A Problem with the US Privacy and Civil Liberties Oversight Board

I haven't heard much about the Privacy and Civil Liberties Oversight Board. They recently held hearings regarding the Snowden documents.

This particular comment stood out:

Rachel Brand, another seemingly unsympathetic board member, concluded: "There is nothing that is more harmful to civil liberties than terrorism. This discussion here has been quite sterile because we have not been talking about terrorism."

If terrorism harms civil liberties, it's because elected officials react in panic and revoke them.

I'm not optimistic about this board.

Posted on July 16, 2013 at 7:11 AM • 30 Comments

Comments

QnJ1Y2UJuly 16, 2013 7:28 AM

Also in the article:

James Dempsey, a PCLOB member ... suggested the scale of intelligence that needed to be collected made it difficult to see how authorities could go back to granting individual warrants rather than blanket approvals.

So, because we're collecting lots of data we need approval to collect lots of data. I hope he was somehow misquoted, because otherwise that's some painful logic.

SomeoneJuly 16, 2013 7:44 AM

There has been a shift in, if nothing else, the FBI to become much more like an intelligence agency. It has been a culture change in the works over the past decade. I am basing this off of what James Comey said in his Senate confirmation hearing.

On the US Privacy and Civil Liberties Oversight Board hearing, one question did stand out to me that I pose (paraphrase) to all of you -

If the U.S. is to not collect all phone and Internet metadata, what alternatives do you suggest for law enforcement to be able to track hackers and virus propagation?


John MooreJuly 16, 2013 8:06 AM

Yes, I read Ms. Brand's statement with dismay. Terrorism is not the problem here. Negation of laws and civil liberties under the mantle of protecting the public from terrorists is the problem. I have to wonder if something similar happened in Nazi Germany when Hitler seized supreme power and he blamed the Jews and Communists for Germany's ills and as an excuse for his power grab.

Peter BootheJuly 16, 2013 8:37 AM

I was there when Rachel Brand came and gave a talk at Computers, Freedom, and Privacy 2004 in her capacity as Principal Deputy Assistant Attorney General. I recall that her prepared talk sounded reasonable, but that her Q&A answers sounded evasive and a little duplicitous. It was, however, admirable of her to be willing to give a talk to such a hostile audience.

Remembering that she began her professional career in government right after September 11 helps put things in perspective. For the past 12 years (her entire career in gov't!) terrorism has (mostly wrongly) been a primary concern. Therefore, from her perspective, for the committee to ignore this primary concern is dumb.

I wonder how much of our nation's bureaucracy has been molded this way, and how long it will take to fix? My prediction: this obsession will continue until at least until 2021, because you need people to retire and people can't retire until at least 20 years have passed.

VinzentJuly 16, 2013 9:47 AM

Wait. Terrorists are harmful to civil liberties?

Let's see...

Quoted from wikipedia:

some examples of civil liberties include the freedom from slavery and forced labor, freedom from torture and death, the right to liberty and security, freedom of conscience, religion, expression, press, assembly and association, speech, the right to privacy, the right to equal treatment and due process and the right to a fair trial, ...

explicit sarcasm tag for the NSA analyst who's reading that now (you know my number, don't you?)

So terrorists torture people, invade their privacy, suppress free speech, ...?

Following the logic, it seems that the guys running Gitmo, preventing people from getting at least the illusion of a fair trial, torture and even kill some (sorry, those are - of course - not people, but enemy combatants), ignore any still existing privacy laws, and kick in your door if you post something "wrong" on Facebook are terrorists?

Doesn't that mean, that, according to that definition, the U.S. are run by terrorists? In the name of Allah^WNational Security?
end sarcasm

Seriously, plain stupid vanilla terrorist harm civil liberties the same way as cars. Sometimes they succeed in killing people. That's about it.

And - last time I checked - nobody suggest to shut down (or even fight a so called war on) transportation because it is "harmful to civil liberties".

