Working in secret like the programs they’re reviewing, five men with high-level security clearances and ties to President Barack Obama will soon deliver a report that’s likely to reshape U.S. government surveillance.
The group, which is scrutinizing the data harvesting by the National Security Agency, relies on the government’s spy office -- the very people it’s supposed to be examining -- for its staff and logistics. While that may be the safest way to handle sensitive materials, it also limits contrarian viewpoints, say people alarmed by the surveillance disclosures.
“This is a panel of administration insiders and therefore lacks credibility as a panel of independent reviewers,” said Sascha Meinrath, director of the Open Technology Institute at the New America Foundation in Washington, who participated in a Sept. 9 meeting with the review group.
Credibility is vital because recommendations by the Review Group on Intelligence and Communications, if adopted by Obama, could have consequences for Google Inc., Microsoft Corp., Facebook Inc. and Apple Inc., among other technology companies.
Companies are facing the loss of billions of dollars in overseas business, stricter regulations and trade barriers, and erosion of consumer trust amid revelations the NSA hacked into private networks to spy on foreigners and Americans. Private companies also have been compelled to share data while being barred from disclosing details to their customers.
Any recommendations also are likely to affect U.S. foreign policy. European allies, with whom Obama is negotiating a trade pact, have reacted with concern that the NSA’s work reached beyond tracking terrorists and into commerce and trade.
The panel was created in August in response to an international furor after leaks from former government contractor Edward Snowden, who revealed the extent of communications and data swept up by the NSA’s programs.
Panel members are Richard Clarke, a former U.S. cybersecurity adviser; Michael Morell, a former deputy CIA director; Geoffrey Stone, a University of Chicago law professor; Cass Sunstein, a Harvard Law School professor who once worked in the administration; and Peter Swire, who served on Obama’s National Economic Council.
“They’re driven by an earnest desire to do right that is through the lens of an incredibly biased perspective,” Meinrath said. “They either are directly or have been part of the intelligence community or the Obama administration.”
The panel’s final report, due to the president by Dec. 15, follows interim findings delivered orally at the White House earlier this month and two private meetings held in September, according to participants.
The options for changes at the NSA, floated by stakeholders, lawmakers and the administration, cover everything from limiting the scope of the surveillance programs to expanding public disclosure and strengthening oversight.
Two qualifications each panelist had on his side when Obama tapped him: a security clearance to review the NSA’s classified programs -- and being steeped in Washington policy or politics.
One example of those ties: At a Nov. 14 awards banquet for the Middle East Institute, Clarke, who is chairman of the board of governors, was hailed by Obama’s National Security Adviser Susan Rice. She told the audience that he had been her “first boss in government” during the Clinton administration and “a wonderful mentor to me.”
Clarke is chief executive officer of Good Harbor Security Risk Management in Washington, which has advised telecommunications, utility and private-equity firms.
Sunstein, an Obama campaign supporter, served as the administrator of the White House Office of Information and Regulatory Affairs until last year. Sunstein, a Bloomberg View columnist, is also married to Obama’s United Nations ambassador, Samantha Power.
Stone, a former faculty colleague of Obama’s at the University of Chicago law school, also was involved in an effort to consider establishing the president’s library at the campus, according to a 2012 story in Politico.
Swire, who also served in the Clinton administration as a privacy expert, was tapped last year as co-chairman of a World Wide Web Consortium working group charged with defining a protocol to protect privacy.
The panelists declined to be interviewed. The Office of the Director of National Intelligence said they won’t answer questions until the report is complete.
The agency declined to say how many times the panel had met, whether panelists had access to technical consultants to discuss classified programs, and whether they were required to disclose financial or professional interests that posed potential conflicts of interests.
Caitlin Hayden, a National Security Council spokeswoman, said the members “bring to the task immense experience in national security, intelligence, oversight, privacy and civil liberties.”
She said they will advise Obama on how the U.S. can use its technical collection capabilities in a way that “protects our national security and advances our foreign policy while respecting our commitment to privacy.”
At a fundraiser last night in Seattle, Obama mentioned the NSA disclosures as one of the challenges to the country that have helped make “people feel discouraged or concerned about whether or not we can continue to make progress.”
Christopher Soghoian, principal technologist with the American Civil Liberties Union’s Speech, Privacy and Technology Project in Washington, said the omission of technical experts on the panel is his biggest worry.
“It’s going to be very difficult for the board to do their job unless they have technologists working for them,” he said. “How do you perform effective oversight? How do you ask the right questions?”
While panel deliberations are secret, public comments posted to the website of the Office of the Director of National Intelligence, which provides the panel’s two staff members and other logistical support, reflect concerns including those of major Internet companies.
Revelations of NSA spying may cost the U.S. cloud industry as much as $35 billion by 2016, the Information Technology Industry Council, which represents more than 50 companies, including Google and Facebook, and the Software Information Industry Association told the panel in a letter.
They cited an August report by the Information Technology and Innovation Foundation, which predicted the U.S. would lose as much as 20 percent of the foreign market for cloud computing to competitors as a result of the NSA’s surveillance programs.
That forecast was based partly on a survey by the Cloud Security Alliance, in which 56 percent of non-U.S. residents said they were less likely to use a U.S.-based cloud computing service; 10 percent canceled work with one after the NSA leaks.
The two organizations also told the panel the NSA programs “could serve as the pretext for protectionist measures in foreign markets,” as a way to advance domestic competitors.
“I know I have no say in your country’s politics,” said one small-business owner from the Philippines in another posting on the Office of the Director of National Intelligence website.
“I would just like to say that, prior to this recent disclosure, we were going to have our webpage and e-mail server hosted by a US company, either Microsoft or Google. Now we are discouraged from doing so and have made inquiries with ‘cloud providers’ based in Europe and Asia.”
Technologists and civil libertarians have urged the panel to determine to what extent the NSA is seeking to subvert encryption technology to conduct its surveillance, and whether the NSA is placing operatives inside companies.
They also are seeking expanded audits of NSA programs for legal compliance and accuracy, and more disclosure of how much information on individual U.S. residents is being collected and how it is secured against misuse.
One option the administration is considering is separating the Pentagon’s Cyber Command from the NSA. The military command, which can carry out cyber-attacks, is charged with protecting U.S. networks. The NSA seeks to penetrate those same networks. Under the current structure, Army General Keith Alexander heads both organizations.
Trade groups are asking the panel to look at allowing affected companies to report more about the number of government orders they receive to turn over information and the number of people and businesses affected.
Since the NSA revelations, companies “have had serious problems with user trust” and being unable to describe the volume of the government’s demands “only exacerbates the distrust,” the Computer and Communications Industry Association told the panel in a filing.
Senator Ron Wyden, an Oregon Democrat and critic of the NSA’s records collection, said he’s withholding judgment on the panel until he sees the results.
“The case for meaningful surveillance reform continues to be made every day, however, by the declassified documents showing the extent to which intelligence officials violated privacy protections,” Wyden said in an e-mailed statement.