The wait is finally over! Despite having said it would come out in January, the Obama Administration hustled and released a report from the advisory committee set up to recommend changes to the NSA. And, my, are those changes many.
The report outlines over 40 recommendations to modify the NSA's counterterrorism program. They run the gamut from headline-grabbing issues, like the agency's collection of phone metadata, to the specific tasks the NSA is responsible for. While Obama himself has addressed some of these issue in the six months since Edward Snowden's leak, the hasty release of the advisory committee's recommendations arrives just two days after a federal judge said that the NSA's collection of phone records may be unconstitutional. Obama met with five members of the review board on Wednesday morning before the press secretary announced the release of the report. According to one official, the suggested changes to the NSA are "significantly more far-reaching than many expected."
We collected the more major changes and made a neat little list for you. It will be up to Obama to decide which recommendations to heed and which to ignore, but it'll be a little while before we get the final say. You can read the (very long) report below.
Well, you should've seen this one coming. As the NSA's collection of telephone records and metadata is one of the most offensive revelations of unwarranted government surveillance ever, it's nice that the advisory board would like to change how that works. The report recommends that the NSA no longer be responsible for this sort of thing. They're not getting rid of a phone database altogether, though. They'd just prefer that the phone companies or a third party—perhaps one set up for this explicit purpose—keep the records.
Remember back when we learned that the NSA had tapped into the databases of pretty much every internet company out there? Well, the very sensible advisory committee would like that to stop. Per their recommendations, the NSA can't ask companies to give them a way to access encrypted data. In the report's own words: "The use of 'for-profit' corporations to conduct personnel investigations should be reduced or terminated."
The committee does push back at the idea that there are "backdoors" built into software. The report reads:
We are aware of recent allegations that the United States Government has intentionally introduced "backdoors" into commercially available software, enabling decryption of apparently secure software. We are also aware that some people have expressed concern that such "backdoors" could be discovered and used by criminal cartels and other governments, and hence that some commercially available software is not trustworthy today.
In fact, the committee recommends the government support creating encryption standards and improving encryption technology. They're also prohibited, in The Washington Post's words, "from stockpiling 'zero day' hacking tools that can be used to penetrate computer systems, and in some cases, damage or destroy them." This is super-good news for global internet security which the NSA was undermining by sneaking into all those websites.
The NSA would be relieved of its role guarding classified government computer systems. This would help to keep the agency on the offense. Inevitably, the NSA is tasked with gaining access to foreign computer systems, and the committee thinks that keeping defensive roles out of its purview will help it do a better job. However, President Obama has already decided that one person will oversee both the NSA and its counterpart in the Pentagon—known as Cyber Command—whose mission is both offensive and defensive.
This is a small but important detail. At present, only a commissioned officer in the armed forces can be appointed to be the NSA director. The committee does not think that's a good idea and recommends that the position should be open to civilians. It even suggests that Obama should appoint a civilian as the next director when Gen. Keith Alexander retires next year.
Privacy is obviously the big sticking point here. The NSA basically violated the public trust and left every single American wondering if they were being spied on, and the review committee does not think this is a good thing. To prevent future violations, it wants to replace the Privacy and Civil Liberties Oversight Board (PCLOB) with "a newly chartered, strengthened, independent Civil Liberties and Privacy Protection Board (CLPP Board)." They would also like create a new position: Special Assistant to the President for Privacy. This person would also chair a new Chief Privacy Officer Council. So much privacy!
While the committee's list of recommendations is long and somehow complex, Recommendation Number 7 stands out for its utter simplicity. Essentially, it says no more secrets. It calls for legislation to be enacted requiring the government to divulge "detailed information about authorities" who handle these NSA requests. The recommendation reads, "With respect to authorities and programs whose existence is unclassified, there should be a strong presumption of transparency to enable the American people and their elected representatives independently to assess the merits of the programs for themselves." After all, this whole mess never would've happened if the NSA had been doing that all along. [White House, NYT, Washington Post]