The Investigation into 12333 Begins

The Privacy and Civil Liberties Oversight Board (PCLOB) voted 4–1 yesterday to conduct reviews of how Executive Order 12333 is used in counterterrorism investigations by the CIA and NSA. The PCLOB’s plan to investigate two surveillance programs conducted under the wide-ranging executive order will result in three reports — two classified, one public — that it hopes to complete by the end of this year.

Rachel Brand, the sole board member to vote against the plan, did so largely because the public proposed reports will focus on the legal framework and adequacy of EO 12333’s privacy and civil liberties protections. She expressed concern that the report might make judgments about the whole of EO 12333 activities based on information about only two programs.

But EO 12333 and its implementation are clouded in secrecy. The public knows very little about the activities that are conducted according to its terms. Such activities are usually conducted with very little congressional oversight. Examining two discrete sets of activities conducted under its auspices seems like a perfect place to start the process of informing the public about how EO 12333 is understood and used by the executive branch to conduct intelligence activities that fall largely outside of other independent oversight mechanisms.

As all of the board members recognized, these three reports will be somewhat different than the PCLOB’s previous investigations into the government’s surveillance programs that are conducted under Section 215 the Patriot Act and Section 702 of the FISA Amendments Act. 

That’s because EO 12333 governs myriad activities conducted by the Intelligence Community (IC), some of which fall within the PCLOB’s mandate of overseeing counterterrorism efforts and some that don’t. The order regulates all intelligence activities that occur outside of the scope of FISA, laying out rules for when information concerning “US persons” can be collected, used, retained, and shared. Simply put, it doesn’t authorize particular programs, it creates the framework they operate in. 

Following its previous approach of reviewing individual spy programs, the Board chose to focus on just two activities (yet to be identified) conducted under EO 12333 by the CIA and NSA, with the understanding that the Board’s oversight of the IC’s broader EO 12333 activities will continue long after these reports have been written. 

In the coming months, the board will select the two activities to be reviewed based on the programs’ significant actual or potential impacts on US persons and their information. Most of these two “deep dives” will likely be classified, but the board said that it will assess which (if any) parts of those reports warrant public-interest declassification and will work with the IC to make those parts public. 

Meanwhile, the public report on EO 12333 will explain the legal framework that the order has created and how it governs “the collection, use, retention, and dissemination of information concerning U.S. persons.” This report will seek to draw conclusions as to the adequacy of EO 12333’s privacy and civil liberties safeguards. While potentially difficult, and far from comprehensive, this task is a crucial start to informing the public about some of the most poorly understood, and potentially important, surveillance programs under the order’s constructs. 

The full hearing can be viewed here. Chairman David Medine’s statement can be found here, Rachel Brand’s is here, Beth Collins’ is here, James Dempsey’s is here, and Patricia Wald’s comments begin at 28:30 in the video. 

About the Author(s)

Megan Graham

Former Assistant Managing Editor and Security, Privacy, and Technology Fellow at Just Security Follow her on Twitter (@meganmcgraham).