Information Fusion Centers and Privacy

Latest News

Background

''Fusion centers'' are a means of bringing together information from distributed sources for the purpose of collection, retention, analysis, and dissemination. The term fusion centers was first coined by the Department of Defense (DOD) and refers to the fusing of information for analysis purposes. On November 9, 2002, the New York Times disclosed a massive DOD fusion center project managed by the Defense Advanced Research Project Agency (DARPA) known as Total Information Awareness (TIA). DARPA was developing a tracking system intended to attempt to detect terrorists through analyzing troves of information.

The project called for the development of ''revolutionary technology for ultra-large all-source information repositories,'' which would contain information from multiple sources to create a ''virtual, centralized, grand database.'' This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information. Also fed into the database would be intelligence data.

A key component of the TIA project was headed by Adminiral John Poindexter, former National Security Advsor to President Reagan. TIA was to develop data-mining or knowledge discovery tools that would sort through the massive amounts of information to find patterns and associations. TIA would also develop search tools such as Project Genoa, which Admiral Poindexter's employer, prior to his return to the federal government, Syntek Technologies assisted in developing. TIA aimed to fund the development of more such tools and data-mining technology to help analysts understand and even ''preempt'' future action.

A further crucial component was the development of biometric technology to enable the identification and tracking of individuals. DARPA had already funded its ''Human ID at a Distance'' program, which aimed to positively identify people from a distance through technologies such as face recognition or gait recognition.

In September 2003, Congress eliminated funding for the controversial TIA project and closed the Pentagon's Information Awareness Office, which had developed TIA. It was not believed to signal the end of other government data-mining initiatives that are similar to TIA. Projects such as the Novel Intelligence from Massive Data within the Intelligence Community Advanced Research and Development Activity (ARDA) moved forward. The FBI and the Transportation Security Administration were also working on data-mining projects that fused commercial databases, public databases, and intelligence data and had meetings with TIA developers.

Another fusion center initiative was the Multi-state Anti-Terrorism Information Exchange (MATRIX) project. MATRIX was a prototype database system run by the State of Florida and Seisint, a private company. Built by a consortium of state law enforcement agencies, MATRIX proposed to combine public records and private record data from multiple databases with data analysis tools. MATRIX was established with the assistance of the Institute for Intergovernmental Research’s Global Justice Information Sharing Initiative. The program collapsed when it was disclosed to the public, and states were pressured by residents to withdraw from the program.

In March 2004 the states of New York and Wisconsin withdrew their participation in the project.

DARPA’s Total Information Awareness Program

On November 9, 2002, the New York Times (http://www.nytimes.com/2002/11/09/politics/09COMP.html) disclosed a massive DOD fusion center project managed by the Defense Advanced Research Project Agency (DARPA) known as Total Information Awareness (TIA). DARPA was developing a tracking system intended to attempt to detect terrorists through analyzing troves of information.

The project called for the development of "revolutionary technology for ultra-large all-source information repositories," which would contain information from multiple sources to create a "virtual, centralized, grand database." This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information. Intelligence data would also be fed into the database.

Admiral John Poindexter, former National Security Advisor to President Reagan, headed a key component of the TIA project. TIA was to develop data-mining or knowledge discovery tools that would sort through the massive amounts of information to find patterns and associations. TIA would also develop search tools such as Project Genoa, which Admiral Poindexter's employer, prior to his return to the federal government, Syntek Technologies assisted in developing. TIA aimed to fund the development of more such tools and data-mining technology to help analysts understand and even "preempt" future action.

A further crucial component was the development of biometric technology to enable the identification and tracking of individuals. DARPA had already funded its "Human ID at a Distance" program, which aimed to positively identify people from a distance through technologies such as face recognition or gait recognition.

In August 2002, the International Association of Chiefs of Police released the recommendations of its Criminal Intelligence Summit held March 7-8, 2002, with the final document coming from the DOJ's office of Community Oriented Policing Services (COPS). The report acknowledged that the problems identified following the September 11, 2001 terrorist attacks were found to be with "intelligence exchange between national agencies..." Then the report quickly endorsed the creation of a Criminal Intelligence Coordinating Council to implement the National Intelligence Plan that would engage local, state, and federal law enforcement agencies in a database sharing environment. The plan addressed the legal impediments to the effective transfer of criminal intelligence between authorized local, state, and federal law enforcement agencies. This plan became the superstructure for the next domestic Fusion Center effort by advocating for the creation of the Criminal Intelligence Coordinating Council and charged it with accomplishing a number of goals:

"Ensure compatible policy standards, guidelines and operating procedures in the further development and integration of existing intelligence sharing systems (including standards for the collection, analysis, dissemination, storage and purging of information); create standards for participation in the Council and coordinated intelligence network; promulgate standards and guidelines; publicize and enforce sanctions for the misuse of information from the coordinated network... Create a funding plan ...eliminate barriers in...laws and polices that limit intelligence sharing..."

