Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

White House Releases the NSA Surveillance Review

White House Releases the NSA Surveillance Review
White House Releases the NSA Surveillance Review

The independent Review Group on Intelligence and Communications Technologies comprises Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass R. Sunstein, and Peter Swire. Their report contains 46 separate recommendations designed "to protect our national security and advance our foreign policy while also respecting our longstanding commitment to privacy and civil liberties, recognizing our need to maintain the public trust (including the trust of our friends and allies abroad), and reducing the risk of unauthorized disclosures."

The result has been broadly welcomed by civil liberties groups, but with some reservations that it doesn't go far enough, doesn't address constitutional issues, leaves some doors open, and is binding on neither the President nor Congress. On the last, for example, a recommendation to separate the leadership of the NSA from that of the military's Cyber Command (both currently under Gen. Keith Alexander) has already been rejected by President Obama.

Nevertheless, there are some welcome recommendations that have long been sought by activists. One is that the FBI should no longer be able to issue National Security Letters (NSL) without a warrant, that the non-disclosure element should be restricted and last no more than 180 days, and that recipients should be able to challenge the NSL in court.

Another is that the secrecy of the FISC should be lessened. Its decisions should be more transparent "by instituting declassification reviews," and "Congress should create the position of Public Interest Advocate to represent the interests of privacy and civil liberties before the FISC."

But one of the areas that remains confusing concerns the NSA's mass collection of communications metadata. It should not be done on US citizens but remains acceptable on foreign persons for reasons of national security – which is basically what the NSA says already happens. Where it does happen, suggests the report, the collected database should be held by an independent third party rather than by the NSA itself. This would appear to be little more than an attempt to make the American people more confident in the process, but will actually satisfy few: the NSA will still have access to the data, but no longer the instant access that it seeks.

"We're concerned that the panel appears to allow the NSA to continue the mass collection of emails, chats and other electronic communications of Americans under the pretext that the NSA is 'targeting' foreigners overseas," said EFF activist Trevor Timm. "While we're happy that the panel acknowledged that foreigners abroad need some additional privacy protections, mass surveillance isn't acceptable for Americans or foreigners." 

One area in which the report is unequivocal is over the NSA's attempts to subvert security on the internet. The report recommends that the US government should "fully support and not undermine efforts to create encryption standards," and should "not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software." This, unsurprisingly, has been broadly welcomed. “The review board floats a number of interesting reform proposals, and we're especially happy to see them condemn the NSA's attacks on encryption and other security systems people rely upon," comments EFF senior staff attorney Kurt Opsahl.

More will be revealed on the true meaning and effect of these recommendations in the coming weeks as lawyers and legal expects analyze the full 300 pages in greater detail. For the moment it appears to contain some interesting – and for the NSA probably somewhat radical – suggestions as well as some disappointing gaps.

The bottom line remains, however, that it is not binding on the US government. "How much of this will survive the president and Congress? I'd like to say I'm optimistic, but I'm not, really," reports Mother Jones. "These recommendations are useful but modest, and I suspect that Congress will whittle them down even more."

What’s Hot on Infosecurity Magazine?