You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Information Fusion Centers and Privacy

Latest News

  • White House Budget Funds Surveillance, Ignores Public Concerns: The White House Office of Management and Budget has released the federal budget for fiscal year 2012. The stated goal of the budget is to reduce the national deficit by eliminating wasteful programs. However, the budget proposal includes funding for 275 airport body scanners, which EPIC has called "invasive, unlawful, and ineffective." There is funding for federal "fusion centers," widely viewed as unregulated government databases that are used to track people suspected of new crime. The White House budget proposes expansion of the “Secure Communities” program, which has been the target of harsh criticism by civil liberties groups. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Information Fusion Centers and Privacy. (Feb. 18, 2011)
  • EPIC Reminds DHS that "Fusion Centers" are Subject to the Federal Privacy Act: EPIC has submitted comments [1], [2] to two departments in the Department of Homeland Security concerning the establishment of federal "fusion centers" that would contained detailed personal information on US citizens. The Department of Homeland Security is seeking to exempt these databases from key protections in the Privacy Act. EPIC said that the Department must comply with Privacy Act requirements. The Media Freedom and Information Access Practicum Information Society Project at Yale Law Law School has also submitted comments on the DHS plan. For more information, see EPIC: Information Fusion Centers and Privacy, EPIC: Total Information Awareness, and EPIC v. Virginia Department of State Police (Fusion Center Secrecy Bill). (Dec. 16, 2010)
  • Public Comments Sought on Federal "Fusion Centers": The National Protection and Programs Directorate (NPPD) [1] [2] and the Office of Operations [1] [2] at the Department of Homeland Security are seeking comments on Fusion centers, intelligence databases that have raised substantial privacy concerns. Information in fusion centers comes from many sources, including government agencies, private sector firms and anonymous tipsters. EPIC has urged Congress to improve accountability and oversight of this program. An EPIC FOIA lawsuit also revealed that federal Fusion Centers undermine state privacy and open government laws. Comments are due December 15, 2010. For More Information, see EPIC: Information Fusion Centers and Privacy, EPIC: Total Information Awareness, and EPIC v. Virginia Department of State Police (Fusion Center Secrecy Bill). (Dec. 3, 2010)
  • DHS Privacy Office Releases 2010 Annual Report: The Department of Homeland Security has released the Privacy Office 2010 Annual Report. The Agency's Chief Privacy Officer must prepare an annual report to Congress that details activities of the Department that affect privacy, including complaints of privacy violations, and DHS compliance with the Privacy Act of 1974. This year’s report details the establishment of privacy officers within each component of the Agency. The report also provides updates on Fusion Centers, Cybersecurity, and Cloud Computing activities of the agency. For more information, see EPIC: DHS Privacy Office. (Sep. 24, 2010)
  • Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter: House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that "the Committee is in the process of reviewing the programs outlined" in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee "will continue to examine the Department's programs and policies and vigorously address privacy concerns and issues." For more information, see EPIC DHS Privacy Office and Privacy Coalition. (Nov. 12, 2009)
  • Privacy Coalition Seeks Investigation of DHS Chief Privacy Office: EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security's (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.  EPIC Fusion Centers, EPIC Whole Body Imaging, and EPIC CCTV. (Oct. 23, 2009)
  • White House Budget Funds Surveillance, Ignores Public Concerns: The White House Office of Management and Budget has released the federal budget for fiscal year 2012. The stated goal of the budget is to reduce the national deficit by eliminating wasteful programs. However, the budget proposal includes funding for 275 airport body scanners, which EPIC has called "invasive, unlawful, and ineffective." There is funding for federal "fusion centers," widely viewed as unregulated government databases that are used to track people suspected of new crime. The White House budget proposes expansion of the “Secure Communities” program, which has been the target of harsh criticism by civil liberties groups. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Information Fusion Centers and Privacy. (Feb. 18, 2011)
  • Department of Homeland Security releases Fusion Center Privacy Impact Assessment. The Department of Homeland Security has released the Privacy Impact Assessment for the State, Local, and Regional Fusion Center Initiative. The assessment examines the privacy implications of the State, Local and Regional Fusion Centers and the DHS' State and Local Program Management Office. In May, EPIC prevailed in its freedom of information request to disclose documents describing the federal government's involvement in efforts to limit Virginia's transparency and privacy laws and uncovered a secret contract between the State Police and the FBI that limits the rights of Virginia citizens to learn what information the State Police collect about them. For more information, see EPIC's page on Information Fusion Centers and Privacy. (Dec. 17, 2008)
  • EPIC Prevails in Virginia Fusion Center FOIA Case. Yesterday, Richmond General District Court held that EPIC "substantially prevailed" on the merits of its freedom of information lawsuit against the Virginia State Police. EPIC filed the case after the State Police refused to disclose documents describing the federal government's involvement in efforts to limit Virginia's transparency and privacy laws. Through the litigation, EPIC uncovered a secret contract between the State Police and the FBI that limits the rights of Virginia citizens to learn what information the State Police collect about them. The court's letter opinion requires the State Police to pay EPIC's litigation costs, but not its attorneys' fees. For more information, see EPIC's web page EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill. (May 9, 2008)
  • Senate Subcommittee Questions Officials Regarding Fusion Centers Today, the Senate Subcommittee on State, Local, and Private Sector Preparedness and Integration held a hearing on "fusion centers" - intelligence databases that collect information on ordinary citizens. The Subcommittee questioned federal and state officials about fusion center progress, and witnesses testified regarding fusion center funding, development, and civil liberties issues. EPIC previously wrote to the Subcommittee about the impact of fusion centers on state open government and privacy laws. Through Freedom of Information Act litigation, EPIC is investigating the role of federal agencies in exempting fusion centers from state open government and privacy laws. For more information, see EPIC's EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill page. (Apr. 17, 2008)
  • EPIC Obtains Documents Revealing Federal Role In State Fusion Center Secrecy. Pursuant to a Freedom of Information Act lawsuit, EPIC has obtained a Memorandum of Understanding between the FBI and the Virginia State Police that limits the state's open government law. The agreement requires the state agency to comply with federal regulations that restrict the disclosure of public records about the Virginia Fusion Center that would otherwise be available to the public. But many other documents that EPIC is seeking about the fusion center and communications between the State Police and federal agencies have not yet been disclosed. At a hearing today in Richmond, a District Court judge required the State Police to produce all records that EPIC has sought by Monday, April 14. The Virginia Governor is currently considering a bill that would limit the state's open government and privacy laws for the Virginia Fusion Center. (Apr. 9, 2008)
  • EPIC Sues to Compel Disclosure of Documents About Federal Role in Virginia Secrecy Bill. Today, EPIC filed a Virginia Freedom of Information Act lawsuit (pdf) challenging the Virginia State Police's failure to make public documents relating to the role of federal agencies in recent legislative efforts to limit the state's open government and privacy laws for "fusion centers." These intelligence databases collect information on ordinary citizens and have raised substantial privacy concerns. Press reports and statements from Virginia officials have raised questions about federal involvement in the Virginia legislation. The lawsuit follows EPIC's original requests (pdf). For more information about EPIC's lawsuit against the Virginia State Police, see EPIC's EPIC v. VSP page. (Mar. 21, 2008)
  • Virginia Lawmakers Consider Fusion Center Secrecy Bill as Role of Federal Agencies Remains Unknown. Today the Virginia Senate is considering legislation that would limit the state's open government and privacy laws for "fusion centers." These intelligence databases collect information on ordinary citizens and have raised substantial privacy concerns. Press reports and statements from Virginia officials have also raised questions about federal involvement in the Virginia legislation. EPIC filed Freedom of Information Act requests with two Virginia agencies on February 12, 2008 to determine whether the Dept. of Justice or the Dept. of Homeland Security participated in the development of the legislation. Despite the expiration of the statutory deadline and the pending vote in the Virginia Assembly, the state agencies have not released a single public record in response to EPICís requests. (Feb. 26, 2008)
  • EPIC Seeks Documents About Federal Role in Effort to Limit Accountability of State "Fusion Centers". EPIC filed a Freedom of Information Act request (pdf) with the Virginia State Police today. EPIC's request seeks documents about a plan that would shroud the Virginia Fusion Center, a database that collects detailed information on ordinary citizens, in secrecy. The Virginia legislature is considering a bill that would limit Virginia's open government and privacy statutes, as well as Virginia's common law right of privacy, for Virginia agencies connected to the Fusion Center. Press Groups have criticized the proposed law, and warned that, if passed, Virginia citizens can "say hello to Big Brother." EPIC's FOIA request focuses on the possible role of the US Department of Justice and the US Department of Homeland Security in the development of the Virginia legislation. (Feb. 12, 2008)
  • ODNI Publishes Guidance on Suspicious-Activity Reports Used by Fusion Centers: The National Information Exchange Model (NIEM) issued guidance to state and local infomation Fusion Centers on the sharing of Suspicious-Activity Report and also the XML language for implimentation of the recommendations. The index and XML language format for all NIEM technical guidance on Information Fusion Centers. (February 1, 2008)
  • White House Releases Strategy for Institutionalizing Domestic Spying: The document included a set of "Core Privacy Principles" that outlined the White House view on the sharing of information under the National Strategy for Information Sharing. The policy is intended to facilitate the sharing of information among local, state, and federal agencies. The full Document is available on the White House web page. (October 31, 2007)
  • House Homeland Security Subcommittee Held Hearing on The Way Forward With Fusion Centers: The hearing took testimony from subject matter experts with the Congressional Research Service, U.S. Government Accountability Office and the Department of Homeland Security. (September 27, 2007)
  • EPIC Sends Letter Requesting Oversight of Fusion Centers: EPIC sent a letter to the House and Senate Committees on the Judiciary and Homeland Security regarding their oversight authority as it relates to the activities of fusion centers. Specifically EPIC cited the recent protest in Jena, Louisiana as a potential issue that could have attracted the resources of fusion centers. (September 26, 2007)
  • EPIC Testifies before DHS Privacy Advisory Panel on Fusion Centers: The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security held a series of panel discussions on the topic of information fusion centers. EPIC's statement to the committee made specific recommendations on the need to create accountability, oversight, and greater transparency of fusion centers. DHS has awarded over $380 million in grants to local and state law enforcement to build interconnected computer networks that are designed to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works). The goals of the federal government are said to be terrorism, but local and state governments want the centers to support their efforts to anticipate, identify, prevent, and/or monitor criminal conduct. Participants in the fusion center development can include local, state, and federal law enforcement; national security agencies; Department of Defense; and commercial companies. (September 19, 2007)
  • House Resolution 1 Becomes Law: The law, titled "Implementing Recommendations of the 9/11 Commission Act of 2007, creates privacy and civil liberty training requirements for fusion center personnel. The new law directs that the Department of Homeland Security's Civil Rights and Civil Liberties office produce a "Civil Liberty Impact Accessment" on the information sharing environment. The Civil Liberties Oversight Protection Board will not be an independent agency. (August 3, 2007)
  • Key questions that must be asked of each Fusion Center: Privacy and Consumer Rights groups asked to present local and state Fusion Centers with questions regarding their creation and purpose.(July 27, 2007)
  • Spotlight on "National Network" of Fusion Centers. EPIC's current Spotlight on Surveillance reviews "fusion centers," data sharing entities that acquire information from many sources, including private sector firms and anonymous tipsters. The Department of Homeland Security is seeking to create a national network of local and state fusion centers. The federal agency has provided more than $380 million to state and local governments in support of these centers. The fusion center program gives DHS enormous domestic surveillance powers. For more information, see EPIC's Spotlight on Surveillance on Fusion Centers. (July 26, 2007)
  • CRS Report to Congress: Fusion Centers: Issues and Options for Congress. The Congressional Research Service (CRS) issued a report to Congress on the deployment of over 40 Fusion Centers throughout the nation. Fusion Centers are the most recent effort by the federal government to establish an operational domestic surveillance program. The CRS report states that officials justifying the development of fusion centers use a number of presumptions, and that the goals of the centers seem to be unfocused with wide-ranging explanations on what they are intended to accomplish. The report outlined threats to civil liberties and privacy posed by the deployment of Fusion Centers, which have no laws governing them. (July 10, 2007)

Background

''Fusion centers'' are a means of bringing together information from distributed sources for the purpose of collection, retention, analysis, and dissemination. The term fusion centers was first coined by the Department of Defense (DOD) and refers to the fusing of information for analysis purposes. On November 9, 2002, the New York Times disclosed a massive DOD fusion center project managed by the Defense Advanced Research Project Agency (DARPA) known as Total Information Awareness (TIA). DARPA was developing a tracking system intended to attempt to detect terrorists through analyzing troves of information.

The project called for the development of ''revolutionary technology for ultra-large all-source information repositories,'' which would contain information from multiple sources to create a ''virtual, centralized, grand database.'' This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information. Also fed into the database would be intelligence data.

A key component of the TIA project was headed by Adminiral John Poindexter, former National Security Advsor to President Reagan. TIA was to develop data-mining or knowledge discovery tools that would sort through the massive amounts of information to find patterns and associations. TIA would also develop search tools such as Project Genoa, which Admiral Poindexter's employer, prior to his return to the federal government, Syntek Technologies assisted in developing. TIA aimed to fund the development of more such tools and data-mining technology to help analysts understand and even ''preempt'' future action.

A further crucial component was the development of biometric technology to enable the identification and tracking of individuals. DARPA had already funded its ''Human ID at a Distance'' program, which aimed to positively identify people from a distance through technologies such as face recognition or gait recognition.

In September 2003, Congress eliminated funding for the controversial TIA project and closed the Pentagon's Information Awareness Office, which had developed TIA. It was not believed to signal the end of other government data-mining initiatives that are similar to TIA. Projects such as the Novel Intelligence from Massive Data within the Intelligence Community Advanced Research and Development Activity (ARDA) moved forward. The FBI and the Transportation Security Administration were also working on data-mining projects that fused commercial databases, public databases, and intelligence data and had meetings with TIA developers.

Another fusion center initiative was the Multi-state Anti-Terrorism Information Exchange (MATRIX) project. MATRIX was a prototype database system run by the State of Florida and Seisint, a private company. Built by a consortium of state law enforcement agencies, MATRIX proposed to combine public records and private record data from multiple databases with data analysis tools. MATRIX was established with the assistance of the Institute for Intergovernmental Research’s Global Justice Information Sharing Initiative. The program collapsed when it was disclosed to the public, and states were pressured by residents to withdraw from the program.

In March 2004 the states of New York and Wisconsin withdrew their participation in the project.

DARPA’s Total Information Awareness Program

On November 9, 2002, the New York Times (http://www.nytimes.com/2002/11/09/politics/09COMP.html) disclosed a massive DOD fusion center project managed by the Defense Advanced Research Project Agency (DARPA) known as Total Information Awareness (TIA).  DARPA was developing a tracking system intended to attempt to detect terrorists through analyzing troves of information.

The project called for the development of "revolutionary technology for ultra-large all-source information repositories," which would contain information from multiple sources to create a "virtual, centralized, grand database." This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information.  Intelligence data would also be fed into the database.

Admiral John Poindexter, former National Security Advisor to President Reagan, headed a key component of the TIA project. TIA was to develop data-mining or knowledge discovery tools that would sort through the massive amounts of information to find patterns and associations. TIA would also develop search tools such as Project Genoa, which Admiral Poindexter's employer, prior to his return to the federal government, Syntek Technologies assisted in developing. TIA aimed to fund the development of more such tools and data-mining technology to help analysts understand and even "preempt" future action.

A further crucial component was the development of biometric technology to enable the identification and tracking of individuals. DARPA had already funded its "Human ID at a Distance" program, which aimed to positively identify people from a distance through technologies such as face recognition or gait recognition.

In August 2002, the International Association of Chiefs of Police released the recommendations of its Criminal Intelligence Summit held March 7-8, 2002, with the final document coming from the DOJ's office of Community Oriented Policing Services (COPS). The report acknowledged that the problems identified following the September 11, 2001 terrorist attacks were found to be with "intelligence exchange between national agencies..." Then the report quickly endorsed the creation of a Criminal Intelligence Coordinating Council to implement the National Intelligence Plan that would engage local, state, and federal law enforcement agencies in a database sharing environment. The plan addressed the legal impediments to the effective transfer of criminal intelligence between authorized local, state, and federal law enforcement agencies. This plan became the superstructure for the next domestic Fusion Center effort by advocating for the creation of the Criminal Intelligence Coordinating Council and charged it with accomplishing a number of goals:

"Ensure compatible policy standards, guidelines and operating procedures in the further development and integration of existing intelligence sharing systems (including standards for the collection, analysis, dissemination, storage and purging of information); create standards for participation in the Council and coordinated intelligence network; promulgate standards and guidelines; publicize and enforce sanctions for the misuse of information from the coordinated network... Create a funding plan ...eliminate barriers in...laws and polices that limit intelligence sharing..."

The Criminal Intelligence Summit participants stressed the need to not limit the data sharing to terrorism or terrorist related activity, but to extend it to all criminal intelligence under the general heading of "Intelligence-Led Policing." Criminal intelligence was defined as "the combination of credible information with quality analysis--information that has been evaluated and from which conclusions have been drawn." The report supported expanding the information sharing database to include court records, emergency management personnel, and "specialized security forces of particular situation-relevant intelligence."

