by Sarah Childress

In the wake of Edward Snowden’s June 2013 leaks, President Barack Obama promised to review the government’s surveillance programs and consider reforms.

“It’s not enough for me, as president, to have confidence in these programs,”he said in August of that year. “The American people need to have confidence in them as well.”

Obama tasked five policy and security experts with reviewing the government’s surveillance capabilities. He also asked his Privacy and Civil Liberties Oversight Board, another five-member team, to review and make recommendations on two controversial programs Snowden exposed — the bulk telephone record collection, known as Section 215, and the program that allows spying on non-U.S. citizens, Section 702.

The two groups have issued a number of reports, and the administration has also released its own assessments, including a January 2014 presidential policy directive announcing some policy changes.

Last week, the Office of the Director of National Intelligence (ODNI), which coordinates the various branches of the intelligence community, released a report that is the most comprehensive public accounting of post-Snowden reforms.

But how much has actually changed?

“It’s kind of dizzying,” said Elizabeth Goitein, co-director of the Brennan Center for Justice’s program on liberty and national security, of the flurry of reports and announcements. “The volume of information, and the sheer number of developments make it hard to sort out what’s significant.”

She added: “From a big picture analysis, there’s been a lot of developments without a whole lot of movement. …These reforms just feel like gestures.”

The release of the ODNI report may represent one of the biggest post-Snowden changes, according to privacy experts. It is the first of what’s expected to be annual reviews of intelligence community programs.

“I think the most substantial changes that have occurred come in the area of transparency,” said Mark Rumold, a senior attorney for the Electronic Frontier Foundation who has been tracking the government’s disclosures. “I’m not satisfied, but things were so broken beforehand that any small change is an improvement.”

FRONTLINE sifted through the various reports and recommendations to understand what the government has changed post-Snowden — and just how much is still exactly the same.

There Are Now “Appropriate Safeguards” for Personal Data – Unless It Conflicts with National Security

Obama’s 2014 directive required the intelligence community to put in place “appropriate safeguards” for the personal information of people caught up in the surveillance dragnet. Most of those aren’t specified. But the government has made one significant change.

For the first time, the personal information of non-U.S. citizens now can only be kept for five years — the same length as Americans’ data, according to the ODNI report. If, within five years, agents haven’t determined whether the information is important, it must be deleted — unless the DNI determines that there’s a national security reason to keep it.

The policy means that the NSA is still allowed to hold on to any information it collects on anyone, whether it’s relevant or not, for at least five years.

Still, Rumold said, that’s a step forward. “It was basically the Wild West before the Snowden disclosures,” he said. “The government was hanging onto anything related to non-U.S. persons and doing whatever they wanted. Now they’ve started to implement small changes around the margins. To give them credit, that is an improvement — but still not a particularly substantial change.”

The Government Can Still Gather Data on Americans Without a Warrant

When the government collects foreigners’ information, it inevitably scoops up Americans’ communications, too. The government deems this “incidental” collection, but agents can still access and search this data without a warrant. Civil liberties experts, who call this “backdoor” collection, have raised concerns that such data could be used against Americans in court if authorities turned up evidence of a crime.

In fact, the president’s review group recommended that authorities obtain a warrant to search this data. The ODNI has not made that change.

Under current policy as detailed in the ODNI report, data gathered this way on Americans can only be used against them in a criminal case “when appropriate.” To the government, that means only when the information yields evidence related to national security offenses or other serious crimes including death, kidnapping, “substantial bodily harm,” crimes against minors, destruction of critical infrastructure, transnational crimes, cyber security and human trafficking. The attorney general must also approve handing off the data.

Even so, privacy advocates, including Goitein, say that the provisions still violate the constitutional protections against search and seizure without a warrant for all crimes — even the serious ones. “It’s a pretty bald-faced end-run around the Fourth Amendment,” she said.

