Feds take counterterrorism local
Information technology solutions are likely to be the primary ingredient in nationwide efforts to let state and local authorities share police reports on activity judged to be suspicious and potentially linked to terrorism.
Authorities say local police efforts to record and share activities that could be related to terrorism are critical to the government’s counterterrorism effort. However, the specifics of how thousands of jurisdictions will record the reports and then share them through IT systems with federal counterterrorism officials remain open questions.
The Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment (PM-ISE) is leading the national Suspicious Activity Report (SAR) initiative. In January, the office released standards for SARs that are to be shared across the national Information Sharing Environment, or ISE-SARs.
An initial privacy and civil liberties analysis for the PM-ISE-led effort, released last month, provides detail of a yearlong evaluation project that will test various technologies and workflows for the
ISE-SAR process at 12 sites nationwide.
According to the study, authorities are not trying to create a single system for accessing or storing ISE-SARs. Instead, they are taking a federated approach, allowing jurisdictions to operate their chosen systems. However, those systems must comply with an enterprise architecture and use common data standards to manage user access to the different systems.
State and local intelligence fusion centers and FBI Joint Terrorism Task Forces (JTTF) will also play a role in determining whether information qualifies as an ISE-SAR. Establishing the needed policies to make the systems work together is a challenge for federal and local authorities.
The government is testing suspicious-activity reporting processes and measuring how the ISE-SAR standards further the government’s counterterrorism goals. The evaluation process, called the ISE-SAR Evaluation Environment, seeks to test various aspects and technologies in the ISE-SAR process.
One concept under consideration is a PM-ISE project called Shared Spaces. Participants post ISE-SARs through a fusion center’s shared space so other authorities can view it.
Once the jurisdictions involved standardize access, system certification and accreditation rules and apply them to the system, users will have access to information across those shared spaces rather than having to use multiple systems.
Meanwhile, officials also will test SARs sharing by using the FBI’s eGuardian system, which is designed to enable state and local law enforcement authorities to share suspicious-activity reports with the FBI’s JTTF at a nonsecret level.
Federal officials say testing Shared Spaces and eGuardian will let them refine the systems and the process.
Sharing suspicious-activity reporting is one way to identify relationships among seemingly unrelated occurrences, the proverbial connecting of the dots that many analysts say intelligence authorities failed to do before the 2001 terrorist attacks.
Jurisdictions have different priorities and laws regarding the sharing of criminal intelligence and raw police data. In addition, states and localities have vastly diverse technological and analytic capabilities, and varying levels of funding and experience with terrorism issues. The increased recording, maintaining and sharing of information on observed behaviors that are not inherently criminal also raise privacy and civil-liberties issues.
However, not all experts agree that information sharing needs great expansion. Michael German, policy counsel at the American Civil Liberties Union and a former FBI agent, said he is concerned that tasking local and state law enforcement with suspicious-activity reporting could cause them to open investigations that are not pressing, thus diverting resources from more important con erns.
Encouraging law enforcement officials to track legal behaviors that could be considered suspicious invites profiling, he added.
Joan McNamara, assistant commanding officer of the Los Angeles Police Department’s Counter-Terrorism and Criminal Intelligence Bureau, said her department has tried to build a SAR system based on behaviors, not individuals. The LAPD, which has led the way in developing local SAR reporting procedures and implemented its departmental policies in March, will be one of the sites testing both eGuardian and Shared Spaces.
“You have to develop the process at the local agency to get the dot” and then the policies for sharing the dots, she said. “There’s certainly technology that exists so that these systems, both of them, will complement each other. They won’t be siloed systems.”
John Cohen, a senior adviser at PM-ISE, said that the goal of the evaluation process is to confirm that the assumptions about the SAR processes are valid and to make modifications, if necessary.
He added that the government was also making sure standards that protect privacy rights and civil liberties were in place. Cohen said the effort’s goal is not to create a big database of information, but to provide frontline authorities with an expanded toolset.
In July, the Justice Department proposed amending long-standing rules that govern how state and local law enforcement entities gather, store and share criminal intelligence data in federally funded systems.
The proposed amendments would put terrorism and its material support into the category of criminal activities state and local law enforcement agencies should monitor. In addition, they would establish standards for how information can be used for prevention purposes, something that the regulations do not currently mention.
German said the changes are unnecessary and amount to creating a domestic intelligence apparatus.
The proposed changes would expand the regulation to include terrorism and allow data to be held for 10 years without review, rather than five, and apply to organizations rather than just individuals. However, the proposed changes would not remove the standard of reasonable suspicion of criminal activity under which criminal intelligence can be shared.
Gerald Rogero, an FBI supervisory special agent who is the business program manager for eGuardian and the FBI’s classified Guardian system, said that is the standard used for vetting and to determine retention in eGuardian.
He also said eGuardian will offer a flexible record-retention policy to accommodate state and local laws for maintaining information that are more stringent than federal regulations.
Rogero said eGuardian is different from the Shared Spaces concept in that a report remains in draft mode while it resides on the FBI server. Under eGuardian, a state or local agency sets up accounts and determines how it wants reports to flow through the system, he said. FBI then provides administrative rights to the nonfederal agency. Users enter their initial reports in draft mode and FBI can access them and incorporate them into their own secret eGuardian system once the decision is made that it does meet the criteria for sharing.
“We actually are able at this point now to bring information and develop a richer picture for the future,” McNamara said. “Now, how that information is shared and how we do it, keeping in mind all of these very stringent guidelines, is the task ahead and I think we’ve got the right people at the table.”
Ben Bain is a reporter for Federal Computer Week.