The federal government has adopted a new rule providing more secrecy for its shadowy “fusion” centers, where investigators look at all sorts of private information that could impact administrative or criminal and civil “enforcement” actions.
The announcement comes from the Department of Homeland Security in a statement in the Federal Register.
It is being publicized by the Electronic Privacy Information Center, or EPIC, which had urged the government to back off its plan.
“The Department of Homeland Security issued a final rule exempting its Operations System from various Privacy Act safeguards, including provisions that permit individuals to access information about them held by the agency,” EPIC reported.
“The system ‘fuses’ information from many sources which the agency uses for investigatory purposes. There are over 20 categories of data, including Social Security numbers, citizenship, medical records and even information gathered from social media in the database.”
The DHS announcement noted that the exemption applies to its “Operations Collection, Planning, Coordination, Reporting, Analysis and Fusion System of Records,” which includes “electronic and paper records.”
The information is collected by the DHS “to service its several and varied missions and functions.”
Among the DHS procedures that will be aided, the federal agency said, are “the enforcement of civil and criminal laws; investigations, inquiries, and proceedings there under; national security and intelligence activists; and protection of the president of the U.S. or other individuals.”
The system “contains information that is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other federal, state, local, tribal, foreign, or international government agencies.”
DHS said the exemptions “are justified” because releasing information could “alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS.”
An exemption from a requirement that information be relevant and necessary is valid “because in the course of investigations into potential violations of federal law, the accuracy of information obtained or introduced occasionally may be unclear, or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.”
The Federal Register statement is attributed to May Ellen Callahan, chief privacy officer for the DHS, working under Homeland Security Secretary Janet Napolitano.
In a statement submitted to DHS during its rule-adoption process, EPIC noted that the information DHS “seeks to incorporate into this system of records” includes name, date and place of birth, Society Security number, citizenship, contact information, address, physical description, distinguishing marks, automobile registration information, watch list information, medical records, financial information, results of intelligence analysis and reporting, ongoing law enforcement investigative information, historical law enforcement information, information systems security analysis and reporting, public source data, intelligence information including links to terrorism or law enforcement, information from federal and other agencies, other information provided by “individuals” and other categories of data.
Moreover, EPIC documents that the federal agency declares its own permission to share information with “both public and private parties,” ranging from the Department of Justice and any congressional office to any “agency … for the purpose of performing audit or oversight operations,” as well as contractors, state and local agencies, foreign government intelligence agencies and even the news media.
The concept “contravenes the purpose and intent of the Federal Privacy Act,” EPIC wrote. “When it enacted the Privacy Act in 1974, Congress sought to restrict the amount of personal data that federal agencies could collect and requires government agencies to limit the collection, sharing, and use of individuals’ personal information.”
The organization said in 2004, the U.S. Supreme Court “underscored the importance of the Privacy Act’s restrictions upon agency use of personal data,” saying that in order “to protect the privacy of individuals identified in information systems maintained by federal agencies, it is necessary … to regulate the collection, maintenance, use and dissemination of information by such agencies.’”
EPIC said individuals should have access “to all disclosures of records kept about them.”
“The DHS insinuates that, if implemented, this requirement would ‘alert the subject of an actual or potential criminal civil or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS as well as the recipient agency.’
“Individuals should be able to know, after an investigation is completed or made public, the information stored about them … individuals may find themselves investigated due to malicious misinformation spread by bad actors.”
It continued, “The idea that information about an individual maintained in a federal agency system of records would never be made available to the individual because an investigation was ongoing in perpetuity would, of course, be absurd.”
The action, EPIC explained, stands “the purpose of the Privacy Act on its head, making personal information widely available across the government while preventing individuals from learning what information about them has been obtained or how it will be used.”
EPIC said, “By exempting this Fusion Center data from these Privacy Act provisions, DHS prevents individuals from requesting any information that the DHS may be keeping on them. This access requirement is crucial in any system that is to respect the rights of individuals; without meaningful access to the files kept on them, individuals have no recourse if inaccurate, incomplete, or fraudulent information about them is kept in the system.”
The organization warned specifically about “fusion centers,” saying they “are a uniquely invasive source of federal surveillance.”
It was one of those “fusion” centers, the Missouri Information Analysis Center, that in 2009 issued a report that linked conservative groups to domestic terrorism and warned law enforcement to watch for vehicles with bumper stickers promoting Ron Paul and Chuck Baldwin. It also warned police to watch out for individuals with “radical” ideologies based on Christian views, such as opposing illegal immigration, abortion and federal taxes.
Ultimately, Chief James Keathley of the Missouri State Patrol said the release of the report caused him to review the procedures through which the report was released.
“My review of the procedures used by the MIAC in the three years since its inception indicates that the mechanism in place for oversight of reports needs improvement,” he said at the time. “Until two weeks ago, the process for release of reports from the MIAC to law enforcement officers around the state required no review by leaders of the Missouri State Highway Patrol or the Department of Public Safety.”
He said the report warning about those who hold Christian views was “created by a MIAC employee, reviewed by the MIAC director, and sent immediately to law enforcement agencies across Missouri.”
“The militia report was never reviewed by me or by the Director of Public Safety, John Britt, at any point prior to its issuance,” Keathley said. “Had that report been reviewed by either my office or by leaders of the Department of Public Safety, it would never have been released to law enforcement agencies.”