Stakeholders Press Surveillance Review Group on Transparency, Expertise

The group asked parties to weigh in on “how in light of advancements in communications technologies, the United States can employ its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure,” said a Sept. 4 official Tumblr post (http://bit.ly/1hwZ9gg). Comments would become part of the official record, the group said, though it didn’t say whether it would post comments. Comments were due Friday, but a weekend report from Politico (http://politi.co/GJlz2I) indicated the group’s efforts stalled due to the shutdown and furloughs of review group staff. The Office of the Director of National Intelligence, which oversees the group, didn’t comment. But several stakeholders began disclosing their submissions over the last several days.

"Special attention should be paid to Section 215 of the Patriot Act as well as Section 702 of the 2008 [Foreign Intelligence Surveillance Act] Amendments Act,” said Sascha Meinrath, director of the New America Foundation’s Open Technology Institute (OTI), citing the statutes that authorize bulk collection of phone and Internet records (http://bit.ly/1bCRTSE). He questioned the nature of the group itself, “limited in technical expertise” and with an unclear relationship to the Privacy and Civil Liberties Oversight Board. The OTI comments seek more transparency overall, with a second commenting period after the review group submits initial recommendations. Don’t hold separate conversations with industry and with civil liberties advocates, he said, referring to the meetings the group has held. “The review group should allow independent experts to provide technical expertise, and it should examine all of the different components of the U.S. government’s surveillance system,” Meinrath said, including “what each element of the surveillance system collects, how this collected data is used, and what solutions can truly protect the privacy of individuals -- U.S. and non-U.S. Citizens -- from overly expansive surveillance.” The group must “detail measures to promote transparency,” including from other stakeholders, and push to allow tech and communications companies to disclose the government requests for their data, he said.

The review group should recommend the government end bulk collection of phone metadata and forbid prospective surveillance under Section 215, the Center for Democracy & Technology (CDT) said in its comments (http://bit.ly/1e4jHNe). “Section 215 should be amended to require a finding of specific and articulable facts giving reasonable grounds to believe each piece of information sought pertains to an agent of a foreign power or a person in contact with an agent of a foreign power,” it said. The center recommended several changes to Section 702, urging the government to raise the standards for targeting and requiring a court order before searching U.S. citizens’ communication. “Surveillance violates the human rights and is inconsistent with U.S. privacy obligations under Article 17 of the International Covenant on Civil and Political Rights,” it said, which has hurt “America’s global standing, and could have profound economic repercussions as users abroad shy away from American telecommunication and Internet services.” The review group should acknowledge the international privacy obligations, it said. Transparency updates should include a Foreign Intelligence Surveillance Court advocate, publication of FISC opinions and permission for companies to disclose government surveillance requests, according to the center’s comments.

Meinrath also joined 46 self-proclaimed technologists from the Electronic Frontier Foundation, CDT, Mozilla, the American Civil Liberties Union and several major universities in a separate joint filing. The 47 technologists urged the group to seek “deep technical expertise,” independent from the intelligence community (http://bit.ly/15RKHzo). “Technical understanding seems to be lacking in current oversight mechanisms, especially the FISA court,” they said. “The need for more rigorous technical oversight is evident from FISC documents that have been declassified.” Courts should be able to verify assertions from the intelligence community, they said. There should also be an adversarial process in the FISA court, as many legislative proposals have advocated, and the adversary should have “independent technical experts on staff with all the requisite security clearances to be wholly read into all of the technical details of the [National Security Agency] surveillance programs,” according to the technologists. They pushed for broader declassification and slammed the NSA’s efforts to exploit encryption. The technologists also said not only U.S. citizens should receive certain privacy protections.

The technologists include several questions, such as what the NSA phone records collected under Section 215 “actually contain, field by field.” “To what extent is bulk collection or production of cellsite location (and, more granularly, cell sector location) or even more fine-grained geolocation events (GPS, Assisted GPS, WiFi-enabled location services, etc.) occurring?” Intelligence officials told the Senate Judiciary Committee last week that the NSA experimented with tracking location in 2010 and 2011 (WID Oct 3 p1).

The Internet Infrastructure Coalition pointed favorably to the proposed Surveillance Transparency Act under consideration in Congress now. “This legislation would require the government to annually report the number of FISC orders issued under sections 214 and 215 of the PATRIOT Act and section 702 of the FISA, as well as other information related to such queries,” the coalition said (http://bit.ly/1b4qVim), as well as “allow companies to voluntarily disclose the number of orders they have received and complied with, the general categories this information fell under and the number of users whose information was produced to comply.” The distrust from surveillance will cause people to turn away from U.S. cloud computing companies, the coalition said: “Outlawing warrantless surveillance of online communications will alleviate concerns many international entities have about storing data on U.S. servers.” The Information Technology Industry Council and the Software & Information Industry Association, representing more than 500 companies, also submitted comments warning of “severe global economic impact” of the surveillance revelations and urging several transparency and oversight updates (WID Oct 4 p7).

The U.K.-based Open Rights Group also identified global trust problems. “We are extremely concerned by the apparent failure of US surveillance laws and practices to consider the privacy rights of non-US persons,” it told the group (http://bit.ly/1bRgX55). The growing distrust globally threatens the Internet and “the risk of balkanisation of the infrastructure and the governance of it,” it said. The Open Rights Group supports “targeted, proportionate, transparent and accountable surveillance laws,” it said, expressing alarm over the broad collection and retention of data under current laws.

In a Monday blog post (http://bit.ly/GJhUlI), the Electronic Frontier Foundation, citing recent polls, argued that Americans think surveillance violates their privacy and should be stopped. The objections are bipartisan, it said. The population “seem[s] to be waking up from its surveillance state slumber as the leaks around the illegal and unconstitutional NSA spying continue,” according to EFF.