The White House just released the report from an advisory panel (PDF) suggesting changes to intelligence gathering surrounding communication technologies. The Obama administration doesn’t have to accept any of the 46 recommendations, of course, but if it does, it would mean some major shifts in the government’s approach to privacy, and critics of the National Security Agency are taking the proposals seriously. “We view it as a blueprint for restoring privacy protection in post-9/11 America,” says Marc Rotenberg, the president of the Electronic Privacy Information Center.
Here’s what the policy recommendations would mean for three key groups.
American Citizens: The panel essentially calls for an end to fishing expeditions where the government collects a lot of information and holds on to it in case it becomes useful at some point. The report calls for an end to the collection and storage of metadata about phone communications, and the panel would prevent “mass, undigested, non-public personal information about individuals to enable future queries and data-mining for foreign intelligence purposes.” It also suggests tighter restrictions on specific requests for information.
This doesn’t mean loads of personal information shouldn’t be collected and stored. Instead, the panel suggests having private companies or a third party hold on to the information. If the government wants to get it, it would have to ask. This could provide a level of safety, since the private groups would presumably push back against such requests (although it seems telephone companies haven’t done much of that so far). But not everyone likes the idea. “What we’re concerned about is this is opening the door for mandatory data retention, meaning there is a massive database about everything you do,” says Kurt Opsahl, a senior staff attorney with the Electronic Frontier Foundation.
The panel also wants to break up the duties of the NSA so that the military-related aspects of its work are separate from its defensive duties. Perhaps a civilian would be in charge. There are also various suggestions for tightening control of classified information to prevent the next coming of Edward Snowden.
Technology Companies and Technologists: The major consumer Internet companies have been livid about being associated with government spying, and want protections that will protect their business. The panel suggests giving them most of what they ask for.
First is the ability to disclose when the government demands personal information about their users, either through the Foreign Intelligence Surveillance Court or through National Security Letters from the Federal Bureau of Investigation. Silicon Valley’s major companies already put out so-called transparency reports detailing requests from governments, but have been forbidden from even acknowledging the existence of such communications. The panel suggests letting them, an idea that has already come up in Congress.
The panel also says that the government should commit to no longer undercutting encryption technologies, forcing companies to build so-called backdoors where officials could access data at will, and using undisclosed security flaws to attack foreign adversaries. American tech companies have been worried that suspicions that such activities might be taking place could hurt their international business. In essence, the government would be promising that American tech companies won’t be its Trojan horses.
The Rest of the World: In a nod to the political fallout from the Snowden disclosures, the panel also says that the government needs to think really carefully before surveilling foreign leaders. That said, it clearly leaves the door open to do so. Questions to be considered: whether leaders share American values, whether there’s a reason to think they’re lying to American officials, and whether there are other ways to get information about them.
The panel wants American officials to meet with “closely allied” governments to come up with standards about information gathering. Seemingly out of the blue, the panel suggests prohibiting officials from stealing commercial information or using intelligence gathering to exploit financial systems.
The panel also notes that citizens of countries other than the U.S. have legitimate privacy concerns that may be violated by overly aggressive American officials, an aspect of the debate that has often gotten short shrift in the domestic discussion. “The collection of intelligence should be undertaken in a way that recognizes the importance of cooperative relationships with other nations and that respects the legitimate privacy interests and the dignity of those outside our borders,” it says.