Regional fusion centers share records on suspected terrorists

A police officer driving by a King County, Wash., dam that supplies drinking water in the Seattle area notices a hole in a chain-link fence surrounding the premises. He interviews passersby to see whether they saw anybody with a wire cutter. His training tells him the hole could be the work of someone trying to see how easy it would be to penetrate the fence and dump poison into the reservoir. Or the culprit could have been testing security to see how quickly the chink gets patched.

The officer alerts his supervisor at the King County Sheriff's Office, who in turn forwards a message to the state's "fusion center," an information sharing operation partly supported by the federal government that vets reports of suspicious behavior for possible distribution to fusion centers nationwide. The center deems the tip worthy of circulation, in case multiple vicinities have reported similar incidents. An intelligence analyst records the officer's report on a standard form in a locally based computer server that is searchable at fusion centers in other states and cities, plus along Amtrak railways. The local police do not want to release any information that could identify the witnesses, so the analyst leaves the names and certain other data fields blank. Within 24 hours, the suspicious activity report is published.

This is how agencies across the nation are sharing information to pre-empt terrorists. The government defines suspicious activity as behavior or incidents that could signal planning related to terrorism, crime, espionage or other illicit schemes. This type of surveillance did not exist before the Sept. 11, 2001, attacks. And some privacy activists think it still shouldn't today. But the federal government is working to expand the program to all 72 regional fusion centers and convince critics that doing so will protect national security and civil liberties. By the end of September, it is expected that 50 fusion centers will have the technological capacity to fully participate in the program, and the remaining 22 will be able to search the system but not add reports.

The Nationwide Suspicious Activity Reporting Initiative, or NSI, is a virtualized catalog of tips that any federal, state or local government authority can search. But the records actually reside in separate databases maintained by the regional fusion centers. This compartmentalization protects citizens' privacy by allowing each jurisdiction to retain control over its submissions and eliminates the need to buy new computing systems. "It does not create a centralized database," says NSI Director Thomas O'Reilly. "It creates a series of 72 front porches."

The Justice and Homeland Security departments, along with other agencies, developed this standard framework in 2007 to overcome information sharing obstacles that dogged law enforcement prior to 9/11. Back then, agency data systems could not talk to each other. Police could not communicate effectively because they used different lingo for describing incidents. And nondisclosure policies often made it impossible for machines or officers to even try.

Now, according to officials, localities can exchange intelligence using NSI's common terminology, data elements and Web formats so that, for example, the New York Police Department and the Seattle police can understand the details of suspicious activity in Los Angeles. "However they store their information locally, we're providing a technology to search that information nationally," says David P. Lewis, senior policy adviser for Justice Information Sharing and NSI chief technology officer.

The word "virtualization" is thrown around so loosely in product marketing that the term has come to mean anything from providing Web-based, cloud software to segmenting a computer's memory into multiple machines. "In the highest sense of the word, NSI is a virtual system," says Paul Wormeli, Integrated Justice Information Systems Institute executive director emeritus and consultant on the project. "There is no central data storage," he adds.

"The higher-level meaning of virtualization is really key in solving the privacy problems. It allows each state to determine what they share based on their own state's statutes."

Privacy groups, however, argue that much of the potential terrorist activity reported might be nothing more than innocuous tourist habits, such as taking multiple pictures of the Statue of Liberty.

Federal officials agree that some actions dubbed suspicious are consistent with tourist behavior, which is why NSI guidelines instruct trainees to consider the "totality of the circumstances." In addition, officials say, the program teaches officers to log behaviors - not individuals - that are indicative of criminal activity. For instance, police should be on the lookout for people who ask security guards at nuclear plants, "Where did you get your uniform?" This approach reduces the risk of racial or religious profiling, officials note. As of July, more than 46,000 law enforcement personnel had received training, with the rest on the U.S. front line expected to receive instruction by the fall.

"We're not looking for people based on how they dress or how they look, how they pray," O'Reilly says. Plus, jurisdictions can withhold personal information in their fusion center reports to protect privacy.

Federal officials also have issued guidance on distinguishing between cultural behaviors and conduct that indicates criminal activity. An Information Sharing Environment annual report to Congress released in June states that the federal government collaborated with organizations such as the American Civil Liberties Union to develop an NSI privacy framework that officials are working diligently to implement.

ACLU Senior Policy Counsel Michael German acknowledges that federal leaders realize his concerns, but worries that state and local law enforcement agencies are not following guidelines. While NSI managers have set "a high standard on their program," he says, "I don't know whether they have enough control to see if that policy is implemented." Working against the federal government's best intentions, German says, is the fact that many jurisdictions are adopting their own reporting programs. A federal assessment found that just 2 percent of the reports processed by Virginia's fusion center met NSI's guidelines, while only 12 of Florida's 5,727 reports met protocols. "It's difficult to imagine people paying attention to a 40-page [privacy] report when they also are shown a five-minute training video with buildings blowing up," German says.

Federal officials insist the video concentrates on identifying suspicious activity. Additionally, local police reports undergo a two-part assessment at regional fusion centers to ensure the write-ups adhere to standards.

Other privacy groups question whether NSI has truly made Americans safer. The Electronic Frontier Foundation points to a skeptical June Congressional Research Service report stating, "One of the biggest challenges facing policymakers is how to determine whether the NSI program is successful . . . Are the number of [suspicious activity reports] produced or the number of SARs shared relevant metrics? How does one know if the SARs produced and shared under the program are actually meaningful intelligence dots?"

Federal officials could not provide statistics that gauge the impact of NSI, but they did summarize a few episodes they say show the initiative has improved operational efficiency. In 2009, for instance, an employee at a New York self-storage facility, who had been briefed through an NSI community outreach program, contacted the local police after noticing odd activity at one of the units. Law enforcement authorities ran checks and discovered the site already was under federal surveillance. Two weeks later, four men were arrested for plotting to bomb a Bronx synagogue.

This year, Homeland Security is linking NSI with its "If you see something, say something" campaign, which encourages the public to report signs of crime to the police. A July DHS progress report on implementation of the 9/11 commission recommendations states, "This campaign is being expanded to places where NSI is being implemented, to ensure that calls to authorities will be handled appropriately, in an environment where privacy and civil liberties protections are in place."

The ACLU says this outgrowth of NSI is like spying on your neighbors and is a throwback to a controversial post-9/11 Terrorist Information and Prevention System, which the organization says encouraged postal workers to rat on residents. NSI officials maintain the concept is similar to the philosophy of community policing, which encourages residents to join Neighborhood Watch.

"This is whole of government, but it's local control," says Kshemendra Paul, program manager for the Information Sharing Environment within the Office of the Director of National Intelligence.