US government privacy watchdog stumbles back to its feet with new hires

But look closely and you'll note the PCLOB has no teeth

The federal agency designed to ensure US spy agencies protect people's privacy and civil liberties has been revived two years after it was effectively killed off by Congress.

On Tuesday, the White House announced two members to the Privacy and Civil Liberties Oversight Board (PCLOB), adding to a nomination for PCLOB chair made back in August.

If all are approved, it would bring the number of PCLOB Board members to four, from the current single member, and so allow the organization to restart its work having spent two years doing nothing but give occasional speeches.

The announcement represents a behind-the-scenes agreement between the Trump Administration and Democrats in Congress. The two new nominees, Edward Felten and Jane Nitze, both worked in the Obama Administration.

That agreement comes as a number of matters that the PCLOB is supposed to oversee have entered the frame, including the shaky Privacy Shield agreement covering data transfers between the US and Europe, and the controversial reauthorization of a spying program built around Section 702 of the Foreign Intelligence Surveillance Act (FISA).

While it is good news that the body is being revived so that privacy concerns have a separate voice within the intelligence community, the unfortunate truth is that the PCLOB is still largely worthless since it has been stripped of almost all of its power and independence. It is a watchdog without any teeth.

Efforts to reintroduce actual oversight powers that the PCLOB is supposed to possess – and which Congress and the intelligence services continued to pretend its does - were shot down during Congressional reauthorization of FISA late last year.

Quick history

The PCLOB was created in 2004 following a recommendation by the 9/11 Commission that an executive branch board be created to oversee how counterterrorism efforts fitted with privacy and civil liberty laws. Lawmakers were concerned that the intelligence service could run amok without safeguards built into the system.

That board was turned into an independent agency in 2007 with new legislation. But thanks in large part to behind-the-scenes lobbying and maneuvering by the intelligence services, it was never able to get up and running.

In 2011, when Congress undertook a review of the 9/11 Commission's recommendations, lawmakers noticed that the PCLOB had never been started and have in fact been "dormant for more than three years."

So Congress pushed and approved four part-time members, finally approving a chair - David Medine - in May 2013. The PCLOB finally started doing its work.

And then, literally one month later, Edward Snowden went public with details of a host of secret mass surveillance operations carried out by the US intelligence services. Suddenly it became clear why there had been so much resistance to allowing the PCLOB to do its work.

It some respects it was perfect timing. Doing its job, the PCLOB weighed in on the mass surveillance programs. In a number of official reports starting in 2014, it tore the programs apart, calling them unconstitutional and leading directly to several of them subsequently being shut down.

Revenge was swift. The intelligence services immediately starting undermining the PCLOB and in 2016, Congress passed new legislation that severely limited its independence. No longer would the PCLOB be allowed to review covert activity, and no longer could it control its own budget. It also lost independent publication rights – it had to report directly to Congress.

In response, almost all the PCLOB's staff and board resigned. Between January and March 2016, three board members quit and a fourth's term was not renewed, leaving a single person – Elisebeth Collins – on the Board. With just one person, the agency did not have a legal quorum and so was unable to carry out any official work.

New version

And that's how things have been since March 2016, when Medine quit as chair and noted in his resignation statement the "daunting challenge of starting a new federal agency at the same time as we were being called upon to address how this country can simultaneously protect its cherished values while ensuring national security."

As to the members of the new PCLOB: all are highly regarded lawyers who have served in previous administrations and have clerked for Supreme Court judges. However, in Adam Klein, the PCLOB has an NSA-friendly chair.

Despite glowing reviews from his peers, Klein was only offered the job after he publicly defended the controversial Section 702 spying program where the US intelligence services are known to have built a vast database on US citizens - despite the law explicitly rejecting that approach – by applying a series of highly dubious legal interpretations.

One month before he got the post, Klein wrote a piece for The Wall Street Journal that defended that program and went against calls by many lawmakers that law enforcement get a warrant before searching the database for information on US citizens.

Instead he parroted the NSA and FBI's argument that "keeping officials from searching this data would make it more difficult to prevent homegrown terrorist attacks."

Democrats in Congress have held up Klein's nomination in response. But that impasse appears to be over with the nomination of two more members of the PCLOB. Klein is likely to gain formal approval very soon, even though his written responses to questions from the Senate Judiciary Committee make it plain he will not act on privacy concerns.

Nope and nope

For example, on the touchstone issue of the storage of information on US citizens under Section 702, Klein has repeatedly given purposefully vague responses.

To the consternation of lawmakers, the intelligence services spent over a year giving excuses for why they couldn't even tell Congress how many US citizens were included in the database before finally saying they just weren't going to tell them.

"If confirmed, would you direct the Board to help determine the total number of US persons’ information collected under 702?" asked [PDF] the highest ranking Democrat, Senator Dianne Feinstein (several others also asked the same question.)

