Spying reforms seek to balance privacy, security

SEATTLE – President Obama this morning left all the major stakeholders tracking the debate over government spying slightly dissatisfied.

Given the complexity of the issues, some observers credited Obama for doing a commendable job of attempting to delicately balance privacy and national security.

“The public needs to understand that it’s a moving target given the rapid pace at which technology is developing,” says Stephen Cobb, senior researcher at antivirus vendor ESET. “The President likely failed to satisfy some people on different sides of the debate and that might be an indication he is taking the right steps, walking a fine line between competing ideals and incompatible practical concerns. The bottom line in terms of public concern is that the problem is out in the open and there is a willingness to make changes.”

Obama laid out a course that essentially leaves current intelligence processes largely intact while incrementally improving oversight, says Chris Riley, a senior policy engineer at Mozilla.

“We’d hoped for, and the Internet deserves, more,” Riley says. “Without a meaningful change of course, the Internet will continue on its path toward a world of balkanization and distrust, a grave departure from its origins of openness and opportunity.”

In a speech at the justice department in Washington D.C., the President announced new limitations to the government’s collection of telephone metadata, and banned U.S. eavesdropping of foreign leaders.

More: Obama attempts to balance privacy and national security.

However, the President acknowledged no wrong-doing by the National Security Agency, nor any changes in personnel.

“People who feel strongly about NSA overreach probably won’t be impressed,” observes Jeremy Rabkin, international law expert and professor at George Mason University School of Law. “Those who feel that NSA has been grossly negligent in protecting U.S. secrets will be even less reassured.”

Obama left unaddressed criticism of the National Security Agency’s Internet surveillance programs, including PRISM, XKeyscore and Tempora, exposed by whistleblower Edward Snowden.

“Surveillance efforts by the NSA do, at times, take advantage of vulnerabilities in computing hardware and software,” says Rob D’Ovidio, criminal justice professor at Drexel University. “The NSA needs to work with the hardware and software developers to inform them of such weakness so that patches can be developed and deployed to fix the identified problems.”

The President, instead, focused on the statutory authority to collect bulk data from telephone calls, which is set to expire in ten weeks. A majority of House Democrats voted to end this surveillance last August, as did a lot of Republicans.

“I’m doubtful the procedural tweaks and bureaucratic reshuffles announced by Obama today will generate a new consensus in Congress,” says Rabkin. “So expect a noisy debate. ”

In a nod to privacy advocates, Obama said the NSA will not hold bulk telephone metadata, and said the NSA will need a judicial review before accessing the telephone database. A presidential advisory panel on surveillance policy last month recommended sweeping limits on NSA spying. That included a call for control of bulk telephone data to be placed with a third party. However, Obama this morning did not discuss any details about how such third party storage might work.

Michael Sutton, a cybersecurity analyst from Zscaler, noted that few of the other recommendations from the presidential advisory panel were adopted. “Those that were, ended up being watered down,” Sutton says. “For example, rather than adding a permanent public advocate to the FISA court, he instead noted that ‘significant cases’ before the FISA court would also go to an independent panel for review.”

That still would appear to leave the door open to “loose restrictions, open to broad interpretation,” Sutton says. “Rather than addressing all of the concerns raised by the Presidential Committee, Obama chose to focus on the more controversial components of the program, such as the collection of telephone metadata and spying on foreign leaders.”

Julian Sanchez, analyst at The Cato Institute, a Libertarian think tank, noted that if the phone companies are to become the third parties overseeing bulk data they would, “in effect be an arm of government–as a custodian.”

If phone records do end up in control of the phone carriers, Nojeim believes that it is important “to resist any new legal mandate that would require longer or more extensive retention of private data than ordinary business purposes require.

Greg Nojeim, a program manager at the Center for Democracy & Technology, called the new rules for storage of bulk phone records “merely a shuffling of the chairs, not a real reform.”

Says Nojeim: “The only true solution to this issue is restoration of a system of particularized requests, as would be required by the USA Freedom Act.”

One reaction from abroad comes from Mikko Hypponen, cybersecurity researcher at network security firm, F-Secure, based in Helsinki, Finland. Hypponen is in the camp that believes the NSA needs to be reigned in.

Says Hypponen: “Countries spy, we get that. However, when one country goes way beyond traditional, targeted spying and starts to do global wholesale surveillance on the emails, web traffic and text messages of almost every citizen of every other country, it’s no longer ok. Just because the NSA has technical means to watch over the whole rest of the world doesn’t make it right.”

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone