NSA's controversial bulk collection of phone records will end, but businesses may be asked to retain data in case the government needs it.
Internet of Things: 8 Cost-Cutting Ideas for Government
(Click image for larger view and slideshow.)
President Obama on Friday announced five changes in US surveillance policy, a move he attributed in part to the revelations about the scope of US intelligence gathering made possible by documents leaked by ex-NSA contractor Edward Snowden.
The most significant change is an end to the bulk collection of telephone records -- phonecall meta-data -- under Section 215. The President said he is ordering the gradual discontinuation of this program and the establishment of "a mechanism that preserves the capabilities we need without the government holding this bulk meta-data."
But the President conceded that alternatives, such as having a third-party or individual businesses retain data until the government comes calling, pose problems. It remains to be seen exactly what form such data collection will take.
Some critics of US surveillance policy applauded the change. Senators Ron Wyden (D-OR), Mark Udall (D-CO), and Martin Heinrich (D-NM), who serve on the US Senate Select Committee on Intelligence, issued a joint statement calling the decision "a major milestone in our longstanding efforts to reform the National Security Agency’s bulk collection program."
At the same time, they and others asserted that more needs to be done. The senators said they plan to try to ensure that the government does not read Americans' email messages or other communications without a warrant.
Alex Fowler, head of privacy and public policy at Mozilla, in a blog post expressed disappointment that the President failed: to endorse legislative surveillance reform proposals, like the USA FREEDOM Act; to reconsider the encouragement, promotion, and support for technological backdoors; to end efforts to undermine the encryption standards that protect everyone online; to protect the privacy rights of foreign citizens with no connection to adversarial activity.
The other changes announced by the President were as follows:
The President has approved a new set of rules covering intelligence gathering, both at home and abroad. The directive, he said, "will ensure that we take into account our security requirements, but also our alliances; our trade and investment relationships, including the concerns of America’s companies; and our commitment to privacy and basic liberties."
The President promised greater transparency in US surveillance activities. This will come from an annual review of secret Foreign Intelligence Surveillance Court (FISC) orders, during which the Director of National Intelligence and the Attorney General will consider possible declassification. The President also directed Congress to appoint an independent panel to advocate for transparency in "significant cases" before the FISC.
The government's activities under Section 702, which permits the interception of communications between foreign targets abroad who have information that affects national security, will be subject to "additional restrictions on government’s ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702."
Finally, National Security Letters, which may come with a gag order that prohibits the recipient from disclosing their receipt, will no longer remain in effect indefinitely, provided the government does not make the case for the ongoing need for secrecy.
In addition, communications providers that have received NSLs will be allowed to disclose more information -- presumably aggregate numbers of NSLs received -- about government orders they've received.
Eight tech companies -- Google, Apple, Facebook, Twitter, AOL, Microsoft, LinkedIn, and Yahoo -- last year urged the government for surveillance policy changes, such as the right to report statistical data about demands for information.
Thomas Claburn is editor-at-large for InformationWeek. He has been writing about business and technology since 1996 for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. He's the author of a science fiction novel, Reflecting Fires, and his mobile game Blocfall Free is available for iOS, Android, and Kindle Fire.
InformationWeek Conference is an exclusive two-day event taking place at Interop where you will join fellow technology leaders and CIOs for a packed schedule with learning, information sharing, professional networking, and celebration. Come learn from each other and honor the nation's leading digital businesses at our InformationWeek Elite 100 Awards Ceremony and Gala. You can find out more information and register here. In Las Vegas, March 31 to April 1, 2014.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?