The Criminal Intelligence Summit participants stressed the need to not limit the data sharing to terrorism or terrorist related activity, but to extend it to all criminal intelligence under the general heading of "Intelligence-Led Policing." Criminal intelligence was defined as "the combination of credible information with quality analysis--information that has been evaluated and from which conclusions have been drawn." The report supported expanding the information sharing database to include court records, emergency management personnel, and "specialized security forces of particular situation-relevant intelligence."

The plan to overcome barriers to intelligence sharing included the following:

"The hierarchy within the law enforcement and intelligence communities. In some cases real and in others only perceived, the hierarchical organization of law enforcement and intelligence agencies (with federal agencies being at the top of the pyramid and local, state, county, and Tribal agencies further down) leads to organizational incentives against intelligence sharing and even anti-sharing cultures. At best, the disaggregation of activity means that managers in one agency might not imagine that others would find their intelligence data useful. At worst, the structure creates an us versus them mentality that stands in the way of productive collaboration."

A key goal of the proposal establishes the need to "[c]reate a marketing strategy to increase stakeholder participation in the intelligence sharing process and conduct public education to promote acceptance of the system overall."

In September 2003, Congress eliminated funding for the controversial TIA project and closed the Pentagon's Information Awareness Office, which had developed TIA. It was not believed to signal the end of other government data-mining initiatives that are similar to TIA. Projects such as the Novel Intelligence from Massive Data within the Intelligence Community Advanced Research and Development Activity (ARDA) moved forward. The FBI and the Transportation Security Administration were also working on data-mining projects that fused commercial databases, public databases, and intelligence data and had meetings with TIA developers.

National Criminal Intelligence Sharing Plan

In October 2003, the National Criminal Intelligence Sharing Plan was published by the Justice Department's project the Global Justice Information Sharing Initiative ("Global"). The report states that 75% of the law enforcement agencies within the United States have less than 24 sworn officers. The report's goal is to provide these small law enforcement agencies with the same ability as big city, state, and federal law enforcement offices to develop, gather, access, receive, and share intelligence information.

"The need to increase availability of information, from classified systems to local and state law enforcement agencies, for the prevention and investigation of crime in their jurisdictions...The need to identify an intelligence information sharing capability that can be widely accessed by local, state, tribal, and federal law enforcement and public safety agencies."

The proposal recommended the establishment of a Criminal Intelligence Coordinating Council (CICC or Council) composed of local, state, tribal, and federal law enforcement executives. The Council was recommended to operate under the direction of the Global Advisory Committee and would be charged with monitoring the implementation of the National Intelligence Sharing Plan. A few members of the Global Advisory Committee include: Administrative Office of the US Courts, American Association of Motor Vehicle Administrators, American Corrections Association, American Probation and Parole Association, Conference of State Court Administrators, Executive Offices for US Attorneys, FBI Criminal Justice Information Services Division, International Association of Chiefs of Police, INTERPOL - USNCB, National Conference of State Legislatures, National Council of Juvenile and Family Court Judges, National District Attorneys Association, National Governors Association, National Legal Aid and Defender Association, Department of Homeland Security, Department of Justice -- Justice Management Division, and the US Drug Enforcement Agency.

The report also moved the goal to not just involve law enforcement, the courts, and emergency management databases, but to extend its reach to private entities.

Multi-State Anti-Terrorism Information Exchange (MATRIX)

During this same period of time, another fusion center initiative came under public scrutiny in the National Criminal Intelligence Sharing Plan as a data warehouse. The Multi-state Anti-Terrorism Information Exchange (MATRIX) project acted as a prototype database system run by the State of Florida and Seisint, a private company. Built by a consortium of state law enforcement agencies, MATRIX proposed to combine public records and private record data from multiple databases with data analysis tools. MATRIX was established with the assistance of the Institute for Intergovernmental Research’s Global Justice Information Sharing Initiative. The program collapsed when it was disclosed to the public, and states were pressured by residents to withdraw from the program.

