The PCLOB was created to protect citizens amid the post-Sept. 11 crackdown. | REUTERS Cybersecurity board still missing

A federal board tasked in the Senate’s cybersecurity bill with ensuring government agencies and tech companies don’t infringe on consumer privacy has been dormant and understaffed for years — and hasn’t had a nominee confirmed since 2007.

As members of Congress consider a new law that would help them exchange data about emerging digital threats, they’ve envisioned that the Privacy and Civil Liberties Oversight Board would make sure consumers aren’t harmed and that their data isn’t caught in the fray.


But the PCLOB — created by Congress to protect citizens amid the post-Sept. 11 crackdown on terrorists — has long been paralyzed. It’s possible the Senate could confirm its nominees en bloc before the chamber enters the August recess, but the inaction so far has privacy advocates concerned that a cybersecurity bill could reach the president without a watchdog fully in place.

If the confirmations continue to be stalled, “We’ll have information sharing but not the oversight,” said Peter Swire, an Ohio State University professor who served as chief counselor for privacy in the Clinton administration. “Depending on the bill, we might repeal privacy protections and have nothing in place to make up for that.”

Sen. Joe Lieberman (I-Conn.), one of the bill’s lead sponsors, told POLITICO the privacy board is a “check on greater authorities granted to the government following 9/11, and it will be critical to fair implementation of cybersecurity legislation.” But the fact that nominees haven’t been confirmed is “yet another example of how the business of Washington can come to a dead stop because of ideological gridlock.”

Congress may have created the PCLOB in 2004, but lawmakers reconstituted the board in 2007 after the high-profile resignation of Lanny Davis — who left during the George W. Bush administration in part because the White House had censored a board report.

Since then, the panel hasn’t had a nominee confirmed.

It wasn’t even until the end of 2011 that the Obama administration nominated a full slate of candidates, and it wasn’t until May 2012 that the Senate Judiciary Committee voted on them. The committee, by voice vote, approved four proposed members of the board — James Dempsey, Elisebeth Cook, Rachel Brand and Patricia Wald. The fifth member — David Medine, who has been nominated as chairman — cleared on a partisan 10-8 vote.

Yet there’s no sign the Senate is racing to confirm any of the members tapped for the PCLOB. The chamber could push through the nominees before the August break, but a spokesman for Majority Leader Harry Reid (D-Nev.) did not comment on the possibility Monday.

The scheduling uncertainty thus has some privacy advocates particularly fearful that a cybersecurity bill could clear Congress while one of its key oversight mechanisms lags behind.

For one thing, the PCLOB can’t even staff itself, according to Swire, because the statute authorizing it says the chairman must perform those duties — and, well, there’s still no chairman.

Even after that occurs, though, hiring and preparing expert staff requires time. And the budget for the board isn’t particularly large, creating trouble for a panel that’s supposed to oversee the National Security Agency, the Department of Homeland Security and a litany of other agencies and programs affecting privacy — all in addition to cybersecurity reform.

“It’s hard to see them even being able to provide strong oversight in the next six months to a year,” said Chris Calabrese, legislative counsel for the American Civil Liberties Union.

“And then you look at their staffing issues,” Calabrese continued, noting the agencies the small team can cover “are the size of small towns.”

The territory will expand if any of the cybersecurity bills percolating on the Hill become law this year. The Cybersecurity Act of 2012 by Lieberman and his allies — on the Senate floor this week — tasks PCLOB with the job of assessing the ways Internet companies are monitoring their networks and taking actions to combat threats every two years.

It’s precisely this language that has Sen. Al Franken (D-Minn.) and others fearful that the Lieberman bill gives companies too much latitude to interfere with consumers’ browsing habits or computer use. Franken is behind an amendment to eliminate the section on so-called countermeasures.

The privacy board’s reports are also supposed to develop recommendations to improve the law while assessing the civil liberties impact of information sharing. The Cybersecurity Act of 2012 also specifies a role for inspectors general — outside the PCLOB umbrella — to keep watch on elements of the program.

While it handles the matter differently, even the Senate Republicans’ cybersecurity alternative — the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act — specifies a role for PCLOB in reporting regularly on federal and private information sharing.

The importance of PCLOB to cybersecurity reform isn’t lost on members.

Judiciary Committee Chairman Patrick Leahy (D-Vt.), for one, said in May the board would be critical to protecting Americans’ privacy “considering various proposals to enhance the nation’s cybersecurity, and these proposals would have a significant impact on the privacy rights and liberties of all Americans.”