The plan to overcome barriers to intelligence sharing included the following:

"The hierarchy within the law enforcement and intelligence communities. In some cases real and in others only perceived, the hierarchical organization of law enforcement and intelligence agencies (with federal agencies being at the top of the pyramid and local, state, county, and Tribal agencies further down) leads to organizational incentives against intelligence sharing and even anti-sharing cultures. At best, the disaggregation of activity means that managers in one agency might not imagine that others would find their intelligence data useful. At worst, the structure creates an us versus them mentality that stands in the way of productive collaboration."

A key goal of the proposal establishes the need to "[c]reate a marketing strategy to increase stakeholder participation in the intelligence sharing process and conduct public education to promote acceptance of the system overall."

In September 2003, Congress eliminated funding for the controversial TIA project and closed the Pentagon's Information Awareness Office, which had developed TIA. It was not believed to signal the end of other government data-mining initiatives that are similar to TIA. Projects such as the Novel Intelligence from Massive Data within the Intelligence Community Advanced Research and Development Activity (ARDA) moved forward. The FBI and the Transportation Security Administration were also working on data-mining projects that fused commercial databases, public databases, and intelligence data and had meetings with TIA developers.

National Criminal Intelligence Sharing Plan

In October 2003, the National Criminal Intelligence Sharing Plan was published by the Justice Department's project the Global Justice Information Sharing Initiative ("Global"). The report states that 75% of the law enforcement agencies within the United States have less than 24 sworn officers. The report's goal is to provide these small law enforcement agencies with the same ability as big city, state, and federal law enforcement offices to develop, gather, access, receive, and share intelligence information.

"The need to increase availability of information, from classified systems to local and state law enforcement agencies, for the prevention and investigation of crime in their jurisdictions...The need to identify an intelligence information sharing capability that can be widely accessed by local, state, tribal, and federal law enforcement and public safety agencies."

The proposal recommended the establishment of a Criminal Intelligence Coordinating Council (CICC or Council) composed of local, state, tribal, and federal law enforcement executives. The Council was recommended to operate under the direction of the Global Advisory Committee and would be charged with monitoring the implementation of the National Intelligence Sharing Plan. A few members of the Global Advisory Committee include: Administrative Office of the US Courts, American Association of Motor Vehicle Administrators, American Corrections Association, American Probation and Parole Association, Conference of State Court Administrators, Executive Offices for US Attorneys, FBI Criminal Justice Information Services Division, International Association of Chiefs of Police, INTERPOL - USNCB, National Conference of State Legislatures, National Council of Juvenile and Family Court Judges, National District Attorneys Association, National Governors Association, National Legal Aid and Defender Association, Department of Homeland Security, Department of Justice -- Justice Management Division, and the US Drug Enforcement Agency.

The report also moved the goal to not just involve law enforcement, the courts, and emergency management databases, but to extend its reach to private entities.

Multi-State Anti-Terrorism Information Exchange (MATRIX)

During this same period of time, another fusion center initiative came under public scrutiny in the National Criminal Intelligence Sharing Plan as a data warehouse.  The Multi-state Anti-Terrorism Information Exchange (MATRIX) project acted as a prototype database system run by the State of Florida and Seisint, a private company. Built by a consortium of state law enforcement agencies, MATRIX proposed to combine public records and private record data from multiple databases with data analysis tools. MATRIX was established with the assistance of the Institute for Intergovernmental Research’s Global Justice Information Sharing Initiative. The program collapsed when it was disclosed to the public, and states were pressured by residents to withdraw from the program.

In March 2004, the MATRIX project was on its last gasp when New York and Wisconsin withdrew their participation. By May 14, 2004, the Criminal Intelligence Coordinating Council, proposed by the National Criminal Intelligence Sharing Plan, became an official project of the Department of Justice.

Latest Government Information Fusion Center Initiative

In May 2004, the Department of Justice announced its progress in implementing the National Criminal Intelligence Sharing Plan. The announcement made public the decision to create a Criminal Intelligence Coordinating Council (CICC) that would be managed by Global. By December 2004, the push for a national Fusion Center initiative received a boost when the Department of Justice sponsored Global Infrastructure/Standards Working Group published A Framework for Justice Information Sharing: Service Oriented Architecture (SOA). States using local, state, and federal funds created information Fusion Centers. In August 2005, Global published the Fusion Center Guidelines.

The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity. This criminal information and intelligence should be both strategic (i.e., designed to provide general guidance of patterns and trends) and tactical (i.e., focused on a specific criminal event).

In 2007, a Congressional Research Service Report on Fusion Centers outlined several fundamental problems with the  Fusion Center Guidelines’ development: first, adherence is voluntary, second, the philosophy outlined is generic and does not translate theory into practice, and third, they are oriented toward the mechanics of Fusion Center establishment. The majority of regional Fusion Centers are concentrated in large urban areas. The jurisdiction of these centers is also covered by state Fusion Centers, but there is a question regarding how overlapping jurisdictions are managed.  The Congressional Research Service Report on Fusion Centers also points out that there is no single legal authority that governs the operation of Fusion Centers.

In 2008, the Department of Homeland Security, the Department of Justice, and Global jointly published a supplement to the Fusion Center Guidelines called Baseline Capabilities (www.it.ojp.gov/documents/baselinecapabilitiesa.pdf).  Baseline Capabilities defines the capabilities needed to create a nationwide network of fusion centers and sets forth the minimum standards for a fusion center to be able to perform basic functions. 

The Department of Homeland Security set out an objective to create a network of fusions centers as a unique law enforcement and threat information resource that works across jurisdictions and is supported by multidisciplinary teams dispersed throughout a national network of information hives. [Fusion Center Locations] As of 2011, the Department of Homeland Security and the Department of Justice recognize 73 fusion centers across the country.  There is a fusion center in every state and special fusion centers for urban areas and other regions.  According to the Department of Homeland Security (http://www.dhs.gov/files/programs/gc_1301685827335.shtm), the recognized fusion centers are:

Primary Fusion Centers Recognized Fusion Centers
  • Austin Regional Intelligence Center; Austin, TX
  • Boston Regional Intelligence Center; Boston, MA
  • Central California Intelligence Center; Sacramento, CA
  • Central Florida Intelligence Exchange; Orlando, FL
  • Chicago Crime Prevention and Information Center; Chicago, IL
  • Cincinnati/Hamilton County Regional Terrorism Early Warning Group; Cincinnati, OH
  • Delaware Valley Intelligence Center; Philadelphia, PA
  • Detroit and Southeast Michigan Information and Intelligence Center; Detroit, MI
  • Houston Regional Intelligence Service Center; Houston, TX
  • Kansas City Regional Terrorism Early Warning Interagency Analysis Center; Kansas City, MO
  • Los Angeles Joint Regional Intelligence Center; Los Angeles, CA
  • El Paso Fusion Center (MATRIX); El Paso, TX
  • Metro Operations Support and Analytical Intelligence Center; Dallas, TX
  • Nevada Threat Analysis Center; Carson City, NV
  • North Central Texas Fusion Center; McKinney, TX
  • Northeast Ohio Regional Fusion Center; Cleveland, OH
  • Northern California Regional Intelligence Center; San Francisco, CA
  • Northern Virginia Regional Intelligence Center; Fairfax, VA
  • Orange County Intelligence Assessment Center; Orange County, CA
  • San Diego Law Enforcement Coordination Center; San Diego, CA
  • Southeast Florida Fusion Center; Miami, FL
  • Southeastern Wisconsin Threat Analysis Center; Milwaukee, WI
  • Southwest Texas Fusion Center; San Antonio, TX
  • Southwestern PA Region 13 Fusion Center; Pittsburgh, PA
  • St. Louis Fusion Center; St. Louis, MO

Turning Fusion Centers into Hardware and Software

The Global Infrastructure/Standards Working Group's report A Framework for Justice Information Sharing: Service Oriented Architecture (SOA), stated:

"The purpose of this report is to describe the recommendation of the Global Justice Information Sharing Initiative (Global) Advisory Committee (GAC) for the operational requirements of justice agencies and the requirements for a national community."

In August 2005, Global Justice Information Sharing Initiative and Department of Homeland Security published Fusion Center Guidelines. The guidelines stated the software of choice as being Extensible Markup Language (XML), which facilitates efficient and near real time sharing of information resident on geographically dispersed databases. The initiative promotes data sharing among law enforcement though the use of a common platform that can be used on existing hardware. The goal is to achieve a low-cost method of removing barriers to data sharing among beat officers, court records, state records, jails, and prisons that is efficient and effective.

The Fusion Center Guidelines endorse the use of the new database sharing capability created by the open source XML standards. This open standards programming language provides users with a data sharing capability that would not require the replacement or redesign of existing systems. This programming language allows the identification of fields of information through the use of a translation feature that goes between the system being asked for information and the end requester. In this process, the source of the data and the recipient do not need to change their systems to participate in the information exchange network.

The interesting aspects of the proposal are the promotion of a national collection and analysis of information. The National Information Exchange Model proposed for the fusion centers is designed to create the building blocks for national-level interoperable information sharing and data exchange that will integrate the public safety and private sector entities to the already established law enforcement exchange.

Exchanging information is only the beginning of the process; the goal is institutionalizing the relationships between the fusion centers and the public safety and private sector partners. The Global recommendations make the case for distributed and centralized data management systems. Distributed systems will allow the data controller to be in charge of access, while the centralized process would allow the fusion center to manage the data. A white paper examining strategies for enhancing information sharing pointed out that successful distributed and centralized information-sharing systems are in operation today. The goal is to get local, state, federal law enforcement, government agencies, and private sector data warehouses into the same project.

On September 14, 2006 the Department of Homeland Security reported that 38 state and local Information Fusion Centers supported by $380 million in federal dollars were operational. The investment in time, energy, and resources are focused on one objective of maximizing access to the greatest amount of information as possible.

A 2010 Government Accountability Office Report on Information Sharing at fusion centers (http://www.gao.gov/products/GAO-10-972) reports:

DHS and DOJ also share classified and unclassified homeland security and terrorism information with fusion centers through several information technology networks and systems. For example, in February 2010, DHS’ I&A reported that it had installed the Homeland Secure Data Network, which supports the sharing of federal secret-level intelligence and information with state, local, and tribal partners, at 33 of 72 fusion centers. DHS also provides an unclassified network, the Homeland Security Information Network, which allows federal, state, and local homeland security and terrorism-related information sharing.

The Details: WHO is collecting information, WHAT information do fusion centers collect, WHAT do they do with it, and WHERE does it come from?

Fusion Centers employ a variety of federal, state, and local law enforcement, intelligence and emergency management representatives.  Examples of representatives who staff fusion centers include:

State police, county sheriffs, city police, National Guard, DHS intelligence specialists, Customs and Border Protection agents, FBI intelligence analysts, and Drug Enforcement Administration agents.  (Source: Government Accountability Office Report).

The number of staff and personnel vary depending on the fusion center.  The Government Accountability Office Report provides the following breakdown of staffing:

Percentage of Fusion Centers Number of Staff
23% 9 or fewer
28% 10-25
22% 25-50
17% 51-75
10% 75 or more

*Information current through March 2009

What Information Do Fusion Centers Collect?

Appendix C of Fusion Center Guidelines outlines a detailed list of entities that should be included in the local and state fusion center matrix.

