[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]
THE DEPARTMENT OF HOMELAND SECURITY STATE AND LOCAL FUSION CENTER
PROGRAM:
=======================================================================
HEARING
before the
SUBCOMMITTEE ON INTELLIGENCE, INFORMATION SHARING, AND
TERRORISM RISK ASSESSMENT
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED TENTH CONGRESS
FIRST SESSION
__________
MARCH 14, 2007
__________
Serial No. 110-15
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC] [TIFF OMITTED] TONGRESS.#13
Available via the World Wide Web: http://www.gpoaccess.gov/congress/
index.html
__________
U.S. GOVERNMENT PRINTING OFFICE
35-274 PDF WASHINGTON : 2009
----------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092104 Mail: Stop IDCC, Washington, DC 20402�0900012009
COMMITTEE ON HOMELAND SECURITY
BENNIE G. THOMPSON, Mississippi, Chairman
LORETTA SANCHEZ, California, PETER T. KING, New York
EDWARD J. MARKEY, Massachusetts LAMAR SMITH, Texas
NORMAN D. DICKS, Washington CHRISTOPHER SHAYS, Connecticut
JANE HARMAN, California MARK E. SOUDER, Indiana
PETER A. DeFAZIO, Oregon TOM DAVIS, Virginia
NITA M. LOWEY, New York DANIEL E. LUNGREN, California
ELEANOR HOLMES NORTON, District of MIKE ROGERS, Alabama
Columbia BOBBY JINDAL, Louisiana
ZOE LOFGREN, California DAVID G. REICHERT, Washington
SHEILA JACKSON LEE, Texas MICHAEL T. McCAUL, Texas
DONNA M. CHRISTENSEN, U.S. Virgin CHARLES W. DENT, Pennsylvania
Islands GINNY BROWN-WAITE, Florida
BOB ETHERIDGE, North Carolina MARSHA BLACKBURN, Tennessee
JAMES R. LANGEVIN, Rhode Island GUS M. BILIRAKIS, Florida
HENRY CUELLAR, Texas DAVID DAVIS, Tennessee
CHRISTOPHER P. CARNEY, Pennsylvania
YVETTE D. CLARKE, New York
AL GREEN, Texas
ED PERLMUTTER, Colorado
VACANCY
Jessica Herrera-Flanigan, Staff Director & General Counsel
Todd Gee, Chief Counsel
Michael Twinchek, Chief Clerk
Robert O'Connor, Minority Staff Director
______
SUBCOMMITTEE ON INTELLIGENCE, INFORMATION SHARING, AND TERRORISM RISK
ASSESSMENT
JANE HARMAN, California, Chair
NORMAN D. DICKS, Washington DAVID G. REICHERT, Washington
JAMES R. LANGEVIN, Rhode Island CHRISTOPHER SHAYS, Connecticut
CHRISTOPHER P. CARNEY, Pennsylvania CHARLES W. DENT, Pennsylvania
ED PERLMUTTER, Colorado PETER T. KING, New York (Ex
BENNIE G. THOMPSON, Mississippi (Ex Officio)
Officio)
Thomas M. Finan, Director and Counsel
Brandon Declet, Counsel
Natalie Nixon, Deputy Chief Clerk
Deron McElroy, Minority Senior Professional Staff Member
(II)
C O N T E N T S
----------
Page
Statements
The Honorable Jane Harman, a Representative in Congress from the
State of California, and Chair, Subcommittee on Intelligence,
Information Sharing, and Terrorism Risk Assessment:
Oral Statement................................................. 1
Prepared Staement.............................................. 3
The Honorable David G. Reichert, a Representative in Congress
from the State of Washington, and Ranking Member, Subcommittee
on Intelligence, Information Sharing, and Terrorism Risk
Assessment..................................................... 14
The Honorable Charles W. Dent, a Representative in Congress from
the State of Pennsylvania...................................... 18
The Honorable Norman D. Dicks, a Representative in Congress from
the State of Washington........................................ 16
Witnesses
Panel I
Mr. Charles E. Allen, Chief Intelligence Officer, Office of
Intelligence and Analysis, Department of Homeland Security:
Oral Statement................................................. 5
Prepared Statement............................................. 8
Mr. Daniel W. Sutherland, Officer for Civil Rights and Civil
Liberties, Department of Homeland Security:
Oral Statement................................................. 20
Prepared Statement............................................. 21
Mr. Hugo Teufel, Privacy Officer, Department of Homeland
Security:
Oral Statement................................................. 24
Prepared Statement............................................. 25
For the Record
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi:
Prepared Statement............................................. 31
Questions and Responses:
Responses from Mr. Daniel W. Sutherland and Mr. Hugo Tuefel.... 32
ADVANCING INFORMATION SHARING WHILE SAFEGUARDING CIVIL LIBERTIES
----------
Wednesday, March 14, 2007
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Intelligence, Information
Sharing, and Terrorism Risk Assessment,
Washington, DC.
The subcommittee met, pursuant to call, at 3:40 p.m., in
Room 311, Cannon House Office Building, Hon. Jane Harman
[chairwoman of the subcommittee] presiding.
Present: Representatives Harman, Dicks, Reichert, and Dent.
Ms. Harman. Good afternoon. The subcommittee will come to
order. The subcommittee is meeting today to receive testimony
on State and local fusion centers and on advancing information
sharing while safeguarding civil liberties.
Earlier this week, I led a member tour to two facilities in
the D.C. area with critical Homeland Security missions--the
National Counterterrorism Center and the Maryland Coordination
and Analysis Center, or MCAC, in suburban Baltimore. I,
frankly, saw some things that were inspirational and a few
things that worried me. Representatives Perlmutter, Shays,
Wolf, and I were particularly impressed by the NCTC, the
Nation's fusion center for all terrorism-related information.
It is clear that the NCTC has played a key role in improving
information sharing across the Federal Government, and Admiral
Scott Redd and his team are to be commended for their work
there.
I was disturbed, however, by what I learned about the
emerging plans for the Interagency Threat Assessment and
Coordination Group, or the ITACG, that our witness, Mr. Allen
described in his testimony here last month. How this group,
which is supposed to be creating unclassified products for
State, local and tribal law enforcement officers across the
country is going to be effective with only one local law
enforcement person on staff is beyond me, and I am a bit
disappointed that DHS, the agency that is supposed to be
advocating for State and locals, has not fought harder to
expand the number of nonFederal players at the ITACG table.
The subcommittee may have to take a very close look at the
ITACG in the current months, in the coming months, and I am
certain that chairman would agree with me. It also is a good
thing that to my right sits a former sheriff who I think would
have some insights into the value of local participation at the
Federal level and creating the products that are then
distributed for local consumption.
Our group also paid a visit to the Maryland Coordination
and Analysis Center, the MCAC, in West Baltimore, as I
mentioned. While the MCAC staffers were enthusiastic about
their work and impressive, it is clear that the organization
has no budget and is staffed mainly by detailees on loan from
other agencies. They saw that as a positive because that meant
that no one agency was in charge, which they felt would
discourage other agencies from participating, but I saw that as
a negative because, if any of those agencies faced budget
squeezes, the easiest place to squeeze is to remove the
detailee from the MCAC, and then there would be that enormous
loss of competence. Although the MCAC is turning out impressive
intelligence products on a daily basis, the facilities it
occupies are, to say the least, modest. I was pleased to meet
DHS' staffer, Charlie Allen's person, at the MCAC.
But I left the MCAC with one main conclusion, and that is
that all the DHS staff assistance in the world will not get the
job done if fusion centers do not have adequate and sustained
funding. Without money, they are going to disappear, and the
DHS State and Local Fusion Center Program will not succeed.
In addition to sustained funding, we need to
institutionalize how we are doing intelligence at these
facilities. That means that we should be encouraging not only
intelligence fusion but also--and I know our witness agrees--
rigorous adoption of privacy and civil liberties' protections
as part of the process. I often say that security and liberty
are not a zero sum exercise.
It is not that you get more of one and less of the other;
it is that you get more of both or less of both, and so it is
absolutely critical that we factor both in at the front end,
and then we give confidence to those whose information we hope
will be contributed to these fusion centers and whose
information may be the critical piece that helps us unravel a
plot before it is launched against America and American
interests. Of course, we are pleased that Charlie Allen is back
to address these concerns.
Let me say, Charlie, that I have been through the
President's requested budget numbers, and I, frankly, do not
see how you can meet your goal of having your staff in up to 40
fusion centers by the end of fiscal year 2008 without some very
creative thinking and reprioritization on your part or without
some additional help on our part. While we can not get into any
classified figures and staffing levels here, I hope you will be
able to shed light on where the President's budget request
leaves you and on how you will go about meeting your fusion
center targets, given the budget constraints you are facing.
We also hope to hear more about the privacy and civil
liberties education that you have mentioned in recent months
before this subcommittee and before the Senate Select Committee
on Intelligence.
In that regard, I am pleased that we have with us today
both the Department's Privacy Officer, Hugo Teufel, and its
Civil Rights and Civil Liberties Officer, Daniel Sutherland.
I note that this hearing comes on the heels of the National
Fusion Center Conference in Florida last week where DHS, DOJ
and the DNI and many State and local representatives and some
of our staff got together to discuss the very issues on our
agenda. I am happy that we all seem to be on the same page. Now
it is time to move to the next chapter.
Welcome again to you.
Prepared Statement of Hon. Jane Harman
Earlier this week, I led a Member tour to two facilities in the DC
area with critical homeland security missions--the National
Counterterrorism Center and the Maryland Coordination and Analysis
Center (MCAC) in suburban Baltimore.
I frankly saw some things that were inspirational and some things
that worried me tremendously.
Representatives Perlmutter, Shays, Wolf, and I were particularly
impressed by the NCTC, the nation's ``fusion center'' for all
terrorism-related information. It's clear that that the NCTC has played
a key role in improving information sharing across the Federal
government, and Admiral Redd and his team are to be commended for their
work there.
I was disturbed, however, by what I learned about the emerging
plans for the Interagency Threat Assessment and Coordination Group--the
ITACG--that Mr. Allen described in his testimony here last month.
How this group--which is supposed to be creating unclassified
products for State, local, and tribal law enforcement officers across
the country--is going to be effective with ONLY ONE local law
enforcement person on staff is beyond me.
And I'm disappointed that DHS--the agency that is supposed to be
advocating for State and locals--has not fought harder to expand the
number of non-Federal players at the ITACG table.
The Subcommittee may have to take a very close look at the ITACG in
the coming months, and I am certain the Chairman would agree with me.
We also paid a visit to the Maryland Coordination and Analysis
Center (MCAC)--Maryland's State fusion center.
While the MCAC staffers were enthusiastic about their work and are
undoubtedly working very hard, it's clear that the organization has no
budget and is staffed mainly by detailees on loan from other agencies.
And although the MCAC is turning out impressive intelligence
products on a daily basis, the facilities it occupies are--to say the
least--very modest.
I was pleased to meet DHS' staffer at the MCAC, but I left the MCAC
with one main conclusion: all the DHS staffing in the world won't make
a bit of difference if fusion centers do not have adequate and
sustained funding.
Without money, they're going to disappear, and DHS' State and Local
Fusion Center Program won't make a bit of difference.
In addition to sustained funding, we need to institutionalize how
we are doing intelligence at these facilities.
That means that we should be encouraging not only intelligence
fusion but also rigorous adoption of privacy and civil liberties
protections as part of that process.
We're pleased that Charlie Allen is back to address these concerns.
I've been through the President?s requested budget numbers,
Charlie, and I frankly don't see how you can meet your goal of having
your staff in up to 40 fusion centers by the end of Fiscal Year 2008
without some very creative thinking and re-prioritization on your part.
While we can't get into any classified figures and staffing levels
here, I hope you'll be able to shed some light on where the President's
budget request leaves you, and how you will go about meeting your
fusion center targets given the budget constraints you're facing.
I also want to hear more about the privacy and civil liberties
education that you have mentioned in recent months before this
Subcommittee and the Senate Select Committee on Intelligence.
In that regard, I'm pleased that we have with us today both the
Department's Privacy Officer, Hugo Teufel (pronounced ``Too-fell''),
and its Civil Rights and Civil Liberties Officer, Mr. Daniel
Sutherland.
I note that this hearing comes on the heels of the National Fusion
Center Conference in Florida last week--where DHS, DOJ, the DNI, and
many State and local representatives got together to discuss the very
issues on our agenda today.
I am happy that we all seem to be on the same page. Now it's time
to move to the next chapter--specifically, to ensure that the funding
and privacy and civil liberties ``know how'' that is necessary for
fusion centers is authorized, appropriated, and put into action while
safeguarding civil rights and civil liberties at the same time.
Welcome again to you all.
Ms. Harman. I will now recognize Sheriff Reichert, the
ranking member of the subcommittee, for an opening statement.
Mr. Reichert. Thank you, Madam Chair.
I want to thank you for holding this important hearing. We
are, I think, going to make a great team, and I am glad to see
my good friend from Washington State, Norm, here with us today,
so the three of us will get to inquire a little bit further
after your testimony.
Charlie, it is good to see you again, and I have only met
you a few times, but I feel very comfortable with you, and it
seems like we have known each other for quite a long time. You
are very responsive and always available for questions and
guidance, and we all appreciate that on this subcommittee. You
know, the process is a little--it always kind of amuses me that
politicians speak for a while and those are things, you know,
that we need to get on the record, but we also want to hear
from the witness, so I will ask you to indulge me just a little
bit here while I take the opportunity to express some of my
views for the record, and then we will get to the questioning.
You know, I am a sheriff and a law enforcement officer at
heart, and there are certain things that touch all of us. Now,
as we look ahead to the future of this country and to the
gathering of intelligence, the protection of private rights
really is at the top of the list. For 33 years, that is what I
did was protect people, protect communities, protect neighbors,
and protect their rights. A substantial part of the intelligent
portion of the authorization bill that we are talking about
today will focus on the Department of Homeland Security's
involvement in State and local fusion centers. DHS, the FBI and
other Federal agencies are participating with local law
enforcement in these fusion centers, and many questions are
raised as local and Federal agencies partner, including: What
role does the Federal Government have? Should there be more
money allocated for the Federal role in these centers? Should
personnel costs of local law enforcement be funded by the
Federal Government since they are now participating in a so-
called ``nontraditional'' law enforcement role?
As a former sheriff of a major county, I was required to
reallocate personnel to participate in the joint analytical
centers and the JTTS. In knowing the burden this places on
local law enforcement, I believe the Federal Government has an
obligation to partner with local authorities in the operation
and funding of local fusion centers. I look forward to hearing
from Mr. Allen on these issues today.
Another pressing issue on many of our minds is civil rights
and civil liberties, as I said, and is the main subject of our
second panel. It is essential that we have the tools and the
resources necessary to protect our Nation from future terrorist
attacks. However, DHS and other agencies must have a healthy
respect for privacy and other civil rights and civil liberties.
We all hear complaints about potential violations in the
newspapers, and some of these are real and concerning; some are
speculative and lack supporting evidence, but what is important
is the establishment of proper training methods and procedures
for protecting privacy and civil liberties so that mistakes and
abuses can be avoided, detected and corrected. In this respect,
we must recognize the hard and often thankless work of the DHS
Privacy Office and the DHS Civil Rights and Civil Liberties
Office. Their sole mission is to minimize the Department's
impact on people's privacy and rights.
The DHS fusion center work has progressed over the last
year on many fronts--from conceptual development, to deploying
personnel, to the fusion centers. As part of this development,
the Department issued fusion center guidelines and disseminated
a fusion center grant planning tool. In the guidelines, DHS
specifically focuses on privacy as a minimum consideration for
interagency Memorandums of Understanding. DHS also adds as a
key element of the guidelines adhering to privacy and civil
liberty policies.
