What Does Effective Intelligence Oversight Look Like?

Last Tuesday, I enjoyed a lively discussion on “Reconciling Liberty and Security” at a conference headlined, “Hindsight: Fifteen Years of the War on Terror” at Fordham Law School’s Center for National Security. My panel included David Cole, Jameel Jaffer, Matthew Olsen, Matthew Waxman, and Michel Paradis. Video of the panel is here:

Among the important and timely topics we covered was how to achieve effective oversight of intelligence programs. I offer the following thoughts to elaborate on what I said on that subject last week.

The backdrop for why we need effective oversight of intelligence programs is that intelligence programs cannot be effective without a significant degree of secrecy. Transparency is central to maintaining democratic control of government, but for intelligence programs, there is some point at which transparency must give way. Beyond that point, effective oversight is the bulwark that keeps the government in check.

But what does effective oversight look like? There has been no shortage of proposals—many of which have been adopted—for imposing more oversight on U.S. intelligence programs. But more oversight does not necessarily mean better oversight. Indeed, more oversight could mean worse oversight if it wastes taxpayer dollars on redundant measures that add no value or threaten national security by unnecessarily interfering with the operations of the supervised agency.

An ideal system of oversight would include the following attributes:

A mix of independent oversight and internal oversight. Being a member of the PCLOB—which is an independent agency in the executive branch—I am very familiar with the arguments for independent oversight; that is, oversight outside of the agency’s chain of command. An independent body is free to conclude that a program is unlawful, unwise, or flawed—and say so to Congress, the President, and possibly the public (depending on whether it is classified). On the other hand, taking all oversight mechanisms out of the supervised agency would actually diminish the effectiveness of the oversight regime. Oversight bodies within an agency, such as the general counsels, compliance offices, inspectors general, and privacy officers that exist throughout the Intelligence Community, are much more likely than an independent agency to be aware of and therefore impact the day-to-day thinking and operations of the agency.

Oversight by all three branches of government. An ideal system includes oversight by all three branches of government, each providing different value according to its area of competence and constitutional authority.

Oversight has to start with the executive branch, both in terms of policy and legality (a distinction I discuss below), for obvious reasons. No amount of oversight by the other two branches of government would be adequate to rein in an executive branch that did not first make a serious attempt to ensure that its own conduct complied with the law and to weigh policy and risk considerations not mandated by law.

But executive branch oversight alone is not enough.

Congressional oversight is essential. In a representative democracy, we rely on the legislature to ensure that secret intelligence programs don’t go too far. Congress may be the oversight body best-suited to ensuring that the Intelligence Community fulfills the people’s desired balance between security and privacy (recognizing that the public’s desire can shift on a moment’s notice). Congressional oversight is not just more of the same oversight conducted from Capitol Hill instead of the White House. It will never be as granular or as contemporaneous as executive branch oversight—and in some respects could not be without infringing on the President’s constitutional authorities—but can have broad impact by amending legal authorities or by granting or withholding funding for particular programs.

The judiciary also has an important function. “Oversight” seems an odd term to describe the role of federal courts vis-à-vis executive agencies given the courts’ constitutional limitation to deciding cases or controversies. But while no federal court has a free-ranging mandate to oversee intelligence agencies in the way the President or Congress does, the Foreign Intelligence Surveillance Court does in fact conduct ongoing oversight of the FISA programs and activities it authorizes the government to conduct. Nevertheless, judicial involvement is not the answer to every oversight problem. We rely upon courts to apply the Constitution and federal statutes in contexts such as applications to conduct electronic surveillance inside the United States, but the courts have neither the constitutional authority nor the institutional competence to oversee many other activities of the intelligence agencies.

A mix of policy oversight and compliance oversight. Intelligence Community agencies already spend substantial resources on ensuring that programs are both lawfully designed and compliant with law in practice. But they should also ask whether they should engage in particular intelligence activities even if they can as a matter of law. An overall oversight structure should include officials who will ask whether a program should be modified or scrapped because it is not effective enough to offset the risk or other policy implications of the program. The oversight bodies tasked with assessing legal compliance before or after the fact—inspectors general, for example—are not well-suited to this kind of policy oversight. Ideally, these policy questions would be asked in the first instance by policymakers within an agency, with the backstop of big-picture policy oversight from an external source, whether it is a truly independent body such as the PCLOB or an entity within the Administration such as the National Security Council or the Director of National Intelligence. It may not be possible to vest all aspects of policy oversight in a single entity because of the diverse questions at stake. For example, assessing whether a program appropriately respects privacy interests is a very different task from judging whether surveilling a particular target will create unacceptable diplomatic risk.

Mix of skepticism and dedication to the agencies’ mission. Finally, oversight has to combine a healthy dose of skepticism with a dedication to helping the agencies fulfill their missions effectively within appropriate constraints. Despite the tendency in some quarters to expect oversight bodies to reflexively criticize and seek to limit the agencies’ activities in every way possible, oversight is not about antagonism toward the supervised agencies. Good oversight requires asking hard questions, giving unpopular answers, and challenging the status quo. But the result of this questioning, challenging, and honing should not be agencies hamstrung by impracticable procedures and endless inquiries that needlessly divert the attention of officials from fulfilling the agencies’ mission. The result should be agencies that can aggressively and creatively fulfill their important national security and foreign affairs missions through programs that are designed to—and do—follow the law and respect individual rights and freedoms.