Key Government Privacy Watchdog Muzzled During Surveillance Debate

This article also appeared on Slate.com.

Washington is a busy place these days. Headlines blare about everything from the Republicans’ health care plan to the FBI investigation into possible ties between Trump affiliates and Russian interference in the 2016 election. Amid all that noise, it’s difficult to hear the ongoing congressional debate over the future of some of the government’s most sprawling surveillance programs.

The legal foundation for the government’s spying powers, the Foreign Intelligence Surveillance Act Amendments Act of 2008, will sunset in December if Congress doesn’t move to extend it. In fact, the Senate Judiciary Committee is holding a hearing on its renewal Tuesday.

But as members of Congress weigh their options, a key government watchdog charged with overseeing surveillance activities has been effectively muzzled.

The Privacy and Civil Liberties Oversight Board, or PCLOB, is a little-known agency that’s had an outsized influence in recent years on the debate over government spying. The board’s job is to make sure that when the executive branch takes action to defend the country, Americans’ privacy rights and civil liberties aren’t forgotten. To carry out that mission, the board has almost unparalleled access to classified information across the intelligence agencies. PCLOB uses that access to advise agencies on how to roll out surveillance programs while minimizing privacy and civil liberties violations, review programs already in operation, and raise the alarm when it uncovers problems.

But right now, despite the high stakes, the board is being held hostage by a personnel shortage. Members of Congress from both sides of the aisle say that the debate over government surveillance is hobbled without PCLOB’s input.

The board is supposed to be led by a bipartisan group of five people: a full-time chair and four part-time members who are nominated by the president and confirmed by the Senate. Due to a string of departures over the last year, it’s down to just one part-time member.

Chairman David Medine resigned last July, and three board members left earlier this year: Patricia Wald retired in January, while James X. Dempsey and Rachel Brand departed in January and February, respectively, due to term expirations. (Brand was recently confirmed as the U.S. associate attorney general, the No. 3 spot at the Department of Justice.)

The lone remaining member is former Bush administration Department of Justice official Elisebeth Collins. That’s a big problem because the board can’t carry out many of its core functions without a quorum of at least three members. For example, it can’t launch any new oversight investigations or hold public meetings right now, according to a summary provided by PCLOB spokesperson Jen Burita. And although agencies could still ask Collins for her individual advice on the issues the board covers, her responses would only be on her own behalf.

PCLOB also hasn’t been able to hire any new staffers since Medine resigned, because only the chair has hiring authority.

Despite those setbacks, Burita said the agency “is continuing to work hard on several projects that were approved by the Board before it lost its quorum, and it is continuing to file legal, regulatory, and compliance reports in its sub-quorum status.” And Collins is scheduled to take part in the Tuesday hearing about FISA Amendments Act.

But former Board members have expressed their concern for its future. In fact, Wald—an 88-year-old legal legend—spent the bulk of her remarks at the Electronic Privacy Information Center’s annual awards dinner on June 5 warning that the board faces a “dubious future.”

It’s her “fervent hope that PCLOB will rise again to its full potential,” Wald said while receiving the Champion of Freedom Award. “The need for that kind of inside watchdog only intensifies in my view as our foes foreign and domestic accelerate their efforts to undermine both our national security and the essence of our democracy,” she said.

However, there’s only so much the agency can really do until the president and Senate move on appointments. So far, President Trump hasn’t named any nominees and the White House did not respond to inquiries about its plans for PCLOB. To be fair, given that there are hundreds of key appointments requiring senate confirmation still without nominees, PCLOB probably isn’t at the top of the administration’s list. And if the White House moved now, it would beat the Obama administration’s PCLOB filling timeline: It took nearly two years for it to start naming nominees.

The board assigned a lot of work to the agency’s staff before it lost a quorum, but “all the staff can do is prepare background memos for future use,” according to former board member Dempsey, who is currently the executive director of the Berkeley Center for Law & Technology.

Until it gets a quorum, there’s no way for the board to issue a report even after staff has concluded an investigation. Reports have to be approved by a majority before they can be released to the President or the public, according to former Chairman Medine.

PCLOB’s plight has attracted the attention of Members of Congress on both sides of the aisle, including Sen. Ron Wyden, D-Ore., as well as Reps. Ted Poe, R-Texas, and Tulsi Gabbard, D-HI—all of whom say the president should move quickly to fill the vacancies.

“The PCLOB’s lingering vacancies have crippled the ability of the Board to carry out its function of ensuring our civil liberties are protected while balancing our national security requirements,” Gabbard told me, while Wyden described PCLOB as “essentially paralyzed.”

