History and Mission
What is the Privacy and Civil Liberties Oversight Board?
The PCLOB is an independent agency within the Executive Branch established by the 9/11 Commission Act of 2007. The bipartisan, five-member Board is appointed by the President and confirmed by the Senate. The Chairman serves full time, while the four other Board Members serve in their positions part-time. The Board's mission is to ensure that the federal government's efforts to prevent terrorism are balanced with the need to protect privacy and civil liberties.
What is the History of the Board?
In its 2004 report, the National Commission on Terrorist Attacks Upon the United States, known as the 9/11 Commission, recommended the creation of what is now the Privacy and Civil Liberties Oversight Board. The Commission noted that many of its recommendations “call[ed] for the government to increase its presence in our lives—for example, by creating standards for the issuance of forms of identification, by better securing our borders, by sharing information gathered by many different agencies,” and by consolidating authority over intelligence agencies under a new Director of National Intelligence.
The Commission observed that “this shift of power and authority to the government” would require “an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life.” It also found, however, that there was “no office within the government whose job it is to look across the government at the actions we are taking to protect ourselves to ensure that liberty concerns are appropriately considered.” To fill that gap, the Commission called for “a board within the executive branch” to oversee “the commitment the government makes to defend our civil liberties.”
In response to the 9/11 Commission’s recommendation, President George W. Bush created the President’s Board on Safeguarding Americans’ Civil Liberties in 2004. The President’s Board ceased to meet following the enactment later that year of the Intelligence Reform and Terrorism Prevention Act of 2004, which created a Privacy and Civil Liberties Oversight Board within the Executive Office of the President. Finally, in 2007, the Implementing Recommendations of the 9/11 Commission Act (“9/11 Commission Act”) established the Board as an independent agency within the Executive Branch.
Under the 9/11 Commission Act, the Board is comprised of a full-time Chairman and four part-time Members, each appointed by the President, with the advice and consent of the Senate, to staggered six-year terms. The Board’s statute requires that Members come from different political parties and be selected “on the basis of their professional qualifications, achievements, public stature, expertise in civil liberties and privacy, and relevant experience.”
What are the Board's Responsibilities?
The Board’s responsibilities comprise two basic functions: oversight and advice.In its oversight role, the Board is authorized to continually review the implementation of Executive Branch policies, procedures, regulations, and information - sharing practices relating to efforts to protect the nation from terrorism, in order to ensure that privacy and civil liberties are protected. The Board also is authorized to continually review any other actions of the Executive Branch relating to efforts to protect the nation from terrorism, in order to determine whether such actions appropriately protect privacy and civil liberties and whether they are consistent with governing laws, regulations, and policies regarding privacy and civil liberties.
In its advice role, the Board is authorized to review proposed legislation, regulations, and policies related to efforts to protect the nation from terrorism (as well as the implementation of new and existing policies and legal authorities), in order to advise the President and Executive Branch agencies on ensuring that privacy and civil liberties are appropriately considered in their development and implementation.
The Board is also directed by statute to, when appropriate, coordinate the activities of federal agency privacy and civil liberties officers on relevant interagency matters.Twice each year, the Board must report to Congress and the President on its activities, making the reports available to the public to the greatest extent possible.
What Actions Can the Board Take?
In order to carry out its mission of providing oversight and advice, the Board is authorized to access all relevant executive agency records, reports, audits, reviews, documents, papers, recommendations, and any other relevant materials, including classified information. The Board may interview, take statements from, or take public testimony from any Executive Branch officer or employee. Additionally, the Board may request in writing that the Attorney General subpoena on the Board’s behalf parties outside of the Executive Branch to produce relevant information.
The Board's enabling statute, codified at 42 U.S.C. § 2000ee, vests it with two fundamental authorities: (1) to review and analyze actions the executive branch takes to protect the nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties, and (2) to ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the nation from terrorism. In addition to its primary mandate, the Board also has designated roles under the following legal authorities:
The Board's enabling statute.
Executive Order 13636 on Improving Critical Infrastructure Cybersecurity, issued in February 2013, calls upon multiple agencies to research and create a Cybersecurity Framework to minimize the risk of a cyber attack on critical infrastructure. Section 5 of the executive order requires the Department of Homeland Security to prepare a report, in consultation with the PCLOB, recommending ways to mitigate the privacy and civil liberties risks created by cybersecurity measures adopted under the order. The report must be reviewed on an annual basis and revised as necessary.
Executive Order 14086 on Enhancing Safeguards for United States Signals Intelligence Activities, issued in October 2022, implements the United States' commitments under the E.U.-U.S. Data Privacy Framework. Under the order, the PCLOB will conduct a review of implementation of new policies and procedures adopted by the intelligence agencies to provide enhanced safeguards in signals intelligence activities. The PCLOB is also tasked with conducting an annual review of the Data Protection Review Court's redress process, as well as with assisting in the selection of DPRC judges.
Presidential Policy Directive 28 (PPD-28) articulates 'principles to guide why, whether, when, and how the United States conducts signals intelligence activities for authorized foreign intelligence and counterintelligence purposes.' In the directive, the President encouraged the Board to provide him with an assessment of the implementation of any matters contained in the directive that fall within the Board’s mandate.
Section 803 of the Implementing Recommendations of the 9/11 Commission Act directs the privacy and civil liberties officers of eight federal agencies – and any additional agency designated by the Board – to submit periodic reports to the PCLOB regarding the reviews they have undertaken during the reporting period, the type of advice provided and the response given to such advice, and the number and nature of the complaints received by the agency for alleged violations, along with a summary of the disposition of such complaints. The PCLOB's enabling statute directs the Board to receive these reports and, when appropriate, make recommendations to the privacy and civil liberties officers regarding their activities.
In 2016, the Board released a set of recommendations, which were approved unanimously by the Board, to provide guidance to other federal agencies to improve the reports they file under Section 803.
Policies and Other Information
In 2015, the Board released a policy related to its advice responsibilities. The document, which is titled, 'Advisory Function Policy and Procedure,' is intended to clarify the Board’s advice function and thereby provide a clear path for federal agencies and components to engage with the Board in early stages of the process of a new agency policy, rule, or regulation being developed.
This Federal Register notice provides information to the public about the Board’s organization, function, and operations.
Federal Register Notice 'providing notice to [the Board's] employees, former employees, and applicants for Board employment about the rights and remedies available to them under the federal anti-discrimination, whistleblower protection, and retaliation laws.'
Finalized agency rule implementing the Freedom of Information Act, the Privacy Act of 1974, and the Government in the Sunshine Act. This rule describes the procedures for members of the public to request access to PCLOB records. In addition, this rule also includes procedures for the Board’s responses to these requests, including the timeframe for response and applicable fees.
Agency plan outlining the Board's functions in the event of a lapse in appropriations.
In accordance with the Privacy Act of 1974, the Privacy and Civil Liberties Oversight Board created a system of records titled, 'PCLOB–1, Freedom of Information Act and Privacy Act Request Files.'