John DoeJuly 16, 2013 10:12 AM

Yet I don't see any discussion on what the NSA OIG (office of inspector general) was doing to oversee the project Snowden disclosed

I would encourage everyone to find their way over to the offical NSA OIG homepage and check out their stated mission and ask yourself if they did their job.

It's easy as hell to suggest "more oversight" but when will the people start asking themselves why the existing oversight is failing. The NSA OIG is the one who needs to be held responsible here, because ultimately they are official channel for a concerned person to conduct wistleblowing through.

Did the OIG receive any reports about this project? What was done to investigate it? Did Showden report anything to them before disclosing classified documents to the media?

FigureitoutJuly 16, 2013 10:21 AM

what alternatives do you suggest for law enforcement to be able to track hackers and virus propagation?
Someone
--Not make the systems vulnerable in the first place b/c there's too much RF/digital/meta data to really analyze in the first place; just like fighting a drug war in a drug addicted nation. They may want to track themselves sometimes as well.

FigureitoutJuly 16, 2013 10:29 AM

John Doe
--NSA Inspector General? HA! Good one man, what an insincere joke; the website was a joke. The bottom had the dates last updated/posted:

Date Posted: Sept 1, 2010 | Last Modified: Sept 1, 2010 | Last Reviewed: Sept 1, 2010

FigureitoutJuly 16, 2013 10:33 AM

John Doe
--They even said "callers may remain anonymous", what jokers!

Shadows_applyJuly 16, 2013 11:47 AM

If the U.S. is to not collect all phone and Internet metadata, what alternatives do you suggest for law enforcement to be able to track hackers and virus propagation?

Honeypots. They've been out there for years.

BryanJuly 16, 2013 12:27 PM

@someone

what alternatives do you suggest for law enforcement to be able to track hackers and virus propagation?

I'd suggest something along the lines that phone companies have been required to do since before the 1990s, when I read in the Code of Federal Regulations that the phone companies were required to keep their Call Data Records for 18 months.

We could change the timeframe to make data retention 3 years or more if that is a good idea. We could apply it to ISPs as well as phone companies.

We could make it such that the intelligence agencies could query the data on a per-investigation basis (i.e. FISA court approval). We could electronically keep a record of the queries, and provide that record to the congressional oversight committees and the Inspector General(s). We could require that summaries of the numbers of warrants and queries be publicized.

We could change the law such that the FISA court must publish its opinions, perhaps redacted. We could remove FISA court authorization to approve intelligence collection programs; they could then only approve search warrants supported by probable cause.

The ability on U.S. Law Enforcement (i.e. not the CIA, NSA, DIA, and other outward-looking security agencies) already has all the authority it needs to track down crackers and virus propagators -- but unless one of these miscreants is handed to them, it is not worth the $effort unless there is a publicity payoff.

We could make it a felony for phone company and ISP officers and managers to share client data with law enforcement agencies without a court approved warrant. We could establish personal liability for such officers and managers as well as company liability within civil law.


@Figureitout

--They even said "callers may remain anonymous", what jokers!

Indeed, callers may. But they don't.


BTW, the proposal to make a privately appointed Privacy and Civil Liberties Oversight Board, that has no accountability to the public be my advocate before the FISA court is laughable and really scary. Also, if the FISA court cannot approve programs, but only has authority to approve individualized warrants based on some reasonable suspicion of terrorist intent, then maybe the ex-parte (one-sided, only the govt can advocate before it) nature of the court can remain. But there should never be secret law; Congress, I mean All Of Congress, should be aware of all the law and actions the govt can take.

MontyJuly 16, 2013 1:50 PM

Rachel Brand worked for the Justice Department under G.W. Bush and her current job is "litigating against excessive regulation" for the Chamber of Commerce, a lobby for corporations. Unsympathetic to privacy and civil liberties seems an apt description.

SamJuly 16, 2013 2:09 PM

@John Doe,

Excellent points. Too few people bother to understand how the system is supposed to work, before proposing tearing it all down.

