President Obama Surpasses Exceptionally Low Expectations On NSA Reforms, But Reforms Are Still Very Weak

from the you're-no-paul-revere dept

As expected, President Obama this morning gave his speech concerning his plans to "reform" the NSA. Similar to the original task force report, for which the White House first leaked claims that the recommended changes would be "cosmetic"... and then presented something a little more powerful, to try to win people over by beating low expectations. The same is true here. Earlier this week, the White House leaked out reports of cosmetic changes with little in the way of real reforms. Then, this morning, the President announced more significant reforms than expected. He did, in fact, propose a few major changes. You can read the full speech here. Among the things he announced:
  • A judge will have to approve each query for data on the metadata collection from Section 215 of the PATRIOT Act.
  • The "three hop" dragnet will be reduced down to two hops. That does, in fact, limit how far the NSA can search by quite a bit. That last hop is quite big.
  • The NSA should no longer hold all of the data, meaning that the telcos will be expected to hold onto it (though, he leaves it up to Congress and the DOJ to figure out how to do this). He calls this a "transition" away from the Section 215 program, but that's hardly clear.
  • National Security Letters (NSLs) will no longer have an unlimited gag order on them. The Attorney General will need to set up guidelines for a time in which gag orders expire, with the possibility of extending them for investigations that are still ongoing.
  • Companies will be given slightly more freedom to reveal data on the NSLs they get (though I don't think he indicated the same thing for Section 702 orders.... which is a big concern).
  • The Attorney General and the Director of National Intelligence will review annually FISC rulings to figure out what can be declassified.
  • He promises to "work with Congress" to look at changes to the FISA court
  • He is adding some very limited restrictions on spying on people overseas. It should only be used for actual counterterrorism/crime/military/real national security efforts.
  • A State Department official will be in charge of handling "diplomacy issues" related to these changes on foreign spying.
  • An effort will be started with technologists and privacy experts over how to handle "big data and privacy" in both the public and private sectors.
That is... he is ordering changes that go slightly beyond the expectations his own staffers leaked earlier this week... but stopping way short of actually fixing the problems. And, even with his changes, he leaves many of the details to Congress and the DOJ to sort out for themselves, which is not particularly encouraging, considering how both have acted for decades when it comes to surveillance.

Bulk data collection will still continue in some form, despite the fact that it appears that bulk data collection is rarely useful, compared to targeted surveillance. There will be slightly more oversight, despite the fact that oversight in the past has failed. There will be no effort to stop trying to compromise the technology of American (and foreign) companies leading to serious questions about our tech industry's ability to do business overseas (and at home).

Yes, this is better than it could have been, but only by a tiny degree. The President claims that he is open to further changes, but the fact that he is clearly resisting the major overhauls that are clearly needed does not provide any confidence that he's actually moving towards fixing the overreaching surveillance state. The speech sounded lofty, and talked about American ideals and the necessity of protecting civil liberties, but only moved the ball a very slight way towards getting there. Further, it leaves open plenty of ways for the intelligence community to claw back whatever he's making them "give up" through other means.

Update: Embedded the Presidential Directive that he signed today to put all of what he discussed into effect. You can read it below.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 9:14am

    Really?

    "He is adding some very limited restrictions on spying on people overseas. It should only be used for actual counterterrorism/crime efforts."

    Really? So no more spying on, for example, foreign military? I somehow doubt it.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Mike Masnick (profile), Jan 17th, 2014 @ 9:21am

    Re: Really?

    Really? So no more spying on, for example, foreign military? I somehow doubt it.


    Yeah, that should have been in there as well. I edited that sentence. Had meant to add a bit more to it, but forgot to finish it off when he moved on to the next thing.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 9:29am

    But lets not focus on any of the /other/ programs, just the telephone metadata restrictions...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    alecco, Jan 17th, 2014 @ 9:37am

    Foreigners, screw you

    We, the foreign users of US services and products will sure remember this bit:

    Third, the legal safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas. This is not unique to America; few, if any, spy agencies around the world constrain their activities beyond their own borders. And the whole point of intelligence is to obtain information that is not publicly available. But America’s capabilities are unique. And the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.


