The National Security Agency lost its authority to grab the phone records of millions of Americans following this week’s change in legislation enacted after 9/11. But there is no evidence that the data produced actionable intelligence during the 13 years the government had access to it anyway.
And besides, the NSA is still expanding its arsenal of Internet surveillance tools on American soil. The New York Times reported Wednesday that the Obama administration is allowing the NSA to tap Internet cables in U.S. territory to look for data about computer intrusions that are coming from overseas, and that the agency does not need a warrant to do so.
Earlier this week, the new USA Freedom Act stopped the NSA’s bulk collection of phone metadata—records of when calls were made and between what parties—and instead required phone companies to store the data for two years. Now, if the NSA or another agency wants access, it will have to petition a federal court known as the Foreign Intelligence Surveillance Court (often called the FISA court) in order to get it.
The changes came in a measure Congress passed on Tuesday and that President Obama signed Tuesday evening, a year after promising to reform the program (see “Obama Promises Reform of Bulk Phone Record Surveillance Program”). The extent of this NSA collection of domestic phone records was one of the more significant revelations from the leaks made by intelligence contractor Edward Snowden in 2013.
“It’s clear that the NSA will be slowed down to some extent,” says Vivek Krishnamurthy, an instructor in Harvard Law School’s cyberlaw clinic. “Instead of getting all of this data in bulk that their analysts can draw upon and cut up any way they want, they need to make particular requests for particular data when it is needed for a particular investigation.”
A report by the White House privacy and civil liberties oversight board, known as PCLOB, concluded that the value of the data collection—which started after the September 11 terrorist attacks—was mainly to add insight on the activities of terrorists already known to the government. Such insight could also be gained by using court orders to obtain the information. The bulk data collection did not lead to the discovery of a previously unknown terrorist or disruption of an attack, the report concluded.
Another set of battles over government access to data looms. These center on how companies encrypt e-mail and other data from their users and whether law enforcement can get access to encrypted information when lawfully authorized to do so.
Partly in response to the Snowden revelations, more of the major Internet and communications companies are deploying strong encryption. Companies like Google and Yahoo increasingly encrypt data as it moves through their services and are giving users more tools to do the same (see “A Simple Plan to Impede the NSA Is Taking Hold”) and (“How to Exchange Encrypted Messages on Any Website”). And Apple has created systems to automatically encrypt data on iPhones.
The government says this trend could hinder lawful investigations. The government now wants so-called “back doors” inserted to ensure that investigators can get access to data during a criminal investigation when law enforcement has a court order to see a particular person’s communications (see “White House and Department of Homeland Security Want a Way Around Encryption”).
But security experts have said any system designed to let in the U.S. government when authorized could also, in theory, become subverted by others. Today’s fresh revelation about NSA Internet cable tapping on U.S. soil is bound to intensify that debate.