On May 4, 2010, e.Republic’s Center for Digital Government and Emergency Management honored first responders demonstrating measurable improvements in the lives of the people and businesses they serve. Among the recipients of the inaugural Emergency Management Digital Distinction Awards was the Utah Statewide Terrorism and Information Analysis Center (SIAC). Core to SIAC’s capapbilities is the Microsoft Fusion Core Solution technology platform. Here’s a snippet from the Center’s website:
Best Collaboration and Information Sharing
Fusion Center Empowers Utah’s Crime Stoppers, Utah Department of Public Safety, Statewide Information & Analysis Center
The Utah Statewide Information & Analysis Center (SIAC), managed by the Utah Department of Public Safety, is a public safety partnership collaboration with all of the state’s law enforcement and public safety agencies to collect, analyze and disseminate intelligence appropriately for enhanced protection of Utah’s citizens, communities and critical infrastructure. As the state’s intelligence fusion (terrorism and response) center, SIAC replaced a legacy system that lacked effective data management practices and included manual, duplicative efforts. SIAC implemented a new set of technologies which utilized existing assets, integrated domain-specific applications, and improved business processes for information collection and management, and analysis and information sharing with Utah’s 29 county Sheriff’s Offices, 180 law enforcement agencies, and more than 26 specialized task forces.
Fusion Core Solution is an open and extensible information sharing and analysis product, based on the National Information Exchange Model (NIEM) and Information Sharing Environment-Suspicious Activity Reporting (ISE-SAR) Functional Standard, developed to help municipal, county, regional, state, and federal intelligence and fusion centers improve operations through workflow management, information sharing, and geospatial intelligence technologies. For more information about Fusion Core Solution see http://www.microsoft.com/fusion
Time Magazine just released “Fusion Centers: Giving Cops Too Much Information?” – another article in a long line of articles and papers published over the last few years by many organizations describing how fusion centers are a threat to our personal privacy. In the article, they quote the ACLU as saying that
“The lack of proper legal limits on the new fusion centers not only threatens to undermine fundamental American values, but also threatens to turn them into wasteful and misdirected bureaucracies that, like our federal security agencies before 9/11, won’t succeed in their ultimate mission of stopping terrorism and other crime”
While I disagree with their assertion that “legal limits” are the answer (we already have lots of laws governing the protection of personal privacy and civil liberties), I do think that more can be done by fusion center directors to prove to groups such as the ACLU that they are in-fact operating in a lawful and proper manner.
To help a fusion center director determine their level of lawful operation, I’ve prepared the following ten question quiz. This quiz is meant to be criterion based, meaning that ALL ten questions must be answered “yes” to pass the test; any “no” answer puts that fusion center at risk for criticism or legal action.
Fusion Center Privacy and Security Quiz
- Is every fusion center analyst and officer instructed to comply with that fusion center’s documented policy regarding what information can and cannot be collected, stored, and shared with other agencies?
- Does the fusion center employ a documented process to establish validated requirements for intelligence collection operations, based on documented public safety concerns?
- Does the fusion center document specific criminal predicate for every piece of intelligence information it collects and retains from open source, confidential informant, or public venues?
- Is collected intelligence marked to indicate source and content reliability of that information?
- Is all collected intelligence retained in a centralized system with robust capabilities for enforcing federal, state or municipal intelligence retention policies?
- Does that same system provide the means to control and document all disseminations of collected intelligence (electronic, voice, paper, fax, etc.)?
- Does the fusion center regularly review retained intelligence with the purpose of documenting reasons for continued retention or purging of outdated or unnecessary intelligence (as appropriate) per standing retention policies?
- Does the fusion center director provide hands-on executive oversight of the intelligence review process, to include establishment of approved intelligence retention criteria?
- Are there formally documented, and enforced consequences for any analyst or officer that violates standing fusion center intelligence collection or dissemination policies?
- Finally, does the fusion center Director actively promote transparency of its lawful operations to external stakeholders, privacy advocates, and community leaders?
Together, these ten points form a nice set of “Factors for Transparency” that any fusion center director can use to proactively demonstrate to groups like the ACLU that they are operating their fusion center in a lawful and proper manner.
As always, your thoughts and comments are welcomed…r/Chuck