On January 17, President Barack Obama announced the results of a six-month policy review following leaked disclosures about top-secret National Security Agency (NSA) surveillance programs. He called for changes to the program that swept up large amounts of information collected from phone calls, and he proposed having individual phone companies keep the call data or form a consortium that would pool the data.
The President also called for a comprehensive review of the use of big data and the future impact on privacy. He tasked the President’s Council of Advisors on Science and Technology (PCAST) to “reach out to privacy experts, technologists and business leaders, and look how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.”
According to Presidential Counselor John Podesta, the results of the PCAST study will be used to create a comprehensive report that encompasses future technological trends and key questions surrounding the collection, availability, and use of big data. "[The report will] identify technological changes to watch, determine whether those technological changes are addressed by the US's current policy framework, and highlight where further government action, funding, research, and consideration may be required," Podesta said. "We expect this work to serve as the foundation for a robust and forward-looking plan of action."
Overall, the President’s proposals stemming from a wide-ranging review of U.S. intelligence programs were met with mixed reactions. The proposals are likely to spur further action by Congress, much as the surveillance controversy is spurring swift adoption of Europe’s data protection reform directive.
On the cybersecurity front, the National Institute of Standards and Technology (NIST) announced that it will unveil, on February 13, 2014, the final version of its Cybersecurity Framework that is required by an Executive Order released by President Obama a year earlier. In response to concerns raised by industry representatives, NIST is expected to scale back earlier recommendations that called on companies to minimize the personally identifiable information they collect and share about their customers. After the final framework is released, attention will shift to the Department of Homeland Security, which is responsible for translating the standards set out by the Framework into a voluntary program for critical infrastructure owners and operators.