President Obama Surpasses Exceptionally Low Expectations On NSA Reforms, But Reforms Are Still Very Weak

from the you're-no-paul-revere dept

As expected, President Obama this morning gave his speech concerning his plans to “reform” the NSA. Similar to the original task force report, for which the White House first leaked claims that the recommended changes would be “cosmetic”… and then presented something a little more powerful, to try to win people over by beating low expectations. The same is true here. Earlier this week, the White House leaked out reports of cosmetic changes with little in the way of real reforms. Then, this morning, the President announced more significant reforms than expected. He did, in fact, propose a few major changes. You can read the full speech here. Among the things he announced:

  • A judge will have to approve each query for data on the metadata collection from Section 215 of the PATRIOT Act.
  • The “three hop” dragnet will be reduced down to two hops. That does, in fact, limit how far the NSA can search by quite a bit. That last hop is quite big.
  • The NSA should no longer hold all of the data, meaning that the telcos will be expected to hold onto it (though, he leaves it up to Congress and the DOJ to figure out how to do this). He calls this a “transition” away from the Section 215 program, but that’s hardly clear.
  • National Security Letters (NSLs) will no longer have an unlimited gag order on them. The Attorney General will need to set up guidelines for a time in which gag orders expire, with the possibility of extending them for investigations that are still ongoing.
  • Companies will be given slightly more freedom to reveal data on the NSLs they get (though I don’t think he indicated the same thing for Section 702 orders…. which is a big concern).
  • The Attorney General and the Director of National Intelligence will review annually FISC rulings to figure out what can be declassified.
  • He promises to “work with Congress” to look at changes to the FISA court
  • He is adding some very limited restrictions on spying on people overseas. It should only be used for actual counterterrorism/crime/military/real national security efforts.
  • A State Department official will be in charge of handling “diplomacy issues” related to these changes on foreign spying.
  • An effort will be started with technologists and privacy experts over how to handle “big data and privacy” in both the public and private sectors.

That is… he is ordering changes that go slightly beyond the expectations his own staffers leaked earlier this week… but stopping way short of actually fixing the problems. And, even with his changes, he leaves many of the details to Congress and the DOJ to sort out for themselves, which is not particularly encouraging, considering how both have acted for decades when it comes to surveillance.

Bulk data collection will still continue in some form, despite the fact that it appears that bulk data collection is rarely useful, compared to targeted surveillance. There will be slightly more oversight, despite the fact that oversight in the past has failed. There will be no effort to stop trying to compromise the technology of American (and foreign) companies leading to serious questions about our tech industry’s ability to do business overseas (and at home).

Yes, this is better than it could have been, but only by a tiny degree. The President claims that he is open to further changes, but the fact that he is clearly resisting the major overhauls that are clearly needed does not provide any confidence that he’s actually moving towards fixing the overreaching surveillance state. The speech sounded lofty, and talked about American ideals and the necessity of protecting civil liberties, but only moved the ball a very slight way towards getting there. Further, it leaves open plenty of ways for the intelligence community to claw back whatever he’s making them “give up” through other means.

Update: Embedded the Presidential Directive that he signed today to put all of what he discussed into effect. You can read it below.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “President Obama Surpasses Exceptionally Low Expectations On NSA Reforms, But Reforms Are Still Very Weak”

Subscribe: RSS Leave a comment
alecco says:

Foreigners, screw you

We, the foreign users of US services and products will sure remember this bit:

Third, the legal safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas. This is not unique to America; few, if any, spy agencies around the world constrain their activities beyond their own borders. And the whole point of intelligence is to obtain information that is not publicly available. But America?s capabilities are unique. And the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.

At least they are clear the US government doesn’t care about our rights to privacy.

Anonymous Coward says:

Re: Foreigners, screw you

Honestly, as a tech person here in the US even if it means my job, start up a boycott of US services. Money moves mountains. If another “ACTA” type protest of Google, FaceBook, Yahoo, Apple, Amazon et al was started, you would not only benefit local commerce by using local providers, but the US would have to about face very quickly on loss of revenue.

DropBox – OwnCloud
Amazon WebService – VirtMin
RackSpace –, Tata’s

Almost everything you use probably has an OpenSource or non-US alternative.

Anonymous Coward says:

Re: Foreigners, screw you

In all fairness, there are CLEARLY ESTABLISHED LAWS (ie. the Fourth Amendment) that have been violated for domestic surveillance. With regards to foreign surveillance, not so much. Much of the outrage in the US is that not only has our privacy been violated blatantly by our own government but it has happened as the result of a systematic, willful disregard for the law. We understand the outrage abroad and here he is clearly saying that we need to look at the appropriateness of what our government does abroad as well and adjust those policies accordingly. Whether he actually means that is another story altogether. But I really can’t take exception to that statement so much.

Internet Zen Master (profile) says:

I smell bullshit from Obama

It’s a start I guess… Not much of a start, but he did surpassed low expectations.

…Which tells me that the staff who leaked the intended reforms earlier this week did so intentionally in order to lower everyone’s expectations so that Obama would get praise and avoid more stinging criticism when he discussed his reforms today.

In other words, keep raising hell and pressuring him until he actually makes significant changes and doesn’t leave reforms up to the incompetents in Congress or the shady “making-things-up-as-we-go” types at the DOJ.

The NSA is under the Executive Branch, so the head of the Executive Branch should be the one to put the organization’s feet to the fire, not Congress.

Just my two cents.