Agriculture Food Water Environment Banking and Finance Chemical Industry Hazardous Materials Criminal Justice Retail Real Estate Education Emergency Services Utility/Energy Companies Government Health Public Health Services Social Services Transportation Hospitality and Lodging Information & Telecom Military Facilities DOD Industrial Base Postal and Shipping Private Security Public Works

(Fusion Center Guidelines Appendix C)

The proposal directs that information categories could fall into one of two types: strategic and tactical information. Strategic information may provide data on individuals not under criminal investigation or operations that an entity manages, and tactical information may provide data in support of ongoing criminal investigations. It would be very difficult to imagine someone living within the United States who would not have one or multiple points of information confluence in the proposed system. The Fusion Center guidance said the following about the Fusion Center Functions:

"The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity. This criminal information and intelligence should be both strategic (i.e., designed to provide general guidance of patterns and trends) and tactical (i.e., focused on a specific criminal event)."

The definition of national intelligence was changed by the enactment of the Intelligence Reform and Terrorism Prevention Act of 2004 bill to reform the intelligence community and the intelligence and intelligence-related activities of the United States Government.

“The terms national intelligence and intelligence related to national security refer to all intelligence, regardless of the source from which derived and including information gathered within or outside the United States. . .

The new law also defines the information sharing environment (ISE).  It states:

“The President shall ...ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment that connects existing systems, where appropriate, provides no single points of failure, and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector ensures direct and continuous online electronic access to information facilitates the availability of information in a form and manner that facilitates its use in analysis, investigations and operations builds upon existing systems capabilities currently in use across the Government.”
What Do Fusion Centers Do With the Information?

The focus fusion centers’work will not be limited to terrorism or terrorist activity, but will, according to the appendices of the Fusion Center Guidelines, extend to the investigation of persons on public assistance, illicit drugs, traffic accidents, and aviation accident analysis.  In a 2010 speech (http://www.justice.gov/ag/speeches/2010/ag-speech-100223.html) at the Annual National Fusion Center Conference, Attorney General Eric Holder stated that “although our fusion centers were initially established to combat terrorism, they’ve been designed and equipped to expand beyond that goal. . . . In the work of protecting our people, fusion centers can, and must, tackle every type of threat and all forms of crimes.”  Attorney General Holder listed “gangs, guns, and drugs” as top priorities of today’s fusion centers.   The 2010 Government Accountability Office Report (http://www.gao.gov/products/GAO-10-972) describes that fusion centers take varying approaches to the work that they do.  Some fusion centers are “All-Crime” centers, focusing on terrorism and other crimes, like narcotics smuggling and counterfeiting.  Other fusion centers are “All-Hazard” centers, focusing not only on terrorism and other crimes, but also on identifying and helping coordinate the response to other hazards, like emergencies and natural disasters.

Fusion Center Guidelines Chapter 14 is titled, "Offer a variety of intelligence services and products to customers." The output of the fusion center process is called "product," and it is recommended that the work of the centers not be limited to "intelligence product dissemination." The National Criminal Intelligence Sharing Plan states, "Criminal intelligence results from a process that begins with planning and direction, followed sequentially by: information collection, processing/collation, analysis, dissemination, and reevaluation (feedback) of information on suspected criminals and/or organizations."

The Guidelines recommend that Fusion Centers "produce both strategic and tactical" information and suggest a list of services and products to produce:

Investigative and tactical response
Proactive strategic analysis
Intelligence support for investigations
Visual investigative analysis
Alerts and notifications
Deconfliction
Target identification
Critical Infrastructure analysis
Training Opportunities
Geospatial Imaging
Criminal backgrounds and profiles
Case correlation
Crime-pattern Analysis
Association, link, and network analysis
Telephone-toll analysis
Flowcharting
Financial analysis
Intelligence reports and briefings
Threat assessments
Terrorism calendar

Where Does the Information Come From?

The range of information to be collected by service providers who participate in the fusion center effort could include: all sources of financial records kept by banking institutions; all contacts with the criminal justice system by criminals and non-criminals; all forms of education (day cares, preschools, primary and secondary schools, colleges and universities, and technical schools); government issued licenses and permits; access to medical records held by hospitals, public health, and primary care physicians; hospitality and lodging; information and telecommunication service providers; military facilities and defense industrial base; postal and shipping services; private security (alarm companies, armored car companies, investigative firms, corporate security offices); public works; social services; and transportation. The appendices of the Fusion Center Guidelines list the following as data collection targets:

Banking & Finance IT/Telecom

Health & Education

Jails/Prisons/Court Records

Federal, State, Local Gov. (Permits Licenses)

Hospitality & Lodging

Banks Credit Cards Co. Credit Reports Securities firms Financial services ISPs Telecommunication E-mail Providers Cyber Security Co. Day Care Centers Preschools Colleges/Universities Technical Schools Mental Health Physician Patient Info Local Hospitals Private EMS Veterinary Gang Information. Names of Associates Relatives Jail/Prison Visitors Biographical Info Traffic Accident Tribal Law Enforcement County Clerk US Courts Game and Fish DMV Records Vehicle Registrations Civil Records Property Appraiser Mortgages Deeds Civil Suits Gaming Industry Sports Authority Sporting facilities Amusement parks Cruise lines Hotels, motels, Resorts Convention Centers

Along with a host of local, state and federal law enforcement agencies, private companies also participated in the Public Safety Fusion Group, which included Walt Disney World Company, Fidelity Investments, Microsoft, and Archer Daniels Midland. The goal is to, within the fusion center environment, integrate nontraditional customers of information and intelligence with traditional customers of information analysis. Fusing of information based on an identified threat, criminal predicate, or public safety by the seamless collection, blending, analysis, dissemination, and use of information intelligence is the goal. The intelligence and analysis of information is proposed to be based on the needs of users, with the list of users including all levels and types of law enforcement, intelligence community, DOD, and private sector entities. It appears the official uses could be limitless.

The definition of national intelligence was changed by the enactment of the Intelligence Reform and Terrorism Prevention Act of 2004 bill to reform the intelligence community and the intelligence and intelligence-related activities of the United States Government.

The terms national intelligence and intelligence related to national security refer to all intelligence, regardless of the source from which derived and including information gathered within or outside the United States...

