Defense

NSA Reforms: What Will Change, And What Won't

Carolyn Kaster/AP

Depending on who you ask, President Obama's big-ticket changes to the way the government's spy agencies use bulk telephone data, revealed during a Friday speech, pave the way toward serious reform or are merely attempts at window dressing.

Obama, who stepped into his presidency with a "healthy skepticism" toward federal surveillance programs, outlined measures he took to improve or change operations. But what he didn't do "is stop these programs wholesale—not only because I felt that they made us more secure; but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens."

So what did change, and what didn't? First, here's what's new:

Phone metadata will no longer be housed at the NSA. In the coming months, the government will no longer maintain ownership of hundreds of millions of phone records collected from virtually all Americans. This is likely the biggest blockbuster enumerated by Obama, and it could draw some ire from members of the intelligence community.

But it will be held somewhere else. The bulk collection of Americans' phone records will continue, but instead it will be done by either private phone companies or some hypothetical, as-yet-undefined third-party entity. Although the path forward on this (will companies be hit with a data-retention mandate?) remains unclear, Obama wants a solution by the end of March.

More judicial approval required to search data. Beginning immediately, the U.S. spy agencies will need to obtain an order from the secret Foreign Intelligence Surveillance Court for any query it conducts.

A new independent "panel" to advocate for privacy in the FISA court. The outside panel's creation relies on action from Congress, but this offers a chance to satiate critics furious that the court approving surveillance orders only hears the government's side.

Fewer "hops" allowed when searching. Also effective immediately, the government will reduce from three to two the number of "hops," or degrees of separation, away from a suspected target it can jump when analyzing communications data.

Restrictions on spying on our allies. Obama and senior administration officials said heads of states considered to be "close friends and allies" will be off-limits to surveillance. If that sounds vague, that's because it is. Who qualifies as a close ally is not written in stone and can presumably change to meet perceived national security threats.

How intelligence agencies like the FBI use National Security Letters will no longer be so secretive. "I have therefore directed the attorney general to amend how we use National Security Letters so this secrecy will not be indefinite, and will terminate within a fixed time unless the government demonstrates a real need for further secrecy," Obama said. These documents compel certain parties to disclose information to the FBI.

Despite the changes, privacy advocates were quick to say more needs to be done to protect Americans' civil liberties. So, what's not changing?

The FBI still won't need to get a court order to issue subpoenas for information during investigations. A December report from a group of Obama-appointed advisers tasked with examining NSA surveillance recommended that National Security Letters, which the FBI uses to compel parties to disclose information, can be issued only after a judge finds that the government has reasonable grounds to believe that the information it seeks is relevant to an intelligence investigation. Of this, Obama said, "Here, I have concerns that we should not set a standard for terrorism investigations that is higher than those involved in investigating an ordinary crime."

Neither will FISA. Although Obama promised more oversight, the court retains much of its power to compel third parties to disclose private information to the government.

From a software perspective, how the NSA collects data won't change. "The U.S. government should examine the feasibility of creating software that would allow the National Security Agency and other intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection." Obama made no mention of tweaks to the agency's massive dragnet during his speech.

Leadership of NSA and Cyber Command isn't changing. The administration already dismissed this idea from the review panel, but Obama made no mention of allowing the NSA's leadership to change from military to civilian control. And the agency will not be separated from Cyber Command, the military's central cyberwarfare hub, something the December report pushed. The report also recommended that the director's position should be open to civilians and be subject to Senate approval.

The NSA is still going to bypass security encryptions on the Web. The review board said that the government should be "fully supporting and not undermining efforts to create encryption standards" and "making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption." The intelligence agency, however, has no plans to stop cracking others' encryption codes—it has plans to get better at it.

The president may have set out to end the NSA's bulk collection program "as it currently exists," but there's no doubt that much still remains the same. Phone metadata will still be collected and searched. Ultimately, much of the NSA's activity will continue to be shrouded in secrecy.

Get the Nextgov iPhone app to keep up with government technology news.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// August 29
X CLOSE Don't show again

Like us on Facebook