We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.


Business Intelligence, Secret Surveillance and Privacy Where was the Privacy and Civil Liberties Oversight Board?

Originally published July 18, 2013

The last few weeks have been abuzz with the news of the secret NSA programs for obtaining business intelligence about possible terrorist activities by mining emails, social media and telephone communications. Yet the discussion did not focus on the technology aspects of how to capture and store the exabytes of data, or approaches to extract intelligence from the metadata or the semantic analysis techniques applied to big data. No, the debate was more on leakers and whistleblowers and their motivations, Congressional oversight or lack thereof, extradition treaties and their irrelevance, concerns over privacy and the need to protect it, and the mandatory debate over the need to balance civil liberties and national security.

While I consider myself much closer to Coverlet Meshing than to the ACLU on the topic (see "Why PRISM is the Right Investment," Information Week, July 15, 2013), this incident gives us a glimpse of how Washington really works: The pace of change is glacial, until something blows up in somebody’s face.

First of all, let’s explain that these surveillance programs were implemented by the executive branch after being authorized by laws that the legislative branch enacted and, in turn, reviewed by the designated court of the judiciary branch. Our system of checks and balances was duly at work.

And, by the way, this happened over the course of both Republican and Democratic administrations so the issue of partisanship can also be dismissed.

So why the uproar? Well, it is because of the fourth branch, or fourth estate, usually interpreted to mean the press. And I bring the fourth estate into this discussion in a positive way. It is the role of a free press to review, inform and question whether there have been abuses that in some way deserve closer scrutiny, or whether we have been stretching our interpretation of the authorizations and appropriations beyond the reasonable. This is important because we know that there can be laws, or legal regimens, leading to unethical situations that should be righted – such as the legal treatment of slavery that led to the 14th Amendment. Furthermore, there are laws whose constitutionality can be challenged or their implementation impugned. I am not suggesting that the NSA surveillance programs fall into this category, but they certainly are open to discussion given what has transpired and that already several bills have been introduced in Congress to limit the reach of government’s surveillance on the citizenry and its impact on individual privacy.

Traditionally our nation has been willing to curtail certain civil rights in exchange for safety and national security. This has happened in practically every national emergency we have faced. But there has always been a debate about where to draw the line and when to declare success and return to their fullest our much-valued freedoms.

We believe that the NSA programs have been instrumental in keeping us safer, and that is good. The questions being raised are simply around cost/benefit analysis, with a strong focus on individual privacy.

Over the last few decades we have seen how technology has been impinging on our ability to keep our private lives really private. Paraphrasing Scott McNeally, former CEO of Sun Microsystems, “Privacy is dead. Get over it!” 

But privacy is not really dead because we are painfully aware that identity theft costs us billions of dollars, that we don’t want everyone to have access to our personal health records or financial statements, and that practically every single one of us has that occasional embarrassing tidbit from their past that they’d rather keep from being broadcast on network television.

Furthermore, the courts have established a clear link between privacy protection and the Fourth Amendment to our Constitution:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
In the last half century there have been many statutes with a bearing on privacy. Most of these embrace privacy protection and others condition it when necessary for the greater good. They include: the Freedom of Information Act (1966), the Foreign Intelligence Surveillance Act (1974), the Privacy Act (1978), the PATRIOT Act (2001), the Intelligence Reform and Terrorism Prevention Act (2004), and the Implementing Recommendations of the 9/11 Commission Act (2007), among others.

The Privacy Act (1978) in particular addressed the following four principles:
  1. Give citizens (or permanent residents) access to information held about them by Federal agencies
  2. Follow “fair information practices”
  3. Limit dissemination of individually identifiable information to other individuals or organizations
  4. Government can be sued if agencies don’t abide by these practices
Yet when 9/11 hit, one of the most important outcomes was the Patriot Act (2001), giving our law enforcement and intelligence agencies additional powers to help them to keep us safe. This is the legislation that has provided much of the statutory authorization for the executive branch’s surveillance programs. But precisely because privacy is still a significant concern for the nation, the Intelligence Reform and Terrorism Prevention Act of 2004, which created both the Office of the Director of National Intelligence and the National Counter Terrorism Center, also created the Privacy and Civil Liberties Oversight Board (PCLOB).

The PCLOB is intended to advise the president on how to protect privacy and civil liberties in the implementation of all public policy related to counterterrorism, as well as to review the terrorism information sharing practices of executive branch departments and agencies. All members are duly cleared at a high enough level of security so the discussions can take place with full and open disclosure. This was the body where the ins and outs of the surveillance programs currently under question should have been discussed and debated, the privacy implications assessed and recommendations delivered to the White House.

