Obama’s Spy Reforms Will Hit Political Quicksand

When President Barack Obama announced on 17 January apparently sweeping changes to the ways in which the various intelligence agencies collect and store data, it sounded like a major concession to US citizens and businesses concerned about their privacy.

While there were a few important changes, it’s hard to see that they will have much practical effect. And, in fact, if the changes are followed, the most important change may be to reduce the nation’s ability to prevent terrorist attacks or respond to attacks after they happen.

Passing the buck to Congress

There are two reasons most people will see little relevant change. First, when the president said that the National Security Agency would no longer keep telephone metadata in its own data centre, he didn’t specify where it would go other than to pass that decision off to Congress.

Second, even if a destination for that data is determined soon, there’s a lot of data involved—more than you can put on a flash drive and copy on to another computer. The sheer act of moving the data and ensuring its security and integrity could take months.

Coupled with the process of moving the telephone metadata is the problem with accessing it if and when the intelligence agency needs access to it. In the case of a suspected terrorist plot against the United States, the NSA would need to perform a classic big data analysis of all of that information. This requires significant bandwidth to access that data, and processing it outside the NSA’s own data centre could be problematic.

There have been recent discussions about having the phone companies keep the data, or creating a new agency that would be responsible for storing and controlling access to the phone metadata that the NSA currently stores. Creating a new agency and investing the kind of money it would take to create the necessary data storage and data communications infrastructure is certainly possible, but it won’t be cheap, and it won’t be fast. Asking the phone companies to store the data is easy, but Ma Bell and its descendants aren’t going to do it for free either.

.. and in an election year, too!

But regardless of what entity stores the data, it’s up to Congress to make it happen. In case you haven’t noticed, getting action out of Congress is problematic at any time. Since this is all happening in an election year when all of the House and a third of the Senate are trying to keep their jobs means that little actual decision-making or spending of money will likely happen until sometime after Election Day November 2014, at the earliest.

Meanwhile, the data will stay in the NSA’s data centre, although the agency may be required to get a court order to use it if the data involves US citizens. A new group of privacy advocates is supposed to review any such request to ensure that privacy rights of US citizens are protected.

But the implementation of those privacy panels is opposed by the Foreign Intelligence Surveillance Court (FISC), which raises questions about how effective they may be. After all, the federal courts don’t work for the White House, and can safely ignore presidential directives if they so wish. Legislation to force the issue would need to come through Congress, but then you have the same issues with Congress that I mentioned above.

What will likely happen is that the NSA will return to the same procedures it used before the terrorist attacks of 11 September 2001 – which is to get a court order approved by FISC, and then look for the data. This didn’t work well in the past, but things have changed a lot in 13 years, and the NSA has gained significant expertise in handling big data. So if the agency needs the data, it can probably find it quickly when it needs to. The FISC can move quickly if asked and if the NSA perceives a real threat, it will certainly ask.

The other announcements by the president don’t really apply to the handling of information relevant to US nationals. The announcement that the rights of foreign citizens would be treated with respect means little. And the foreign heads of state who expressed outrage at spying were doing so strictly for public consumption.

It’s no secret that the United States spies on its allies, just as our allies spy on the United States. If you have questions about that, just look at the number of US citizens who have been arrested for spying on behalf of Israel. In short, the outrage was for the benefit of their constituents.

In addition, intelligence agencies will only be able to focus on connections in the metadata within two degrees of separation rather than three, which is the case now… except in an emergency or when information indicates further analysis is necessary.

But then there’s that other nagging question. Without access to the data it needs to track down enemies, can the intelligence community protect the United States? There’s considerable evidence that a number of attacks have been thwarted in the years since 9/11. What we don’t know is how many of those attacks were prevented by the big data analysis of phone metadata.

Still, the requirement for some oversight is always good. But it seems like the limits on surveillance are slightly off. We’re focusing on phone metadata, for example, but doing nothing about the far more invasive National Security Letters that the FBI seems to pass out without restriction. How are those compliant with the Fourth Amendment to the Constitution? Maybe a few more requirements for court orders, and advocacy representation by that privacy panel should address those letters.

Test your knowledge of Snowden and the NSA!

Originally published on eWeek.