    At least they are clear the US government doesn't care about our rights to privacy.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Internet Zen Master (profile), Jan 17th, 2014 @ 9:41am

    I smell bullshit from Obama

    It's a start I guess... Not much of a start, but he did surpassed low expectations.

    ...Which tells me that the staff who leaked the intended reforms earlier this week did so intentionally in order to lower everyone's expectations so that Obama would get praise and avoid more stinging criticism when he discussed his reforms today.

    In other words, keep raising hell and pressuring him until he actually makes significant changes and doesn't leave reforms up to the incompetents in Congress or the shady "making-things-up-as-we-go" types at the DOJ.

    The NSA is under the Executive Branch, so the head of the Executive Branch should be the one to put the organization's feet to the fire, not Congress.

    Just my two cents.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 9:49am

    these are 'pissing up my back and telling me it's raining' changes. basically, nothing changing but with alternatives in place to cover what is stopping. done mostly to try to keep the people quiet, not to curb the spying at all! i am anticipating more restrictions imposed by other nations, particularly with using US services and technology. nothing less than what is deserved!

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 9:54am

    Re: Foreigners, screw you

    Honestly, as a tech person here in the US even if it means my job, start up a boycott of US services. Money moves mountains. If another "ACTA" type protest of Google, FaceBook, Yahoo, Apple, Amazon et al was started, you would not only benefit local commerce by using local providers, but the US would have to about face very quickly on loss of revenue.

    Examples:
    DropBox - OwnCloud
    Amazon WebService - VirtMin
    RackSpace - VPS.net, Tata's instacompute.com

    Almost everything you use probably has an OpenSource or non-US alternative.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    DannyB (profile), Jan 17th, 2014 @ 10:23am

    Only two hops from suspected terrorists?

    I'm so relieved. I wonder if they'll change the definition of 'suspected'?

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Skeptical Cynic (profile), Jan 17th, 2014 @ 10:25am

    Re: Re: Really?

    Mike are you lying to us? I am not sure I seen you miss something like that ever or miss including something that should have been. Are you pulling an Obama on us trying to CYA (cover your assets)and then blame it on someone else?

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Skeptical Cynic (profile), Jan 17th, 2014 @ 10:29am

    Re: Foreigners, screw you

    What that means is if you are not "US" (both meanings)then your info will be gotten. And FU!!!!! You have been PWNED and your info OWNED!

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Watchit (profile), Jan 17th, 2014 @ 10:34am

    Which court will approve the data query though? If it's the FISA court then I don't see it as much of an improvement considering they're a glorified rubber stamp.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    krolork (profile), Jan 17th, 2014 @ 10:43am

    We need a revolution.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 10:45am

    Re: Foreigners, screw you

    Simple fix (not so simple)elect officials in your country that will make it illegal for any other country to collect its citizens data.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 10:46am

    Re: Only two hops from suspected terrorists?

    or make it a very long hop.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 10:47am

    If you like your privacy, you can keep it !

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 10:49am

    This was classic smoke and mirrors for those not educated in the workings of the internet and mobile devices. i call bs

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 10:55am

    Still worthless!!!!

    How about punishment for breaching rules? Which head rolls when breaches happen? Looks like more splash and flash to me.

    Will believe something has changed when the hammer drops or the heads start rolling. It is the only way... its just human nature to break the rules and push the limits.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Me, Jan 17th, 2014 @ 11:04am

    Scumbag President

    There is no "reform" here.

    It's the same old, same old. The only "change" is the bone thrown to big business by letting them bid on housing data, which they already do!

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 11:10am

    Re:

    I second that. How do the people go about initiating impeachment?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 11:12am

    Fuck reform, I want to see them obey the constitution they are sworn to uphold and I want to see arrests and trials for those who have violated their oath. When is the President going to give a speech about that?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 11:44am

    Bottom of page 2

    This can be a big loophole:

    this directive shall apply to signals intelligence activities conducted in order to collect communications or information about communications, except that it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.