In March 2004, the MATRIX project was on its last gasp when New York and Wisconsin withdrew their participation. By May 14, 2004, the Criminal Intelligence Coordinating Council, proposed by the National Criminal Intelligence Sharing Plan, became an official project of the Department of Justice.

Latest Government Information Fusion Center Initiative

In May 2004, the Department of Justice announced its progress in implementing the National Criminal Intelligence Sharing Plan. The announcement made public the decision to create a Criminal Intelligence Coordinating Council (CICC) that would be managed by Global. By December 2004, the push for a national Fusion Center initiative received a boost when the Department of Justice sponsored Global Infrastructure/Standards Working Group published A Framework for Justice Information Sharing: Service Oriented Architecture (SOA). States using local, state, and federal funds created information Fusion Centers. In August 2005, Global published the Fusion Center Guidelines.

The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity. This criminal information and intelligence should be both strategic (i.e., designed to provide general guidance of patterns and trends) and tactical (i.e., focused on a specific criminal event).

In 2007, a Congressional Research Service Report on Fusion Centers outlined several fundamental problems with the Fusion Center Guidelines’ development: first, adherence is voluntary, second, the philosophy outlined is generic and does not translate theory into practice, and third, they are oriented toward the mechanics of Fusion Center establishment. The majority of regional Fusion Centers are concentrated in large urban areas. The jurisdiction of these centers is also covered by state Fusion Centers, but there is a question regarding how overlapping jurisdictions are managed. The Congressional Research Service Report on Fusion Centers also points out that there is no single legal authority that governs the operation of Fusion Centers.

In 2008, the Department of Homeland Security, the Department of Justice, and Global jointly published a supplement to the Fusion Center Guidelines called Baseline Capabilities ( www.it.ojp.gov/documents/baselinecapabilitiesa.pdf). Baseline Capabilities defines the capabilities needed to create a nationwide network of fusion centers and sets forth the minimum standards for a fusion center to be able to perform basic functions.

The Department of Homeland Security set out an objective to create a network of fusions centers as a unique law enforcement and threat information resource that works across jurisdictions and is supported by multidisciplinary teams dispersed throughout a national network of information hives. [Fusion Center Locations] As of 2011, the Department of Homeland Security and the Department of Justice recognize 73 fusion centers across the country. There is a fusion center in every state and special fusion centers for urban areas and other regions. According to the Department of Homeland Security (http://www.dhs.gov/files/programs/gc_1301685827335.shtm), the recognized fusion centers are:

Austin Regional Intelligence Center; Austin, TX

Boston Regional Intelligence Center; Boston, MA

Central California Intelligence Center; Sacramento, CA

Central Florida Intelligence Exchange; Orlando, FL

Chicago Crime Prevention and Information Center; Chicago, IL

Cincinnati/Hamilton County Regional Terrorism Early Warning Group; Cincinnati, OH

Delaware Valley Intelligence Center; Philadelphia, PA

Detroit and Southeast Michigan Information and Intelligence Center; Detroit, MI

Houston Regional Intelligence Service Center; Houston, TX

Kansas City Regional Terrorism Early Warning Interagency Analysis Center; Kansas City, MO

Los Angeles Joint Regional Intelligence Center; Los Angeles, CA

El Paso Fusion Center (MATRIX); El Paso, TX

Metro Operations Support and Analytical Intelligence Center; Dallas, TX

Nevada Threat Analysis Center; Carson City, NV

North Central Texas Fusion Center; McKinney, TX

Northeast Ohio Regional Fusion Center; Cleveland, OH

Northern California Regional Intelligence Center; San Francisco, CA

Northern Virginia Regional Intelligence Center; Fairfax, VA

Orange County Intelligence Assessment Center; Orange County, CA

San Diego Law Enforcement Coordination Center; San Diego, CA

Southeast Florida Fusion Center; Miami, FL

Southeastern Wisconsin Threat Analysis Center; Milwaukee, WI

Southwest Texas Fusion Center; San Antonio, TX

Southwestern PA Region 13 Fusion Center; Pittsburgh, PA

St. Louis Fusion Center; St. Louis, MO

Turning Fusion Centers into Hardware and Software

The Global Infrastructure/Standards Working Group's report A Framework for Justice Information Sharing: Service Oriented Architecture (SOA), stated:

"The purpose of this report is to describe the recommendation of the Global Justice Information Sharing Initiative (Global) Advisory Committee (GAC) for the operational requirements of justice agencies and the requirements for a national community."

