Thursday, April 03, 2008

'Fusion centers' might be scary if they actually work

There are darn good reasons why President Harry Truman in 1947 insisted on a ban in the CIA charter on US intelligence services spying on Americans, but in the wake of 9/11 our nation seems to have largely forgotten them.

Still, anyone with the slightest small "l" libertarian streak must surely question the rise of a secretive network of "Fusion Centers," discussed on the front page of yesterday's Washington Post ("Centers tap into personal databases," April 2). Indeed, what are "fusion centers" except the state-level spearpoint of a domestic intelligence operation? Reported the Post:
Dozens of the organizations known as fusion centers were created after the Sept. 11, 2001, terrorist attacks to identify potential threats and improve the way information is shared. The centers use law enforcement analysts and sophisticated computer systems to compile, or fuse, disparate tips and clues and pass along the refined information to other agencies. They are expected to play important roles in national information-sharing networks that link local, state and federal authorities and enable them to automatically sift their storehouses of records for patterns and clues.

Though officials have publicly discussed the fusion centers' importance to national security, they have generally declined to elaborate on the centers' activities. But a document that lists resources used by the fusion centers shows how a dozen of the organizations in the northeastern United States rely far more on access to commercial and government databases than had previously been disclosed.

Those details have come to light at a time of debate about domestic intelligence efforts, including eavesdropping and data-aggregation programs at the National Security Agency, and whether the government has enough protections in place to prevent abuses.

The list of information resources was part of a survey conducted last year, officials familiar with the effort said. It shows that, like most police agencies, the fusion centers have subscriptions to private information-broker services that keep records about Americans' locations, financial holdings, associates, relatives, firearms licenses and the like.

Centers serving New York and other states also tap into a Federal Trade Commission database with information about hundreds of thousands of identity-theft reports, the document and police interviews show.

Pennsylvania buys credit reports and uses face-recognition software to examine driver's license photos, while analysts in Rhode Island have access to car-rental databases. In Maryland, authorities rely on a little-known data broker called Entersect, which claims it maintains 12 billion records about 98 percent of Americans.
It's a little creepy for law enforcement to gather information en masse about average Americans who've committed no crimes. There's a slippery slope aspect here that can't be ignored, circumventing the ban in the 1947 National Security Act on domestic spying.

We have two formal "fusion centers" in Texas - one in Austin (the Texas Security Analysis and Alert Center) and one in Collin County (the North Central Texas Fusion Center). In addition, though, last year it was revealed that the Governor created 11 "joint operational intelligence centers" aimed at border security that I know very little about (nor do I understand the relation between those and the two Fusion Centers). These "joint operational intelligence centers" do not collaborate with the Department of Public Safety (which operates the Austin fusion center in a nuke-proof bunker three stories below ground in North Austin) according to legislative testimony last year, so it's a mystery to me how all this "fusing" of information really plays out on the ground.

Legislation authorizing Texas' Fusion Centers only passed in 2007, but they were bothclearly already up and running by the time they were authorized. As I wrote during the 80th Texas Legislature:
There's one thing I find particularly odd about all this. Rep. Farrar and the bill language itself say the legislation would "create" the Texas Fusion Center, which is a massive, secretive, centralized intelligence gathering operation that analyzes info from all levels of law enforcement.

Not only is that redundant with the Department of Public Safety's criminal intelligence division, the "Fusion Center" as I understand it is already in operation - apparently without legal authority. I say that because when the Lege in 2005 removed restrictions on law enforcement's use of fingerprints from the driver license database, Gov. Perry's Texas Fusion Center immediately took the data and gave it to the feds to run against unnamed criminal and terrorism databases.

So this bill won't create the Fusion Center, it will only give cover to Gov. Perry for initiating such projects (like the TDEX database) without legislative authority or approval.
That same kind of mass information dump is taking place all over the country via these fusion centers. Information that was scattered in government silos on a need to know basis - or gathered by private vendors for commercial purposes - now gets dumped wholesale upstream into federal hands. To what end, though? Do the benefits outweigh the risks and costs? Indeed, can anyone identify any benefit at all?

The Congressional Research Service last year similarly questioned whether fusion centers could demonstrate they were worth the money, time and effort, identifying "several risks to the fusion center concept — including potential privacy and civil liberties violations, and the possible inability of fusion centers to demonstrate utility in the absence of future terrorist attacks, particularly during periods of relative state fiscal austerity."

CRS additionally questioned whether fusion centers have "created a false sense of security?"

Indeed, probably the greatest comfort to me about potential abuse of fusion centers is that I don't believe analysts can meaningfully comb through that much data pro-actively, which means their work is reactive and thus largely redundant and worthless. Thus I see them, at least so far, as more a pointless boondoggle than a tangible privacy threat. That could change, though, if we begin to hear evidence these data streams have been abused.

Texas' fusion centers and "joint operational intelligence centers" are a subject I'd planned to pursue in greater detail on the blog last year, but the Texas Youth Commission debacle knocked them off my radar screen. Still, I've seen scarce little benefit from all this information sharing, and much potential for waste and even harm. This Washington Post piece does little to abate that initial skepticism.

See prior related Grits posts:
And from the Congressional Research Service:

3 comments:

Anonymous said...

George Orwell and a number of other prophetic writers are rolling in their graves. 1984 is here. The gathering of all this info may be useless, but the opportunity for misuse is huge. I am sure there's plenty in my file.

Anonymous said...

To anon @ 11:43...Yes there are quite a few interesting tidbits in your file....and mine too! But who is watching the watchers?

Anonymous said...

"Fusion" centers used to be Counter-Terrorism Intelligence centers, which used to be Joint Drug Intelligence centers, which used to be just plain Intelligence units..... another bureaucratic puzzle palace that does nothing more than suck up tax dollars.
Don't worry, if they're looking at you; it's just because they want to go to lunch at the same place you are.