As part of the fusion center planning tool, grant funding
is allowed to establish a fusion center's critical baseline
operations standards. One of these critical baseline standards
is the identification and implementation of privacy and civil
liberty protections. Every fusion center official that I have
spoken with has acknowledged the importance of safeguarding
civil liberties. I look forward to hearing from the Department
of Homeland Security on what additional work is to be done to
follow up with the fusion centers on these important priorities
and in ensuring that employees receive appropriate training in
privacy and civil liberty issues.
Most recently, I visited the LA Fusion Center and had also
visited Seattle's once again--as I am quite familiar with their
joint analytical center--as they progress and move toward a
fusion center, two very outstanding operations, and DHS' role
in both of those fusion centers has been greatly appreciated.
Madam Chair, I yield.
Ms. Harman. I thank you for your comments, and I would note
that other members of the subcommittee under our committee
rules are encouraged to submit opening statements for the
record, but we will now proceed directly to our first witness,
Charlie Allen, who has been introduced numerous times by this
committee and subcommittee, and so I just would point out he is
the Department of Homeland Security's Chief Intelligence
Officer with a long and distinguished background and a long and
distinguished future.
Please summarize your remarks, Mr. Allen, for the record,
and we will go directly to questions.
We will have a second panel today to discuss some of the
issues that have been raised in the opening statements.
STATEMENT OF CHARLES E. ALLEN, CHIEF INTELLIGENCE OFFICER,
OFFICE OF INGELLIGENCE AND ANALYSIS, DEPARTMENT OF HOMELAND
SECURITY
Mr. Allen. Thank you very much, Chairwoman, Harman, Ranking
Member Reichert and Congressman Dicks.
I really do welcome the opportunity to speak about our
State and Local Fusion Center Program, and also how we work to
protect civil rights and civil liberties. Also, it is a
pleasure to be here to know that we have Mr. Hugo Teufel and
Dan Sutherland. I appeared with Mr. Sutherland this morning
over on the Senate Homeland Security Committee to talk about
radicalization. I probably will omit comments about
radicalization in my summary here, but I certainly can answer
questions on that.
I do want to speak to the Interagency Threat Assessment and
Coordination Group, which, by the way, is now called the
Federal Coordinating Group. We are beginning to move staff
officers who form a core advance team into our location out at
Liberty Crossing, as you indicated, and we are beginning to
work with Federal and nonFederal partners to staff fully the
group. It will be a real opportunity to have sustained,
coordinated information sharing down at State and local levels,
and we are working to include additional people from State and
local governments.
In fact, in the initial stand-up staff, I envision two or
three officers, certainly. I do not know exactly what was said
out at the NCTC, but we are still working to put together a
concept of operations, and I want to assure you that there is
going to be growth in State and local government
representation.
Let me touch on how the State and Local Fusion Center
Program promotes information sharing, and it does this both
horizontally between centers across the country and, of course,
vertically between the Intelligence Community and the centers
while working to safeguard civil liberties and privacy.
Protecting privacy and civil liberties remains one of my top
organizational priorities. I hold my office to the highest
standards in these areas, and we reinforce these principles
with all of our employees.
In terms of incorporating privacy and civil liberties
training into our fusion center program, the Department of
Justice has made strong efforts to establish and provide
important training and outreach programs to fusion center
personnel. The Global Justice Fusion Center Guidelines,
published by the Department of Justice, DHS and in
participation with State and local governments, requires fusion
centers to create policies that safeguard civil liberties. The
National Fusion Center Conference last week, which you alluded
to, brought subject matter experts from across the United
States to discuss privacy and civil liberties, and there were
two sessions, two breakout sessions, devoted to that that were
well attended--I was very pleased to see that--and over 600
people came to that conference.
In addition, Federal Intelligence Officers assigned to the
fusion centers have to comply with policy obligations regarding
annual training requirements for protecting U.S. persons and
are abiding by privacy guidelines of the information sharing
environment, which, of course, you are well aware of and is
managed by Ambassador Ted McNamara. We are working closely with
various DHS and the external Civil Liberties and Privacy Office
to ensure adequate oversight in these areas and to identify
where additional training is needed.
The last time I appeared before this subcommittee, you
shared three priorities--information sharing with first
presenters, the potential radicalization and reducing
overclassification of intelligence. Let me just talk about
information sharing with first presenters.
The new DNI, Mike McConnell, recently set forth his vision
for the Intelligence Community. He says we all have ``a
responsibility to provide,'' not just to share. When I spoke to
you last, I pledged that DHS intelligence would set the
standard in this area. Our fusion center program underscores
the importance I place in this area. To this end, the
Department created a State and Local Fusion Center Program
almost 9 months ago.
This program, as you know, embeds DHS officers into fusion
centers to share information, to collaborate on analysis and to
identify information of intelligence value at a State and local
level, and I believe, on issues of radicalization and also on
all threats, there is a lot of information at that level as
Ranking Member Reichert pointed out. My officers continue to
work with the intelligence officers of DHS operating components
and with the Intelligence Community to move tailored and timely
intelligence out to the fusion centers. The result is better
reporting and validating of actionable information both to our
State and local partners and to the Intelligence Community. Our
efforts to deploy intelligence analysts to the fusion centers
around the country are progressing, and we will accelerate
deployments if we can. We have officers in twelve fusion
centers, and we do have an aggressive schedule to deploy up to
35 officers by the end of fiscal year 2008, and that will be a
challenge as you pointed out in your comments, and I will be
happy to try to respond to questions.
We also realize there is a critical need to provide the
physical infrastructure and technology to share that
information. At the secret level, my office is deploying a
homeland security data network, HSDN, to the fusion centers.
The Department is giving direct access, not just to my
officers, but to State and local officials, just as if they
were working at the Federal level. The establishment of a
homeland security information portal and the deployment of HSDN
are major steps to increasing connectivity between DHS
intelligence and our State and local partners.
We are beginning to realize the benefits of the
strengthened relationships that the State and Local Fusion
Center Program is creating, especially in creating new
information into the centers. We recently assisted a West Coast
fusion center in establishing solid information links to
extremists operating outside of the United States by connecting
informing from local investigators with senior intelligence
analysts in my office.
I share many of the concerns expressed by the committee at
the last hearing about creating the sustainable fusion center
capability at non Federal levels. You are absolutely right.
There are going to be challenges, and these centers are in
various stages of development. Some are immature, and some are
like the JRIC in Norwalk near Los Angeles, which is very
mature.
I will defer my comments on radicalization but look forward
to any questions. A number of the committee members remarked on
the challenges that remain in being able to disseminate
intelligence to those who need it, especially State and local
partners, including a continuing proclivity toward
overclassifying intelligence. I have fought against this
tendency throughout my career while trying to ensure we protect
sources and methods.
As I noted previously, I look forward to working on this
issue with the committee because my primary customers, whether
in the State, the private sector or the Department, require
intelligence shared with them at unclassified and at secret
levels. If there is top secret level, we can sanitize it to
secret if there are warning threat assessment necessities.
In conclusion, the United States and its allies are engaged
in a continual global struggle against a broad range of
transnational threats. While the Department of Homeland
Security intelligence is still maturing, we are undertaking
vitally important new initiatives such as a State and Local
Fusion Center Program to accomplish the Department's mission of
preventing and mitigating those threats. While our fusion
center initiatives are advancing, invaluable, seamless
partnerships are fusing information intelligence. This will be
done--I can assure you--while working hard to safeguard privacy
and civil liberties. The success of these initiatives is based
on DHS intelligence, setting the standards of inclusiveness,
access, and collaboration with all of our partners.
I look forward to your questions.
Ms. Harman. Thank you, Mr. Allen.
[The statement of Mr. Allen follows:]
Prepared Statement of Charles E. Allen
Introduction
Chairwoman Harman, Ranking Member Reichert, and Members of the
Subcommittee: Let me start by saying how pleased I am to be back before
your Subcommittee--your continued focus on the critical capabilities
that DHS Intelligence provides to the security of our homeland is
further evidence of the commitment you have shown to our programs. I
thank you greatly for your ongoing support.
I would like to provide an update on our progress in establishing
the Interagency Threat Assessment and Coordination Group, which is now
called the Federal Coordinating Group. This group will facilitate the
production of ``federal coordinated information,'' ensuring our non-
Federal partners have the validated, accurate, timely, and actionable
information they need to protect against the threat of terrorism. I am
pleased to announce that since I last spoke with you a month ago, we
have begun moving staff officers, who form a core advance team, into
our location in Liberty Crossing and are working with our Federal and
non-Federal partners to fully staff the group. We have a substantial
opportunity to construct lasting coordinated solutions by working
together. The Federal Coordinating Group's advance team is gathering
momentum; each day brings new substantive steps forward. I want to
thank both the legislative and executive branches for helping to
further the President's vision for information sharing.
Today, I would first like to touch on the highlights of how the
Department's State and Local Fusion Center (SLFC) program, and other
key initiatives in our proposed FY 2008 budget, promote information
sharing both horizontally between fusion centers and vertically to the
Intelligence Community, all the while safeguarding civil liberties.
Civil Liberties and Privacy
Protecting privacy and civil liberties remains one of my top
organizational priorities as we work in our homeland security
intelligence domain. I hold my Office to the highest standards in these
areas and continually reinforce these principles with my senior
managers and with all of our employees. I am also mandating that our
new programs, such as the State and Local Fusion Center program,
incorporate appropriate safeguards and oversight in these areas that
intersect with homeland security.
I echo the Secretary's vision that effective tools and measures,
such as training, should be developed to safeguard privacy and civil
liberties. In terms of incorporating privacy and civil liberties
training into our fusion center program, the Department of Justice
(DOJ) has made enormous efforts to establish and provide these very
important training and outreach programs directed to fusion center
personnel. The Global Justice Fusion Center Guidelines published by
DHS, DOJ, and participating state and local governments require fusion
centers to create policies to protect the civil liberties of our
citizens. Fusion centers have to adhere to these guidelines in order to
receive Federal grants. Also, all four regional fusion center
conferences last year had plenary sessions addressing these issues. The
National Fusion Center conference, held last week in Destin, Florida,
brought subject matter experts from across the United States, including
from the Department's Office for Civil Rights and Civil Liberties, and
one of the issues discussed was privacy and civil liberties. In
addition, all Federal intelligence officers assigned to fusion centers
must comply with the policy obligations of their agencies concerning
annual training requirements on the procedures that must be followed in
handling U.S. Person information, as well as abiding by the privacy
guidelines of the information sharing environment. To that end, we will
continue to work closely, within the Department, with the Office of the
General Counsel, the Office for Civil Rights and Civil Liberties, and
the DHS Chief Privacy Officer, and, outside the Department, with the
President's Privacy and Civil Liberties Oversight Board, the
Information Sharing Environment Privacy Guidelines Committee, and other
Federal partners to ensure adequate oversight in these areas and to
identify where additional training opportunities exist, so that all
fusion center personnel understand and abide by the appropriate
guidelines.
Madam Chairwoman, the last time I appeared before the Subcommittee,
you shared your three priorities with me: information sharing with
first preventers; the potential for radicalization within our society;
and finding ways to reduce the overclassification of intelligence. As
you know, I share your concern in these three areas. I will now
describe how the SLFC program and other key initiatives in our proposed
FY 2008 budget will emphasize those priorities.
Information Sharing with First Preventers
New Director of National Intelligence (DNI) Mike McConnell recently
set forth his vision to the Intelligence Community for information
sharing, stating that we all share a ``responsibility to provide.''
When I last spoke with you, I pledged that DHS Intelligence would set
the standard in this area. Our fusion center program and other
initiatives in our FY 2008 budget underscore the importance I place on
supporting the programs and technology required to increase our
contributions to information sharing, especially with first preventers.
The Department created the State and Local Fusion Center program,
part of the larger national network of fusion centers, nine months ago,
working closely with both the DNI and DOJ. As you know, the program
embeds DHS homeland security intelligence professionals into state and
local fusion centers to share information, collaborate on analysis, and
identify information of intelligence value. My officers continue to
work with the intelligence officers of DHS operating components, with
our partners at the FBI, and with the national Intelligence Community
to move tailored, timely, and actionable intelligence out to the fusion
centers. The result is better reporting and validating of actionable
information both to our state and local partners and to the
Intelligence Community.
We are beginning to realize the benefits of the strengthened
relationships the State and Local Fusion Center program is creating
with our non-Federal partners. For example, we recently assisted a west
coast fusion center in developing what at first appeared to be a
tenuous connection with extremist activity. We were, however, able to
establish a solid link to extremist activity operating outside of the
United States by connecting information from local investigators with
our senior DHS intelligence analysts.
The State and Local Fusion Center program to deploy our
intelligence analysts to fusion centers around the country is
progressing well, although I will look for opportunities to accelerate
the deployment of additional officers. So far, we have deployed 12
officers to 12 fusion centers around the country; we are in the process
of identifying the next five officers to deploy. We will continue our
aggressive schedule to deploy at least 35 officers by the end of FY
2008, and we are continuing to conduct assessments to determine which
centers have the greatest need. Madam Chairwoman, I fully expect to
meet that goal.
We also realize there is a major need to provide the physical
infrastructure and information management technology to share
intelligence reporting and analytical products. At the controlled or
sensitive but unclassified level, we have established a pilot program
capability, under the Homeland Security Information Network (HSIN),
that includes an intelligence portal where we comprehensively post both
intelligence reporting and analytical products at the controlled
unclassified level. We plan to expand this portal to allow for email
exchange for states to collaborate while being protected from
intrusion. At the SECRET level, my Office, in full coordination with
the Department's Chief Information Officer, is deploying the Homeland
Secure Data Network (HSDN) to the fusion centers. In an unprecedented
move for the Federal government, the Department is giving state and
local officials direct access, in their own facilities, to this network
so they can receive reporting and email not only from the Department
but also from the rest of the Intelligence Community. In other words,
state and local officials will have access to and operate on the HSDN
network, just like intelligence analysts at the Federal level. The
establishment of the HSIN portal (controlled unclassified level) and
the deployment of HSDN (SECRET level) are major steps forward in
increasing the connectivity between DHS Intelligence and our partners
at the state and local level.
Using these mechanisms, we are piping information into the State
and Local Fusion Centers at levels that before were not available to
non-Federal partners. This information includes international events
and incidents that are of concern from the standpoint of lessons
learned and situational awareness. For example, we recently provided
information and updates to fusion centers on the India train bombing,
the Iraq chlorine attacks, and a white powder scare at Rolla, Missouri.
I share many of the concerns expressed by the Subcommittee at my
last hearing about creating a sustainable fusion center capability at
the non-Federal level. DHS, in partnership with DOJ, is a major
supporter of these fusion centers through our grants and accompanying
technical assistance and training process, and in providing classified
infrastructure, such as secure telephones and fax machines, HSDN
terminals, and SECRET clearances to non-Federal homeland security
professionals. At the same time, we must look to the future and, with
our non-Federal partners, determine how to build both the Federal and
non-Federal parts of the President's national integrated network of
fusion centers in such a manner that this capability will remain
robust, effective, and efficient throughout the protracted campaign
against those who seek to harm the United States. In order to support
the capability of the fusion centers, I am considering how the Federal
government could use retired annuitants--retired intelligence officers
who are experienced in intelligence analysis and production. We are
reviewing this approach and will assess its feasibility.
Radicalization
Chairwoman Harman, you recently remarked about the threat that
homegrown radicalization poses to our communities. I sincerely share
this concern, as does the Department and the broader Intelligence
Community, especially the FBI. In fact, my office has followed suit
with other Intelligence Community agencies that have realigned their
analytical core to focus on radicalization. I am proud to convey that
we are beginning to map out the phenomenon in its various domestic
forms. This is part of my larger goal of developing indicators for
radicalization, which will act as strategic warning when disseminated
to state and local partners so they can determine the best ways to
alleviate the threat. To assist with their efforts, the Radicalization
and Engagement Working Group within DHS is developing a battery of
programs and best practices to effectively counter radicalization,
which will be available to our non-Federal partners.
