On Jan. 22, 2025, three Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB)—an intelligence watchdog established in 2004 and charged with monitoring the government’s compliance with procedural safeguards on surveillance activities—were terminated by President Donald Trump. I recently interviewed one of them, and in the transcribed interview below, we discuss the significance for privacy protections, EU-US data transfers, and more.
The removal of the Democratic board members leaves the PCLOB with only one active member—the sole remaining Republican appointee, Beth Williams. As Andrew Weissmann indicated on Just Security shortly after the announced terminations, the board cannot take on any new projects without a quorum. That’s also because, by statute, the Board requires bipartisan membership. That means this “indispensable and important body for conducting valuable oversight”—as Weissmann put it—of the federal government’s vast intelligence and surveillance apparatus is effectively neutered.
On Monday, two of the Democratic members that were terminated–Travis LeBlanc and Edward Felten—filed suit against the government, asking the court to declare their removal was illegal and to restore them to their positions. The stakes are high, they argue:
“The President’s actions strike at the heart of the separation of powers. Not only do Plaintiffs’ removals eradicate a vital check on the infringement of ordinary Americans’ civil liberties, they also hobble an agency that Congress created to assist it with oversight of the executive branch.”
The suit points out that three years after the PCLOB was first established by law as an office in the White House, the 9/11 Commission Act of 2007 “deleted language from the prior statute stating that members served at the President’s ‘pleasure,’” as well as another clause that said, “[t]he Board shall perform its functions within the executive branch and under the general supervision of the President.”
The courts will now have to decide if the terminations were legal.
There are broader implications beyond domestic concerns about surveillance and privacy abuses. For instance, the EU-US Data Privacy Framework relies on the work of the PCLOB, including reporting that aids the European Commission in assessing whether the U.S. government’s surveillance practices are aligned with EU data protection standards.
Just days before the lawsuit was filed against the government by LeBlanc and Felten, I spoke to LeBlanc about what is at stake. In addition to making the case for the importance of the board’s independence, LeBlanc highlighted a number of issues:
- He noted that the board will not be able to start new investigations or issue reports, including on its imminent work on the use of biometrics in aviation security, the FBI’s use of open source information, the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) in 2026, and the role of tactical terrorism response teams (TTRTs) at the U.S. border.
- He referenced European concern about whether the United States is meeting the standard for adequate protections for the personal data of Europeans required under the EU-U.S. Data Privacy Framework, the assurance of which relied substantially on the PCLOB and its independent reporting.
- He suggested that a lack of proper oversight could leave U.S. citizens vulnerable to surveillance overreach.
What follows is a lightly edited transcript of the discussion.
Justin Hendrix: Travis, what does it mean for the Privacy and Civil Liberties Oversight Board not to have a quorum?
Travis LeBlanc: Without a quorum, the board is unable to conduct business at the board level. Under the PCLOBS statute, there have to be at least three board members to conduct business. And have a quorum. Currently, there is only one board member, Beth Williams. She is a part-time board member who is at the agency and, therefore, is unable to issue board guidance, board reports. She can issue a statement in her own name, but it would just be in her individual official capacity … it would not be at the board level and would not reflect a bipartisan, independent review of any of the issues that the PCLOB normally has to confront.
Justin Hendrix: And what business are you most concerned about going essentially undone at the moment?
Travis LeBlanc: The PCLOB has several oversight projects that are currently ongoing. The one that was most advanced was an investigation into the use of biometrics in aviation security, which generally would include agencies such as Customs and Border Protection or the Transportation Security Administration [TSA].
You could think of this investigation as one that looks at issues like the use of facial recognition technology by the TSA. I’m sure just about all of us who’ve traveled through airports have probably experienced the ability to use facial recognition at TSA checkpoints to verify your identity. It is opt-in currently, although the former TSA administrator now has indicated that he’d like to make it mandatory. We’ve been looking at facial recognition in aviation for several years now, and that is a report, for example, that the board could not put out right now without a quorum.
Other issues that the board is working on involve open source—the use of information by the FBI, in particular, of open source information. There are also two new projects that have been opened. One is the board is looking at section 702 of the Foreign Intelligence Surveillance Act [FISA] to prepare for the reauthorization of that provision next year, about a year from now.
Historically, the PCLOB has put out the seminal report looking at section 702 and unfortunately, the board will not be able to do that in 2026 without a quorum. Another final project that I’ll mention. There are others out there, but one final one that I’ll mention involves the use of tactical terrorism response teams (TTRTs) by the Department of Homeland Security.
These TTRTs are deployed at the border and oftentimes are collecting a lot of sensitive information, for example, from a phone that might be on a person crossing the border. Many U.S. persons, Americans, may not know that at the border they don’t have the same Fourth Amendment protections as they have in other places in the country.