In August 2005, Global Justice Information Sharing Initiative and Department of Homeland Security published Fusion Center Guidelines. The guidelines stated the software of choice as being Extensible Markup Language (XML), which facilitates efficient and near real time sharing of information resident on geographically dispersed databases. The initiative promotes data sharing among law enforcement though the use of a common platform that can be used on existing hardware. The goal is to achieve a low-cost method of removing barriers to data sharing among beat officers, court records, state records, jails, and prisons that is efficient and effective.

The Fusion Center Guidelines endorse the use of the new database sharing capability created by the open source XML standards. This open standards programming language provides users with a data sharing capability that would not require the replacement or redesign of existing systems. This programming language allows the identification of fields of information through the use of a translation feature that goes between the system being asked for information and the end requester. In this process, the source of the data and the recipient do not need to change their systems to participate in the information exchange network.

The interesting aspects of the proposal are the promotion of a national collection and analysis of information. The National Information Exchange Model proposed for the fusion centers is designed to create the building blocks for national-level interoperable information sharing and data exchange that will integrate the public safety and private sector entities to the already established law enforcement exchange.

Exchanging information is only the beginning of the process; the goal is institutionalizing the relationships between the fusion centers and the public safety and private sector partners. The Global recommendations make the case for distributed and centralized data management systems. Distributed systems will allow the data controller to be in charge of access, while the centralized process would allow the fusion center to manage the data. A white paper examining strategies for enhancing information sharing pointed out that successful distributed and centralized information-sharing systems are in operation today. The goal is to get local, state, federal law enforcement, government agencies, and private sector data warehouses into the same project.

On September 14, 2006 the Department of Homeland Security reported that 38 state and local Information Fusion Centers supported by $380 million in federal dollars were operational. The investment in time, energy, and resources are focused on one objective of maximizing access to the greatest amount of information as possible.

A 2010 Government Accountability Office Report on Information Sharing at fusion centers (http://www.gao.gov/products/GAO-10-972) reports:

DHS and DOJ also share classified and unclassified homeland security and terrorism information with fusion centers through several information technology networks and systems. For example, in February 2010, DHS’ I&A reported that it had installed the Homeland Secure Data Network, which supports the sharing of federal secret-level intelligence and information with state, local, and tribal partners, at 33 of 72 fusion centers. DHS also provides an unclassified network, the Homeland Security Information Network, which allows federal, state, and local homeland security and terrorism-related information sharing.

The Details: WHO is collecting information, WHAT information do fusion centers collect, WHAT do they do with it, and WHERE does it come from?

Fusion Centers employ a variety of federal, state, and local law enforcement, intelligence and emergency management representatives. Examples of representatives who staff fusion centers include:

State police, county sheriffs, city police, National Guard, DHS intelligence specialists, Customs and Border Protection agents, FBI intelligence analysts, and Drug Enforcement Administration agents. (Source: Government Accountability Office Report).

The number of staff and personnel vary depending on the fusion center. The Government Accountability Office Report provides the following breakdown of staffing:

Percentage of Fusion Centers Number of Staff 23% 9 or fewer 28% 10-25 22% 25-50 17% 51-75 10% 75 or more

*Information current through March 2009

What Information Do Fusion Centers Collect?

Appendix C of Fusion Center Guidelines outlines a detailed list of entities that should be included in the local and state fusion center matrix.

Agriculture Food Water Environment Banking and Finance Chemical Industry Hazardous Materials Criminal Justice Retail Real Estate Education Emergency Services Utility/Energy Companies Government Health Public Health Services Social Services Transportation Hospitality and Lodging Information & Telecom Military Facilities DOD Industrial Base Postal and Shipping Private Security Public Works

(Fusion Center Guidelines Appendix C)

The proposal directs that information categories could fall into one of two types: strategic and tactical information. Strategic information may provide data on individuals not under criminal investigation or operations that an entity manages, and tactical information may provide data in support of ongoing criminal investigations. It would be very difficult to imagine someone living within the United States who would not have one or multiple points of information confluence in the proposed system. The Fusion Center guidance said the following about the Fusion Center Functions:

"The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity. This criminal information and intelligence should be both strategic (i.e., designed to provide general guidance of patterns and trends) and tactical (i.e., focused on a specific criminal event)."

