Fed’s fusion center analysis notes privacy risks, mission creep

The Department of Homeland Security (DHS) cares about your privacy. Really. And to prove it, the secretive agency established for “preserving our freedoms” recently released a report assessing the job of fusion centers — the intelligence-sharing operation that mashes national security data with suspicious-activity law enforcement reports for state, local and federal authorities.

In an interesting moment of synchronicity with civil liberties advocates, DHS admits, yeah, there may be a few problems.

The assessment — which borrows heavily from earlier reports by internal watchdogs, the Congressional Research Service (CRS) and General Accountability Office (GAO) — lists a cavalcade of privacy, transparency and oversight concerns about the fusion centers:

Privacy: The report concludes that “…frequent and serious privacy violations will erode public confidence in the important purposes of the Initiative.” DHS adopts CRS and GAO recommendations that fusion centers step up their privacy training, establish privacy committees to work with local advocates, such as the American Civil Liberties Union (ACLU), and make their policies available to the public.

Oversight: Concerns are raised about who’s in charge and who’s watch-dogging the intelligence-gathering mentioned in the assessment, which echo one of many problems outlined in The Colorado Independent’s own reporting on the fusion center that is based in a nondescript office park in Centennial.

Military-private sector collaboration: One area that is sure to get civil libertarians up in arms is the conflation of businesses and intelligence-gathering, as evidenced by the firestorm set off by the Bush administration’s secret wiretapping program involving communications giant AT&T and other firms. The DHS report claims that the perceptions that fusion centers have access to vast amounts of private-sector data is “largely unfounded.”

Data Mining: The report states that the term “data mining” isn’t well understood by the public, which raises concerns about protecting the privacy of personal information collected by the fusion centers and distributed throughout the intelligence food chain. Yet, without a hint of irony, DHS acknowledges that it doesn’t have any 2008 data from the centers to analyze for compliance with federal privacy rules.

Excessive secrecy: The department recognizes that its veiled activities are “responsible for the mischaracterization of fusion centers as mini-spy agencies or akin to the FBI’s discredited — and long abandoned — COINTELPRO program.” To counter that perception, it encourages the local fusion centers to make public its privacy policies and legal authority to collect and compile clandestine data — an admirable goal that, by DHS’ own admission, still hasn’t been implemented a decade after the first fusion center was established.

Inaccurate or incomplete information: In probably the most Orwellian notation in the report, concerns about erroneous data creeping into the information bank are blithely dismissed because “… fusion centers are already practiced in regularly reviewing and purging incorrect or stale information.” The recommendation continues that individuals should be able to seek redress to correct mistaken information contained in a secret, terrorism-busting database, although the subject likely has no knowledge of being monitored or having personal information collected and mined by law enforcement.

Mission Creep: Lastly, the assessment agrees with a CRS conclusion that the fusion centers have gravitated far beyond their initial counterterrorism missions and now include a broader spectrum of crimes as well as a seemingly limitless “all-hazards” scope. The CRS report continues that there is no one model for how state-based fusion centers should be structured and that they must rely on their own patchwork of state privacy and transparency laws since DHS has no jurisdiction in the new missions.

Precious little has been reported on the Dec. 11 fusion center assessment, but as Ars Technica sarcastically notes:

Readers looking for real meat, alas, will have to wait for one of the promised updates: the current report has the distinct feel of a product hurried to press in order to meet a statutory deadline, and reads, for the most part, like a high school book report cobbled together from newspaper reviews. Though it stresses transparency as a key to bolstering public trust in fusion centers, it contains no real information about how (or whether) the formal principles developed by DHS are being implemented. If fusion centers were a theoretical entity slated to begin operating in a year or two, this might be adequate. As it happens, however, they’re active right now, and with over a year to gather data, the Privacy Office doesn’t seem to have gleaned much information about what they’re actually doing. Perhaps they should consider starting a fusion center.