Privacy Board Says NSA Doesn't Know How Effective Its Collection Programs Are, Doesn't Much Care Either
from the pay-no-attention-to-the-men-behind-the-haystacks dept
The Privacy and Civil Liberties Oversight Board (PCLOB) has just released its assessment [pdf link] of the NSA's ability to follow instructions. One year ago, it assessed the Section 215 bulk records collection. Six months later, it assessed the Section 702 program, which hoovers up email communications. Now, it has followed up on its recommendations and found the NSA surprisingly cooperative.
Overall, the Board has found that the Administration and the Intelligence Community have been responsive to its recommendations. The Administration has accepted virtually all of the recommendations in the Board’s Section 702 report and has begun implementing many of them. It also has accepted many of the recommendations in the Board’s Section 215 report and has supported legislation that would satisfy several more, including the most far-reaching of the Board’s proposals.BUT:
However, many of the recommendations directed at the Administration have yet to be fully satisfied, with the Administration having taken only partial steps, at most, toward implementing them.The first recommendation was one of the biggest: end the Section 215 program. The NSA doesn't really want to do this, but has seemed receptive to making some changes. The administration, on the other hand, hasn't offered anything to date other than lip service in support of this recommendation. It's been left up to legislators and, so far, legislation targeting the collection has failed to move forward. As the PCLOB noted in its assessment, the Section 215 program "lacks a viable legal foundation," as well as "posing a serious threat to privacy and civil liberties." And yet, it continues on unabated, with four renewals by the FISA court since the PCLOB's original assessment was delivered.
The PCLOB is now gently nudging the administration towards taking a hands-on approach.
It should be noted that the Administration can end the bulk telephone records program at any time, without congressional involvement.On the bright side, the NSA has cut back on the number of hops in its contact chaining and has to seek approval from the FISA court to search its stored records, and it must be able to provide proof of "reasonable articulable suspicion" before it can do so.
The same goes for the introduction of an actual adversarial process to FISA court proceedings with the addition of an advocate acting on behalf of Americans' interests. The NSA is in no hurry to see this done and, again, the administration has offered its support of the board's recommendations but has made no movement on its own. It's left to legislation to fix this, and if earlier NSA-targeting bills are any indication, this will most likely add to the growing pile of papery corpses left behind by failed Congressional fixes.
The NSA is also taking hesitant steps to publicly release more information on FISC orders and rulings. We've seen some of this via the Office of the Director of National Intelligence's tumblr blog. (Still a very odd sentence to type…) But, it must be noted that a large majority of what has been "released" so far has actually been propelled out of the ODNI's hands by a handful of FOIA lawsuits. So, this new "openness" is not entirely dissimilar to confessions that take "enhanced interrogation techniques" to acquire.
As for the Section 702 program, the PCLOB has recommended a number of technical changes, most of which are at least partly implemented at this point. What's more worrying is the fact that the NSA still continues to harvest "about" communications, thanks to its ability to talk a hesitant FISA court into a "novel" legal theory while operating under interim legislation back in 2007.
The PCLOB raises several concerns about the Section 702's harvesting of communications based on very tenuous connections.
[T]he permissible scope of targeting in the Section 702 program is broad enough that targets need not themselves be suspected terrorists or other bad actors. Thus, if the email address of a target appears in the body of a communication between two non-targets, it does not necessarily mean that either of the communicants is in touch with a suspected terrorist...The PCLOB also urges the release of information concerning the NSA, FBI and CIA's minimization procedures and stats on how often the NSA acquires and uses the communications of US persons -- both of which are in the "being considered" to "being implemented" stages.
While “about” collection is valued by the government for its unique intelligence benefits, it is, to a large degree, an inevitable byproduct of the way the NSA conducts much of its upstream collection. At least some forms of “about” collection present novel and difficult issues regarding the balance between privacy and national security. But current technological limits make any debate about the proper balance somewhat academic, because it is largely unfeasible to limit “about” collection without also eliminating a substantial portion of upstream’s “to/from” collection, which would more drastically hinder the government’s counterterrorism efforts. We therefore recommend that the NSA work to develop technology that would enable it to identify and distinguish among the 24 types of “about” collection at the acquisition stage, and then selectively limit or modify its “about” collection, as may later be deemed appropriate.
Most importantly, the PCLOB recommends the NSA cough up some evidence that these collections actually have any value. Unsurprisingly, this falls under the "not implemented" heading. And the ODNI/NSA's stalling only makes it look as though these programs are all show, but little substance.
Determining the efficacy and value of particular counterterrorism programs is critical. Without such determinations, policymakers and courts cannot effectively weigh the interests of the government in conducting a program against the intrusions on privacy and civil liberties that it may cause.Those on the surveillance side always remind us that there needs to be a balance between national security and civil liberties, but the agencies they defend have never bothered to examine the security/privacy ledger. And they're in no hurry to do so. The Section 215 program's effectiveness is highly dubious, and as for the Section 702 program, we (including the PCLOB) don't have enough information to even begin weighing its comparative value. For all the forced transparency, there simply hasn't been much forthcoming on the program itself, much less how useful it is in terms of counterterrorism.
If the NSA wishes to continue its plundering of privacy in pursuit of security, it needs to provide some hard data to back up its assertions that these programs are essential to the safety of the nation. It won't make the plundering OK, but at least it will give the public some idea where their rights stand in the NSA's eyes.