The need for PCLOB to get back on its feet is especially urgent, the legislators said, given the looming debate over the future of the FISA Amendments Act.

“Some anti-terrorism laws, such as FISA, are currently being abused by our intelligence agencies and are being used in ways that Congress never intended when they originally passed,“ said Poe, a co-chairman of the Fourth Amendment Caucus. “Filling the vacancies on the PCLOB is imperative so that the board can assist Congress in making reforms to FISA and other anti-terrorism legislation.”

To really understand why legislators and former PCLOB members are so concerned, we need to talk about PCLOB’s past and some current events, including the details of the powerful surveillance programs currently up for debate in Congress.

First, the history lesson: PCLOB evolved out of a recommendation from the 9/11 Commission, but it had a bumpy start. The first iteration was created in 2004 as part of the Executive Office of the President during George W. Bush’s administration. Its legitimacy came into question after a board member resigned in protest of some 200 changes made by the administration to the board’s first report. Congress passed legislation setting up a new version of PCLOB as an independent agency in 2007, and President Bush nominated three people to the new board in early 2008, but the Senate didn’t take action on them – leaving the board totally vacant and non-functional.

Then Obama didn’t name his first two nominees took until January of 2011—after pressure from some on Capitol Hill. The board was only completely filled in May of 2013, when Medine was confirmed.

But that was just in time for the agency rise to prominence after the details of National Security Agency surveillance programs were revealed by former government contractor Edward Snowden.

In a landmark 2014 report, the board determined an NSA program that collected Americans’ phone records en masse was illegal. That finding contributed to Congress’ decision to uproot the program and replace it with a system where phone companies, rather than the government, hang onto retain the records. “The Privacy and Civil Liberties Oversight Board has been a valuable source of information about government surveillance programs, and offered useful recommendations about how to reform these programs,” Wyden said.

A few months later, PCLOB released a nearly 200-page report detailing how the government wields surveillance powers authorized by Section 702 of the FISA Amendments Act. The government relies on that part of the statute for programs that allow it to access the content of online communications in two ways.

The first is through the PRISM program, where the government compels companies to search their data for a “selector,” such as an email or phone number, and turn the information about communications to or from that target that they find over to the government. The second is so-called “upstream” collection, where the government siphons up data, including a selector, directly from the internet’s infrastructure as the information crosses U.S. borders. A slide released as part of the Snowden cache helps clarify the distinction between the two procedures:

Both types of data collection operate within parameters that require regular approval by the Foreign Intelligence Surveillance Court, or FISC, but the agency does not need to get an individual warrant or show probable cause. That’s because Section 702 programs are only supposed to be used for targeting foreigners “reasonably believed” to be outside the country.

But even if U.S. persons aren’t specifically targeted, their communications can still end up in the government’s hands. If an American is communicating with a target, those messages get sucked up too. That’s called incidental collection—and it’s a key issue in the current debate. The possibility of Americans’ private information being collected without a warrant is one of the biggest problem reformers have with Section 702 surveillance programs.

It’s also one they’ve struggled to get more information about. Some members of Congress have for years called on the NSA to release a public estimate of how many Americans’ information is swept up in incidental collection, but the government has demurred despite previous commitments to come up with such a figure.

In testimony in May, Director of National Intelligence Dan Coats testified that he couldn’t justify devoting resources to the issue, and NSA Director Admiral Mike Rogers said his agency couldn’t produce an estimate without potentially violating Americans’ privacy to come up with it.

Despite this lack of transparency, some administration officials are pushing to keep their Section 702 surveillance powers intact. During a congressional hearing on June 7, Coats said a “permanent re-authorization” of the FISA Amendment Act “without further amendment is the Intelligence Community's top legislative priority.”

It’s not clear if that will fly on Capitol Hill. In a May press conference, House Judiciary Committee Chairman Bob Goodlatte, R-Va., said he didn’t believe a straight renewal of Section 702 powers was possible, citing “broad bipartisan support for reform.”

Recent revelations about Section 702 data collection and the government’s larger surveillance powers have no doubt fed legislators’ restlessness, including the NSA’s disclosure of compliance problems so serious that the FISC delayed its annual sign off on the program until the agency fixed it.

The issue was so-called “about” collection. Until earlier this year, the upstream part of the Section 702 collection net caught not only when a message was sent to or from a target of surveillance, but basically whenever a selector was mentioned in communications. For instance, if two Americans citizens sent each other messages other mentioning the email address of a surveillance target, those messages be swept up, too. This practice was flagged as concerning in PCLOB’s 2014 report, which noted it helped “push the program close to the line of constitutional reasonableness.”

