US privacy board defends conclusion that foreign surveillance is legal

The NSA's foreign surveillance programs comply with US law and are effective in stopping terrorism, the board says

A U.S. National Security Agency surveillance program targeting foreign terrorism suspects does what Congress intended it to do, members of a government privacy oversight board said Wednesday, defending their report that finds the spying legal and effective.

The NSA's surveillance program, focused on collecting electronic communications related to foreign terrorism and other intelligence, works as described in the FISA Amendments Act, a law that was debated in public, the U.S. Privacy and Civil Liberties Oversight Board (PCLOB) said in its report, released late Tuesday.

The surveillance program's "inadvertent" collection of some U.S. communications means the agency must consider the Fourth Amendment to the U.S. Constitution, which protects the country's residents against unreasonable searches by the government, but the Fourth Amendment does not protect foreigners, PCLOB members noted.

Although some privacy advocates have criticized the report, the FISA Amendments Act, "as originally written," doesn't give the same privacy protections to foreigners as it does to U.S. residents, said PCLOB member Patricia Wald, a retired federal judge. "It's oriented toward getting foreign intelligence information."

The FISA surveillance program provides some privacy protections, added David Medine, the PCLOB's chairman. The law requires the NSA to target its surveillance at specific people or groups, with the agency focusing on 90,000 targets in 2013, he noted.

"While that's not an insignificant number, it's tiny, compared to the billions of people around the world," he said.

The PCLOB also plans to weigh in on President Barack Obama's proposal from January to add more privacy protections for foreigners into the NSA's surveillance programs, Medine said.

Board members also defended the foreign surveillance program as effective, in contrast to a separate NSA program collecting U.S. telephone records. The PCLOB, in a January report , said the telephone records program had "only limited value" and violated the Constitution.

But the foreign surveillance program has been a valuable piece of the U.S. government's counterterrorism efforts, said board member Elisebeth Collins Cook, a lawyer.

The program has helped government agents learn "about the membership, leadership structure, priorities, tactics and plans of international terrorist organizations," she said. The program has also "allowed the discovery and disruption of plots against the U.S. and foreign countries, she added.

The new report provides the most comprehensive examination of the NSA's foreign surveillance programs, board members said. It also dispels several misconceptions about the programs, one being that foreign surveillance, like the U.S. telephone records collection, indiscriminately collects electronic communications in bulk, Medine said.

While the NSA has said it collects millions of foreign emails, telephone calls and other electronic communications, the program is not a "bulk" collection program because it targets specific suspects, Medine said. Asked how he would describe the surveillance, if not "bulk" collection, Medine said, "It's a big program, but it's not a bulk program."

The PCLOB's report makes 10 recommendations for changes to the NSA's foreign surveillance programs. Among the recommendations: The NSA should specify the expected intelligence value of a target before collecting communications, and the FBI, which can query the NSA's database in U.S. criminal investigations, should better describe its data minimization practices related to the NSA's database.

The report cautioned that the incidental collection of communications of U.S. residents raises privacy concerns. The report's recommendations should help push the NSA surveillance programs "more comfortably into the sphere of reasonableness," Medine said.

Some privacy advocates slammed the report, saying it ignores concerns about a lack of judicial oversight for the NSA's foreign surveillance.

"As the board itself explains, that law has been used to authorize the NSA's wiretapping of the entire Internet backbone, so that the NSA can scan untold numbers of our emails and other online messages for information about tens of thousands of targets that the NSA chooses without individualized court approval," said Kevin Bankston, policy director of the New American Foundation's Open Technology Institute, by email.

The reforms proposed by the board "essentially boil down to suggesting that the government should do more and better paperwork and develop stricter internal protocols as a check against abuse," he added.

Just weeks after the U.S. House of Representatives voted to end the NSA's query of U.S. communications caught up in its foreign surveillance efforts, the board's endorsement of "warrantless rummaging through our communications," is disappointing, Bankston added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags telecommunicationU.S. National Security AgencyKevin BankstonNew American Foundation's Open Technology InstitutegovernmentinternetprivacyPatricia WaldU.S. Privacy and Civil Liberties Oversight BoardDavid MedineElisebeth Collins CooksecurityU.S. House of Representatives

More about FBIHouse of RepresentativesIDGNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place