White House-appointed Review Panel Proposes Some Major Curbs to NSA Spying

By Robert Schoon| Dec 19, 2013

Despite fewer unwanted revelations about the agency's spying program being published in recent days, this has not been a very good week for the National Security Agency. On Wednesday, the latest in a string of public challenges to the NSA's wide-reaching spying hit the web, and this time it's President Obama's own appointed panel of experts.

In the wake of revelations about the NSA's cyber-surveillance and phone metadata collection programs, which came from documents leaked by ex-NSA contractor Edward Snowden, President Obama set up "The Review Group on Intelligence and Communications Technology" in August. The expert panel, comprised of former intelligence and national security leaders like Richard Clarke and Michael Morell, along with legal experts, released a 300-page report outlining 46 recommendations to limit the NSA's activity.

Some of the recommendations were minor or technical, but among those proposals were a couple of points that would strip the NSA of its broader and more troublesome practices.

Limitations on Collecting U.S. Metadata

The review panel, for one, found that the NSA's collection of "bulk metadata" - meaning the phone records of hundreds of millions of U.S. citizens - as a potential risk to the "public trust, personal privacy, and civil liberty."  

The panel said it realized the national security-related need to search those records, but said that holding it in the secret files of a government agency was going too far. Instead it said that the data "should be held instead either by private providers," meaning the phone companies, "or by a private third party," which was unspecified. "This approach would allow the government access to the relevant information when such access is justified, and thus protect national security without necessarily threatening privacy and liberty," continued the panel's report. "We don't see the need for the government to be retaining that data," said Richard Clarke, a member of the panel and a former White House counterterrorism adviser, to Reuters.

An additional rule regarding metadata was recommended by the panel. Before accessing phone records on U.S. individuals, the government would need a court order from the Foreign Intelligence Surveillance Court before each search. Right now, only requests for private communications content of U.S. citizens, like emails, phone calls, Skype chats, and more, gained through the NSA's PRISM program require a FISA court order.  

Reasserting Privacy of U.S. Communications

Going further than just metadata, the panel set a precedent that it believes the U.S. government should follow "as a general rule" in all of its surveillance efforts:

 

"Consistent with [the metadata] recommendation, we endorse a broad principle for the future: as a general rule and without senior policy review, the government should not be permitted to collect and store mass, undigested, non-public personal information about US persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes."

 

While the NSA says it does not purposely or wittingly collect the content of the communications of U.S. persons, the NSA has been exposed directly tapping into the wellspring of unencrypted, internal communications of IT companies like Google and Yahoo under its so-called MUSCULAR program.

In one of the more outrageous revelations, among a cascade of other worrisome facts, leaked documents showed the NSA's MUSCULAR program vacuuming and copying entire data streams traveling through companies' fiber-optic cables that the agency seemingly physically tapped. This led to outrage from tech companies, as well as efforts to encrypt all of their communications, along with further worries that the communications from U.S. citizens could be soaked up in programs like MUSCULAR.  

The panel's general rule, if worked into official policy, would likely limit or abolish practices like this.  

Stop Undermining Encryption

 

Another troubling practice, which the panel proposes limiting, is the NSA's efforts to gain "back door," or simply brute force access to the world's computing and communications encryption standards. One of the Snowden NSA revelations in September said that the agency had at least a decade-long history of attempting to break encryption techniques used in international communications cables, secretly influencing product designs, and putting "back doors" or secret weak points into the code of commercial encryption standards. And a more recent report showed that the agency had cracked A5/1 cellphone encryption, allowing it to easily decrypt data and phone calls made on one of the most common wireless communications system in the world - 2G wireless.

The panel said the U.S. Government should take steps "fully supporting and not undermining efforts to create encryption standards," and "making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption." Such recommendations would certainly completely halt those subversion and brute-force hacking programs, along with limiting a lot of the data-mining the NSA does at home and abroad.

Implementation

 

The panel's recommendations, of course, are not law. They call on the President and Congress to enact these restrictions, but there's no guarantee that will happen. In fact, according to Reuters, one of the panel's recommendations - to appoint a civilian head of the NSA instead of being led by a military general who also oversees U.S. Cyber Command - has already been rejected by President Obama.

In any case, after a federal judge found the NSA's spying "almost certainly" unconstitutional on Monday and top tech executives pressed President Obama on Tuesday, you could say that the NSA hasn't had a great week.  

Latest News