Late last night, Senators Ron Wyden (D‑OR) and Martin Heinrich (D‑NM) announced that they had pressured the CIA into releasing a previously (and still largely) classified Privacy and Civil Liberties Oversight Board (PCLOB) report about an Agency program targeting potential ISIS money sources with alleged or actual U.S. Person (USP) connections. The PCLOB report raises concerns, usually obliquely, about the potential privacy and civil liberties threat the CIA program represents to the financial records (and thus identities) of American citizens.

So what does the report tell us?

The report covers staff-level discussions between PCLOB and CIA in 2015–2016. There is no evidence PCLOB staff had independent access to raw CIA data on the program in question, in contrast to Senate Intelligence Committee staff who worked on the mammoth Torture Report. The report provides no information on when the program began, who authorized it (Bush 43 or Obama), to what extent White House officials were aware of and/​or briefed on the program, etc.

The PCLOB report is strictly about CIA’s acquisition, processing and dissemination of financial data, obtained from both open and classified sources, regarding potential USP-ISIS connections. While there are many alarming aspects about potential CIA intelligence activities designed to collect USP data under this program, a few stand out.

The CIA unit responsible for intake and data processing “runs the automated [redacted] algorithm that identifies records containing presumed USP identifying information [redacted sentence/​paragraph].” (p. 45)

There is no evidence in the unredacted portions of the PCLOB report to indicate that the code underlying the algorithm in question was evaluated by PCLOB staff or any other non-CIA entity to determine its validity, reliability, etc.

The report also notes that requests by CIA and non-CIA elements for the unmasking of USP data or identities is common and seemingly on a large scale:

[redacted] attorney’s rough estimate was [redacted] receives [redacted] unmasking requests in a year. (p. 45)

If you look at the redacted portion on the number of unmasking request, the redaction encompasses at least 8 and perhaps as many as 10 numeric characters–potentially a huge number.

The declassified portions of the report make clear that there’s no real outside, consistent oversight of the CIA program; with the exception of some still-classified Attorney General guidelines, all the controls over the program are overseen by CIA staff and management…which brings me to the “Congressional oversight failure” aspect of this episode.

The report covers the 2015–2016 period. It seems clear that Wyden and Heinrich knew about this program, and had concerns about it long before yesterday. Why was this program and its implications not surfaced until now?

Of further concern is the fact that Wyden and Heinrich’s April 13, 2021 letter to DNI Avril Haines asked the DNI to declassify a report written not by the ODNI, not by CIA, but by the PCLOB–an entity that touts itself as “an independent agency within the Executive branch.” The Wyden-Heinrich approach is the exact opposite of that employed by the late Senator Frank Church (D‑ID) and the committee he led in the 1970s.

The Church Committee consulted with, but did not seek the permission of, the Ford administration in making decisions about what IC documents it included in its final report. The rules of the House and Senate give both bodies the authority, derived from Article I, Section V of the Constitution, to make public or keep secret matters under their deliberation and oversight. Wyden and Heinrich could’ve sought a vote to make the PCLOB report public on their own.

Perhaps they did in secret session and were defeated. If that’s the case, they should’ve revealed that their colleagues were keeping the American public in the dark about a potentially problematic CIA financial records snooping operation. If they made no such effort, their approach to Haines is even more problematic, as it legitimizes the precedent set by CIA in this case–that it (and by extension, perhaps every other IC agency) has the power to veto the release of PCLOB reports that are critical of its programs and activities.

As I’ve previously noted, a month before Wyden and Heinrich sent their letter to Haines, the Cato Institute initiated a Freedom of Information Act (FOIA) lawsuit to force into the open, among other things, any PCLOB reports on Intelligence Community (IC) activities undertaken pursuant to Executive Order 12333–the day-to-day operating instructions for IC operations abroad. In September 2021, the PCLOB released to Cato a heavily redacted NSA Inspector General report on potential electronic surveillance non-compliance incidents under Sections 704 and 705 of the FISA Amendments Act.

That document, and a number of heavily redacted and related emails, were produced in response to Cato’s request for “Any correspondence in any form to or from the Board regarding alleged or actual violations of laws, regulations, or executive orders by any federal department or agency under the purview of the Board.” The NSA IG report Cato is making public today has never been publicly discussed by the PCLOB. The Cato FOIA lawsuit is ongoing.

As a former serving CIA intelligence officer, I understand well the need to “follow the money” when it comes to terrorism financing. What none of us should countenance is the typical, inside-the-Beltway, Washington political theater version of oversight of IC elements, especially the CIA.

This CIA program in question, and no doubt many others, require a far deeper and more serious level of scrutiny than the PCLOB has thus far provided. Moreover, if the PCLOB is going to continue to allow its reports to be censored or held back entirely by the agencies it investigates, it should be abolished and its oversight mission given to a professional government watchdog–the Government Accountability Office (GAO).

As for House and Senate members on the respective Intelligence Committees, we need less “oversight by press release” and more hammer-dropping on IC elements that engage in activities that clearly threaten the constitutional rights of Americans.