Order Code RS22078
March 11, 2005
CRS Report for Congress
Received through the CRS Web
Privacy and Civil Liberties Oversight Board:
109th Congress Proposed Refinements
Harold C. Relyea
Specialist in American National Government
Government and Finance Division
Summary
Among the recommendations made by the National Commission on Terrorist
Attacks Upon the United States (9/11 Commission) in its final report was the creation
of a board within the executive branch to oversee adherence to guidelines on, and the
commitment to defend, civil liberties by the federal government. This report examines
the realization of this recommendation with the creation of the Privacy and Civil
Liberties Oversight Board, and efforts in the 109th Congress to refine the mandate and
the mission of the board. This report will be updated as events warrant.
The final report of the 9/11 Commission recommended that “there should be a board
within the executive branch to oversee adherence to the guidelines we recommend and
the commitment the government makes to defend our civil liberties.”1 This
recommendation was the third and final one made in a section of the report captioned
“The Protection of Civil Liberties.” In the other two, the commission recommended that
(1) the President, in the course of determining the guidelines for information sharing
among government agencies and by them with the private sector, “should safeguard the
privacy of individuals about whom information is shared”; and (2) the “burden of proof
for retaining a particular governmental power should be on the executive, to explain (a)
that the power actually materially enhances security and (b) that there is adequate
supervision of the executive’s use of the powers to ensure protection of civil liberties. If
the power is granted,” the report added, “there must be adequate guidelines and oversight
to properly confine its use.”2 Read together, these recommendations called for a board
to oversee adherence to presidential guidelines on information sharing that safeguard the
privacy of individuals about whom information is shared, and adherence to guidelines on
the executive’s continued use of powers that materially enhance security. The report
offered no additional commentary on the composition, structure, or operations of the
recommended board. Such a board, however, had been proposed in December 2003 in
1 U.S. National Commission on Terrorist Attacks Upon the United States, The 9/11 Commission
Report
(Washington: GPO, 2004), p. 395.
2 Ibid., pp. 394-395.
Congressional Research Service ˜ The Library of Congress

CRS-2
the fifth and final report of the Advisory Panel to Assess Domestic Response Capabilities
for Terrorism Involving Weapons of Mass Destruction, chaired by former Virginia
Governor James S. Gilmore III.3
Legislative Implementation
Among the initial bills offered to implement the recommendations of the 9/11
Commission was one introduced on September 7, 2004, by Senator John McCain (S.
2774).4 Title IX of the proposal would have established a five-member Privacy and Civil
Liberties Oversight Board within the Executive Office of the President. While board
members would have been appointed by the President with Senate confirmation, and
could not concurrently have held any other federal government position, their term of
office was not specified, suggesting that they would have served at the pleasure of the
President. Among the functions specified for the board to perform were (1) the provision
of advice and counsel to the President and the executive departments and agencies, both
on policy development and implementation related to the protection of the nation from
terrorism, and to ensure that privacy and civil liberties were appropriately considered in
the development and implementation of terrorism policy; (2) continual review of such
policy and its implementation, including information sharing practices, to ensure that
privacy and civil liberties were protected; (3) receipt and review of reports from privacy
and civil liberties officers prescribed elsewhere in the legislation; and (4) periodic
submission, not less than semiannually, of reports to Congress and the President. A
companion bill was introduced in the House on September 9 by Representative
Christopher Shays (H.R. 5040) for himself and 32 cosponsors, and was referred to 10
committees. However, no further action was taken on either proposal during the 108th
Congress.
A somewhat similar bill to implement the recommendations of the 9/11 Commission
was offered by Representative Nancy Pelosi (H.R. 5024) on September 8, 2004. Title V
of this proposal directed the President to determine guidelines for acquiring, accessing,
using, and sharing information about individuals among federal, state, and local
governments, as well as the private sector. It also would have established “within the
executive branch a board to oversee adherence to” the President’s afore-mandated
guidelines and “the commitment the Government makes to defend civil liberties.” No
additional details regarding the board were specified. The bill was referred to 11 House
committees, but no further action was taken on it during the 108th Congress.
Selected by the Senate majority and minority leaders to lead the effort to implement
the recommendations of the 9/11 Commission legislatively, Senator Susan Collins, the
chair of the Committee on Governmental Affairs, and Senator Joseph Lieberman, the
ranking minority member on the panel, initially discussed the general terms of their
reform bill at a September 15, 2004, press conference. One of its components would have
3 U.S. Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving
Weapons of Mass Destruction, V. Forging America’s New Normalcy: Securing Our Homeland,
Preserving Our Liberty
(Arlington, VA: Rand Corporation, 2003), pp. 22-23.
4 See Congressional Record, daily edition, vol. 150, Sept. 8, 2004, pp. S8869-S8915.