My Office's branch that analyzes radicalization has undertaken a
study of each region in the United States and the threat radicalization
poses. Our assessments of radicalization are being conducted in a
phased approach, examining radicalization dynamics in key geographic
regions throughout the country. Our first phase assessed radicalization
in California and the New York/New Jersey area, and our second phase is
assessing the Midwest and the National Capital Region.
Each regional assessment begins by framing the issue particular to
that state or region. First, we examine national-level intelligence
reporting and open source information. We then take those findings and
share them during face-to-face meetings with our Federal partners,
including the FBI and the Federal Bureau of Prisons, as well as state
and local law enforcement, intelligence, and homeland security
professionals to gain their insights. These regional studies will form
the basis of a national radicalization study that lays out the first
ever baseline of this threat to homeland security.
As you can see through our methodology, our approach to
radicalization is indicative of my commitment to engage our
intelligence colleagues in the state and local fusion centers as
equals, as we address this particularly challenging issue. My
radicalization team has been on the road many times in the past year,
including attending the national conference in Florida I alluded to
earlier, in order to meet with experts in your constituencies and
solicit their involvement in our analytic efforts. I previously
mentioned the results of the strong partnership with the state of
California and similar relationships are supporting our work in all of
our regional assessments.
Overclassification
A number of the Committee's members have remarked on the challenges
that remain in being able to disseminate intelligence to those who need
it--especially state and local partners. Foremost among those
challenges is a continuing proclivity toward overclassifying
intelligence. As a long-standing senior officer of the Intelligence
Community, I have fought against this tendency throughout my career
while consistently ensuring that we protect our intelligence sources
and methods to avoid harming our national security. As I noted
previously, I look forward to working on this issue with the Committee
in no small part because my primary customers, whether in the
Department or in the states or private sector, require intelligence
shared with them at the UNCLASSIFIED or at most SECRET levels. I will
always ensure we share threat information with those consumers that
require it--and my staff and I are working hard to institutionalize the
DNI's principle of ``responsibility to provide'' in our own efforts to
support this approach throughout the community. I believe the
Information Sharing Environment Program Manager, in implementing the
President's guidelines, is taking numerous steps forward in this area,
and I will continue to support him.
Within the Department, I have a strong production management team
working to disseminate our finished intelligence at the lowest level
possible to ensure wide accessibility by those who need it to secure
our homeland. As I noted before, we made investments and will continue
to invest in laying the connectivity at both the Controlled
UNCLASSIFIED level through HSIN (and especially our HSIN-Intelligence
portal, which has proven to be a success) and at the SECRET level
through HSDN. Equally as important, I have instructed my analysts to
``write for release'' at the lowest possible level and to work with our
partners in the Intelligence Community to release information they are
providing to levels accessible for our customers.
Much work remains to be done--the President's guidelines lay out
the roadmap for much of our efforts in this area. Within the
Intelligence Community, DNI McConnell's principle of ``responsibility
to provide'' further directs our approach. I will work closely with
Mike McConnell and with you to ensure we are providing the right
information to our customers on a timely basis to secure our homeland.
While today I am focusing on the State and Local Fusion Center
program and other key activities that intersect with the priorities you
laid out for the Subcommittee, I want to emphasize that our FY 2008
program provides capabilities in all of our mission areas. The program
includes new initiatives such as our Domestic Open Source Intelligence
Enterprise, our partnership with U.S. Citizenship and Immigration
Services via the new National Immigration Information Sharing Office,
and our work to support border security through the Integrated Border
Intelligence Program. I ask for your continued support for the full
range of capabilities and initiatives included in the FY 2008 budget--I
will need this program fully funded in order to deliver on the pledges
I made to you, the Secretary, the DNI, and to the country. Before I
conclude, I would like to touch on a few final areas that are
imperative to our success.
Risks
In my February 14 testimony, I shared with you three risks that are
having deleterious effects on our ability to provide results:
recruiting and retention; integration; and facilities. While I remain
concerned about all three, today I want to focus on a key aspect of
integration: the challenge of providing sound management of the
Department's intelligence investments, including the SLFC program.
As you know, we have seven components in the Department with
intelligence programs, collectively called ``the DHS Intelligence
Enterprise.'' We also have a host of places in the Department
undertaking intelligence-related activities, some of which are
programmatically positioned outside the intelligence components. The
Secretary has charged me, as Chief Intelligence Officer, to advise him
on the intelligence investments in the Department to ensure we are
making effective and efficient investments in our intelligence
capability.
To this end, I am working aggressively to gauge accurately the
cross-departmental component expenditures on intelligence. The first
ever DHS Intelligence program reviews conducted last year were an
important step toward gaining a baseline understanding of the
intelligence component investments across the Department. These program
reviews, as well as information gathered in partnership with the Chief
Financial Officer during the Resource Allocation Plan process last
year, provided a fair amount of visibility into the total departmental
planned expenditures in the intelligence components. This year, I will
again conduct intelligence program reviews and will again, in
partnership with the Chief Financial Officer during the Resource
Allocation Plan (RAP) process, gather information on planned
investments in the intelligence components. The outcome of this year's
activities will enable my staff to validate the results of the previous
year's analysis. After this second set of program reviews and the FY
2009 RAP process, I will be able to provide a more accurate estimate of
the current and planned expenditures of the DHS Intelligence
Enterprise.
One of the challenges I am facing is that because the intelligence
expenditures across the Department are not necessarily tracked at the
program level--some operating agencies, for example, do not line item
their intelligence component budgets--the final analysis will still
only produce an estimate of investments. Similarly, because some
agencies have intelligence resources that are organizationally distinct
from their component intelligence program, these intelligence
investments are difficult to estimate at the current time. As a result,
I am still not able to provide the level of accuracy I prefer in my
recommendations to the Secretary on current and proposed intelligence
investments across the Department. I am working with the Secretary to
improve our methodology toward this challenging and important issue,
and I will continue to update the Subcommittee on my success in
instilling an integrated approach to managing the Department's
intelligence investments.
Conclusion
The United States and its allies are engaged in a continuing,
global struggle against a broad range of transnational threats. Our
nation's communities face the threat of terrorism, of cross-border
violence fomented by illicit narcotics trafficking and alien smuggling,
and other threats apart from terrorism. While DHS Intelligence is a
modestly-sized program, we are undertaking vitally important
initiatives, such as the State and Local Fusion Center Program, to
accomplish the Department's mission of preventing and mitigating these
threats. The success of these initiatives is based on the degree to
which DHS Intelligence sets the standard for inclusiveness, access, and
collaboration with all of our partners.
I can assure you that DHS Intelligence will be relentless in its
pursuit of excellence in supporting the homeland security mission. With
this budget, we will exceed past accomplishments and levels of customer
service and collaboration--our ``responsibility to provide.'' At the
same time, we will ensure that our intelligence programs protect the
civil rights and civil liberties of all Americans. Our nation--our
communities, our families, our way of life--deserves nothing less.
Ms. Harman. I yield myself 5 minutes for questions.
You just mentioned that there will be growth in State and
local representation at the ITAG, which is now renamed or will
be renamed the Federal Coordination Group.
Did you say that? Am I correct?
Mr. Allen. That is correct, the Federal Coordinating Group.
The Information Sharing Environment Program Manager has decreed
that is the name. At least, when I saw him on Monday, I think
that is what we called it.
Ms. Harman. Okay. Well, the name is less important than the
function. We can agree on that.
My question is what you mean by growth in State and local
representation. Why can't the entity start with more than one
law enforcement officer, which I think all of us here would
believe is important.
Mr. Allen. As we finish our concept of operations and as we
work out the roles and responsibilities in that concept of
operations, I think you will find that there will be more
representatives than, say, one, and I do not know where the
issue of ``one'' came from, but we are going to work with the
chiefs of major cities' police. We are going to work with the
global justice--I cannot remember the name--the Global Justice
Committee, in order to ensure that we get the fullest input
because we want the State and local representatives to
represent all of the State and local fusion centers and local
police departments at large, that we do not look each of the
cities and other fusion centers and send in officers at the
local level. We want people there who can help our Federal
intelligence analysts understand what is important. Can it
advise Federal analysts? You know, this foundation document on
terrorism techniques, tactics and procedures, that is going to
be very helpful at the local level, and so these people are
going to be very crucial to our performance.
Ms. Harman. Well, you are talking the talk, but I urge you
to walk the walk. I would strongly recommend that more than one
law enforcement officer be part of the initial group of people.
Surely, there is more than one qualified law enforcement
officer you could include, and I would hope they would be
recommended by the State and local groups, themselves, not by
you. I mean, that does compromise the idea, but also, if you
call this the Federal Coordinating Group, I think that may send
the wrong message, too. I think the point is to improve
information sharing and to help get the perspective from State
and locals on what products would be useful and what insights
they have.
So I do not want to name the thing, and I am not sure I
recall what ``ITACG'' stood for, but the point is to take
advantage of the talent pool out there, and I think you will
agree with me, so I urge you to take advantage of more of the
talent pool out there.
Let me turn to a couple of other subjects that you raised.
You were talking about these guidelines for civil liberties
that the Justice Department has.
My question is: Are these guidelines mandatory or
voluntary?
Mr. Allen. These guidelines are recommended by Justice, by
our own department, working those guidelines out with State and
local. We believe that State and local fusion centers will
follow these guidelines because they understand it is very
important that they meet high standards for the protection of
civil liberties, and I think, you know, that would affect our
opinion and our assessment because, before we put officers into
any fusion center, I send at least three or four officers out,
and they spend several days evaluating how that center is
forming, and that is one of the places where they put a lot of
emphasis.
Ms. Harman. Right.
Mr. Allen. They have to meet those standards.
Ms. Harman. Well, I will just point out that H.R. 1, which
has passed the House and has passed the Senate just this week
in a different form--H.R. 1 does include a provision that would
make those mandatory. Obviously, we share the goal of making
sure that they are the right standards and that they are
followed.
Finally, let me ask you about budget. I understand that the
budget is classified. I am not asking you to reveal any details
of it, nor will we, but you said it would be a challenge to
meet your goal of getting personnel into 40 fusion centers.
Could an increase in budget be helpful in that regard?
Mr. Allen. My view is, when we formed our program for
fiscal year 2008 through 2012, I had just arrived. We had begun
a number of new initiatives. We had not embedded anybody. We
did not have a State and local program office. We now have
that. As you know, we have started a number of other new
initiatives within DHS intelligence. I think we are going to be
very challenged. It may require me to reallocate dollars within
my overall budget in order to meet some of these demands such
as the State and Local Government Office. There are other
initiatives of which your staff has been briefed that will
require additional resources.
Ms. Harman. Right. So I am not sure whether you said
``yes'' or ``no,'' but let me just--my time has expired.
Would additional resources be helpful?
Mr. Allen. We always welcome additional resources.
Ms. Harman. Thank you. Thank you. I appreciate that.
I now yield 5 minutes for questions to the Ranking Member.
Mr. Reichert. Thank you, Madam Chair. That is the same
answer the sheriff would have given to the county council. You
always can use more resources.
As we look at the ITACG, and you look at bringing local law
enforcement in, are you experiencing any resistance to
volunteers or people who might be interested in that position?
Mr. Allen. I do not think there is going to be any shortage
of people wanting to come to Washington to work at Liberty
Crossing to help in sanitizing, taking away sources and methods
if need be and pushing the information out hopefully at
official use or sensitive but unclassified or law enforcement
sensitive levels down to there or, if need be, at secret
levels. I think we are going to have a surfeit of people
wanting to do this. I know that a number of cities have
volunteered to send officers. Dave Cohen in New York has done
so.
Mr. Reichert. Good. I do agree that the opportunity would
be one that a local law enforcement officer would love to
participate in, but more toward the budget side in
consideration for those other cities that might have a little
bit smaller police force, these are positions that are
volunteered to the Federal Government to serve in this capacity
on a temporary basis; is that correct?
Mr. Allen. That is correct.
Mr. Reichert. Is there any Federal reimbursement at all to
the local agency providing the body?
Mr. Allen. We have not worked that out, but I certainly
would think that that would be appropriate to reimburse, to pay
for their moving expenditures and what have you, because it
seems to me, if we are going to have a ``Federal Coordinating
Group,'' we ought to reach out and give a helping hand to those
coming from State and local governments.
Mr. Reichert. Would the wages be a cost that might be a
burden that the Federal Government carry or would that still
apply to the local agency?
Mr. Allen. We have to work that out. That is a policy
decision yet to be reached, and we have to do that in
cooperation with the DNI--with the Director of National
Intelligence--as well as with the FBI.
Mr. Reichert. I do know there has been some resistance to
fund positions at fusion centers and joint analytical centers
and JTTFs. Do you know if there has been any further discussion
on whether or not monies could be found maybe within the grants
and training?
Mr. Allen. I think we can look at our grants and trainings
because we know that grants and training funds can be used, for
example, by the fusion centers to hire analysts. They can hire
contractors to come in as analysts, and they actually can use
some of the grant monies to actually train those analysts in
analytic trade craft, so I will have to look into it, but there
is flexibility there.
Mr. Reichert. It has been one of the big issues that local
law enforcement agencies in cities and counties across the
country have expressed over and over again, you know, removing,
as I said in my opening statement, resources from a gang unit,
for example, to participate in a fusion center experience,
where I think that their input and participation is absolutely
vital for the success of that fusion center or analytical
center.
Just to touch on the privacy issue very quickly, to your
knowledge, have there been any demonstrated privacy or civil
liberties issues with any of the fusion centers?
Mr. Allen. I cannot speak for all of the fusion centers,
because there are areas where we really have not visited some
of the fusion centers. We certainly have visited the State of
Washington, as you know.
Mr. Reichert. Yes.
Mr. Allen. But where we have officers embedded, we have
asked them to report any concerns they may have, and in the
twelve fusion centers, we have received no reports of any
concerns. That is certainly going to be part and parcel of
sending officers to the fusion centers, all of the civil
liberties and privacy rules and guidelines we expect those
centers to follow.
Mr. Reichert. One last question in my minute, remaining.
Are you aware of the policy or the request that the Federal
Government has made for phone records of American citizens? Are
you familiar with that? It was an issue about 5 or 6 months ago
or so.
Mr. Allen. I am not familiar with any requests.
The Department of Homeland Security, our Customs and Border
Patrol and Transportation Security Administration and
Immigration and Customs enforcement can collect information. In
my own office, we do not collect information. We get the
information that they provide, but all of the information is
collected lawfully at ports of entry.
Mr. Reichert. Okay. I yield.
Ms. Harman. Thank you, Mr. Reichert.
I would just note that there are programs. There is a
program that involves the collection of some phone records, but
it is not administered by the Department of Homeland Security;
it is administered in other ways, and much about that program
is classified, and certainly, I would hope that all of it
complies fully with our law. Let me just leave it there.
The Chair now recognizes for 5 minutes the gentleman from
Washington State, Mr. Dicks.
I would just note for the record that we do plan to come to
Washington State for a field hearing. Both the ranking member
and Mr. Dicks will be part of that hearing if we can find a
mutually convenient date. We are also going to Los Angeles on
April 4th and 5th to revisit the JRIC, the Joint Regional
Intelligence Center, and hold a field hearing on radicalization
and information sharing, and we will be meeting, Charlie, with
your detailee out in Los Angeles at that time.
Mr. Allen. Yes. The Secretary has asked me to try to attend
that if I could.
Ms. Harman. Wonderful. We will welcome you. We had thought
you were unavailable, but that would be great.
Mr. Allen. I will look at my schedule. I would like to make
that.
Ms. Harman. Terrific.
