On January 17, 2014 President Obama gave a speech highlighting changes to the U.S. approach to Signals Intelligence (SIGINT). In particular, the President addressed growing concerns regarding the National Security Agency’s bulk metadata collection programs; most notably PRISM and MUSCULAR.
In a one-on-one interview with CCTV America’s Michelle Makori, I discussed the proposed changes and the affect on tech based businesses. We had a great conversation, but here a few things we did not have time to cover.
In this speech, we heard from The President. This was not Candidate Obama or Senator Obama, this was President Obama who receives daily intelligence briefings. A president that understands he should not undermine the work employees at the NSA, DOD, CIA and other agencies do to protect our nation. We also saw a president that does not want to betray to core beliefs and people that got him in office.
President Obama has always said that the now controversial PRISM program – authorized by Section 215 of the US Patriot Act – is legal and that employees at the NSA have never sought to abuse the program.
The President’s Review Group on Intelligence and Communications Technologies released a 300 page report in 2013 with 46 recommendations. That review board also largely affirmed the legality of the program and the safeguards put in place by the NSA. With this in mind, it is no surprise that President Obama’s new Presidential Policy Directive/PPD-28 and the road-map for the immediate future as laid out in his speech reform, but do not end the aforementioned Section 215 and Section 702 programs.
The President’s reform minded plan strikes a balance, but falls closer in line with Senator Feinstein’s FISA Improvements Act instead of Senator Leahy’s and Congressman Sensenbrenner’s USA Freedom Act which would dismantle the Section 215 domestic metadata collection program (PRISM) and significantly constrain the Section 702 foreign collection program (MUSCULAR).
While Senator Leahy has held four hearings on NSA surveillance programs, Senator Feinstein’s bill has been passed out of the U.S. Senate Intelligence Committee, and is “technically” farther along in the process of becoming a law. However, Senator Feinstein’s bill has little to no support from the privacy and tech communities. Many stakeholders assert that Feinstein’s move to codify – formally set in law – the hodgepodge of Foreign Intelligence Surveillance Court opinions, FISA authorities, U.S. Patriot Act authorities, and other documents interpreted to authorize the NSA’s surveillance programs as we know them, strengthens the NSA’s hand.
In my opinion, if the programs exist in some form, I would rather have their boundaries explicitly delineated in legislation and cemented in U.S. Code aka codified, than interpreted from a mix of court opinions, common practices, and law. This is not an either/or option, regardless of the final decision.
While the tech/privacy community did not get the wholesale end to the NSA’s meta-data collection programs, here are a few things that they may find positive:
Public DisclosureSince these programs were revealed to the public, tech companies have consistently said that they were:
1) Legally unable to publicly disclose their participation – or lack thereof – in many surveillance programs including PRISM.
2) Unaware of the existence of the programs like MUSCULAR and therefore unable to disclose how or when the programs were used to access their data and that of their users.
The USA Freedom Act – as written – would allow companies to disclose the number of requests received, the number of requests complied with, and the number of users or accounts each request demanded. While the President’s plan does not include specifics on what can be disclosed, the mention does represent a step forward.
Review PeriodThe President announced that his Presidential Policy Directive/PPD-28 orders a review of the programs and structure of the NSA’s surveillance programs, including National Security Letters, Sections 215 and 702 and the programs they authorize, and the Foreign Intelligence Surveillance Court. Many of the stakeholders in the tech/privacy community will be consulted during this time. Furthermore, during the review period only judicial findings or “true emergencies” can be used as reasons to query the NSA’s database.
Foreign Intelligence Surveillance Court ReformThe President announced that many FISC court opinions had been declassified. The Director of National Intelligence and Attorney General will lead an annual review of FISC opinions that have “broad privacy implications.”
The President also announced that he will recommend that Congress approves a “panel of advocates” from outside government to provide an independent voice when significant cases come before FISC.
Protections for Foreign CitizensSection 702 of FISA authorizes MUSCULAR and other programs which are used to intercept the communications of persons of interest outside the U.S. The President’s plan orders the Director of National Intelligence and the Attorney General to make suggestions that will extend some protections afforded to U.S. citizens to persons overseas. These protections will dictate the duration that personal information can be held and how it may be disseminated. For tech companies, social networks in particular, being able to tell users outside of the U.S. that they pushed for protections to be afforded to them is a win.
Click HERE to read the President’s Decision Directive for yourself.
Technology companies like Microsoft and Google have already begun responding to new knowledge of the NSA’s programs and a lack of trust in the will of Washington to take the policy steps they would like to see by strengthening the encryption on their networks. Encryption still works. The 2,048 bit encryption that users would have to opt-out of and other features will enable the protected networks to better withstand unauthorized access.
The President’s approach was measured, but his plan allows for significant change. With a tight March 28 deadline, the NSA’s surveillance programs may look very different in the Spring.