Change may be coming to the US National Security Agency's mass surveillance machine, but even an address from the US president doesn't make it clear how much. In a speech at the Department of Justice today, Barack Obama said that the NSA's powers to crawl through the cellphone metadata it has collected will be reduced and assured his audience that "the United States is not spying on ordinary people who don't threaten our national security".
Obama said he was ordering "a transition that will end the Section 215 bulk metadata programme as it currently exists", with a review due on 28 March deciding how the bulk metadata will be handled in future. He offered two possibilities: bulk call data will be accessed either through a private third party that holds the data for the US government to search as it needs, or through the individual cellphone network providers themselves, like Verizon.
On top of that, the web of metadata that an innocent, non-terrorist can be caught in is getting smaller, Obama said. "Effective immediately, we will only pursue phone calls that are two steps removed from a number associated with a terrorist organisation instead of three," he said.
There was much Obama did not address, like the NSA's initiatives to insert backdoors into the encryption standards that are used to secure internet communications. Foreign Policy reporter Shane Harris says that the White House has commissioned a study of the issue. Nothing was said about the NSA's ability to tap fibre-optic cables, or XKeyscore, the internet data collection program that gives NSA analysts unmitigated access to people's browsing histories, emails and online chats.
Obama's speech came one day after The Guardian newspaper in the UK reported that the NSA is gathering millions of text messages every day in an "untargeted sweep", in a story based on documents leaked by Edward Snowden which describe a program called Dishfire.
Under Dishfire, the NSA is able to collect nearly 200 million text messages every day, analysing them to reveal any financial details they contain, the location of the receiver, names and numbers on electronic business cards. One of the slides published by The Guardian shows one category of data that can be analysed is called "Passwords (pending); Other Requests?". It is unclear what this means, but it could refer to the SMS messages sent by Google and other web service providers that contain a code which is supposed to function as an extra layer of online security, called two-factor authentication.
If you would like to reuse any content from New Scientist, either in print or online, please contact the syndication department first for permission. New Scientist does not own rights to photos, but there are a variety of licensing options available for use of articles and graphics we own the copyright to.
