After the shock over the FISA order subsides, the big question becomes: "What has the NSA been doing with this data and any other material it may be obtaining?"
The troubling fact is that the NSA is very likely not retaining all of the information necessary to verify the answers it will give to such questions. Where's my evidence?
NSA records schedule N1-457-08-001, approved in 2009, governs the fate of "SIGINT Operational Data" such as "intercepted communications" including "voice, data or video and related records" as well as "SIGINT Operational Analysis Information and Records" and other relevant records. I've posted it here (it is also available on the National Archives website here, although intelligence-related schedules posted there have been known to suddenly become "temporarily unavailable").
What does the NSA SIGINT records schedule say?
First, all the "Operational Data" (Item 1) itself is considered "temporary" and the NSA is empowered to destroy such records as soon as it is no longer of "intelligence interest or potentially useful" in NSA's "analytic research." Making the retention of this data subject only to NSA's interests and uses is remarkable in that it completely ignores the value of these records in providing, among other things, accountability and evidence of the extent of NSA operations. How this is consistent with, for example, the federal records laws, which require that agencies preserve records "necessary to protect the legal and financial rights of the Government and of persons directly affected by the agency's activities" is less than clear. 44 U.S.C. § 3101 (emphasis added). Some of this concern is perhaps alleviated by the breadth of the FISA order given that it provides independent evidence that can confirm whether the NSA collected data of a given person (if you were using a relevant Verizon system during a relevant time period, the answer appears to be yes), but such data (and other collected material we may know nothing about) unquestionably has significant value beyond this.
Similarly, "SIGINT Collection Methods" (Item 5) which includes records relating to "the acquisition, processing, analysis, reporting" of "intercepted target communications" and "SIGINT Tasking/Targeting Analysis" (Item 7) which includes "information/data that document the exchange of SIGINT material" and "documentation reflecting the acquisition, receipt, source control, distribution/location" of "SIGINT material" are also considered "temporary" records subject to destruction after 5 years. This means that decades from now, when historians are finally granted access to freshly declassified NSA records in order to study these events, any records the NSA places in these rather vague and pliable categories will no longer exist. Even if a Congressional committee were to begin a new investigation today, records in such categories could already be gone prior to a moving 5-year wall of destruction that currently sits somewhere around 2008.
Second, the NSA records schedule provides that several other categories of SIGINT records are "permanent" including "SIGINT Product," which are serialized intelligence reports (Item 2) and "SIGINT Operational Analysis Information and Records" (Item 3), which includes "tasking messages," "dossiers, listings," and "evaluation plans." However, the retention of these "permanent" records are also, like the "temporary" ones above, subject to a significant "EXCEPTION" which notes:
Any data that contains, or could contain, U.S. person information has legal ramifications. There are strict timelines for retention of this data and it must be handled in accordance with USSID SP0018, including Annex A, Appendix 1 [try here]; DoD 5240.1-R [try here]; and any special minimization procedures that govern the retention of that data. For data collected pursuant to the Foreign Intelligence Surveillance Act (FISA) or Protect America Act (PAA), retention may only be done in accordance with the minimization procedures for that data.Thus even though the value of these records was appraised to be important enough to require permanent retention (as in, you can never destroy it), the most Constitutionally-significant records among them involving "U.S. person information" will nevertheless be destroyed based on limited retention periods.
This highlights a fascinating, distressing conflict between the goal of protecting the privacy rights of individuals by using "minimization procedures" that limit how long the NSA can retain U.S. person data, on the one hand, and the value of protecting our privacy rights by preserving such records to document the extent of NSA domestic operations and to provide long-term accountability (even if just historical accountability), on the other. Minimization procedures have existed for years and have been blessed by the FISA court and apparently the National Archives. In my view, however, the idea that the NSA could surreptitiously collect, analyze, and utilize data about my communications and then erase its footprints by destroying the records of having done so in the name of protecting my rights seems like a poor form of protection. The destruction of such documentation could remove the evidence necessary to verify the breadth of NSA collection and how they actually used the data and thereby makes NSA assurances that either data was never collected or was never used for nefarious purposes ultimately a matter of trust (or conspiracy). I personally would prefer that the NSA be required to retain more of these records in order to provide verifiable accountability.
A similar conflict has arisen with some frequency in determining what to do with the records of state security services following the fall of repressive regimes (drawing the comparison only by analogy). Nations have sometimes decided to destroy such records based on the conclusion that they were inappropriately collected and, as with minimization retention limits, to protect privacy and to prevent their use for any abusive purposes in the future. Just as often, however, nations have decided to preserve such records for accountability and as evidence and history. See, e.g., Antonio Gonzalez Quintana, Archival Policies in the Protection of Human Rights (pdf see esp. 51-55). I don't think these latter considerations have been sufficiently considered in current debates over surveillance, perhaps today would be a good day to start.
[Updated to correct typo]