Now, Mr. Dicks, you are recognized for 5 minutes.
Mr. Dicks. I think this fusion center idea is a good idea.
I mean I am very supportive of this, and I am glad that we have
gotten started with twelve, and we are going to build this
national network.
Could you provide some specific examples of how fusion
centers have improved homeland security and how your staffs
present at fusion centers has made things better?
Mr. Allen. Yes, sir.
For example, when the President talked about some of the
disrupted terrorist plots, the library tower in Los Angeles was
mentioned as one plot where Khalid Sheik Mohammed had planned
that. That was not pre cleared, necessarily, directly with the
Mayor of Los Angeles. It was cleared at many levels below that,
but our having an officer embedded there to talk quickly to all
of the officials at the senior levels I think helped ease some
of those pains.
The point is we get every day, as you know, Congressman
Dicks, threats. I got one last night which I called home on,
and we are able then to--most of them are rumors or non
credible. There are some that are credible. We are able to
separate the wheat from the chaff, and having that officer
there with a secure phone or a secure data network makes all of
the difference in the world, and we have been able to do it
with UNIRIC up in New York and other places.
Mr. Dicks. And the way the thing is structured, you have
these fusion centers out there in the local communities, and
then you have your--what do you call it?
Mr. Allen. We have the homeland security data network,
which is a secret level that has all of the robustness of a
Department of Defense supernet capability.
Mr. Dicks. And then you have an office here in Washington,
D.C.; is that correct?
Mr. Allen. We are forming--yes, we have a State and local
government program office that is now being properly classified
and so forth at the various levels, and we are selecting a
senior officer to head it.
Mr. Dicks. And so the idea is for information to move both
directions--out to the states and locals from here and then
information from there coming back here?
Mr. Allen. Absolutely. My Deputy Assistant Secretary for
Intelligence this morning told me that her senior intelligence
officers--and we have quite a number of them--are receiving
every day calls from State fusion centers, not just where we
have embedded officers but around the country. They have our
number, and they are calling us if they have concerns.
Mr. Dicks. And you said you have a data transmission system
linked up, too, right?
Mr. Allen. Absolutely, at all of the places except the
upper New York regional intelligence center, and that will be
in within a month. I discussed that yesterday to get that up to
Colonel Bart Johnson.
Mr. Dicks. And you have a plan to go to how many, 36?
Mr. Allen. We want to put people out in 35 plus, and as the
chairwoman said, we are going to be challenged to get that all
out there by the end of fiscal year 2008.
Mr. Dicks. That is your goal is to try to do it by 2008?
Mr. Allen. Yes, sir.
Mr. Dicks. And that is where the possibility of additional
funding would maybe help to do that?
Mr. Allen. We have undertaken a number of new initiatives
that your staff has been briefed on, and we probably are going
to have another new initiative coming on, perhaps on
counterintelligence, that will require some money, which I am
doing in conjunction with the Director of Security. So, yes, we
are taking on some real initiatives, sir, that I think are
needed.
Mr. Dicks. Give me an example of where you would be
concerned about civil liberties and, you know, how you would
want to safeguard them.
Mr. Allen. Hypothetically, I could say, having lived
through a bit of Vietnam and knowing some of the abuses that
occurred then where people went out and not only videotaped or
filmed any war demonstrations but tried to get additional data
on those people--if it is a peaceful protest where there is no
reasonable belief under Executive Order 12333 that any of these
people are planning any interference activity against the
United States at any level, I always think that that would be
an abuse. You do not do that. People have the right to protest.
Mr. Dicks. We had some protest out in the State of
Washington just last weekend at the Port of Tacoma regarding,
you know, Stryker vehicles being sent to the war in Iraq. I
mean, these are all going to be judgment calls that people are
going to have to make, and that is why you are emphasizing the
training aspect of this.
Mr. Allen. If we do not have training, there will be
abuses. If we do not have training at the local and State
levels and they do not meet Federal standards and guidelines, I
think there will be abuses, so I think we have to work
rigorously at the training part.
Mr. Dicks. Is there a set of required people in a fusion
center or do we kind of make it up as we go in each area? I
heard the idea of one law enforcement person, but I mean, who
is supposed to be in the fusion center, and I know you are
going to have your representative there, but who else would be
in one of these existing centers?
Mr. Allen. Some of these are collocated with the Joint
Terrorism Task Force of the FBI. Some are located at Emergency
Operations Centers. Some are located with State police. So we
have a variety of people. They bring people--
Mr. Dicks. So there is no set--
Mr. Allen. No, because there is no one cookie cutter
approach to State and local fusion centers. These have grown up
as a result of 9/11, and the people at the local level are
feeling that they had to have a more coordinated way to look at
problems within their own communities.
Mr. Dicks. Thank you.
Thank you.
Ms. Harman. Thank you, Mr. Dicks.
The Chair now recognizes for 5 minutes the gentleman from
Pennsylvania, Mr. Dent.
Mr. Dent. Thanks, Madam Chairman.
Nice to see you again, Mr. Allen. The question I have is
the House Appropriations Committee is proposing an additional
$35 million in the fiscal year 2007 supplemental for the
expansion of the fusion center initiative.
How is this funding level going to help you expand and
strengthen the program, including privacy and civil liberties
programs?
Mr. Allen. Well, Congressman, as you know, that would be an
action taken by House Appropriations.
Mr. Dent. Correct.
Mr. Allen. It is not part of the President's budget or the
Secretary's budget that we submitted.
As I said, we will be very challenged to meet some of our
goals. We actually will be able to meet our goals, but we may
not be able to fulfill all of our other initiatives. So, you
know, it is your wisdom as to how to allocate any additional
funds. We certainly are not going--I certainly cannot say
truthfully to you that I am going to be very much squeezed, and
I believe the State and local fusion center initiative is so
important that I am willing to sacrifice other initiatives, if
necessary, to meet the goal of embedding officers at 35 major
fusion centers by the end of fiscal year 2008.
Mr. Dent. Well, thank you for that answer.
How would you work to increase public awareness through
outreach between fusion center personnel and key community
leaders to help create that trust between law enforcement and
communities on this whole fusion center issue?
Mr. Allen. Well, certainly at State and local fusion
centers and with the major police departments where we also do
a close liaison both in New York and out in Los Angeles, for
example. Those centers and those police departments do have
outreach programs to the local community. Part of our problem--
part of our challenge, of course, is to get our officers out
and serving and explaining the kind of information we can
provide to help keep the community safe. We have officers who
are very active in some of the centers and who know all of the
key players within the community, and the information we
provide is threat warning, threat assessment and these more
foundational documents, so I think we are building a center of
trust down there. The State and local fusion centers have a
prime responsibility for outreach to their local communities.
Mr. Dent. Thank you, and thank you again for your
extraordinary service.
I yield back.
Ms. Harman. Thank you, Mr. Dent.
I am not sure whether members are interested in a second
round of questions or not. Is anyone interested in asking some
more questions?
All right. Well then, we will need a few minutes to move to
our second panel, but I just would like to say to you, Mr.
Allen, that your careful answers to our budget questions are
noted, but we believe that it would be helpful to give you some
resources to make this fusion center concept a more effective
one. Fusion centers are the way not only to share information
vertically, which has been drawn out in this conversation, but
also to share information horizontally at the local level, and
that was something that the members who went to the MCAC in
Baltimore learned on Monday, and I actually saw one of the
products that is used, which was fascinating because it had
information in this Baltimore document about some activity that
could be happening in Los Angeles early next week, and that
information was being shared with the Joint Regional
Intelligence Center--the JRIC--of the fusion center in Los
Angeles, and so, if we do this right, information will flow
seamlessly, as we say, on a horizontal basis at the Federal
level, but also seamlessly vertically and seamlessly among the
State and local fusion centers, and that will maximize the
chance, I hope, that we will connect the dots the next time
before any attack on U.S. interests or U.S. persons. So this is
very promising. We know that you are our partner in this, and
all of us here are dedicated to making this succeed.
Thank you for your testimony.
Mr. Allen. Thank you, Madam Chairman.
Ms. Harman. Mr. Reichert, do you have anything to add?
Mr. Reichert. What the Chairwoman said. Thanks.
Ms. Harman. This is a lovely exercise in bipartisanship.
Thank you, Mr. Allen.
Mr. Allen. I am very grateful.
Ms. Harman. Are we ready? Okay. The subcommittee welcomes
the second panel of witnesses.
Our first witness, Daniel Sutherland, is the Department's
Officer for Civil Rights and Civil Liberties. Mr. Sutherland
provides advice to Secretary Chertoff and to the senior
officers of the Department on a full range of civil rights and
civil liberties issues. He has been a civil rights attorney
throughout his legal career, serving 14 years with the Civil
Rights Division of the Justice Department and nearly 2 years
with the Office For Civil Rights at the U.S. Department of
Education.
Our second witness, Hugo Teufel is the Department's Privacy
Officer. Mr. Teufel has primary responsibility for privacy
policy at the Department that includes ensuring that the
technologies used by the Department are privacy-compliant,
conducting privacy impact assessments of proposed rules at the
Department, assuring that the Department, itself, complies with
the Privacy Act, and reporting to Congress on the activities of
the Department that affect privacy.
Before joining the Privacy Office, Mr. Teufel served as the
first Associate General Counsel for General Law at the
Department. He also previously served as the Associate
Solicitor for General Law at the Department of the Interior.
Ms. Harman. Without objection, the witnesses' full
statements will be inserted in the record. I now ask each
witness to summarize his statement for 5 minutes beginning with
Mr. Sutherland.
Welcome.
STATEMENT OF DANIEL W. SUTHERLAND, OFFICER FOR CIVIL RIGHTS AND
CIVIL LIBERTIES, DEPARTMENT OF HOMELAND SECURITY
Mr. Sutherland. Thank you, Chairwoman Harman and Ranking
Member Reichert. It is a pleasure to testify alongside Hugo
Teufel, who has been a good colleague and friend for a number
of years at the Department, and our offices work closely
together, and we hope that that comes across today as we talk.
I just wanted to describe at the beginning the purpose or
mission of our particular office in accordance with 6 USC 345,
the statute that creates our office. Our mission is to assist
our colleagues in the Department of Homeland Security to secure
our country while also preserving our freedoms and our way of
life. In essence, we are providing guidance to our colleagues
at the intersection of homeland security and civil rights and
civil liberties. We, therefore, have the opportunity to work
closely with every DHS component. I recently looked at the
organization chart for the Department and noted that we have a
project with essentially every box on the organization chart,
and I am sure that that is the same with the Privacy Office.
We also work with field offices around the country. We
worked on nearly all aspects of the issues and the homeland
security effort from the Hurricane Katrina recovery to the
operation of Watch List to the immigration policy to the
training of our workforce.
We believe that our work is supported by our other
colleagues in the Department because we try to provide
constructive and proactive advice that allows them, our
colleagues, to do their work in the most effective way
possible. Our work has also been welcomed by our colleagues
outside of government as demonstrated by our frequent
collaborations with civil rights and civil liberties
organizations. We play a unique role within the Department and,
we hope, a valuable one, and we are going to continue to try to
assist our colleagues as we sort through the issues again that
are at the intersection of homeland security and civil rights
and civil liberties.
Because our office is relatively small, we realize that, to
use a sports analogy, we have to ``punch above our weight,''
and one of the ways that we have decided to expand our
influence is to work on training issues, and we have created a
program we call Civil Liberties University, which is basically
a program to provide high-quality training on a wide range of
topics. Through Civil Liberties University, we have developed a
video that emphasizes the elements of the National Detention
Standards for protecting immigrant detainees. We have a multi-
hour instructional video on how to screen people with
disabilities at airports.
We have done training on Constitution Day to try and
emphasize the value of the Constitution. We have also developed
written materials on how to screen people who wear religious
head coverings, for example, people who are Sikh or people who
are Muslim. We have also developed materials on people who are
Sikh who carry the kirpan--a ceremonial, religious dagger--and
a number of other issues like that.
We have just released an intensive training DVD on the
issue of how to relate to Arab and Muslim travelers, travelers
from the Arab and Muslim world or Arab Americans and Muslim
Americans. It is a training that involves insights from four
experts--one a Muslim woman who is on the National Security
Council, one a Muslim Federal prosecutor, one a member of a
civil rights organization that represents Arab and Muslim
community interests, and one a prominent Islamic scholar. We
have also developed training on the issue of racial profiling,
racial or ethnic profiling. When can you use race or ethnicity
in the course of law enforcement activities? It is a tutorial
that our people take, and they have to pass certain tests as
they go through the training.
So the bottom line, I think, is that we have decided that
training is a way that we can help make an impact on something
that is really being welcomed by our colleagues across the
Department. So, just for the better understanding of the role
of the office and our training program, I just want to make a
couple of comments about fusion centers.
Just one week ago today, as you mentioned, we had the
National Fusion Center Conference, and Secretary Chertoff at
that conference said that the protection of civil liberties
must be a priority, and he outlined the Department's vision in
fusion centers, including the need to develop thoughtful tools
and measures to safeguard privacy and civil liberties. So,
again, I think we are all on the same page in terms of the
priorities of these issues. Our office has worked on a number
of issues regarding fusion centers. For example, just last week
at the conference, we delivered or made available over 600
copies of that Arab and Muslim culture video training to
members of the fusion--to people involved in fusion centers
around the country. We have also worked on different policy
documents that have been developed over the past years.
We know that fusion centers will face a number of issues
with regard to civil rights and civil liberties. I have
outlined a few of those concerns in my written statement, and I
can certainly go over them during the question and answer
session, but we just want to make clear that the Office of
Civil Rights and Civil Liberties stands ready to assist our
colleagues in fusion centers around the country as we have
worked with our colleagues within our own department to try to
help meet the challenges that they face at the intersection of
civil rights and civil liberties in homeland security. I thank
you for the opportunity to testify.
Ms. Harman. Thank you very much.
[The statement of Mr. Sutherland follows:]
Prepared Statement of Daniel W. Sutherland
Introduction
Chairwoman Harman, Ranking Member Reichert, and distinguished
Members of the Subcommittee: Thank you for providing me the opportunity
to testify today. The work undertaken in fusion centers across the
country will be most successful when it is done in a way that respects
America's rich Constitutional history. My colleagues in the Office for
Civil Rights and Civil Liberties and I look forward to working with
this Subcommittee to ensure that fusion centers reach that highest
level of effectiveness.
Mission of the Office for Civil Rights and Civil Liberties
In accordance with 6 U.S.C. Sec. 345, the mission of the Office for
Civil Rights and Civil Liberties is to assist the dedicated men and
women of the Department of Homeland Security to secure our country
while preserving our freedoms and our way of life. We assist our
colleagues in four ways:
We provide proactive advice on a wide range of issues,
helping the Department to shape policy in ways that are mindful
of civil rights and civil liberties;
We investigate and facilitate the resolution of
complaints filed by the public regarding Departmental policies
or actions taken by Departmental personnel;
We provide leadership to the Department's equal
employment opportunity programs, seeking to make this
Department the model Federal agency; and,
We serve as an information and communications channel
with the public regarding these issues.
In essence, we provide advice to our colleagues on issues at the
intersection of homeland security and civil rights and civil liberties.
We therefore have the opportunity to work closely with every DHS
component, both in Washington, D.C., and in many field offices across
the country. Our Office has been involved in nearly all aspects of the
critical issues facing the homeland security effort--from the Hurricane
Katrina recovery, to the operation of watch lists, to immigration
policy, to the training of our workforce. The Office's work has been
supported by other DHS elements because we provide constructive advice
that allows the men and women of the Department to fulfill their
mission at the highest level of effectiveness. Our work has also been
welcomed by our colleagues outside of government, as demonstrated by
our frequent collaborations with leading civil rights, immigration, and
community organizations. Our Office plays a unique role within DHS,
and, we hope, a valuable one, and we will continue to assist our
colleagues to tackle complex issues in innovative and constructive
ways.
