US government tries to rebuild lost trust after NSA surveillance leaks

The Privacy and Civil Liberties Oversight Board, a White House watchdog group that condemned the Obama administration's phone surveillance program earlier this year, has released another report — and civil liberties groups aren't happy about it. The report took on Section 702 of the Foreign Intelligence Surveillance Act, which the NSA, CIA, and FBI have used to justify collecting the contents of emails and other electronic communications from web services or directly through internet backbone cables. It's the rule that governs PRISM, one of the first surveillance systems to be revealed by Edward Snowden. According to the board, though, it's completely legal.

The board addresses two known programs that are run under Section 702: PRISM collection and upstream collection. PRISM isn't the only surveillance database, but here, it refers to a program where the government requests data from an internet service provider or a web service. Upstream collection, by contrast, bypasses both these parties and heads straight for the large cables that form the "backbone" of the internet. Both are used to collect information about non-citizens who aren't in the United States. Unlike the phone metadata program, it doesn't collect everything in a database, just the results of certain search terms. For the PCLOB, that distinction is crucial. "Although the program is large ... it consists entirely of targeting individual persons and acquiring communications associated with those persons," the report reads. "The program does not operate by collecting communications in bulk."

The Brazilian government this week passed new legislation aimed at protecting internet privacy and guaranteeing open access to the web. As the Associated Press reports, Brazilian President Dilma Rousseff signed the so-called "internet constitution" into law yesterday before speaking at a conference on web governance in Sao Paulo, where she hailed the legislation as critical to protecting human rights and net neutrality.

"The internet you want is only possible in an environment of respect for human rights," Rousseff said in a statement on her website, "especially privacy and freedom of expression."

President Barack Obama has officially announced his plan to reform the National Security Agency's collection of phone records. Under his new proposal, the agency would no longer keep a database holding a large percentage of all American call records. Instead, phone companies like AT&T and Verizon would keep them for the same length of time they do now, and the government would submit requests for individual numbers after getting approval from the Foreign Intelligence Surveillance Court. Phone companies, for their part, would have to provide "technical assistance" in order to make sure that the government could easily search for and collect information, which could include the numbers that had been in communication with a particular subscriber, the duration of calls, and similar information from within two degrees of separation (or "hops") from a target.

The Obama administration has been presented with four wide-ranging options on how to reform the National Security Agency's (NSA) phone data collection program — including doing away with it altogether — according to a report from the Wall Street Journal. Citing officials close to the matter, the Journal reports that intelligence officials presented the options ahead of the March 28th deadline that President Barack Obama set forth in a speech about NSA reform earlier this year.

One proposal would be to put phone metadata collection under the purview of US telecommunications companies. Under this option, the NSA would inform the companies of when it needs to search their databases for terrorism-related investigations, and the phone companies would return only the results of those searches, rather than data on consumers unrelated to the investigations.

Director of National Intelligence James Clapper has weathered a firestorm of criticism in the months since Edward Snowden leaked documents detailing the NSA's bulk surveillance activity. Since then, he has declassified numerous documents as a means of showing transparency on the part of the government. However, in an interview with The Daily Beast, Clapper goes so far as to say that had the agency been transparent about data collection from the beginning, the issue would not have exploded into a scandal.

The ongoing revelations about the extent of NSA data collection are causing other countries to tighten up their security and keep their citizens' data private. Germany in particular has been talking about keeping its internet traffic and email messages private within the country for some time, and now the country is planning to work with France to help build a network throughout Europe that keeps data away from the United States. According to Reuters, German Chancellor Angela Merkel (pictured above) is planning to discuss a European communication network that'll keep internet traffic away from the US with French President Francois Hollande when they meet later this week.

This comes after it was revealed that the NSA had monitored Chancellor Merkel's cell phone communications for more than a decade — something Merkel called "a serious breach of trust." Now, Merkel wants to enlist other countries in its privacy push. "Above all, we'll talk about European providers that offer security for our citizens, so that one shouldn't have to send emails and other information across the Atlantic," Merkel said. "Rather, one could build up a communication network inside Europe."

The secret FISA court has approved two of President Barack Obama's proposed changes to how the NSA can use its collection of American phone records. While many of Obama's suggestions will take months to implement, if they go into effect at all, Director of National Intelligence James Clapper wrote yesterday that the court had agreed to two immediate limits. Except in cases of "true emergency," every use of the database — which includes metadata like calling history for virtually all American phone numbers — will now have to be approved beforehand by the FISA court on the basis of a reasonable, articulable suspicion that the search criteria is tied to a known terrorist organization. While agents could previously search within three connections of "hops" of a number, they're now limited to two hops.

