Obama’s NSA Proposals Fall Far Short of Real Change

Carolyn Kaster/AP

AA Font size + Print

The White House's tepid plan aims to calm the public, not curtail the government's surveillance programs. By James Oliphant

The White House promised Friday that it was ending the NSA’s most controversial surveillance program “as it currently exists.” But make no mistake, it’s still going to exist.

In fact, what President Obama has announced will have little operational effect on the National Security Agency’s collection of Americans’ data. And, significantly, the administration has attempted to dodge some of the biggest decisions, passing the ball to Congress, which will likely do nothing if recent trends hold.

Much of the attention in the run-up to the speech involved the NSA’s retention and search of so-called metadata—calling records, including calls made by U.S. citizens, that help the government identify potential terrorist relationships. And the president didn’t come close to what privacy advocates have wanted—a sharp culling of the program or its outright termination.

Instead, the goal of Friday’s announcement —as it has always been—was to reassure a skittish public both here and abroad that the program is being used responsibly. “This is a capability that needs to be preserved,” a senior administration official said.

After Friday, keep in mind how the status quo has, or has not, been altered:

  1. The phone metadata still exists.
  2. It will be kept, at least in the short-term, by the government until Congress figures out what to do with it. (And don’t think the telecom lobby won’t play a role in that.)
  3. It will be searched.
  4. Searches will be approved by a court with a record of being friendly to the government, one without a new privacy advocate.
  5. National security letters can still be issued by the FBI without a court order.
  6. Much of this activity will remain secret.

The president made two major policy prescriptions. First, he called for the data to be housed somewhere other than within the government. Second, he said before the NSA can search the calling-record database, it should obtain judicial approval.

(Read more Defense One coverage on the Intelligence Community here)

To the first, the president would not specify where the data will be ultimately stored. He wants the Justice Department and the intelligence community to come up with a proposal within 60 days. The administration is reluctant to force telecom providers to house the data, both because of logistical problems and because the industry wants nothing to do with it. Some have suggested creating a private consortium, but that will take time. And if it proves that there is no better place to keep the data, it well could remain with the U.S. government. (Sounds a little like GITMO.)

To the second of Obama’s measures, judicial oversight will come in the form of the Foreign Intelligence Surveillance Court, which critics say acts as a rubber stamp for government surveillance requests, rather than by more independent-minded federal judges on other courts. The Wall Street Journal last year estimated the Court rejects less than 1 percent of all requests; the chief judge has maintained that it sends back up to 25 percent. Either way, the overwhelming majority of requests are granted unimpeded, particularly when the requests are time-sensitive.

Tellingly, the president rejected a recommendation from an outside panel to establish a “public advocate” inside the Court to represent privacy interests. Instead, he wants an outside group of experts to consult on cutting-edge legal matters, not on day-to-day surveillance requests.

Yes, the FISA review adds an extra step to the process (one that may frustrate counterterror hawks), but it likely will do little to restrain the NSA. (The president is taking one concrete step, limiting searches to two “hops” away from a subject’s phone number, not three.)

The president also rejected a recommendation that the so-called national security letters used by the FBI to obtain business records from investigation targets be subject to judicial approval, after the bureau objected to the idea.

Most important, many of the recommendations the president made Friday are perishable. Ultimately Congress will have to determine the data-collection and storage issues and other major elements of the program, including the procedures of the FISA court, when it reauthorizes the NSA program this spring at the end of the 60-day window outlined by the president.

And it’s possible Congress could choose to keep it in its current form, officials concede.

Senior administration officials maintain that none of these surveillance programs have been abused—and that they remain a valuable tool in combating national security threats (despite little evidence the metadata program has played a direct role in foiling an attack). It’s why President Obama was quick to mention the 9/11 attacks in his remarks Friday. And it’s why, in his mind, reform could really only go so far.

As it turned it, it wasn’t very far at all.

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.