NSA Reforms: Obama leaves door open for further action

US President Obama has released a plan overhauling his government’s surveillance activities. Dr Patrick Walsh, Senior Lecturer of Intelligence and Security Studies at CSU, says that the presidential directive is a small step in the right direction.

Last Friday, President Obama released Presidential Policy Directive 28 (Signals Intelligence Activities) containing new guidance on curtailing some of the US government’s surveillance activities. PPD 28 drew heavily on a report prepared by the President’s Advisory Committee on the NSA which was released on 12 December 2013.

Both the report and the President’s response on Friday followed multiple leaks by former NSA contractor Edward Snowden in 2013. These leaks compounded pressure on the Obama Administration both domestically and internationally for Washington to do something about the perceived excesses of the NSA’s surveillance programs.

Obama’s presidential directive is his attempt to strike some balance (as difficult as this is to do) between the expectations of foreign leaders, civil liberty/privacy advocates and the US intelligence community which still need to intercept the communications of terrorists and criminals who continue to plan and plot against the US or its allies like Australia.

The Advisory Committee Report came up with 46 recommendations for the President to consider, though the document only addresses in detail three or four of these. The PPD covers a lot of ground about how the US intelligence community needs to be better at weighing the ‘costs versus benefits’ of using this kind of surveillance of phone records, emails and social media.

There is also lot in the PPD on improving policies and processes about how signals intelligence collection requirements should be monitored, data quality, data security and access, and the dissemination of this type of intelligence. These issues amount to improving ‘intelligence governance’ within and between intelligence agencies – a subject I have researched previously in my 2011 book Intelligence and Intelligence Analysis.

The key area though that many civil liberties groups were hoping to see in the President’s PPD was the abolishing of meta-data (details of times, telephone numbers and duration of calls) stored by the NSA that includes data on US citizens and foreign nationals. The Presidential Advisory Committee had recommended the US should stop collecting and storing meta-data. The advisory committee suggested as a compromise that the meta-data could be held by private providers or even more vaguely a ‘private third party.’

But I think Obama was right to retain this bulk meta-data component by the NSA for two reasons.

First, the huge and dense volumes of global communications makes it very difficult to track the relationships between for example two or more persons of interest on opposite sides of the world in real time, who are planning to blow up a major icon in Sydney or New York.  You need a collection system that can churn through huge amounts of data in real time to disrupt plots. Take away the meta-data capability and the pace and scale of global information traffic makes this kind of timely intelligence collection near impossible to do.

Second, getting a private company to store meta-data would slow down the access process to this information, particularly in cases where a terrorist operation may be unfolding in hours, not days.  ‘Outsourcing’ the storage of meta-data would also increase the costs to government.

Instead, Obama’s PPD outlines limitations on how this bulk data can be used and orders the Director of National Intelligence to come back to him in one year with a report on the feasibility of creating software that would allow the intelligence community more easily to conduct targeted information acquisition rather than bulk collection. I am sceptical that much, at least in public, will come from this in one year given the technological focus remaining on data mining and analytics of bulk data sources.

The final significant area addressed in the President’s PPD and also in the report prepared by the advisory committee is the role of oversight. How do we get better oversight of the NSA to ensure its collection activities can be periodically audited to make certain that they uphold privacy and civil liberties of US and non-citizens? Oversight of the US intelligence community is already like ‘alphabet soup’ and needs a good root and branch clean up. There are no overnight fixes here.

In the context of oversight, the PPD does spend some time providing general suggestions on how this could be improved, but the document is pretty vague on this point. The President’s advisory committee made some good recommendations on oversight including a revamped Civil Liberties and Privacy Protection Board to oversee the entire intelligence community’s foreign intelligence collection activities and their impact on privacy and civil liberties.

Also included there is the suggestion that a new Civil Liberties and Privacy Protection Board should be the authorised recipient for whistleblower complaints related to privacy and civil liberty concerns from employees in the intelligence community. This initiative may take some of the wind out of the sails of potential future Snowdens, who claim they have nowhere to go with their complaints other than the media.

Obama’s PPD is a small step in the right direction. The rationales for not closing down the meta-data capability will disappoint some in the civil liberties movement. In the end though it’s important to remember that the ultimate civil liberty is protection from harm, whether from criminals, terrorists, weapons of mass destruction or pandemics. In the absence of other workable technological solutions, we still need this kind of surveillance capability to give us this security, but in liberal democracies it can never be a blank cheque.