Telephone Records and PRISM—The First Job for the Privacy & Civil Liberties Oversight Board
Front pages have picked up the report from The Guardian that the National Security Agency (NSA) is currently collecting the telephone records of millions of customers of Verizon. Many observers believe that other telecom providers may be under similar court orders.
The scope of the warrant, as reported by The Guardian, is broad: “Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.”
A second set of stories emerged a day later, reporting that the NSA and the FBI have created a “PRISM” program, through which the agencies “are tapping directly into the central servers of nine leading U.S. Internet companies.” PRISM reportedly extracts audio and video chats, photographs, e-mails, documents, and connection logs. Several of the companies have issued denials.
Among the many issues that arise from these revelations, this post recommends that investigating these revelations should become the first priority for the newly stood-up Privacy and Civil Liberties Oversight Board (PCLOB).
Just last week, after a long—and unjustified—delay in the Senate, David Medine was sworn in as the first chair of the PCLOB. He joined the four other members of the board who were confirmed in 2012. With Medine’s confirmation, the board can assume all of its statutory powers.
Under its authorizing statute, the PCLOB is designed to “analyze and review actions the executive branch takes to protect the nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties.” The Verizon warrant was reportedly issued under the Foreign Intelligence Surveillance Act, which targets “agents of foreign powers” and is widely used to address international terrorism threats, as I have discussed previously.
The PCLOB does not have to wait for a legislative or regulatory proposal to do its job. Instead, the statute says that the PCLOB “shall continually review” the design and implementation of “efforts to protect the Nation from terrorism to ensure that privacy and civil liberties are protected.” Members of the PCLOB receive security clearances.
To investigate the newly-public programs, the PCLOB can request cooperation from federal agencies, including by using its subpoena powers—subject to review by the attorney general. The PCLOB also has an obligation to report to Congress at least twice a year, made available to the public to the extent consistent with protecting classified information. This sort of report may be particularly useful in the current situation, because Senators Wyden and Udall have already voiced their concerns about the current surveillance.
In addition, the PCLOB has subject-matter expertise here. Verizon reportedly turned over the records under Section 215 of the USA-PATRIOT Act of 2001. This “business records” provision has been the subject of sharp criticism since it was enacted. Notably, PCLOB board member Jim Dempsey has testified in Congress in 2003 and 2005 warning about the FBI’s “sweeping authority” under Section 215 and supporting narrowing amendments.
Chairman Medine has been in office only a few days, and the PCLOB faces many pressing privacy issues. But the startling new reports suggest that PRISM and the telephone record warrants should be a top priority.
About the Author
Peter Swire, CIPP/US, is the Nancy J. & Lawrence P. Huang Professor at the Georgia Institute of Technology, in the Scheller College of Business. He is a Senior Fellow with the Future of Privacy Forum and the Center for American Progress, and Policy Fellow with the Center for Democracy and Technology.
In 2013, Swire served as a member of President Obama’s Review Group on Intelligence and Communications Technology. Previously, he was co-chair of the Do Not Track standards process of the World Wide Web Consortium. He served in the White House under both Presidents Clinton and Obama, and is lead author of two texts for Certified Information Privacy Professionals examinations of the IAPP.