Report on NSA offers 46 recommendations to avoid another Snowden

Authored by major names including Richard A. Clarke, former national coordinator for security, infrastructure protection, and counter-terrorism for the United States; former CIA deputy director Michael J. Morell; and legal minds Geoffrey R. Stone, Cass R. Sunstein and Peter Swire, the 300-page report “Liberty and Security in a Changing World” contains forty-six recommendations on national security and personal privacy.

The report said that the current storage by the government of bulk meta-data creates potential risks to public trust, personal privacy, and civil liberty. While the authors recognised that Government may need access to such meta-data, it endorsed a broad principle that “the Government should not be permitted to collect and store mass, undigested, non-public personal information about US persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes”.

Among the recommendations, the section “personnel vetting and security clearances” in chapter eight, titled “Protecting What We Do Collect”, contained four recommendations on vetting. Among these, recommendation 37 recommended the US Government move towards a system where the vetting of personnel for security clearance are performed solely by US Government employees or by a non-profit, private sector corporation.

Recommendation 38 suggests that the vetting of personnel for access to classified information should be ongoing, rather than periodic. It recommends a standard of personnel continuous monitoring to be adopted, incorporating data from insider threat programs and from commercially available sources, to note changes in credit ratings or any arrests or court proceedings.

Also, recommendation 39 suggests that security clearances should be more highly differentiated, including the creation of “administrative access” clearances that allow for support and information technology personnel to have the access they need without granting them unnecessary access to substantive policy or intelligence material.

Recommendation 40 states that the US Government should institute a demonstration project in which personnel with security clearances would be given an access score, based upon the sensitivity of the information to which they have access and the number and sensitivity of special access programs and compartmented material clearances they have.

These four recommendations in particular are aimed at preventing another Edward Snowden incident, and to ensure that access to the meta-data is restricted. The report said that about five million people now have active security clearances granted by some arm of the US Government, of which almost 1.5 million have top secret clearance.

The five authors concluded by saying that “surveillance should never be undertaken to promote illegitimate goals, such as the theft of trade secrets or the suppression of freedom of speech or religion”. It has also called for institutional reforms to ensure that the NSA remains a foreign intelligence collection agency and that other institutions, both independent and inside the Executive Branch, work to protect privacy and civil liberty.

“Protection o
f what we collect is indispensable to safeguarding national security, privacy and public trust; the recommendations made here would significantly strengthen existing protections”, it said.

In response, the Electronic Frontier Foundation (EFF) said that the report left open the door for future mass surveillance and failed to address the constitutionality of the NSA’s mass spying. EFF Senior Staff Attorney Kurt Opsahl, said: “The President’s panel agreed with the growing consensus that mass electronic surveillance has no place in American society. The review board floats a number of interesting reform proposals, and we’re especially happy to see them condemn the NSA’s attacks on encryption and other security systems people rely upon, but we’re disappointed that the recommendations suggest a path to continue untargeted spying.

“Mass surveillance is still heinous, even if private company servers are holding the data instead of Government data centres.”

EFF Activist Trevor Timm said that it was concerned that the panel appears to allow the NSA to continue the mass collection of emails, chats and other electronic communications of Americans under the pretext that the NSA is ‘targeting’ foreigners overseas. “While we’re happy that the panel acknowledged that foreigners abroad need some additional privacy protections, mass surveillance isn’t acceptable for Americans or foreigners.”