The Office for Civil Rights and Civil Liberties' Role in Training
Because our Office is relatively small (approximately one-twentieth
the size of the Department of Justice's Civil Rights Division, for sake
of comparison), we realize that we must, to use a sports analogy,
``punch above our weight.'' One of the ways we have expanded our
influence is by creating ``Civil Liberties University,'' a program to
provide high-quality training on a wide range of topics. Through Civil
Liberties University, we have developed: a training video that
emphasizes elements of the National Detention Standards, a multi-hour
instructional video on how to screen people with disabilities at
airports; and, training to commemorate Constitution Day in 2005 and
2006. We have also developed educational materials on how to screen
those who wear religious head coverings, and how to screen those of the
Sikh faith who carry a kirpan, or ceremonial religious dagger. We have
just released an intensive training DVD for DHS personnel who interact
with Arab Americans, Muslim Americans, and people from the broader Arab
and Muslim world. The training includes insights from four experts--an
Assistant United States Attorney who is Muslim, a member of the
National Security Council who is Muslim, a scholar of Islamic studies,
and a civil rights attorney who advocates on issues of concern to Arab
American and Muslim American communities. This training program has
been applauded by communities who believe that they will be treated
with more dignity and professionalism if front-line officers understand
their cultures, traditions and values; and, by our colleagues in the
Department who have expressed a desire for such training.
Another training product we have developed deals with the issue of
racial or ethnic profiling. To achieve President Bush's goal to
eliminate racial profiling, the Department of Justice issued ``Guidance
Regarding the Use of Race By Law Enforcement Agencies'' in 2003.
Subsequently, then-DHS Secretary Ridge issued a memorandum underscoring
DHS's commitment to race neutrality in all law enforcement activities.
In the wake of the London bombings in July 2005, and the arrests in
London this past August, Secretary Chertoff reiterated DHS's commitment
to ensuring full implementation of the DOJ Guidance. To implement these
commitments by the President and the Secretary, our Office has worked
with the Federal Law Enforcement Training Center (FLETC) to restructure
and strengthen the curriculum taught to law enforcement officers on
this topic. Moreover, Civil Liberties University also has training on
this topic: ``Guidance Regarding the Use of Race for Law Enforcement
Officers,'' a tutorial on the DOJ Guidance and the DHS policy. These
materials are now available to DHS law enforcement employees in CD-ROM
or via on-line web-based training formats.
Civil Liberties and Fusion Center Information Sharing
With a better understanding of the role of our Office and our
training program, let me address the topic of fusion centers and
information sharing. Just one week ago today, Secretary Chertoff told
the National Fusion Center Conference that the protection of civil
liberties must be a priority. He further outlined his vision for the
Department's involvement in fusion centers including the need to
develop thoughtful tools and measures to safeguard privacy and civil
liberties.
The Office for Civil Rights and Civil Liberties has been involved
in shaping the work of the fusion centers already in existence. Just
last week, our Office made available its training module on Arab and
Muslim cultures to nearly 600 fusion center directors and local, state,
tribal, and federal law enforcement officers within intelligence units
attending the National Fusion Center Conference in Florida. Last year,
our Office reviewed and concurred with the DHS Support Implementation
Plan for State and Local Fusion Centers, which included an
acknowledgement of DHS's express role in providing training and
exercises for fusion centers through its Office of Intelligence and
Analysis.
Our office also plays a role in monitoring information management
processes within DHS. In a recent memo to all DHS components, Secretary
Chertoff assigned the Office for Civil Rights and Civil Liberties, the
Office of General Counsel and the Privacy Office to work with DHS's new
Information Sharing Governance Board to ensure that privacy, civil
rights and civil liberties are fully protected in the Department's
information-management processes.
Fusion centers have been provided with some guidance on the
protection of civil rights, civil liberties and, specifically, privacy
rights. These guidelines have included policy templates for justice
information systems, with important references to the Privacy Act, the
Federal Retention Act, Executive Order 12333, and 28 CFR 23, that
States can supplement with their own statutes. Going forward, DHS is
working with other Federal agencies, on the Privacy Guidelines
Committee, to establish a process for ensuring that the policies
developed by fusion centers provide protections that are at least as
comprehensive as those provided by the recently-issued and
Presidentially approved Privacy Guidelines for the Information Sharing
Environment.
Nevertheless, fusion centers will continue to face a number of
issues with regard to protection of civil rights and civil liberties.
These issues include:
Many fusion centers support all-crimes missions and
share information related to concerns such as fraud,
racketeering, computer hacking, all hazards, disaster recovery
and other issues, not just terrorism information. The more
types of information shared, the greater the task for fusion
centers to ensure civil liberties and privacy rights are
upheld.
Likewise, the increasing demand for more actionable
information to be delivered to non-federal partners has the
potential to compound civil liberties concerns. Increased
discretionary authority may follow on the heels of demands for
such increased actionable information, thereby confusing all
parties as to who is responsible to preserve civil liberties
and what statutes--Federal, State and local--apply to the
information and actions taken.
If sunset provisions for retention of information by a fusion
center are absent, this can, depending upon what the information is
used for and what security or updating procedures apply to it, become a
privacy and civil liberties concern as ever more information is
captured, shared and stored. Where provisions and rules for retention
are in place, there is still risk that these provisions will not travel
with the systems and people who use the data.
As partnership with Federal authorities and non-federal fusion
center participants increases, there is increasing risk that the
balance between Federal and state governments is disturbed. The
Constitution creates a delicate balance between Federal and state
governments, which helps to prevent the accumulation of excessive power
in either the States or our central government. As the Supreme Court
has explained, ``The Constitutionally mandated balance of power between
the States and the Federal Government was adopted by the Framers to
ensure the protection of our fundamental liberties.'' Atascadero State
Hospital v. Scanlon, 473 U.S. 234, 242 (1985).
Finally, the accumulation of data leads to a substantial problem of
misidentifications. We have observed this problem clearly in the
context of travel screening, as many Americans have faced obstacles to
flying as a result of misidentifications with names on watch lists. The
Department of Homeland Security has acknowledged the issue from the
beginning, and worked aggressively to solve it. Most recently, the
Department has established an entirely new system to bring redress to
travelers, known as DHS TRIP. Without such redress mechanisms, there
are serious and unintended consequences to the collection of data.
Fusion Center Training and Monitoring
The Office for Civil Rights and Civil Liberties, within available
resources, stands poised to work with fusion centers to address these
and other challenges. While considering our success in training and our
track record of close cooperation with every DHS component, we will
build upon the framework established by the ISE Privacy Guidelines, and
work with DHS's Privacy Office and I&A to protect and preserve privacy
and civil liberties in the information sharing environment. Besides
assisting these offices and the Department of Justice in monitoring
fusion center utilization of Fair Information Practices, we plan to
supplement I&A orientation training for DHS participants with civil
rights and civil liberties instruction. Conclusion
I thank you for inviting me to share our thoughts on fusion centers
today and I look forward to working with this Subcommittee to address
these issues.
Ms. Harman. Now Mister--is it ``Too-fel'' or ``Toy-fel.''
Mr. Teufel. It is ``Toy-fel,'' ma'am.
Ms. Harman. ``Toy-fel.''
Would you please summarize your statement in 5 minutes.
STATEMENT OF HUGO TEUFEL, PRIVACY OFFICER, DEPARTMENT OF
HOMELAND SECURITY
Mr. Teufel. Absolutely. Madam Chair, Ranking Member
Reichert and members of the subcommittee, it is an honor to
testify before you here today. I am particularly pleased to be
appearing with my good colleague, Dan Sutherland. As the
subcommittee knows, our offices have a statutory responsibility
to work together to address privacy and civil liberties issues
in an integrated and comprehensive manner, and I want to assure
you that we do.
Because this is my first time appearing before the
subcommittee--in fact, the first time that I have ever
testified before any committee at either House--I wanted to
mention a couple--
Ms. Harman. It is a great honor, I should point out.
Mr. Teufel. Yes, ma'am, indeed.
I wanted to mention a couple more things.
When I was Associate General Counsel for General Law, I was
very lucky to have as two of my clients, my predecessor, Nuala
O'Connor Kelly, and Dan Sutherland. So, in that role, I had the
opportunity to have a very good understanding of what both
offices do.
Also, I would like to mention to you--I think it is
particularly relevant given the Chair's earlier statements--
that previously, I served as Deputy Solicitor General for the
State of Colorado, and unfortunately, I see that Representative
Perlmutter is not here. My fellow Coloradoan, sadly, is not
with us right now, but I did want to mention Colorado since I
am here before you all.
The subcommittee has just heard from Assistant Secretary
Allen who expressed how important fusion centers are to
critical Department missions. He also pointed to the
Department's aggressive plan to increase the number of fusion
centers across the Nation. As Chief Privacy Officer, I was
gratified to hear the Assistant Secretary's commitment to
establishing sound and effective privacy practices and policies
from the very beginning.
In the Privacy Office, we understand that this is more than
a compliance issue. Sound and effective privacy policies
enhance program performance while minimizing the cost to
agencies and to the public. Like the Assistant Secretary, I
believe the fusion center guidelines issued by the Global
Information Sharing Initiative and published in cooperation
between the Department of Justice and the Department of
Homeland Security provide an invaluable resource for the
principals to utilize when founding and operating a fusion
center and will also be helpful to me, as a member of the
Information Sharing Environment Privacy Guidelines Committee,
in monitoring how privacy is safeguarded in this crucial aspect
of the information sharing environment.
The fusion center guidelines encourage consideration of
privacy interests from the very moment of formation, a critical
step. These guidelines recommend creating a privacy committee
within the governing structure of the fusion center. The
participants are encouraged to enter MOUs where privacy and
related security protections and responsibilities are
specifically called out. The guidelines promote meaningful and
lawful privacy policies at the fusion centers and provide
mechanisms ensuring that the centers adhere to these policies.
Security is also addressed because it is well-understood in the
privacy community that security concerns become privacy
problems. These sections contain a number of useful links to
templates and model policies, and I want to note that,
importantly, they secure the homeland while protecting privacy.
As with you, Madam chair, I do not believe that it is a
zero sum game. We can do both, and we can succeed at both or we
fail at both. I thank the subcommittee for this opportunity to
testify. My office looks forward to working with Assistant
Secretary Allen, Dan Sutherland and our fusion center partners
to ensure that they maximize their effectiveness by
establishing sound privacy practices.
Thank you very much.
[The statement of Mr. Teufel follows:]
Prepared Statement of Hugo Teufel, III
Introduction
Chairman Harman, Ranking Member Reichert, and Members of the
Subcommittee, it is an honor to testify before you today on advancing
information sharing while safeguarding privacy within the Department of
Homeland Security State and Local Fusion Center Program. I am
particularly pleased to be appearing with my colleague, Dan Sutherland.
As the Subcommittee knows, his office and mine have a statutory
responsibility to work together to address privacy as well as civil
liberties issues in an integrated and comprehensive manner.
Because this is my first time appearing before the Subcommittee, I
would like to introduce myself. I was appointed Chief Privacy Officer
of the U.S. Department of Homeland Security by Secretary Michael
Chertoff on July 23, 2006. In this capacity and pursuant to Section 222
of the Homeland Security Act of 2002, 6 U.S.C. Sec. 142, my office has
primary responsibility for privacy policy at the Department, to
include: assuring that the technologies used by the Department to
protect the United States sustain, and do not erode, privacy
protections relating to the use, collection, and disclosure of personal
information; assuring that the Department complies with fair
information practices as set out in the Privacy Act of 1974; conducting
privacy impact assessments of proposed rules at the Department;
evaluating legislative and regulatory proposals involving collection,
use, and disclosure of personal information by the Federal Government;
and preparing an annual report to Congress on the activities of the
Department that affect privacy.
I also serve as the Department's Chief Freedom of Information Act
(FOIA) Officer. In this role, I assure consistent and appropriate
Department-wide statutory compliance and harmonized program and policy
implementation. As you know, the three pillars of federal privacy law
are the Privacy Act, the Freedom of Information Act, and the E-
Government Act.
Prior to joining the Privacy Office, I served as the first
Associate General Counsel for General Law at the Department of Homeland
Security. Before joining the Department of Homeland Security, I served
as the Associate Solicitor for General Law at the Department of the
Interior. Therefore, I have had the honor of providing advice and
counsel on freedom of information, privacy, and civil rights issues at
two cabinet level agencies. As Associate General Counsel for General
Law at DHS, Dan and my predecessor as Chief Privacy Officer, Nuala
O'Connor Kelly, were my clients, which provided me with the opportunity
to understand the issues both offices faced.
There are two other things I should mention. As the Chief Privacy
Officer, I currently hold a policy position in the Department, so I
limit my practice of law to the weekends, when I serve as a judge
advocate in the Army National Guard, within the Legal Support Office,
attached to the District of Columbia Army National Guard. Additionally,
in my spare time I have been working on a master's degree in National
Security Studies through the Naval War College. My studies have aided
me in understanding decision-making in the areas of homeland defense
and security.
The Privacy Office
I am determined to continue the process of ``operationalizing
privacy'' within the Department and its programs, a phrase described to
this Subcommittee by Maureen Cooney, the Acting Chief Privacy Officer
before my tenure.
To achieve this, the office forms close relationships with system
owners and program managers, along with IT security officials, and
senior DHS officials. By placing privacy into the program development
and decision-making processes of the Department, we can ensure that DHS
not only meets its legal requirements, but stands as a model of how
privacy can complement and work with law enforcement and intelligence
agencies.
As part of our ongoing operations, our Compliance group works with
IT security, budgeting, procurement, and financial professionals
Department-wide to complete privacy impact assessments, system of
records notices, and other privacy documentation relevant to and
required for DHS systems and programs.
Our Office also leverages the considerable experience of our
International group to develop and maintain DHS's privacy policy and
practices on issues concerning our foreign partners and allies. These
issues range from international compliance measures to data sharing
initiatives as well as full treaty negotiation and review.
Fusion Centers
State and local authorities have created 42 fusion centers around
the country. Fusion centers blend relevant law enforcement and
intelligence information analysis and coordinate security measures in
order to reduce threats in local communities. They also represent a
method for providing first responders with ``actionable intelligence'';
that is information useful and relevant to the day-to-day mission of
state and local law enforcement personnel. As of the end of FY 06, the
Department of Homeland Security has provided more than $380 million to
state and local governments in support of these centers.
Intelligence Officers from the Department of Homeland Security
Office of Intelligence and Analysis currently work side by side with
state and local authorities at twelve fusion centers across the
country.
This number is about to grow. On September 12, 2006, Secretary
Chertoff told the Senate Committee on Homeland Security and Government
Affairs that, ``Our goal is to have intelligence and operations
personnel at every state and major metropolitan fusion center in the
United States, sitting in the same room, sharing and analyzing
information and intelligence in real time,'' with a ``two-way flow [of
information], with every level of government pooling intelligence.''
This ramping up of fusion centers and the two-way information flow
to accompany it will require additional effort and vigilance to ensure
privacy rights are protected. As the DHS Chief Privacy Officer, I will
strive to make sure privacy concerns are addressed at the beginning of
the process, before information is collected and shared. This process
begins, in my opinion, with a proposed fusion center utilizing the
Department's fusion center guidelines.
Privacy and the Fusion Center Guidelines
The Global Justice Information Sharing Initiative, the Department
of Homeland Security, and the Department of Justice collaboratively
developed and in August 2006 issued ``Fusion Center Guidelines:
Developing and Sharing Information in a New Era.'' These guidelines are
intended to ensure that fusion centers are established and operated
consistently, resulting in enhanced coordination, strengthened
partnerships, and improved crime-fighting and anti-terrorism
capabilities. The document offers a comprehensive guide to the
development and operation of fusion centers, as well as provides useful
resources and document templates to facilitate implementation. I
believe this is an excellent first step in ensuring fusion centers
integrate privacy protection into their actions.
