Cautious optimism as US privacy oversight board finally confirms chair

Last week, the US Senate finally voted to confirm David Medine as the first Chair of the Privacy and Civil Liberties Oversight Board (PCLOB), the government oversight body principally charged with protecting privacy and civil liberties in the United States. In a 53-45 vote that broke along party lines, Mr. Medine’s confirmation was far from assured–political stonewalling has meant the oversight body had not seated a single Chair since its creation in 2004.  While we remain cautiously optimistic about how effective PCLOB will actually be, this is a victory for rights advocates who have continued to demand meaningful oversight.

What will the PCLOB do?

The role assigned to the PCLOB is huge: its tasked with ensuring that US surveillance efforts do not violate civil rights. As we’ve described before, PCLOB is a body within the executive branch that reviews all government actions related to terrorism, in order to ensure relevant legislation and policies are balanced with privacy and civil liberties concerns; the body was established by the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. No. 108-458), but without a chair, the body has been largely ineffectual since inception.

That hasn’t stopped the PCLOB from being named to critical oversight capacities. The privacy-destroying Cyber Intelligence Sharing and Protection Act, or CISPA, which recently passed the US House of Representatives, gave the PCLOB oversight of its provisions, despite the Board not having convened since 2008. And earlier this year, President Obama’s Cybersecurity Executive Order tasked PCLOB with co-authoring an impact report with the Department of Homeland Security Office for Civil Rights and Civil Liberties on the advancement of the directives contained in the Executive Order.

PCLOB, along with DHS, have been broadly granted oversight of the intersection between civil liberties and the digital world. But not only has the PCLOB been toothless until recently: DHS seems to be having trouble making its own deadlines. After three years of waiting for a full report on the civil liberties impact of warrantless and suspicionless border searches of electronic devices, the agency released in March a mere executive summary of the issues. Not only was it late and short, the multi-year assessment incredulously found absolutely no violations of privacy and other civil liberties. With a new and unproven PCLOB, and a tardy and inadequate DHS, there are serious questions about how effective any ‘oversight’ will actually prove.

Is Medine the right Medi[ci]ne?

Although other members of the PCLOB board have been approved, the chairman is crucial to the agency’s full functioning, as PCLOB cannot hire staff without a Chair. In this regard, David Medine may be the man to get the Board operational, and quickly. He was the lead staffer at the Federal Trade Commission on internet privacy issues and represented the United States at OECD conferences on privacy and civil liberties matters: he knows the field, the players, and Washington.

However, how pro-human rights the office will be under Mr. Medine’s leadership remains to be seen. PCLOB has a budget of only $1 million, in contrast with the multi-billion dollar cybersecurity industry that he and his staff have to oversee. Mr. Medine also comes from the private and government sectors, so his experience with civil society issues is ostensibly limited. It will be instructive to watch how much he defers to other board members on civil liberties issues, such as the Center for Democracy and Technology’s Jim Dempsey, and how much he integrates the emerging body of work on the application of international human rights norms in the digital environment. However, one encouraging sign came during Mr. Medine’s 2012 confirmation hearings, when he rejected the use of profiling based on national identity for immigration purposes, despite the adamant objections of Sen. Chuck Grassley on the confirmation committee.

What’s next for the PCLOB?

Mr. Medine needs to start hiring staff immediately to prepare his office for work on key issues such as ECPA reform, CALEA II, and an expected comprehensive cybersecurity bill from the Senate. And its not just anticipated legislation making the news with regards to privacy and surveillance: today’s reports about the US Department of Justice subpoenas of the telephone records of Associated Press journalists makes clear the urgency for leadership on these issues.

We hope that PCLOB will finally put to rest the false binary that security and privacy are at odds. Governments can and must maintain a balance in protecting both. Security is essential to privacy and free expression, and thus the continued functioning of democratic institutions. We sincerely hope Mr. Medine and the PCLOB are up to the task, particularly in this age of ever-increasing surveillance.