At a time when the Snowden revelations have focused new attention on the question of oversight over our giant national security establishment, many are closely watching the Privacy and Civil Liberties Oversight Board (PCLOB). The PCLOB is a brand new organization and still quite small, but it holds great promise as a truly independent mechanism for much-needed oversight over the national security state. In coming months and years, we will see whether it is able to live up to that potential.
So far the PCLOB seems to be doing a commendable job with limited resources in tackling the biggest privacy issue confronting us today, NSA surveillance. Today they’re holding a public hearing on NSA and FBI spying that will feature officials from those agencies and the Justice Department, as well as some outside experts.
What powers does the PCLOB have? We issued a report in late 2009 about how the United States needs institutions equivalent to the privacy commissioners that nearly every other advanced-industrial democratic nation has. In writing that report, we evaluated this new institution (as reconstituted by Congress in 2007; see timeline) and its powers (which are set out in Section 801 of this law).
Like many independent federal commissions (FCC, FTC, etc), the PCLOB consists of a chairman and four additional members appointed by the President and confirmed by the Senate. They serve for overlapping six-year terms with no more than three members being from the same party.
The board’s mandate is to “analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties” and to “ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism.”
Note that this mandate appears to restrict the board’s oversight powers to the government’s anti-terrorism programs, and that its oversight role does not extend to other areas that can raise civil liberties issues such as the War on Drugs, crime prevention, or benefits programs.
The PCLOB is directed by Congress to fulfill five primary functions:
- Provide “advice and counsel on policy development and implementation” by reviewing proposed legislation, regulations and policies.
- Provide oversight by “continually review[ing]” implementation of the regulations, policies, and procedures, “information sharing practices,” and “other actions” of the executive branch.
- Work with the privacy officers and civil liberties officers of federal agencies—receive reports from, make recommendations to, and “when appropriate,” “coordinate the activities” of those officers.
- Submit semiannual reports to Congress and the President.
- Inform the public by releasing its reports “in unclassified form to the greatest extent possible,” by holding public hearings, or through other methods.
Powers and limitations
Congress gave the board significant powers to access information. The statute directs that “If determined by the Board to be necessary” to carry out its functions, the PCLOB “is authorized to”
- “Have access from any department, agency, or element of the executive branch” to “all relevant” records or material, “including classified information consistent with applicable law. “
- “Interview, take statements from, or take public testimony from personnel” of any element of the executive branch.
- “Request information or assistance from any State, tribal, or local government.”
- Compel testimony by subpoena from persons “other than departments, agencies, and elements of the executive branch,” a majority of the board can submit a written request to the Attorney General to issue a subpoena on behalf of the board. Within 30 days, the AG must either comply or provide a written explanation for a denial to the board and to the House and Senate Judiciary Committees. This is a strangely contorted way of giving the board subpoena power, and inserts a powerful executive branch official whose agency may be a subject of the board’s oversight into the process—but at least it only applies to subpoenas directed outside government.
What Congress did not give the PCLOB the power to do, unfortunately, is challenge agencies’ secrecy powers when it finds those powers have been abused to cover up wrongdoing or incompetence or to prevent legitimate public debate. At a time when such abuses of secrecy powers are widespread, it is not clear how the PCLOB would or could proceed if, for example, it uncovers brazen violations of the law that are classified (as they most likely would be).
The PCLOB also has no enforcement power. Other than by going to court like anyone else, it cannot order any government agency to change its practices or otherwise enforce the law. Other countries give their privacy commissioners such powers; in 2008, for example, the Italian government decided to publish the income tax returns of all Italian citizens on the Internet. The Italian data protection authority did not just condemn the action, or hold hearings, or file a court case—it ordered the information taken down, and it was. In some countries, such as Slovenia, the data protection commissioner also has the power to unilaterally declassify information.
Ultimately, as we laid out in our 2009 report, we would like to see Congress bolster those powers—broadening its mandate, giving it powers against overclassification, and giving it enforcement powers. It’s also, as I’ve said before, crucial that the board be given resources to grow into its giant task of overseeing our $80 billion national security establishment. But for now we are glad to see the PCLOB off to such a promising start in making use of the powers it has been given.