The new law also defines the information sharing environment, (ISE) as

The President shall ...ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment that connects existing systems, where appropriate, provides no single points of failure, and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector. It ensures direct and continuous online electronic access to information, facilitates the availability of information in a form and manner that facilitates its use in analysis, investigations and operations, and builds upon existing systems capabilities currently in use across the Government.

The focus of fusion centers is on information collection as a means of determining crime trends with an eye toward predicting crime before it occurs. The four major desired outcomes for fusion centers are: the reduction of the incident of crime; suppression of criminal activity; the regulation of noncriminal conduct; and the provision of services.

Funding and Other Support for Fusion Centers

According to the Government Accountability Office Report, the average funding breakdown for 52 fusion centers in fiscal year 2010 was:

  • Local Funds:  $10 million
  • State Funds:  $30 million
  • Federal Funds:  $62 million
Federal Support

The initial support for fusion centers came from federal funding.  Fusion Centers continue to get federal support in a number of ways.

  • Federal Grant Funding:  The Department of Homeland Security runs a Homeland Security Grant Program (HSGP).  This grant program consists of five smaller programs: (1)State Homeland Security Program (SHSP); (2)Urban Areas Security Initiative (UASI); (3) Operation Stonegarden (OPSG); (4) Metropolitan Medical Response System (MMRS); (5) Citizen Corps Program (CCP). The grant programs are not dedicated sources of funding for fusion centers and are not limited to funding fusion centers.  Even so, the State Homeland Security Program and the Urban Areas Security Initiative are primarily used for fusion center funding.  These funds are allocated at the discretion of the state and local grantees.  Between 2004 and 2009, the Government Accountability Office reports that $426,221,907 of Department of Homeland Security funding was used to support fusion center activities.
  • Federal Personnel:  The Department of Homeland Security and the Department of Justice supply fusion centers with full-time and part-time personnel.  According to the Government Accountability Office Report, as of July 2010, the DHS has deployed 58 personnel to fusion centers, and the FBI has deployed 74 personnel to fusion centers.
Participant Support

The Fusion Center Guidelines include advice on keeping the doors open once up and running. The Fusion Center Guidelines Chapter 17 recommends that centers leverage existing resources and funding from participants. One means suggested for accomplishing this is found in Chapter 5 of the Guidelines, which supports the use of "Utilize Memoranda of Understanding (MOUs) and Non-Disclosure Agreements (NDAs), or other types of agency agreements..."

Memoranda of Understanding are seen as a means of ensuring resource commitments from participants. The guidance also states the importance of identifying the return on investments made by Fusion Center partners.

Memorandum of understanding are informal agreements that are not contracts. A memorandum of understanding is a policy document used to establish ground rules for a particular purpose, project, or effort. In the case of Fusion Centers, a memorandum of understanding is reached among participating entities. A representative of each participating organization must sign the agreement on the entiy’s behalf. A series of internal directives may also be used to further refine the goals, purposes, and objectives of the Fusion Center.

Unlike memoranda of understanding, non-disclosure agreements do have a legal consequence if violated--these agreements are often associated with sensitive or proprietary information. The non-disclosure agreement offers another level of protection for those who engage in the sharing of secret or protected information. In this context, the guidelines specifically mentions the vulnerability of private sector participants who engage in the sharing of sensitive information. According to the Guidelines, "[T]he NDA provides private sector entities an additional layer of security, ensuring the security of private sector proprietary information and trade secrets." One of the types of information sought that is not related to physical protection of facilities are customer and client lists.

Justifying Fusion Center Development

The National Criminal Intelligence Sharing Plan released in October 2003 suggests that the events of September 11, 2001 were related to barriers that prevented information and intelligence sharing by local and state law enforcement agencies. This conclusion runs counter to the findings of the report by the National Commission on Terrorists Attacks released in July 2004. The Commission's report recounted that by July 2001, the heightened number of threat advisories had reached a level not seen since the Millennium bomb plot of 1999, which was averted. The report's Chapter 8, "The System was Blinking Red," stated that on July 2, the FBI issued a general threat advisory to local and state law enforcement agencies regarding the possibility of a terrorist attack. They were directed to "exercise extreme vigilance and report suspicious activities to the agency." On July 5, the Immigration and Naturalization Service (INS), the FAA, the Coast Guard, the Secret Service, Customs, the CIA, and the FBI met with the White House on the threat situation and were told not to share the threat information they received with others.

In April 2004, it was reported to the 9-11 Commission that the CIA and the FBI still could not search each other’s terrorist databases. The barriers were cause by a lack of interoperability among databases used by the two agencies.

Some point to Hurricane Katrina and its aftermath as another factor that motivated Fusion Center development.

Where do Privacy and Civil Liberties Protection Fit?

A July 2007 CRS report on Fusion Centers stated that "[c]urrently, the states legal authorities recognizing or establishing a fusion center range from nonexistent, to memorandum of agreements by the partnering agencies, and in one case a state statue, which defines the center and its responsibilities."

There are questions about the focus on privacy and civil liberty considerations within the development of the Global Justice Information Sharing Initiative and Department of Homeland Security, Fusion Center Guidelines. The guidelines were published in the summer of 2005, but the Global Privacy and Information Quality Working Group issued its final report, a Privacy Policy Development Guide and Implementation Templates, in October 2006. The report noted the importance of privacy protections from the conception through the implementation of an information sharing initiative and said,  “The project team should have access to subject-matter experts in areas of privacy law and technical systems design and operations, as well as skilled writers, but these individuals do not necessarily have to be team members.”

