The Privacy and Civil Liberties Oversight Board: An Opportunity to Limit Data Retention and Sharing

November 9, 2012

The Privacy and Civil Liberties Oversight Board (PCLOB) held its long-awaited first public meeting on Halloween Day. Proposed by the 9/11 Commission and statutorily established in its present form in 2007, the PCLOB is charged with analyzing counterterrorism activities, laws and policies and ensuring that have appropriately taken privacy and civil liberties into consideration.

In the past five years, the Board, which is an independent agency within the executive branch, has sat essentially empty, hobbled by Congressional and presidential inaction. In 2011, however, President Obama nominated a chair and four members: former D.C. Circuit chief judge Patricia Wald; Jim Dempsey, Vice President for Public Policy at the Center for Democracy and Technology; Rachel Brand, a former Bush DOJ official; and Elisebeth Collins Cook, a former Assistant Attorney General under Michael Mukasey. In August 2012, the Senate confirmed the four members – two Democrats and two Republicans – but declined to confirm the Democratic-affiliated nominee for chair, former FTC Associate Director David Medine, presumably unable to get a filibuster-proof majority with three months to go before the election.

On October 23, the Board announced that it would hold its first public meeting the following week and requested input on its agenda. Groups submitting written comments included the Brennan Center, the ACLU, the Center for Democracy and Technology, the Center for National Security Studies, the Constitution Project, Defending Dissent, the Electronic Privacy Information Center (EPIC), and the Federation of American Scientists’ Project on Government Secrecy, most of whom were represented at the meeting, along with the Cato Institute. At the meeting, the Board invited other interested groups and organizations to submit statements for consideration.

Unlike some other meetings between civil liberties groups and government agencies in recent years, the meeting did not appear to be simply an attempt to check the public comment box. Most of the attendees knew one another and knew most of the Board members, and the small meeting had an informal and collegial feel. More important, Board members seemed to be genuinely seeking advice on how to direct their energies, given the body’s inevitably limited resources and the multitude of privacy and civil liberties issues before it.

And a multitude it is. Suggestions for the Board’s attention included: targeted killing, surveillance drones, classified programs, data retention guidelines, secret law, the Fourth Amendment, the National Security Agency, the Patriot Act, fusion centers, FBI assessments, searches of electronics at the border, the National Counterterrorism Center, third-party records, the state secrets privilege, the Espionage Act, location tracking via cellphones and license plates, the Foreign Intelligence Surveillance Act, secret Office of Legal Counsel memos, Department of Homeland Security intelligence collection, “big data,” and the Privacy Act.

Participants were united by a shared concern for the extent of the government’s surveillance, targeting, and collection of information about U.S. citizens and residents in the absence of criminal suspicion (particularly on the basis of activities protected by the First Amendment or the targets’ race, religion, or ethnic origin). Most speakers also urged the Board to address and roll back, to the extent possible, the secrecy that shrouds the executive branch’s national security practices.

Liza Goitein, co-director of the Liberty and National Security Program at the Brennan Center, observed that these themes themselves were linked, signaling a reversal of the proper flow of information in a democracy: the government is increasingly withholding information about its own conduct (which should be presumptively available to the people) while claiming an ever-greater right to obtain personal information about law-abiding citizens and residents (which should be presumptively off-limits to the government). And Julian Sanchez of the CATO institute invoked the concept of “civic hygiene,” originally articulated by security technologist Bruce Schneier, who has called it “bad civic hygiene to build technologies that could someday be used to facilitate a police state;” Sanchez argued that the Board should be attentive to the potential damage if all safeguards in place for the government’s information-collection and -retention architecture were to fail.

One of the Board’s greatest challenges may be simply to keep its head above water. The Board is directed by statute to review all proposed legislation, regulations, and policies related to anti-terrorism efforts; continually review all anti-terrorism activities of the White House and the executive agencies, along with the executive branch’s information-sharing practices; evaluate and potentially comment upon the reports from every executive agency’s privacy and civil liberties officer; testify before Congress upon request; and submit periodic reports to various House and Senate committees and to the president. The Board faces the difficult task of balancing that broad oversight authority with an in-depth focus on a small number of issues.

One area referenced above but not addressed in detail at the meeting is likely to be particularly critical: the Board’s role in reviewing the executive branch’s information-sharing practices. Responding to allegations that a failure to adequately share intelligence was a significant cause of the successful 9/11 attacks, Congress and the White House issued a frenzied series of information-sharing mandates. By one back-of-the-envelope calculation, at least thirteen statutes, directives, guidelines, or programs were issued or established between 2001 and 2009, each setting out an element of the information-sharing architecture, sometimes superseding a decree that had been implemented just several years earlier.

While judicious sharing is critical to effective national security, the push for nearly indiscriminate dissemination of information within the government can undermine the civil liberties protections that are built into the front end of information-gathering. As Jeramie Scott from EPIC noted, for instance, the Department of Homeland Security operates the largest domestic information repository of any executive agency (with the possible exception of the National Security Agency, whose largely unknown information-gathering activities and data center are the subject of vigorous speculation). Nevertheless, the privacy impact statements for some critical DHS databases, while purporting to limit the purposes for which information can be gathered, allow for nearly unfettered information sharing not only with other governmental agencies but also with individuals, non-governmental organizations, and even foreign governments, for a range of purposes so broad and so discretionary as to impose almost no limits.

If the government’s information collection continues apace, the criteria for retention and sharing may emerge as the next frontier of the civil liberties battles. The PCLOB would offer a major service by helping to craft limiting principles for the sharing and retention of innocuous information about U.S. citizens and residents.