The definition of national intelligence was changed by the enactment of the Intelligence Reform and Terrorism Prevention Act of 2004 bill to reform the intelligence community and the intelligence and intelligence-related activities of the United States Government.

“The terms national intelligence and intelligence related to national security refer to all intelligence, regardless of the source from which derived and including information gathered within or outside the United States. . .”

The new law also defines the information sharing environment (ISE). It states:

“The President shall ...ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment that connects existing systems, where appropriate, provides no single points of failure, and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector ensures direct and continuous online electronic access to information facilitates the availability of information in a form and manner that facilitates its use in analysis, investigations and operations builds upon existing systems capabilities currently in use across the Government.”

What Do Fusion Centers Do With the Information?

The focus fusion centers’work will not be limited to terrorism or terrorist activity, but will, according to the appendices of the Fusion Center Guidelines, extend to the investigation of persons on public assistance, illicit drugs, traffic accidents, and aviation accident analysis. In a 2010 speech (http://www.justice.gov/ag/speeches/2010/ag-speech-100223.html) at the Annual National Fusion Center Conference, Attorney General Eric Holder stated that “although our fusion centers were initially established to combat terrorism, they’ve been designed and equipped to expand beyond that goal. . . . In the work of protecting our people, fusion centers can, and must, tackle every type of threat and all forms of crimes.” Attorney General Holder listed “gangs, guns, and drugs” as top priorities of today’s fusion centers. The 2010 Government Accountability Office Report (http://www.gao.gov/products/GAO-10-972) describes that fusion centers take varying approaches to the work that they do. Some fusion centers are “All-Crime” centers, focusing on terrorism and other crimes, like narcotics smuggling and counterfeiting. Other fusion centers are “All-Hazard” centers, focusing not only on terrorism and other crimes, but also on identifying and helping coordinate the response to other hazards, like emergencies and natural disasters.

Fusion Center Guidelines Chapter 14 is titled, "Offer a variety of intelligence services and products to customers." The output of the fusion center process is called "product," and it is recommended that the work of the centers not be limited to "intelligence product dissemination." The National Criminal Intelligence Sharing Plan states, "Criminal intelligence results from a process that begins with planning and direction, followed sequentially by: information collection, processing/collation, analysis, dissemination, and reevaluation (feedback) of information on suspected criminals and/or organizations."

The Guidelines recommend that Fusion Centers "produce both strategic and tactical" information and suggest a list of services and products to produce:

Investigative and tactical responseProactive strategic analysisIntelligence support for investigationsVisual investigative analysisAlerts and notificationsDeconflictionTarget identificationCritical Infrastructure analysisTraining OpportunitiesGeospatial ImagingCriminal backgrounds and profilesCase correlationCrime-pattern AnalysisAssociation, link, and network analysisTelephone-toll analysisFlowchartingFinancial analysisIntelligence reports and briefingsThreat assessmentsTerrorism calendarWhere Does the Information Come From?

The range of information to be collected by service providers who participate in the fusion center effort could include: all sources of financial records kept by banking institutions; all contacts with the criminal justice system by criminals and non-criminals; all forms of education (day cares, preschools, primary and secondary schools, colleges and universities, and technical schools); government issued licenses and permits; access to medical records held by hospitals, public health, and primary care physicians; hospitality and lodging; information and telecommunication service providers; military facilities and defense industrial base; postal and shipping services; private security (alarm companies, armored car companies, investigative firms, corporate security offices); public works; social services; and transportation. The appendices of the Fusion Center Guidelines list the following as data collection targets:

Banking & Finance IT/Telecom Health & Education Jails/Prisons/Court Records Federal, State, Local Gov. (Permits Licenses) Hospitality & Lodging Banks Credit Cards Co. Credit Reports Securities firms Financial services ISPs Telecommunication E-mail Providers Cyber Security Co. Day Care Centers Preschools Colleges/Universities Technical Schools Mental Health Physician Patient Info Local Hospitals Private EMS Veterinary Gang Information. Names of Associates Relatives Jail/Prison Visitors Biographical Info Traffic Accident Tribal Law Enforcement County Clerk US Courts Game and Fish DMV Records Vehicle Registrations Civil Records Property Appraiser Mortgages Deeds Civil Suits Gaming Industry Sports Authority Sporting facilities Amusement parks Cruise lines Hotels, motels, Resorts Convention Centers

