Looking Forward

The landscape of oversight bodies in different countries is not uniform. Different countries have had very divergent experiences, and the maturity of the oversight bodies that exist and their relationships with external actors are at very dissimilar stages. Thus, the regular engagement between civil society and oversight in countries like the United States, the United Kingdom, and the Netherlands contrasts sharply with the experience in countries like Canada, New Zealand, Australia, Germany, and Norway, where there is considerably less, and in some cases no external engagement at all. Nonetheless, there are a variety of strategies and approaches that could be productively be adopted in most, if not all, of the countries examined.

Increase technological expertise of oversight bodies

Technology is permeating every aspect of how intelligence and security agencies go about their work. Many agencies are working with data at a scale unimaginable a decade ago, and processing it using novel techniques that are more complex than ever before. Oversight bodies are charged with ensuring the deployment and use of these technologies is lawful and not a disproportionate intrusion. However, few oversight bodies have dedicated full time technical staff assisting them in their work. In many oversight bodies, there are more lawyers on staff than technologists. Almost all oversight bodies interviewed expressed concern about the pace of technological change and the challenge they faced in keeping up. The Norwegian EOS Committee has commented in its 2016 Annual Report¹ that it must “adapt its oversight activities to the technological development” of the intelligence agencies it oversees and cautions that there “is reason to believe that we have only seen the beginning of this [technological] development.”

Likewise the Dutch CTIVD acknowledged in its 2016 Annual Report that the criticism they have faced regarding lack of technical know how is a “justifiable” critique. In 2016 they set up an “IT expert unit that will, inter alia, delve into the operations of the services’ increasingly automatised data processing systems, from the initial collection of data, through its analysis, selection and use, to its destruction.”² Similarly, in the United States, the PCLOB Board and staff have been comprised mostly of lawyers, but in 2016, the agency brought on a Technology Scholar to assist in analyzing the technical operation of the counterterrorism activities being examined, and one of the new members recently confirmed to serve on the Board is a technologist.³ Additionally, in the United Kingdom IPCO has just constituted a Technical Advisory Panel of external technical experts from academia and industry. Many oversight bodies made reference in interviews to technical assistance that previously has been, or could be provided by civil society groups in this respect.

In many oversight bodies, there are more lawyers on staff than technologists.

It is critical that oversight bodies not rely solely on technologists within the agencies they oversee in assessing surveillance activities. Particularly where oversight bodies have not hired many technologists on staff, civil society organizations can play an important role in assisting oversight bodies to understand the capabilities of, and privacy risks posed by, new technologies. In recent years, some technical information about government surveillance activities has been declassified, which has enabled civil society technologists who lack clearances to analyze the operation and intrusiveness of programs in ways that were not previously possible. There are also models for bringing technologists in to work with oversight bodies, such as the TechCongress program in the United States.⁴ This program funds technologists to work for a year for a Member of Congress, to assist on technology-related issues.

Further, many technologies in use by signals intelligence agencies have some parallel application in the private sector. This means that there is often publicly available information that allows civil society groups to have a robust understanding of the applicable principles or concepts. This provides a far greater shared information pool between civil society groups and oversight bodies than might otherwise be the case. As one civil society representative noted, there are a variety of technical questions that can be addressed “in the abstract” without the need for civil society to have access to classified details about programs’ operations. For example, civil society technical experts can help educate oversight staff on such topics as the types of metadata created by different forms of electronic communications and what information can be gleaned from each type. Oversight staff might also be able to solicit civil society technical expertise by presenting potential recommendations at a high level or asking sufficiently generalized questions to avoid the barriers of classified information.

Such unclassified consultations should be possible even for capabilities as sensitive as computer network exploitation, which countries are only now beginning to avow the use of publicly. Plainly the specifics of how agencies use such techniques, the vulnerabilities they exploit, or the targets they infect cannot be discussed, but neither do they need to be for civil society and oversight to discuss a number of issues relating to the use of the technique. Both civil society groups and oversight bodies in some countries highlighted common issues that could be examined regarding computer network exploitation including: developing post-hoc auditing standards so oversight can ensure that exploit tools used by agencies do not deploy further, or collect more information than is permitted by warrants; and exchanging views on the broader cybersecurity impact caused when errors occur with the use of computer network exploitation techniques.