Implementing these fusion center guidelines provides an important
first step in applying appropriate privacy protections as required
under the ``Guidelines to Ensure that the Information Privacy and other
Legal Rights of Americans are Protected in Development and use of the
Information Sharing Environment''--otherwise known as the ISE Privacy
Guidelines--and is a major focus of the ISE Privacy Guidelines
Committee (ISE/PGC), of which I am a member. In fact, the ISE/PGC
already formed a working group to deal specifically with privacy issues
surrounding the exchange of data with state and local entities. Since
the fusion centers will be the primary mechanism for federal government
information sharing with our state, local and private sector partners,
the successful implementation of appropriate privacy policies will be a
critical part of ensuring the success of the Information Sharing
Environment.
Privacy concerns and methods of addressing them appear throughout
the documents. Fusion Center Guideline 3, for instance, urges the
inclusion of a privacy committee in the fusion center governance
structure. The purpose of this privacy committee will be to ``liaise
with community privacy advocacy groups to ensure civil rights and
privacy protection.'' Fusion center governing bodies, moreover, are
encouraged in this Guideline to collaborate with the Department of
Homeland Security, including the Privacy Office, to establish their
operating processes.
Fusion Center Guideline 5 urges fusion center partners to utilize
memorandums of understanding (MOUs) to govern interactions between the
participants, and commit the parties to the principles and policies of
the fusion center. The guideline advises that adherence to privacy and
security principles should be specifically addressed within all such
MOUs. Where DHS shares personally identifiable information with fusion
center partners, the Privacy Office will review and approve a Privacy
Impact Assessment that covers the privacy and security controls that
the MOU must address.
Fusion Center Guideline 8 is dedicated to promoting meaningful and
lawful privacy policies at the fusion centers, and to providing
mechanisms ensuring that the centers adhere to these policies. This
begins with consideration of the Fair Information Principles which are
the worldwide baseline for privacy protection: Transparency, Individual
Participation, Purpose Specification, Minimization, Use Limitation,
Data Quality and Integrity, Security, and Accountability and Auditing--
consideration of which are also, appropriately, required by the ISE
privacy guidelines. The Fusion Center Guidelines provide a useful list
of complementary elements for the drafters of the privacy policy,
including:
1. Add introductory language that clearly states the privacy
practices of the center;
2. Describe the information collected and how the information
is stored;
3. Establish a common lexicon of terms for dealing with role-
based access;
4. Define and publish how the information will be used;
5. Draft a clear, prominent, and understandable policy;
6. Display the privacy policy for both center personnel and
customers;
7. Ensure that all other policies and internal controls are
consistent with the privacy policy;
8. Establish a business practice of notifying government
agencies of suspected inaccurate data;
9. Adhere to applicable state and federal constitutional and
statutory civil rights provisions;
10. Partner with training centers on privacy protection
requirements and conduct periodic privacy security audits;
11. Consult with the privacy committee (established pursuant to
Guideline 3) to ensure that citizens' privacy and civil rights
are protected;
12. When utilizing commercially available databases, ensure
that usage is for official business and the information is not
commingled with private sector data. To prevent public records
disclosure, risk and vulnerability assessments should not be
stored with publicly available data; and
13. Determine if there are security breach notification laws
within the jurisdiction and follow those laws, if applicable.
Having defined the key elements of a sound privacy policy, the rest
of Guideline 8 focuses on the steps the leaders of the fusion center
should take to ensure the policy is followed. These steps include such
prudent steps as ensuring adequate training and information privacy
awareness and establishing a policy for tracking and reviewing privacy
complaints and concerns. Guideline 8 also recommends seeking legal
counsel. I would only add to this list that participants should also
consult frequently with their entity's Chief Privacy Officer.
The supplemental materials available on the Guidelines' companion
CD are particularly useful. They include the Justice Department's
Privacy and Civil Rights Policy Templates for Justice Information
Systems, Privacy Policy Templates, and a Privacy Policy Development
Guide.
The Privacy Policy Development Guide recommends that in addition to
the development of a comprehensive privacy policy, fusion centers
complete privacy impact assessments to understand the effect that
technology and operation choices have on privacy. The Privacy Office
developed a detailed methodology to analyze the impact any new or
update system will have on an individual's personal information,
including reviewing:
What information is to be collected;
How will be it stored, managed, and used;
What means of individual access is available;
What means of redress for informational errors has
been provided; and
What security is in place to protect the information.
The Privacy Office's official guidance on the writing of privacy
impact assessments to shepherd the different system programs safely
through the privacy protection process serves as an appropriate
addendum to the Fusion Center Guidelines.
Furthermore, it is often said that ``security concerns become
privacy problems.'' Privacy protection principles are only meaningful
if they exist in tandem with a robust security regime. Fusion Center
Guideline 9 provides a framework for ensuring adequate security
measures are in place. This includes, of course, security for
facilities, data, and personnel. A fusion center's Privacy Officer and
Civil Rights Officer must have close working relationships with its
Chief Information Officer as well as the Chief Security Officer.
As a whole, I believe these guidelines provide an invaluable
resource for the principals to utilize when founding and operating a
fusion center, and will also be helpful to me, as a member of the ISE
Privacy Guidelines Committee, in monitoring how privacy is safeguarded
in this crucial aspect of the Information Sharing Environment. The
Fusion Center Guidelines encourage consideration of privacy interests
from the very moment of formation--a critical step.
Privacy Office's Review of the MATRIX Program
Information sharing, of course, is at the heart of fusion center
activities. The Privacy Office has had an opportunity to review a pilot
information sharing program among a number of state governments called
MATRIX, the Multistate Anti-Terrorism Information Exchange. The program
accessed only state-owned or publicly available records that were
already available to law enforcement without a subpoena or court order.
DHS became involved in the pilot in July 2003, when (what is now)
Grants and Training entered a Cooperative Agreement with a non-profit
entity to administer the project. The funding was intended to assist
with testing the system for data analysis and integration of terrorist
threats and other intelligence information, as well as to provide
funding to establish user accounts for MATRIX participants and to
create a secure website for each participating state to facilitate
information sharing.
The Privacy Office reviewed the program following a request by the
American Civil Liberties Union and published its findings in a report
entitled, ``Matrix Report--DHS Privacy Office Report to the Public
Concerning the Multistate Anti-Terrorism Information Exchange (MATRIX)
Pilot Project,'' which is available on the Privacy Office website.
We found that the project lacked a privacy policy that clearly
articulated the project's purpose, how it would use personal
information, the types of information covered, and the security and
auditing safeguards governing the project. The MATRIX Board of
Directors did not issue a privacy policy of any kind until four months
after the pilot began. It was nearly a year before the Board approved
an audit requirement and then it merely called for a self audit.
The Privacy Office believes, however, that the MATRIX pilot project
was undermined, and ultimately halted, in large part because it did not
have a comprehensive privacy policy from the outset to provide
transparency about the project's purpose and practices and protect
against mission creep or abuse. The recommendations of the Privacy
Office rest on the basic premise that information programs such as the
MATRIX pilot project can protect privacy, while securing the homeland.
Building privacy into the architecture of an information program can
help ensure that such programs achieve their objectives while at the
same time safeguarding individual privacy. This is more than just a
compliance issue. The Privacy Office understands that sound and
effective privacy practices maximize the utility of the information
collected, processed, and maintained by DHS to facilitate and improve
performance, while minimizing the cost to agencies and to the public.
I note that the MATRIX program was initiated and failed before the
fusion center guidelines were issued. If the MATRIX participants had
had the benefit of these guidelines and followed their plan for
implementation and the creation of a comprehensive privacy policy, I am
confident that the program would have stood a much better chance of
success. Looking forward, I hope parties entering future information
sharing agreements, especially in support of fusion centers, read the
MATRIX report for its lessons learned and then review and adopt the
Fusion Center Guidelines. And of course they should consult their
Privacy Office.Conclusion
Conclusion
I thank the Subcommittee for this opportunity to testify. My office
looks forward to working with the Department and our fusion center
partners to ensure they maximize their effectiveness by establishing
sound privacy practices.
I look forward to hearing my colleagues' testimony and to answering
your questions.
Ms. Harman. Thank you for your testimony within the time
limit. A vote has been called. I am not sure if it is the last
vote, but we have about 10 good minutes. It is not the last
vote. So I think we will try to conclude this hearing before we
go to vote. I think that is fairer to you and would work
better.
Ms. Harman. So I am going to just make a comment as to one
question, and take less than 5 minutes and then yield to the
other two that are here. My comment is that you have revealed a
closely guarded secret. Folks out in the countryside don't
realize that you are there and what you are doing, and I would
urge you to tell your story. In fact, I would urge committee
staff to figure out the way we are going to tell this story in
Los Angeles on April 5 because it is very important that the
neighborhoods which these fusion centers serve understand that
this training is available and conducted and that the policies
that these fusion centers are following hopefully comply with
these Federal policies. And so my one question is, maybe Mr.
Sutherland for you if you could answer it in 30 seconds, and
then I will go to Mr. Reichert. Can you assure me that people
who are coming now to the JRIC, the Joint Regional Intelligence
Center, in Los Angles, receive this training, watch your video,
read your materials and practice these guidelines that you have
developed?
Mr. Sutherland. Chairwoman, I could not assure you that any
particular employees of any particular fusion center have seen
this video or seen these materials that I referenced. We need
to do a better job in that regard.
Ms. Harman. Well, then, let me just conclude by urging you
to do a better job in this regard and find the ways to make
these programs known by those who work in these fusion centers.
We are, by legislation, considering making some of this
mandatory if, as Charlie Allen says, everyone wants to follow
these practices, and that can be done even before they are
mandatory. Let's do that. Would you commit to working on that
problem?
Mr. Sutherland. Absolutely. We will do it, and we will
follow up with you.
Mr. Dicks. If I could just add--
Ms. Harman. Yes. I will yield to you.
Mr. Dicks. Do you have a plan to do this?
Mr. Sutherland. Not specifically with regard to fusion
centers. We have, for example, the training that I mentioned on
Arab Muslim values and culture, we have just had that out for a
month, and 4,000 copies are gone. We have a tremendous amount
of enthusiasm. So we are confident that when we make this
available to individuals in fusion centers, that they will take
it. We have distributed over 600 at the training last week, but
I think we can definitely follow up to contact them directly
and say, here is what we have available.
Ms. Harman. Well, I think Mr. Dicks raises exactly the
right point. We are all late in this, our understanding of
Muslim and Sikh and other cultures is lagging in America. And
to make policies to protect our homeland work, we obviously
have to have better understanding and hopefully gain the trust
of lawabiding citizens from all these communities who
are the first to know whether something is wrong in their
neighborhoods, and we want them to tell us if something is
wrong. So let us urge you to think through quickly how this
information can go out to fusion center personnel, what steps
we might have to take to help you get there. Obviously, we are
talking about additional budget resources. But let me put that
out and follow up with you within a week or so to see where we
are, and maybe you can report back on April 5 or someone can in
Los Angeles. Is that reasonable?
Mr. Sutherland. Yes, ma'am.
Ms. Harman. Thank you. Let me yield a few minutes to Mr.
Reichert and then to Mr. Dicks.
Mr. Reichert. Thank you, Madam Chair. And I think you make
an excellent point and follow it up by Mr. Dicks. And as you
were both speaking, I jotted down some quick notes and it just
so happens that my questions for both of you are along the same
lines as we have just experienced here. So you, Mr. Sutherland,
mentioned that the Secretary made a comment at the fusion
center conference that there are tools and measures in place to
safeguard--they wanted to make sure there were tools and
measures in place to safeguard privacy and civil liberties, and
certainly education has got to be at the top of the list. And
then, Mr. Teufel, you mentioned the assistant secretary, his
comment was sound and effective policies. What tools and
measures or policies are you talking about? Just kind of bullet
point them real quick for me, please.
Mr. Teufel. Well, I would call your attention to the
guidelines and it is--I am going to get this wrong--the fusion
center guidelines. But Section 8, title 8, deals with the
privacy guidelines. Now, it is true that under the guidelines,
these privacy requirements are not mandatory, but they are
recommended. It is my understanding in talking with the folks
over at INA that INA looks to make sure that the privacy
guidelines are implemented before they send folks out. And I
want to stress that these privacy guidelines contained in the
fusion center guidelines are outstanding, and key to them--at
the heart of them are the fair information practice principles
that undergird the Privacy Act of 1974, the eight fair
information practice principles. And if you adhere to those
principles, you can't go wrong when it comes--
Ms. Harman. Mr. Reichert, would you yield to me just for a
request of the witness? Would you provide that material for us,
please? I am assuming it is unclassified, but whatever form it
is in, we would like to receive it.
Mr. Teufel. Absolutely, ma'am. We pulled it down off the
Internet yesterday. It is publicly available, and we can
certainly get to you.
Ms. Harman. Mr. Reichert. I would point out we are at about
8 minutes, so hopefully we can get to Mr. Dicks.
Mr. Reichert. The tools and measures are the same as the
policies? We are talking about the same thing?
Mr. Sutherland. Yes, Congressman. I think one thing that is
important when you look at the guidelines is that the
guidelines, most of the discussion in this context deals with
the protection of data which falls within Mr. Teufel's area.
The sorts of training that I was talking about would fall more
in the area of the protection of civil rights or a better
understanding of what to do with data, and that is I think
where we can really add value here.
Ms. Harman. Mr. Dicks you have 2 minutes for questions.
Mr. Dicks. So you have ways of--when people gather
information, which is what this is all about, you have got ways
of protecting the databases and protecting that information. Is
that correct? Or is that something you will have to work on and
develop in each one of these fusion centers?
Mr. Teufel. Well, every fusion center is different. They
are established by State and local governmental entities. The
Department of Homeland Security and the Department of Justice
participate alongside as partners. If I understand--
Mr. Dicks. Let's say they get--you know, we are sending top
secret information back and forth. I mean, they have got to
have some way to protect that information at the, say in the
Los Angeles center or the Seattle center.
Mr. Teufel. Absolutely, sir. And when it comes to the
transmission of classified information, there are protocols in
place and standards that have to be met. I think it is
important to note that you can have all the great gear in the
world, all the best technology in the world, and you can still
fail because as long as there are human beings involved, human
beings will make mistakes. And so the answer is always
training, training, training, training, so that people do the
right thing.
Mr. Dicks. And good judgment.
Mr. Teufel. Yes, absolutely.
Mr. Dicks. And knowing the rules.
Mr. Teufel. Hopefully, we don't hire people that don't have
good judgment or who don't know the rules.
Mr. Dicks. One point, as we walk out the door, it sounds
like we are having--a lot of people are coming to the fusion
center, and each situation is different. So you know, is there
a way--are these people cleared? Do we look into their records?
Is there a clearance process of sorts before these people
become part of the fusion center?
Mr. Teufel. That is my understanding, sir. And as I also
understand, INA looks at the people and looks at the centers
before they get involved, sir.
Ms. Harman. Let me thank both of our witnesses. As Mr.
Allen said about fusion centers, one size does not fit all, but
what has to fit all is that civil liberties and privacy
principles are observed all the time. No exceptions. And it is
going to be hard to get this right, training training,
training, is clearly a big part of the answer, and I just want
to commend both of you for what appears to me to be excellent
work at the Department of Homeland Security. The hearing stands
adjourned.
[Whereupon, at 4:42 p.m., the subcommittee was adjourned.]
Prepared Statement of Hon. Bennie G. Thompson
Thank you, Madame Chair, and I join you in welcoming Mr. Allen, Mr.
Teufel (pronounced ``Too-ful'') and Mr. Sutherland to this important
hearing on State and local fusion centers.
