Post Snowden, Obama privacy director backs NSA and GCHQ transparency
President Obama's former director of privacy has urged NSA and GCHQ to work together to become more transparent when carrying out surveillance.
Global phone firm Gemalto confirms likely GCHQ and NSA attacks
Timothy Edgar, President Obama's first director of privacy and civil liberties for the White House National Security Staff, admitted that both the NSA and GCHQ will have learned lessons on government surveillance, almost a year on from Edward Snowden's leaks.
Edgar was speaking at the Houses of Parliament on Wednesday, where he was joined by an elite panel of experts, consisting of MPs from the three main political parties and activists from Big Brother Watch and Privacy International.
The topic of conversation was ‘After Snowden: surveillance in a transparent world' and while the 30-year-old, now ostracized in Russia, received surprisingly little attention, the knock-on effect on government agencies was in full view.
Edgar opened by saying that the leaks, initially dispatched to The Guardian but latterly Glenn Greenwald's Intercept website and new autobiography, would have an effect on privacy and security for “decades to come”.
“We've been dragged kicking and screaming into transparency world,” he admitted.
But while he suggested that the leaks would make agencies, governments and companies more transparent, he stressed that detractors who pointed to the limited number of terrorists captured by wiretapping and capturing metadata and telephone, were missing the point.
Terrorism, he said, was just one reason to carry out intelligence collection.
“These are central problems to address. If you're not listening to the conversations of major al Qaeda leaders [you have] a real problem. People who think [surveillance] is just for counter terrorism miss broader picture.”
American surveillance: Potted history
In an attempt to illustrate his point, Edgar stepped back in time to run through a history of American surveillance.
He said that the fundamental basics of US surveillance are based loosely around the US constitution – the fourth amendment, in particular, and various statutes passed in the 1970s, principally the Foreign Intelligence Surveillance Act and the executive order 12333, which governs intelligence activities in US.
Human rights laws are not considered presently – “the US doesn't believe that the ICCPR [International Covenant on Civil and Political Rights] provides rights to people outside of its territory” - although Edgar said that there was room for improvement here.
To ascertain if surveillance would be legal in a court of law, he said that spy agencies had to determine whether it was for criminal or for foreign intelligence, where and how the collection took place (whether it was carried on a wire, computer server or over the air). What's more, they'd have to identify if they were after the metadata – the communications data – or the content itself, and detail whether the target was a US or non-US citizen, living inside or outside the country.
But the White House official says that surveillance has changed significantly over time. He noted earlier reforms in the 1970s after revelations of "widespread, unregulated"" domestic spying by the FBI, NSA and CIA in the height of the Cold War.
“There was not much debate before Watergate scandal,” said Edgar, who added that the US government subsequently spent many years on hearing figuring out how ‘Cold War-style intelligence' could fit under the American constitution.
One of the results from this was the Foreign Intelligence Surveillance Court (FISA), established and authorised under FISA Act 1978, to oversee requests for surveillance warrants against suspected foreign intelligence agents inside US by federal law enforcements.
No statute law existed for non-US citizens however. Edgar says that this is a “new” discussion – partly down to Snowden's leaks.
“This conversation on foreign rights is actually very new – we didn't have that conversation back in the 1970s.”
And while this arrangement worked pretty well from the late 1970s, he says that things began to change post 9/11.
Edgar – a visiting fellow at the Institute and adjunct professor of law at the Georgetown University Law Center – noted the “major shift in communication technology” from satellites to the era of the intranet, where internet and telephone data travelled on wires.
But there were quirks with that too as agencies needed FISA warrant to investigate even those overseas, and internally White House officials decided that the president could ignore the ruling of FISA court judge.
More recently, under the second Bush administration, the government introduced the Terrorist Surveillance Program, an electronic surveillance program under President's Surveillance Program, signed off on the FISA Amendments Acts of 2008 (section 702)– which allowed agencies greater agility in tracking foreign persons.
