President Obama just announced big changes to America's massive government surveillance programs, promising to add new safeguards to protect Americans' privacy and place new restrictions on how the NSA can use the information it collects on ordinary citizens. We've graded the big changes below, comparing them to the reforms that were recommended by an independent review panel last year. All in all, the proposed changes mainly concern the NSA's bulk collection of Americans' phone records, not its spying on internet communications. Even accounting for that limitation, they seem good on paper — and far better than many privacy advocates feared — but we're still waiting to see how they will be enacted.
Our scoring takes into account the fact that Obama can’t single-handedly execute the reforms that the panel recommends; in several cases, Congress will need to pass legal reforms, and in others, departments themselves will need to develop and make changes under his direction. For purposes of grading, we’re also assuming some level of good faith: if a resolution is so broad as to be meaningless, it will affect the score, but guidelines that don’t come with a specific policy directive can still be graded well. Keep in mind that this categorically isn’t an evaluation of what’s going to happen, just what we’re being promised today -- for whatever that’s worth. This isn’t a wish list of how the program will ideally be reformed, but it’s holding Obama to the recommendations his panel made.
Reform bulk phone record collection
The White House has promised to "end the program as it currently exists," moving phone records out of the government’s direct control. What that is remains to be seen: Obama is asking the intelligence community, including the attorney general and the NSA, to come back in March with alternative ideas. The review panel recommended either asking phone companies to hold information or putting it in the hands of a private third party, both of which pose their own privacy concerns but would mark a step away from centralized collection. Obama also made direct changes to the program as it exists today, though. From now on, analysts can only query records with approval from the FISA court, and they can only search within two "hops" or degrees from the target number, rather than three.
End national security letter abuse
National security letters – the secret government orders that compel companies like Google and Facebook to turn over user information to the FBI, without telling the users' themselves – don’t appear to be getting that much added oversight. The president said in his speech that he had directed Attorney General Eric Holder to "amend" the secrecy surrounding the letters so that the users who were targeted by them could be told and that tech companies could share more information with the public about the letters they received. But the scope of the letters isn't being narrowed. None of this is precisely a surprise; the FBI pushed hard to maintain NSLs’ ease of use, promising that last decade’s rampant abuse has been curbed and that the letters are a vital national security tool. We are, however, seeing significant reforms to the accompanying gag orders:
Lock down the NSA email database
The president mostly defended the NSA's sweeping collection of ordinary citizens' emails at home and abroad, saying "the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people. They are not abusing authorities in order to listen to your private phone calls, or read your emails." Obama acknowledged "mistakes" had been made, but said they were quickly corrected. He pointed out that even intelligence workers "have kids on Facebook and Instagram," and so were not inclined to abuse their authority. It seems like this program will remain mostly unchanged for now.
Give the FISA court teeth
Much of this work will have to be done by Congress, but the president made a strong commitment to many of the crucial FISA reforms, including the new position of Public Interest Advocate, which also now includes an unexpected technical component. The president also made gestures towards annual declassification reviews, a crucial but delicate transparency measure where the details of implimentation will be particularly important to watch. There was little word about the wonky details of how FISA judges are confirmed, but the larger push for FISA reform suggests those changes have a good chance of coming through.
Create external oversight for the NSA
This is a serious point of disagreement between Obama and the review panel, although it's not necessarily a bad one. The review panel's oversight mechanisms are all focused in the executive branch, adding new presidentially appointed offices and stronger oversight from the presidential staff. Obama's directives ignore that entirely, favoring oversight from the judicial branch. In many ways it's a better solution, offering a stronger check on from a separate branch of government. It's also a challenge the judiciary is better equipped to handle in many ways. Still the judges in question are unlikely to be as sensitive to public opinion as the proposed Sensitive Activities Office. There were a few nods towards more review from department heads, but anyone hoping for strong oversight from civilian agencies is coming away empty-handed.
Stop weakening encryption standards
For the cryptography geeks and civil liberties advocates, this was the main event, proof that the US government was undermining the essential tools of online privacy. Unfortunately, Obama hasn't touched this yet, possibly betting that most Americans care more about their phones than their HTTPS layer. The president also hasn't made any moves to separate the NSA from the US Cyber Command, or touched the NSA's status as the government's codemaker general. Anyone waiting for a sweeping affirmation of the sanctity of encryption would be advised not to hold their breath.
End spying on foreign leaders
This was one of the most damaging leaks, and while most of the backpedaling has happened on the diplomatic stage, it’s been a key example of NSA power run amok. Spying on Angela Merkel was a key example where diplomatic risk outweighed the benefits of the information involved. In today’s speech, the president explicitly said he had instructed intelligence agencies to refrain from surveilling friendly heads of state, and while there’s no specific program to stop it from happening again, the president has asked Secretary of State John Kerry to appoint a new official, a "Coordinator for International Diplomacy," to handle complaints and questions about international surveillance from foreign leaders and dignitaries.
In sum, President Obama’s new reforms offer some hope, but little change. If, as the President suggested, the most controversial program was the collection of phone records, then today’s news is reassuring. The collection of bulk phone records is on the cusp of real and lasting reforms, far beyond the illusory reforms many were predicting. But for those who were more concerned with the NSA reading emails or monitoring web browsing, the president offered surprisingly little.
Neither the speech nor the directive addressed PRISM or the tapping of private company networks at Google and Yahoo. Long-standing issues like national security letters received some instructions for future reform, but only after a process of negotiation with the FBI and with no assurance that they would see greater oversight. The NSA will continue its quiet war against encryption tools. Even the promised progress is only a first step, a seed of reform which could easily perish in a hostile legislature or an unresponsive bureaucracy. The next test will come when intelligence agencies respond to the proposals, and Congress moves forward with existing bills for FISA reform.