A hefty report from President Obama's tech advisers challenges a number of the National Security Agency's (NSA) lambasted data collecting practices, but many of the recommendations require the weight of lawmakers to effect change, privacy experts say.
The 308-page report (PDF) was submitted to the president last Friday and made its way before the public on Wednesday, when the White House released its contents in full.
The Review Group on Intelligence and Communications Technologies presented 46 recommendations in the report, which were crafted to provide guidance in maintaining national security without losing sight of the privacy rights of citizens, foreign leaders and individuals abroad pulled into the intelligence gathering fray.
Publicized documents, leaked by whistleblower Edward Snowden, have given the public insight on the government-led snooping tactics, namely carried out by the NSA, which has siphoned up enormous amounts of phone records and online communications in the purported name of thwarting national security threats.
Of note, the report recommended that the government examine the feasibility of creating software that would “allow the National Security Agency and other intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection.”
The panel also said that legislation should be passed that ends the government's bulk storage of telephone meta-data by having the information moved to and stored by private providers (for instance, cell phone companies) or private third parties “as soon as reasonably possible.”
Keeping with that suggestion, another recommendation also said that the government should commission a study of “the legal and policy options for assessing the distinction between metadata and other types of information [it collects]."
Specific concerns about the NSA undermining widely used encryption methods to secure online data were also directly mentioned in the report. The evidence of such handiwork carried out by the NSA was brought to light via Snowden leaks publicized in September.
Regarding encryption, the report recommended that the U.S. government “fully support and not undermine efforts to create encryption standards,” and that it shouldn't in any way “weaken,” “subvert,” or “make vulnerable” commercial software (a clear reference, again, to leaked intel that the NSA pressured major tech companies into giving i backdoor access to encryption software).
On Friday, Michelle Richardson, legislative counsel for the American Civil Liberties Union (ACLU), told SCMagazine.com that, as spelled out in some of the report recommendations, much of the objectives would require the action of Congress to become effective.
“I think it's really going to require Congress getting its act together and passing statutory changes,” Richardson said of implementation.
She added that the report was “impressive” in some aspects in that it “was so sweeping and responded to all of the leaks, in talking about insider threats and encryption.”
Still, the details of certain changes can only truly be spelled out and upheld through law.
“You can stop the bulk collection or make it more targeted and focused, but then the question becomes: What does that mean?” Richardson said.
In a Wednesday statement, Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation (EFF), said that while, “the review board floats a number of interesting reform proposals, and we're especially happy to see them condemn the NSA's attacks on encryption and other security systems people rely upon,” EFF still hoped that a clear call to end untargeted spying would have been presented.
“We're disappointed that the recommendations suggest a path to continue untargeted spying,” Opsahl said. “Mass surveillance is still heinous, even if private company servers are holding the data instead of government data centers.”
Recent legal proceedings have called the government to task on its undettered spying.
On Monday, a federal judge in Washington, D.C. ruled that the NSA's bulk collection of telephone records was likely unconstitutional. And in late October, lawmakers joined together to introduce legislation that would put an end to the mass collection of citizens' communications by the NSA.
Judge Richard Leon, who made the ruling, said that he could not imagine a more “indiscriminate or arbitrary invasion than this systematic and high-tech collection and retention of personal data on virtually every single citizen…”
Richardson said that the report, too, marks the start of an uphill battle.
"A lot of this is going to be [dependent] on the implementation, because a lot of the recommendations stayed in at the principle level," she said.