Surveillance Reform: Privacy Board Turns to E.O. 12,333

The Privacy and Civil Liberties Oversight Board is holding its first public meeting outside Washington at Philadelphia’s National Constitution Center to examine surveillance activities under E.O. 12,333 that are directed at international terrorism. A livestream will be available at the PCLOB’s website; my statement to the Board can be found here. My friend and Lawfare colleague Bobby Chesney and I are both appearing. The job of lawyers and privacy officials is the intelligence community is to administer the two basic systems of oversight first established by the Church Committee reforms of the 1970s: the Foreign Intelligence Surveillance Act and E.O. 12,333. In my experience, E.O. 12,333 is the more important of the two, although it receives much less attention. E.O. 12,333 governs activities that are not regulated by statute and do not require a court order. As a result, those activities are less well documented, as a practical matter less transparent – even by the standards of classified programs, and are therefore subject to less rigorous oversight. They involve at most two branches of government – the Executive and Congress. Realistically, they usually involve only the Executive. As a lawyer inside the Executive Branch providing advice on intelligence activities, I found myself turning to E.O. 12,333, and the AG guidelines for each agency required by that order, far more often than I did to FISA or other statutes. For us, E.O. 12,333 and the AG guidelines provided the only real source of legal guidance for most of what intelligence agencies do. Since the Snowden revelations began in 2013, there has been debate here and abroad about surveillance reform. While much of the debate in this country about surveillance reform has focused on bulk collection of telephone records and other FISA activities, in the rest of the world the attention has been on continuing revelations of a variety of NSA activities conducted overseas under E.O. 12,333. These include reports of very intrusive activities, like collection of massive quantities of communications – the practice the government calls bulk collection, and critics call mass surveillance – and alleged activities that undermine encryption or security of communications systems. President Obama has addressed some of these concerns in Presidential Policy Directive 28 (PPD-28), issued last year and implemented this year. PPD-28 limits bulk collection to six specified national security threats, including international terrorism, and for the first time requires intelligence agencies to have guidelines that protect the privacy of foreign citizens. I discuss PPD-28, and make recommendations for further reforms, in my recent Foreign Affairs article, “The Good News About Spying.”