Obama's proposed NSA 'reform' changes nothing

Obama's proposed NSA 'reform' changes nothing

Summary: Obama's speech announcing a 'reform' of NSA surveillance changes little. It even opens the way for more sophisticated NSA hacking operations than ever before.


That was a pretty fine speech by US President Barack Obama on Friday, chock full of historical allusions to gladden the heart of every American patriot, and plenty of reminders about liberty. It certainly gave the impression, at least superficially, that Something Is Being Done to address the widespread concerns about the comprehensive digital surveillance being conducted by the National Security Agency (NSA).

Read it. It's lovely.

Does it actually change anything? Not really. Not in the national security realm, anyway.

But if you're an organisation involved in the oh-so-2014 business of "big data", watch out, 'cos Obama's about to forge some "international norms" on your behaviour — though given that America is already the most business-friendly regime when it comes to exploiting individuals' personal data for profit, maybe that'll be nothing to worry about. After all, it's not like it's Germany or any other EU country wanting to have a quiet chat about "international norms" for privacy.

The Washington Post has already identified the five big takeaways from Obama's speech:

  1. US intelligence agencies will no longer hold Americans' phone call records.

  2. There will, nevertheless, be some system for those records to be accessible when required.

  3. The US will no longer monitor the communications of the heads of state or government of "close friends and allies".

  4. A new panel will be created to provide additional input into the secret court that oversees the Foreign Intelligence Surveillance Act (FISA), including privacy specialists and other non-government folks.

  5. There will be new rules to extend some of the privacy provisions applying to US citizens to foreigners, unless there's a "compelling national security purpose".

Working from bottom to top, obviously, it remains to be seen how the last two will work out in practice — particularly given how the meaning of "national security" has become so flexible in recent years — though I think it's rather sweet that Mr Obama publicly acknowledged that 96 percent of us humans are not Americans.

Number three is pretty much BS. Obama gives himself the same out: That foreign leaders are off limits "unless there is a compelling national security purpose" — and just a few sentences later, he makes this observation:

Now let me be clear. Our intelligence agencies will continue to gather information about the intentions of governments, as opposed to ordinary citizens, around the world in the same way that the intelligence services of every other nation does. We will not apologize simply because our services may be more effective.

So if Obama wants to understand the intentions of, say, the Australian government, Prime Minister Tony Abbott's phone might be off limits, but it's still fair game for the NSA to hack into the phones of his chief of staff Peta Credlin, his private secretary, the foreign minister, the defence minister, the attorney-general, the chief of the defence forces, his wife, his doctor, his priest — and anyone and everyone else with whom he might choose to discuss his deepest thoughts.

It's a distinction without a difference. The "intentions" of the Australian government will soon be discovered.

But it's those first two points that we should watch closely. If the NSA doesn't hold the database of telephone metadata — and I note en passant that nowhere in Obama's speech does he mention internet metadata, as if we're all somehow still back in 1992 — then who does?

If it's a new agency dedicated to the purpose, rather than the NSA, then again, it's a distinction without a difference.

If it's the telcos themselves, and, presumably, internet service providers (ISPs), then it raises all those issues about the security and privacy of those data stores that opponents of a mandatory data retention regime have raised all along.

Oh wait. That's right.

Mandatory data retention.

Scroll back...

Two and a half years ago, a quintet meeting of attorneys-general — the law-officer level meetings that mirror the Five Eyes signals intelligence alliance of the US, the UK, Australia, Canada, and New Zealand — agreed that they'd adopt the Council of Europe Convention on Cybercrime as the key international legal instrument for tackling online crime, promote that convention, and use it as the basis for building their own crime-fighting capabilities and raising awareness.

At the core of that convention is the establishment of a mandatory data retention regime by ISPs.

So really, all that President Obama has proposed as the solution to potential NSA overreach is the plan they've had all along.

Except for one thing.

If the bulk collection of communications metadata becomes part of a publicly acknowledged program that's in turn part of an international treaty, then it'll presumably become cheaper to run, because it won't be wrapped in all the secrecy that's involved in an NSA black program. Which in turn means that the NSA's hypergeekspooks can turn their attention to even more sophisticated black operations. Why hack Google or Microsoft or Apple when they're required to maintain a database for you?

I see two messages in all of this for business. One, you really be need to be taking security seriously, as I've written previously. Two, if you're in the business of providing secure big data storage, get your sales people out there now.

Topics: Security, Government US, Privacy


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So...

    Just more "All Your Base Are Belong To Us" eh?

    Well I suppose it is far too late to expect a law with simple and ironclad language making retention of any personal data and metadata longer than absolutely required to perform the contracted service (email, telephone call, etc.) a high crime and sharing it with ANY 3rd party (private or public) without explicit permission a capital crime.

    A few more years and those tinfoil hat people are going to start looking saner than the rest of us.
    • what's worse, the USA is the definition of "fascism" itself

      "NSA surveillance does little to prevent terrorism, says think-tank report": "there was only one case out of the 225 that was initiated by NSA evidence. The case involved a cab driver named Basaaly Moalin who was convicted of sending money to Somalian terrorist groups. While successful, the case did not involve any direct threat of attack"

      So the only conclusion is the USA wants to keep people and allies under control, nothing else.

      The USA = murders for fun in Afghanistan, New York Post: "President Bush inexplicably censored 28 full pages of the 800-page report. Text isn’t just blacked-out here and there in this critical-yet-missing middle section. The pages are completely blank, except for dotted lines where an estimated 7,200 words once stood (this story by comparison is about 1,000 words). A pair of lawmakers who recently read the redacted portion say they are “absolutely shocked” at the level of foreign state involvement in the attacks."
      Jiří Pavelec
  • The telephone will become the internet, so wiretapping will continue

    By the world 'telephone', I assume the government means the old "twisted copper pair", otherwise known as the Public Switched Telephone Network (PSTN).

    The PSTN comes from the days of Alexander Graham Bell.

    The twisted copper cable emerges from each house and runs down to the telephone exchange, where receptionists used to manually plug in the phone call, and later it was done with machines.

    But the PSTN will soon be gone. In many places in the world it already has disappeared. It gets replaced by, you guessed it, the internet. All phone calls will soon travel over the internet, instead of having their own dedicated cables.

    So, for Obama to say that he will stop gathering metadata on people's "phone calls", he means the old PSTN network only. They will continue to hack into people's phone information via the internet, and keep a record of everyone's calls. Especially now that Microsoft has bought Skype, and given the NSA a back door to it.

    When you start making calls over the internet, you really should find a provider that is not based in the United States, or any of the other "five eyed" countries (listed in the article). You need to find a secure provide who isn't going to give the NSA a back door to eavesdrop on every call you make.
    • Most new telephone lines

      are VOIP over here in Germany. If you order a new line, you get T-DSL + VOIP, you have to specifically ask for an analogue or ISDN line.
      • You'll be pleased to know that the NSA is already tapping your phone

        The NSA has been eavesdropping on German phone lines for years.

        First, it was done via the Echelon program. Now the NSA can tap straight into the internet voice streams.

        Ha! They even got your leader!