Obama's NSA surveillance reforms get mixed reviews

New restrictions should not mark the end of surveillance reform, say experts

President Barack Obama's new restrictions on the government's mass collection of American's phone data should mark the start, not the end, of reform in U.S. spying, privacy advocates say.

[NSA revelations bolstering demands for congressional action]

In a Friday speech, Obama outlined a new surveillance-policy directive that would curtail some operations of the U.S. National Security Agency and bolster safeguards for the privacy of Americans and non-citizens.

While the changes were welcomed, privacy advocates said the president and Congress should go much further in protecting privacy.

"The president's speech on surveillance today proposed some welcome first steps toward appropriately limiting an expanding surveillance state," Julian Sanchez, research fellow at the CATO Institute, said in his blog.

The president said the NSA would no longer be able to decide on its own when to pull information from a phone records database. Instead, the agency would have to first get permission from the secret Foreign Intelligence Surveillance Court.

In addition, restrictions on tracing phone numbers connected to the original number under investigation was expected to limit the tally of people who could fall under NSA surveillance.

Longer term, Obama wants the database of phone records moved out of government control. He gave advisers 60 days to work with Congress in devising an alternative location.

Civil libertarians object to the existence of a phone records database, so Obama's directive did little to satisfy their concerns.

"Storage of bulk records by companies or a third party would be merely a shuffling of the chairs, not a real reform," Greg Nojeim, director of the Center for Democracy & Technology's Project on Freedom, Security and Surveillance, said in a statement.

TechFreedom, a nonprofit think tank on public policy related to technology, called moving of phone data a "fig leaf that conceals the real issue: the legal standard of access."

The organization favors raising the legal hurdle the NSA must clear in order to get access to phone records. Currently, it only has to establish "reasonable suspicion that a particular number is linked to a terrorist organization."

The American Civil Liberties Union praised the additional scrutiny by the FISA court and Obama's creation of a panel of civil liberties, technology and privacy advocates. The panel will be given security clearances and will represent Americans before the FISA court. Currently, the NSA faces no opposition when seeking permission to gather information on U.S. citizens.

Sanchez of the CATO Institute was disappointed that the president did not address the NSA's reported efforts to undermine encryption standards. He also noted that the president chose not to curtail other mass data-collection programs, such as the gathering of data on international money transfers from companies such as Western Union. Such a program is run by the Central Intelligence Agency.

Nevertheless, the president has set a foundation for building more privacy safeguards, he said.

[Lessons for CSOs in Snowden exploit of NSA networks]

"Most fundamentally, Congress must now act to cement these reforms in legislation -- and to extend them -- to ensure safeguards implemented by one president cannot be secretly undone by another," Sanchez said.

Obama's reforms followed months of revelations of NSA gathering of massive amounts of data from telecommunication and Internet companies. The global surveillance activity stemmed from documents released to select media by former NSA contractor Edward Snowden, who lives in Moscow under temporary asylum.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityU.S. National Security Agencygovernmentprivacy

More about National Security AgencyNSATechnologyWestern Union

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place