Privacy Packs a One-Two Punch, Part Two (a grazing right cross): The Privacy Panel Recommendations | Raucous Caucus | Tom Cushing | |

Local Blogs

By Tom Cushing

Privacy Packs a One-Two Punch, Part Two (a grazing right cross): The Privacy Panel Recommendations

Uploaded: Dec 23, 2013

This is the second of two columns on significant events last week in the privacy realm: the Metadata decision was the first subject; this column reports on the recommendations of the privacy review panel appointed in August.

Late last summer, in the wake of early, embarrassing revelations from whistleblower Edward Snowden about the National Security Agency's roughshod practices, President Obama appointed a diverse panel to advise him on the future conduct of electronic intelligence gathering. The five members ranged across a spectrum of high-level government experience (former National Security Council member Richard Clarke, recent Acting CIA chief Michael Morell) and ideological perspectives (law profs Cass Sunstein and Geoffrey Stone, both of whom were one-time colleagues of the Prez at University of Chicago, and are long on civil liberties advocacy, along with business prof/privacy scholar Peter Swire).

Last Wednesday, the group delivered a 300-page report containing 46 recommendations, titled "Liberty and Security in a Changing World." The panel made a far-ranging review of numerous issues and made several sensible proposals for change. Other recommendations bear the stamp of group compromise in the same sense that a camel is said to be a horse, as designed by a committee. The President is expected to accept or reject each such reform proposal, sometime early in the new year.

The group announced that it was guided by four principles. They recognized their task was to rationalize the competition of interests between national security and personal privacy, and that the idea of 'balancing' those interests needs to proceed on the basis that some abuses (e.g., use of intel to punish political enemies) should simply never weigh onto the scales. Further, they properly viewed their mission as risk management ? dealing in probabilities rather than certainties. They denominated those risks to include not only homeland security, but also potential impacts on civil liberties, diplomatic relations and international commerce. Finally, they identified elements of both initial conception and ongoing scrutiny as being important in maintaining balance, minimizing risks, maximizing transparency and winning (back) the confidence of We, the people.

The Panel then categorized their Recommendations into headings of domestic and global surveillance of persons, priority setting, organizational safeguards as to both structure and processes, and global communications technology (the 'net). Sparing you, dear reader, the agony of an exhaustive review (Merry Christmas), here are some high and lowlights.

FIS Court Orders: they should be unified as to the (high) standard the government must meet to issue any of several kinds of orders for data collection, with their focus, scope and breadth "reasonably" limited.

Metadata: the present program should be dismantled and a higher standard of proof required for issuance of dragnet orders. Any future compilations of such data should be held in private hands ? either thos of the owners of it, or aggregated in a special repository. Orders to query the data should be significantly limited, metadata itself should be studied to better understand its significance and seek alternative, presumably less intrusive, forms of data to be collected for similar purposes.

These recommendations contain less than meets the eye, however, and employ "camel" language that only a pettifogging lawyer could love (and believe me, such a lawyer, IF s/he exists, would be ecstatic in such a loophole wonderland):

"? as a general rule, and without senior policy review, the government should not be permitted to collect and store all mass, undigested, non-public personal information about individuals to enable future queries and data-mining for foreign intelligence purposes." (whew!)

Suffice it to say that any contract written with that many modifiers and qualifications (a cursory count finds 16 of them in that passage, alone) would be unenforceably worthless; any such statute would be void for vagueness. Why not 'Just Say No' to Metadata?

Transparency: the recommendations seek to institutionalize transparency in terms of reports to the public, to narrow the scope of valid non-disclosures and broaden the interests represented before the secret FIS Court. It may seem oxymoronic to require a public advocate in a clandestine proceeding, but I do think that's progress. And to limit the well-established tendency of secret-holders to classify everything top-secret, the panel would require at least some reporting of a kind of metadata about any such secret information that cannot be disclosed.

Allies: the panel recommends that spying on our friends (countries with whom "we share values and interests") be well-thought-through in advance, which is apparently an upgrade to current processes. It also suggests that we consider mutuality accords with such nations.

Encryption: here the recommendation is that the US cease efforts to defeat encryption of software and instead seek to strengthen anti-hacking protections. This one troubles me, as it looks like unilateral disarmament ? and if it's not (remember 'renditions,' where we got our allies to do the torturing that we couldn't do?), then it's meaningless window dressing.

Structural changes: these proposals involve changes to the NSA to require Senate confirmation of its chief, and breaking-up of unified military and civilian spying into separate agencies. Further, the panel calls for a kind of CPO (Chief Privacy Officer) within the White House to better sensitize the Executive Branch, broadening the purview of an existing privacy board (one that I didn't know existed), and requiring the FIS Court appointments by made by the full Supreme Court, not just the Chief Justice.

Also under this general topic, the panel would like to see numerous changes to NSA management processes, the better to avoid the next Edward Snowden, or, if s/he exists, to channel the whistleblowing instinct into a perhaps more efficacious, and certainly less embarrassing destination for review and action.

All-in-all, I'd have to say that that the panel has made a start on reform and countermeasures against the inbred bureaucratic preference for secrecy in a critical arena for the freedoms we all enjoy. That said, it's also mostly reactive to current, privacy-damaging revelations ? are we really certain that they are all there is ? or must we wait for the next edition of The Guardian? The recommendations are also rife with the kind of weas-ly language that savvy bureaucrats would parse to neutralize their effect ? too many things of value to someone can be called "exceptions," simply because they are important to someone.

In the early post 9/11 era, Americans allowed the balance noted by the panel to swing far to the side of national security, and away from individual liberty. It will be a tough job to haul that pendulum back; a tougher job than these recommendations will do by themselves.