Along with a host of local, state and federal law enforcement agencies, private companies also participated in the Public Safety Fusion Group, which included Walt Disney World Company, Fidelity Investments, Microsoft, and Archer Daniels Midland. The goal is to, within the fusion center environment, integrate nontraditional customers of information and intelligence with traditional customers of information analysis. Fusing of information based on an identified threat, criminal predicate, or public safety by the seamless collection, blending, analysis, dissemination, and use of information intelligence is the goal. The intelligence and analysis of information is proposed to be based on the needs of users, with the list of users including all levels and types of law enforcement, intelligence community, DOD, and private sector entities. It appears the official uses could be limitless.

The definition of national intelligence was changed by the enactment of the Intelligence Reform and Terrorism Prevention Act of 2004 bill to reform the intelligence community and the intelligence and intelligence-related activities of the United States Government.

The terms national intelligence and intelligence related to national security refer to all intelligence, regardless of the source from which derived and including information gathered within or outside the United States...

The new law also defines the information sharing environment, (ISE) as

The President shall ...ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment that connects existing systems, where appropriate, provides no single points of failure, and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector. It ensures direct and continuous online electronic access to information, facilitates the availability of information in a form and manner that facilitates its use in analysis, investigations and operations, and builds upon existing systems capabilities currently in use across the Government.

The focus of fusion centers is on information collection as a means of determining crime trends with an eye toward predicting crime before it occurs. The four major desired outcomes for fusion centers are: the reduction of the incident of crime; suppression of criminal activity; the regulation of noncriminal conduct; and the provision of services.

Funding and Other Support for Fusion Centers

According to the Government Accountability Office Report, the average funding breakdown for 52 fusion centers in fiscal year 2010 was:

Local Funds: $10 million

State Funds: $30 million

Federal Funds: $62 million

Federal Support

The initial support for fusion centers came from federal funding. Fusion Centers continue to get federal support in a number of ways.

Federal Grant Funding: The Department of Homeland Security runs a Homeland Security Grant Program (HSGP). This grant program consists of five smaller programs: (1)State Homeland Security Program (SHSP); (2)Urban Areas Security Initiative (UASI); (3) Operation Stonegarden (OPSG); (4) Metropolitan Medical Response System (MMRS); (5) Citizen Corps Program (CCP). The grant programs are not dedicated sources of funding for fusion centers and are not limited to funding fusion centers. Even so, the State Homeland Security Program and the Urban Areas Security Initiative are primarily used for fusion center funding. These funds are allocated at the discretion of the state and local grantees. Between 2004 and 2009, the Government Accountability Office reports that $426,221,907 of Department of Homeland Security funding was used to support fusion center activities.

Federal Personnel: The Department of Homeland Security and the Department of Justice supply fusion centers with full-time and part-time personnel. According to the Government Accountability Office Report, as of July 2010, the DHS has deployed 58 personnel to fusion centers, and the FBI has deployed 74 personnel to fusion centers.

Federal Training and Technical Assistance: The Departments of Homeland Security and Justice offer fusion centers a variety of training and technical assistance programs. Programs include trainings on intelligence analysis and privacy protections.

Participant Support

The Fusion Center Guidelines include advice on keeping the doors open once up and running. The Fusion Center Guidelines Chapter 17 recommends that centers leverage existing resources and funding from participants. One means suggested for accomplishing this is found in Chapter 5 of the Guidelines, which supports the use of "Utilize Memoranda of Understanding (MOUs) and Non-Disclosure Agreements (NDAs), or other types of agency agreements..."

Memoranda of Understanding are seen as a means of ensuring resource commitments from participants. The guidance also states the importance of identifying the return on investments made by Fusion Center partners.

Memorandum of understanding are informal agreements that are not contracts. A memorandum of understanding is a policy document used to establish ground rules for a particular purpose, project, or effort. In the case of Fusion Centers, a memorandum of understanding is reached among participating entities. A representative of each participating organization must sign the agreement on the entiy’s behalf. A series of internal directives may also be used to further refine the goals, purposes, and objectives of the Fusion Center.

