Times, they may be a’ changin’ – at least as far as the National Security Agency’s spying activities are concerned.
The White House today released the full report (pdf) from the presidential NSA review panel, which recommends dozens of changes to the way the spy agency conducts its operations. If adopted, the recommended polices would provide greater oversight and accountability, and aim to restore Americans’ trust in both the US intelligence community and US-based technology companies.
End NSA’s bulk phone metadata collection
For average Americans, the most significant recommendation may be changes in the bulk collection of telephone metadata, which was recently deemed likely unconstitutional by a federal judge who called it “almost-Orwellian.” Rather than allow the NSA to continue its practice of collecting and storing the metadata of virtually every phone call made in the United States, the review panel believes private companies should collect the data, and only make it accessible to the NSA under court order.
“In our view, the current storage by the government of bulk meta-data creates potential risks to public trust, personal privacy, and civil liberty,” wrote the panel. “We recognize that the government might need access to such meta-data, which should be held instead either by private providers or by a private third party. This approach would allow the government access to the relevant information when such access is justified, and thus protect national security without unnecessarily threatening privacy and liberty.”
Restrict US government’s demands for private data
Additionally, the review board proposes “important restrictions” on the ability of the Foreign Intelligence Surveillance Court (FISC), which oversees the NSA’s surveillance activities in secret, to “compel third parties (such as telephone service providers) to disclose private information to the government.” Further, it endorses tighter restrictions on the FBI’s used of National Security Letters (NSLs), which require individuals or organizations to hand over private information while often times forbidding the recipients from speaking about government’s demands. The panel says NSLs should only be used with “prior judicial review except in emergencies, where time is of the essence.”
Stop breaking encryption and installing backdoors
The panel also suggests that the NSA halt its efforts to weaken commercial encryption standards, like PGP and others, that are used to protect communications and data store in the cloud. It further advises the NSA to stop attempts to discover or create so-called backdoors into commercial technology products to allow for agency intrusion; and to end its attempts to discover vulnerabilities in commercial software for cyberattack purposes, as a way to help rebuild trust in US-made computer programs.
Increase transparency and public participation
In another move that poised to appease US technology companies, many of which have demanded reforms of the NSA, the panel calls for greater transparency concerning government requests for personal data. The changes include allowing companies like Google or Facebook to divulge more information about the number and types of requests they receive from the government, and the number of people affected by these requests. The federal government is also asked to issue regular reports about its requests for citizens’ data.
Importantly, the panel further endorses transparency though a “public interest advocate to represent the interests of privacy and civil liberties” in arguments before the FISC. While these cases would be classified – meaning the public would not likely have access to the court records – it would be a marked increase in the ability of the public to have a say in the ways our rights are affected by the NSA’s activities.
The 300-page report includes a total of 46 recommendations that would, if enacted, affect the privacy of both US citizens and non-US persons, whom the panel believes should receive the same protections provided by the Privacy Act of 1974 as Americans.
It is not clear which, if any, of these proposed policy changes the government will enact. As The New York Times reports, some of the changes can be instituted by President Obama alone, while others require congressional action. One of the most fundamental proposed changes in the NSA’s structure – to split command of the NSA between different agencies – has already been rejected by Obama.
Even if all of the changes are adopted, the NSA’s surveillance activities will continue.
Read the panel’s full report below:
- Powerful data privacy legislation drafted by Democratic senator from Oregon
- Encryption-busting law passed in Australia may have global privacy implications
- Where Toronto sees smart sidewalks, residents see ‘1984.’ So what now?
- Facebook users unknowingly gave companies permission to see private messages
- BlackBerry survey: Consumers don’t trust connected devices to keep data secure