President Obama, then a senator, voted in favour at the time and apparently received a lot of negative feedback from his own supporters.
NSA, GCHQ can learn from each other
The panellists were keen to stress though that while the US has moved forward with surveillance transparency – with new legislation, Obama holding two reviews panels (Review Group on Intelligence and Communications Technology; Privacy and Civil Liberties Oversight Board) and the Presidential Policy Directive 28 - the UK has been left behind.
“President Obama has released quite a bit more than the Snowden disclosures. The DNI took the choice to be proactive and release the documents,” said Edgar, who described the UK as an important “bridge” owing to its relationship to the US, and being the only 'Five Eyes' country to be in the EU.
The US too has promised to limit future bulk collection to items on counter terror, WMD, espionage, cyber security threats, threats to the armed forces, and is – as previously reported here – promising to store telephone data at private entities and track and collect data on phone calls ‘two steps removed' from a phone number associated with a terrorist organisation, under Obama's reforms.
“I think we can learn from each other on oversight issues,” said Edgar, adding that the US could learn from EU on privacy and human rights laws, with the UK able to learn more on transparency.
David Davis, Member of Parliament for Haltemprice and Howden, agreed that the two countries could work in ‘parallel' but criticised the UK for falling behind.
Davis – a former shadow home secretary – was particularly scathing on “shoddy” surveillance procedures and said that surveillance procedures no longer operates effectively in the 21st century.
“This oversight was not designed what it's used for,” said Davis, noting that while oversight was once for bugs and burgling, not for 50 million data intercepts. Davis added that he expected to be spied on when criticising American during WMD inspections.
“I am the last person to dispute we need good intelligence against enemies, but what we have is shoddy and ineffective procedures."
Poor and dated legislation was also picked up by Julian Huppert MP, Member of Parliament for Cambridge, who said that there was widespread silence on the Telecommunications Act 1984, which do anything in interest of national security, especially if relation to another country. “If America asks it doesn't matter, it's important.”
“Nick Clegg only party leader spoke about reform," he said of the law. "There is an incredibly poor the amount of debate and getting colleagues interested really, really tough.”
“There is clearly role for Intel gathering, question is how get it right? Must try and have a sensible approach.”
Privacy International's executive director Gus Hosein went one step further, saying that it was laughable at how the UK branded those ‘silly Americans' even though the country was ahead in terms of transparency.
“[The UK] government has been absolutely silent, and William Hague's statement on ‘nothing to hide nothing to fear', was an embarrassment to William Hague.”
But the Obama administration was not sheltered by from criticism, especially resolving around Snowden's revelations that – with many EU citizens using services with data centres in the US – they too would be subject to US surveillance.
“Dealing non-US persons outside the states there is really not much in the way of protection,” said Edgar, who admitted that there were “very few rules” to protecting non-US citizens.
Hosein added: “The GCHQ does a lot of dirty work for the NSA.”
Snowden's influence not in doubt
In amongst all this legal wrangling and surveillance tweaking though, the panellists were in agreement that Edward Snowden did the right thing – even if Edgar admitted that US companies have found an ‘enormous downside' from his revelations and that the biggest revelations for citizens was the bulk telephone metadata program – despite USA Today reporting initially on this in 2006.
Newcastle MP Chi Onwurah said: “What I think in particular on the Snowden revelations, whether you agree with him on not, he gave us a belated opportunity to debate and understand UK political and demographic understanding and support for legal surveillance.”
This briefing came just hours after Privacy International filed a legal complaint about the GCHQ for what it says are extensive malware and hacking campaigns, and shortly before the International Association for Cryptologic Research criticised mass government surveillance at the Eurocrypt conference in Copenhagen, Denmark.
“The membership of the IACR repudiates mass surveillance and the undermining of cryptographic solutions and standards,” said the group in a statement.
“Population-wide surveillance threatens democracy and human dignity. We call for expediting research and deployment of effective techniques to protect personal privacy against governmental and corporate overreach.”