Feeds

US govt watchdog slams NSA snooping as illegal, useless against terrorism

But panel split on its findings, fears public will hate spies if another 9/11 happens

Top three mobile application threats

The Privacy and Civil Liberties Oversight Board, a federal panel set up to advise the US government on policy, has published report concluding that the bulk collection of data on US citizens by the NSA is illegal and ineffective at stopping terrorism.

"Based on the information provided to the board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation," the report [PDF] stated.

The 238-page study found that the NSA's policy of collecting vast amounts of metadata using Section 215 of the Patriot Act was illegal, and raised serious concerns with regard to breaking the First and Fourth Amendments – covering freedom of speech and unlawful search and seizure of evidence.

The dossier states that this particular bulk data collection program started in 2001 shortly after the September 11 attacks, and was cleared by the Bush administration in 2006 under the terms of the Patriot Act. The authors conclude Section 215 data collection was a "subversion" of the law and was used to "shoehorn a pre-existing surveillance program into the text of a statute," noting that it also violated the Electronic Communications Privacy Act.

As a result the board recommends the practice should be stopped immediately, a view not shared by President Obama based on his speech on the matter last Friday, and that any data stored by the NSA should be deleted after three years, not five.

Other recommendations in the board's report do dovetail very nicely with Obama's own plans, such as having public representation in the Foreign Intelligence Surveillance Court – the NSA's secret oversight court. The panel also backed the President's promise to reduce the scope of surveillance dragnets on targets: rather than snoop on up to three "hops" of the target's contacts, as is the case today, two hops should be monitored instead. As an example, if you're on the NSA watch list and you email your brother, who calls his girlfriend, who texts her mother – the mother is the third hop.

The report's authors were split on their views, however. Rachel Brand, who served as assistant attorney general for legal policy at the US Department of Justice (DoJ) between 2005 and 2007, said wrote in a dissenting opinion that the bulk data collections were legal and warned that if there was another major terrorist attack "the public will engage in recriminations against the intelligence community for failure to prevent it."

Co-author Elisebeth Collins Cook also disagreed with some of the report's conclusions on the legality of Section 215 data sweeps, saying that the terms of use should be modified, but that collection should continue. Collins Cook, who served as assistant attorney general for legal policy at the DoJ from 2008 to 2012, also questioned [PDF] the conclusions on the data slurping's effectiveness against terrorism.

The five-person Privacy and Civil Liberties Oversight Board was set up in 2006 on the recommendation of the 9/11 Commission Report to provide advice on the use of surveillance in anti-terrorism investigations. It has limited legal weight, but the conclusions have already drawn political comment.

Representative Mike Rogers (R-MI), who as chairman of the House Intelligence Committee is supposed to oversee the activities of the NSA, was sharply critical of the report's findings. In a statement to Fox News Rogers said the legality of the Section 215 interpretation had been confirmed multiple times in federal courts.

"I am disappointed that three members of the board decided to step well beyond their policy and oversight role and conducted a legal review of a program that has been thoroughly reviewed," he said.

Ex-NSA techie turned whistleblower Edward Snowden may have some views of his own to express when he holds a Q&A at 1200 PT, 2000 UTC, 1500 EST today. ®

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.