President Obama proposes limiting NSA access to phone calls

NSA backlash continues: UK firms move data out the US
NSA backlash continues: UK firms move data out the US

The proposal will have to pass muster with the US Congress, but the proposed Bill looks likely to pass without too many issues. 

As previously reported by SCMagazineUK.com, the `record everything and store for five years' approach by the NSA has caused a public furore worldwide as the scale of the operation started being revealed by whistleblower - and former NSA contractor - Edward Snowden in May of last year. 

Under the new proposals, US government agencies will have to get permission from the Foreign Intelligence Surveillance Court to review data about the time and duration of phone calls that it believes may be connected to terrorism attacks. 

Although the White House has not linked the proposal with Obama's meeting with most of the G8 group in the Hague on Monday, the two events are likely to be related, especially given German Chancellor Merkel's outspoken views on the practices in the US and the UK back in January. 

The Electronic Frontier Foundation (EFF) has welcomed the proposal, but cautions that they still require significantly more judicial review, owing to the need to review all the search requests. 

According to a comment posting from the civil liberties organisation, the EFF has requested that the US Government will stop misusing section 215 of the Patriot Act and section 702 of the FISA Amendments Act and Executive Order 12333 - "and whatever else it is secretly relying on to stop mass spying." 

Professor John Walker – with Nottingham-Trent University's School of Science and Technology – said that Obama's proposals should be viewed against the backdrop of that, since 9/11, things have changed for the US and world at large. 

“The US now has a lot of laws designed specifically to support its investigation into potential terror attacks. The post 9/11 laws in the US fundamentally change people's previous rights for their activities to remain private,” he explained.

As a result of this, Walker – who is also Director of CSIRT & Cyber Forensics at Integral Xssurance – says that the post-9/11 approach of the US security agencies is all about the security of the nation, with most other issues becoming secondary. 

According to digital forensics specialist Professor Peter Sommer of De Montfort University, however, the position in the UK - and also much of Europe - is that communications data is retained by the telephone companies and ISPs for a given period. 

In the UK, he says, this period is usually 12 months and guards against possibility of receiving a legal order to produce specific information. 

"Here in the UK and for the purposes of criminal investigation this is a senior law enforcement officer who must justify on a case-by-case basis applying necessity and proportionality tests. This separation of powers does not currently exist in the US, hence the need for revision in order to rebuild trust in the NSA," he explained. 

Sommer went on to say that the UK position is a little more complicated. 

"Firstly, many people believe that - other than for the most basic inquiries - orders to produce should come from the courts, not law enforcement officers. Secondly, it looks as though the security and intelligence agencies obtain access on a much less controlled and supervised basis,  using section 94 of the Telecommunications Act 1984 as opposed to the Regulation of Investigatory Powers Act 2000," he said. 

"There is also a further problem, not addressed in the Obama proposals - and applying in the UK and Europe as well - that is the task of separating metadata (or communications data) from content is a non-trivial exercise when dealing with Internet traffic such as webmail and social media sites," he added. 

The problem, says the professor, is that content can easily be accidentally acquired on an order or warrant limited to communications data. 

"Obama's US proposals, of course, are limited to protecting US citizens, not anyone else," he said, adding that all of these things - and more - are supposed to be under review in the UK by the Intelligence and Security Committee, but progress seems incredibly slow. 

The Committee's call for submissions, he said, closed at the beginning of February and so far they have not had a single public session.