The first plan involves the providers themselves continuing to retain the data, which would only be queried as needed by the government, something Obama admitted could have additional repercussions. "Relying solely on the records of multiple providers ... could require companies to alter their procedures in ways that raise new privacy concerns."
If the data was indeed left with the providers, it would be useful to also allow them a little more freedom to speak about the data collection programs conducted against that data. Obama's speech did hint at one possible reform in that direction: Placing terms of expiry on the gag orders that go with the use of National Security Letters. As long as the time limits are sane (180 days, not five years), that could be useful.
The second plan, however, involves consolidating the data in the hands of a third party. That might well be the worst option of all if the custodian turns out to be a corporate data clearinghouse. Such companies have poor track records for security and might well allow that data to be leaked to an even broader, more indiscriminate audience.
A closer look at big data
As an adjunct to his talk about the data collection programs, Obama mentioned he was tasking Counselor John Podesta "to lead a comprehensive review of big data and privacy" by reaching out to "privacy experts, technologists, and business leaders." This would "look at how the challenges inherent in big data are being confronted by both the public and private sectors, whether we can forge international norms on how to manage this data, and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security."
If this all sounds vague, that's most likely a way to avoid unduly alienating the tech industry by making immediate demands about, say, providing consumers with strong protection for the reams of data harvested from them through the growing number of services that do so. Granted, such protections can't be rolled out properly at the snap of a finger. But they're growing all the more needed, so one can only hope Podesta's review doesn't simply result in voluntary compliances that have no teeth.
What's most clear about Obama's claims is that reform of any significant kind is never going to happen all at once. A few valuable items are offered here -- such as a bit more flexibility about gag orders -- and they should be used wisely by tech companies that before have chafed under such restrictions. But in the end, when it comes to surveillance reform, tech and government are still on opposite sides of a divide that has only narrowed ever so slightly.
This story, "What Obama's NSA reform means for tech," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.