Obama signs order limiting cyber espionage

New initiatives on data collection by the US Government will set certain limitations on the use of signals intelligence collected in bulk.

According to a White House statement, the reforms are “designed to reassure every American that our nation’s intelligence activities are carried out with appropriate oversight and respect for civil liberties and privacy”, and approved by President Obama, intend to refine the process for collecting signals intelligence.

Obama also signed Presidential Policy Directive – 28, Signals Intelligence Activities, which sets certain limitations on the use of signals intelligence collected in bulk, refines the process for collecting signals intelligence and establishes safeguards for personal information collected through signals intelligence.

“Our signals intelligence activities must take into account that all persons have legitimate privacy interests in the handling of their personal information,” the statement said.

“At the same time, we must ensure that our intelligence community has the resources and authorities necessary for the United States to advance its national security and foreign policy interests and to protect its citizens and the citizens of its allies and partners from harm.”

PPD-28 will change retention practices to afford strengthen privacy protections, as intelligence community elements must delete non-US person information collected through SIGINT five years after collection, unless the information has been determined to be relevant to: an authorised foreign intelligence requirement, or if that continued retention is in the interest of national security.

Also, PPD-28 explicitly requires that information about a person may not be disseminated solely because he or she is a non-US person, and the Office of the Director of National Intelligence has issued a revised directive to all Intelligence Community elements to reflect this requirement.

However privacy campaigners the Electronic Frontier Foundation accused Obama of “failing to promise to rein in the NSA”. Mark Rumold, staff attorney at the EFF, said in a blog that the reform plan fails to fix the problem of unconstitutional National Security Letters, as it proposes a three-year limit on the gag order that accompanies each NSL, but even a three-year limit fails to cure the constitutional problem, and doesn’t stop the bulk collection of data on innocent Americans’ digital communications.

“The President’s proposals do not curb the mass collection of phone records under Section 215, and the proposals affirmatively allow bulk collection to occur for six, broadly defined categories of intelligence collection,” he said.

He also said that the new policy allows continued “backdoor” surveillance on Americans without a warrant, and fails to provide non-US persons with the same privacy protections afforded US persons.

“While the President’s proposals take a step forward in unifying the retention requirements applicable to collected non-US person information, they fail to afford the same privacy protections afforded US persons, and they fail to rein in bulk collection in the first place,” Rumold said.

The post Obama signs order to curb data collection of US and foreign nationals appeared first on IT Security Guru.