Editor's note: Catherine Crump is a staff attorney for the American Civil Liberties Union's Speech, Privacy & Technology Project
(CNN) -- When President Barack Obama responded to this summer's torrent of disclosures about the National Security Agency by commissioning a review board, some wondered whether waiting for the committee to report its findings would involve a lot of delay and not much in the way of progress.
But Wednesday the panel issued a blockbuster report urging big changes in how the NSA does business. The recommendations are not perfect, but civil libertarians should embrace many of them, and we are glad that on Friday Obama said that they are being seriously considered. There is no question that all of us will be substantially better off if they are followed.
Consider what the report has to say about the bulk collection of Americans' phone records. Even among the troubling programs disclosed this summer, this one stood out because of the sheer number of innocent people whose personal information was swept up and its deliberate targeting of Americans within the United States. Also striking was the government's failure to offer any credible evidence that it has made us safer -- even if you are willing to trade liberty for security, you shouldn't be willing to trade it away for nothing.
More than that, the call records program squarely raises one of the most fundamental questions about surveillance in the era of big data: Should we "collect it all" in case some of it is useful later? The review board comes very close to rejecting this philosophy of surveillance -- closer than it at first appears:
"We recommend that, as a general rule, and without senior policy review, the government should not be permitted to collect and store all mass, undigested, nonpublic personal information about individuals to enable future queries and data-mining for foreign intelligence purposes. Any program involving government collection or storage of such data must be narrowly tailored to serve an important governmental interest."
This is a curious statement. On the one hand, the review board does not recommend a complete ban on government mass surveillance programs. But on the other, it sets such a high bar for them -- collection and storage must be "narrowly tailored to serve an important governmental interest" -- it is difficult to conceive of a program that would pass muster. How can a program of mass surveillance be narrowly tailored?
Moreover, lawyers will recognize that this language has been borrowed directly from the First Amendment's "strict scrutiny" standard, which famed constitutional scholar Gerald Gunther once described as "strict in theory and fatal in fact." In other words, while it is theoretically possible to meet this high bar, in practice few laws manage it.
On the bulk telephone records program specifically, the panel said:
"We recommend that legislation should be enacted that terminates the storage of bulk telephone meta-data by the government under Section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party."
This recommendation does not go far enough, but it is a good start.
First, the review board acknowledges the two key civil liberties problems with the bulk collection of telephone records: "the record of every telephone call an individual makes or receives over the course of several years can reveal an enormous amount about that individual's private life," and "knowing that the government has ready access to one's phone call records can seriously chill 'associational and expressive freedoms.'" (The American Civil Liberties Union has filed a lawsuit arguing the program violates the constitution for these exact reasons.)
Second, the review board suggests that the government not hold the records, instead favoring a voluntary agreement that carriers will retain the records for some time (a solution the carriers have already opposed). On the one hand, this is a disappointing half-measure because the privacy and speech intrusions the review board identifies aren't actually eliminated by shifting custody of the records from the government to the carriers. The true solution would be for the carriers to retain records only as long as necessary for billing and network maintenance purposes.
On the other hand, at least the panel is saying clearly that current surveillance practices are in need of major, structural changes. If the review board reframes the debate such that government-maintained call records are out of bounds, that is a helpful contribution.
Friday, the president's expressed willingness to consider ending the NSA's collection of phone records, saying, "The question we're going to have to ask is, can we accomplish the same goals that this program is intended to accomplish in ways that give the public more confidence that in fact the NSA is doing what it's supposed to be doing?"
With this comment and the panel's report coming on the heels of Monday's remarkable federal court ruling that the bulk collection of telephone records is likely unconstitutional, this has been the best week in a long time for Americans' privacy rights.
The opinions expressed in this commentary are solely those of Catherine Crump.