Anonymous Coward says:

these are ‘pissing up my back and telling me it’s raining’ changes. basically, nothing changing but with alternatives in place to cover what is stopping. done mostly to try to keep the people quiet, not to curb the spying at all! i am anticipating more restrictions imposed by other nations, particularly with using US services and technology. nothing less than what is deserved!

Pragmatic says:

Re: Re: Re:

The House of Representatives must first pass, by a simple majority of those present and voting, articles of impeachment, which constitute the formal allegation or allegations. Upon passage, the defendant has been “impeached”. Next, the Senate tries the accused. In the case of the impeachment of a president, the Chief Justice of the United States presides over the proceedings. For the impeachment of any other official, the Constitution is silent on who shall preside, suggesting that this role falls to the Senate’s usual presiding officer. This may include the impeachment of the vice president, although legal theories suggest that allowing a defendant to be the judge in his own case would be a blatant conflict of interest. If the Vice President did not preside over an impeachment (of anyone besides the President), the duties would fall to the President pro tempore of the Senate.

Short version:

1. Get Congress to agree to impeach him
2. Get the Senate to try him
3. Get ready for President Biden
4. Stop laughing for a moment and say the words with me: President. Biden.

That’s not the reason he’s not being impeached; Congress has its filthy fingers deep in the MIC pie. Many of them own businesses that profit from the surveillance state and that’d all come out in the wash. Since they’re not obeying the law now, holding impeachment proceedings would simply bring down a spotlight on the conflicts of interest on both sides of the aisle.

As long as surveillance is considered to be a government thing rather than a private industry + FUD-driven thing, they can continue the charade.

Basically, if Obama goes down, most of the Intelligence Committee will go down with him and Joe Biden will be president.

Anonymous Coward says:

Bottom of page 2

This can be a big loophole:

this directive shall apply to signals intelligence activities conducted in order to collect communications or information about communications, except that it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.

It’s all done to ‘test or develop intelligence capabilities’. The NSA can just call there tools ‘beta’ forever and they may continue as they like.

MadAsASnake (profile) says:

Room full of Monkeys

To have impressed me, he would have had to stop the metadata collection. Consider:
– it has not stopped a terrorist attack
– it has not contributed to stopping activity
– everything used to date could have been obtained at least as well with targeted surveillance
– at best, it may provide useful data in the future.

Now, you could fill a room with monkeys and let them type for 10 years. It is highly likely that the output from Monkey typing would have provided precisely the same benefits – no more, no less. Whenever this is true, it is clear that whatever you are doing is pointless.

Unfortunately, this pointless activity which has massive financial and social costs, has not been stopped… why on earth not?

Tehrm (profile) says:

Two-Degrees of Suspicion

The two degree targeting requirement instead of three is still troubling. In order to be qualified for targeting, a single, intermediary relationship is all that is required between me and an named ‘terrorist’ organization. If I’ve been targeted in this way, does the targeting reach now extend two degrees away from me?

If I follow an account associated with a known hacker collective, which then follows and is followed by known hacker activists- is the requirement met to target my activity?

What about restaurants on social networks? If Bob’s Bacon-Wrapped Bacon and an internally recognized terrorist follow each other, then has the requirement for targeting been met for everyone who follows Bob’s Bacon-Wrapped Bacon?

FM Hilton (profile) says:

The actual speech

My husband listened/watched the entire thing, and all he could say was:

“He talked for an hour. Didn’t say anything, but kept talking anyway.”

That’s the gist of it all.

You wanted reform? With the wolves in Washington? No thank you very much! Not gonna happen in that town, that’s for sure!

He’s one person, in charge of the entire country. If he can’t get the balls to shut down the NSA, we’re fucked. All it would take would be an Executive Order, and the NSA is done.

Notice that he didn’t do that. Sure, he did a small one to address some small piece of business, but that’s window dressing for all of us who want something, anything done.

Now run along like good citizens. Remember this:

“If you have nothing to hide, you have nothing to fear!”

That One Guy (profile) says:

Dodging the main point

The NSA should no longer hold all of the data, meaning that the telcos will be expected to hold onto it (though, he leaves it up to Congress and the DOJ to figure out how to do this). He calls this a “transition” away from the Section 215 program, but that’s hardly clear.

Such wording avoids the core issue about all the data-gathering, and shifts it away from ‘they shouldn’t be doing it at all’, to ‘well now someone else holds onto the data’.

Basically it’s ‘redefining’ the problem, in the hopes that people will focus on who has the data, and ignore the fact that the data is being gathered in the first place.

Anonymous Coward says:

Which “judge”, and in which “court”, will the approval for searching 215 metadata come from? A secret rubber-stamp court judge? Bwahahah! Not a damn thing’s changed.

It’s still unconstitutional, and still violates the 4th amendment of constitution. Judicial “approval” falls far short of the “probable cause” enshrined in the 4th amendment in the Bill of Rights.

Make no mistake. We’re still on the road towards totalitarianism. We the taxpayers are also funding the construction of this new road.

M. Alan Thomas II (profile) says:

Smith v. Maryland heavily relies on an older case involving mandatory record-keeping by a third party with special access provisions for the government, provisions that were expanded in the Patriot Act. Those were about financial records, but still; I think that moving the data storage to a mandatory retention model gives them greater legal coverage without necessarily hamstringing them.

Side note: I’d love to see if any of the lawyers around here agree with me that teleco immunity doesn’t appear to apply to disclosures not authorized by law (a.k.a. abuse); if they’ve suddenly got to protect themselves from liability by pushing back on sketchy requests, that would be nice. Of course, they might reasonably believe that any such case would never be legally disclosed, so no-one would ever have standing to sue them.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...