Teachout Security Solutions


The Department of Homeland Security Wants All the Information It Has on You Accessible from One Place

Information sharing (or lack thereof) between intelligence agencies has been a sensitive topic in the U.S.

Information sharing (or lack thereof) between intelligence agencies has been a sensitive topic in the U.S. After 9/11, there was a push to create fusion centers so that local, state, and federal agencies could share intelligence, allowing the FBI, for example, to see if the local police have anything in their files on a particular individual. Now the Department of Homeland Security wants to create its own internal fusion center so that its many agencies can aggregate the data they have and make it searchable from a central location. The DHS is calling it a “Federated Information Sharing System” and asked its privacy advisory committee to weigh in on the repercussions at a public meeting in D.C. last month.

The committee, consisting of an unpaid group of people from the world of corporate privacy as well as the civil liberty community, were asked last December to review the plan and provide feedback on which privacy protections need to be put in place when info from DHS components (which include the TSA, the Secret Service, and Immigration Services, to name a few) are consolidated. The committee raised concerns about who would get access to the data given the potentially comprehensive profile this would provide of American citizens.

The committee’s recommendations are available in draft form below. DHS would not provide the original document — a “tasking letter” — that it issued to the committee describing its plans. But DHS’s Immigration and Customs Enforcement division did announce this month that it had awarded a contract to Raytheon for a “new system [that] will enhance how agencies manage, investigate, and report on law enforcement and intelligence activities by improving data sharing between multiple law-enforcement agencies,” reported Information Week. Raytheon’s work started on September 27, a week before the privacy committee got back to DHS with its draft privacy policy recommendations (available below). The committee noted that it had been given an “aggressive timeline” by DHS on coming up with its recommendations.

Better data aggregation in order to root out patterns to prevent terror attacks and enhance security is the new hotness for law enforcement (see BusinessWeek’s piece on the start-up that wants to help the CIA sort through data). But there are privacy concerns. One big assumption that the DHS privacy committee made in its reports is that officials will be searching their new awesome databanks using specific personal information (i.e., What has Kashmir Hill been up to this month?) as opposed to general patterns (i.e., Who all took the train between D.C. and New York this week?). The latter, pattern-based searches would make the DHS’s new fusion-center-like system too much like Total Information Awareness, say critics. The ACLU sent DHS a letter [pdf] this month voicing its concerns about the mingling of commercial and government databases and the potential civil liberties violations, giving an example of a person’s laptop being inspected by Customs & Border Control and then having any reports of its contents put into a profile accessible to the rest of DHS.

“Will DHS limit sharing of this information on innocent people or purge it from the system?” asks the ACLU. ” Just because an ordinary American has had an encounter with DHS does not mean that his or her movements, work history, or other data should be open to widespread scrutiny.”

The ACLU urges the DHS not to “rush into” things, but as noted about, at least one contract to lay the foundation for the system is already signed.

Call 1-800-747-0755