When President Barack Obama stepped down from the podium after describing his plans for reforming the United States' surveillance programs, only the most newsworthy and hot-button issues had been addressed. Reforms that the tech industry would most want -- such as prohibiting the undermining of encryption standards -- went unmentioned, and only a few specific reforms that would have an immediate and useful impact on the tech landscape were offered.
No word of cyber program reform
When the five-member Review Group on Intelligence and Communications Technologies issued its report in December last year, it made a number of recommendations involving the National Security Agency's use of specific technologies. Among them: not weakening encryption standards, not exploiting zero-day attacks, and having better review and oversight for how the NSA responds to advances in communications technology. All of these issues, especially the NSA's underhanded handling of encryption by way of the NSIT (National Institute of Standards and Technology) -- and possibly companies like RSA -- have sparked ire in the tech world.
But Obama's speech touched on almost none of this, or if it did, it only hinted at it in the most oblique and indirect way. Encryption and the NIST itself weren't even mentioned. It's an echo of the sentiments felt by top technology company executives when they met with Obama in December 2013 and made their own recommendations for NSA reform. Obama promised at the time to "consider their input," but made no commitments.
One possible reason why Obama kept silent on these issues was because most of the public attention vis à vis the NSA is focused now on the bulk collection of phone records, which is a far more visible and hot-button issue than more technically complex ones like encryption standards. But some mention of this problem, even as an offering during the pre-briefing for the press, would have been better than nothing.
Until these issues are discussed more explicitly by this administration, there's no sense that the government will take a stand against that kind of underhanded meddling. The tech industry will have to remain vigilant on its own -- the loss of a major opportunity for government and tech business to be less antagonistic.
Bulk phone data collection: Who keeps it?
As noted above, the most high-profile part of Obama's speech involved the reform of the NSA's bulk phone data collection program. But the plan isn't being suspended, despite many questions about its ultimate effectiveness.
Aside from cutting down the number of hops away from a suspect that the NSA can pursue phone intelligence (down to two from three), Obama also stated he was "establishing a mechanism that preserves the capabilities we need without the government holding this bulk metadata."
"This will not be simple," he admitted. That's an understatement, because the only two plans on the table right now don't sound like much of an improvement.