This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/commentisfree/2014/jul/10/nsa-privacy-civil-liberties-oversight-board

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Take it from a civil liberties watchdog: not everything is bulk surveillance Take it from a civil liberties watchdog: not everything is bulk surveillance
(about 1 month later)
A A week ago, the US government body on which I sit, the Privacy and Civil Liberties Oversight Board (PCLOB), issued its latest report. President Obama appointed us, subject to Senate confirmation, but we are a completely independent body. As someone who has spent the past 19 years advocating for civil liberties, I accepted a part-time seat on the board, hoping to meld my outsider perspective with the insights afforded by access to classified details about the intelligence community's actions.
week ago, the US government body on In an earlier report, we had looked at the National Security Agency's collection of metadata on telephone calls to, from and within the US. That "bulk" program, a majority of the board including myself concluded, had not been not authorized by Congress, was not effective and should be ended. (The president agreed with that last point, but so far, the program continues, as Congress considers legislation to ban it and other bulk collection of data inside the US.)
which I sit, the Privacy and Civil Liberties Oversight Board (PCLOB), issued its latest report. President Obama appointed us, subject This time we were looking at a very different program, one that compels online service providers and other telecommunications companies in the US to disclose the contents of communications to and from individuals of interest to our government. Over many months, we heard from diverse voices, inside and out of the government senior intelligence officials and analysts, academics and privacy advocates, telecommunications company executives and technical experts.
to Senate confirmation, but we are a completely independent body. As someone who has spent the past 19 years In the end, the board found that the program, at its core, was authorized by Congress, under Section 702 of the Foreign Intelligence Surveillance Act (Fisa). And we found that the program is effective. Just days after our report, in a story castigating the surveillance as "voyeuristic", the Washington Post similarly concluded that the program has generated valuable information on terrorist plots, cyberattacks and weapons of mass destruction.
advocating for civil liberties, I accepted a part-time seat on the board, hoping Our report on the so-called "702 program" provides probably the most complete accounting of any national security surveillance program published by any country in the world. In my personal view, many details about the program could have been made public before Edward Snowden's leaks without hindering the intelligence agencies in doing their job. Indeed, they should have been. There are huge benefits, in terms of democratic legitimacy, to the public knowing what its government is doing.
to meld my outsider perspective with the insights afforded by access to We found that the 702 program does not scan internet communications for keywords. It targets specific individuals using specific identifiers such as email addresses and phone numbers. We saw a demonstration of the government's targeting process. We reviewed sample targeting decisions. We considered how data is filtered before it enters the government's coffers.
classified details about the intelligence community's actions. In sum, what we found is not a bulk collection program.
In That said, the program does collect a very large number of communications to and from a large number of individuals. Moreover, we found that the program, like any electronic surveillance activity, collects communications of some innocent individuals interacting with the government's targets and some of those individuals are within the United States. While our report was lawyerly, that same Washington Post story over the weekend put into sharp focus just how sensitive and even embarrassing some kinds of information about innocent people obtained through electronic surveillance can be, even when the target is properly suspected of involvement with terrorism.
an earlier report, we had looked at the National The Post story did not surprise us. Our board's review had focused on precisely this problem: the disturbing but inevitable collection of information about innocent people. The first step in limiting overbroad collection is to ensure that targeting decisions are narrowly focused, in an accountable fashion. We urged the government to adopt new rules requiring a more detailed justification of each targeting decision. And we urged the Fisa court to look at a sampling of actual targeting decisions.
Security Agency's collection of metadata on We also addressed the retention of irrelevant data. On their face, NSA procedures already require deletion of any communications involving Americans that are found to have no intelligence value. But the PCLOB concluded that, in practice, irrelevant information is rarely if ever purged before it is automatically flushed from the system after a period of years. Clearly this needs to be rectified. In my view, given the US's stated commitment to privacy as an international human right, data of citizens and non-citizens alike should be deleted as soon as it is recognized to be irrelevant.
telephone calls to, from and within the US. In our review, we spent a lot of time on the practice at the NSA, the CIA and the FBI of searching databases of 702 communications using the names of US citizens. Some call this practice a "backdoor wiretap", because it assembles some subset of the communications of persons who could not have been targeted in the first place. The PCLOB unanimously agreed that, whatever you call it, the practice should be limited. We were not unanimous on the solution.
