The natural follow-up to that is what's collected incidentally, which is also brought up in the legislation. The counter-argument could be made that when they do collect incidental information, keeping it requires authorization, but it feels as though the way the thresholds are defined is not sufficient and that it would be relatively easy to justify the collection of incidental information while going after someone else. What are the concerns about incidental information being collected?
I think to some people in the digital world incidental information means something very different from what it would have meant for a more old-fashioned police or national security investigation from 25 or 30 years ago, for example.