And so when you’re at the border, even if you’re a U.S. citizen, the government doesn’t necessarily need a subpoena or a search warrant. to get access to your personal phone and or laptop that you may have with you. There are concerns about the sharing of information gathered there, the targeting of people.
And so that’s another investigation for which the board could not put out a report without a quorum.
Justin Hendrix: I want to switch gears just a moment and ask you a little bit about EU-U.S. data privacy, and the framework, and the role that PCLOB played in that. What might be the immediate impacts on data transfers between Europe and the U.S.? I suppose if you were at the European Commission or you put yourself in the shoes of a counterpart in Europe, what would you be thinking about knowing that PCLOB is essentially in the circumstances it is in at the moment?
Travis LeBlanc: PCLOB is very involved in the negotiations and resolution over data transfers between Europe and the United States.
I served on the board for nearly six years, and during that time, we participated in several of the European reviews on the United States’ adequacy status. And a couple of years ago, President Biden issued Executive Order 14086, which is one of the most significant reforms of signals intelligence activities that have happened in the history of the country in that executive.
There are several commitments that are made about the legitimate basis for the exercise of signals intelligence, as well as the direction for a framework that would allow Europeans in particular to have and seek redress in the United States for concerns about the misuse of their personal data by the United States government.
That order encourages—it doesn’t instruct—the PCLOB because we are an independent agency, it encourages the PCLOB to support the redress mechanism by making recommendations on judges for a new data protection review court that would consider redress claims brought by Europeans. It also encourages the PCLOB to conduct a review of the redress process and, in particular, the data protection review court to ensure that it is complying with governing procedures and policies, the executive order, and the broader data privacy framework. The PCLOB is given that role and the PCLOB accepted those roles. So, the president encouraged it, the PCLOB has formally accepted those roles to do exactly what the president encouraged us to do. This has been critical to the negotiations.
There’s concern that’s being raised in Europe about whether the United States continues to offer adequate protections for the personal data of Europeans
And to the data privacy framework with Europe because the PCLOB is an independent agency and has built a reputation as being fair and transparent. And the U.S. government, when it’s talking to the Europeans about the broad oversight mechanism that we have in the United States, often highlights the PCLOB as one of the central features of our oversight of intelligence activities in the United States, the gutting of the board and in particular removing the Democrats and the U.S. Taking the position that all board members must serve at the pleasure of the president shows and demonstrates to the Europeans that the PCLOB actually isn’t independent, and while in this instance, the decision appears to have been made solely because we were Democrats, it’s not a far leap that in the future if a Democratic board member were to draft an opinion or a statement that the administration disagreed with that would be a terminal offense.
And so, the idea that the PCLOB of the future could produce independent or nonpartisan expert reports is immediately called into question, because presumably, those reports would be reviewed by the current administration. And it would essentially be the product of the views of the administration, which would not have the indicia of independence that the Europeans have been looking for with the PCLOB or, frankly, even with the data protection review court because presumably all of those people would serve all those judges would serve at the pleasure of the president as well and also wouldn’t have any protections from independence on a going-forward basis.
From what we’ve seen, there’s concern that’s being raised in Europe about whether the United States continues to offer adequate protections for the personal data of Europeans, given that the oversight mechanisms that were put in redress mechanisms that were put in place may not have the same independence to them as they did in the past.
Justin Hendrix: We will see if the European Commission decides to take such concerns seriously and in some procedural way. I want to ask you—knowing that you only have a moment left—I read one report that suggested you might be considering legal action regarding the termination of the board positions. Is that right? If so, what would be the argument?
Travis LeBlanc: Ed Felton and I have retained Arnold and Porter in connection with our unlawful terminations from the Privacy and Civil Liberties Oversight Board.
Justin Hendrix: Speaking as a citizen. What would you most want your neighbor to understand about the PCLOB and what’s missing at this moment? What’s different about this particular lack of a quorum versus in the past?
Travis LeBlanc: As technology has developed, it has become easier for the U.S. government to obtain a massive trove of information on U.S. persons as well as non-U.S. persons. It has also become much easier for the government to share that information between agencies, between the federal and state and local governments, as well as between the U.S. government and international governments. It has also become easier for the U.S. government to lose that information, whether through an insider who releases it or through a vulnerability or cyber attack of some sort.
The risks to U.S. persons, as well as non-U.S. persons, from the misuse, abuse, and exfiltration of data are quite substantial. It is a national security issue, and it’s an issue where there is only one agency that has been focused on it full-time. In fact, it’s the only agency that has privacy in its name in an age where privacy is one of the key civil rights issues of the century. At this time, when there is so much risk, it is more important than ever to have an expert body that is there to look at matters, to advise on issues around any illegality or compliance infractions, and to be able to offer expert advice to Congress and the president on how to approach and address those issues on a going-forward basis.
Justin Hendrix: Travis LeBlanc, thank you very much.
Travis LeBlanc: Thank you, Justin.
The podcast audio of the interview is available at Tech Policy Press