That "bulk" Two board members proposed requiring court approval of database queries involving US citizens. Two others thought that supervisory approval was sufficient. I concluded that a more direct approach is to limit use of the data for citizens and non-citizens alike to national security purposes.
program, a majority of the board including Faced with a tip about a possible terrorist attack, the government should be able to discover quickly whether it has in its Fisa databases any information useful in preventing the attack even information about an American. However, the government should be strictly limited in using that information only to protect the national security. President Obama has already said that communications the US collects overseas in bulk will be used only for national security purposes. In my view, the same limits should be applied to data collected in the US under Section 702.
myself concluded, had not been not authorized by Congress, was not effective and should be ended. (The president agreed with that Overbroad collection, retention and use, the board unanimously found, can push an otherwise constitutional program outside the bounds of reasonableness. Our recommendations would keep the NSA's 702 program more firmly on the right side of the line. Now it is up to Congress and the administration to ensure that there are adequate limits on the powerful capabilities available to our government in this digital age.
last point, but so far, the program continues, as Congress considers legislation
to ban it and other bulk collection of data inside the US.)
This
time we were looking at a very different program, one that compels online service providers and other
telecommunications companies in the US to disclose the contents of communications
to and from individuals of interest to our government. Over many months, we heard from diverse
voices, inside and out of the government – senior intelligence officials and
analysts, academics and privacy advocates, telecommunications company executives
and technical experts.
In
the end, the board found that the
program, at its core, was authorized by Congress, under
Section 702 of the Foreign Intelligence Surveillance Act (Fisa). And we found
that the program is effective. Just days
after our report, in a story castigating the surveillance as "voyeuristic", the
Washington
Post similarly concluded that
the program has generated valuable information on terrorist plots,
cyberattacks and weapons of mass destruction.
Our
report on
the so-called "702 program" provides probably
the most complete accounting of any national security surveillance program
published by any country in the world. In
my personal view, many
details about the program could have been made public before Edward Snowden's
leaks without hindering the intelligence agencies in doing their job.
Indeed, they should have been. There are huge benefits, in terms of democratic
legitimacy, to the public knowing what its government is doing.
We
found that the 702 program does not scan internet
communications for keywords. It targets
specific individuals using specific identifiers such as email addresses and
phone numbers. We saw a demonstration of
the government's targeting process. We
reviewed sample targeting decisions. We considered how data is filtered
before it enters the government's coffers.
In sum, what we found is
not a bulk collection program.
That
said, the program does collect a very large number of
communications to and from a large number of individuals. Moreover, we found
that the program, like any electronic surveillance activity, collects
communications of some innocent individuals interacting with the government's targets – and some of those individuals are within
the United States. While our report was
lawyerly, that same Washington
Post story over the weekend put into sharp focus just how sensitive – and even embarrassing – some kinds of information about innocent people obtained
through electronic surveillance can be, even when the target is properly suspected of
involvement with terrorism.
The Post story did not
surprise us. Our board's review had focused
on precisely this problem: the disturbing but inevitable collection of
information about innocent people. The
first step in limiting overbroad collection is to ensure that targeting
decisions are narrowly focused, in an accountable fashion. We urged the government to adopt new rules
requiring a more detailed justification of each targeting decision. And we urged
the Fisa court to look at a sampling of actual
targeting decisions.
We also addressed the
retention of irrelevant data. On their face, NSA procedures already require deletion of any communications
involving Americans that are found to have no intelligence value. But the PCLOB concluded that,
in practice, irrelevant information is rarely – if ever – purged before it is automatically flushed from the
system after a period of years. Clearly
this needs to be rectified. In my view, given the US's stated commitment to
privacy as an international human right, data of citizens and non-citizens
alike should be deleted as soon as it is recognized to be irrelevant.
In
our review, we spent a lot of time on the practice – at the NSA, the CIA and the
FBI – of searching databases of 702 communications using the names of US
citizens. Some call this practice a "backdoor wiretap", because it assembles some subset of the communications of persons
who could not have been targeted in the first place. The PCLOB unanimously agreed that, whatever
you call it, the practice should be limited. We were not unanimous on the
solution.
Two
board members proposed requiring court approval
of database queries involving US citizens. Two others thought that supervisory
approval was sufficient. I concluded that a more direct
approach is to limit use of the data – for citizens and non-citizens alike – to
national security purposes.
Faced
with a tip about a possible terrorist attack, the government should be able to
discover quickly whether it has in its Fisa databases any information useful in
preventing the attack – even information about an American. However, the
government should be strictly limited in using that information only to protect
the national security. President Obama has
already said that communications the US collects overseas in bulk will be
used only for national security purposes. In my view, the same limits
should be applied to
data collected in the US under
Section 702.
Overbroad
collection, retention and use, the board unanimously found, can push an
otherwise constitutional program outside the bounds of reasonableness. Our recommendations would keep the NSA's 702
program more firmly on the right side of the line. Now it is up to Congress and
the administration to ensure that there are adequate limits on
the powerful capabilities available to our government in this digital
age.