A Fascinating Document.
The White House has released its new “Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies” today.
It’s about 300 pages long, so I haven’t actually finished reading it. That said, Chapters VII and VIII read like they were plagiarized off my post on internet freedom being a US national security interest. It’s an interesting document, so far, chock full of surprises in terms of recommendations compared to what, I think, most people expected.
This is a placeholder post for people, but there’s a good review of the document from a tech perspective at Ars Technica.
The important bits by the way in the recommendation list I think are:
We recommend that:
(1) The charter of the Privacy and Civil Liberties Oversight Board should be modified to create a new and strengthened agency, the Civil Liberties and Privacy Protection Board, that can oversee Intelligence Community activities for foreign intelligence purposes, rather than only for counterterrorism purposes;
(2) The Civil Liberties and Privacy Protection Board should be an authorized recipient for whistle-blower complaints related to privacy and civil liberties concerns from employees in the Intelligence Community;
(3) An Office of Technology Assessment should be created within the Civil Liberties and Privacy Protection Board to assess Intelligence Community technology initiatives and support privacy-enhancing technologies; and
(4) Some compliance functions, similar to outside auditor functions in corporations, should be shifted from the National Security Agency and perhaps other intelligence agencies to the Civil Liberties and Privacy Protection Board.
We recommend that:
(1) Congress should create the position of Public Interest Advocate to represent privacy and civil liberties interests before the Foreign Intelligence Surveillance Court;
(2) the Foreign Intelligence Surveillance Court should have greater technological expertise available to the judges;
(3) the transparency of the Foreign Intelligence Surveillance Court’s decisions should be increased, including by instituting declassification reviews that comply with existing standards; and
(4) Congress should change the process by which judges are appointed to the Foreign Intelligence Surveillance Court, with the appointment power divided among the Supreme Court Justices.
We recommend that, regarding encryption, the US Government
(1) fully support and not undermine efforts to create encryption standards;
(2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and
(3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
We recommend that the United States should support international norms or international agreements for specific measures that will increase confidence in the security of online communications. Among those measures to be considered are:
(1) Governments should not use surveillance to steal industry secrets to advantage their domestic industry;
(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise manipulate the financial systems;
(3) Governments should promote transparency about the number and type of law enforcement and other requests made to communications providers;
(4) Absent a specific and compelling reason, governments should avoid localization requirements that (a) mandate location of servers and other information technology facilities or (b) prevent trans-border data flows.
We recommend that there be an Assistant Secretary of State to lead diplomacy of international information technology issues.
We recommend that as part of its diplomatic agenda on international information technology issues, the United States should advocate for, and explain its rationale for, a model of Internet governance that is inclusive of all appropriate stakeholders, not just governments.