This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2013/12/19/us/politics/report-on-nsa-surveillance-tactics.html

The article has changed 5 times. There is an RSS feed of changes available.

Version 0 Version 1
Obama Panel Recommends New Limits on N.S.A. Spying Obama Panel Recommends New Limits on N.S.A. Spying
(about 5 hours later)
WASHINGTON — A panel of presidential advisers who reviewed the National Security Agency’s surveillance practices urged President Obama on Wednesday to end the government’s systematic collection of logs of all Americans’ phone calls, and to keep those in private hands, “for queries and data mining” only by court order. WASHINGTON — A panel of outside advisers urged President Obama on Wednesday to impose major restrictions on the National Security Agency, arguing that in the past dozen years its powers had been enhanced at the expense of personal privacy.
In a more than 300-page report made public by the White House, the group of five intelligence and legal experts also strongly recommended that any operation to spy on foreign leaders would have to pass a rigorous test that weighs the potential economic or diplomatic costs if the operation becomes public. Specifically the panel of five intelligence and legal experts recommended that Mr. Obama restructure a program in which the N.S.A. systematically collects logs of all American phone calls so-called metadata and a small group of agency officials have the power to authorize the search of an individual’s telephone contacts. Instead, the panel said, the data should remain in the hands of telecommunications companies or a private consortium, and a court order should be necessary each time analysts want to access the information of any individual “for queries and data mining.”
The decision to monitor those communications, it said, should be made by the president and his advisers, not the intelligence agencies. It also recommends new limits on surveillance of ordinary non-Americans. It argues for applying to foreign targets of intelligence the protections accorded to Americans under the Privacy Act of 1974, meaning the government could release very little information about them. The experts briefed Mr. Obama on Wednesday on their 46 recommendations, and a senior administration official said Mr. Obama was “open to many” of the changes, though he has already rejected one that called for separate leaders for the N.S.A. and its Pentagon cousin, the United States Cyber Command.
The panel also declared that the N.S.A. should cease efforts to undermine work to create secure encryption standards to protect confidential communications and data stored on remote “cloud” servers, and make clear that “it will not in any way subvert, undermine, weaken or make vulnerable generally available commercial encryption.” If Mr. Obama adopts the majority of the recommendations, it would mark the first major restrictions on the unilateral powers that the N.S.A. has acquired since the terrorist attacks of September 11, 2001. They would require the agency to seek far more specific approvals from the courts, far more oversight from the Congress, and specific presidential approval for spying on national leaders, especially allies. The agency would also have to give up one of its most potent weapons in cyberconflicts: The ability to insert “back doors” in American hardware or software, or purchase previously unknown flaws in software that it can use to conduct cyberattacks.
It also said the United States should get out of the business of secretly collecting flaws in common computer programs and using them for mounting cyberattacks, because the technique undermines confidence in American products. That technique, using what are called “zero day” flaws that have never been discovered before, were critical to the cyberattacks that the United States and Israel launched on Iran in an effort to slow its nuclear program. “We have identified a series of reforms that are designed to safeguard the privacy and dignity of American citizens, and to promote public trust, while also allowing the intelligence community to do what must be done to respond to genuine threats,” says the report, which Mr. Obama commissioned in August in response to the mounting furor over revelations by Edward J. Snowden, a former N.S.A. contractor, of the agency’s surveillance practices.
Taken together, the recommendations would remove from the N.S.A.'s hands the authority to conduct many of its operations without review by the president, Congress or the courts. But by themselves, they would terminate few programs. It adds: “Free nations must protect themselves, and nations that protect themselves must remain free.”
The report was commissioned by Mr. Obama after the revelations made by Edward J. Snowden, the former N.S.A. contractor who cleaned the agency out of many of its secret documents. Taken together with a federal court decision this week that found some of the bulk collection of telephone data “almost Orwellian,” and objections from Silicon Valley, the report adds to pressure on Mr. Obama to rein in the N.S.A. for the first time since its authorities began a rapid expansion after the Sept. 11, 2001, attacks. White House officials said they expected significant resistance to some of the report’s conclusions from the N.S.A. and other intelligence agencies, which have argued that imposing rules that could slow the search for terror suspects could pave the way for another attack. But those intelligence leaders were not present in the Situation Room on Wednesday when Mr. Obama met the authors of the report.
“What we’re saying is just because we can doesn’t mean we should,” said Richard Clarke, one of the advisers. The report’s authors made clear that they were weighing the N.S.A.’s surveillance requirements against other priorities like constitutional protections for privacy and economic considerations for American businesses. The report came just three days after a Federal judge in Washington ruled that the bulk collection of telephone data by the government was “almost Orwellian” and a day after Silicon Valley executives complained to Mr. Obama that the N.S.A. programs were undermining American competitiveness in offering cloud services or selling American-made hardware, which is now viewed as tainted.
Forty-six recommendations were included in the report that was delivered to the White House over the weekend. The Obama administration released the document to the public after a private briefing by the five-member panel. The report was praised by privacy advocates in Congress and civil-liberties groups as a surprisingly aggressive call for reform.
