The White House on Wednesday released a 303-page report from a panel of presidential advisors who recommended that the National Security Agency’s (NSA’s) massive data trawling carry on, but that the data be kept in private hands for “queries and data mining” only by court order.
The panel – former White House counter-terrorism advisor Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass R. Sunstein, and Peter Swire – delivered 46 recommendations to US President Barack Obama in the report.
According to the Agence France-Presse (AFP), Obama spokesman Jay Carney said that the report was released earlier than a planned January date due to the media getting the contents wrong:
While we had intended to release the review group's full report in January ... given the inaccurate and incomplete reports in the press about the report's content, we felt it was important to allow people to see the full report to draw their own conclusions.
Obama met with members of the panel earlier on Wednesday to work through the recommendations.
As far as surveillance of US persons goes, the panel isn’t recommending that the government stop collecting and storing bulk telephony metadata – i.e., telephone numbers that originate and receive calls, along with the time and date of calls.
Rather, the panel wants to see Congress merely transfer all that metadata over to private hands, from whence it can be queried “when necessary for national security purposes.”
The panel also recommended boosting the privacy of non-US persons to the point where they would get the same protections now given to Americans under the Privacy Act of 1974.
That act keeps the government from disclosing information about people without the written consent of a given individual – unless, that is, disclosing the information falls under a smorgasbord of statutory exceptions, one of which being law enforcement purposes.
(Am I missing something here? One imagines that “for law enforcement purposes” could actually be used to exempt pretty much all intelligence agency access to people’s records without their permission. Legal experts, your input would be welcome in the comments section below.)
Another recommendation must surely have been dubbed the “Appease the Very Indignant and Very Spied Upon German Chancellor Angela Merkel” clause when the panelists were working on it, given that it addresses “unjustified or unnecessary” surveillance of foreign leaders – particularly leaders of countries with which that the US shares “fundamental values and interests”.
The group also suggested that any operation that entails spying on foreign leaders should pass a rigorous test to see if the intelligence gained would outweigh the economic and diplomatic problems that could erupt if the operation were to become public.
The panel also wants the NSA to back off from its work to undercut attempts to create secure encryption standards.
One such effort is the NSA’s attempts to peel apart the layers of the Tor anonymizing service.
We recommend that, regarding encryption, the US Government should:
(1) fully support and not undermine efforts to create encryption standards;
(2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and
(3) increase the use of encryption, and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
The panel would also like to see the NSA be headed up by a Congressional appointee, which could be a civilian – a possibility the panel suggested President Obama seriously consider.
Beyond maybe sticking a civilian into the top job at the NSA, the panel also thinks it would be nice to split the NSA between a military commander in charge of the Pentagon’s cyberwarfare unit – US Cyber Command – and another individual as director of the NSA.
That recommendation was dead in the water before the panel’s report ever saw the light of day, however.
Last week, the White House said that the Obama administration likes the positions of NSA Director and Cyber Command commander just fine the way they are, all rolled up into one “dual-hatted” position.
The recommendations are just that: recommendations. It’s unclear which, if any, will actually be adopted, particularly given that, as the New York Times pointed out, some would require Congress to enact new legislation.
At any rate, the recommendations shy away from the strong condemnation delivered by the US federal judge who on Monday ordered the NSA to stop collecting phone metadata, calling the agency’s collection technology “almost Orwellian” and deeming it likely unconstitutional.
It’s also worth noting how dated much of the material Edward Snowden has disclosed in the months following his triggering of NSA-gate in June.
For example, the presentation published by The Guardian concerning XKeyscore, the NSA search engine, goes back to 2008. So is the panel five years behind the curve? Are the recommendations based on current technologies and practices?
Also, might we perhaps demand deeper change than tweaks that mostly involve who gets to authorize searches and that the NSA is directed up by one or two heads?
It’s the trawling of both domestic and foreign data that seems to be the biggest problem, not who issues the warrants for searching it.Follow @NakedSecurity