Government // Cybersecurity
News
12/19/2013
01:28 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

NSA Phone Data Practices Must Change, Panel Says

Presidential review board report delivers 46 recommendations on surveillance practices, including legislation to end bulk data collection of US citizen phone records.

Top 10 Government IT Innovators Of 2013
Top 10 Government IT Innovators Of 2013
(click image for larger view)

A 300-page assessment of controversial US intelligence practices presented to the White House Wednesday concludes that although the surveillance activities of the National Security Agency are not illegal, Congress should place greater limits on the government's ability to collect information on US citizens.

"In our view, the current storage by the government of bulk meta-data creates potential risks to public trust, personal privacy, and civil liberty," a panel of five national security specialists wrote in the report. 

The report, "Liberty and Security in a Changing World," made 46 recommendations to President Obama to address widening concerns over the invasive data-gathering techniques of the National Security Agency.  President Obama commissioned the panel in August to review the use of intelligence and communications technologies to protect against national security threats while still preserving the personal privacy and civil liberties of citizens. 

[ Read why technology execs are putting pressure on US surveillance practices, too: Reform NSA, Tech Execs Tell Obama. ]

Among the major recommendations in the report:

  • Congress should end the storage of bulk telephony meta-data and transition to a system in which meta-data is held privately by phone companies or third-party providers with access to government agencies granted only by a court order.

  • New restrictions should be placed on the ability of the Foreign Intelligence Surveillance Court (FISC) to compel telephone and other digital service providers to disclose private information to the government.

  • Legislation should be enacted authorizing telephone, Internet, and other providers to publicly disclose information about government orders to provide information to the government. The government should similarly publicly disclose the information it requests.

  • Legislation should also be enacted that would require the FBI to obtain judicial approval before it can use a national security letter or administrative subpoena to obtain the financial, phone and other records of US citizens.

The panel also recommended constraints on US surveillance of non-US citizens. Among other measures, the panel urged that surveillance must be properly authorized and that surveillance orders demonstrate national security interests are at stake. The measures would make the decision to spy on foreign leaders subject to greater scrutiny.

The report, written by former CIA No. 2 Michael Morrell, national security insider Richard Clarke, former Obama official Cass Sunstein, Georgia Institute of Technology’s Peter Swire and the University of Chicago’s Geoffrey Stone, is expected to put new political pressure on the NSA and intelligence community practices at large.

"The implicit message is that the programs were legal and should continue, albeit with more oversight and restraint," said James Lewis, a senior fellow and director of the Strategic Technologies Program at the Center for Strategic and International Studies.

"The core recommendations expand oversight and transparency in beneficial ways and reverses the situation where those who wanted to use certain tools were also the ones who approved their use," he said.

If adopted, he said the recommendations "would go far to bring the intelligence programs, and the laws passed after (the Sept. 11, 2001 terrorist attacks) into line with the constitutional requirements for judicial oversight and with reforms that have guided intelligence collection since the 1970s."

Lewis anticipated that critics, particularly those hoping to take political or commercial advantage of public disclosures of secret NSA documents by former contractor Edward Snowden, will dismiss the report as a whitewash. "It is not," he says, noting that the report "shifts the terms of debate over the Snowden leaks in beneficial and necessary ways."

The report lays out a series of recommendations and rationales, he says, that if implemented, would do three things: provide greater transparency on intelligence programs and decisions; amend Patriotic Act Sections702 and 215, limiting how they can be used; and improve intelligence coordination with allies and partners.

Wyatt Kash is editor of InformationWeek Government. 

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
12/19/2013 | 6:03:45 PM
Transparency
@ThomasClaburn, Glad to see Google standing up for transparency when it comes to government requests for data (and censorship.)  Reader, check out Tom's latest report on Google's fight for transparency at  add.vc/hlz
WKash
50%
50%
WKash,
User Rank: Author
12/19/2013 | 5:23:10 PM
Re: Non-American' affected
One thing that may be hard for non US citizens to appreciate is how much the terrorist attacks of 9/11 altered the mindset of government to dig deeper, and get more serious about preventing similar attacks in the future.  Has the pendulum swung too far.  While more and more Americans and American business are now saying probably yes, those whose family members were killed in 9/11 might still argue if it saves others' lives, the price is worth it.

What the Snowden revelations have done is put the debate back on the table for all citizens to question. This report at very least lays out the issues clearly.  The question is are citizens incensed enough to demand the changes enough to get Congress to act?  Or will they continue to pay privacy lip service while clinging to the  conveniences the digital age has seduced them with?

 
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
12/19/2013 | 4:03:38 PM
Re: Non-American' affected
If only it were as easy as not buying American...every government in the world with any resources and an active intelligence service is trying to do the same thing, with varying degrees of success. And just avoiding Microsoft and other US products won't keep the NSA from pulling your calls and emails off fiber optic cables or wireless towers somewhere in the world.
KevinO442
50%
50%
KevinO442,
User Rank: Strategist
12/19/2013 | 3:15:11 PM
Non-American' affected
I'm not an american citizen. I'm Canadian.


Since your president has given the A-OK for NSA to continue it's activities unbridled against non-americans ...

 

... my next computer will not likely have microsoft anything on it

... my next phone will definately not be "made in america"

... Just as soon as some non-american comes up with a reasonable gmail replacement , my gmail account will be shut down.

 

On the plus side I consider anything on my face book account to already be a public broadcast to the whole world , so nothing much will change there.

 

You have short yourself in the foot , America. Any corperation that is intersted in securing their data or communications suddenly want nothing to do with you , or any american company , since they're all required by your law to act as agents of the NSA , and deny it , or their executives all get thrown in jail.

 

It still amuses me you blame Snowden for reveiling you activities to the world, instead of your government for actually doing these activites.

 

 
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.