Security Experts Say Protect America Act Leaves US Citizens' Privacy Unprotected

Share Article

Computer security experts see serious unaddressed security risks in the Protect America Act -- an act that US President George Bush called on Congress to extend in his State of the Union address Monday.

Risking Communications Security: Potential Hazards of the Protect America Act

The Protect America Act of 2007 lets the US National Security Agency (NSA) intercept phone calls and e-mails of suspected terrorists without first obtaining court warrants. Critics worry that the act provides no privacy protections for US phone calls and e-mails that become part of the untargeted collection of international communications.

In an article in IEEE Security & Privacy magazine's January-February issue, renowned computer security experts discuss the act's security risks. Authors Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter Neumann, and Jennifer Rexford argue that plans to extend the act inadequately address serious security concerns. They say that unauthorized users can potentially exploit the system, and there is genuine danger that trusted insiders and those within the US government could criminally misuse the system.

In "Risking Communications Security: Potential Hazards of the Protect America Act," the authors analyze the technical risks that have been neglected during the heated discussion surrounding the NSA's warrantless wiretapping that the Protect America Act allows. Further, the article outlines the necessary requirements to improve the security of such surveillance--changes that could significantly improve the security and privacy of American citizens.

"The public debate on surveillance has focused on the legal, political, and social aspects of the issue, such as whether phone companies should be immune from liability for turning over call records to the government. But there are serious technical risks to deploying the large-scale wiretapping infrastructure envisioned by the Protect America Act, which should worry everyone concerned about national security, regardless of political ideology," says Matt Blaze, noted cryptographer and a coauthor of the article.

About IEEE Security & Privacy Magazine

IEEE Security & Privacy Magazine, published by the IEEE Computer Society, addresses a broad range of topics related to securing information and computing resources. Its primary goal is to bridge the gap between theory and practice. Published six times a year, the magazine provides a combination of research articles, case studies, tutorials, and regular departments and columns for the information security industry. For more information, visit


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kathy Clark-Fisher
Visit website