CRS-3
been a civil liberties oversight board.5 The draft text of the legislation was made public
on September 20, 2004. The Committee on Governmental Affairs began a markup of the
Collins proposal on September 21, and completed action the following day when the
committee ordered the amended measure favorably reported as an original bill.
Introduced by Senator Collins as an original bill on September 23, the legislation (S.
2840) was denominated the National Intelligence Reform Act.6 The proposal was also
introduced a second time that day, with Senator Lieberman as a cosponsor (S. 2845). At
the end of the day, a unanimous-consent agreement was reached providing that, on
September 27, the Senate would begin consideration of the latter bill (S. 2845). A bill
very similar to the Senate vehicle was introduced in the House on September 24 by
Representative Christopher Shays with bipartisan support (H.R. 5150), but no further
action was taken on this measure during the 108th Congress.
As the Senate began consideration of S. 2845 on September 27, the legislation,
among other provisions, mandated the establishment of a Privacy and Civil Liberties
Oversight Board within the Executive Office of the President (EOP). Its chair and four
additional members would be appointed by the President with Senate confirmation for
six-year terms. These provisions regarding the board remained in the bill, which the
Senate adopted in amended form on a 96-2 vote on October 6.
In the House, the vehicle for implementing the recommendations of the 9/11
Commission was introduced by Speaker Dennis Hastert on September 24, and was
denominated the 9/11 Recommendations Implementation Act (H.R. 10). The bill drew
upon a September 16 draft proposal for strengthening the intelligence capabilities of the
federal government that the President had submitted to Congress, with additional input
from committee chairs who had held hearings on the findings and recommendations of
the 9/11 Commission during August and the early weeks of September. As a result, the
bill contained various provisions not found in the counterpart Senate bill (S. 2845), as
introduced. The House bill was referred to the Committees on Armed Services,
Education and the Workforce, Energy and Commerce, Financial Services, Government
Reform, International Relations, the Judiciary, Rules, Science, Transportation and
Infrastructure, and Ways and Means, as well as the Permanent Select Committee on
Intelligence and the Select Committee on Homeland Security. Five of these panels —
Armed Services, Financial Services, Government Reform, Intelligence, and Judiciary —
conducted markups and ordered the resulting versions of the legislation reported on
September 29.
As introduced, H.R. 10 mandated a Civil Liberties Protection Officer — to be
appointed by a new National Intelligence Director (NID) — within the office of the NID
to serve as a civil liberties and privacy overseer of the intelligence community, but no
provision was made for a civil liberties oversight board. The version of the bill ordered
reported by the Committee on the Judiciary included a provision, added during markup,
establishing a Privacy and Civil Liberties Oversight Board very similar to the one which
5 Amy Klamper and John Stanton, “Intelligence: ... As Collins, Lieberman Unveil a Response to
9/11 Panel,” CongressDailyPM, Sept. 15, 2004, available at [http://nationaljournal.com/pubs/
congressdaily/dj040915.htm]; Philip Shenon, “Intelligence Proposals Gain in Congress,” New
York Times
, Sept. 16, 2004, p. A15.
6 See Congressional Record, daily edition, vol. 150, Sept. 23, 2004, pp. S9615-S9638.

CRS-4
would have been created by the Senate counterpart measure (S. 2845), except it would
have been an independent agency within the executive branch and not located in the EOP.
This provision, however, was omitted from the version of the bill reported from the
Committee on Rules on October 7.7 The board, constituted as an EOP agency, would
have been included in the House bill pursuant to an amendment substituting the text of
the Senate counterpart bill, as introduced (S. 2845), and the earlier McCain bill, as
introduced (S. 2774),8 but this amendment was defeated on a 203-213 vote.9 The version
of the House bill adopted on a 282-134 vote on October 8 made no provision for a civil
liberties oversight board.
The conference committee version of the intelligence reform legislation retained the
mandate for a Privacy and Civil Liberties Oversight Board.10 Located within the EOP, the
board would consist of a chair, vice chair, and three additional members, all appointed by,
and serving at the pleasure of, the President. Nominees for the chair and vice chair
positions would be subject to Senate approval. While the board would have most of the
review and advice responsibilities contained in the Senate-adopted version of the
legislation, it would not have subpoena power, but was authorized to request the
assistance of the Attorney General in obtaining desired information from persons other
than federal departments and agencies. Also, the eight privacy and civil liberties officers
that the Senate-adopted version of the legislation would have established within specified
departments and agencies were addressed in a sense of Congress provision stating “that
each executive department or agency with law enforcement or antiterrorism functions
should designate a privacy and civil liberties officer.” On December 7, the House, on a
336-75 vote, agreed to the conference committee report; the Senate gave its approval the
following day on an 89-2 vote, clearing the intelligence reform legislation for the
President’s signature. On December 17, President George W. Bush signed the legislation
into law.11
Elsewhere, when reporting the Transportation, Treasury, and General Government
Appropriations Bill, 2005, the Senate Committee on Appropriations indicated that Section
520 of the legislation (S. 2806) “directs each agency to acquire a Chief Privacy Officer
to assume primary responsibility for privacy and data protection policy.” These officials
appeared to be very similar to the privacy officers prescribed in the intelligence reform
bill as introduced by Senator Collins. Section 520 appeared in Title V of the legislation.
“Those general provisions that address activities or directives affecting all of the agencies
covered in this bill,” the committee report explained, “are contained in title V.” Thus, the
provision applied only to agencies directly funded by the legislation. “General provisions
7 See ibid., Oct. 7, 2004, pp. H8726-H8792.
8 For the text of the amendment, see U.S. Congress, House Committee on Rules, Providing for
Consideration of H.R. 10, 9/11 Recommendations Implementation Act
, H.Rept. 108-751, a report
to accompany H.Res. 827, 108th Cong., 2nd sess. (Washington: GPO, 2004), pp. 5-152;
Congressional Record, daily edition, vol. 150, Oct. 7, 2004, pp. 8792-H8833.
9 Congressional Record, daily edition, vol. 150, Oct. 7, 2004, p. H8850.
10 See U.S. Congress, House, Committee of Conference, Intelligence Reform and Terrorism
Prevention Act of 2004
, H.Rept. 108-796, a report to accompany S. 2845, 108th Cong., 2nd sess
(Washington: GPO, 2004).
11 P.L. 108-458; 118 Stat. 3638.