    It's all done to 'test or develop intelligence capabilities'. The NSA can just call there tools 'beta' forever and they may continue as they like.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    weneedhelp (profile), Jan 17th, 2014 @ 12:00pm

    Re: Re:

    Get Monica to blow Barry. That will do it.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 12:08pm

    Just wondering, but is there an NSA exception to the Computer Fraud and Abuse Act?

    If not, these folks are definitely breaking that law...

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    MadAsASnake (profile), Jan 17th, 2014 @ 12:12pm

    Room full of Monkeys

    To have impressed me, he would have had to stop the metadata collection. Consider:
    - it has not stopped a terrorist attack
    - it has not contributed to stopping activity
    - everything used to date could have been obtained at least as well with targeted surveillance
    - at best, it may provide useful data in the future.

    Now, you could fill a room with monkeys and let them type for 10 years. It is highly likely that the output from Monkey typing would have provided precisely the same benefits - no more, no less. Whenever this is true, it is clear that whatever you are doing is pointless.

    Unfortunately, this pointless activity which has massive financial and social costs, has not been stopped... why on earth not?

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    Rapnel (profile), Jan 17th, 2014 @ 12:48pm

    Re: Bottom of page 2

    Indeed.

    "We regret to inform you that your privacy died on a training mission. Take this flag in appreciation and recognition for your privacy's service."

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    JWW (profile), Jan 17th, 2014 @ 12:52pm

    Re: Re: Only two hops from suspected terrorists?

    Probably not that. All they have to do is find a number from the 2nd hop and do two more hops from that one.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 12:52pm

    Re: Room full of Monkeys

    For me to be impressed it would have to start with having the Attorney General announce the indictment of and arrest warrants for Hayden, Clapper, and Alexander.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Tehrm (profile), Jan 17th, 2014 @ 1:23pm

    Two-Degrees of Suspicion

    The two degree targeting requirement instead of three is still troubling. In order to be qualified for targeting, a single, intermediary relationship is all that is required between me and an named 'terrorist' organization. If I've been targeted in this way, does the targeting reach now extend two degrees away from me?

    If I follow an account associated with a known hacker collective, which then follows and is followed by known hacker activists- is the requirement met to target my activity?

    What about restaurants on social networks? If Bob's Bacon-Wrapped Bacon and an internally recognized terrorist follow each other, then has the requirement for targeting been met for everyone who follows Bob's Bacon-Wrapped Bacon?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jan 17th, 2014 @ 2:00pm

    Re: Foreigners, screw you

    In all fairness, there are CLEARLY ESTABLISHED LAWS (ie. the Fourth Amendment) that have been violated for domestic surveillance. With regards to foreign surveillance, not so much. Much of the outrage in the US is that not only has our privacy been violated blatantly by our own government but it has happened as the result of a systematic, willful disregard for the law. We understand the outrage abroad and here he is clearly saying that we need to look at the appropriateness of what our government does abroad as well and adjust those policies accordingly. Whether he actually means that is another story altogether. But I really can't take exception to that statement so much.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    FM Hilton, Jan 17th, 2014 @ 6:20pm

    The actual speech

    My husband listened/watched the entire thing, and all he could say was:

    "He talked for an hour. Didn't say anything, but kept talking anyway."

    That's the gist of it all.

    You wanted reform? With the wolves in Washington? No thank you very much! Not gonna happen in that town, that's for sure!

    He's one person, in charge of the entire country. If he can't get the balls to shut down the NSA, we're fucked. All it would take would be an Executive Order, and the NSA is done.

    Notice that he didn't do that. Sure, he did a small one to address some small piece of business, but that's window dressing for all of us who want something, anything done.

    Now run along like good citizens. Remember this:

    "If you have nothing to hide, you have nothing to fear!"