It was also important for the PCLOB to address the technology behind these and other surveillance programs. In addition to the legal, public policy, philosophical, sociological and ethical foundations, the Board members (or subject-matter experts made available to them) should have direct knowledge about privacy preserving tools and techniques, the use of encryption, approaches to de-identification and re-identification of data, the use of trusted systems, anonymization methodologies, social networks, semantic analysis and other similar disciplines.

But all this is theory. Now let’s talk about practice and how Washington really works. It took until June 21, 2013 for the PCLOB to hold its first meeting ever with a full Board. Almost a decade after it was recommended by the 9/11 Commission and created by law, this organization had not yet started to operate or serve its public purpose. Given the concerns over NSA's surveillance programs, it met again on June 22nd and heard from the president himself that he wanted it to look into these programs.

As mentioned, the PCLOB was basically inactive right after its creation in 2004. The principal issue behind its ineffectual launch was that it was initially created as part of the executive branch. A Congressional Research Service report dubbed it a “presidential appendage, devoid of the capability to exercise independent judgment and assessment or to provide impartial findings and recommendations,” and said it had little power to force other agencies to present any documents it might require for its investigations. Congress objected to this and wanted the Board to be more independent and to have more teeth. As a result, it was reconstituted in 2007 as part of the Implementing Recommendations of the 9/11 Commission Act (IR9/11CA).

As Bush departed and Obama came in, nothing much seemed to change. The press, of course, has been asking questions all along. A spate of articles a few years ago slammed the Administration hard.
“Civil Liberties Board Goes Vacant Under Obama,” Newsweek, 3/2/10

“The Privacy and Civil Liberties Oversight Board sits empty,” wrote the Los Angeles Times on 4/9/10.

“President Obama has not filled even ONE seat on that board,” said Network World, on 9/27/10.

The PCLOB only became fully functional in May of this year, shortly before the NSA programs were revealed to the public by Edward Snowden’s leak to the press.

The PCLOB is made up of five members, and it is currently chaired by David Medine, a partner at the WilmerHale law firm and former executive at the Federal Trade Commission. It has just very recently been finally staffed with a full and cleared contingent on its board.

So business as usual in Washington. The PCLOB, almost ten years after its creation, will spring finally into action. On June 22, 2013, the Washington Post ran this story, “Privacy board, Obama talk about surveillance,” by Juliet Eilperin. It opens: “President Obama held his first ever meeting Friday with the Privacy and Civil Liberties Oversight Board – the group charged with ensuring that the executive branch balances privacy and civil liberties needs with its national security efforts.” Further into the text it quotes a Georgetown Law School professor saying, “It’s high time this board was activated.”

Yes, this is the way Washington works. It has little to do with who is president or which party is in power since, as we noted, the PCLOB saga has spanned both Republican and Democratic administrations. The modus operandi inside the beltway says: When all hell breaks loose, pass the buck, cover your ass and, if you can, play "government ex-post-facto."
 
Lessons learned for us business intelligence practitioners to keep in mind: Technical design elegance and technological excellence in implementation are necessary but not sufficient requirements when attempting to provide solutions to important issues in the public policy domain.

  • Dr. Ramon BarquinDr. Ramon Barquin

    Dr. Barquin is the President of Barquin International, a consulting firm, since 1994. He specializes in developing information systems strategies, particularly data warehousing, customer relationship management, business intelligence and knowledge management, for public and private sector enterprises. He has consulted for the U.S. Military, many government agencies and international governments and corporations.

    He had a long career in IBM with over 20 years covering both technical assignments and corporate management, including overseas postings and responsibilities. Afterwards he served as president of the Washington Consulting Group, where he had direct oversight for major U.S. Federal Government contracts.

    Dr. Barquin was elected a National Academy of Public Administration (NAPA) Fellow in 2012. He serves on the Cybersecurity Subcommittee of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee; is a Board Member of the Center for Internet Security and a member of the Steering Committee for the American Council for Technology-Industry Advisory Council’s (ACT-IAC) Quadrennial Government Technology Review Committee. He was also the co-founder and first president of The Data Warehousing Institute, and president of the Computer Ethics Institute. His PhD is from MIT. 

    Dr. Barquin can be reached at rbarquin@barquin.com.

    Editor's note: More articles from Dr. Barquin are available in the BeyeNETWORK's Government Channel

     

Recent articles by Dr. Ramon Barquin



 

Comments

Want to post a comment? Login or become a member today!

Be the first to comment!