Promote international cooperation

Historically, oversight bodies have been focused solely on the actions taken by the intelligence agencies they oversee, and on national issues, with less attention on what the intelligence services do in cooperation with international partners. While the intelligence agencies themselves engage in cross-border sharing, particularly within the Five Eyes alliance, there has not been a similar level of cooperation among oversight bodies nor a focus by oversight on the international sharing arrangements.⁵ Sometimes this is due to statutory limitations where the oversight bodies are not permitted to look at what intelligence agencies do in other countries. Other times it results from a lack of ability to compel the material from other agencies that would be necessary to review the practices. On yet other occasions, this results from the “third party rule” being applied that prevents the intelligence agency from being able to share material it received from foreign partners with its own oversight body, unless it receives permission from that foreign partner. Further, there is no supra, trans, or inter-national intelligence oversight body. In the course of interviews, many oversight bodies said they monitor what is happening in other countries, but that this was mostly via news articles and social media.

Coordinated action between oversight bodies in different countries could assist in plugging that accountability gap. While the issue has long been raised by civil society groups, and has been the subject of much academic writing, it is only recently that a formal grouping of oversight bodies from the Five Eyes countries has formed, named the Five Eyes Intelligence Oversight and Review Council. Another grouping of the Dutch, Belgian, Danish, Norwegian, and Swiss oversight bodies has published a joint statement discussing the risk of an oversight gap and ways to tackle this risk, when overseeing international data exchange by intelligence and security services. The grouping was created in 2016, and is conducting an investigation into the exchange of data on “(alleged) jihadists,” each from its own national context and within the framework of its own mandate, with the goal of comparing investigation methods, interpreting legal problems, and collating non-classified findings. ⁶

Some countries have also undertaken thematic reviews looking into how agencies share and cooperate with foreign partners. The Dutch CTIVD have undertaken reviews on “the implementation of cooperation criteria” which assessed the Dutch intelligence and security agencies and their cooperation with foreign services. A further review has taken place on “the exchange of unevaluated data with foreign services.” They concluded by recommending that “written policy is drawn up, that each instance of data provision is recorded and that the ministerial authorisation for the provision of data to a foreign service is granted for a specific period, for instance one year.”⁷ In their response to the report, the Ministers stated that they will no longer grant authorization for an indeterminate period, but will instead only issue authorizations for a period of no more than one year.

These sort of reviews and recommendations can plug gaps in accountability. These are positive reforms, and if similar reviews could be replicated in other countries, progress might be able to be made on an issue that has so far failed to gain traction in the courts, or in parliaments.

In the past there have also been efforts made to link together various national oversight bodies, whether it be the International Intelligence Agency Review conference series or events such as the International Intelligence Oversight Forum.⁸ These conferences were well regarded by all who attended, but were infrequent or one-offs. Some efforts have been made to create formal networks of intelligence oversight reviewers such as the European Network of National Intelligence Reviewers⁹ which was supported by many oversight bodies, but which is now inoperative due to lack of support and funds. Today, although oversight bodies enjoy some relationships with counterpart organizations from other countries, these interactions are limited and reasonably rare.

Coordinated action between oversight bodies in different countries could assist in plugging accountability gaps.

In comparison, civil society groups’ relationships with their counterpart organizations are highly developed and frequent. Many of those civil society groups interviewed work weekly in partnerships with civil society groups from other countries. There is frequent pooling of knowledge and resources, and groups will often collaborate together on activities. Regular meetings are more varied between civil society groups, but some civil society representatives described working with counterpart organizations from other countries at workshops or conferences as frequently as once a month.

Due to this regular cross-border interaction, civil society groups could well have a more international perspective on issues they are working on than do oversight bodies. They are more likely to be exposed to international trends, and potentially have greater insight into issues that have arisen in foreign jurisdictions. There are also networks of civil society groups like the European Digital Rights Initiative (EDRi) or the International Network of Civil Liberties Organisations (INCLO) which are designed to facilitate knowledge sharing and develop joint work products. Of course, some civil society groups’ missions are directly international in scope. Organizations like Human Rights Watch, Amnesty International, Privacy International, and Access Now all have international networks or chapters, and work across many jurisdictions.

The recently launched Five Eyes Intelligence Oversight and Review Council could provide an opportunity for civil society cooperation in a parallel track, and for engagement between the two international collaborative organizations. Discussion between national civil society groups and their national oversight bodies on developments in other countries could be a productive exchange.

