Archives

Categories

09.03.2009 data sharing, fusion center, Information sharing, intelligence center, law enforcement, privacy, Processes, security 1 Comment

Intelligence Fusion Centers: A threat to personal privacy? Not if they can answer "yes" to these 10 questions.

Time Magazine just released “Fusion Centers: Giving Cops Too Much Information?” – another article in a long line of articles and papers published over the last few years by many organizations describing how fusion centers are a threat to our personal privacy.  In the article, they quote the ACLU as saying that

“The lack of proper legal limits on the new fusion centers not only threatens to undermine fundamental American values, but also threatens to turn them into wasteful and misdirected bureaucracies that, like our federal security agencies before 9/11, won’t succeed in their ultimate mission of stopping terrorism and other crime”

While I disagree with their assertion that “legal limits” are the answer (we already have lots of laws governing the protection of personal privacy and civil liberties), I do think that more can be done by fusion center directors to prove to groups such as the ACLU that they are in-fact operating in a lawful and proper manner.

To help a fusion center director determine their level of lawful operation, I’ve prepared the following ten question quiz.  This quiz is meant to be criterion based, meaning that ALL ten questions must be answered “yes” to pass the test; any “no” answer puts that fusion center at risk for criticism or legal action.

Fusion Center Privacy and Security Quiz

  1. Is every fusion center analyst and officer instructed to comply with that fusion center’s documented policy regarding what information can and cannot be collected, stored, and shared with other agencies?
  2. Does the fusion center employ a documented process to establish validated requirements for intelligence collection operations, based on documented public safety concerns?
  3. Does the fusion center document specific criminal predicate for every piece of intelligence information it collects and retains from open source, confidential informant, or public venues?
  4. Is collected intelligence marked to indicate source and content reliability of that information?
  5. Is all collected intelligence retained in a centralized system with robust capabilities for enforcing federal, state or municipal intelligence retention policies?
  6. Does that same system provide the means to control and document all disseminations of collected intelligence (electronic, voice, paper, fax, etc.)?
  7. Does the fusion center regularly review retained intelligence with the purpose of documenting reasons for continued retention or purging of outdated or unnecessary intelligence (as appropriate) per standing retention policies?
  8. Does the fusion center director provide hands-on executive oversight of the intelligence review process, to include establishment of approved intelligence retention criteria?
  9. Are there formally documented, and enforced consequences for any analyst or officer that violates standing fusion center intelligence collection or dissemination policies?
  10. Finally, does the fusion center Director actively promote transparency of its lawful operations to  external stakeholders, privacy advocates, and community leaders?

Together, these ten points form a nice set of “Factors for Transparency” that any fusion center director can use to proactively demonstrate to groups like the ACLU that they are operating their fusion center in a lawful and proper manner. 

As always, your thoughts and comments are welcomed…r/Chuck

06.10.2008 data sharing, Information sharing, Strategy Comments Off on ISE to Agencies: "Ok, I asked nicely, NOW I'm serious!…Share damn it!"

ISE to Agencies: "Ok, I asked nicely, NOW I'm serious!…Share damn it!"

Today, the Office of the Director of National Intelligence (ODNI) released a new federal policy [document] that aims to increase terrorism related information sharing among members of the Intelligence Community (IC). The policy “directs agencies to work with their human resources departments to add items about information-sharing skills and behaviors to performance appraisals.”

The release of this policy effectively means that the sixteen politically appointed IC agency heads, all of their deputies, the hundreds of senior executive department heads, and thousands of mid-level division managers failed in their efforts to get their folks to share. I guess the thinking is that adding a sentence of two to the performance appraisal of each of the 200,000+ individuals in those agencies will make information sharing happen–wow, what a sad commentary to the failure of leadership in these agencies.

To me, information sharing is a “means to an end” and NOT an end in itself. Before you can say that you do not have sufficient information sharing, you should be able to say (specifically) what the impact of not having that information is to your mission activities. The diagram below illustrates a Knowledge Model (similar to one that I picked up during my work at NSA).

As you can see from the diagram–information leads to knowledge of “something”, and that something causes (or requires) specifc action, and the specifc action leads to “real-world-effects” (like the prevention or disruption of terrorism or other criminal activity). Some examples of impact statements include:

   – “We are unable to ascertain the threats to water supplies in the city of xxx…”
   – “We cannot determine the whereabouts of bad guy xxx…”
   – “We do not understand the objectives of the xxx threat group…”

If you follow my logic so far, then you also have come to the conclusion that the lack of information sharing is really a management issue, driven by internal agency data sharing and security policies and should not be left to the purview of individuals within those agencies. Here are a couple other points to ponder in support of this thought:

1. I believe information sharing should primarily be implemented through technological mechanisms; take it out of the hands of agency individuals and political culture.

2. it should also be driven by MISSION needs and NOT just for the sake of sharing; many analysts will tell you we share TOO much irrelevant information and NOT ENOUGH of the stuff they really need.

3. No single individual in any agency should have the ability to withold information from another agency; if this is the case, there’s a manager somewhere who requires some alignment.

4. If individuals do hold back information, they do so against the will of their leadership (assumingly); most agency employees are loyal and will follow (to a fault sometimes) their manager’s will.

Comments and thoughts welcomed…r/Chuck