It includes over 40 recommendations, and among the most important ones are that:
- Section 215 orders and National Security Letters can be issued by the Foreign Intelligence Surveillance Court only if they are "reasonable in focus, scope and breadth", and only if "the government has reasonable grounds to believe that the particular information sought is relevant to an authorised investigation intended to protect 'against international terrorism or clandestine intelligence activities'"
- "The government should not be permitted to collect and store all mass, undigested, non-public personal information about individuals to enable future queries and data-mining for foreign intelligence purposes"
- The storage of bulk telephony meta-data by the government should be put to an end. This his meta-data be held by private third parties (likely providers), and access to it given to government agencies only if the FISC allows it.
- When legally intercepting communication directed at non-US persons, information about a US person disclosed in the communication should be "purged upon detection" if not useful or can be used to prevent serious harm, and should not be used as evidence in any proceeding against that US person
- Surveillance of non-US persons outside the US must be lawful, and must be done only for national security reasons and not to obtain trade secrets or other economic advantages, and should not target non-US persons located outside the US for their political views or religious convictions.
- Intelligence collection should be reviewed on an ongoing basis
- A more stringent criteria should be used when considering whether to engage in surveillance of foreign leaders
- The US government should create software that would allow intelligence agencies to conduct targeted information acquisition instead of bulk-data collection
- The NSA become a strictly foreign intelligence organisation, with a possibly civilian Director, and that the US Cyber Command and the Director of the NSA not be the same person.
- FISC judges be given greater technological expertes, and a Public Interest Advocate to be assigned to argue privacy and civil liberties before the court.
- The US government should not sabotage efforts to create encryption standards and weaken encryption commercial encryption software.
Currently, both sides of the fence have found things to be unsatisfied about regarding the report, but time will tell what good it can and will do.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.