Anonymous blokeJuly 16, 2013 2:22 PM

@Bryan
-- But there should never be secret law; Congress, I mean All Of Congress, should be aware of all the law and actions the govt can take.

There aren't secret laws. The laws that authorize the type of activity discussed is public. FISA Amendments Act. Check out sections 702 - 705.

Common law systemJuly 16, 2013 4:49 PM

@Anonymous bloke

The US has a common law system. This means that court rulings are part of the body of the law. Any time there is a secret ruling, there is a secret law.

Dirk PraetJuly 16, 2013 7:38 PM

@ John Moore

I have to wonder if something similar happened in Nazi Germany when Hitler seized supreme power and he blamed the Jews and Communists for Germany's ills and as an excuse for his power grab.

Check out a comparison between the US Patriot Act of 2001 and Germany's Ermächtigungsgesetz of 1933 : http://fcweb.limestone.on.ca/~stridef/Civics%20and%20Careers/Unit%203%20-%20Lesson%204%20-%20Enabling%20Act.pdf .

On topic:

The PCLOB is a figleaf at best because it has no real power at all.

- It has lingered without a chairman for almost five years. This spring, the Senate confirmed David Medine as the chair, but it has done little, if anything, since then.

- It's not empowered to issue subpoenas, cannot get documents or get people to testify under oath. This means that it depends entirely on the goodwill and truthfulness of those asked to cooperate. This doesn't bode well in a context where folks can get away with "least untruthful statements" before Congress.

(Source: EFF, https://www.eff.org/deeplinks/2013/06/why-special-congressional-committee-must-be-created-investigate-nsas )

- Its members are all appointed by POTUS and 4 out of 5 have very strong government ties. Medine previously served as a senior advisor to the White House National Economic Council. Three others have also worked for the government or courts.

- It does not have a website, an email address or any independent full-time staff.

- Official board meetings of the PCLOB are closed to the public, because of the classified issues to be discussed.

(Source: The Guardian , http://www.guardian.co.uk/world/2013/jun/21/privacy-civil-liberties-obama-secretive )

Can someone please explain to me how this is going to work ?

Anonymous blokeJuly 16, 2013 8:14 PM

@common law system

-- The US has a common law system. This means that court rulings are part of the body of the law. Any time there is a secret ruling, there is a secret law.

Hmmm... somehow I suspect that when a judge authorizes a wiretap on a suspect they keep it secret. Otherwise organized crime organizations would simply pay someone to watch all court proceedings to get a heads up that they are under scrutiny and thus alter their way of doing business.

Of course if the case ever goes to trial the secret would be lifted once that evidence is brought forward. If the case never goes to trial then the secret probably never is lifted.

SomeoneJuly 16, 2013 8:14 PM

Don't forget that all except the leader of the board is forbidden, by law, to have their work on the board be full time.

FigureitoutJuly 16, 2013 8:30 PM

Otherwise organized crime organizations would simply pay someone to watch all court proceedings to get a heads up that they are under scrutiny and thus alter their way of doing business.
Anonymous bloke
--Or they could simply control/threaten the judge and the process and have they're crime being done "legally". The military can do this now. Bring on the sunshine; these are PUBLIC, taxpayer-funded institutions. Not even a debate.

This is why I trust crazy little people fighting big government, big business, big mafia crime anyday. No one fights it, pure tyranny.

StaceyJuly 16, 2013 8:47 PM

This board is a joke and a waste of our money. Kind of like TSA theatre.

name.withheld.for.obvious.reasonsJuly 17, 2013 4:48 AM

This has to be the privacy protection statement of the century (PPSOTC).

Looking back at the record in what has been said by the NSA regarding its activities I ran across this most hilarious tidbit from Michael Hayden. I must have missed this National Press Club event in 2007...but it says a lot. None of it good of course. During Hayden's diatribe he went on consistently indicating that there was no surveillance, little did the audience (other members of the press) realize that the NSA defines different scopes for what are very common terms. For example, to the NSA surveillance does not necessary mean "listening, watching, reading, or observing" but really means "collection" by means of automation. Thus, no one at the NSA is engaged in this activity. Now for the fun...

