NSA whistleblower Edward Snowden has given a cautious welcome to a reported plan by Barack Obama’s administration to stop the agency collecting Americans’ phone records en masse.
The plan is yet to be formally announced and detailed, but reports in the last day or two point to a scenario where telecoms carriers will hold metadata on calls – descriptive data on who called whom and when, rather than the contents of calls – and the NSA will have to get a court order to search that archive for someone’s metadata.
“I am confident that it allows us to do what is necessary in order to deal the threat of a terrorist attack, but does so in a way that addresses people’s concerns,” Obama said at a news conference in The Hague in the Netherlands.
Who holds the key?
Obama said back in January that he was considering taking U.S. call metadata collection out of the NSA’s hands, and shifting the burden to the telcos was one of several options on the table at that point. The telcos already record metadata for their own purposes — right now the NSA is able to force them to hand it over in bulk, after which the agency has the technical ability to search through it with impunity.
The new system would be analogous to the European Union’s Data Retention Directive, which requires communications providers to hang onto metadata for up to 2 years, though it looks like the U.S. scheme won’t require retention beyond 18 months (the NSA hangs onto the data for up to 5 years). The EU directive, incidentally, was recently criticized by Europe’s top legal advisor for having insufficient privacy safeguards.
In a statement given through the American Civil Liberties Union (ACLU), Snowden said Obama had confirmed that “these mass surveillance programs, kept secret from the public and defended out of reflex rather than reason, are in fact unnecessary and should be ended”:
“This is a turning point, and it marks the beginning of a new effort to reclaim our rights from the NSA and restore the public’s seat at the table of government.”
Meanwhile there are two competing bills in Congress that also aim to reform NSA metadata collection. The older one, the “USA Freedom Act”, would end bulk collection under Section 215 of the post-9/11 Patriot Act and limit NSA data requests to ongoing terrorism investigations. A new “End Bulk Collection Act”, from the House intelligence committee, would do what it says but, according to critics, allow more widespread metadata requests than are necessary.
Snowden seems to back the Freedom Act, though in his statement he referred to its reforms as “incomplete”.
Resetting the net
Of course, all these reported and potential reforms would only stifle one aspect of the NSA mass surveillance efforts; they wouldn’t affect the surveillance of everyone outside the U.S., and they wouldn’t stop those programs from scooping up communications between Americans and people in certain other countries.
Nonetheless, the U.S. call records story has great significance, as it was the first to emerge from the Snowden leaks, even before the leaker made himself known.
A group called Fight For The Future is running a campaign called Reset The Net that aims to mark the first anniversary of that story, on June 5th, with a mass outbreak of cryptography. After all, there were always going to be two main avenues to fixing this mass surveillance mess: better policy, and encryption as far as the eye can see (as long as it allows a decent user experience).