And while the ODNI said that the NSA and CIA have put in place new curbs on how much they collect — “minimization,” in NSA-speak — Rumold said it doesn’t seem to limit what is gathered by the FBI, which conducts the majority of searches for information on Americans. “The agencies that did get some restrictions placed on them do the least amount of U.S.-person querying of that data,” Rumold said. As for the FBI: “It doesn’t appear that their minimization procedures changed at all.”

National Security Letters Now Expire — Unless the FBI Decides to Keep Them Open

National Security Letters allow the FBI to secretly compel companies, such as phone or internet service providers, financial institutions or even libraries, to turn over communications or other data on a specific person. The letters come with a gag order prohibiting the recipient from notifying the person in question, or even acknowledging they were given the document.

Now, the gag order expires after three years, the ODNI report said — unless the FBI writes a letter requesting the order remain in effect. Companies can still fight the order in court.

The move “doesn’t fix the constitutional problem,” Rumold said. “The constitutional problem is that there’s a gag order when [a letter] is issued, without any judicial involvement or showing that there needs to be a gag. What they’ve done is shorten the indefinite unconstitutional gag to a three-year unconstitutional gag.”

Bulk Collection of Telephone Metadata is Still in Place

Obama said last year that he wanted to “end the Section 215 bulk metadata program as it currently exists.”

That hasn’t happened, despite recommendations to scrap the program by both the review group Obama set up in 2013, and the civil liberties oversight board. In its latest report, the board noted that the president could end the program “at any time, without Congressional involvement.”

The president has curtailed the extent of the data gathered for each query. Instead of gathering all the data for people three “hops,” or contacts, removed from the designated target, they now can collect only the numbers for two hops — although that’s still a lot of phone numbers. Any query now also requires advanced approval from the secret court designed to evaluate such requests, the Foreign Intelligence Security Court.

But, Goitein said, “The NSA still collects all of this stuff and holds onto it.”

The bulk collection authorization remains in place until the provision expires on June 1, 2015. After that, the program would need to be reauthorized by Congress. Section 215 was initially approved by Congress in 2001 as part of the Patriot Act, a law signed by President George W. Bush.

A new piece of legislation, the USA Freedom Act, sponsored by Rep. Jim Sensenbrenner (R-Wisc.), would end bulk collection under Section 215, allowing the government to gather data only on individuals after receiving court permission. The Obama administration backs the bill, but it’s unclear how it will fare in the new Congress.

The Government Won’t Say How it Handles NSA Employees Who Abuse Their Power

In 2013, The Wall Street Journal reported that some NSA employees misused their authority to search bulk data for personal information on significant others. The abuse happened so often it was nicknamed LOVEINT, after the intelligence community’s practice of assigning nicknames to their intelligence gathering protocols. (The programs that collect phone and email records is known as SIGINT, for signals intelligence.)

Last week, Sen. Charles Grassley (R-Iowa) sent a letter to the Justice Department pointing out that he had asked for information back in 2013 about how it had handled reports of these alleged, unauthorized spying incidents. He’s still waiting for a response.

The Government Still Spies on (Some) Foreign Leaders

One of the more damaging revelations amid the Snowden disclosures for the Obama administration was that the NSA had monitored the phones of 35 world leaders. On the list of numbers: the cell phone of close allies, including German Chancellor Angela Merkel. (The report, which appeared in The Guardian, also noted that the surveillance produced “little reportable intelligence.”)

President Obama said that he hadn’t been aware that was happening. And the administration has since pledged to remove Merkel — and several others it wouldn’t name — from the list.

“The leaders of our close friends and allies deserve to know that if I want to know what they think about an issue I’ll pick up the phone and call them rather than turning to surveillance,” Obama said in a speech last year.

The ODNI now has a procedure in place to ensure at the very least high-level U.S. officials are aware of any monitoring of top foreign officials. But it also leaves the door open to begin — or continue — gathering information from anyone in the interest of national security.

“In the annals of international spying, I don’t think it changes much, but at least the president won’t be able to say that he wasn’t aware that it was going on,” Rumold said.