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    That One Guy (profile), Jan 17th, 2014 @ 6:33pm

    Dodging the main point

    The NSA should no longer hold all of the data, meaning that the telcos will be expected to hold onto it (though, he leaves it up to Congress and the DOJ to figure out how to do this). He calls this a "transition" away from the Section 215 program, but that's hardly clear.

    Such wording avoids the core issue about all the data-gathering, and shifts it away from 'they shouldn't be doing it at all', to 'well now someone else holds onto the data'.

    Basically it's 'redefining' the problem, in the hopes that people will focus on who has the data, and ignore the fact that the data is being gathered in the first place.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Jan 18th, 2014 @ 1:57am

    Which "judge", and in which "court", will the approval for searching 215 metadata come from? A secret rubber-stamp court judge? Bwahahah! Not a damn thing's changed.

    It's still unconstitutional, and still violates the 4th amendment of constitution. Judicial "approval" falls far short of the "probable cause" enshrined in the 4th amendment in the Bill of Rights.

    Make no mistake. We're still on the road towards totalitarianism. We the taxpayers are also funding the construction of this new road.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    techie, Jan 18th, 2014 @ 5:43pm

    First hint is timing: Friday afternoon. Nice try.

    Slo-Mo weekend. In the world of TMI, most should move on to next stories by Monday, instead of looking at details.

    Second: prerequisite to change is to put in prison known criminals, such as Alexander and Clapper.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Jan 18th, 2014 @ 5:56pm

    Re: Re: Room full of Monkeys

    Holder expects you to obey the law instead.

    Holder himself is a criminal (Fast and Furious gun walking).

    The whole thing is not going to end right for everybody.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    M. Alan Thomas II (profile), Jan 18th, 2014 @ 9:20pm

    Smith v. Maryland heavily relies on an older case involving mandatory record-keeping by a third party with special access provisions for the government, provisions that were expanded in the Patriot Act. Those were about financial records, but still; I think that moving the data storage to a mandatory retention model gives them greater legal coverage without necessarily hamstringing them.

    Side note: I'd love to see if any of the lawyers around here agree with me that teleco immunity doesn't appear to apply to disclosures not authorized by law (a.k.a. abuse); if they've suddenly got to protect themselves from liability by pushing back on sketchy requests, that would be nice. Of course, they might reasonably believe that any such case would never be legally disclosed, so no-one would ever have standing to sue them.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Pragmatic, Jan 20th, 2014 @ 9:34am

    Re: Re:

    http://en.wikipedia.org/wiki/Impeachment#Process

    The House of Representatives must first pass, by a simple majority of those present and voting, articles of impeachment, which constitute the formal allegation or allegations. Upon passage, the defendant has been "impeached". Next, the Senate tries the accused. In the case of the impeachment of a president, the Chief Justice of the United States presides over the proceedings. For the impeachment of any other official, the Constitution is silent on who shall preside, suggesting that this role falls to the Senate's usual presiding officer. This may include the impeachment of the vice president, although legal theories suggest that allowing a defendant to be the judge in his own case would be a blatant conflict of interest. If the Vice President did not preside over an impeachment (of anyone besides the President), the duties would fall to the President pro tempore of the Senate.

    Short version:

    1. Get Congress to agree to impeach him
    2. Get the Senate to try him
    3. Get ready for President Biden
    4. Stop laughing for a moment and say the words with me: President. Biden.

    That's not the reason he's not being impeached; Congress has its filthy fingers deep in the MIC pie. Many of them own businesses that profit from the surveillance state and that'd all come out in the wash. Since they're not obeying the law now, holding impeachment proceedings would simply bring down a spotlight on the conflicts of interest on both sides of the aisle.

    As long as surveillance is considered to be a government thing rather than a private industry + FUD-driven thing, they can continue the charade.

    Basically, if Obama goes down, most of the Intelligence Committee will go down with him and Joe Biden will be president.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    @b, Jan 20th, 2014 @ 6:28pm

    Team America: World Police

    Okay so then after the US Gov is deemed to be in breach of Fijian privacy law. Now what happens.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This