Tag: PCLOB

Congress Has No Idea What the NSA Is Doing

Didja think that the legislative branch oversees the executive branch? Think again! Congress has no idea what the National Security Agency (NSA) is doing.

Spencer Ackerman at Wired’s Danger Room blog reports on a letter the inspector general of the intelligence community sent earlier this month to Senators Ron Wyden (D-OR) and Mark Udall (D-CO). They had asked how many people in the United States have had their communications collected or reviewed by the NSA.

The letter repeated the NSA IG’s conclusion that estimating this number was “beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission.” Not only that, figuring out the number of people in the United States that the NSA has snooped on “would itself violate the privacy of U.S. persons.”

A federal agency can write a tart, dry non-response like this because Congress is utterly supine before the security bureaucracy. The tough-talking politicians in both parties have no idea what is happening in the agencies they routinely defend as essential. And Congress still hasn’t approved nominations for the Privacy and Civil Liberties Oversight Board, weak sauce that it is, nearly five years since it was reconstituted with greater independence and subpoena power.

The letter concludes with a hopeful note: “I will continue to work with you and the Committee to identify ways that we can enhance our ability to conduct effective oversight.” That also serves as a confession: We have no idea what the NSA is doing.

I Second That Skepticism

The ACLU’s Chris Calabrese notes that nominations to the Privacy and Civil Liberties Board were forwarded from the Senate Judiciary Committee to the full Senate this morning. Congress created the Board in August 2007, and we have waited, and waited, and waited while the Bush and Obama administrations neglected to appoint anyone to it.

Calabrese is rightly skeptical that the “PCLOB” can make a difference:

[T]he national security establishment is huge, with tens of thousands of employees and a budget of more than $60 billion. The NSA alone has more than 30,000 employees. Contrast that with the PCLOB. It’s currently authorized (if it finally gets filled) to spend a whopping $900,000 and hire ten full-time employees for the 2012 fiscal year. With this level of staffing, it’s hard to imagine that the Board and its investigators can even begin to understand this vast national security infrastructure, never mind properly oversee it.

I have a fair amount of experience with privacy oversight in the U.S. government, having served on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. That experience has fairly well validated my thinking in 2001, before there were “privacy officers”:

The appointment of a privacy czar or creation of a privacy office is a poor substitute for directly addressing the voraciousness of many government programs for citizens’ personal information. Political leaders themselves should incorporate privacy into their daily consideration of policy options, rather than farming out that responsibility to officials who may or may not have a say in government policy.

To see how the PCLOB fits into government thinking, we can look at a 2007 speech given by Donald Kerr, principal deputy director of National Intelligence. To him, “privacy” is giving the government access to all the data it wants, subject to oversight.

[P]rivacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured. And it is that framework that we need to grow and nourish and adjust as our cultures change.

That’s not privacy.

So don’t think for a minute that privacy will be better protected with a PCLOB in place, except perhaps marginally in the few programs that the Board dips into.

The membership of the board is slated to be: Jim Dempsey of the Center for Democracy and Technology, a sincere and knowledgeable privacy player, whose “player” role I find incompatible with producing good privacy outcomes; Elisebeth Collins Cook, a former Department of Justice lawyer who I had never heard of before her nomination; Rachel Brand, an attorney for the U.S. Chamber of Commerce also unknown to me; Patricia Wald, a former federal judge for the D.C. Circuit whose privacy work is unknown to me; and David Medine, currently a WilmerHale partner who will chair the board. Medine is unquestionably government-friendly. He was a Federal Trade Commission bureaucrat who helped draft the Gramm-Leach-Bliley financial privacy and the Children’s Online Privacy Protection Act (COPPA) regulations.