A hefty report from President Obama's tech advisers challenges a number of the National Security Agency's (NSA) lambasted data collecting practices, but many of the recommendations require the weight of lawmakers to effect change, privacy experts say.
The Review Group on Intelligence and Communications Technologies presented 46 recommendations in the report, which were crafted to provide guidance in maintaining national security without losing sight of the privacy rights of citizens, foreign leaders and individuals abroad pulled into the intelligence gathering fray.
Publicized documents, leaked by whistleblower Edward Snowden, have given the public insight on the government-led snooping tactics, namely carried out by the NSA, which has siphoned up enormous amounts of phone records and online communications in the purported name of thwarting national security threats.
Of note, the report recommended that the government examine the feasibility of creating software that would “allow the National Security Agency and other intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection.”
The panel also said that legislation should be passed that ends the government's bulk storage of telephone meta-data by having the information moved to and stored by private providers (for instance, cell phone companies) or private third parties “as soon as reasonably possible.”
Keeping with that suggestion, another recommendation also said that the government should commission a study of “the legal and policy options for assessing the distinction between metadata and other types of information [it collects]."
Specific concerns about the NSA undermining widely used encryption methods to secure online data were also directly mentioned in the report. The evidence of such handiwork carried out by the NSA was brought to light via Snowden leaks publicized in September.
Regarding encryption, the report recommended that the U.S. government “fully support and not undermine efforts to create encryption standards,” and that it shouldn't in any way “weaken,” “subvert,” or “make vulnerable” commercial software (a clear reference, again, to leaked intel that the NSA pressured major tech companies into giving i backdoor access to encryption software).
On Friday, Michelle Richardson, legislative counsel for the American Civil Liberties Union (ACLU), told SCMagazine.com that, as spelled out in some of the report recommendations, much of the objectives would require the action of Congress to become effective.
“I think it's really going to require Congress getting its act together and passing statutory changes,” Richardson said of implementation.
She added that the report was “impressive” in some aspects in that it “was so sweeping and responded to all of the leaks, in talking about insider threats and encryption.”
Still, the details of certain changes can only truly be spelled out and upheld through law.
“You can stop the bulk collection or make it more targeted and focused, but then the question becomes: What does that mean?” Richardson said.