NSA's civil liberties impact to be measured by federal watchdog

A government watchdog group tasked with overseeing whether actions the President's executive office takes to combat terrorism don't throw civil liberties overboard in the process is taking aim at the National Security Agency's "PRISM" data-collection surveillance program.

The Privacy and Civil Liberties Oversight Board (PCLOB) is the federal agency within the executive branch that's expected to independently review anti-terrorism efforts to see if they comply with established law and to ensure "liberty concerns" are addressed. Some think a privacy group so close to the President would only be a "rubber-stamp" operation. But the PCLOB surprised more than a few when its recent 238-page report bluntly condemned the NSA surveillance program collecting bulk telephony call records as illegal, saying it should be shut down. Now the PCLOB is turning its attention to "PRISM," the purported NSA surveillance program that has come to light through leaks to the media from former NSA contractor Edward Snowden.

"Our responsibility is to provide advice to the President," said David Medine, chair of PCLOB., speaking on a panel at the recent RSA Conference in San Francisco. He said the group hopes to be able to issue its report on PRISM within the next few months. The group is obtaining information about PRISM from various agencies, including the NSA, and the private sector. Medine notes the PCLOB, whose five members have top-secret clearances, can gain access to surveillance court decisions, agency officials and can even see program demonstrations.

+More on Network World: Breaking down latest PRISM slides claiming U.S. bugged E.U. Offices' | Mark Zuckerberg and Marissa Mayer field questions about Prism | Senator pushes for an end to NSA phone records collection +

PRISM is a secret NSA program in which high-tech giants such as Microsoft, Google, Yahoo and Facebook, among others, must cooperate by providing data on end users to the NSA. PRISM has been described in various ways by journalists, mainly from The Guardian, New York Times and Washington Post, who were given top-secret documents from Snowden directly, though sometimes only PowerPoint slides.

"There's a lot of inaccurate reporting in the media" Medine remarked about what he's seen in the news about PRISM in comparison to what the PCLOB is learning. Though he didn't go into detail about how news reporting on PRISM may be off the mark, he suggested that news stories are sometimes simply reporting older information as current, for example.

In any event, the PCLOB hopes to issue its own findings on the NSA PRISM program fairly soon, though the PCLOB itself, composed of lawyers, is somewhat hobbled by the fact that only Medine is a full-time member and the four other board members, split between Democrat and Republican party representation, do this part-time while holding down regular jobs. This part-time aspect of running the board puts a strain on what can be done, some PCLOB members acknowledge, though some, such as James Dempsey, think it's a good model for oversight.

As regards, PRISM, "I hope in our report we can be more clear about how that works," Dempsey said during the panel discussion at RSA Conference.

Though the PCLOB was created through federal law in 2007, it only really got into working gear last May -- right before the Snowden leaks began -- when Medine was appointed as its chair after a Congressional review process. The group anticipates there will be many more privacy and civil liberties issues it will take up, not all of them related directly to NSA Internet surveillance.

Medine thinks the group  could one day take on the privacy and civil liberties implications of drones used by the government.

In addition, the question has come up whether the PCLOB could play the role as a "safe haven" for "whistleblowers" to share information about government programs they think violate civil liberties. Medine is open to this idea of the group being "the central place to go" for whistleblowers in this regard.

But in the meantime, PCLOB is there simply to advise the President on the privacy and civil liberties impact of counter-terrorism programs based on the board's own investigation and reports. And so far, President Obama has listened to the group's advice but not followed it, with the White House indicating it doesn't think the bulk-telephony records collection program is illegal, though it's willing to consider changes.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitynsaWide Area Networkindustry verticalsgovernment

More about FacebookGoogleIDGMicrosoftNational Security AgencyNSAPrismRSAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts