While Obama made few specific proposals, and touched on just a handful of the 46 recommendations made by the group set up to review the law, he said he wanted to see the end of the NSA’s giant database of phone records, increase judicial oversight, enhance transparency, and extend privacy protections to non-Americans.
Such reforms are welcome. But many are sceptical that they go far enough. As the New York Times said on Friday, the US “has a credibility problem that will take years to address”, and it would be naive to think the UK has not suffered similarly. GCHQ and the NSA are largely seen as the same beast.
And it goes beyond privacy. Tech companies have faced real damage, as the NSA has blown a hole in trust in their products and systems. Bloomberg has put the cost to the US economy at $35bn (£21.3bn) already. Yet this was absent from Obama’s speech, and is equally absent from Parliament’s Intelligence and Security Committee’s call for evidence on the subject.
We’ve had no apology for the NSA’s efforts to undermine encryption, aided by GCHQ; no assurances for companies that the NSA would co-operate to quickly patch bugs they discover in software, despite such co-operation being recommended by Obama’s advisers; no commitment to not take offensive cyber action to gain access to company servers, even where those companies co-operated with legal requests for data. Google publicly voiced its “outrage” at the work done by the NSA and GCHQ to compromise their systems. Neither Obama’s speech, nor statements by the UK government, have addressed this real anger.
Fundamentally, the issue in the US and UK is the same – ensuring agencies operate in a robust and transparent legal framework with meaningful oversight. In the US, that already means a more open system than our own. In recent months, the Obama administration has published over 40 surveillance court rulings and legal interpretations, while government statistics detail the use of surveillance powers in reasonable detail. In the UK, such transparency is glaringly absent, as is judicial oversight. Indeed, as former Court of Appeal judge Sir Stephen Sedley has said, it is far from clear that the UK’s secretive oversight regime respects the separation of powers essential in a democracy.
This secrecy has forced industry to act. Last week, Vodafone became the first major UK telecoms firm to follow Google, Microsoft, Facebook, AT&T and Verizon in publishing reports, detailing how often they hand customer data to the state. I expect others to follow, and hope they do so swiftly.
If firms are not transparent about their dealings, and the oversight regime asks for trust rather than commanding public confidence by its actions, people will look elsewhere to send their data. Complacency at home is not reflected abroad. The longer we delay meaningful debate about the scope of surveillance and oversight, the harder it becomes for the UK to maintain its moral authority and the greater the damage to UK business.
Nick Pickles is director of Big Brother Watch.