Tomorrow, Obama will announce his long-awaited reforms to the NSA. The Electronic Frontier Foundation has produced a score-card (with detailed commentary) describing the minimum set of reforms that would be compatible with the rule of law and a free and fair democracy. It makes a handy crib-sheet to use while you're watching the press-conference -- you can print out one for each of your friends and discuss it around the TV during your NSA press-conference party:
1. Stop mass surveillance of digital communications and communication records.
It doesn’t matter what legal authority is being cited—whether it’s the Patriot Act, the FISA Amendments Act, or an executive order—the government should not be sweeping up massive amounts of information by and about innocent people first, then sorting out whether any of its targets are included later. The NSA has disingenuously argued that simply acquiring this data isn’t actually "collecting" and that no privacy violation can take place unless the information it stores is actually seen by a human or comes up through an automated searches of what it has collected. That’s nonsense. The government’s current practices of global dragnet surveillance constitute general warrants that violate the First and Fourth Amendments, and fly in the face of accepted international human rights laws. Obama needs to direct the NSA to engage only in targeted surveillance and stop its programs of mass surveillance, something he can do with a simple executive order.
2. Protect the privacy rights of foreigners.
The NSA's surveillance is based upon the presumption that foreigners are fair game, whether their information is collected inside the US or outside the US. But non-suspect foreigners shouldn't have their communications surveilled any more than non-suspect Americans. The review group recommended limited protections for non-US persons and while that is a good start, the president should do more to ensure that actual suspicion is required before either targeted or untargeted surveillance of non-US persons.
3. Don’t turn communications companies into the new Big Brother: no data retention mandate.
Obama’s review group recommended ending the NSA’s telephone records program, which we strongly agree with, but then indicated that a reasonable substitute would be to force American communications companies to store the data themselves and make it available to the government. The group ultimately recommended a data retention mandate if companies won’t comply voluntarily. But companies shouldn’t be pressed into becoming the NSA’s agents by keeping more data than they need or keeping it longer than they need to. To the contrary, companies should be working on ways to store less user data for less time—decreasing the risks from data breaches and intrusions like the one that just happened to Target. Data retention heads in the wrong direction for our security regardless of whether the government or private parties store the information.