DHS Privacy Office: Fusion centers endanger privacy
- By Alice Lipowicz
- Dec 22, 2008
Intelligence fusion centers run by state and local law enforcement
agencies could jeopardize privacy, according to a report from the
Homeland Security Department’s chief privacy officer.
at risk at fusion centers because of ambiguous lines of authority and
oversight, the participation of military and private companies, and
excessive secrecy, said Hugo Teufel III, DHS’ chief privacy officer, in
a report dated Dec. 11 and posted online Dec. 22.
said the privacy assessment identifies hypothetical risks to privacy
that should be examined, but they are not necessarily reflective of
conditions or policies at the centers. DHS needs to investigate further to determine whether each center is effectively mitigating risks, he said.
we use the word ‘risk,’ we are identifying issues, not problems,”
Teufel said. “These are the things that the state and local fusion
centers should consider carefully.”
created the fusion center program in response to the Implementing
Recommendations of the 9/11 Commission Act of 2007 to foster two-way
information sharing between the department and state and local police.
Law enforcement agencies typically run the centers, and DHS assigns
intelligence analysts to work at them.
Despite the department’s
efforts to mitigate risks, DHS’ Privacy Office identified a number of
ongoing problems in its privacy impact assessment. The 9/11
implementation act provides statutory authority for fusion center
activities, but the public might distrust them because state and local
law enforcement agencies share personally identifiable information they
collect with one another and with federal officials, the report states.
fusion centers lack clear rules for storing and sharing personal
information because they are regulated by a mix of state and federal
laws, the report states, citing previous findings by the Government Accountability Office
. Consistent policies and training would mitigate those concerns, DHS’ Privacy Office said.
office identified military involvement at fusion centers as a risk to
privacy, but it said assessing the risk was beyond the report’s scope.
report also lists excessive secrecy, mission creep and inaccurate
information as concerns, but it states that appropriate responses
should alleviate them.
The privacy assessment also notes
concerns about data mining and private-sector involvement, which the
office intends to study further.
Caroline Fredrickson, director
of the American Civil Liberties Union’s Washington Legislative Office,
said the ACLU identified similar privacy concerns a year ago.
intelligence activities have a troubled history in the United States,
so we're glad to see the DHS Privacy Office shining a light on the
privacy threats fusion centers pose,” Fredrickson said. “Given the fact
that the DHS Privacy Office sees the same problems the ACLU does with
fusion centers, it should be obvious that serious oversight is
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.