The Code of Federal Regulations (28 CFR Part 23) is cited in the National Criminal Intelligence Sharing Plan as the rule that provides "privacy protection for data subjects. The regulation addresses the management of inter-, and multi jurisdictional criminal intelligence sharing systems operated by local and state law enforcement or on their behalf.” For example on the issue of data accuracy, source information can be “Reliable,” “Usually Reliable,” or “Unreliable,” while content accuracy can be deemed to be “Confirmed,” “Probable,” or “Doubtful.” Further, local and state criminal data sharing entities "can [include] the names of individuals or organizations not reasonably suspected of involvement in criminal activity . . . in a criminal intelligence database." The code that allows users to access the system supports unlimited reasons for using the database, and there is no need to have reasonable suspicion before using it.

Federal rules regarding the accuracy of criminal databases is not more comprehensive than the state guidance. In 2003, the FBI established a new rule exempting the National Crime Information Center (NCIC) system from the accuracy requirements of the Privacy Act of 1974. The NCIC database provides over 80,000 law enforcement agencies with access to a computerized network of more than 39 million records regarding criminal activity. For the past thirty years, the FBI has operated the NCIC database with the Privacy Act accuracy requirement in place. The Act requires that any agency that maintains a system of records "maintain all records which are used . . . in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individuals in the determination." Circumventing that statutory obligation poses significant risks, not only to individuals whose record files may be part of this data system, but also for communities that rely on law enforcement to employ effective, reliable tools for ensuring public safety.

In March 2002, the FBI set a new record for inquiries processed in one day. It responded to 3,295,587 requests. On average, there are 2.8 million transactions processed each day, with an average response time of 0.16 seconds. As a result, any error in the NCIC database can spread across the country in less than a second.

Several well-publicized incidents demonstrate the consequences of inaccurate and incomplete information in the NCIC. In one case, a Los Angeles man was arrested five times, three of them occurred at gun point, due to an error in the NCIC [see Rogan v. Los Angeles, 668 F. Supp. 1384 (C.D. Cal. 1987)]. In this case, an escaped prisoner assumed the identity of an innocent person and then committed a robbery and murder. In another instance of criminal database error, a Phoenix resident, who was pulled over for driving the wrong way down a one-way street, was arrested after an NCIC inquiry erroneously revealed an outstanding misdemeanor arrest warrant that had been quashed weeks earlier.

These incidents, and others like them, reveal the potential harms that individuals may face if the records in the NCIC database are not accurate. These incidents demonstrate that the FBI should work to improve the accuracy of this system of records rather than administratively exempt itself of this important duty.

The Privacy Act of 1974

The Privacy Act of 1974, Public Law 93-579 was established with the express purpose of guarding against these types of government database abuses by setting standards for the quality of data the government collects about individuals. It safeguards privacy through creating four procedural and substantive rights in personal data. First, it requires government agencies to show an individual any records kept on him or her. Second, it requires agencies to follow certain principles, called "fair information practices," when gathering and handling personal data. Third, it places restrictions on how agencies can share an individual's data with other people and agencies. Fourth and finally, it lets individuals sue the government for violating its provisions.

In passing the Act, Congress found that "the opportunities for an individual to secure employment, insurance, and credit, and his rights to due process, and other legal protections are endangered by the misuse of certain information systems," and therefore, "it is necessary and proper for the Congress to regulate the collection, maintenance, use and dissemination of information by such agencies." To that end, Congress passed the Act to ensure, among other things, that any information held by the government would be "current and accurate for its intended use.”

The Privacy Act is a powerful tool for providing protection to people against government abuses when it is applied. Unfortunately, the Act allowed certain government agencies that are engaged in law enforcement the power to excuse themselves from the Act's rules. Agencies have also circumvented information sharing rules by exploiting a "routine use" exemption. It is unclear how the merging of law enforcement purposes with non-law enforcement purposes would play out, but legal challenges would create new areas for local, state, and federal courts to review the fusion center process.

The foundations of the Privacy Act are the elements of the Code of Fair Information Practices that are codified by that law. The Code of Fair Information Practices is cited three times in the Privacy Policy Development Guide and Implementation Templates drafted by the Global Privacy and Information Quality Working Group of the DOJ’s Global Justice Sharing Initiative. None of the citations enumerated the Code of Fair Information Practices or its history.

The Code for Fair Information Practices is the central contribution of the Health, Education, and Welfare Advisory Committee on Automated Data Systems. The Advisory Committee was established in 1972, and the report was released in July. The citation for the report is as follows:

U.S. Dept. of Health, Education, and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973). The Code of Fair Information Practices is based on five principles:
  1. There must be no personal data record-keeping systems whose very existence is secret.
  2. There must be a way for a person to find out what information about the person is in a record and how it is used.
  3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
  4. There must be a way for a person to correct or amend a record of identifiable information about the person.
  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.
In the context of fusion centers, no one knows the rules that will bring someone under scrutiny and what the consequences of that scrutiny might be.
  • December 2006, an article on the Salt Lake City Police Department’s fusion center efforts described it as “a way of tracking information that comes in from community groups like community councils and neighborhood watch, as well as the mayor’s office.” (Source: Deseret Morning News, Police idle Community Action Team, December 19, 2006)
  • January 2007, an article cites the Sacramento-based intelligence fusion center for indictments filed against California Healthcare Collective for illegal marijuana farming. (Source: Fresno Bee, Valley drug-fighters honored, January 18, 2007)
  • March of 2007, the Governor of California supported the creation of a “Baca countywide Gang Assessment Center,” he referred to as a fusion center. (Source: Whittier Daily News, Governor pledges help in battle against gangs, March 5, 2007)

The Washington Post reported on June 14, 2007 that the agency conducted a self-audit of 10 percent of its records on National Security Letter use and found over 1,000 violations. The majority of the violations were associated with the obtaining of telephone records from telecommunication service providers. The FBI acted in the wake of criticism that resulted from an earlier Department of Justice Inspector General report, which determined that the FBI abused the National Security Letter authority established by the Patriot Act.

Fusion Centers are in use without appropriate oversight or justification for their application for routine law enforcement matters or the vast collection, processing, and analysis of privacy and public information databases.

Articles

Online Resources

Legislation

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security