It's time for a change at the NSA. But will President Obama deliver it? After former National Security Agency contractor Edward Snowden leaked documents showing the agency was engaged in widespread and often unchecked surveillance of phone and internet activity, calls to reform America's top spy organization have come from all corners.
This week, we find out whether those calls will be answered — but unfortunately, early reports from Washington insiders suggest that the president won't be making big changes.
Obama is giving a speech on Friday to address the recommendations made by an independent review panel, which he set up last year to help reform the American intelligence community. But so far, officials have been reluctant to endorse any big changes, and US lawmakers have also defended the programs, despite little to no evidence to suggest they've thwarted terrorist plots. We’ve taken a look at the reforms proposed by the review group, and we’ll be back tomorrow to see how the president's speech stacked up.
Reform bulk phone record collection
The NSA’s comprehensive database of phone records was the first thing revealed by last year’s leaks, and it’s still one of the most hotly debated issues. The panel’s proposal basically shifts everything back a step: the standard for collecting information would become more like the current standards for looking up a particular number, and phone companies or some other private entity would need to keep information ready for the NSA to access quickly — though phone companies have said they don’t want to keep the records. Obama has said this plan could be feasible, and there are bills addressing it in both houses of Congress. The reform panel has insisted that they’re only suggesting a "change in approach," but moving metadata out of the government’s direct control is a step away from the laissez-faire system the FISA court has authorized so far.
End national security letter abuse
National security letters have actually gotten less attention since the NSA leaks, but the subpoenas, which don’t require court approval and come with a gag order that prevents recipients from revealing their existence, are still a major issue for privacy advocates. Investigations have revealed that the FBI has widely abused national security letters, and the letters as they stand now have been ruled unconstitutional by a district court. The review panel recommends significant reforms: subjecting NSLs to judicial oversight, tightening the scope, and making gag orders harder to get. The USA FREEDOM Act, the bill meant to dismantle the NSA’s phone records database, also proposes reforms to the national security letter system. But FBI director James Comey has pushed back heavily on the reform group’s recommendations, saying that judicial review would cripple a "very important" national security investigation tool, although he indicated willingness to compromise on changes to the gag orders.
Lock down the NSA email database
Section 702 allows the intelligence community to sweep up emails, social media data, and other information for long-term storage, so long as the information is confined to non-US citizens outside the US. This rule, however, doesn’t seem to have been followed religiously by the NSA: the FISA court chided it in 2011 for apparently accidentally collecting thousands of purely domestic communications a year. The review group insists that the NSA keep as little American data as possible and reassure non-Americans that operatives can only target them under narrow circumstances and strict supervision.
Give the FISA court teeth
Under the current system, FISA courts are the primary check on NSA power, overseeing and approving the bulk of the agency's data requests. To the extent that the NSA has gone too far in surveilling phone records, it's because the FISA court failed, granting warrants with unprecedented power and scope. What was meant to be oversight turned into a rubber stamp, approving nearly everything submitted to the court. The new measures are aimed at changing the culture of the FISA court, a tricky and nebulous task, but taken together, they have a good chance of restoring the court as a check on surveillance power, and potentially bringing a sorely absent sense of restraint into the NSA's requests. They're also comparatively easy reforms to make, if the President wants to make them.
Create external oversight for the NSA
Perhaps the biggest problem with the NSA is the lack of effective accountability for the agency. Congress and even the President seem to have been kept in the dark on key programs, while internal checks like the FISA court grew too closely aligned with the agency to offer an effective counterpoint. As a result, the NSA was given free rein over its data, with no one able to tell the agency when it had gone too far. The review panel would create new checks on that power, but the balance between secrecy and accountability is not an easy one to strike, and the bureaucratic details of the new agencies will be hugely important.
Stop weakening encryption standards
The review panel suffered from poor timing on this one, stating that, "we are unaware of any vulnerability created by the US Government in generally available commercial software that puts users at risk of criminal hackers or foreign governments decrypting their data." Just a few days after the recommendations were made public, Reuters proved them wrong with hard evidence that the NSA had purposefully weakened RSA's BSafe program, in conjunction with earlier efforts to insert certify faulty standards through the NIST approval process. It's particularly troubling to the observers since it endangers anyone using cryptography on the web, including the encryption that secures webmail and online banking. If those standards were seeded with an NSA-built backdoor, they'd be vulnerable not just to the government but to any third-parties that stumbled onto the key.
End spying on foreign leaders
Some of the most politically damaging news to come out of the Snowden docs was the revelation that the NSA had been tapping the phone of German chancellor Angela Merkel, along with more than 30 other world leaders. It's been a diplomatic disaster ever since the news was made public, with Merkel openly comparing the agency to the East German Stasi that surveilled her as a child. Still, without an agency overseeing those highly classified operations, enforcement is likely to be a problem.