The central role that fusion centers are and should be playing in
improving information sharing cannot be overstated. The Department must
work together with its law enforcement, first responders, and private
sector partners at the State and local levels if we are ever to have
truly safer homeland. They are often in the best position to know what
their information needs are what intelligence would be most useful to
them for figuring out where to spend their resources. That's what
intelligence is all about: if it can't tell us what to prepare for and
how, what good is it?
Fusion centers were launched by State and local leaders themselves
to get a handle on these and other issued, and I commend your office,
Mr. Allen, for the ``customer service'' approach it has taken in this
regard. That approach strikes the right balance between showing respect
for the hard work that the States and locals already have done with
fusion centers while at the same time showing how the Department can
help them going forward.
But we can't help you help the fusion centers, Mr. Allen, if we
don't know what you need. I hope you'll be forthcoming about the
challenges ahead for your State and Local Fusion Center Program given
the President's Fiscal Year 2008 budget request. I hope you'll also be
able to give us a sense of where you plan to deploy your resources as
part of that Program.
Mississippi is in the process of planning a fusion center, and I
imagine it could have played a key role in saving lives in the wake of
Hurricane Katrina. How your Program will help improve situational
awareness in the Gulf Region is of great interest to me.
Moreover, I agree wholeheartedly with Ms. Harman that fusion
centers must keep the faith with the American people. Privacy and civil
liberties must be a centerpiece of the Department's efforts at State
and local fusion centers. I hope you'll address what you're already
doing on this front, and that you'll share your thoughts on how to
promote a rigorous defense of privacy and civil liberties at these
centers.
I encourage you to work closely with Mr. Teufel (pronounced ``Too-
ful'') and Mr. Sutherland about how to incorporate a training regimen
as part of your efforts. I am certain that they are full of good ideas
about how to do that.
Thank you again, and I look forward to your testimony.
Additional Questions and Responses
Questions from Hon. Bennie G. Thompson
Responses from Hugo Teufel and Daniel W. Sutherland
Question 1.: In our efforts to secure the homeland, information
sharing efforts at State and local fusion centers are becoming
increasingly important to create the kind of situational awareness that
is necessary to prevent the next terrorist attack. While we want to
defeat the terrorists, we don't want to destroy our Constitutional
rights in the process. I'm very interested in learning more about how
Mr. Allen's State and Local Fusion Center Program could be a catalyst
for protecting these rights.
How might the Privacy Office and Office for Civil Rights and Civil
Liberties partner to create a privacy and civil liberties curriculum
that could be taught to staff at State and local fusion centers, and
what might that curriculum look like?
To what extent are your offices equipped to provide privacy and
civil liberties training to Department and other staff at State and
local fusion centers, and what would such a training program cost in
your estimation? How long would it take you to put such a training
program together?
Answer: Section 222(5)(A) of the Homeland Security Act of 2002
requires the Chief Privacy Officer to coordinate with the Officer for
Civil Rights and Civil Liberties on programs, policies and procedures
involving civil rights and privacy. Currently, in connection with the
Information Sharing Environment Implementation Plan, the Privacy Office
and the Office of Civil Rights and Civil Liberties coordinate efforts
to build appropriate protections for privacy and civil rights into the
fabric of the Information Sharing Environment. Were Congress to enact
legislation requiring training for staff of State and local fusion
centers, I am confident that the Privacy Office and the Office of Civil
Rights and Civil Liberties could partner to create an effective
training program.
With respect to the privacy aspect of such training, the privacy
curriculum would focus on creating a culture of awareness within fusion
centers that respects privacy interests of individuals. Such a
curriculum would introduce the three pillars of federal privacy law:
the Privacy Act of 1974, the Freedom of Information Act, and the E-
Government of 2002. In addition to federal authorities, the training
should acknowledge individual state privacy laws that govern the
operation of fusion centers. The State and local fusion centers are
creations of the individual States and hence are subject to their own
statutory and constitutional requirements to protect the rights of
their citizens.
The training would include a thorough examination of the Fair
Information Principles (FIPs) reflected in the Privacy Act with the
enhancements made by the Privacy Office to encompass the full breadth
and diversity of the collection, use, dissemination, and maintenance of
personally identifiable information (PII) at the Department. The
Privacy Office's Fair Information Principles are Transparency,
Individual Participation, Purpose Specification, Minimization, Use
Limitation, Data Quality and Integrity, Security, and Accountability
and Auditing.
The curriculum would review how the Privacy Impact Assessment (PIA)
process applies these FIPs to specific program requirements to aid
fusion center staff in identifying and mitigating privacy challenges.
Next, the curriculum would introduce the President's Information
Sharing Guidelines, which encourages the Federal government to share
information with State and local partners while respecting and
protecting privacy. ISE Privacy Guidelines outline the specific process
for the protection of privacy and other rights. In addition, the
training would introduce fusion centers to the requirements of 28 CFR
Part 23, which provides guidance in five primary areas: submission and
entry of criminal intelligence information, security, inquiry,
dissemination, and the review-and-purge process. The training would
encourage fusion center staff to avail themselves of additional
training offered on this regulation.
Finally, the training would refer the staff of fusion centers to
the Fusion Center Guidelines document developed collaboratively by the
Global Justice Information Sharing Initiative, the Department of
Justice, and the Department of Homeland Security. These Guidelines are
intended to ensure that fusion centers are established and operated
consistently, resulting in enhanced coordination, strengthened
partnerships, and improved crime-fighting and anti-terrorism
capabilities. The document offers a comprehensive guide to the
development and operation of fusion centers, including information on
privacy and civil liberties protections, and provides useful resources
and document templates to facilitate implementation. A number of its
recommendations and resources explicitly address enhancements to
privacy protections. This is an excellent first step in ensuring fusion
centers integrate privacy protection into their actions.
To create a curriculum to embed privacy into the development and
operations of fusion centers, the Privacy Office would revise and
augment its existing training modules for Privacy Awareness, Privacy
Act 101, and Privacy Act 201, the PIA guidance, and the Fusion Center
Guidelines into an e-learning course specifically addressing the
privacy issues surrounding a multi-party, multi-jurisdictional fusion
center. Based on previous privacy course development efforts, the
Privacy Office estimates that this effort could take six to nine months
to develop and cost approximately $250,000, which would include course
development support for the Privacy Office, but would not include the
resources necessary to deploy the training across existing and
developing fusion centers.
Question 2.: I would imagine that some State and local fusion
centers will be more open to a Department-sponsored privacy and civil
liberties training program than others. Some may already have similar
programs in place, while still others simply may not see the value of
such training.
What kind of incentives would be helpful, in your view, to
encourage State and local participation in any privacy and civil
liberties education program that the Department might offer?
Answer: The benefits of implementing robust privacy programs into
fusion centers are manifest. They help ensure public confidence and
enhance rather than erode fusion center performance. In recognition of
this, Fusion Center Guideline Number 8 encourages prudent measures to
foster respect for privacy including adequate training and information
privacy awareness.
Although developing specialized training provides efficiencies
regarding the incorporation of privacy protections into the development
and operation of fusion centers, the Fusion Center Guideline Number 5
urges the utilization of memoranda of understanding (MOU) between
fusion center partners that helps define privacy responsibilities.
These MOUs could establish requirements for fusion center staff to
receive periodic privacy training developed in a collaborative
environment and integrating any training from the Privacy Office.
Question 2.: Given the increasing public focus on State and local
fusion centers, what risks may arise if such centers fail to get
privacy and civil liberties ``right''?
How might an aggressive privacy and civil liberties training
program help build public confidence in fusion centers?
Answer: Getting privacy ``right'' is more than just a compliance
issue--it is vital to the success of every fusion center. A
comprehensive privacy policy will help staff understand what
information they will use and why. This will frame their activities to
ensure they stay on mission.
Failure to respect privacy will jeopardize fusion center
effectiveness and will erode public confidence. The Privacy Office's
report on the MATRIX program discussed in my March 14 testimony bears
this out. The information sharing relationship between several states
in MATRIX failed amid public concern because it lacked a privacy policy
that clearly articulated the project's purpose, how it would use
personal information, the types of information covered, and the
security and auditing safeguards governing the project.
Any effective training on privacy and civil liberties issues
requires close coordination between my office and Civil Rights and
Civil Liberties. That cooperation exists presently.
We believe privacy training can help fusion centers to avoid the
fate of MATRIX in two ways. First, it can provide a sound basis for
understanding general privacy principles through the FIPs and learning
how to adhere to federal and state privacy laws. In addition, it can
demonstrate to DHS's fusion center partners the importance the
Department places in privacy.
Fusion center training can also help establish public confidence in
the program. Guideline 3 of the Fusion Center Guidelines addresses
governance issues and recommends creating a privacy committee to
interface with community privacy organizations. The completion of
privacy training for fusion center staff is one of the measures that
leadership can point to when demonstrating their commitment to
preserving privacy rights.
Question 4.: Fusion centers are spreading all over the country, and
the Departments of Homeland Security and Justice are both offering more
and more resources to encourage their development.
In your view, what are the risks to privacy and civil liberties at
State and local fusion centers, and what resources should the Federal
Government be offering to fusion centers to avoid those pitfalls?
Answer: In my answer, I will focus on privacy issues and I defer to
my colleague, Dan Sutherland, on the civil liberties implications.
Privacy problems occur when programs like fusion centers do not define
a solid privacy framework to help adhere to the FIPs. Without a privacy
framework in place, a fusion center runs the risk of over-collecting
information, disseminating information too broadly, applying inadequate
security controls, and encouraging any number of other privacy, and
civil liberties, problems.
As I stated in my March 14 testimony and throughout these
questions, the Fusion Center Guidelines issued by the Global Justice
Information Sharing Initiative, provide a wealth of information and
practical resources for establishing and running a fusion center.
Guideline 3 encourages a governance structure which includes a
privacy committee; Guideline 5 urges the use of MOUs which include
privacy policies and responsibilities; Guideline 8 deals entirely with
privacy and civil liberties; and Guideline 9 provides recommendations
which help prevent security weaknesses from becoming privacy problems.
Adherence to these guidelines and development of the training and
policies they recommend are critical steps in ensuring that the fusion
centers provide the maximum benefit to the nation, without minimizing
privacy rights and thus losing the confidence of the public that the
fusion centers are in business to protect.
Question 5.: What privacy and civil liberties ``best practices''
would you most like to see adopted at State and local fusion centers
and why?
How might an ``in-person'' training program offered by the
Department of Homeland Security at State and local fusion centers
encourage adherence to these best practices?
Answer: The Privacy Office believes every fusion center should have
an official responsible for privacy issues. This official could ensure
that the best practices described in the Fusion Center Guidelines are
implemented appropriately and that compliance issues are dealt with in
a timely manner. Among these best practices are: adherence to the FIPs;
periodic privacy audits; adequate security controls; and regular
interaction with the public and privacy advocacy groups.
In-person training can help define these best practices for fusion
center staff and refer them to the planning and implementation
resources available within the Fusion Center Guidelines. Again, I defer
to my colleague from CRCL on the civil liberties implications.
Question 6.: There is a lot of mystery surrounding fusion centers.
Recent press accounts report that some privacy and civil liberties
advocates fear that they might become domestic intelligence agencies
that spy on Americans. Others worry that a lack of familiarity with
privacy and civil liberties laws and regulations raise the risk of
accidental--but equally damaging--breaches of Constitutional rights.
What checks are in place at fusion centers that, in your view,
might help them avoid becoming mini spy agencies, and where might there
be a need for greater oversight to ensure that abuses don't occur?
Answer: First and foremost, fusion centers are analytical, not
operational, entities. They access existing information and analyze it.
As well, they aid Federal, State, and local entities in finding
information. Fusion centers do not independently gather information.
Second, transparency in implementing the FIPs is critical to
keeping a fusion center focused on its lawfully authorized information
sharing mission. A public airing of its practices for the collection,
use, dissemination, and maintenance of personally identifiable
information will benefit the operation of the fusion center in two
important ways. It will provide discernable limits on the actions of
fusion center staff. As well, it will help the public understand the
important but focused purpose of the fusion center. With this
understanding they will be less likely to fear the creation of a mini
spy agency in their midst.
Third, a fusion center can conduct periodic audits to confirm staff
is adhering to the purpose and limits originally defined. Moreover, the
transparency of the initial privacy assessment can be regularly
buttressed by liaising with members of the local community and
interested privacy advocacy groups.
Question 7.: What privacy, civil liberties, and data security
training do your offices provide to DHS employees being deployed to
State and local fusion centers, how is that training given, and how
often are DHS staff required to undergo refresher courses?
In your view, to what extent is the training that your offices
provide to DHS employees transferable to State, local, and tribal
personnel at State and local fusion centers?
Answer: Currently, every new employee hired by DHS receives an
introduction to the Privacy Office and the three pillars of federal
privacy law: the E-Government Act, the Privacy Act, and the Freedom of
Information Act.
In addition to the new employee orientation, the Privacy Office has
developed and distributed an e-learning privacy training course
entitled ``Privacy Awareness,'' which expands upon the basic concepts
presented in the orientation to develop an understanding in the
essentials of the Privacy Act and E-Government Act. This training
permits DHS employees and contractors to recognize situations in which
privacy issues arise and how best to mitigate risks to privacy in the
development and operation of a program. This course is available across
DHS and has been or will soon be incorporated into the various training
programs. The Privacy Office is nearing the completion of the
development of two Privacy Act e-learning courses entitled ``Privacy
Act 101'' and ``Privacy Act 201.'' The initial one-hour course,
``Privacy Act 101,'' will provide all employees and contractors with
the essentials concerning the Privacy Act of 1974, including a basic
understanding of what is personally identifiable information, what is a
system of records, when is a System of Records Notice required, how can
information be collected, used, maintained, or disseminated in
compliance with the Privacy Act, and other related topics. Further, it
introduces DHS employees and contractors to the Fair Information
Principles employed by the Privacy Office. Once all the courses are
completed, they will be used as annual refresher courses to ensure a
complete understanding of privacy issues facing the Department.
As already discussed, with modest changes, these privacy courses
could form the core of a training curriculum to support fusion center
staff. They cover federal privacy law as well as the FIPs in detail.
Adherence to these is critical for fusion centers to accomplish their
mission without eroding privacy rights.
Nonetheless, these existing DHS modules are just the beginning.
Fusion center training, in particular, should add specific references
to the invaluable Fusion Center Guidelines and, where possible, such
training should contain information on relevant state privacy law as
well.
All personnel employed by or assigned to the Office of Intelligence
and Analysis (I&A) are required to attend Intelligence Oversight and
Information Handling on an annual basis. This training is required
wherever the I&A employed is assigned, to include those working in the
State and Local Fusion Centers. This Intelligence Oversight and
Information Handling training addresses the proper handling of
information which identifies United States (US) persons, such as social
security numbers. The training emphasizes that I&A personnel must be
familiar with I&A's mission, and the proper method of collection,
retention, and dissemination of information about US persons. Part of
this training includes a review of the history of past abuses of these
rights.
Question 8.: What should a model privacy and civil liberties
education program include as part of its core curriculum?
What would be the most important thing for law enforcement and
other staff at fusion centers to know about privacy and civil liberties
as they do their fusion work?
Answer: As noted above, the privacy curriculum would focus on
creating a culture within fusion centers that respects privacy
interests of individuals. It would begin with an introduction of the
three pillars of federal privacy law: the Privacy Act of 1974, the
Freedom of Information Act, and the E-Government of 2002. It would
include an introduction to the Information Sharing Environment
Guidelines, including the ISE Privacy Guidelines, as well as to 28 CFR
Part 23. The training would note that, in addition to these Federal
laws and regulations, individual state privacy laws may govern the
operation of individual fusion centers as well.
