The NSA Report: Liberty and Security in a Changing World

Dry reading, and there's nothing to be done about that. It's a report, after all.If you are an American citizen, and are not reading this book, I think you're not holding up your end of the bargain our Founders expected of future Americans when they formed this nation.You may agree or disagree with what our government is doing, but you at least should know as much as you can about what is being done.

This political appointed review panel attempts to distinguish between national security and private security. There are 47 recommendations. A single one would be a more credible effort as the technically efficacious ones are buried among the political and the trivial. The biased approach strives to limit, never enhance government intelligence operations. It's all towards restructure of NSA and other agencies. The authors want popular control starting with moving NSA away from DoD control and a change in the role of the DNI. There is an unverified premise that NSA monitoring is detrimental to the economy especially the technology sector.Security recommendations necessarily extend beyond the NSA to relations with CIA, DOS, FBI and other agencies. There are now 17 security agencies under the aegis of DOS, DOT, DoD, DoE, DHS, joint oversight commissions and the DNI. Does any agent know who his boss is? The book makes no recommendations for reducing overlap or obsolescence, probably because that would not be consistent with administration objectives.The book is very respectful of the rights of foreigners, even though not covered in the Constitution. It acknowledges probability of accidental monitoring of US citizens and works to restrict usage, while threading the tightrope trade-off between providing government with keys and access to any traps.Most interesting is the discussion of encryption as the authors consider allegations of a possible back door trap in AES and implications of cloud computing. One puzzlement is in the issue of key escrow with “alleged” back doors in government sponsored encryption algorithms. In the early 1990's the NSA sponsored the 'Clipper' chip to implement supposedly known traps. The project was abandoned later, perhaps because it didn't work. Or did government develop a crisis of conscience due to objections to a restrictive and expensive requirement? My ignorance of the issue is one thing, but lack of knowledge in an expert panel dilutes the credibility of this report.Clearly, safeguarding Fourth Amendment rights with the requirement of warrants does not work anymore. It seems that is the primary justification for study panels like the authors of this book. Can FISA warrants be nameless? Does that safeguard rights? Public key encryption is not mentioned. A central location repository doesn't enhance security. It makes government monitoring easier. There is no consideration of how to pay for initiatives, nor is there any mention of eliminating obsolete departments. There is no denying that the Internet is a weapon requiring some degree of military cognizance, despite one sided liberal conscientiousness desiring removal of the NSA from military jurisdiction.There are recommendations of organization reform. The authors recommend civilian oversight of the DNI, already an additional layer of bureaucracy. Legal reform is mainly directed at Section 215 of the Patriot Act which most progressives want repealed. There is reform for intelligence gathered on US persons and foreigners determining what should be gathered and how, includingcreation of software to target specific information instead of bulk gathering (easier said than done). Limiting need to know is nothing new. Neither is the need to better protect what is collected. The observation that Intel gathering requires cost-benefit analysis is not consistent with government protocol although the governments other monopolies are directed towards wealth redistribution rather than communication.Partially an antidote for the Snowden and WikiLeaks breaches, with only vague references to prior NSA leaks, the book was written too early to consider the damage caused by Secretary of State Hillary Clinton mixing private and security breaking emails. In recommending more layers of control, the response to insider problems is to add more insiders. It recommends rules for vetting those with highly classified access. That does not include Secretary of State or other political appointees. There is no definition of responsibility for CIA and NSA in the event of a breach as occurred by Hillary mixing personal and DOS emails. What else?The book is somewhat inconsistent in admitting some efficiencies in the current system. At the rate government moves relative to cyber changes, this report will be obsolete and long forgotten before anything is done about the recommendations. There are possibly some observations that are useful to someone. They are well buried. It's not clear to me who this was written for.It is very likely that I will rewrite this review as I learn more about these complex technical and political issues.

Worth the read. Note, however, that this is freely available as a PDF (which most e-readers can handle) via the whitehouse.gov website. Simply search for it.