NSA Reforms: What Will Change and What Won’t

Patrick Semansky/AP

AA Font size + Print

Depending on who you ask, President Obama's changes to the National Security Agency pave the way toward serious reform or are merely attempts at window dressing. By Dustin Volz and Marina Koren

Depending on whom you ask, President Obama’s big-ticket changes to the way the government’s spy agencies use bulk telephone data, revealed during a Friday speech, pave the way toward serious reform or are merely attempts at window dressing.

Obama, who stepped into his presidency with a “healthy skepticism” toward federal surveillance programs, outlined measures he took to improve or change operations. But what he didn’t do “is stop these programs wholesale—not only because I felt that they made us more secure; but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.”

So what did change, and what didn’t? First, here’s what’s new:

Phone metadata will no longer be housed at the NSA. In the coming months, the government will no longer maintain ownership of hundreds of millions of phone records collected from virtually all Americans. This is likely the biggest blockbuster enumerated by Obama, and it could draw some ire from members of the intelligence community.

But it will be held somewhere else. The bulk collection of Americans’ phone records will continue, but instead it will be done by either private phone companies or some hypothetical, as-yet-undefined third-party entity. Although the path forward on this (will companies be hit with a data-retention mandate?) remains unclear, Obama wants a solution by the end of March.

More judicial approval required to search data. Beginning immediately, the U.S. spy agencies will need to obtain an order from the secret Foreign Intelligence Surveillance Court for any query it conducts.

A new independent “panel” to advocate for privacy in the FISA court. The outside panel’s creation relies on action from Congress, but this offers a chance to satiate critics furious that the court approving surveillance orders only hears the government’s side.

Fewer “hops” allowed when searching. Also effective immediately, the government will reduce from three to two the number of “hops,” or degrees of separation, away from a suspected target it can jump when analyzing communications data.

Restrictions on spying on our allies. Obama and senior administration officials said heads of states considered to be “close friends and allies” will be off-limits to surveillance. If that sounds vague, that’s because it is. Who qualifies as a close ally is not written in stone and can presumably change to meet perceived national security threats.

(Read more Defense One coverage on intelligence here)

How intelligence agencies like the FBI use National Security Letters will no longer be so secretive. ”I have therefore directed the attorney general to amend how we use National Security Letters so this secrecy will not be indefinite, and will terminate within a fixed time unless the government demonstrates a real need for further secrecy,” Obama said. These documents compel certain parties to disclose information to the FBI.

Despite the changes, privacy advocates were quick to say more needs to be done to protect Americans’ civil liberties. So, what’s not changing?

The FBI still won’t need to get a court order to issue subpoenas for information during investigations. A December report from a group of Obama-appointed advisers tasked with examining NSA surveillance recommended that National Security Letters, which the FBI uses to compel parties to disclose information, can be issued only after a judge finds that the government has reasonable grounds to believe that the information it seeks is relevant to an intelligence investigation. Of this, Obama said, “Here, I have concerns that we should not set a standard for terrorism investigations that is higher than those involved in investigating an ordinary crime.”

Neither will FISAAlthough Obama promised more oversight, the court retains much of its power to compel third parties to disclose private information to the government.

From a software perspective, how the NSA collects data won’t change. ”The U.S. government should examine the feasibility of creating software that would allow the National Security Agency and other intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection.” Obama made no mention of tweaks to the agency’s massive dragnet during his speech.

Leadership of NSA and Cyber Command isn’t changing. The administration already dismissed this idea from the review panel, but Obama made no mention of allowing the NSA’s leadership to change from military to civilian control. And the agency will not be separated from Cyber Command, the military’s central cyberwarfare hub, something the December report pushed. The report also recommended that the director’s position should be open to civilians and be subject to Senate approval.

The NSA is still going to bypass security encryptions on the Web. The review board said that the government should be “fully supporting and not undermining efforts to create encryption standards” and “making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption.” The intelligence agency, however, has no plans to stop cracking others’ encryption codes—it has plans to get better at it.

The president may have set out to end the NSA’s bulk collection program “as it currently exists,” but there’s no doubt that much still remains the same. Phone metadata will still be collected and searched. Ultimately, much of the NSA’s activity will continue to be shrouded in secrecy.

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.