Klein's lengthy response was a study in obfuscation: "In the past, I have written that public discussion about Section 702 would 'be better informed if Congress and the public had some idea of how much US-person data is collected.' Encouraging responsible statistical transparency about the effects of programs within the Board’s jurisdiction…. important element of the Board's work... Given this issue’s importance… this would be an appropriate and important subject for continued Board oversight… I would also welcome the opportunity to provide advice on this issue in my individual official capacity."

In other words, I will ask for the data as soon as the intelligence services tell me they are willing to provide it.

Faced with the fact that the PCLOB will almost certainly serve as little more than a fig-leaf of accountability, it's fair to ask why the two new nominees, Edward Felten and Jane Nitze, agreed to have their names put forward. We have asked them both but have yet to receive a response.

So why?

Our speculation: since the PCLOB has effectively been prevented from taking on any controversial topics, there is little downside and lots of upside to serving on the PCLOB. For one, Board members will have access to high ranking members of both Congress and the intelligence services: a very valuable asset for future Washington DC careers.

They will also have access to top secret information and be in a position to see and understand the hidden inner workings of the more secret parts of government. And in response, all they have to do is produce semi-annual reports given the intelligence service a clean bill of health.

Moral and ethical dilemmas are likely to be limited since the PCLOB is not allowed to review covert activity, and reports have to be fed through Congressional committees first, providing a buffer between the PCLOB and the public. It's a choice job for someone who wants a career boost without accompanying public scrutiny.

Edward Felten is currently director of the Center for Information Technology Policy and a Professor of Computer Science and Public Affairs at Princeton University. He was a former chief technologist of the FTC and was deputy CTO at the White House under President Obama.

Jane Nitze worked for the Department of Justice under the Obama Administration and currently works at Harvard University. She is often highlighted as possessing bipartisan credentials having clerked for both Judge Neil Gorsuch – who is now a Supreme Court justice – and Justice Sonia Sotomayor on the Supreme Court.

She was briefly put in the spotlight when she featured in a video supporting the nomination of Gorsuch for the Supreme Court at a time when Democrats were considering whether to strongly oppose his nomination.

In short, the PCLOB is back and filled with highly qualified lawyers. But if anyone expects it to keep the US establishment's feet to the fire when it comes to privacy and civil liberties, they are going to be sorely disappointed. ®

Broader topics

Other stories you might like

  • How ICE became a $2.8b domestic surveillance agency
    Your US tax dollars at work

    The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

    The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

    ICE did not respond to The Register's request for comment.

    Continue reading
  • Fully automated AI networks less than 5 years away, reckons Juniper CEO
    You robot kids, get off my LAN

    AI will completely automate the network within five years, Juniper CEO Rami Rahim boasted during the company’s Global Summit this week.

    “I truly believe that just as there is this need today for a self-driving automobile, the future is around a self-driving network where humans literally have to do nothing,” he said. “It's probably weird for people to hear the CEO of a networking company say that… but that's exactly what we should be wishing for.”

    Rahim believes AI-driven automation is the latest phase in computer networking’s evolution, which began with the rise of TCP/IP and the internet, was accelerated by faster and more efficient silicon, and then made manageable by advances in software.

    Continue reading
  • Pictured: Sagittarius A*, the supermassive black hole at the center of the Milky Way
    We speak to scientists involved in historic first snap – and no, this isn't the M87*

    Astronomers have captured a clear image of the gigantic supermassive black hole at the center of our galaxy for the first time.

    Sagittarius A*, or Sgr A* for short, is 27,000 light-years from Earth. Scientists knew for a while there was a mysterious object in the constellation of Sagittarius emitting strong radio waves, though it wasn't really discovered until the 1970s. Although astronomers managed to characterize some of the object's properties, experts weren't quite sure what exactly they were looking at.

    Years later, in 2020, the Nobel Prize in physics was awarded to a pair of scientists, who mathematically proved the object must be a supermassive black hole. Now, their work has been experimentally verified in the form of the first-ever snap of Sgr A*, captured by more than 300 researchers working across 80 institutions in the Event Horizon Telescope Collaboration. 

    Continue reading
  • Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...
    We take a look at low, low subscription prices – not that we want to give anyone any ideas

    A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.

    According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once bought, it's up to the buyer how victims' computers are infected; we'll leave that to your imagination.

    The Telegram channel has about 500 subscribers, Team Cyble documented this week. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.

    Continue reading
  • Ukrainian crook jailed in US for selling thousands of stolen login credentials
    Touting info on 6,700 compromised systems will get you four years behind bars

    A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.

    Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and was sentenced on Thursday in a Florida federal district court. The court also ordered Ivanov-Tolpintsev, of Chernivtsi, Ukraine, to forfeit his ill-gotten gains of $82,648 from the credential theft scheme.

    The prosecution's documents [PDF] detail an unnamed, dark-web marketplace on which usernames and passwords along with personal data, including more than 330,000 dates of birth and social security numbers belonging to US residents, were bought and sold illegally.

    Continue reading

Biting the hand that feeds IT © 1998–2022