These changes were the most obvious and immediate proposals in Obama's speech, much of which was devoted to plans that either relied on Congressional action or would require a long period of examination by intelligence agencies. Unfortunately, because the court's decisions are secret, we can't actually see the text of the motion it approved. It did, however, order the government to determine whether that motion can be released to the public, along with the original order covering these metadata searches and the amended version. That review will be finished by February 17th, and whatever is released will be posted online.

Rogers would be taking over both the incredible cyber power and the widespread surveillance controversies overseen by his predecessor. He's been rumored to take over for several months now, with a number of publications reporting over the past week that Rogers is set to be nominated. Defense secretary Chuck Hagel confirmed the nomination this afternoon.

"This is a critical time for the NSA, and Vice Admiral Rogers would bring extraordinary and unique qualifications to this position as the agency continues its vital mission and implements President Obama's reforms," Hagel says a statement. Hagel points to Roger's tenure as the Navy's cyber chief and a fleet commander for evidence of his expertise. "I am also confident that Admiral Rogers has the wisdom to help balance the demands of security, privacy, and liberty in our digital age."

In September, the NSA published a job posting for a civil liberties and privacy officer to help fix the agency's damaged reputation. Today, the NSA has filled that position. The agency has named Rebecca Richards, a 10-year veteran of the Department of Homeland Security, who already served in the privacy office there. She'll report directly to the NSA's director, General Keith Alexander, and she'll have two roles. "Ms. Richards' primary job will be to provide expert advice to the director and oversight of NSA's civil liberties and privacy related activities," reads a statement. "She will also develop measures to further strengthen NSA's privacy protections."

Three days before President Barack Obama will allegedly announce major changes to the NSA's surveillance programs, The New York Times has a story addressing one particularly controversial practice: intercepting laptops purchased online to insert bugs that can phone home — or even give remote access — to the US government. According to the Times, not only does that practice take place, but the bugs are now installed in nearly 100,000 computers around the world as part of a program code-named Quantum. However, the publication's government sources say they aren't being used inside the United States, but rather to spy on allleged Chinese and Russian military hacker groups, Mexican drug cartels, European "trade institutions," and alleged terrorists. Since the devices have their own radios, they can allegedly tap into computers that aren't connected to the internet.

While officials reportedly told the Times that the devices are mainly intended for defense, their first big test was as part of an attack. According to the publication, the bugs were first used to map out the inner workings of the Natanz uranium enrichment plant in Iran, setting up for the Stuxnet computer worm that eventually sabotaged the facility's centrifuges and crippled Iran's nuclear program. The Times writes that it knew about the technology when it reported on Stuxnet in the summer of 2012, but withheld details at the request of US intelligence officials.

American tech companies whose customers and networks have been compromised by the National Security Agency's sweeping surveillance efforts may have a new sympathetic ear inside Washington: the Commerce Department. "We've been talking to various constituencies within the business community, we understand their issues [with NSA spying]," said US Commerce Secretary Penny Pritzker, speaking today at CES 2014 in Las Vegas, the first Commerce Secretary to do an open Q&A at the gadget conference. Pritzker also said that her division is "part of the conversation" going on now inside the White House about reviewing the NSA's surveillance powers. "We very much have a voice at the table," Pritzker added, saying that President Obama "would make something public shortly."

Pritzker didn't address concerns that the National Institute for the Standards of Technology (NIST), a Commerce Department agency that sets the country's cryptography standards, may have deliberately left standards weak to allow for NSA spying. But during her wide-ranging talk, Pritzker also addressed a number of tech community hot-button issues. She came out strongly in support of reforming the country's immigration system to allow for more "high skilled" workers in science and tech, saying "there's an enormous window in the first half of this year to get immigration reform done." To that end, Pritzker called upon the Republican-controlled House of Representatives to move forward with a reform bill (the Senate passed its own immigration bill last year). Pritzker also told the audience that the Commerce Department was "trying to improve your ability to get your patents" by opening satellite patent offices around the country.

President Barack Obama has said that he will make a firm statement on reform of the US intelligence community in January. At an end-of-the-year press conference, he stated that "over the next several weeks," he would consider recommendations made by an oversight panel that filed its report in mid-December. "I'm going to make a pretty definitive statement about all of this in January," he said, noting that he would distinguish what would make sense and what would need to be refined. However, he maintained that surveillance so far had been performed responsibly. "In all the reviews, it hasn't been alleged that the NSA in some ways acted inappropriately in the use of this data," he said. "But what is also clear in the public debate, people are concerned about the prospect, the possibility of abuse."

