One doesn't have to wade deeply into the murky waters of surveillance policy to find people who have no problem with broad-based spying on foreigners' phone calls and e-mails. Eric Posner, a professor at the University of Chicago, for example, argues that we should only curtail such spying on foreign citizens—and even on friendly foreign leaders—if their countries can "offer us something in return for that protection." Surveillance is just one more bargaining chip to be used between countries; since we can perform surveillance better than many other nation-states, unilaterally curtailing it would make us "suckers."

As for calls that the US should recognize at least some limited privacy rights in the communications of foreign nationals, Posner thinks the very idea ridiculous. "Foreigners are protected by national boundaries," he wrote last month. "That is why it makes sense to give constitutional privacy protections to citizens, and not to foreigners who live overseas. The call for an international right to digital privacy will go nowhere, because it makes no sense."

Given the apparent prevalence of this view among the US intelligence community, today's new "Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies"—authored by a number of insider establishment figures—comes as something of a surprise. The 300 page document is absolutely stuffed with references to the privacy considerations owed to non-US citizens. And while some of this is of course a mere damage control exercise in the face of world outrage, the rhetoric does at least occasionally rise to striking heights.

"There are sound, indeed, compelling reasons to treat the citizens of other nations with dignity and respect," the report says in an entire chapter devoted to surveillance of non-US persons. This is due in part to self-interest, since "if we are too aggressive in our surveillance policies under section 702 [allowing non-FISA warrantless collection and targeting of non-US persons], we might trigger serious economic repercussions for American businesses, which might lose their share of the world’s communications market because of a growing distrust of their capacity to guarantee the privacy of their international users. Recent disclosures have generated considerable concern along these lines."

But the report takes a more principled position, too.

Perhaps most important, however, is the simple and fundamental issue of respect for personal privacy and human dignity—wherever people may reside.

In other words, the report calls for an international right to digital privacy.

Meet the "constraints"

This is a new tone, and it's present right from the start of the report, which opens by noting the "concerns of many people in the United States and abroad" and stresses the need to respect "the legitimate privacy interests and the dignity of those outside our borders."

The report correctly understands that much of the older thinking regarding surveillance techniques arose several decades ago in a world where communications, at least, weren't as global as they are now. It notes that "traditional distinctions between 'foreign' and 'domestic' are far less clear today than in the past, now that the same communications devices, software, and networks are used globally by friends and foes alike... The rise of modern technologies makes it all the more important that democratic nations respect people’s fundamental right to privacy, which is a defining part of individual security and personal liberty."

And—refreshingly—it puts the question of blowback front and center, suggesting that a key criterion for foreign surveillance should be "the negative effects if the leader became aware of the US collection, or if citizens of the relevant nation became so aware."

What changes does the report actually propose? It offers six "constraints" that should apply to surveillance of non-US persons even when they are outside the US:

1) must be authorized by duly enacted laws or properly authorized executive orders;

2) must be directed exclusively at protecting national security interests of the United States or our allies;

3) must not be directed at illicit or illegitimate ends, such as the theft of trade secrets or obtaining commercial gain for domestic industries;

4) must not target any non-United States person based solely on that person’s political views or religious convictions;

5) must not disseminate information about non-United States persons if the information is not relevant to protecting the national security of the United States or our allies; and

6) must be subject to careful oversight and to the highest degree of transparency consistent with protecting the national security of the United States and our allies.

Much of this is what the National Security Agency (NSA) says it does today, so it's not clear just how much impact the recommendations will have—even if adopted. The report suggests that, "contrary to some representations," the NSA is not scooping up "the content of the communications of masses of ordinary people" in other countries anyway. Though the NSA does collect the "content" (actual recordings of e-mails and phone calls and Web browsing, etc.) of foreigners' communications and does so without judicial oversight or warrants, its content collection is allegedly limited only to specific "identifiers" (e-mail addresses, IP addresses, phone numbers, etc.) rather than serving as a broad dragnet. This would all still be permitted, so long as the goal is "national security interests of the United States or our allies."

The question is really whether "national security interests" include spying on major foreign companies , tapping the data lines US companies use abroad, eavesdropping on friendly foreign leaders, and going to other countries in order to spy on international summits . If so, adopting the new rules might not mean adopting anything new at all—and NSA supporters can make even the operations of Brazilian energy giant Petrobras a matter of national security . Depending on how it's construed, the term threatens to be so broad as to make itself meaningless.

Still, the recognition that international opinion and international privacy rights matter is a new shaping principle when it comes to NSA surveillance.

As the tech lobby group CCIA, which counts Microsoft and Google among its members, put it today, "Since the Internet is global, it was wise to recommend limits on collecting data on non-US citizens. If international users lack basic privacy assurances, foreign competitors will supplant US leadership in Internet innovation and digital commerce, thus undermining strategic economic and other security interests... If we do not model the ideals of Internet privacy and freedom, some countries will use that perception to justify greater controls and censorship of the Internet."

"We conclude that the United States should grant greater privacy protection to non-United States persons than we do today," the report concludes. But whether that call translates into real differences in practice at the NSA is something that no surveillance system, no matter how sophisticated, can know at the moment.