clock menu more-arrow no yes mobile
obama-whitehouse-nsa-spying
obama-whitehouse-nsa-spying

Filed under:

President Obama's NSA reforms show both promise and peril

The president's NSA changes have potential to increase privacy, but need concrete action

President Obama just announced big changes to America's massive government surveillance programs, promising to add new safeguards to protect Americans' privacy and place new restrictions on how the NSA can use the information it collects on ordinary citizens. We've graded the big changes below, comparing them to the reforms that were recommended by an independent review panel last year. All in all, the proposed changes mainly concern the NSA's bulk collection of Americans' phone records, not its spying on internet communications. Even accounting for that limitation, they seem good on paper — and far better than many privacy advocates feared — but we're still waiting to see how they will be enacted.

Our scoring takes into account the fact that Obama can’t single-handedly execute the reforms that the panel recommends; in several cases, Congress will need to pass legal reforms, and in others, departments themselves will need to develop and make changes under his direction. For purposes of grading, we’re also assuming some level of good faith: if a resolution is so broad as to be meaningless, it will affect the score, but guidelines that don’t come with a specific policy directive can still be graded well. Keep in mind that this categorically isn’t an evaluation of what’s going to happen, just what we’re being promised today -- for whatever that’s worth. This isn’t a wish list of how the program will ideally be reformed, but it’s holding Obama to the recommendations his panel made.

Reform bulk phone record collection

The White House has promised to "end the program as it currently exists," moving phone records out of the government’s direct control. What that is remains to be seen: Obama is asking the intelligence community, including the attorney general and the NSA, to come back in March with alternative ideas. The review panel recommended either asking phone companies to hold information or putting it in the hands of a private third party, both of which pose their own privacy concerns but would mark a step away from centralized collection. Obama also made direct changes to the program as it exists today, though. From now on, analysts can only query records with approval from the FISA court, and they can only search within two "hops" or degrees from the target number, rather than three.

Recommendations

    Move metadata into the hands of a third party

  • Instead of collecting phone records in a central database, leave it in the hands of phone companies or another private third party

  • Tighten Section 215 to require more specific requests

  • Each piece of information the NSA collects must be relevant to a national security investigation

  • Commit to stop collecting and storing mass personal information

  • As a general rule, "the government should not be permitted to collect and store all mass, undigested, non-public personal information."

Grade

C
A
B
Vrg_fpo_1020_featurelead

End national security letter abuse

National security letters – the secret government orders that compel companies like Google and Facebook to turn over user information to the FBI, without telling the users' themselves – don’t appear to be getting that much added oversight. The president said in his speech that he had directed Attorney General Eric Holder to "amend" the secrecy surrounding the letters so that the users who were targeted by them could be told and that tech companies could share more information with the public about the letters they received. But the scope of the letters isn't being narrowed. None of this is precisely a surprise; the FBI pushed hard to maintain NSLs’ ease of use, promising that last decade’s rampant abuse has been curbed and that the letters are a vital national security tool. We are, however, seeing significant reforms to the accompanying gag orders:

Recommendations

    Add judicial oversight for national security letters

  • Letters should have to go through a court instead of being managed almost purely by the FBI

  • Guarantee limits in the scope of national security letters

  • NSLs must be "reasonable in focus, scope, and breadth," subject to the same limits on keeping and distributing information as the court-managed Section 215 law

  • Loosen gag orders

  • Unless a court says it would pose a significant risk, recipients shouldn’t be banned from talking about an NSL; if they are, the order should expire within 180 days unless renewed

Grade

D
F
B
Vrg_fpo_1020_featurelead

Lock down the NSA email database

The president mostly defended the NSA's sweeping collection of ordinary citizens' emails at home and abroad, saying "the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people. They are not abusing authorities in order to listen to your private phone calls, or read your emails." Obama acknowledged "mistakes" had been made, but said they were quickly corrected. He pointed out that even intelligence workers "have kids on Facebook and Instagram," and so were not inclined to abuse their authority. It seems like this program will remain mostly unchanged for now.

Recommendations

    Purge information about US persons

  • If any information about a US citizen is collected under a law for non-American surveillance, it should be purged immediately unless it has foreign intelligence value

  • Limit using data involving American communications

  • If data from a US person is kept, it shouldn’t be used as evidence in any case against them, and the government can’t specifically search for communications involving a particular US person

  • Target non-Americans responsibly and only for national security

  • Non-US persons should only be surveilled for national security, and the US should make clear that it’s not targeting people for political or religious beliefs and is monitoring the program as closely as possible

Grade

D
B
B
Vrg_fpo_1020_featurelead

Give the FISA court teeth

Much of this work will have to be done by Congress, but the president made a strong commitment to many of the crucial FISA reforms, including the new position of Public Interest Advocate, which also now includes an unexpected technical component. The president also made gestures towards annual declassification reviews, a crucial but delicate transparency measure where the details of implimentation will be particularly important to watch. There was little word about the wonky details of how FISA judges are confirmed, but the larger push for FISA reform suggests those changes have a good chance of coming through.