Much of the conversation in the past weeks has focused on the bulk phone data collection program that was revealed in June; the panel has recommended that the intelligence community dismantle its collection of virtually all American phone records. Obama confirmed his support for this proposal: "It is possible, for example, that some of the same information that the intelligence community feels is required to keep people safe can be obtained by having the private phone companies keep these records longer, and to create some mechanism in which they can be accessed in an effective fashion." He brushed off criticism from federal judge Richard Leon, who ruled that the bulk record collection was an "Orwellian" program that likely violated the fourth amendment.

The president's NSA review panel has recommended an end to bulk data collection, as reported by The Washington Post. The panel's statement speaks out against the NSA's pattern of bulk collection, stating as a general rule that "the government should not be permitted to collect and store all mass, undigested, non-public personal information about individuals to enable future queries."

Even some NSA proponents want to see its phone-record collection program tried in the Supreme Court. In a statement today, Senator Dianne Feinstein (D-CA) — a consistently strong supporter of the NSA's programs — said that she would welcome a Supreme Court review of the agency's collection of phone metadata so that there can be a definitive opinion on its legality. Naturally, Feinstein argues that it'll be found legal, but she'd still like that belief to be held up. "I believe it is crucial to settling the issue once and for all," Feinstein says.

Feinstein's statement comes following a federal court ruling yesterday that the program is in fact unconstitutional. As Feinstein points out, the new ruling is at odds with previous decisions. "Judge Leon’s opinion also differs from those of at least 15 separate federal district court judges who sit, or have sat, on the FISA Court and have reauthorized the program every 90 days — a total 35 times in all," Feinstein says. "Clearly we have competing decisions from those of at least three different courts."

60 Minutes’ recent NSA report has already drawn harsh criticism — but for computer security experts, one particular claim stands out. Stressing the importance of the US Cyber Command, General Keith Alexander put out a shocking idea: nations are using malware to try to bring down the US financial system, and if his agency doesn’t keep an eye on the web, they won't be able to stop it.

The National Security Agency has endured six months of criticism from media outlets since Edward Snowden released documents disclosing the agency's massive global surveillance apparatus. With its back against the wall, NSA head Keith Alexander and Snowden task force head Richard Ledgett are speaking directly to the press as a means of getting ahead of the story, with the hope of painting themselves — and Snowden himself — in a new light.

In an interview with Reuters, Ledgett expressed that Snowden's leaks had proven "cataclysmic" for the NSA, though he offered no apologies for how the agency conducts his eavesdropping. However, with regard to a review panel recommending limits on its powers and installing civilian leadership, he did admit that technology "had gotten ahead of policy." At this point, the typically public-averse NSA must put a face to the scandal,

Despite the alleged recommendations of a presidential advisory panel, the White House will not be splitting the roles of NSA head and US Cyber Command chief, The Washington Post reports. "Following a thorough interagency review, the administration has decided that keeping the positions of NSA director and Cyber Command commander together as one, dual-hatted position is the most effective approach to accomplishing both agencies' missions," wrote spokesperson Caitlin Hayden in a statement. NSA director Keith Alexander was named chief of US Cyber Command upon its establishment in 2009, but there's no inherent requirement that the two positions be held by the same person.

With Alexander stepping down next year, officials have considered putting a civilian in charge of the NSA and making the military Cyber Command post a separate role. Now, however, that seems highly unlikely. It's not entirely clear why this decision was announced today, but it comes not long after The Wall Street Journal reported that a White House oversight panel planned to suggest that the two positions be separated. Since leaked documents began exposing the breadth of NSA surveillance this summer, the move has been suggested as a way to limit the NSA's reach.

A group tasked with proposing NSA reforms will reportedly recommend limiting the agency's bulk phone-record collection program, splitting off US Cyber Command, and installing civilian leadership, sources have told The Wall Street Journal. The panel, formed earlier this year, isn't due to present a report to the White House until December 15th, but according to people who have reviewed the documents, it's taking aim at one of the most high-profile issues: the mass collection of phone metadata allowed under the FISA Amendments Act and Patriot Act. Under the suggested rules, the NSA would have to meet a higher burden of proof before collecting records — instead of being held in a government database, they would stay in the hands of the phone companies or other third parties.