Unlike memoranda of understanding, non-disclosure agreements do have a legal consequence if violated--these agreements are often associated with sensitive or proprietary information. The non-disclosure agreement offers another level of protection for those who engage in the sharing of secret or protected information. In this context, the guidelines specifically mentions the vulnerability of private sector participants who engage in the sharing of sensitive information. According to the Guidelines, "[T]he NDA provides private sector entities an additional layer of security, ensuring the security of private sector proprietary information and trade secrets." One of the types of information sought that is not related to physical protection of facilities are customer and client lists.

Justifying Fusion Center Development

The National Criminal Intelligence Sharing Plan released in October 2003 suggests that the events of September 11, 2001 were related to barriers that prevented information and intelligence sharing by local and state law enforcement agencies. This conclusion runs counter to the findings of the report by the National Commission on Terrorists Attacks released in July 2004. The Commission's report recounted that by July 2001, the heightened number of threat advisories had reached a level not seen since the Millennium bomb plot of 1999, which was averted. The report's Chapter 8, "The System was Blinking Red," stated that on July 2, the FBI issued a general threat advisory to local and state law enforcement agencies regarding the possibility of a terrorist attack. They were directed to "exercise extreme vigilance and report suspicious activities to the agency." On July 5, the Immigration and Naturalization Service (INS), the FAA, the Coast Guard, the Secret Service, Customs, the CIA, and the FBI met with the White House on the threat situation and were told not to share the threat information they received with others.

In April 2004, it was reported to the 9-11 Commission that the CIA and the FBI still could not search each other’s terrorist databases. The barriers were cause by a lack of interoperability among databases used by the two agencies.

Some point to Hurricane Katrina and its aftermath as another factor that motivated Fusion Center development.

Where do Privacy and Civil Liberties Protection Fit?

A July 2007 CRS report on Fusion Centers stated that "[c]urrently, the states legal authorities recognizing or establishing a fusion center range from nonexistent, to memorandum of agreements by the partnering agencies, and in one case a state statue, which defines the center and its responsibilities."

There are questions about the focus on privacy and civil liberty considerations within the development of the Global Justice Information Sharing Initiative and Department of Homeland Security, Fusion Center Guidelines. The guidelines were published in the summer of 2005, but the Global Privacy and Information Quality Working Group issued its final report, a Privacy Policy Development Guide and Implementation Templates, in October 2006. The report noted the importance of privacy protections from the conception through the implementation of an information sharing initiative and said, “The project team should have access to subject-matter experts in areas of privacy law and technical systems design and operations, as well as skilled writers, but these individuals do not necessarily have to be team members.”

The Code of Federal Regulations (28 CFR Part 23) is cited in the National Criminal Intelligence Sharing Plan as the rule that provides "privacy protection for data subjects. The regulation addresses the management of inter-, and multi jurisdictional criminal intelligence sharing systems operated by local and state law enforcement or on their behalf.” For example on the issue of data accuracy, source information can be “Reliable,” “Usually Reliable,” or “Unreliable,” while content accuracy can be deemed to be “Confirmed,” “Probable,” or “Doubtful.” Further, local and state criminal data sharing entities "can [include] the names of individuals or organizations not reasonably suspected of involvement in criminal activity . . . in a criminal intelligence database." The code that allows users to access the system supports unlimited reasons for using the database, and there is no need to have reasonable suspicion before using it.

Federal rules regarding the accuracy of criminal databases is not more comprehensive than the state guidance. In 2003, the FBI established a new rule exempting the National Crime Information Center (NCIC) system from the accuracy requirements of the Privacy Act of 1974. The NCIC database provides over 80,000 law enforcement agencies with access to a computerized network of more than 39 million records regarding criminal activity. For the past thirty years, the FBI has operated the NCIC database with the Privacy Act accuracy requirement in place. The Act requires that any agency that maintains a system of records "maintain all records which are used . . . in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individuals in the determination." Circumventing that statutory obligation poses significant risks, not only to individuals whose record files may be part of this data system, but also for communities that rely on law enforcement to employ effective, reliable tools for ensuring public safety.

In March 2002, the FBI set a new record for inquiries processed in one day. It responded to 3,295,587 requests. On average, there are 2.8 million transactions processed each day, with an average response time of 0.16 seconds. As a result, any error in the NCIC database can spread across the country in less than a second.

