Again you're trying to prove yourself. You talk about authorization in an inconsistent manner. You say some need it to access raw SIGINT data to do their job, fine, that's business as usual. Then you say "people", anyone? can query a database but if they query the wrong thing they get flagged after the fact? That's kind of strange, why would they do that? Does the system routinely audit itself and filter keywords that are association outliers and then redact prior authorization and file a report? Why wouldn't it filter before and deny access? What are the key business rules that dictate the data access and auditing?'NSA agents'? The odd use of terms would leave me to believe you don't get this: certain people get access to 'raw SIGINT'. Not many, but they're not particularly high-ranking or anything. It's people doing a certain job. They can query a database and there's a lot of options. But they only have the legal power to go after certain targets. It has nothing to do with IT access. Zero. If they query something they shouldn't, it pops up and they're ****ed. Well, actually everything they query comes up, but you know what I mean.