CRS-5
that are governmentwide in scope,” noted the report, “are contained in title VI of this
bill.”12
Transportation, Treasury, and General Government Appropriations were among
those which came to be included in the Consolidated Appropriations Act, 2005 (H.R.
4818), and constituted Division H of that legislation.13 Within that division, Section 522
stated: “Each agency shall have a Chief Privacy Officer to assume primary responsibility
for privacy and data protection policy,” and specified nine particular activities to be
undertaken by such officers. The section further prescribed privacy and data protection
policies and procedures to be established, reviews to be undertaken, and related reports
to be made. Located in Title V of the division, the requirements of the section appeared
to be applicable only to agencies directly funded by the division. Furthermore, it did not
appear that the section created new positions, but instead prescribed that privacy officer
responsibilities be assigned to an appropriate individual in an existing position.14
Legislative Refinements
No nominations to membership positions on the Privacy and Civil Liberties
Oversight Board were made in the early weeks of the 109th Congress, and the President’s
FY2006 budget contained no request for funds for the panel.
In a January 2005 interview with Federal Computer Week staff covering a range of
issues, Representative Tom Davis, chairman of the House Committee on Government
Reform, took issue with the Consolidated Appropriations Act’s Section 522 requirement
concerning privacy officers. He expressed concern that these privacy officers might
undercut the authority of chief information officers. “Let’s not make it so confusing that
the CIOs basically lose control of computer security and privacy becomes the overriding
concern,” he said in the interview. Indicating he will seek to eliminate Section 522, he
also suggested he was not opposed to the concept, saying: “These privacy officers have
got to be put into perspective.”15
A February 11, 2005, memorandum to the heads of the executive departments and
agencies from Clay Johnson III, Deputy Director for Management, Office of Management
and Budget (OMB), appeared to sweep beyond the Section 522 requirement, and asked
recipients, within the next 30 days, “to identify to OMB the senior official who has the
overall agency-wide responsibility for information privacy issues.” Expressing the
administration’s commitment “to protecting the information privacy rights of Americans
and to ensuring Departments and agencies continue to have effective information privacy
management programs in place to carry out this important responsibility,” it noted that a
Chief Information Officer or “another senior official (at the Assistant Secretary or
12 U.S. Congress, Senate Committee on Appropriations, Transportation, Treasury and General
Government Appropriations Bill, 2005
, S.Rept. 108-342, a report to accompany S. 2806, 108th
Cong., 2nd sess. (Washington: GPO, 2004), pp. 200, 202.
13 P.L. 108-447; 118 Stat. 2809.
14 Congressional Record, daily edition, vol. 150, Nov. 19, 2004, pp. H10358-H10359.
15 FCW staff, “The Davis Plan,” Federal Computer Week, vol. 19, Jan. 24, 2005, pp. 16, 18.

CRS-6
equivalent level) with agency-wide responsibility for information privacy issues” could
be named.16
At about the same time, efforts were underway among some House members to
develop legislation that would, if enacted, reconstitute the Privacy and Civil Liberties
Oversight Board as an independent agency within the executive branch, make all
appointments to the board’s membership subject to Senate confirmation, and limit the
board’s partisan composition to not more than three members being from the same
political party.
16 U.S. Office of Management and Budget, “Designation of Senior Agency Officials for Privacy,”
Memorandum for Heads of Executive Departments and Agencies from Clay Johnson III, Deputy
Director for Management (Washington: Feb. 11, 2005).