Presidential review board report delivers 46 recommendations on surveillance practices, including legislation to end bulk data collection of US citizen phone records.
Top 10 Government IT Innovators Of 2013
(click image for larger view)
A 300-page assessment of controversial US intelligence practices presented to the White House Wednesday concludes that although the surveillance activities of the National Security Agency are not illegal, Congress should place greater limits on the government's ability to collect information on US citizens.
"In our view, the current storage by the government of bulk meta-data creates potential risks to public trust, personal privacy, and civil liberty," a panel of five national security specialists wrote in the report.
The report, "Liberty and Security in a Changing World," made 46 recommendations to President Obama to address widening concerns over the invasive data-gathering techniques of the National Security Agency. President Obama commissioned the panel in August to review the use of intelligence and communications technologies to protect against national security threats while still preserving the personal privacy and civil liberties of citizens.
Congress should end the storage of bulk telephony meta-data and transition to a system in which meta-data is held privately by phone companies or third-party providers with access to government agencies granted only by a court order.
New restrictions should be placed on the ability of the Foreign Intelligence Surveillance Court (FISC) to compel telephone and other digital service providers to disclose private information to the government.
Legislation should be enacted authorizing telephone, Internet, and other providers to publicly disclose information about government orders to provide information to the government. The government should similarly publicly disclose the information it requests.
Legislation should also be enacted that would require the FBI to obtain judicial approval before it can use a national security letter or administrative subpoena to obtain the financial, phone and other records of US citizens.
The panel also recommended constraints on US surveillance of non-US citizens. Among other measures, the panel urged that surveillance must be properly authorized and that surveillance orders demonstrate national security interests are at stake. The measures would make the decision to spy on foreign leaders subject to greater scrutiny.
The report, written by former CIA No. 2 Michael Morrell, national security insider Richard Clarke, former Obama official Cass Sunstein, Georgia Institute of Technology’s Peter Swire and the University of Chicago’s Geoffrey Stone, is expected to put new political pressure on the NSA and intelligence community practices at large.
"The implicit message is that the programs were legal and should continue, albeit with more oversight and restraint," said James Lewis, a senior fellow and director of the Strategic Technologies Program at the Center for Strategic and International Studies.
"The core recommendations expand oversight and transparency in beneficial ways and reverses the situation where those who wanted to use certain tools were also the ones who approved their use," he said.
If adopted, he said the recommendations "would go far to bring the intelligence programs, and the laws passed after (the Sept. 11, 2001 terrorist attacks) into line with the constitutional requirements for judicial oversight and with reforms that have guided intelligence collection since the 1970s."
Lewis anticipated that critics, particularly those hoping to take political or commercial advantage of public disclosures of secret NSA documents by former contractor Edward Snowden, will dismiss the report as a whitewash. "It is not," he says, noting that the report "shifts the terms of debate over the Snowden leaks in beneficial and necessary ways."
The report lays out a series of recommendations and rationales, he says, that if implemented, would do three things: provide greater transparency on intelligence programs and decisions; amend Patriotic Act Sections702 and 215, limiting how they can be used; and improve intelligence coordination with allies and partners.
Wyatt Kash is editor of InformationWeek Government.
The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?