In September, the NSA published a job posting for a civil liberties and privacy officer to help fix the agency's damaged reputation. Today, the NSA has filled that position. The agency has named Rebecca Richards, a 10-year veteran of the Department of Homeland Security, who already served in the privacy office there. She'll report directly to the NSA's director, General Keith Alexander, and she'll have two roles. "Ms. Richards' primary job will be to provide expert advice to the director and oversight of NSA's civil liberties and privacy related activities," reads a statement. "She will also develop measures to further strengthen NSA's privacy protections."
"You'd want to hire someone who's had this kind of experience."
From the NSA's perspective, hiring a Homeland Security privacy veteran probably makes a lot of sense. The DHS was the first government agency to explicitly establish an internal privacy office to try to stop privacy violations before they happen, and the NSA role appears to be modeled on that. "I think it would be fair to say if you want to hire someone at the NSA to do this, you'd want to hire someone who's had this kind of experience," says Lee Tien, a staff attorney for the Electronic Frontier Federation. "[Homeland Security] has been in the crossfire of privacy advocates and civil liberties advocates, and they have a similarly challenging mission."
But as Tien notes, there's a downside as well: the Department of Homeland Security isn't particularly well known for protecting the privacy of individuals. Since Congress established the DHS and its privacy office in 2002, the agency has been caught developing covert body scans, building centralized "fusion" surveillance systems of dubious utility, and searching laptops at border checkpoints without reasonable suspicion. It took three years and two court orders to get the TSA — a division of Homeland Security — to stop using full-body scanners at airports. Recently, Homeland Security agents seized notes from an investigative reporter and detained a moviegoer who happened to be wearing Google Glass. "There are going to be issues about how committed they really are to privacy and civil liberties," admits Tien, regarding the NSA role.
"It makes you wonder, has this person been given an impossible job?"
None of that necessarily means that Richards and the DHS aren't a good place to start, though. "In my opinion, DHS has one of the better privacy offices at intelligence agencies," says Michelle Richardson, legislative counsel for the American Civil Liberties Union. "I think the bigger question here is what type of access to information will she have, and how will [NSA director] Alexander and his successor take her advice." Both Tien and Richardson note that the US government's unapologizing stance on the NSA's actions could make it a challenge to enact any reform. "It makes you wonder, has this person been given an impossible job," says Richardson. Tien adds that the NSA's secrecy could also stymie things if Richards doesn't have the power to actually investigate privacy violations — something that the Department of Homeland Security's privacy office didn't have until an act of Congress in 2007.
Even Jeramie Scott, a national security fellow at the Electronic Privacy Information Center (EPIC), doesn't seem to think that hailing from the Department of Homeland Security is a major problem with regards to the NSA. In 2009, a coalition organized by EPIC slammed the DHS privacy office, likening it to a public relations firm. But today, Scott says that though many of its privacy assessments "read more like a justification for its actions that raise privacy issues instead of a critical analysis that properly curbs privacy-invasive activities," he believes the DHS privacy office does some good work. However, Scott points out that while the DHS privacy office has to comply with specific laws to document privacy violations, it's not yet clear that the NSA privacy officer will need to do so.
"Hopefully the NSA can implement oversight that goes beyond merely rationalizing its actions."
"Hopefully the NSA can implement oversight that goes beyond merely rationalizing its actions," says Scott. "This would be a great place to start, but in order for the new NSA privacy officer to be effective, she will need to be independent, forceful in pushing back, and enforce federal law."