That doesn't necessarily mean the NSA will be querying less data, since it can simply ask phone companies to provide information about the numbers. It also isn't clear whether the panel is planning reform of how the agency collects internet metadata records, emails, location data, or anything else captured by its substantial online surveillance system. But it will take the phone records of millions of Americans not suspected of any terrorist activity out of the intelligence community's hands. A pair of bills from Senator Patrick Leahy (D-VT) and Rep. Jim Sensenbrenner (R-WI) already propose to end bulk phone-record collection by rewriting the rule that allows it, requiring records to be both relevant to a national security investigation and related to a foreign power or a suspected American agent of that power. The Journal's sources have said that the panel's suggestion "aligns very closely" with the bills. The NSA has defended its database by warning that investigations could be hampered by the delay of asking phone companies for records.

Earlier this week, the Obama administration released its second Open Government National Action Plan, building on an earlier initiative to make government more transparent. Both documents were published to help meet the standards of the Open Government Project, an international agreement founded by the US and seven other countries in 2011, and they're behind much of the administration's "big data" push, which strives to put government records in the public eye. With the newest plan, the White House says it's committed to "concrete and measurable goals for achieving a more transparent, participatory, and collaborative government."

Some of the plan is meant to streamline and expand services that were built under the first action plan, including White House petition platform We the People and Data.gov, a repository of data collected by federal agencies. Other parts involve getting citizens involved in things like local budget development and public comment on regulations. But the most interesting parts lay out the broad strokes of Obama's plan to expand transparency of federal records, whether by improving Freedom of Information Act records processing or declassifying more documents.

Making conversation at Thanksgiving can be hard, but apparently it's especially hard if you're an employee of the National Security Agency. So the agency has stepped in to solve the problem, issuing this list of approved talking points for fending off hostile relatives, unearthed by reporter Kevin Gosztola. If an NSA staffer was confronted by a privacy-minded relative over the long weekend, the document would keep them from being caught at a loss for words.

Director of National Intelligence James Clapper has released another trove of documents on the NSA and FBI's surveillance program, including the FISA court's reasoning for allowing sweeping collection of email and other metadata. An undated and heavily redacted court order issued by Judge Colleen Kollar-Kotelly approved the measure, which allows the NSA to collect several unidentified categories of information as long as they don't include the actual content of a call or message. Among other things, this includes email addresses, which the court found "are not part of the email's 'contents.'"

In a hearing pushing forward legislation that would shed light on the NSA's collection of Americans' data, Senator Al Franken (D-MN) questioned national security officials on why intelligence agencies couldn't be more transparent about who they were collecting data from. "Many of the broadest laws of FISA, like section 702, explicitly say that you can only use it to target foreign people," Franken said. "Isn't it a bad thing that the NSA doesn't even have a rough sense of how many Americans have had their information collection under a law ... that explicitly prohibits targeting Americans?"

Robert Litt, general council for the Office of the Director of National Intelligence, said that determining the exact number of Americans whose data is collected would actually be a larger invasion of privacy than any that might already be happening. According to Litt, determining this number would require NSA analysts to look further into data — such as an email address — than they normally would, thus bringing up more information about that person just to determine if they were an American. He also said finding a more exact number would be quite resource intensive for the agency.

President Obama has promised reforms to bring transparency to the US' extensive surveillance programs, and placing a civilian in charge could work hand-in-hand with those plans. The Hill reported earlier this week that the White House has compiled a list of civilian candidates who could replace current NSA director Keith Alexander when he steps down this spring. No decisions have been made yet, a former official tells the website, but a move to place a person without military experience at the top of the NSA would coincide with splitting off leadership of US Cyber Command. The command is in charge of the military's cyber operations, like missions to hack enemy networks.

Even with the latest report, it seems that Vice Admiral Michael S. Rogers remains the front-runner to take Alexander's post. Officials say that Alexander's decision to step down came before the torrent of leaks from former contractor Edward Snowden, which have revealed much of the NSA's surveillance activities. Bringing in a civilian to lead the NSA — and splitting off control of US Cyber Command — could help cut down on the agency's wide-ranging spying. The Hill notes that the NSA has been led by military officers since 1952, when it was created. The CIA and FBI are run by civilian chiefs, however.

The NSA's ongoing surveillance has spurred many governments to pursue stronger data-protection laws, but there are growing concerns that this backlash could divide the internet along national borders, threatening the principles of openness and fluidity that it was founded upon.

In September, Brazil announced plans to build a fiber-optic cable that would route internet traffic away from US servers, theoretically keeping its citizens’ data away from the NSA. The policy has yet to be implemented, and many question whether it will actually be effective, but others appear to be following Brazil’s lead.