The report of the president’s NSA review panel is out. It has a grand total of 46 recommendations. Here are the most interesting ones:
- Phone records should be stored privately, not by the government. If the NSA needs phone records, it should get a warrant for them. Like a subpoena, the warrant should be “reasonable in focus, scope, and breadth.”
- More broadly: “As a general rule and without senior policy review, the government should not be permitted to collect and store mass, undigested, non-public personal information about US persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes.”
- The FBI should no longer be allowed to issue National Security Letters on its own. NSLs should be issued only if a warrant is approved. Nondisclosure orders should be more restricted; should last no more than 180 days; and should not prevent the target of the NSL from challenging its legality in court.
- Generally speaking, companies that are ordered to produce information should be allowed to “disclose on a periodic basis general information about the number of such orders they have received, the number they have complied with, the general categories of information they have produced, and the number of users whose information they have produced in each category.”
- Surveillance of non-US persons “must be directed exclusively at protecting national security interests….[and] must not be directed at illicit or illegitimate ends, such as the theft of trade secrets or obtaining commercial gain for domestic industries.”
- If a US person is inadvertently surveilled, that information cannot be used as evidence in any court proceeding.
- The NSA should be headed by a civilian. Leadership of the NSA should be separated from leadership of the military’s Cyber Command.
- “Congress should create the position of Public Interest Advocate to represent the interests of privacy and civil liberties before the FISC.” In addition, more FISC decisions should be declassified.
- The government should commit itself to stop trying to undermine public encryption standards.
These are useful recommendations, especially 1, 2, 3, 6, and 8. Recommendation 7 is already a dead letter, since President Obama has said he plans to keep dual-hatted leadership for the NSA and Cyber Command.
How much of this will survive the president and Congress? I’d like to say I’m optimistic, but I’m not, really. These recommendations are useful but modest, and I suspect that Congress will whittle them down even more. Stay tuned.