Software vulnerabilities aren’t the only thing that the NSA stockpiles. Four years ago, the American public learned that the agency hoovers up metadata pertaining to the private communications of most every adult in this country. … What if the U.S. government never itself abused the system it built, but failed to safeguard its contents?
The likelihood of the trove’s eventual theft strikes me as significant (and that is assuming that a foreign government or group of hackers hasn’t already gotten any of it). The NSA failed to stop Snowden from taking some of its most closely held secrets. It failed to stop the Shadow Brokers from taking some of its most closely held cyber weapons and deploying them against innocents, including Americans. Why expect it to successfully safeguard its most closely held trove of metadata?
To keep it in the hands of the NSA, given its track record, is folly. All data the NSA retains on Americans should be erased now before it falls into the wrong hands. And Congress should pass data-retention laws that force categories of private corporations, which are often even less capable of safeguarding the data that they amass, to purge whole categories of sensitive information at regular intervals. How many breaches must we witness to give up on securing and start deleting?