Dec 19, 2013

Panel says curb NSA’s worst excesses in wake of Snowden

The panel appointed by Barack Obama to forestall criticism of the NSA's global surveillance has called for major change to intelligence collection and an end to some of the NSA's worst behaviours.

Bernard Keane — Politics editor

Bernard Keane

Politics editor

The break-up of the National Security Agency, an end to its collection of information on Americans' communications, a scaling-back of its surveillance on foreign citizens and leaders and an end to the agency's worst anti-encryption practices are some of the recommendations released by a review panel appointed by United States President Barack Obama to address revelations of systematic mass surveillance and lawbreaking by the NSA. The report by the panel, established by the Obama administration in an effort to forestall mounting fury at revelations of the NSA's surveillance by whistleblower Edward Snowden, was released early this morning. The panel was composed of long-serving counter-terrorism official Richard A. Clarke, former CIA deputy director Michael J. Morell, legal academic and American Civil Liberties Union adviser Geoffrey R. Stone, legal academic (and "nudge" theory advocate) Cass R. Sunstein and privacy expert Peter Swire. The report does not mention Snowden by name, although it recommends improving and making whistleblower processes more accessible. The panel urges an end to automatic NSA collection of all internet and telephone metadata in favour of a mandatory data retention regime, in which either ISPs and telcos, or other private organisations, should retain metadata, which would only be able to be accessed by the NSA on the order of the (hitherto toothless) Foreign Intelligence Surveillance Court on the basis that it is relevant to an authorised investigation into terrorism or intelligence matters. The panel also recommends far greater transparency about the NSA's and the FBI's hitherto secret use of their powers to collect information, including the indiscriminate use of gag orders to prevent companies from revealing they have been compelled to hand over data, sometimes even to their own lawyers. It also recommends a much higher bar for governments deciding to keep any surveillance programs secret from Americans. The panel also wants hurdles placed before any use of information collected on non-Americans that also relates to Americans. Significantly, the panel also wants an end to commercial espionage by the NSA. The NSA has repeatedly denied that it engages in commercial espionage to benefit US companies, but Snowden has revealed a number of instances where surveillance of non-Americans was clearly motivated by commercial considerations, including one instance where the NSA admitted in internal documents that its surveillance was "economic". Hence the panel's recommendation that surveillance of non-Americans outside the US "be directed exclusively at the national security of the United States or our allies" and "must not be directed at illicit or illegitimate ends, such as the theft of trade secrets or obtaining commercial gain for domestic industries". If applied in Australia, that would ban the sort of spying Alexander Downer ordered the Australian Secret Intelligence Service to undertake against the Timor-Leste cabinet in 2004 for the benefit of Woodside. The panel also recommended the banning of dissemination of information on foreign persons unless it was relevant to protecting national security -- almost certainly a reference to the NSA's plans to use metadata on the pornography-viewing habits of some of its Muslim targets to discredit or blackmail them. Also recommended is a new test for spying on foreign leaders, addressing whether there is evidence they are being duplicitous, whether it is actually necessary, and what the damage would be if it were revealed. The NSA should also be split up, the panel suggests in a recommendation that has already reported to have been rejected by Obama. A large component of the NSA doesn't engage in foreign intelligence gathering but in protecting the communications systems of the US Department of Defense, thereby creating, the panel believes, a conflict of interest between foreign intelligence goals -- which involve undermining encryption and systems protections -- and the objectives of the "Information Assurance Directorate", which protects US communications, so the latter should be removed from the NSA. The panel also wants security vetting processes brought back within government and tightened up -- this week the NSA admitted that it is unlikely to ever know exactly what documents Snowden took due to its poor internal systems.
"Now, over to the architect of this surveillance state, Barack Obama, to see whether he has the vision to implement the panel's recommendations."
The NSA's extensive work in undermining encryption and exploiting software bugs to access the world's internet communications systems also comes under fire from the report. The NSA has worked to deliberately undermine global encryption standards protecting internet traffic such as financial information, and has created a vast market in what are called zero-day exploits -- software flaws that have yet to be patched (this aspect of the NSA's operations was known long before Snowden's revelations). The undermining of encryption standards has the capacity to inflict major damage on industries reliant on encryption, such as the banking sector, quite apart from its impacts on privacy, because the NSA's actions make it easier not just for it to access encrypted traffic but for criminals to do so as well. Accordingly, the panel recommends blocking, rather than exploiting, zero days except in extreme circumstances, and that:
"the US Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage."
Worryingly, the review also suggests that "governments should not use surveillance to steal industry secrets to advantage their domestic industry; (2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise manipulate the financial systems", raising serious questions about whether the NSA has been engaged in stealing intellectual property and manipulating the world's financial systems. The report comes amid growing evidence that US companies have been significantly harmed by the foreign reaction to the NSA's behaviour. This week Boeing lost a $4 billion contract with Brazil due to that government's fury at being targeted by the NSA, while heavyweights from the biggest American IT companies used a presidential meeting about the Obama administration's healthcare debacle to demand "aggressive" reform of the NSA because of the economic impacts US firms were suffering from the loss of user trust. Also this week, a US (conservative) federal court judge ruled the NSA's "almost Orwellian" surveillance was likely to be unconstitutional. All in all, the panel recommendations do not amount to a major overhaul of surveillance, and they leave in place the apparatus that has turned the internet into a global surveillance tool. But they are a good start to introducing more transparency, reducing the NSA's freewheeling violations of basic liberties, curbing economic espionage and, particularly, ending the malign and deeply harmful practice of undermining encryption standards. The review thus rounds off a bad week for the critics of Snowden -- among them surveillance apologists and state-identified journalists in Australia like Greg Sheridan, Cameron Stewart and Christopher Joye -- who have insisted that Snowden is a US traitor who revealed nothing illegal and damaged US interests. Without Snowden's courageous decision to, in essence, ruin his life by whistleblowing on the numerous illegalities and global surveillance system established by the NSA, the UK's Government Communications Headquarters, our own Australian Signals Directorate, the Canadians (who spied on Brazil's mining sector) and the New Zealanders, this debate over surveillance and NSA reform would never have occurred. Snowden's actions have convinced even diehard national security advocates in US Congress of the need to rein in rogue intelligence agencies like the NSA. Now, over to the architect of this surveillance state, Barack Obama, to see whether he has the vision to implement the panel's recommendations. And it also raises the question of when other "Five Eyes" governments, including our own, will rein in our own agencies, which are similarly out of control.