The Five Eyes Intelligence Oversight and Review Council was set up in September 2016 “to facilitate the sharing of experiences and best practice in oversight and review.”¹⁰ It will meet annually in person and quarterly by secure electronic communication. The New Zealand Inspector General describes the purposes of the forum as to include the “exchange of view[s] in subjects of mutual interest and concern, compare best practices in review and oversight methodology, explore areas where cooperation on reviews and the sharing of results can occur and to encourage transparency to the largest extent possible.”¹¹ IPCO has said that discussions at the the Five Eyes Intelligence Oversight and Review Council included “the oversight of intelligence sharing” and “exploring areas where cooperation on reviews and the sharing of results is appropriate.”¹² The CSE Commissioner has said that these “meetings will become more important, for learning not only about best practices in review and oversight, but also how the Five Eyes review bodies can more effectively examine the relationships among their intelligence agencies to strengthen public trust in their respective countries.”¹³

Examine the efficacy of programs

A critical question that oversight bodies should examine when reviewing intelligence activities is whether the surveillance program is effective. Measuring the efficacy of surveillance programs and other intelligence activities can be extremely challenging. It is usually difficult to attribute any specific number of terrorist plots thwarted, or other specific metric, to any particular intelligence program, because individual surveillance programs are not used in isolation and intelligence agency successes will be based on a variety of sources. However, it is critical for oversight to assess the efficacy of programs because otherwise “policymakers and courts cannot effectively weigh the interests of the government in conducting a program against the intrusions on privacy and civil liberties that it may cause…[and] if a program is not working, [government] resources should be redirected to programs that are more effective.”¹⁴

Oversight bodies’ assessments of efficacy can play an important role in their assessments of surveillance programs. If a program is not effective, there can be no justification for even minor intrusions on individual privacy. While various oversight bodies do have powers to conduct such reviews, there is little published research on how best to assess whether such programs are indeed effective. For example, the Belgian oversight body has an express mandate to consider the efficacy of intelligence programs, but in practice has not probed this area due to resource constraints and the challenges faced with trying to independently quantify how effective a certain intelligence program is. In the United States, the ODNI submitted a report in which it noted that it is challenging to measure efficacy, but the U.S. Intelligence Community uses a range of both quantitative and qualitative measures, and that more work remains to be done to develop metrics.¹⁵ Although actual assessments will likely involve reviewing classified data, it may be possible for civil society to assist in developing standards and tools for conducting such reviews. Additional research could be commissioned that would arm overseers with a framework to conduct such assessments, and so when they are undertaken in the future, greater confidence can be had in their findings.

Act as a partner in securing legislative reforms

As discussed above, the interests and priorities of both civil society groups and oversight bodies can often align when it comes to intelligence reform. Such alignment can occur on a number of cross cutting issues. One key example is the report of the former Independent Reviewer of Terrorism Legislation in the U.K., David Anderson QC, which was instrumental in laying the foundations for the subsequent Investigatory Powers Act. His report diverged from civil society asks in several key places (such as his support for bulk collection warrants, which are opposed by civil society groups), but a number of vital long term civil society positions were adopted in his report. These areas included the introduction of judges into the warrant authorization process, creating a more robust oversight system, and finding there was no operational case for bulk data retention of third party web activity. All of these findings were consistent with civil society positions that had not found favor in the Home Office, but once supported by David Anderson, were adopted by government.

Thus, the final oversight report demonstrated the alignment between oversight and civil society, and helped lead to legislative reform that civil society had previously been unable to secure. Moreover, all parties have an interest in ensuring that oversight can be undertaken in the most fulsome way possible, which may include ensuring that oversight itself has a broad mandate or powers to obtain the information it needs to fulfill its function.

The interests and priorities of both civil society groups and oversight bodies can often align when it comes to intelligence reform.

In the United Kingdom, during the passing of the Investigatory Powers Bill, for the first time civil society and oversight bodies met together and shared proposals for oversight reform. This process culminated in a “wish list”¹⁶ which was jointly supported by the IOCCO and the NGO Coalition Don’t Spy On Us. The list included novel initiatives such as ensuring oversight had “full access to technical systems,” “relaxation on secrecy provisions to aid transparency” and new independent expert resources for oversight including “technical, legal privacy advocates and academics.” Many of these issues had been legislative reform goals of civil society groups for years, but despite campaigning, not much traction had been made. However after the publication of the “wish list,” a number of items were secured as amendments to the act.

Similar situations have occurred in the Netherlands where Dutch NGOs and the CTIVD have met reasonably regularly and shared concerns and proposals about the new Wiv 2.0 intelligence law currently going through parliament. In Canada, where intelligence reform is imminent, but where there are no established relationships between civil society and oversight, there is a great opportunity that should be seized, if each party is able to reach out successfully.

A more detailed study is needed than has been able to be achieved in this report assessing the impact of successful oversight and civil society agreements on legislative reform. But it seems that there is potential for such partnerships between oversight and civil society to be productive.

Undertake future focused discussion

The Dutch oversight body CTIVD began a project¹⁷ called “Supervision 3.0 project” aimed at thinking through what oversight should or could look like in the future. Its goal was to explore how intelligence agencies might work in the future, how they might use data and data analytics, and what oversight could do now to prepare for that, or a similar future.

This was done by creating various sub-projects, looking at a range of issues such as considering the future of bulk interception and possibilities to delete non-relevant data, as well as the use of automated data analysis by agencies and how oversight might be able to design systems to ensure internal control and external supervision. A number of workshops were run internally. All participants who were interviewed spoke very highly of the project. Civil society participants found it very encouraging to hear such an effort was taking place.

Replicating such an initiative, perhaps with multi-stakeholder input, could help build up common ground and understanding. Such an experience could positively impact the relationship between parties, as it allows them to engage together as part of a team, which benefits them both when discussing topics in other forums.

Foster network-building

Civil society groups and oversight bodies referenced the important role the other plays in developing each other's professional networks. From an oversight perspective, the networks civil society groups have with other community groups or grassroots organizations far exceed their own, and are a rich source of experience that can be tapped. In some circumstances, the civil society group might speak on behalf of particular communities affected by surveillance.

For example, several oversight representatives referenced the vital role a range of civil society groups played in introducing members of oversight bodies to representatives of Muslim and other minority communities. This allowed oversight to gain greater insight into the concerns of communities they might not otherwise have had an opportunity to engage with. In other circumstances civil society groups have played roles in connecting oversight bodies with representatives of journalist trade unions who were concerned about the protection of sources, as well as with membership bodies for the legal community who were concerned about the protection of legal professional privilege between clients and their representatives. From a civil society perspective, oversight bodies are ideally placed to act as interlocutors connecting government, intelligence agency and law enforcement staffers with civil society groups.

In some circumstances, the civil society group might speak on behalf of particular communities affected by surveillance

In countries where there are positive relationships between oversight and civil society bodies, there are also usually more productive relationships between civil society groups and government, intelligence agencies, and law enforcement. Although not exclusively due to connections made by oversight bodies, a number of civil society groups in those countries made express reference to the important and ongoing network building role that oversight bodies play.

Learn and apply lessons from other areas to assist oversight

Oversight bodies have strong competencies and experience as they relate to their function of overseeing intelligence agencies and law enforcement bodies. There are regularly challenging, novel and contentious issues that appear in that domain. Yet historically, due to the reasonably unique nature of the work intelligence agencies do, most of the challenging new topics affecting the intelligence community have originated from within that community.

However, with the increasing digitization of agency tradecraft, a greater number of potential techniques, opportunities, or issues can originate outside of the Intelligence Community. An example mentioned by a number of participants was the automated processing of personal data and the application of artificial intelligence and machine learning. Such techniques are being developed with far greater regularity and may be employed to assist intelligence agencies in the processing of the large quantities of data they collect, finding new targets of interest, as well as assisting intelligence analysts in their tasks.

There is a burgeoning field of academic study as well as research by civil society groups looking at a variety of issues associated with artificial intelligence (AI) tools. These include algorithmic accountability, the ethics of the use of machine learning, and potential discrimination in these contexts as neural networks are trained on data full of human biases and flaws. As civil society groups explore these techniques and their implications in fields unrelated to intelligence gathering, they may be able to share lessons learned with oversight bodies. Such lessons might include methods for finding hidden bias in AI algorithms or how to develop safeguards to minimize the privacy intrusions that AI may present.

Recommendations for Both Oversight and Civil Society

Continue to engage and expand engagements

All interviewees agreed that government and civil society representatives should continue to engage, work to expand opportunities for engagements, and initiate engagements where there are not any currently. Oversight and civil society organizations should meet regularly, both to build relationships grounded in trust and to address surveillance issues that arise. While both parties can and should initiate engagements, we recommend that oversight should consider itself as holding the primary responsibility to reach out. To the extent possible given the barrier of classified information, oversight should affirmatively solicit civil society input regarding its oversight reviews.

Communication is critical both during and between engagements

To build trust and facilitate productive working relationships, regular continued communication is critical. When civil society and oversight meet, it is helpful to have a clear agreed-upon agenda in advance. This will help to focus the discussion, to enable all participants to prepare in advance, and to avoid miscommunication. Communication following up after engagements is also important. For example, oversight bodies should make sure to report back to civil society when they have actually acted to respond to a civil society concern. Oversight and civil society should also endeavor to provide a heads up to the other in advance, such as when oversight bodies are about to release a new report or begin a new investigation, or where civil society groups are preparing to release a report.

Hold offsite conferences to bring together representatives of oversight and civil society

Some government and civil society representatives suggested that one way to promote productive engagement between oversight bodies and civil society organizations would be to hold conferences or retreats that brought people together for an extended period of dialogue. Such sessions would need to occur offsite for all participants so that everyone was removed from their daily work responsibilities, and they would need to last at least one full day. Some oversight representatives noted it would be helpful if such events were convened by a think tank or entity that is viewed as more neutral, rather than by a civil society group viewed as having a clear agenda.

Such sessions would serve two important goals. First, they would allow oversight and civil society representatives to get to know each other and build bonds of trust in a way that is not generally possible (or takes much longer) when participants are limited to individual office meetings. Second, such sessions could provide an opportunity to dig into particular issues and work toward a consensus solution.

Endeavor to use a common language

Even where communication does occur, the language everyone uses matters. One barrier to trust has been the tendency of both oversight and civil society representatives to talk past each other or to use terms that may be viewed as loaded or inflammatory which causes dialogue to be unproductive. When meeting behind closed doors, both sides should endeavor to avoid charged language and speak respectfully. In many instances, civil society organizations have developed terms that enable them to better explain government programs to the public, including laypersons unfamiliar with legal phrases or government terminology. However, when civil society representatives use such terms in conversations with government representatives it can be off-putting and cause a barrier to productive dialogue. The converse is true as well—conversations will be more productive and it will be easier to build trust relationships if government officials speak in language that recognizes the privacy and human rights risks posed by surveillance and avoid terminology that appears insensitive to civil society concerns. Everyone in the room should treat each other with respect and recognize that all participants contribute important perspectives.

Use hiring to promote understanding

Some interviewees from both oversight bodies and civil society organizations noted that it would be helpful if their counterparts hired at least some staff members with experience in the other arena. Thus, some oversight representatives noted that it would be helpful for civil society organizations to hire more people with government backgrounds and some civil society representatives stated that oversight bodies should hire more staff with experience working for civil society organizations. All these interviewees felt that such cross-pollination in hiring would facilitate better understanding and collaboration. Relatedly, one U.S. oversight representative noted that it would be helpful for intelligence agency personnel to gain experience working for oversight bodies and interacting with civil society as part of that job—and to gain the change in perspective that such work would bring.

Recommendations for Civil Society

In countries with less mature oversight systems, advocate for creation of additional or more robust oversight bodies

In some jurisdictions there are no expert oversight bodies looking at surveillance issues at all. In others, like France, the oversight body has only recently been established and their practices are still being developed. In these countries, civil society should begin by pressing for the creation or expansion of oversight bodies.

Press oversight bodies to conduct specific reviews of particular authorities and programs

Even in countries with mature oversight systems, not all surveillance activities are subject to rigorous oversight, and civil society organizations should press for increased oversight of surveillance programs that have been neglected by oversight bodies. Civil society may be able to assist oversight in identifying programs or policies that raise concerns due to their impact on individual privacy and human rights, and that should be the subject of oversight.

Urge oversight to conduct reviews even where civil society and public cannot know what is being reviewed

Many intelligence agency activities are completely classified such that even the existence of the type of surveillance cannot be revealed to the public. Thus, even where civil society cannot identify particular intelligence activities that should be subject to oversight, organizations can and should press for oversight bodies to explore the landscape of intelligence activities and ensure that the scope of oversight is as extensive as possible.

Clarify shared goals

As noted in the introduction to this report, at least at a high level, civil society and oversight share the same goal: to ensure that surveillance is conducted in accordance with the rule of law and with respect for human rights. In seeking to overcome barriers of trust with oversight bodies, civil society should emphasize these common goals and point out the extent to which civil society can assist oversight in conducting robust reviews. Whether by providing research and white papers or key questions for oversight to ask in its reviews, civil society can assist oversight bodies, and civil society representatives should emphasize this role in reaching out to oversight staff.

Provide positive reinforcement

When oversight bodies provide welcome transparency or otherwise act in ways that promote accountability, compliance with the rule of law, and respect for human rights, it is helpful for civil society to provide public positive reinforcement. Public praise can help empower these offices to continue their efforts.

Recommendations for Oversight

Seek civil society input before finalizing recommendations or policies

Oversight bodies developing recommendations could benefit from seeking civil society input before reports or policies are finalized. Executive branch oversight bodies in the United States often avoid such consultations due to a desire to protect the “deliberative process privilege,” which protects deliberative, non-final documents from disclosure. However, waiving the privilege in a given instance does not prevent the executive branch from claiming the privilege in another case. Further, executive branch oversight bodies may be able to develop strategies such as presenting several options under consideration for civil society input. Some oversight representatives spoke of the possibility of holding more generalized or “blue sky” conversations about particular issues, such as the appropriate definition of “foreign intelligence information” that can be sought through surveillance. Such practices would enable the oversight bodies to benefit from civil society’s perspective, to spot issues the oversight bodies may have missed, and to ensure that the resulting reports or policies are comprehensive and include appropriate safeguards for privacy, civil liberties and human rights.

Seek technological expertise from sources other than the agencies the oversight body is overseeing, including civil society

To understand the technology being employed in intelligence surveillance and to conduct effective reviews, oversight bodies need to have access to skilled technologists. Oversight bodies should not rely exclusively on the technologists who work at the agencies being overseen. To a large extent, oversight bodies will need to hire their own technologists or otherwise make arrangements to rely on technologists with clearances who do not work for the intelligence agencies. But oversight bodies should also tap into technological expertise in civil society. As one civil society representative explained, computer scientists and other expert technologists are familiar with most of the available technologies. So, even if they must speak about hypothetical scenarios due to their inability to access classified information, such technologists can still assist oversight bodies to understand how surveillance may be conducted and how to ask the right questions when conducting oversight.

Be transparent about how you conduct oversight and about your oversight agenda and press for greater transparency of information about intelligence activities.

Oversight bodies can promote public trust by being transparent about their own operations and how they conduct oversight reviews. Operating in public, such as through public hearings, is particularly helpful. But even where oversight bodies must conduct reviews in secrecy to protect still-classified information or the confidentiality of witnesses, they can still provide transparency about their operations. For example, oversight bodies can include a methodology section at the beginning of their reports.

In addition, to the extent possible consistent with the protection of classified information, oversight bodies should also publicize their oversight agendas to facilitate the ability of civil society and the general public to provide input. Further, as part of oversight reviews, oversight bodies should press for public interest declassification of information about the programs the bodies are reviewing. While this will not be possible for all oversight reviews or for all information regarding any given intelligence activity, oversight bodies should press to re-draw the line between information that must remain classified and information that should be available to the public. Finally, when oversight bodies do provide transparency, they should endeavor to make the information as accessible to the public as possible.

Engage with multiple stakeholders

When conducting outreach to civil society, oversight bodies should solicit input from a wide variety of stakeholders. Where there are numerous civil society groups, such as in the United States and the U.K., oversight bodies should work to engage with organizations from a range of perspectives and with a range of interests. For example, in the United States, although there are currently regular engagements between many oversight bodies and civil society groups that focus on privacy, civil liberties and human rights, oversight has far fewer meetings with groups representing the interests of minority communities, even though these communities have been directly and disparately impacted by surveillance policies.

In limited contexts, oversight bodies should sponsor civil society representatives for security clearances and bring them in for consultations

This model has been followed to a limited extent by the U.S. Department of Homeland Security, which sponsored several civil society representatives for TS/SCI clearances so they could serve on the Cybersecurity Subcommittee of DHS’s Data Privacy and Integrity Advisory Committee (DPIAC). This tactic permits civil society representatives to overcome the barrier presented by classified information, since their clearances will permit them access to classified information. However, such cleared civil society representatives will need to be bound by non-disclosure agreements (NDAs), which can make it challenging to engage in advocacy or academic writing on issues related to the classified topics on which they were consulted. As a result, many civil society representatives would prefer not to be sponsored for clearances. Thus, this strategy will likely only be appropriate in limited contexts where the consultation covers discrete topics.