They very clearly put limits only around "targets". What about information picked up "incidentally"? Also, the whole parts about "information must be immediately terminated", reminds me of some big cos where they had rules that "all code must be fully unit tested". It's not going to happen unless there are steep penalties for not doing it.
Instead of "guidelines", I would love to see actual numbers:
The NSA collected X,000 Terabytes of Information in 2012, consisting of X,000,000,000,000,000 records. At the end of the year, 2TB and X number of objects were kept, and the rest deleted properly (data actually written over).
They have asked the simple question before, [Paraphrased] "How many Americans are you spying on?", and the NSA said it would violate our freedoms for them to even mention the number.
Instead of "guidelines", I would love to see actual numbers:
The NSA collected X,000 Terabytes of Information in 2012, consisting of X,000,000,000,000,000 records. At the end of the year, 2TB and X number of objects were kept, and the rest deleted properly (data actually written over).
That would be so much simpler and better.