All very fair points. I'm not sure if it's even possible to get the kind of necessary supervision. I'm just pointing out that the law isn't facially ridiculous, even if it might create structures that are practically unworkable.
I think we can get "good enough" supervision using a combination of even just widely-known management controls. Technical controls would add icing to that cake but I don't think it would even be technically necessary.
Much like with vaccination regimes we're trying to ensure that a critical mass of malicious analysts are not able to form, so you don't necessarily have to catch them all but you do have to catch enough to ensure no damaging conspiracies can form.
- Combine an evidence review process where an analyst's products are routed for minimize/warrant compliance to ensure the data is sourced properly.
- Ensure the supervisors are trained and maintain proficiency so as to be able to support those reviews.
- Have trained NSA analysts take a career path (or at the very least a detail) as auditors whose function is to audit usages of these collected records (both in the past and currently in-use). Require a supervisor of some level to override an audit hold on a current investigation, and have that override automatically emailed to designated personnel (the idea being to ensure that multiple unrelated persons get their hands dirty if malicious activity is going on).
These are all just examples, I'm those with more brains on human systems engineering could think of something more appropriate.
But the point is that, even as serious as this issue is, we're not talking about things like life or death, severe damage to property, people not getting paid, people improperly getting paid, or any of the numerous other pressure points a government can use to create a police state. So surely there are administrative controls that can be emplaced, if we must choose to do this, to get the benefit without the risk to the rise of a police state. In fact I think such a thing could even be itself publicly documented without affecting the real need of the NSA (and other IC agencies) to maintain absolute secrecy about their tactical operations and policies.