Recommendations

    Create Public Interest Advocate for FISA court

  • This post would be a citizen’s advocate, arguing against the NSA’s surveillance demands.

  • New declassification review for FISA rulings

  • Before now, the court’s rulings have been secret by default.

  • New appointment procedure for FISA judges

  • The new procedure would tie FISA judges to the Supreme Court, separating the court further from the executive branch.

Grade

A
B
N/A
Vrg_fpo_1020_featurelead

Create external oversight for the NSA

This is a serious point of disagreement between Obama and the review panel, although it's not necessarily a bad one. The review panel's oversight mechanisms are all focused in the executive branch, adding new presidentially appointed offices and stronger oversight from the presidential staff. Obama's directives ignore that entirely, favoring oversight from the judicial branch. In many ways it's a better solution, offering a stronger check on from a separate branch of government. It's also a challenge the judiciary is better equipped to handle in many ways. Still the judges in question are unlikely to be as sensitive to public opinion as the proposed Sensitive Activities Office. There were a few nods towards more review from department heads, but anyone hoping for strong oversight from civilian agencies is coming away empty-handed.

Recommendations

    Establish a Sensitive Activities Office

  • The independent office would monitor classified collection activities, and object when they seem inappropriately broad.

  • Senior policymakers will review requirements, methods and targets.

  • This would give the president more of a say in the tools the NSA uses, and what it uses them for.

Grade

F
C
Vrg_fpo_1020_featurelead

Stop weakening encryption standards

For the cryptography geeks and civil liberties advocates, this was the main event, proof that the US government was undermining the essential tools of online privacy. Unfortunately, Obama hasn't touched this yet, possibly betting that most Americans care more about their phones than their HTTPS layer. The president also hasn't made any moves to separate the NSA from the US Cyber Command, or touched the NSA's status as the government's codemaker general. Anyone waiting for a sweeping affirmation of the sanctity of encryption would be advised not to hold their breath.

Recommendations

    Separate NSA from NIST’s cryptography approval process.

  • After inserting its own backdoors, the NSA has no credibility as an encryption authority.

  • Assistant Secretary of State will lead diplomacy of international information technology issues

  • New efforts are needed to regain the world’s trust in American IT products.

  • The NSA will not hold encrypted communication as a way to avoid retention limits.

  • Right now, the NSA retains encrypted communications automatically, holding them as suspicious by default.

Grade

F
F
F
Vrg_fpo_1020_featurelead

End spying on foreign leaders

This was one of the most damaging leaks, and while most of the backpedaling has happened on the diplomatic stage, it’s been a key example of NSA power run amok. Spying on Angela Merkel was a key example where diplomatic risk outweighed the benefits of the information involved. In today’s speech, the president explicitly said he had instructed intelligence agencies to refrain from surveilling friendly heads of state, and while there’s no specific program to stop it from happening again, the president has asked Secretary of State John Kerry to appoint a new official, a "Coordinator for International Diplomacy," to handle complaints and questions about international surveillance from foreign leaders and dignitaries.

Recommendations

    Institute a new process requiring high-level approval for politically sensitive operations

  • It’s likely the President didn’t even know the NSA was tapping the German chancellor’s phone. New reforms would require explicit approval before other world leaders could be surveilled.

Grade

A

In sum, President Obama’s new reforms offer some hope, but little change. If, as the President suggested, the most controversial program was the collection of phone records, then today’s news is reassuring. The collection of bulk phone records is on the cusp of real and lasting reforms, far beyond the illusory reforms many were predicting. But for those who were more concerned with the NSA reading emails or monitoring web browsing, the president offered surprisingly little.

final grade

C

Neither the speech nor the directive addressed PRISM or the tapping of private company networks at Google and Yahoo. Long-standing issues like national security letters received some instructions for future reform, but only after a process of negotiation with the FBI and with no assurance that they would see greater oversight. The NSA will continue its quiet war against encryption tools. Even the promised progress is only a first step, a seed of reform which could easily perish in a hostile legislature or an unresponsive bureaucracy. The next test will come when intelligence agencies respond to the proposals, and Congress moves forward with existing bills for FISA reform.