It is not clear how many of the recommendations will ultimately become a reality. Some would require action by Mr. Obama alone, while others would require legislation from Congress. Senator Ron Wyden, the Oregon Democrat who has been an outspoken critic of N.S.A. surveillance, said that in key ways it echoed the arguments of the N.S.A.’s skeptics, noting that the report flatly declared that the phone-logging program had not been necessary in stopping terrorist attacks.
Mr. Obama has already rejected one of the recommendations the group made: splitting command of the N.S.A., which conducts surveillance, from the United States Cyber Command, the Pentagon’s cyberwarfare unit, to avoid concentrating too much power in the hands of a single individual. “This has been a big week for the cause of intelligence reform,” he said.
Among other recommendations, the group suggested reforming the Foreign Intelligence Surveillance Court which oversees national security surveillance inside the United States, and hears arguments only from the Justice Department by creating a “public interest advocate to represent the interests of privacy and civil liberties” before the court. Greg Nojeim of the Center for Democracy and Technology called the report “remarkably strong,” and singled out its call to sharply limit the F.B.I.’s power to obtain business records about someone using a so-called “national security letter,” a subpoena that does not involve court oversight.
Mr. Obama appointed the panel after an uproar over revelations of the N.S.A.'s vast spying on communications of Americans and foreigners following leaks by Mr. Snowden. Anthony Romero, the executive director of the American Civil Liberties Union, while praising the report’s recommendations, questioned “whether the president will have the courage to implement the changes” using executive orders and leading a legislative push.
Members of the advisory group said some of the recommendations were intended to provide greater public reassurances about privacy protections rather than to result in any wholesale dismantling the N.S.A.’s surveillance powers. Richard A. Clarke, a cyberexpert and former national security official under Presidents Clinton and George W. Bush, said the report would give “more reason for the skeptics in the public to believe their civil liberties are being protected.”
Other members included Michael J. Morell, a former deputy director of the C.I.A.; Cass Sunstein, a Harvard Law School professor who ran the office of Information and Regulatory Affairs in the Obama White House; Peter Swire, a privacy law specialist at of Georgia Institute of Technology; and Geoffrey R. Stone, a constitutional law specialist at the University of Chicago Law School, where Mr. Obama once taught.
Mr. Obama is expected to take the report to Hawaii on his vacation starting later this week and announce decisions when he returns in early January. Some of the report’s proposals could be ordered by Mr. Obama alone, while others would require legislation from Congress, including changes to how judges are appointed to the Foreign Intelligence Surveillance Court.
The court, which oversees national security surveillance inside the United States, has been criticized because it hears arguments only from the Justice Department without adversarial lawyers to raise opposing views, and because Chief Justice John G. Roberts Jr. has unilateral power to select its members. Echoing proposals already floated in congressional hearings and elsewhere, the advisory group backs the view that there should be a “public interest advocate to represent the interests of privacy and civil liberties” in classified arguments before the court. It also says that the power to select judges for the surveillance court should be distributed among all the Supreme Court justices.
In backing a restructuring of the N.S.A.’s program that is systematically collecting and storing logs of all American’s phone calls, the advisers went further than some of the agency’s backers in Congress, who would make only cosmetic changes to it, but stopped short of calling for the program to be shut down, as its critics have called for. The N.S.A. uses the telephone data to search for links between people in an effort to identify hidden associates of terrorism suspects, but the report says it “was not essential to preventing attacks.”
Currently, the government obtains orders from the surveillance court every 90 days that require all the phone companies to give their customers’ data to the N.S.A., which commingles the records from every company and stores it for five years. A small group of analysts may query the database — examining records of everyone who is linked by up to three degrees of separation from a suspect — if the analyst has “reasonable, articulable suspicion” that the original person being examined is linked to terrorism.
Under the new system proposed by the review group, such records would stay in private hands — either scattered among the phone companies, or pooled into some kind of private consortium. The N.S.A. would need to make the case to the surveillance court that it has met the standard of suspicion — and get a judge’s order — every time it wanted to perform such “link analysis.”
“In our view, the current storage by the government of bulk metadata creates potential risks to public trust, personal privacy, and civil liberty,” the report said, adding, “We endorse a broad principle for the future: as a general rule and without senior policy review, the government should not be permitted to collect and store mass, undigested, nonpublic personal information about U.S. persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes.”
The report recommended new privacy protections for disclosure of personal information about non-Americans among agencies or to the public. The change would extend to foreigners essentially the same protections that citizens have under the Privacy Act of 1974 — a way of assuring foreign countries that their own citizens, if targeted for surveillance, will enjoy at least some protections under American law.
It also said the United States should get out of the business of secretly buying or searching for flaws in common computer programs and using them for mounting cyberattacks. That technique, using what are called “zero-day” flaws, so named because they are used with zero days of warning that the flaw even exists, were critical to the cyberattacks that the United States and Israel launched on Iran in an effort to slow its nuclear program. The United States often pays handsomely for secret information about such flaws; the advisers said that the information should be turned over to software manufacturers to have the mistakes fixed, rather than exploited.
And when it came to spying on foreign leaders, the report urged that the issue be taken out the hands of the intelligence agencies, and put into the hands of policy makers who would need to evaluate risks to the diplomatic and economic relations with the targeted countries.

Jeremy W. Peters contributed reporting.