President Barack Obama's plan to stop the National Security Agency's bulk collection and storage of telephone records is a good first step that needs to go much further to protect Americans' privacy rights, advocates say.
Obama unveiled his plans Thursday, saying in a statement, "I have decided that the best path forward is that the government should not collect or hold this data in bulk."
The president went on to say that his plan would keep the data with telephone companies, which would store it for the same length of time as they do currently. The government would need a court order to access the data, except in "an emergency situation," which was not defined.
The administration would need congressional approval to go forward with its plans. A group of lawmakers introduced a bipartisan bill this week that would end bulk collection of telephone, email and Internet metadata. Other bills are pending in Congress.
Privacy advocates said Obama's plan was an improvement over having the NSA collect and store data, but fell short of protecting the privacy of Americans.
"The presidents plan is a major step in the right direction and a victory for privacy. But this must be the beginning of surveillance reform, not the end," Anthony D. Romero, executive director of the American Civil Liberties Union, said in a statement.
Marc Rotenberg, executive director for the Electronic Privacy Information Center, objected to Obama's decision to extend the NSA's current data gathering for 90 days to give Congress time to act.
"We believe the president should simply not renew the current NSA telephone record collection authority when it expires (March 28)," he told CSOonline.
Rebecca Herold, a privacy consultant and author of the blog Privacy Professor, said Obama did not address a number of important issues, such as the establishment of a specific position responsible for safeguarding collected data.
Other missing elements included requiring the NSA to undergo annual privacy impact assessments, like other government agencies. In addition, the agency should submit to independent annual audits of its data repositories and data protection practices.
"Quite frankly, I do not believe the NSA limits their retention of the records they've collected to the indicated 5 years, despite the requirement," Herold said.
"Their continuously increasing storage facilities indicate they are accumulating data, not getting rid of any. Lets have an independent audit to prove otherwise."
Instead of Obama's plan, advocates favored passage of the USA Freedom Act, which requires, in part, the government to filter and discard information collected on Americans accidentally and establishes an Office of the Special Advocate (OSA). The office would represent privacy interests before the closed court responsible for approving NSA data requests under the Foreign Intelligence Surveillance Act.
Sign up for Computerworld eNewsletters.