Several well-publicized incidents demonstrate the consequences of inaccurate and incomplete information in the NCIC. In one case, a Los Angeles man was arrested five times, three of them occurred at gun point, due to an error in the NCIC [see Rogan v. Los Angeles, 668 F. Supp. 1384 (C.D. Cal. 1987)]. In this case, an escaped prisoner assumed the identity of an innocent person and then committed a robbery and murder. In another instance of criminal database error, a Phoenix resident, who was pulled over for driving the wrong way down a one-way street, was arrested after an NCIC inquiry erroneously revealed an outstanding misdemeanor arrest warrant that had been quashed weeks earlier.

These incidents, and others like them, reveal the potential harms that individuals may face if the records in the NCIC database are not accurate. These incidents demonstrate that the FBI should work to improve the accuracy of this system of records rather than administratively exempt itself of this important duty.

The Privacy Act of 1974

The Privacy Act of 1974, Public Law 93-579 was established with the express purpose of guarding against these types of government database abuses by setting standards for the quality of data the government collects about individuals. It safeguards privacy through creating four procedural and substantive rights in personal data. First, it requires government agencies to show an individual any records kept on him or her. Second, it requires agencies to follow certain principles, called "fair information practices," when gathering and handling personal data. Third, it places restrictions on how agencies can share an individual's data with other people and agencies. Fourth and finally, it lets individuals sue the government for violating its provisions.

In passing the Act, Congress found that "the opportunities for an individual to secure employment, insurance, and credit, and his rights to due process, and other legal protections are endangered by the misuse of certain information systems," and therefore, "it is necessary and proper for the Congress to regulate the collection, maintenance, use and dissemination of information by such agencies." To that end, Congress passed the Act to ensure, among other things, that any information held by the government would be "current and accurate for its intended use.”

The Privacy Act is a powerful tool for providing protection to people against government abuses when it is applied. Unfortunately, the Act allowed certain government agencies that are engaged in law enforcement the power to excuse themselves from the Act's rules. Agencies have also circumvented information sharing rules by exploiting a "routine use" exemption. It is unclear how the merging of law enforcement purposes with non-law enforcement purposes would play out, but legal challenges would create new areas for local, state, and federal courts to review the fusion center process.

The foundations of the Privacy Act are the elements of the Code of Fair Information Practices that are codified by that law. The Code of Fair Information Practices is cited three times in the Privacy Policy Development Guide and Implementation Templates drafted by the Global Privacy and Information Quality Working Group of the DOJ’s Global Justice Sharing Initiative. None of the citations enumerated the Code of Fair Information Practices or its history.

The Code for Fair Information Practices is the central contribution of the Health, Education, and Welfare Advisory Committee on Automated Data Systems. The Advisory Committee was established in 1972, and the report was released in July. The citation for the report is as follows:

There must be no personal data record-keeping systems whose very existence is secret. There must be a way for a person to find out what information about the person is in a record and how it is used. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent. There must be a way for a person to correct or amend a record of identifiable information about the person. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

December 2006, an article on the Salt Lake City Police Department’s fusion center efforts described it as “a way of tracking information that comes in from community groups like community councils and neighborhood watch, as well as the mayor’s office.” (Source: Deseret Morning News, Police idle Community Action Team, December 19, 2006)

January 2007, an article cites the Sacramento-based intelligence fusion center for indictments filed against California Healthcare Collective for illegal marijuana farming. (Source: Fresno Bee, Valley drug-fighters honored, January 18, 2007)

March of 2007, the Governor of California supported the creation of a “Baca countywide Gang Assessment Center,” he referred to as a fusion center. (Source: Whittier Daily News, Governor pledges help in battle against gangs, March 5, 2007)

U.S. Dept. of Health, Education, and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973). The Code ofIn the context of fusion centers, no one knows the rules that will bring someone under scrutiny and what the consequences of that scrutiny might be.

The Washington Post reported on June 14, 2007 that the agency conducted a self-audit of 10 percent of its records on National Security Letter use and found over 1,000 violations. The majority of the violations were associated with the obtaining of telephone records from telecommunication service providers. The FBI acted in the wake of criticism that resulted from an earlier Department of Justice Inspector General report, which determined that the FBI abused the National Security Letter authority established by the Patriot Act.

Fusion Centers are in use without appropriate oversight or justification for their application for routine law enforcement matters or the vast collection, processing, and analysis of privacy and public information databases.

Articles

Online Resources

Legislation