It’s time for the Senate to act on privacy board nominations

The White House’s announcement of the intended nominations of Travis LeBlanc and Aditya Bamzai to be members of the Privacy and Civil Liberties Oversight Board (PCLOB) is a welcome development for this low-profile but increasingly significant board. It paves the way for the board, which has been operating without a chair since 2016 and without a quorum since early 2017, to be operational again—before its vacancies metastasize into a major problem for U.S. relations with the European Union.

It is going on one year since Adam Klein, a fellow at the Center for New American Security (CNAS), was nominated to chair the PCLOB. His nomination has been awaiting a floor vote since Feb. 15. The White House announced two more excellent nominees in March: Princeton computer scientist and former technologist at the Federal Trade Commission and White House Office of Science & Technology Policy Ed Felten; and Jane Nitze, formerly at the Justice Department Office of Legal Counsel and law clerk to Supreme Court Justices Sonia Sotomayor and Neil Gorsuch. Both have also been reported out of committee and are ready for a vote.

Action on these nominations has been delayed by political jockeying over a potential Republican supermajority on the board. Because the one remaining incumbent member of the PCLOB, Elisebeth Collins, is a Republican and only Felten is a Democrat among the nominees to date —a Klein confirmation by itself would produce a board consisting of two Republicans, and confirmations of Klein, Felten, and Nitze would create a three-to-one Republican majority. As a result, Democrats, spearheaded by Senator Ron Wyden, have blocked action on the nominations until a full slate of members could be resolved.

All Capable Nominees

The nominations of Bamzai and LeBlanc should remove this obstacle. The LeBlanc nomination provides a lot to make Democrats and privacy advocates happy: LeBlanc is a Democrat with strong privacy chops. As Enforcement Director at the Federal Communications Commission, he had a major hand in the agency privacy rules for internet service providers (since repealed by Congress) and before that headed the privacy unit for then-California Attorney General Kamala Harris. He is now in private practice and also chairs the board for the Center for Democracy and Technology. In turn, the planned nomination of Bamzai, a University of Virginia law professor and former lawyer at the Justice Department’s Office of Legal Counsel and National Security Division, to be a fifth member helps ensure partisan balance; it indicates that Elisebeth Collins will be leaving the board since Bamzai would have to fill her seat. This enables pairing LeBlanc with a Republican nominee.

I have previously praised the nomination of Ed Felten as “inspired.” Travis LeBlanc also brings a deep grounding in privacy and technology. Adam Klein was the principal author of a thoughtful 2016 CNAS report on surveillance policy calling for “meaningful steps both to enhance Americans’ digital privacy and to reassure the American people that government surveillance is consistent with American values and the rule of law.” Neither Nitze nor Bamzai have such public profiles on privacy, but both are excellent lawyers with experience in highly relevant positions at the Justice Department (and Bamzai has taught the subject and written for Lawfare). The quality of this slate of nominations shows that increased significance of privacy issues makes it possible to recruit good candidates for the PCLOB, and that those responsible for the recruiting have done good work.

Confirmation of the pending nominations shouldn’t have to await hearings on the new ones. Since PCLOB nominees go before the Senate Judiciary Committee, which is currently preoccupied with the Supreme Court nomination of Judge Brett Kavanaugh 24/7, it will some time before they can have a hearing. In the meantime, the PCLOB needs to get back in action after two years with vacancies in the chair and other positions. Without a chair, the PCLOB was unable to replace depleted staff and, without a quorum of three members, it is still unable to issue reports and initiate investigations.

Vacancies Threaten U.S.-EU Privacy Agreement

The board’s limbo has implications beyond domestic politics. The status of the PCLOB is the biggest issue in the annual review underway of the Privacy Shield framework that enables data transfers from the European Union to the United States. The European Commission counted heavily on independent PCLOB oversight of intelligence surveillance in initially approving the Privacy Shield and, in its first review last year, called for “swift appointment of the missing members” before the next review. The Commission is now under pressure from other EU institutions to deliver on this item: The body of EU data protection regulators, which has been critical of the Privacy Shield, has expressed concern about the PCLOB’s continuing dysfunction and set this past May 25, 2018 as a deadline to meet its concerns. The even-more-critical European Parliament passed a non-binding resolution on July 5 calling on the Commission to suspend the framework unless the U.S. complies with a list of items by Sept. 1, with nominations foremost on the list. The status of EU-U.S. data transfers is embattled enough without handing issues to critics.

What’s more, the PCLOB’s oversight serves an important function within the United States and abroad. As Chairman-nominee Adam Klein put it in that 2016 CNAS report on surveillance policy, “the emergence of the [PCLOB] as a visible, energetic, public-facing, and credible evaluator of key surveillance programs” was an important and positive step toward “rebuilding trust with the American people, the technology industry, and partners and publics abroad.” Too much of the PCLOB’s lifespan has been constrained by vacancies—including much of the first term of Barack Obama’s presidency. This beleaguered board deserves better.