Just days into his new administration, U.S. President Donald Trump moved to upend the key independent civil liberties oversight board for the U.S. intelligence community.
On 22 Jan., The New York Times reported the three Democrat members of the Privacy and Civil Liberties Oversight Board — Sharon Bradford Franklin, Edward Felten and Travis LeBlanc — all received emails from White House Deputy Director of Presidential Personnel Trent Morse demanding they submit letters of resignation by the end of the day 23 Jan. or face termination. The publication granted anonymity to "three people with knowledge of the situation" due to "fear of reprisal."
Felten declined to comment in an email to the IAPP. LeBlanc did not immediately respond to an email seeking comment. As of Thursday morning, there have been no published news reports on either PCLOB member stating their intention to resign.
In emailed comments to the IAPP, Electronic Privacy Information Center Senior Counsel and Director of the Project on Surveillance Oversight Jeramie Scott said, "The PCLOB has been a vital, bipartisan oversight body that has provided much needed transparency and oversight of government surveillance programs," Scott said. "The PCLOB's efforts have shed light on the abuses of FISA Section 702 and other surveillance authorities and has made clear the need for continued reform of government surveillance practices."
Scott also said that any attempt by the administration to undermine the independence of the PCLOB "should raise serious alarm bells and be rebuked in no uncertain terms."
Should the forced resignations come to pass, the move by the Trump administration would leave the PCLOB with one active member, Republican-appointed Beth Williams. The remaining seat on the PCLOB is currently vacant, and the board requires a three-member quorum to take official actions.
The attempt to overhaul the PCLOB, established by law to curb U.S. intelligence community's electronic surveillance abuses after the 9/11 terrorist attacks, is the latest in a flurry of executive actions taken by the Trump administration to chart a significantly different course than his predecessor in terms of digital regulatory policy. On his first day in office, Trump rescinded former President Joe Biden's executive order that sought to place guardrails on the federal government's use of artificial intelligence while establishing standards for the safe development of the technology, according to an archived fact sheet.
"The PCLOB has a significant role in protecting Americans' civil liberties as they may be disproportionately impacted by government action in the national security space," Future of Privacy Forum Vice President for Global Privacy Gabriela Zanfir-Fortuna said in an email. "This is a goal that I am sure resonates across political lines, and I hope that, at this time of transition, the new administration will in fact see the value of a strong, fully-staffed and efficiently-functioning PCLOB."
Center for Democracy and Technology President Alexandra Reeve Givens said in a statement the new administration's move to expel the Democratic members of the PCLOB represents a "brazen effort to destroy an independent watchdog that has protected Americans and exposed surveillance abuse under Democratic and Republican administrations alike."
"This effort to shoot the watchdog should set off alarm bells for how the President and his appointees seek to wield the government's broad surveillance powers," Reeve Givens said in part. "And it could torpedo trans-Atlantic trade and data sharing agreements that depended on the PCLOB's assurance of oversight when they were brokered."
EU-US DPF Impacted?
Aside from its watchdog responsibilities for the U.S. intelligence community's electronic surveillance practices, the PLCOB is charged with providing oversight of the redress mechanism for non-U.S. citizens under the EU-U.S. Data Privacy Framework, which currently remains in-tact under the Trump administration.
However, Trump's executive order that rescinded the Biden administration's safe AI development order, in part, also set a 45-day review period for all Biden-era national security executive orders, which could theoretically result in the EU-U.S. DPF being repealed.
One element of the redress mechanism in the EU-U.S. DPF was the establishment of the Data Protection Review Court on the U.S. side. Special Advocates on the DPRC are attorneys who posses security clearances to review sensitive U.S. intelligence materials. Under the DPF, the DPRC Special Advocates will serve on behalf of the EU data subject whose complaint is to be heard by the court after first clearing several procedural steps.
In a blog post for Lawfare, Red Branch Consulting founder Paul Rosenzweig, who had been appointed as a special advocate to the DPRC, announced he was resigning the court and would not serve the Trump administration.
"If, as I do, one thinks that Trump is a fundamental threat to America's essential democratic institutions, one cannot, in good conscience, offer any aid and comfort to the prospect," Rosenzweig wrote, in part.
When reached for comment by the IAPP, Rosenzweig declined to comment regarding his resignation as a Special Advocate to the DPRC. However, he did opine that the Trump administration's effort to expel three board members and would "neuter" the PCLOB "completely." He said the move will likely only increase the level of mistrust among the Europeans that the U.S. will not honor its data privacy commitments under the EU-U.S. DPF.
"Europeans have always been skeptical of U.S. government privacy oversight," Rosenzweig said in an email. "It is hard to predict what they will do because the DPF is integral to cross-Atlantic data flows and economy. My guess is that the European Commission will find some way to go forward but that the sidelining of the PCLOB will lead the Court of Justice of the European Union to again overturn the agreement."
EU privacy rights advocacy group NOYB said it was the European Commission's embrace of the PCLOB's role within the EU-U.S. DPF that was cited as a major justification to grant the U.S. data adequacy in 2023. NYOB's previous legal complaints to the CJEU spelled the end for both the Privacy Shield and Safe Harbor data transfer pacts between the EU and U.S. prior to the establishment of the EU-U.S. DPF.
"This deal was always built on sand, but the EU business lobby and the European Commission wanted it anyways," NOYB Chairman Max Schrems said in a statement. "Instead of stable legal limitation, the EU was agreeing to executive promises that can be overturned in seconds. Now where the first Trump waves hit this deal, it may soon dissolve in seconds and bring many EU businesses into a legal limbo."
If the PCLOB ceases to function as it has under previous administrations, Sidley Austin Partner Alan Raul said the executive order establishing the EU-U.S. DPF contains enough additional oversight capabilities so that even a paralyzed PCLOB would not doom the framework in and of itself. For example, Raul pointed to the role of the Office of the Director of National Intelligence’s Civil Liberties Protection Officer, which handles complaints from the European Data Protection Board under the DPF, and the Data Protection Review Court, which considers appeals.
Raul said it would not be surprising to see the Trump administration remain a part of the DPF because the first Trump administration did continue the President Barack Obama's Presidential Policy Directive-28, which instructed U.S. signals intelligence collection practices to respect individuals' privacy so commercial data flows could continue between the U.S. and the EU.
“The (ODNI) Civil Liberties Protection Officer is given a significant independent authority, assuming the Signals Intelligence/DPF executive order is not rescinded," Raul, a former PCLOB board member himself, said in an interview. "While the PCLOB’s role is important, it is by no means the exclusive checks-and-balances role for oversight of the Data Privacy Framework."
Alex LaCasse is a staff writer for the IAPP.
