Microsoft Subnet An independent Microsoft community View more

Obama ignored NSA subverting encryption in surveillance reform speech

Nothing in the President's speech, or newly issued intelligence directives, suggested the NSA should support and not undermine encryption.

Other than to appease Americans, why did President Obama bother with appointing a Review Group on Intelligence and Communications Technologies if he planned to disregard, or completely ignore, many of the group's recommendations to reform the NSA? Although President Obama gave a speech about NSA reforms (transcript), "Nothing the President said today will end the unconstitutional invasion of Americans' privacy," stated Republican Rep. Justin Amash. "Congress must do what the President apparently will not: end the unconstitutional violation of Americans' privacy, stop the suspicionless surveillance of our people, and close the era of secret law."

For a quick review, the ACLU put together this chart comparing the ACLU's proposals, President Obama's announcement, and the USA FREEDOM Act:

President Obama's speech included, "America's capabilities are unique, and the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do." Yet he failed to mention the NSA subverting encryption, secure communications, so perhaps he believes that is a technology power that the U.S. government should do?

The President's Review Group on Intelligence and Communications Technologies proposed 46 recommendations in a report titled, "Liberty and Security in a Changing World [pdf]," that included reforming the NSA to ensure the protection of Americans' privacy and civil liberties and promoting online security. Regarding global communications, the review group recommended:

The US Government should take additional steps to promote security, by (1) fully supporting and not undermining efforts to create encryption standards; (2) making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption; and (3) supporting efforts to encourage the greater use of encryption technology for data in transit, at rest, in the cloud, and in storage.

"No one expects China to have an open debate about their surveillance programs or Russia to take privacy concerns of citizens in other places into account," President Obama stated. "But let's remember, we are held to a different standard precisely because we have been at the forefront of defending personal privacy and human dignity. As the nation that developed the Internet, the world expects us to ensure that the digital revolution works as a tool for individual empowerment, not government control."

Really? Well if you cannot keep your private communications private, even with encryption, then how is such spying anything except government control? You cannot have a serious national discussion about surveillance and privacy without addressing online or other digital communications secured with encryption.

Since the summer of Snowden leaks, we've learned that using encryption gets your communications flagged and stored; the NSA loves backdoors in programs and will even hijack shipments to install backdoors. Reuters reported that the NSA paid $10 million to RSA so the security company would make flawed encryption the default. Then there's the exploit catalog full of how the agency compromises Windows, firewalls, as well as servers, routers, switches, PCs, hard drives, smartphones and other hardware. Additionally, the NSA wants a quantum computer capable of cracking any encryption.

Yet at no time in the President's speech did he talk about encryption. Maybe grandma wouldn't really grasp that, but encryption could have been called enhanced cybersecurity or secure digital communications. But when Obama issued new Intelligence directives, he certainly wasn't talking to grandma.

In those directives, Obama twice mentioned a "secure global Internet," including "the credibility of our commitment to an open, interoperable, and secure global Internet; and the protection of intelligence sources and methods;" and "our commitment to an open, interoperable and secure global Internet; and the legitimate privacy and civil liberties concerns of U.S. citizens and citizens of other nations." Is this not the perfect opportunity to address how the government has been subverting encryption instead of supporting it?

Obama's campaign was based on change, not continuing and strengthening more the same policies of his predecessor. He promised: "We are going to lead by example, by maintaining the highest standards of civil liberties and human rights."... "No more ignoring the law when it is inconvenient, that is not who we are....We will again set an example for the world that the law is not subject to the whims of stubborn rulers and that justice is not arbitrary."... "Whether it was the run up to the Iraq war or the revelation of secret programs, Americans often felt like part of the story had been unnecessarily held from them."

What rubbish! Many of us thought Yes We Can meant for the better, not worse. And many people are equally disappointed in Obama's NSA reform speech. If you missed it, then Ellen Messmer did an excellent and in-depth job covering President Obama's take on the NSA's collection of metadata and how he offered little mass surveillance reform.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.