Obama's NSA Reforms: What's Changing And What's Not
After ex-contractor Edward Snowden's leaks sparked months of revelations about the National Security Agency's collection of U.S. phone records, as well as a breadth of other sweeping NSA surveillance programs, President Barack Obama spoke on Friday about changes he plans to make to the agency's mass data collection policies.
The President promised "concrete and substantial" reforms to the NSA at a major policy speech on at the Department of Justice on Friday, addressing increasing concerns that the NSA's programs are a major threat to privacy and liberty, both in the U.S. and abroad.
"Americans recognized that we had to adapt to a world in which a bomb could be built in a basement and our electric grid could be shut down by operators an ocean away," said President Obama. "And yet, in our rush to respond to very real and novel threats, the risks of government overreach, the possibility that we lose some of our core liberties in pursuit of security, became more pronounced."
"The reforms I'm proposing today should give the American people greater confidence that their rights are being protected, even as our intelligence and law enforcement agencies maintain the tools they need to keep us safe," he said.
Reforming Metadata Searches
The swiftest reform from President Obama will be to the NSA's phone metadata search procedure. Under a new directive from the White House, all NSA officials are required to obtain approval from the secret "FISA" court (the classified judicial process first established in the Foreign Intelligence Surveillance Act) in order to search for specific phone data within the NSA's vast metadata database -- exempting only cases of a "true emergency."
NSA officials will also only be allowed to target data from phone numbers that are two degrees of separation away from a suspected terrorism target, and not three. In addition, telecommunications companies will be allowed to share more information with their customers about government data requests -- something that Google, Yahoo, and other major IT companies have been pushing for since the NSA's PRISM program was leaked.
Metadata Reform as Expected, but Not Definitive
Obama defended the bulk metadata collection, in general, saying it "does not involve the content of phone calls, or the names of people making calls. Instead, it provides a record of phone numbers and the times and lengths of calls: meta-data that can be queried if and when we have a reasonable suspicion that a particular number is linked to a terrorist organization." He brought up the case of one of the 9/11 hijackers, Khalid al-Mihdhar, who made a phone call that could have been traced by the current metadata program.
Obama also poked holes in one major recommendation made by his NSA review panel regarding metadata. The expert panel recommended that bulk metadata should not be kept by the government, but rather housed either in the hands of the private phone providers or a third party. Obama said storing that data in private hands raised procedural and legal ambiguities that may prove more trouble than it's worth.
Obama did not offer any specifics about where the NSA metadata will be housed, only agreeing that it would be outside the government without offering a specific alternative. Instead, he called for a transition period and asked Attorney General Eric Holder to report back to him with recommendations before the metadata program comes up for reauthorization in late March.
Promises for Foreign Surveillance Reform Larger than Expected
President Obama also promised changes to the NSA's mass surveillance outside the U.S., which has been shown to be much more intrusive and indiscriminate than the metadata collection within U.S. boarders.
Often referred to as "signals intelligence," the NSA's foreign surveillance programs have vacuumed up hundreds of millions of text messages, the content of phone calls, emails, and other communications on a daily basis. Obama promised to narrow the scope of these surveillance efforts to only counter espionage, terrorism, weapons of mass destruction, cyberthreats, criminal activity, and dangers to U.S. armed forces.
"Our signals intelligence activities must take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information," the new presidential directive states.
As part of the new directive, Obama promised that the U.S. would stop eavesdropping on heads of state of U.S. allies -- something that has iced relationships between the U.S. and NSA surveillance targets German Chancellor Angela Merkel, Brazilian President Dilma Rousseff, and top Mexican leaders.
"The leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them, rather than turning to surveillance," Obama said.
Other Reforms and Questions Still Lingering
Obama also offered a few other reforms -- some of which were recommended by his panel of experts. The President called on Congress to establish an outside panel of privacy advocates to argue for the cause of privacy in FISA court proceedings -- something which mirrors a recommendation and has been opposed by former FISA court and intelligence officials. In addition, the White House has ordered in its Presidential Privacy Directive on Friday that "privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities" -- meaning that privacy advocates will also have some kind of (unspecified) input into the NSA's foreign surveillance programs.
Still, while the changes announced by President Obama are seen as a victory for privacy advocates, who have been outraged throughout the past six months as more details about the power of the NSA's surveillance and data collection programs came to light, there are still questions remaining about some of the NSA's capabilities.
A whole range of reported NSA activity, exposed by the Snowden leaks, remain unmentioned by the President's reforms:
PRISM, which was the first leak by Snowden that showed in some cases the NSA compelled IT companies like Google and Yahoo to give information about users was not mentioned.
MUSCULAR, the NSA's secret program to tap directly into Yahoo and Google data center transfers to vacuum unencrypted data from "hundreds of millions" of account holders, which later forced IT companies to start encrypting even internal communications.
XKeyscore, a powerful program which allows the NSA to tap into almost any communication done on the internet, including personal emails and chats.
Undermining Encryption: Reported NSA efforts to undermine encryption of numerous security programs, including secretly paying security company RSA to purposely adopt an NSA-crackable standard, as well as being able to tap communications of 2G phones, one of the most common wireless standards in the world.
"Other" Activities: Leaked details on NSA activity also include rogue NSA employees spying on love interests and games like World of Warcraft.