US privacy board finds no illegitimate activity in overseas surveillance program

The board warned of the privacy implications of the incidental collection of communications of U.S. persons

A U.S. government privacy oversight board has found that the National Security Agency and other agencies have not misused the provisions of the country's overseas surveillance program, but cautioned that certain aspects of the program, such as the incidental collection of communications of U.S. persons, raises privacy concerns.

The Privacy and Civil Liberties Oversight Board said late Tuesday in a pre-release version of its report that it has seen no trace of illegitimate activity around information collected by the government under Section 702 of the Foreign Intelligence Surveillance Act, or any attempt to intentionally circumvent legal limits.

But it said that the scope of the incidental collection of U.S. persons' communications and the use of queries to search the information collected under the program for the communications of specific U.S. persons pushed the program "close to the line of constitutional reasonableness."

"Such aspects include the unknown and potentially large scope of the incidental collection of U.S. persons' communications, the use of 'about' collection to acquire Internet communications that are neither to nor from the target of surveillance, and the use of queries to search for the communications of specific U.S. persons within the information that has been collected," the report said.

The PCLOB, however, fell short of the expectations of civil rights groups and some lawmakers who have recommended curbs on backdoor snooping on people in the U.S.

The U.S. House of Representatives last month approved a proposal to limit the surveillance programs of the NSA by requiring it to get a court-ordered warrant to search U.S records in its possession.( Under current rules, the NSA is not prohibited from querying U.S. communications inadvertently collected under the foreign surveillance program.

The PCLOB instead made ten recommendations aimed at arriving at a better balance between privacy, civil liberties and national security in the working of the Section 702 program. They include changes in the targeting procedure, the procedure for queries using U.S. person identifiers, and the role of the Foreign Intelligence Surveillance Court in the certification process.

Disclosures of U.S. overseas surveillance, including of spying on the German Chancellor Angela Merkel and Brazil's President Dilma Rousseff, have created controversy abroad. Some U.S. companies like Microsoft and Cisco Systems have said that the surveillance could lead to customers turning away from U.S. vendors of products and cloud services for fear of being spied on. The German government last week dropped Verizon Communications as a service provider over concerns about U.S. spying.

The PCLOB did not address the implications abroad of NSA surveillance, concluding that the core of the Section 702 program, consisting of acquiring the communications of specifically targeted foreign persons located outside the U.S., was reasonable under the Fourth Amendment to the U.S. Constitution. The board described foreign operations under Section 702 as having "proven valuable in the government's efforts to combat terrorism as well as in other areas of foreign intelligence."

Reviewing the government's programs for the bulk collection of phone records of U.S. persons, the PCLOB earlier this year said that the NSA lacked the legal authority for such collection, and recommended in a 3-2 vote that the government wind down the program. Former NSA contractor Edward Snowden disclosed in June last year details of the bulk collection of phone records from Verizon by the NSA.

"If the last PCLOB report was a bombshell, this one is a dud," wrote Kevin Bankston, policy director of the New America Foundation's Open Technology Institute, in a Twitter message.

The board will be voting on the current report on Wednesday.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags securityregulationU.S. National Security AgencylegislationgovernmentprivacyU.S. Privacy and Civil Liberties Oversight Board

More about CiscoCiscoHouse of RepresentativesIDGMicrosoftNational Security AgencyNSATechnologyVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts