Concern about privacy and the protection of civil liberties runs through every facet of information sharing, in particular at fusion centers. A central question raised by the public is whether the privacy of ordinary citizens is being violated by law enforcement agencies in the hunt for terrorists.
Civil libertarians may see violations where others see legitimate law enforcement action. For example, the American Civil Liberties Union (ACLU) has strongly opposed the use of commercial databases of personal consumer information by fusion centers.
Other alleged transgressions concern rights guaranteed by the First Amendment. This year a North Central Texas Fusion System bulletin alerted police to the activity of religious groups that espouse the superiority of Islam. In a recent white paper on the American militia movement, the Missouri Information Analysis Center listed support for 2008 presidential candidates U.S. Rep. Ron Paul, (R-TX) and libertarian Bob Barr as characteristic of members of that movement, which garnered complaints.
To protect civil liberties, federal regulation 28 CFR Part 23 precludes federally funded criminal intelligence operations from collecting data about an individual’s religious, political, or social views. Sensitive information that can be collected can only be shared with other intelligence units or fusion centers on a need-to-know basis. Thus, any DIAC intelligence product incorporating consumer database information is automatically designated law-enforcement sensitive and not widely shared.
The regulation also mandates that intelligence outfits review data on a “periodic” basis—not defined in the regulation—and purge any without “relevancy and importance.” Data cannot be kept for longer than five years.
Porter of Iowa’s IIFC, who is a 25-year veteran of criminal and counterterrorism intelligence, says that the regulation’s value lies in removing discretion about whether to hold or purge data long term.
Further, many state privacy laws go further than the federal regulation, and all fusion centers have drafted, or are in the process of drafting, their own privacy policies that reinforce, and in many cases go beyond, federal guidelines in order to address critics’ concerns.
Reporting. To ensure observance of state and federal privacy guidelines, all fusion centers interviewed for this article said that they segregated reports of suspicious activity into separate databases. If a nexus with criminal activity or terrorist planning is suspected, the information is automatically forwarded to criminal investigators or to the JTTF via the FBI’s eGuardian system. It is not automatically sent to other federal entities, such as NCTC or DHS and its Office of Intelligence and Analysis, responsible for spotting trends on the national level; those types of information transfers have been handled on an ad hoc basis, says Cohen.
That is changing with the current pilot of PM-ISE’s National Suspicious Activity Reporting (SAR) Initiative. Cohen and his counterparts at the state, regional, and local level say the new SAR construct will facilitate reporting, vetting, and tracking of suspicious activity incidents, while preventing encroachment on civil liberties.
Cohen describes SAR as a “standardized national approach” that relies on a standard lexicon of variables for suspicious activity reporting, such as personal or vehicle traits, and standard procedures for their handling. (See “Fusion Centers and Civil Rights,” Homeland Security, August 2008)
In smaller jurisdictions, the SAR would likely be vetted at a state fusion center; whereas in large, high-risk cities, it would likely be vetted by a designated terrorism analyst. In either case, the analyst must determine whether the report meets two SAR thresholds: first, that it was legally gathered and documented; second, that it bears a reasonable nexus to terrorism or terrorism-related crime. If the item meets both criteria, it is forwarded to the regional JTTF and shared with analytical officials at state fusion centers and the national level.
All of the fusion center directors interviewed understand the need to safeguard civil liberties, but many of them chafe at how civil libertarians have cast the fusion center concept in negative terms.
“If you talk to the ACLU and then the fusion center directors, there’s a real disconnect, because I don’t think they understand what we’re doing,” says Harris of Delaware. “We’re very much in tune with the potential problems the ACLU objects to.”
Wormeli, of IJIS, also expresses frustration. “The truth is a lot of people have worked very hard on [the privacy issue],” he says. “I think a lot has been done, and frankly, I get really tired of the people who wave that flag without acknowledging all the work that’s being done.”
If fusion centers fail to honor their commitment to civil liberties, they will not only flout the values they’re protecting but may doom the nation’s information-sharing effort altogether. “We’ve got to get that part right. If we don’t get that part right, then close the doors,” Porter says.