Reports On Surveillance Programs Vary In Engagement With Technology
In January both the Privacy and Civil Liberties Oversight Board (PCLOB) and the President’s Review Group on Intelligence and Communications Technologies (Review Group) issued their reports on intelligence surveillance programs. USACM submitted comments to both PCLOB and the Review Group. In its comments, USACM outlined technical issues and constraints that make effectively implementing these programs – while preserving security and privacy principles – a challenge.
USACM did not engage in a legal or constitutional analysis, but focused on providing technical advice related to the surveillance programs under review. USACM does not believe that a useful policy analysis of these programs can be done without a technical analysis. We encouraged the use of an independent systems-engineering analysis of the data collection and analysis programs related to these programs. Additionally, we recommended that surveillance programs follow generally accepted fair information practices for data minimization and consistently implement data access controls, coupled with regular audits. We noted that mandated intercept capabilities could introduce vulnerabilities into computing systems, and posed problems for national competitiveness and reputation abroad.
The PCLOB report offers 12 recommendations, 10 of which are unanimous. The two board members that dissented from two recommendations have each issued a statement explaining their respective positions. The PCLOB recommendations focused on increased transparency of the scope of the data collection program, as well as the judicial process in place to review it. To the extent that the recommendations spoke to technical matters, the PCLOB encouraged the Foreign Intelligence Surveillance Court to take steps that would make relevant technical expertise and knowledge more available.
The Review Group report offers 46 recommendations and is focused on managing the risks involved in the different national interests at play in a surveillance program. As such, our comments resonate more explicitly in the Review Group report compared to the PCLOB report. Many of the Review Group recommendations make a point of ensuring that technical knowledge and expertise are part of the various processes, legislation and other tasks outlined therein.
The President made a speech in response to the matter on January 17. The actions he outlined in that speech include establishing a State Department post connected to technology intelligence, and a government-wide review of ‘big data’ and privacy. Congress is also working on legislation related to surveillance programs, but it is too early to determine how influential either report will be on the bills that emerge. The Review Group has ended, but the PCLOB continues to review surveillance programs.