Add technologists to surveillance tech review panel, IT groups say

Tech groups say an Obama review board of NSA surveillance lacks technical expertise

U.S. President Barack Obama should add actual technologists to a group reviewing the nation's surveillance technologies, IT-related groups have said.

The President's Review Group on Intelligence and Communications Technology, announced in August after revelations of large-scale data collection and surveillance programs at the U.S. National Security Agency, has five members, with four of them former government officials. But the board is "limited in technical expertise," said Sascha Meinrath, director of the Open Technology Institute at the New America Foundation, a Washington, D.C., think tank.

The board has an undefined scope, and it's unclear what exactly the group is reviewing, Meinrath wrote in comments about the review board, due Monday.

"Revelations regarding the breadth and scope of the NSA's surveillance have raised serious concerns among a variety of stakeholders within and outside the United States, including technology companies, civil liberties groups, and the millions of citizens who rely upon digital communications in their personal and professional lives," Meinrath wrote. "It is critical that the Administration rebuild trust in the United States as a benevolent steward of the Internet and reaffirm the nation's respect for international law and commitment to protecting civil liberties and human rights both at home and abroad."

Meinrath's comments follow similar criticisms of the board filed by a group of 47 high-profile technologists last Friday. The review group needs "competent technical advice to do its job properly," said the group in comments filed. "A technologist can situate advancements in modern technology, how they work, white is possible, how data moves through infrastructure, and how modern technology may implicate privacy and security."

Among the IT experts signing the letter were staff members at the Center for Democracy and Technology and the Electronic Frontier Foundation; Apache Web server developer Brian Behlendorf; Princeton University computer science Professor Ed Felton; Johns Hopkins University computer security Professor Matthew Green; Mozilla senior policy engineer Chris Riley; cryptographer Bruce Schneier; and PGP creator Phil Zimmerman.

Obama administration officials, including James Clapper, the U.S. director of national intelligence, have repeatedly defended the NSA's efforts, saying the surveillance programs are necessary to protect the U.S. from terrorism. The president's review board reports to Clapper.

"Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans," Clapper said in a statement last week.

The group of tech experts raised doubts about some NSA assertions to the U.S. Foreign Intelligence Surveillance Court about its technical inability to separate out individual email messages or other Internet communications from what the agency calls multi-communication transactions, messages sent together in bulk. The NSA has used this supposed inability to justify its bulk collection of Internet communications.

"As technologists, it strikes us as highly unlikely that no reasonable solution exists to overcome the technical hurdle in this example," the group of IT experts wrote. "It is deeply problematic that the court has no way to verify these types of assertions, and that the court is not provided an independent technologist or adviser outside of the intelligence community."

The letter from the 47 technologists also criticized the recently revealed NSA attempts to circumvent encryption technologies, saying the encryption exploitation program was "staggering news for technologists."

The NSA efforts "fundamentally undermine" Internet security, the group said. "The NSA assumes that it can exploit these weaknesses and gain exclusive access to the content of communications," the group wrote. "The reality is that backdoors and covert access mechanisms are fragile and often exploitable by organized criminals, hackers, and the military and intelligence services of other governments."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags New America FoundationtelecommunicationU.S. Foreign Intelligence Surveillance CourtJames ClapperBarack ObamainternetmozillaElectronic Frontier Foundationprivacybruce schneierPresident’s Review Group on Intelligence and Communications TechnologyBrian BehlendorfJohns Hopkins UniversitysecurityCenter for Democracy and TechnologygovernmentSascha MeinrathEd FeltonMatthew GreenChris RileyPhil ZimmermanU.S. National Security Agency

More about ApacheElectronic Frontier FoundationIDGMozillaNational Security AgencyNSAPGPTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts