With calls for greater transparency in the rules governing Section 702 of the NSA's Prism program, the FBI has made classified changes, The Guardian confirmed. The program has implications for businesses and individuals alike.
Siri, Cortana Are Listening: How 5 Digital Assistants Use Your Data
(Click image for larger view and slideshow.)
In a move that has implications for businesses and individuals alike, the FBI quietly revised its privacy rules regarding the searching of data collected by the National Security Agency (NSA).
The new rules apply to what's referred to as Section 702 of the NSA's Prism program, which falls under the Foreign Intelligence Surveillance Act (FISA) and is set to expire in 2017.
The new rules were reported by The Guardian March 8, citing confirmation from US officials.
In October 2015, the American Civil Liberties Union joined with more than 30 other privacy and civil rights groups in urging the US director of National Intelligence to release more information about Section 702.
Meanwhile, the Privacy and Civil Liberties Oversight Board (PCLOB), a Washington-based watchdog group, said in a Feb. 5 statement that it had issued reports on Section 215 and Section 702 of the government's surveillance programs. The PCLOB reports made a total of 22 recommendations to ensure the programs "appropriately balance national security with privacy and civil liberties."
According to the March 8 report in The Guardian, the new rules address some of the concerns put forward by the PCLOB.
"Changes have been implemented based on PCLOB recommendations, but we cannot comment further due to classification," Christopher Allen, a spokesman for the FBI, told The Guardian, which added that some of the revisions addressed the PCLOB's concerns about the number of FBI agents using the NSA-collected data.
Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!
According to The Guardian, FBI officials routinely use Americans' identifying information to search through the "massive collections of international emails, texts and phone calls." The data is collected from international communications that are reportedly focused on non-Americans, though Americans are often on one end of the correspondence.
As of 2014, The Guardian report added, the FBI wasn't required to make note of when it searched the metadata of an email (the "to" and "from" categories). Neither did it record how many of its searches included Americans' identifying information. Privacy advocates have described the FBI's easy access to the data as a "backdoor" around obtaining warrants, according to The Guardian.
Timothy Barrett, a spokesperson for the office of the director of national intelligence, confirmed the FBI's rule changes to The Guardian and said that, as it did with 2014 "minimization" changes to Section 702, the FBI is considering releasing the 2015 changes.
According to the PCLOB, 13 of the organization's 22 recommendations have been implemented in full and "nine are still in the process of being implemented or have been partially implemented."
Those still "in the process" include recommendations to:
Publicly release past Foreign Intelligence Surveillance Court (FISC) and Foreign Intelligence Surveillance Court of Review (FISCR) decisions that involve Novel, Legal, Technical, or Compliance questions
Inform the PCLOB of FISA activities and provide relevant congressional reports and FISC decisions
Disclose the scope of surveillance authorities affecting Americans
Require NSA and CIA personnel to provide a statement of facts explaining their foreign intelligence purpose before querying Section 702 data using US person identifiers, and develop written guidance on applying this standard
Adopt measures to document and publicly release information showing how frequently the NSA acquires and uses communications of US persons and people located in the US
Meanwhile, the October 2015 letter from the ACLU and other groups asked for an estimate of:
The number of communications involving Americans that were subject to Section 702 surveillance each year
The number of times each year that the FBI uses a US identifier to query Section 702 data
For policies regarding "agencies' notification of individuals that they intend to use information 'derived from' Section 702 surveillance in judicial or administrative proceedings."
In their letter the groups said that knowing the impact of the law on Americans "is not only important to an informed public debate, it is essential."
Michelle Maisto is a writer, a reader, a plotter, a cook, and a thinker whose career has revolved around food and technology. She has been, among other things, the editor-in-chief of Mobile Enterprise Magazine, a reporter on consumer mobile products and wireless networks for ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.