MetaCompliance_Webcon
PrivacyTraining_ad300x250.Promo1-01
IAPP_Salary-Survey_300x250_FINAL
The USA FREEDOM Act, the President’s Review Group and the Biggest Intelligence Reform in 40 Years

Two years after the first story based on Edward Snowden’s leaks hit the press, the U.S. government enacted the USA FREEDOM Act, ending bulk collection under Section 215. As one of five members of President Obama’s Review Group on Intelligence and Communications Technology, I applaud its passage—the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978.

There is a close fit between the Review Group’s work and the new law as well as multiple significant reform measures the Obama administration has already adopted without legislative change. In this era of partisan gridlock, the U.S. system of government has proved more responsive and resilient than many skeptics had predicted.

Two months after the Snowden stories began, President Obama announced formation of the Review Group and tasked it with finding an approach “that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust and reducing the risk of unauthorized disclosure.”

My own role on the Review Group was based on my work as Chief Counselor for Privacy under President Clinton, as well as ongoing writing on foreign intelligence, encryption, and related subjects.

The four other members had diverse capabilities: Richard Clarke, cyber-security and anti-terrorism advisor to both President Clinton and George W. Bush; Michael Morrell, former Deputy Director of the CIA; Geoffrey Stone, noted civil libertarian and former Provost of the University of Chicago; and Cass Sunstein, noted legal academic and former Administrator of the Office of Information and Regulatory Affairs in U.S. Office of Management and Budget. I feel honored to have had the opportunity to work with four such distinguished experts.

The Review Group initially received a fair bit of public skepticism, such as statements that “the review panel has effectively been operating as an arm of the Office of the Director of National Intelligence” and "no one can look at this group and say it's completely independent.” This skepticism was perhaps understandable, because four of the members had worked for Democratic Presidents and the fifth, Geoffrey Stone, had actually been the Dean who hired a young Barack Obama to the University of Chicago Law School faculty.

Nonetheless, in actuality, the Review Group had freedom to pursue our mandate as we wished. We had expert staffing from the relevant agencies, and received full briefings on every issue we asked about. The actual draft resulted in a unanimous, 304-page report with 46 recommendations and was subsequently reprinted by the Princeton University Press.

When the Report became public in December, 2013, the greatest attention focused on this statement: “Our review suggests that the information contributed to terrorist investigations by the use of Section 215 telephony metadata was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional Section 215 orders.”

This finding of “not essential to preventing attacks” had credibility because it was based on top-secret briefings to a group that contained senior experts in intelligence and counter-terrorism. A common response to civil liberties concerns says: “If you knew what we knew, you would want this surveillance power.” After the Review Group report, that response was much harder to make in defense of Section 215 bulk collection.   

There is a close fit between Review Group recommendations and the provisions of the USA Freedom Act.

Passage of any legislation such as USA FREEDOM has innumerable parents, each of whose support turns out to be vital to eventual enactment. For this law, important support came from President Obama, the intelligence community and the Obama administration generally; the members of Congress who brought together a unique coalition in both the House and the Senate; the Privacy and Civil Liberties Oversight Board, whose detailed report on Section 215 raised numerous compelling concerns with the program, and coalitions of outside supporters from the political left and right, including industry and civil society.

With the roles of innumerable others in passage clear, here is what USA FREEDOM provides, linked to Review Group recommendations:

  • Recommendation 1: Issue a Section 215 order only with judicial approval and heightened standard. The administration had already adopted this approach, and USA FREEDOM confirms it legislatively.
  • Recommendation 5: End government storage of bulk telephone data and have records held in the private sector, accessible only with a judicial order. USA FREEDOM does this.
  • Recommendation 2: Place similar limits on bulk collection using National Security Letters. USA FREEDOM applies the limit on bulk collection to NSLs and to FISA pen-trap orders.
  • Recommendation 4: Have a general rule limiting bulk collection, absent extraordinary circumstances. USA FREEDOM does not enact this sort of general rule. On the other hand, any agency lawyer going forward has received a loud and clear message from Congress to be cautious before saying there is legal authorization for a new bulk collection program.
  • Recommendations 9 and 10: Create greater transparency in government reports and allow greater transparency in company reports about the nature and extent of foreign intelligence orders. USA FREEDOM takes important steps for both of these.
  • Recommendation 28: Create public interest advocates to represent privacy and civil liberties interests before the Foreign Intelligence Surveillance Court (FISC). USA FREEDOM creates a panel of experts to file amicus briefs in this way.

This list exhausts the main substantive provisions of the USA FREEDOM Act, suggesting that the Review Group report played a constructive role in crystallizing specific reforms that could eventually make it through the legislative process.

Multiple measures by the Obama administration add to the roster of intelligence reforms. In considering the response of this administration, I believe President Obama himself was in an unusually good position to weigh the competing equities about intelligence reform: he taught constitutional law at the University of Chicago, and so is deeply versed on the civil liberties issues; he has been Commander in Chief of the armed forces during a period of active combat, so that he has a trained and personal sense of responsibility about protecting the nation; and, he ran as the “Internet” candidate, using new communications technologies in innovative ways.

Civil liberties, national security and high-tech, these are obviously key areas relevant to any review of intelligence and communications technology.

I have written previously about the administration’s reform measures to date, including:

  • Transparency, notably de-classification of many important FISC opinions;
  • Some limits on “incidental collection” under the PRISM program (Section 702);
  • New White House oversight of the intelligence community, including for sensitive collection programs;
  • Presidential Policy Directive 28 and other reforms to provide greater protections for non-US persons;
  • Funding increases, some of which Congress has granted and others that are in the budget for this year (including much-needed staffing support for the Mutual Legal Assistance Treaty process); and
  • Significant change to rules about NSLs, so that they generally will remain secret for no more than three years, rather than the previous 50.

Along with this progress to date, reform efforts should continue.

Notably, I believe the administration should adopt Review Group recommendation 29, which supports strong encryption as an essential component of cyber-security in communications.

We should also consider recommendation 12, which would create stronger safeguards for information that is “incidentally collected” as part of surveillance targeted at non-US persons under Section 702 and Executive Order 12333. The latter issue is likely to receive careful attention when Section 702 sunsets in 2017.

There has been thoughtful reform of numerous intelligence community practices in the past two years, consistent in my view with national security. Far more has changed than many skeptics predicted.

In addition, the debates on the USA FREEDOM Act have re-sensitized many members of Congress to the importance of privacy issues. These debates may prove influential as additional privacy proposals come to Congress—part of what I have called a “Second Wave of Global Privacy Protection.”

We should anticipate more changes to come.

Written By

Peter Swire, CIPP/US

1 Comment

If you want to comment on this post, you need to login.

  • John Jun 8, 2015

    Peter, 
    Great summary and analysis.  And thank you for your contribution as the voice of privacy on the Review Group.

Related

Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

CIPP/E + CIPM = DPO

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

IAPP-OneTrust Website Scanning & Cookie Compliance Tool

Scan your website for cookies, tags, forms and policies and create a custom, dynamically updated cookie policy based on the results of your scans.

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

More Resources »

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds and unparalleled programs—plus a whole new spin on Active Learning!

Canada Privacy Symposium 2017

The Symposium returns to Toronto! Take advantage of Early Bird rates before March 31 and join your fellow privacy pros for a stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is SOLD OUT and the wait list is closed. If you got on the wait list, we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Join us in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens in May.

Europe Data Protection Congress 2017

Your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Registration opens in early June.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»