Because the upstream data was more likely to contain wholly domestic communications, a program rule barred searching it for Americans’ information. However, an NSA Inspector General report dated Jan. 7, 2016 found that analysts often failed to obey that rule.

The NSA shared the report with FISC last October, as the court was weighing the program’s annual certification, according to a timeline and redacted documents declassified last month. FISC Judge Rosemary Collyer criticized the agency for waiting so long to disclose the violations and called them “a very serious Fourth Amendment issue.”

The court issued two extensions to the program to give the NSA more time to come up with a solution, but it ultimately did not sign off on the re-certification until after the agency dropped upstream “about” collection. In April, the NSA announced it had ended the upstream about collection and that the Section 702 programs had been recertified.

But the “about” collection saga is far from the first time NSA surveillance has had compliance problems. In a 2011 FISC ruling, Judge John D. Bates, then chief judge of the court, ruled aspects of the NSA upstream collection program illegal after the government disclosed that its methods involved sucking up thousands of “wholly domestic” communications per year.

“For the first time, the government has now advised the court that the volume and nature of the information it has been collecting is fundamentally different from what the court had been led to believe,” Bates wrote in the opinion, which was declassified in 2013. The judge also rebuked the agency for what he described as a pattern of misleading statements made to the court, although he ultimately approved an amended version of the program.

The troubled history of Section 702 surveillance programs is reason enough to want the government’s internal civil liberties watchdog in fighting shape during the reauthorization debate. But calls for reforming the intelligence community received a big boost from the ongoing investigation into Russian interference in the 2016 election and possible collusion between the Trump campaign and Russian officials.

In February, President Trump tweeted that the Obama administration ordered his “wires tapped.” The White House offered no details to back up Trump’s allegation, and then-FBI Director James Comey testified to Congress that he had “no information” to support the claim.

However, in March Rep. Devin Nunes, R-Calif., hastily called a press conference in which he said personal communications of Trump and members of his transition team were “incidentally collected” as part of “normal foreign surveillance.” Nunes said the identities of Trump associates were “unmasked” in intelligence reports despite procedures that typically obscure the identities of American citizens swept up in such surveillance efforts.

Many initially assumed the intelligence activities Nunes described were done under the Section 702 surveillance programs, although congressional testimony in March by members of the intelligence community suggested they were part of other programs.

But that episode and Trump’s general skepticism of the intelligence community give Medine, the former chairman, a bit of hope that the Trump administration would embrace PCLOB’s mission.

“It’s a funny situation where, oddly enough, PCLOB could align well with his position on things like the intelligence community and unmasking information—that’s right within PCLOB’s jurisdiction,” Medine said.

Just last week, in a tweet about not having the “tapes” of conversations with former FBI Director Comey—tapes Trump himself first suggested might exist—the president again implied a deep distrust of agencies whose surveillance capabilities are reviewed by PCLOB.

“With all of the recently reported electronic surveillance, intercepts, unmasking and illegal leaking of information,” Trump said, he has no idea whether “tapes” exist somewhere.

Ultimately, it’s within Trump’s power to help resurrect PCLOB by nominating new line up—and for the agency to meaningfully police what his administration calls the “deep state,” those nominees will need to not only aggressively investigate the vast web of America’s intelligence operations, but defend PCLOB’s broad oversight role.

“In my view it would be disastrous if PCLOB were allowed to become merely a cheering section for the intelligence agencies or administration policies—bestowing a kind of good housekeeping seal of approval or blessing on all issues presented to it involving the intelligence community,” Wald said at the recent awards dinner, warning that not everyone in the intelligence community and on Capitol Hill “acknowledged the value of responsible challenge.”

In a story about her last few months at the agency, she suggested that even some within the PCLOB itself seemed unwilling to exercise their full authority. The agency was expected to release a long-awaited study of surveillance powers authorized under Executive Order 12333 by the end of 2016, but disagreements among the board members remaining after Medine’s departure delayed it until the group lost its quorum, she said. Draft after draft failed, according to Wald.

“For reasons I was never really fully able to discern, it was never a particular sentence or paragraph or even a particular issue” that was the hang-up, she said; rather, she said it was a deadlock with half of the Board seeming to object to even releasing a public report of those spying activities at all.

With the Board’s status quo, Trump is in a position to nominate a new chair and three new members—that’s two more Republicans and two more Democrats who will define the future of PCLOB’s oversight role.

If Trump really wants to get to the bottom of how the government’s surveillance may affect him and the rest of the country, he’ll look for people who will relentlessly push privacy and civil liberties concerns out of the shadows—and he’ll look now.