Security

Obama's big NSA privacy report explained in one delightful, short debate

Screen Shot 2014-07-02 at 1.45.18 PM

I just got a private front row seat to the best explanation of the Obama administration’s big 191-page privacy report on mass spying [PDF]. And, of course, I wanted to share it with our beloved readers.

In short, President Obama’s internal NSA review board reported that the government’s spying program is largely constitutional and appropriately restrained. While the group’s overwhelmingly positive view of the program outraged civil liberty advocates, I was lucky enough to have former NSA general counsel, Stewart Baker, and noted privacy journalist, Julia Angwin, explain why.

The basics

The Privacy and Civil Liberties Board issued a report on section 702 of the FISA Amendments Act, which grants intelligence agencies the broad authority to surveille the data communications of suspected foreign targets. Unlike the controversial phone meta-data collection program, 702 concerns itself with the collection of data (perhaps from undersea cables) that has Internet companies most spooked.

“Basic take away, the 702 program is doing pretty much what they expected it to do when there was a knock-down drag out fight about it 5 years ago and it was adopted”, explained Baker to me over lunch at the Atlantic Aspen Ideas Festival. “It’s mostly tailed and targeted towards particular people. But, says the civil liberties oversight board, there are some policy things that could be done to make it even more protective of privacy.”

Fortunately, Angwin was also at the table. “It’s true, as Stewart said, that these are cleaning around the edges of program that most people disagree with.” she said in response. “But there is a lot of incidental collection of US communications of people who are probably not suspected of any crime”.

While Angwin argued that there are very serious concerns with the 702 program, she agreed with Baker that report cleared the NSA of some of the worst freakout allegations. It was a “gold star” for the NSA, in Baker’s description.

So what’s there to worry about?

“It is not clear to me that Congress knew upstream part of it,” warns Angwin. “Upstream is where they set up a tap on a fiber or at an ISP [Internet Service Provider] and pull in communications from the backbone”.

Vacuuming up data inevitably leads to the incidental collection of (many) innocent Americans. Congress, she says, didn’t truly understand this part of the program.

Of course the NSA was going to pick up international cable lines

“It always seemed a little silly for people who are gathering intelligence that if you could find a cable that went straight from Europe to Japan you could tap it and take everything, but if it crossed the United States, you had lots of problems justifying it,” explains Baker.

International cables often pass through the US, so having the legal authority to tap them seemed logically similar to tapping them overseas; hence the reason for the 702 law.

“Actually, I agree with that,” said Angwin, “The NSA has had to have this weird stop order whenever things hit the US.”

But! we don’t know how many Americans are accidentally spied on

Angwin was careful to note, “I think they should have to quantify the incidental that they are collecting of innocent people and then what they do with the data later.”

Baker found this problematic, too “You do not want people searching for their girlfriends name to see who their girlfriend is talking to.” However, the data needs to available in ways that “makes it possible to search for on a very rapid and very flexible, fluid basis that you need to know tomorrow morning in order to act.”

The rub: quantifying the problem could be a problem

“The report didn’t answer, though, the question I’m just talking about, which is the incidental collection of US communications,” rebutted Angwin. “If its 10 people, fine; if it’s everyone in the United States, it’s not. We do kind of need to know that.”

Baker said that quantifying the number of innocent people could be problematic in itself. Much of the data has never been searched. “For the civil liberties groups to say ‘you know what we’d really like to see you do? We’d like to see you mine that database and find every single American in it and tell us how many there are.’ And, in the course, you have to find every American’s name,” he answered back.

“The privacy community with hang the National Security Agency from the nearest tree if they actually did what the privacy community actually seems to be asking for.”

Angwin remained skeptical that this technical hurdle absolves the NSA from auditing it’s own surveillance. In truth, the NSA has tried to quantify the number of people affected under 702: around 89,000 targets. But, a “target” could be a group of people, so the number of people spied on is likely many multiples of 89,000.

Either way, it seems that the worst fears have not been realized, at least for this one NSA program.