NSA says new phone spying program meets privacy safeguards
The program, which some Republican presidential hopefuls have criticized because they say it puts Americans at greater risk of attack by Islamic State and other violent groups, has satisfactorily complied with eight privacy safeguards that include transparency, oversight, data minimization and use limitation since its implementation in November, according to a report released by the NSA’s Civil Liberties and Privacy Office.
The NSA ended its daily vacuuming of millions of Americans’ phone metadata, meaning the numbers and time stamps of calls but not their content, late last year after Congress passed a law reforming some of the government’s surveillance practices.
A presidential review committee found that the bulk data collection, exposed in 2013 by former NSA contractor Edward Snowden, was an ineffective tool in fighting terrorism. The data collection was also criticized by privacy advocates and tech companies wary of broad government surveillance.
Under a replacement program that took effect on Nov. 29, NSA and law enforcement agencies must get a court order and ask communications companies like Verizon Communications to authorize monitoring of call records of specific people or groups for up to six months.
While some Republicans vying for the White House have criticized the shutdown of the bulk program, other Republican contenders have defended it.
Senator Ted Cruz of Texas has defended his vote in favor of NSA reforms by saying that the new program actually is capable of collecting a greater percentage of calls than the old one, due to technical upgrades.
Some privacy advocates expressed skepticism at Friday’s report, given the level of secrecy shrouding the U.S. intelligence community.
“The USA FREEDOM Act ended bulk collection, but this report leaves us guessing just how good a job it did,” said Robyn Greene, policy counsel with Open Technology Institute at the New America, a Washington think tank.
The other four privacy principles that have been complied with are individual participation, purpose specification, data quality and data security.