To be or not to tell

Nearly five years after 9/11, reports show the federal government has made limited progress on sharing terrorism information because of uncertainty about what to share, and how to do so without infringing on civil liberties.

States are filling in some of the gaps by setting up intelligence fusion centers, though those activities also are stirring privacy concerns.

Bringing together disparate bits of intelligence to identify terrorist plots in advance ? connecting the dots, as it's been called ? emerged as one of the top security priorities for the nation following the attacks of Sept. 11, 2001. The Homeland Security Department was created in 2002, and the Information-Sharing Environment in the Office of the Director of National Intelligence in 2004, to stimulate the data-sharing that would help in making those connections.

However, several recent reports have called attention to significant shortcomings in those efforts:

» July 13. The Markle Foundation Task Force on National Security in the Information Age called for a new paradigm for information-sharing, calling federal guidelines insufficient. "The government still has not taken many key steps to meet the challenges of sharing information to prevent terrorism while protecting civil liberties," the task force said.
»June 28. The DHS inspector general reported that the federal Homeland Security Information Network, the department's premier information-sharing network, is ineffective in supporting information-sharing among federal, state and local officials. The network is not being used regularly because there is lack of trust among users. "Users are confused and frustrated," the report said.
»April 17. A Government Accountability Office report said that federal policies for information-sharing against terrorism are fragmented and applied haphazardly. "The nation still lacks governmentwide policies and processes to help agencies integrate the myriad of ongoing efforts," GAO wrote.

Fits and starts

"There is frustration that information-sharing is not occurring the way it should be, nearly five years after 9/11," said Jim Dempsey, policy director for the Center for Democracy and Technology, a non-profit group that advocates use of the Internet to promote democracy.

There are a few bright spots, however.

GAO this month gave a pat on the back to the Coast Guard for advances in information-sharing within the last year, noting the agency's creation of three round-the-clock interagency operating centers in Charleston, S.C.; Norfolk, Va., and San Diego, as well as 35 sector command centers.

Also, the long-awaited final implementation plan for the nation's information-sharing environment is expected to be released this month, according to John Negroponte, director of national intelligence. An IT architecture is being developed, as well as policies and guidelines, for both federal-to-federal and federal-to-state sharing.

The greatest expansion of activity in information-sharing probably is happening in state-operated intelligence fusion centers, which integrate intelligence from a large number of sources. In many cases, they bring together agents from different agencies in the same room.

"The fusion centers are pulling together a variety of intelligence from [usual] sources, including surveillance, public health and law enforcement," said John Thomasian, head of the Center for Best Practices at the National Governors Association.

According to a March NGA survey, 34 states are operating intelligence fusion centers for counter-terrorism, and eight more states have plans to open such centers. Only eight states ? Arkansas, Idaho, Nebraska, Nevada, New Mexico, Oklahoma, South Dakota and Wyoming ? did not report interest.

In 2005, the Justice Department issued general guidelines for creating these centers. DHS offers funding for fusion center activities in its grant programs for fiscal 2006.

Not so fast

However, the fusion centers also are stirring privacy concerns, especially in their purchase of commercial data from information resellers and data brokers.

A furor over possible invasions of privacy in 2005 shut down a three-year-old pilot project, the Multi-State Anti-Terrorism Information Exchange (Matrix) program, which state law enforcement agencies were using. Matrix, which was for use in data mining and information-sharing, initially operated among 13 states, but participation dwindled to four states because of the civil liberties outcry.

Matrix used a powerful data-mining tool created by Seisint Inc. of Boca Raton, Fla. It let law enforcement authorities search numerous commercial databases to link addresses, license plates, identities and other information. For example, a query could be made for all license plates within a specific ZIP code for cars owned by males over age 40.

Although Matrix no longer exists, private data brokers today are marketing intelligence analysis tools for fusion centers. LexisNexis Inc., which bought Seisint, already has sold its Enterprise Data Fusion System to law enforcement agencies in six states and is in discussions with three state-run fusion centers, said Anoop Prakash, vice president of strategy and business development for LexisNexis.

The company has established a committee of independent experts to ensure that the new tools comply with all privacy requirements in each state, said Thomas Reagan, executive director for privacy and regulatory affairs at LexisNexis.

Nonetheless, privacy advocates said more protections are needed.

"Of course, we have privacy concerns," said Barry Steinhardt, director of technology and liberty for the American Civil Liberties Union, in an interview. "There are very few laws that protect us. These are examples where the technology is in the 21st century, and the laws are in the Stone Age."

"The problem of a lack of guidelines [exists] on the federal level and on the state and local level," the Center for Democracy and Technology's Dempsey said.
Thomasian, of the governors' group, said there are some ongoing questions about how to establish appropriate guidelines to protect privacy at the information-sharing fusion centers.
"Privacy is a concern," he said. "The states are struggling with it."

Staff Writer Alice Lipowicz can be reached at alipowicz@postnewsweektech.com.