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

14 thoughts on “Panel says curb NSA’s worst excesses in wake of Snowden

  1. The Pav

    Here is the justification, as if any was needed, for the ABC/Guardian’s actions

  2. Alex Whyte

    >The panel urges an end to automatic NSA collection of all internet and telephone metadata in favour of a mandatory data retention regime

    >NSA’s extensive work in undermining encryption and exploiting software bugs to access the world’s internet communications systems

    So the data will be collected and NSA and its successors will continue to access it.

  3. dcparker

    I agree that this supports Snowden’s and his journalist associates’ work; however I think it is hardly fair to describe Obama as the architect of this “Surveillance State; he has certainly inherited an thus far, has not curbed, it; the architect was Bush Jnr. The combination of this report, the judgment by the conservative judge you mentioned and the pressure from business will hopefully give him the cover he needs to make the major changes recommended

  4. The Pedanticist

    I would probably even go so far as to say the architect of the (US) surveillance state was J. Edgar Hoover.

  5. Mishpocheh

    Does anyone seriously believe that the Fox in charge of the henhouse, Obama, will ratify any of those recommendations?

    It will be more of the same dressed up in drag.

  6. Take A Letter Maria

    It goes way back before J Edgar Hoover. Even Lao Tzu in the classic Tao Te Ching warned about govt’s incessant intrusion into people’s lives. Lao Tzu was a high ranking official who decided the only way to beat them was to completely withdraw to the mountains and live a life of separateness. But then again, even Nimrod wrote the book on surveillance.

  7. Brendan Jones

    > The panel appointed by Barack Obama…
    __________________ ^ Well there’s your problem…

    Obama has set the dogs on Snowden, but Obama has violated the US Constitution itself. How much more serious can you get?

    On the campaign trail Obama referred to himself as a “a constitutional law professor” so he can’t claim ignorance. Yet there is no penalty for him violating it; After years of accumulated abuse it’ll eventually weave it’s way to the US Supreme Court who will say “So don’t do that then.” What sort of a deterrent is that?

    So what does happens when you give a left-leaning spokesmodel unfettered power and no accountability?

    SCOTUS J Brandeis on Absolute Power: “The objections to despotism and monopoly are fundamental in human nature. They rest upon the innate and ineradicable selfishness of man. They rest upon the fact that absolute power inevitably leads to abuse.”

    That aligns with ANU Peter Lamour’s finding that crime depends on the circumstances an individual finds themselves in, rather than their innate character.

    When the US founding fathers wrote the Constitution they wisely recognised the dangers of a despotic government, having just fought a war with one. The problem the US faces today is that despots ignore the law.

    PS. The US 4th Amendment against intrusive government recognised: “[the King of England] has erected a multitude of New Offices, and sent hither swarms of Officers to harrass our people.”

    … Reminded me of the Australian Public Service 😉

  8. Max Andrews

    The state does n’t really need surveillance. The state can just order a national census and kill every male child under the age of two. Just imagine the glee from the feminists.

  9. AR

    Perhaps the foam-flecked apoplectics at shout-back radio will now accuse Congress of being treasonous as they did here a few weeks back?

  10. Yclept

    As if there will be any real change or protection for whistleblowers. All we’ll see is window dressing as they work out better and more efficient ways to disappear the whistleblowers.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details