely fight like hell to keep their power to collect everything as they see fit while Industry fights to keep their cushy contracts which have resulted from providing this data.
The NSA and the US Government under at least the last two administrations has betrayed the United States Constitution and undermined the freedom that generations have fought and died for.
No line that Snowden has crossed is even remotely comparable to the wholesale betrayal by the NSA and the executive of our Bill of Rights or diminishes from the debt of gratitude that we owe Snowden for revealing the depth and breadth of that betrayal.
What we need to do now is focus on what is wrong with what the NSA has been doing. That they and the entire US government again comes to respect the Bill of Rights, within our own borders, and stops forceably collecting records without constitutionally valid warrants.
Such times and needs surely do exist in the extreme, but we don't want to live in a society where this level of government spying has become the norm. We have faced greater threats before and, even in the face of complete nuclear annihilation, our history shows that such spying by the government on Americans is never acceptable.
Don't blame Disney. This evil starts with Amazon, they're the ones that allow your purchased products to be stolen back again on a whim.
So, the article says that Amazon said that this was a glitch and has now been corrected... so perhaps we could get a real story with some actual verification that users have access to their purchases again. Seems like this story is way way overblown. If it were true, then obviously people are due refunds... but it doesn't appear to be true.
The difference with the mail is that you are giving your letter to a Federal agency to deliver it to the intended recipient. They know the sender and recipient because you are voluntarily telling them.
In the case of "business records" kept by a private company or an individual I say they have a right to keep those records private unless the government obtains a warrant.
Whether it is an individual or a business it doesn't matter. If I have a letter from you in my possession then it is my fourth amendment right to keep that private unless the government has a warrant. But it would also be my right to surrender that letter to the government at their request.
The parts I object to regarding current practices are the government demanding that letter and forcing me to turn it over and the fact that congress has interfered with private contracts between companies or individuals and other individuals by saying that companies or people are not liable for violating their privacy agreements by complying with government requests for data. If I have an agreement with you that you will not give my letter to anyone without a warrant, then courts should uphold that as a legal contract.
Companies should be free to refuse demands for data that don't come with a warrant and customers should be free to sue companies if they violate their privacy agreements by conveying specified business records to the government. And therefore companies should be able to compete on the strength of their privacy agreements and customers can decide what level of privacy they want.
you obtain the necessary warrant and then perform whatever action is necessary without breaking the law. was that so hard?
No it shouldn't be. As long as the businesses keep the records for a period of time, then you can leave them in place with the businesses until you have enough for a warrant.
Data mining for suspicious patterns on the communications and records of millions of Americans that otherwise aren't related to any targeted persons or haven't accessed any targeted websites should be off limits.
Also, even if we lowered the standard to something less than a warrant for foreign intelligence and terrorism cases, you don't "connect the dots" by collecting all the dots first and then sorting them out later. Target known terrorists, suspected terrorists and connect the dots from there using a network approach starting with the originally targeted and monitored persons or web sites.
The only thing you might miss from the approach of only requesting data relevant to an ongoing investigation with particular named targets is the random lone terrorist that doesn't communicate with known terrorists or access terrorist websites that are being monitored. Or perhaps fit some sort of e-profile for some sort of targeted behavior. But that is the line where creepy and big brother meet the road and we shouldn't be treading in those waters... to mix metaphors.
As it stands now everything that is being discussed publicly is about catching people that interact with known terrorists or terrorist web sites which means you should be monitoring all the communications of known terrorists already based on a warrant for a named person and can spider out your monitoring based on frequency, type and content of communications with additional requests based on information derived from the first warrant. The result should also be of higher quality because investigators will be dealing with less noise.
Whenever people agree with me, I always think I must be wrong. - Oscar Wilde