Feeds

US govt watchdog slams NSA snooping as illegal, useless against terrorism

But panel split on its findings, fears public will hate spies if another 9/11 happens

Next gen security for virtualised datacentres

The Privacy and Civil Liberties Oversight Board, a federal panel set up to advise the US government on policy, has published report concluding that the bulk collection of data on US citizens by the NSA is illegal and ineffective at stopping terrorism.

"Based on the information provided to the board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation," the report [PDF] stated.

The 238-page study found that the NSA's policy of collecting vast amounts of metadata using Section 215 of the Patriot Act was illegal, and raised serious concerns with regard to breaking the First and Fourth Amendments – covering freedom of speech and unlawful search and seizure of evidence.

The dossier states that this particular bulk data collection program started in 2001 shortly after the September 11 attacks, and was cleared by the Bush administration in 2006 under the terms of the Patriot Act. The authors conclude Section 215 data collection was a "subversion" of the law and was used to "shoehorn a pre-existing surveillance program into the text of a statute," noting that it also violated the Electronic Communications Privacy Act.

As a result the board recommends the practice should be stopped immediately, a view not shared by President Obama based on his speech on the matter last Friday, and that any data stored by the NSA should be deleted after three years, not five.

Other recommendations in the board's report do dovetail very nicely with Obama's own plans, such as having public representation in the Foreign Intelligence Surveillance Court – the NSA's secret oversight court. The panel also backed the President's promise to reduce the scope of surveillance dragnets on targets: rather than snoop on up to three "hops" of the target's contacts, as is the case today, two hops should be monitored instead. As an example, if you're on the NSA watch list and you email your brother, who calls his girlfriend, who texts her mother – the mother is the third hop.

The report's authors were split on their views, however. Rachel Brand, who served as assistant attorney general for legal policy at the US Department of Justice (DoJ) between 2005 and 2007, said wrote in a dissenting opinion that the bulk data collections were legal and warned that if there was another major terrorist attack "the public will engage in recriminations against the intelligence community for failure to prevent it."

Co-author Elisebeth Collins Cook also disagreed with some of the report's conclusions on the legality of Section 215 data sweeps, saying that the terms of use should be modified, but that collection should continue. Collins Cook, who served as assistant attorney general for legal policy at the DoJ from 2008 to 2012, also questioned [PDF] the conclusions on the data slurping's effectiveness against terrorism.

The five-person Privacy and Civil Liberties Oversight Board was set up in 2006 on the recommendation of the 9/11 Commission Report to provide advice on the use of surveillance in anti-terrorism investigations. It has limited legal weight, but the conclusions have already drawn political comment.

Representative Mike Rogers (R-MI), who as chairman of the House Intelligence Committee is supposed to oversee the activities of the NSA, was sharply critical of the report's findings. In a statement to Fox News Rogers said the legality of the Section 215 interpretation had been confirmed multiple times in federal courts.

"I am disappointed that three members of the board decided to step well beyond their policy and oversight role and conducted a legal review of a program that has been thoroughly reviewed," he said.

Ex-NSA techie turned whistleblower Edward Snowden may have some views of his own to express when he holds a Q&A at 1200 PT, 2000 UTC, 1500 EST today. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.