Obama’s NSA reforms: its not as good as it seems

So, last Friday (17-1-14) Obama unveiled his plans for reforms to the mass surveillance program that was brought to light by the former NSA contractor Edward Snowden. Here’s a break down of what these reforms will change and, more importantly, what it won’t change. (TL;DR at the end.)

Previously, analysts have been able to pull information from their phone records database whenever they want, so long as the phone they are looking into shows “reasonable, articulable suspicion.” Since this obviously gives the NSA too much power, any querying of the phone records database will have to be approved by the Foreign Intelligence Surveillance Court.

This FISA court was already, ineffectively, in place while the mass surveillance program was being carried out, so why should it be effective this time around?
Obama will ask congress to select a panel of “civil liberties, technology and privacy advocates” who will be given special security clearance and will represent consumers in the FISA court. But, this panel will only be asked for input when a new issue arises that has not been dealt with before. Though it should be noted that officials were not clear in saying whether this is the only input they will get or if they could throw their opinions in whenever they felt it necessary to do so.

Previously, if your phone was logged in the database and the NSA felt it necessary to query for your data (or just felt like doing it for shits and giggles) they would have access to: all of your phone data, all of your contacts phone data, all of their contacts phone data and all of their contacts data; this is known as the ‘three hop’ rule. Obama’s reforms will change this to two hops, reducing the chance of innocent people’s privacy being invaded. This is a significant reduction to the people the NSA can access per query and is much easier to understand when looked at like this. This reform will be effective immediately.

Let’s say everyone has 100 contacts on their phone:

A query of one phone number would mean x people’s phone records would be accessed

Before the reform:  x = 1,000,000 (1003)

After the reform: x = 10,000 (1002)

nsamerkel

One of the biggest changes we saw come from Friday, was where the phone records database will be stored. Obama’s advisors will have two months to find a way to move the database away from government control. Here are a few ideas from The Washington Post:

1) The data are held by the phone companies rather than being handed over; 2) the intelligence community relies on “existing programs and capabilities […] to map terrorist connections,” as a senior administration official put it Friday; or 3) some other idea.

The Washington Post goes on to say how the second idea might mean that the database is destroyed entirely, but personally I cannot see that happening.

Away from the phone record database, Obama also listed some other changes that will take place:

– USA will not spy on foreign leaders (I assume this will only apply to governments the Obama deems as friendlies)
– Protection that applies to American citizens abroad will now apply to foreign nationals also
– Companies will eventually be able to release information on government data requests.

So at this point you might be thinking, “sweet, Obama has really done something about this,” and I suppose you’re right. Provided these changes really happen and that FISA is properly implemented by its court, then this could be a really big step. However these things are not guaranteed yet as most of these proposals require an act of congress so they could potentially never happen; especially since they have been behind the NSA the whole way so far.

Not enough for you to see through this facade? Here’s a little.more. All of these reforms are specific to the phone records database carried out under Section 215 of the Patriot Act (that one the USA uses to get away with doing anything and everything they want including breaching their own constitution), nothing else. It doesn’t cover other programs under Section 215 such as the NSA’s counter-encryption program, where there have been reports that they have introduced backdoors into encryption methods for ease of access when they come across data that uses that specific method. Moreover, these reforms don’t even look at the programs under Section 702 of the FISA Amendments Act which is where you’ll find PRISM.

So PRISM, the program that pissed off the most people, and screwing up encryption standards will continue as usual.

TL;DR
In conclusion, your chances of being snooped on via your phone ONLY is much lower than it was…maybe.

Food for thought, if the NSA can get all of this data, and after seeing the catalog of tools available to them, what’s stopping them from cracking the database once it’s moved to a new location in the hands of a third-party?

For a more detailed look at what Obama’s reforms mean for us, head over to EFF where they have scored his reforms a 3.5/12

We’ve put together a scorecard showing how Obama’s announcements stack up against 12 common sense fixes that should be a minimum for reforming NSA surveillance. Each necessary reform was worth 1 point, and we were willing to award partial credit for steps in the right direction. On that scale, President Obama racked up 3.5 points out of a possible 12.

obamascorecard

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s