Once data has been collected and filtered, it must be stored, tagged, and later removed or destroyed. This phase of the SIGINT process is particularly relevant for both oversight bodies and the intelligence services because lawful and efficient data management is the basis for relevant data analysis.
Bulk data processing presents several complex governance challenges that will occupy oversight bodies for years to come. There is plenty of room for oversight innovation.
When drafting intelligence legislation, lawmakers should be sufficiently mindful of the role and depth of multilateral intelligence cooperation. Services exchange raw and evaluated data in enormous quantities with their foreign partners and jointly feed various databases. Legal frameworks should account for the joint responsibility that governments have for joint databases, even if they are not hosted on their territory. Furthermore, there is a pressing need to ensure effective oversight of shared databases, possibly in the form of multilateral oversight.
Many oversight bodies seem to agree that much more work needs to be done to independently verify that the services honor their obligations to delete data. Drafting standards for what constitutes proper deletion and how this can be verified would be one important step in this direction.