Bulk Collection of Metadata Illegal Says Oversight Board

The five-man board, in a 3-2 majority, makes 12 specific recommendations – the first of which states, "The government should end its Section 215 bulk telephone records program." The program, it says, "lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value. For these reasons, the government should end the program."

In many ways PCLOB supports the findings of the New America Foundation report published earlier this month which questioned the value of the surveillance. “We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation," says the PCLOB report. 

One of the arguments to justify the program has always been the claim that had the agencies been able to 'connect the dots,' they would have been able to prevent 9/11. The surveillance program would allow this – but PCLOB dismisses the argument. The failure of 9/11, it says, "stemmed primarily from a lack of information sharing among federal agencies, not of a lack of surveillance capabilities." It was "a failure to connect the dots, not a failure to collect enough dots."

PCLOB gave its findings to President Obama before his speech last week following the publication of the separate report produced by his own review panel. Since he made it clear that he was in favor of continuing the dragnet collection of metadata, it would seem that he has already rejected the new PCLOB report. Indeed, this is confirmed by Fox News. "The White House on Thursday disputed the findings of an independent review board that said the National Security Agency's mass data collection program is illegal and should be ended, indicating the administration would not be taking that advice," it reports

"'We simply disagree with the board's analysis on the legality of the program,' White House Press Secretary Jay Carney said."

The reality is that there is no immediate indication that the mass collection of phone metadata will stop any time soon. The problem, however, goes beyond simply NSA surveillance. "The challenge we now face," Elad Yoran, CEO of Vaultive, told Infosecurity, "is that legislation has not kept up with rapid changes in technology that enable data mining at a scale few could have imagined in 2002 when the laws were passed, leaving gaping holes in our shared core principles that there are some things which should remain private. Over time, the number of federal agencies that can access our data – in many cases simply through a warrant – has expanded beyond the NSA to include the DOJ, the FBI, the SEC and the IRS. As Healthcare.gov moves through its teething pains, both the volume of data and number of agencies that have purview are likely to grow. As a consequence, the policy debate cannot be confined to the NSA alone."

With or without legal dragnet surveillance, privacy itself is under widespread threat. But there is a solution. Edward Snowden created this debate last summer when he gave many thousands of top secret documents to Glenn Greenwald. Yesterday he took part in a live Q&A session. Asked, 'does encrypting our emails even work?' he replied: "As I’ve said before, properly implemented strong encryption works. What you have to worry about are the endpoints. If someone can steal your keys (or the pre-encryption plaintext), no amount of cryptography will protect you.

"However, that doesn’t mean end-to-end crypto is a lost cause. By combining robust endpoint security with transport security, people can have much greater confidence in their day to day communications."

What’s Hot on Infosecurity Magazine?