Obama Orders Review on Use of Big Data

President Describes Restraints on Metadata-Collection Program
Obama Orders Review on Use of Big Data
President Obama proposes NSA reforms.

In a speech revealing new limits on the way intelligence agencies collect telephone metadata, President Obama also announced a comprehensive review of how government and business are confronting the challenges inherent in big data.

See Also: How to Scale Your Vendor Risk Management Program

Obama said on Jan. 17 a group headed by his counselor, John Podesta, would seek to forge international norms for how to manage big data and how the government can continue to promote the free flow of information in ways that are consistent with privacy and cybersecurity.

The president said the rapid evolution of technology presents a big challenge of how to use data to protect the nation from physical and cyber-attacks while protecting individuals' privacy and civil liberties.

"The power of new technologies means that there are fewer and fewer technical constraints on what we can do," the president said. "That places a special obligation on us to ask tough questions about what we should do."

The group headed by Podesta, former chief of staff in the Clinton administration, consists of government officials who, along with the President's Council of Advisers on Science and Technology, will reach out to privacy experts, technologists and business leaders.

Breach of Trust

"The challenges to our privacy do not come from government alone," Obama said. "Corporations of all shapes and sizes track what you buy, store and analyze our data and use it for commercial purposes. ... But all of us understand that the standards for government surveillance must be higher. Given the unique power of the state, it is not enough for leaders to say: 'Trust us, we won't abuse the data we collect.' For history has too many examples when that trust has been breached."

Leaks of United States government electronic spying activities by former National Security Agency contractor Edward Snowden prompted a rancorous debate on the government's broad electronic surveillance practices. Those leaks prompted Obama to appoint a panel of experts that last month issued 46 recommendations (see Panel Recommends Limits on NSA Surveillance), most of which were not addressed by the president in the speech delivered at the Justice Department.

The panel, for instance, recommended preventing the NSA from subverting initiatives to create secure encryption to safeguard confidential communications and data.

Caitlin Hayden, White House national security staff spokeswoman, said the president has asked Cybersecurity Coordinator Michael Daniel and the Office of Science and Technology Policy to jointly lead a study on encryption safeguards and report the results within 60 days. "We support the recommendation's aim to protect the integrity of standards for commercial encryption," Hayden said after the president's speech.

Other recommendations, such as improving the process to vet individuals with security clearances and employing continuous monitoring and detection tools on classified networks, are being implemented, Hayden said (see New Ideas for Mitigating Insider Threat).

Modifying Collection Program

Obama said the way the NSA collects vast amounts of telephone metadata records - under part of the law known as Section 215 - will change, with a new requirement that the government first obtain permission from a secret court. Eventually, he said, the data warehouse of phone records will not be maintained by the government. The president directed the attorney general and intelligence community to propose a new approach by March 28.

Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., said he's encouraged that president ordered changes to Section 215 but added that more must be done to safeguard citizens' privacy. "I urge consideration of the privacy implications of any mandate that these records be held in the private sector," he said. " ... Section 215 must still be amended, legislatively, to ensure it is not used for dragnet surveillance in the future."

The chairs of the Senate and House intelligence committees, Sen. Diane Feinstein, D-Calif., and Rep. Mike Rogers, R-Mich., said the need to get secret court approval prior to querying the Section 215 database should be expedited. "If instituted, that approval process must be made faster in the future than it was in the past - when it took up to nine days to gain court approval for a single search," they said in a joint statement . "We encourage the White House to send legislation with the president's proposed changes to Congress so they can be fully debated."

In the meantime, Obama ordered a modification to the Section 215 metadata collection program, to pursue phone calls that are two steps removed from a phone number associated with a terrorist organization, instead of three, which is the current process in the metadata collection program.

The president also called on Congress to establish a panel of advocates from outside of government to provide an independent voice in significant cases before the Foreign Intelligence Surveillance Court.

Obama said the United States will stop bugging the telephones of the leaders of its top allies. Leaked documents showed the NSA tapped the mobile phones of some leaders, including German Chancellor Angela Markel. "The leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them, rather than turning to surveillance," he said.

Dwayne Melancon, chief technology officer at Tripwire, a provider of information risk and compliance software, said the president's proposals are a move in the right direction because they impose further barriers to limit the collection and use of surveillance data about U.S. citizens. But Melancon expressed some skepticism. "The big question is whether it will really make a difference or not," he said. "There is so much collection technology in place already it will be difficult to just turn it off so that means there may still be a temptation to look at more data than is appropriate. That is definitely a concern."


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network