NATIONAL PRESS CLUB, Washington D.C., 23 January 2006:
During the last part of the event, during the press question period, Michael Hayden made this statement after Jonathan Landay of Knight Ridder asked Hayden if he could comment on both the FISC and AG change in the standard from "reasonable" and not "probable". The response is hilarious....

Michael Hayden:

"And so what you've raised to me -- and I'm not a lawyer, and don't want to become one -- what you've raised to me is, in terms of quoting the Fourth Amendment, is an issue of the Constitution. The constitutional standard is "reasonable." And we believe -- I am convinced that we are lawful because what it is were doing is reasonable."

Wow!!! A scholar of the first order (first order of the inane), my "hole" opinion of Hayden is completely "transmoritified."

FrankJuly 17, 2013 8:00 AM


The criticism from the FISA judge is important, but he can not change anything.

Hoover ran secret, illegal, mass surveillance for decades without getting caught. When aspects of his system came to light and were put down, for instance, like when the Supreme Court outlawed phone wiretapping -- he just took it further and further underground. And he became more sophisticated in his system of blackmail.

Presidents knew, Senators knew, Washington knew. But they were scared to go against Hoover. And how much they knew was likely very little.

Hoover had a lot of people working for him doing very bad things, but few came forward. Like the mafia, their hands are dirty. That is how they gain admittance to the club. The embracing of immorality in the systems also warns them that anything could happen to them by coming forward. That these systems make controlling politicians trivial, they know there is little to no protection for themselves.

The only thing that can destroy these systems is criminal evidence against them.

StukeJuly 17, 2013 11:30 AM

Great! Whenever they create a board to oversee a process, it may limit that process, but it also legitimizes it.

Dirk PraetJuly 17, 2013 3:08 PM

In the UK, the Intelligence and Security Committee of Parliament (ISC) oversees the intelligence and security activities, including the
policies, expenditure, administration and operations of the Security Service (MI5), the Secret Intelligence Service (MI6) and the Government Communications Headquarters (GCHQ). It also scrutinises the work of other parts of the UK intelligence community, including the Joint Intelligence Organisation and the National Security Secretariat in the Cabinet Office; Defence Intelligence in the Ministry of Defence; and the Office for Security and Counter-Terrorism in the Home Office.

Dirk PraetJuly 17, 2013 6:17 PM

[Continued ; pressed submit instead of preview]

This means that they oversee the work of about 10k people at home. The ISC consists of 9 members drawn from both houses of parliament and is chaired by Sir Malcolm Rifkind, thus totalling the grand sum of 10 (ten) people. Contrary to the PCOLB, it has recently acquired real investigative powers. The Committee produces an Annual Report on the discharge of its functions and may also produce reports on specific investigations.

In a Wednesday surprise statement on GCHQ’s alleged interception of communications under the PRISM programme, they announced that, after thorough investigation, they had not found any proof of wrongdoing. Tempora wasn't mentioned.

Needless to point out that I feel completely assured now that with an impotent committee of 5 people in the US and a seemingly clueless counterpart of 10 in the UK, the necessary checks and balances are in place to keep the activities of some hundreds of thousands of people working for the US/UK intelligence/surveillance communities entirely under control.

MatthiasJuly 19, 2013 5:24 PM

This might be interesting. When Germany had its "domestic" terrorism (RAF - Red Army Fraction) 1970 ~ 1990, the terrorists reasoned as follows.

1. We commit "terroristic acts"
2. As a consequence, the state develops more and more into an open "police state"
3. The general public starts a revolution.

They had not much success, but a few laws where changed and some rights where limited. Goal number three is an illusion, of course. But given enough time and resources, number two seems reachable.


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..