This Friday the President will announce a series of reforms regarding NSA surveillance after extensive consultation from lawmakers, companies, the Privacy and Civil Liberties Oversight Board, civil society advocates, and his own Review Group. CDT will be judging the President’s recommendations based on their substance, rather than the quantity. Following is a list of the key reforms that CDT urges the President to embrace to restore balance to government surveillance:
End Bulk Collection of Calling Records
The most critical reform at issue is to end and clearly outlaw bulk collection of communications metadata. There is growing consensus – including from the President’s own Review Group – that the NSA should no longer be permitted to gather records of phone calls to, from and within the U.S. en masse using Section 215 of the PATRIOT Act. We hope the President will join this consensus and direct the NSA to end this program.
He should also endorse legislation intended to require individualized requests for records, as is proposed in the USA FREEDOM Act. Mandatory retention of call records by telecoms or a third party is not a solution. This bulk-collection-by-proxy fails to eliminate current problems, and raises a host of new issues such as increased risk of data breach, costs, and an endless stream of government agencies and civil litigants who would seek access to the retained calling records.
Limit the Scope of Surveillance on Section 702
Reasonable limitations should be placed on the scope of surveillance under Section 702 of FISA by better defining the purpose for which government may monitor communications. Currently, the government can compel U.S. tech and telecom companies to assist with surveillance targeting non-U.S. persons for the broad purpose of collecting information that merely relates to, “the conduct of the foreign affairs of the United States.” As we have previously noted, this permits surveillance of individuals who have nothing to with terrorism and who pose no risk to national security, and could lead to communications monitoring based on purely political activity. The President’s Review Group recommended that §702 surveillance “be directed exclusively at the national security of the United States or our allies.” The President should direct the NSA to limit the purpose of collection pursuant to §702 to seeking information that relates to terrorism, espionage, sabotage, hostile attacks, WMD proliferation, and national security.
Require Judicial Authorization of National Security Letters
Government agencies, including the FBI, can use NSLs to obtain personal data such as phone calling and Internet records and financial and credit information. Though they seek sensitive information, NSLs are issued without judicial authorization. DOJ’s own Inspector General found significant abuses of NSLs. We applauded the President’s Review Group for recommending that NSLs be issued only with the approval of a judge or magistrate, and urge the President to adopt this recommendation.
Close the Backdoor Search Loophole
Closing the backdoor search loophole would ensure that §702 surveillance, which must target people reasonably believed to be abroad, is not used to engage in surveillance of Americans absent court review. Current law requires the government to prove to a court that it has probable cause that a U.S. person who it wants to target is a terrorist, spy, or other agent of a foreign power prior to monitoring his or her communications. The NSA can circumvent this requirement by searching the vast trove of data the NSA collects under Section 702 for the communications of U.S. person inadvertently or incidentally acquired by targeting people abroad. Requiring court approval to search §702 databases for Americans’ communications solves this problem, and removes any perverse incentive to engage in over-collection. The President’s Review Group supports this reform.
Protect Internet Security and Encryption
The U.S. government should support rather than undermine Internet security. Last September we expressed serious concern about reports that NSA was attempting to significantly undercut online encryption. The President’s Review Group also viewed this issue as a priority, outlining numerous policies to support encryption in Recommendation 29. The President should protect Internet security by signaling his support for strong encryption, directing the NSA not to seek to weaken the security of software and hardware, moving the NSA’s information assurance (cybersecurity) work to another government agency, and directing the NSA to report security vulnerabilities so they can be patched rather than amassing them for lengthy periods so they can later be used to exploit communications.
Reform the Electronic Communications Privacy Act
In addition to the reforms to intelligence surveillance outlined above, the President should also endorse a key reform to surveillance conducted in criminal investigations: He should support updating the 1986 Electronic Communications Privacy Act to require warrants when law enforcement officers seek the content of an individual’s communications in a criminal investigation. If you send a letter through the mail, the government needs a warrant to access the contents; if you send it by email, it usually does not. This common sense reform has broad support from an array of tech and telecom companies and civil society groups that span the political spectrum and even the Department of Justice has endorsed the concept.
Support Transparency Regarding Surveillance Demands and Law
In order to restore public faith in government surveillance activities and ensure that future policy debates about them are fully informed, the President should support transparency. He should require intelligence agencies to report the number and nature of the intelligence surveillance demands they make on communications service providers to disclose their users’ data and the number of users those demands affect. He should also direct government agencies to permit the companies who receive those demands to report similar information. Finally, the President should also make surveillance law more transparent by requiring the Department of Justice to disclose decisions of the Foreign Intelligence Surveillance Court (FISC) that include a significant interpretation of law, with redactions or in summary form to protect classified information.
Create a Special Advocate to Participate in FISC Proceedings
The President has already signaled that he would support adding an advocate to FISC proceedings who would argue for privacy and civil liberties as the FISC addresses critical issues that arise in the government surveillance demands it reviews. The President’s Review Group also endorsed this idea. It would help ensure that the court is fully informed on relevant technological and legal issues, and serves as an effective oversight mechanism. However, the President has not yet addressed the scope of the advocate’s authority. This civil liberties advocate should be able to participate in proceedings he or she deems important, appeal decisions to the FISA Court of Review, seek the assistance of outside experts, and advocate for transparency with respect to FISC opinions and legal papers filed with it. We have previously expressed support for the creation of such a position.
Extend Meaningful Human Rights Protections
Prior to disclosure of the NSA’s surveillance activities, the United States had staked a claim as a world leader on Internet privacy and free expression rights and sought to establish global norms to support these rights. If the U.S. is continuing to pursue this agenda – and it should – the President must assure the world that the United States will itself protect the human right to privacy of people across the globe. The U.S. is a party to the International Covenant on Civil and Political Rights, which, in Article 17, protects against arbitrary interference with privacy. The U.S. has taken the position, in other contexts, that its ICCPR obligations apply only in the U.S. As we recently discussed, the President should promote human rights by changing this policy, and recognize that the U.S. has human rights obligations with respect to surveillance it conducts of people outside the U.S. – regardless of whether they are U.S. citizens. And, he should lay the groundwork for a worldwide discussion among governments, civil society groups, and communications service providers about the scope those rights with respect to surveillance. More limited actions, such as extending Privacy Act protections to non-U.S. persons, would provide little benefit in the context of classified intelligence surveillance, and fail to advance global cooperation to protect human rights in a meaningful way.