The training would include a thorough examination of the FIPs
including Openness, Individual Participation, Purpose Specification,
Minimalization, Use Limitation, Data Quality and Integrity, Security,
and Accountability and Auditing. Additionally, the training would
demonstrate how DHS uses PIAs to evaluate a program using these FIPs.
Finally, the training would refer the staff to the Fusion Center
Guidelines to address fusion center specific issues.
In addition to this training, law enforcement and other staff at
fusion centers should understand that adherence to privacy law and
application of the FIPs is not just a compliance issue. It is the best
method of assuring information at their disposal is utilized
effectively. Moreover, a transparent respect for privacy is critical
for maintaining the confidence of the public they are trying to serve.
Without this confidence, there is a chance their program will cease to
exist or not have access to critical citizen-borne information.
Question 9.: One civil liberties concern at fusion centers involves
data integrity--how safe is information in fusion center databases from
being hacked or otherwise accessed by people with no right to it.
What should a privacy and civil liberties curriculum include to
address the data integrity issue? What best practices would you
recommend?
Answer: While state privacy law will govern the operation of fusion
centers, the documentation of these procedures in documents similar to
the Privacy Impact Assessment and System of Records Notice required of
federal agencies, as well as developing and implementing records
retention schedules, provides invaluable insight into information
collection, use, dissemination, and maintenance policies and procedures
of the fusion center.
A privacy curriculum would stress that data integrity is a matter
of primary concern. From a privacy perspective, information assurance
is crucial for any program deploying information technology handling
the exchange of data between multiple participants. The Privacy Office
FIPs include three principles that go to the heart of data integrity:
Data Quality and Integrity, Security, and Accountability and Auditing.
The first, Data Quality and Integrity, looks to ensure that
personally identifiable information is accurate, complete and kept up-
to-date. Under this principle, the fusion center training would
encourage regular review of personally identifiable information to
ensure it remains relevant and necessary to the purposes of the program
or an investigation. Once personally identifiable information is no
longer relevant and necessary, the information should be purged from
the supporting systems. To accomplish these goals, fusion centers
should have standard operating procedures outlining how to review
information for relevant and necessary standards. These procedures
should be documented in the Privacy Impact Assessment and System of
Records Notice as well as developing and implementing records retention
schedules.
The second principle, Security, looks to protect personally
identifiable information through reasonable security safeguards against
risks such as loss or unauthorized access, destruction, use,
modification or disclosure. This principle is implemented through
appropriate information security controls, such as required through the
Certification and Accreditation process outlined by the Federal
Information Security Management Act (FISMA) and the DHS Chief
Information Security Officer (CISO).
The third principle of this list, Accountability and Auditing,
looks to hold the fusion center and its participants accountable for
complying with measures which give effect to all the principles. The
fusion center should develop mechanisms to ensure ongoing compliance
with these fair information principles. Technology should support the
ability to perform appropriate audits to measure up operational metric
with privacy protections. Further, for information from federal
partners, DHS should provide appropriate training to all employees and
contractors that handle personally identifiable information.
Question 10.: If both your offices work together, how long would it
take you to develop a privacy and civil liberties training program, and
what steps have you considered already for establishing and
implementing such a program?
What kind of resources will your offices need to help you establish
and implement a fusion center-oriented privacy and civil liberties
training program in a timely fashion?
Answer: At present, the office has sufficient appropriations only
to carry out its presently-assigned mission. As I have detailed
earlier, the Privacy Office training courses, including Privacy
Awareness, Privacy Act 101, and Privacy Act 201; the DHS Privacy Impact
Assessment Guidance; and the Global Fusion Center Guidelines would
serve as the basis for any training created for fusion centers. It
would take between six and nine months to accomplish this.
While the manner of training delivery is yet to be determined, one
scenario for properly deploying a fully-functional privacy training
program to federal participants and fusion center operators in a timely
manner will require funding for both personnel and development support.
Having a team from the Privacy Office dedicated to providing training
to fusion centers is the first step. Optimally, hiring or contracting
for a fusion center privacy training coordinator and an appropriate
number of trainers to go out to the fusion centers and provide ongoing
instruction in privacy issues would provide the quickest and most
effective approach to ensuring privacy protections in the deployment
and operation of fusion centers.
In addition to training resources, privacy resource support will be
necessary to ensure that the training received by fusion center
participants is properly employed through the development of privacy
policies and compliance programs at the individual centers. Dedicating
personnel at the Privacy Office to support this effort would ensure
uniformity throughout the various fusion centers in the application of
the FIPs to protect privacy. I anticipate that we would need an
additional compliance specialist within the Privacy Office.
Responses from Daniel W. Sutherland
Question 11.: In your view, Mr. Sutherland, would it be appropriate
for DHS to offer a standardized privacy and civil liberties training
program to State and local fusion centers where DHS has a presence?
What benefits might derive from such a standardized approach? To
what extent would a fusion center-oriented privacy and civil liberties
training program need to vary from State to State according to the
needs of each location?
Answer: In my answer and in responses to subsequent Questions for
the Record, I will focus on Civil Rights and Civil Liberties aspects,
and defer to my colleague, Hugo Teufel on the privacy implications.
First let me state that it is important to remember that fusion
centers were created and are run by State and local officials and not
the Federal government. Yes, CRCL could offer a standardized program
detailing the framework within which all fusion centers with a DHS
presence should operate. Such a standard program would likely cover
only those systems, approaches, policies and missions that are nearly
universal for fusion centers. A standard program would help create a
baseline expectation for what knowledge all personnel should have in
order to conduct their work in fusion centers. This would be a
voluntary program for non-DHS employees not connected to a DHS program
or grant.
Variation would depend on many factors including the type of
information shared, the variety of systems and architecture used to
control and share information, the level of cooperation, the volume of
work to be conducted and the track record of individual fusion centers.
Question 12.: Mr. Sutherland, if you were to develop a privacy and
civil liberties curriculum for State and local fusion centers, what
procedures would you have in place to make certain that racial
profiling does not exist within the fusion center context and how will
you address racial profiling in the training program?
Answer: In June of 2004, the Department issued a memo to all staff
describing its policy on racial profiling, and adopting the latest
Department of Justice policy on profiling, itself issued in June of
2003. CRCL has created training on racial profiling that is at least
applicable to Federal activities undertaken using information obtained
and shared through fusion centers, if not to the activities of State
and local law enforcement entities themselves.
Training fusion centers on racial profiling would provide an
opportunity to offset some of the risks associated with information
overload. Large quantities of raw information provided to State and
local agencies without analysis or assurance of reliability can lead to
assumptions that may be at odds with equal protection standards and, in
the extreme, result in racial and ethnic profiling. Fusion centers,
through their approach to cooperative analysis, can provide information
that is reliable and concrete enough to eliminate the uncertainty that
can lead to racial and ethnic profiling. Further, basic cultural
competence training can better enable fusion center partners to, in
turn, equip their personnel with knowledge that will help them do their
jobs in a manner that shows respect to, and earns the respect of, the
communities they protect and serve.
Question 13.: Mr. Sutherland, how would you ensure that your office
continues to serve as a resource to fusion center personnel after any
privacy and civil liberties training you provide is complete?
Answer: We will ensure that CRCL continues to serve as a resource
to fusion center personnel by being responsive to follow-up questions
and by establishing ongoing dialogue with fusion center personnel. We
will work with DHS I&A, the DHS information Sharing Coordinating
Council and Governance Board, the Information Sharing Environment
Program Manager and others involved in the information sharing
environment to voice civil rights and civil liberties concerns at all
stages of Federal planning and policy making related to fusion centers.
Where appropriate, we will continue to serve as a resource by making
our training material available to criminal justice programs and other
institutions that provide training to fusion center personnel. The
Office for Civil Rights and Civil Liberties will use its available
resources to provide assistance to fusion centers across the country so
that they can fulfill their mission at the highest level of
effectiveness.
Question 14.: Notwithstanding the support provided to the fusion
centers from your office, Mr. Sutherland, would you support fusion
centers having an individual on-site to provide on-the-spot civil
rights and civil liberties advice to employees when circumstances
warrant?
Why or why not? How might your office encourage that fusion centers
have such a person on staff?
Answer: Depending on the size and mandate or mission of the fusion
center it may or may not be useful to have an individual on-call or on-
site to provide immediate civil rights and civil liberties advice. A
large, regional fusion center with scores of government partners will
likely have more circumstances that warrant daily seeking expert civil
rights and civil liberties advice. Even in such instances there is a
great deal that could be accomplished using secure networks in an on-
call approach.
The Office for Civil Rights and Civil Liberties is one of the
smallest such offices in the federal government. For sake of
comparison, the Department of Justice's Civil Rights Division has
approximately 800 employees and the Department of Education's Office
for Civil Rights has approximately 600 employees. Because of the size
of its workforce, for example, the Department of Education is able to
staff regional offices around the country. The Office for Civil Rights
and Civil Liberties has approximately forty full-time employees. Given
this, we recognize that we must spread our influence through innovative
projects such as Civil Liberties University, our training vehicle. We
continue to look for ways to share our expertise with our colleagues
around the country.
Question 15.: Mr. Sutherland, I'm aware that your office has
prepared training courses for DHS staff that is available on CD-Roms
and other media. For purposes of a fusion center-oriented privacy and
civil liberties training program, what portion of the training should
be ``in person'' versus on CD-Roms or other media?
What role could community outreach from fusion centers play in
reinforcing the privacy and civil liberties lessons you might teach?
Answer: Again, I will focus on Civil Rights and Civil Liberties
issues and I defer to my colleague, Hugo Teufel on the privacy
implications.
As much as possible, a standardized tool should be used in order to
save resources and ensure widespread access to the training. Where
circumstances warrant ``in person'' training, CRCL, working with our
partners in the Privacy Office, will be able to provide such training
and may be able to tailor it to specific fusion centers, depending on
the circumstances on individual fusion centers and assuming sufficient
resources are available. Effective training is ordinarily developed in
response to various types of needs analysis, and any training provided
under such a program should be designed in the method most likely to
ensure effective delivery of the curriculum.
I would encourage Fusion centers to actively engage communities to
ensure widespread understanding of their mission, capabilities, and
their efforts to ensure privacy and civil liberties principles are
respected. Disclosure of the privacy and civil liberties guidelines,
policies and training will help to create community support. Affording
the public ample opportunities to express concerns and raise questions
will foster trust that leads to cooperation in the activities
undertaken by all fusion center partners.
Responses from Hugo Teufel
Question 11.: Mr. Teufel, some states have applied for exemptions
from the Privacy Act to expand the amount of information they can
collect and retain at fusion centers.
What concerns does this raise for you, and how do we go about
ensuring that fusion centers do not eviscerate the Privacy Act?
Answer: The Privacy Act of 1974 applies only to federal agencies;
it does not govern the actions of the states in connection with fusion
centers. Nonetheless, although the Privacy Act of 1974 permits Federal
agencies to control access to information held in a Privacy Act System
of Records (SOR), such exemptions do not remove all of the requirements
of the Privacy Act. Typically, Federal agencies will promulgate a rule
to exempt a particular SOR from certain sections of the Privacy Act.
Federal agencies need these exemptions in order to protect
information relating to law enforcement investigations from disclosure
to subjects of investigations and others who could interfere with
investigatory and law enforcement activities. Specifically, the
exemptions are required to preclude subjects of investigations from
frustrating the investigative process; to avoid disclosure of
investigative techniques; to protect the identities and physical safety
of confidential informants and of law enforcement personnel; to ensure
Federal agencies? ability to obtain information from third parties and
other sources; to protect the privacy of third parties; and to
safeguard sensitive information.
Importantly, the exemption process does not allow Federal agencies
to keep a ``secret'' collection of information, to share personal
information in an indiscriminate manner, to fail disclosure of the
reasons for collecting the information, or to establish appropriate
administrative, technical, and physical safeguards to insure the
security and confidentiality of records.
As I have stressed in my March 14 testimony and in other answers
here, the Privacy Office believes this is more than an issue of
compliance. Programs that do not clearly define and understand their
collection, use, dissemination and maintenance of PII, cannot
effectively perform their jobs. In addition, failure to protect PII
would imperil the public's support for their efforts.
As such, to the extent that DHS shares information with fusion
centers, the fair information principles apply to these exchanges and
help determine the controls for the application of any exemptions
appropriately taken under the Privacy Act to prevent erosion of privacy
protections.
Question 12.: Mr. Teufel, your office conducts regular Privacy
Impact Assessments to ensure that DHS programs comply with the Privacy
Act and other laws.
As part of any privacy and civil liberties training that your
office might offer at fusion centers, how would you go about training
fusion center personnel about how to conduct a privacy impact
assessment?
With adequate resources, would the DHS Privacy Office itself be in
a position to conduct Privacy Impact Assessments at fusion centers?
Answer: The Privacy Office has issued Privacy Impact Assessment
Guidance, which DHS programs use to draft their own PIAs. Programs must
evaluate their collection, use, dissemination, and maintenance of PII,
using the eight FIPs.
This guidance would help fusion center leadership and staff to
understand the PIA process. In fact, with some slight modifications
this guidance is ready for fusion center audiences, since the privacy
issues to be examined focus on the FIPs and the collection, use,
dissemination, and maintenance of personally identifiable information,
rather than the entity doing the PIA. Moreover, since the Privacy
Office posts every PIA that is approved on the DHS website, fusion
center staff have examples from which to work.
The Privacy Office believes PIAs are most useful to the program
when the program staff is heavily engaged in drafting the PIA; with
adequate resources, however, the Privacy Office could assist the fusion
centers in drafting their PIAs.
Question 13.: In your view, Mr. Teufel, what is the value of having
a Privacy and Civil Liberties Officer within an organization, and how
might such an officer have a positive impact at a State or local fusion
center?
What role could a Privacy and Civil Liberties Officer at a fusion
center play in terms of educating the public about the fusion center's
purpose and processes?
Answer: The designation of an official with privacy, or privacy and
civil liberties responsibilities, within each fusion center is one of
the best practices I identified above. As the fusion center guidelines
recommend, I believe this Privacy Officer should be in place early in
the process of the fusion center's formation. This is the best
opportunity to ensure the rest of the recommendations from the fusion
center guidelines are implemented. And the fusion center Privacy
Officer would be responsible for drafting any PIAs and ensuring that
the FIPs are faithfully preserved.
Fusion Center Guideline Number 3 recommends each fusion center have
a privacy committee as part of it governance structure. This group
would be lead by the Privacy Officer. One of the enumerated
responsibilities of this committee is to provide outreach activities
with the community and interested privacy advocacy groups. I believe
this outreach is critical. Public airing of privacy issues is an
important step in ensuring transparency, one of the FIPs. Moreover, if
the fusion center has implemented all of the FIPs, the Privacy
Officer's interaction with the public can help maintain support for
their activities.
Question 14.: Mr. Teufel, there is concern among some privacy
advocates about the length of time that information that is not related
to an investigation remains in a fusion center database.
What are the dangers of not destroying irrelevant information with
a prescribed period of time, and how might privacy and civil liberties
education at fusion centers address this area of concern?
Answer: Minimalization is the fourth FIP utilized by DHS. This
principle includes a prescription that information must be directly
relevant and necessary to accomplish the specific purposes of the
programs and information must be retained only for as long as it is
necessary and relevant to fulfill the specified purpose for its
collection. Obviously, fusion centers need relevant information--and
only relevant information--to fulfill there mission. Accessing
irrelevant and untimely information can only hamper the performance of
the hardworking fusion center staff. Such over-collection of
information can erode the public's confidence and increase the cost of
a security breach with no offsetting benefit to the program.
Privacy training can reinforce the importance of the FIPs. Applying
this fourth principle of Minimalization, the fusion center can create
criteria for judging the initial relevancy of information and for
determining continued relevancy over time. This analysis will aid the
fusion center's regular purging of information that, by definition,
cannot assist them in performing their important mission.