DHS Privacy Office: Fusion centers endanger privacy

Featured eBooks
Future-Ready Workforce
Read Now

Health Tech

Read Now

AI Applications

Read Now
Insights & Reports
The Federal Threat: 98% of npm & PyPI Malware Neutralized With a Source-First Approach
Presented By Chainguard
Download Now
AI for Government Legal Teams: What’s Possible
Presented By Filevine
Download Now
By Alice Lipowicz,
FCW

By Alice Lipowicz,
FCW

|

Unclear chains of authority, excessive secrecy, military and private-sector involvement, and the use of personally identifiable information raise concerns.

Intelligence fusion centers run by state and local law enforcement agencies could jeopardize privacy, according to a report from the Homeland Security Department’s chief privacy officer.

Privacy is at risk at fusion centers because of ambiguous lines of authority and oversight, the participation of military and private companies, and excessive secrecy, said Hugo Teufel III, DHS’ chief privacy officer, in a report dated Dec. 11 and posted online Dec. 22.

Teufel said the privacy assessment identifies hypothetical risks to privacy that should be examined, but they are not necessarily reflective of conditions or policies at the centers. DHS needs to investigate further to determine whether each center is effectively mitigating risks, he said.

“When we use the word ‘risk,’ we are identifying issues, not problems,” Teufel said. “These are the things that the state and local fusion centers should consider carefully.”

DHS created the fusion center program in response to the Implementing Recommendations of the 9/11 Commission Act of 2007 to foster two-way information sharing between the department and state and local police. Law enforcement agencies typically run the centers, and DHS assigns intelligence analysts to work at them.

Despite the department’s efforts to mitigate risks, DHS’ Privacy Office identified a number of ongoing problems in its privacy impact assessment. The 9/11 implementation act provides statutory authority for fusion center activities, but the public might distrust them because state and local law enforcement agencies share personally identifiable information they collect with one another and with federal officials, the report states.

Furthermore, fusion centers lack clear rules for storing and sharing personal information because they are regulated by a mix of state and federal laws, the report states, citing previous  findings by the Government Accountability Office. Consistent policies and training would mitigate those concerns, DHS’ Privacy Office said.

The office identified military involvement at fusion centers as a risk to privacy, but it said assessing the risk was beyond the report’s scope.

The report also lists excessive secrecy, mission creep and inaccurate information as concerns, but it states that appropriate responses should alleviate them.

The privacy assessment also notes concerns about data mining and private-sector involvement, which the office intends to study further.

Caroline Fredrickson, director of the American Civil Liberties Union’s Washington Legislative Office, said the ACLU identified similar privacy concerns a year ago.

“Police intelligence activities have a troubled history in the United States, so we're glad to see the DHS Privacy Office shining a light on the privacy threats fusion centers pose,” Fredrickson said. “Given the fact that the DHS Privacy Office sees the same problems the ACLU does with fusion centers, it should be obvious that serious oversight is necessary.”

NEXT STORY: DHS to expand US-VISIT biometric collection