Fusion centers were first introduced in a Privacy Impact Assessment released by the Department of Homeland Security’s (DHS) Privacy Office back in December 2008. Since then, at least 72 fusion centers have been opened, collecting intelligence from a diverse range of information sources and disseminating it widely within and between federal, state, and local law enforcement agencies and departments. This article takes a closer look at the policies, processes and practices of fusion centers in the United States.
What is a fusion center?
Fusion centers were suggested by the Department of Homeland Security long before the passing of the 9/11 Commission Act of 2007. The term “fusion center” was developed by the Department of Defense, to refer to the fusing of information for analysis purposes. The terror attacks of September 11 brought the notion of fusion centers back into popularity. Once the 9/11 Commission Act established the State, Local and Regional Fusion Center Initiative within the DHS, over 60 facilities popped up within the first year.
Fusion centers are meant to be sites where experts can conduct analysis and facilitate information sharing, thus aiding law enforcement and homeland security officials in preventing and responding to crime and terrorism. They receive threat information from the federal government and analyze the information within the local context.
According to the DHS:
“State and major urban area fusion centers serve as focal points within the state and local environment for the receipt, analysis, gathering and sharing of threat-related information between the federal government and state, local, tribal, territorial (SLTT) and private sector partners.”
Although fusion centers were initially developed to target terrorist activities, the scope of operations has widened. Today, many fusion centers target all crimes and other hazards, including natural disasters.
In its PIA, the DHS did identify a number of risks to privacy associated with the fusion center program, along with recommendations for risk mitigation activities. These risks are as follows:
- Justification for fusion centers
- Ambiguous lines of authority, rule and oversight
- Participation of the military and private sector
- Data mining
- Excessive secrecy
- Inaccurate or incomplete information
- Mission creep
Priorities were identified during the 2010 National Fusion Center Conference. The four Critical Operational Capabilities are as follows:
- Receive classified and unclassified information from federal partners.
- Assess local implications of that threat information through the use of a formal risk assessment process.
- Further disseminate that threat information to other state, local, tribal, territorial and private sector entities within their jurisdiction.
- Gather locally-generated information, aggregate it, analyze it and share it with federal partners as appropriate.
Concerns & Criticisms
Civil libertarians and privacy advocates are more than a little concerned that these fusion centers could quickly become huge storehouses for data about innocent people. Another major concern is that the information from these private databases could be used for the purposes of data mining, a practice which is at best questionable in terms of efficacy and privacy protection.
Bruce Fein, a constitutional and international lawyer, is one of many outspoken critics of the fusion center program. He has combined state fusion centers to the Soviet Union’s KGB and East Germany’s Stasi. Fein demanded that the United States, “abandon fusion centers that engage 800,000 state and local law enforcement officers in the business of gathering and sharing allegedly domestic or international terrorism intelligence.”
Fein pointed out that if the intelligence collection standards were employed on a general scale, everyone from the Founding Fathers to abolitionist William Lloyd Garrison, to suffragette Susan B. Anthony would have been the subject of suspicious activity reports (SARs). SARs are mechanisms by which police officers and concerned citizens report unusual behavior that may indicate terrorist or criminal activity.
EPIC has pointed out that the Privacy Act of 1974 was established specifically to prevent these types of government database abuses. The Act sets standards for the quality of data the government collects about individuals and safeguards privacy through the following procedural and substantive rights in personal data:
- Government agencies must show an individual any records kept about him/her.
- Agencies are required to follow certain principles (“fair information practices”) when gathering and handling personal data.
- There are restrictions on how agencies can share an individual’s data with other people and agencies.
- Individuals are permitted to sue the government for violating its provisions.
Since the beginning of the program, fusion centers have been the site of many privacy violations and data handling abuses. It’s clear that these centers are operating without proper oversight of justification for huge amounts of collection, processing and analysis of sensitive personal information.
Fusion centers were formally introduced in a Privacy Impact Assessment issued by the Department of Homeland Security’s Privacy Office in December 2008. These centers are sites where collection, processing and analysis of huge amounts of personal information take place. Initially designed as a counter-terrorist measure, the scope of fusion centers has now expanded to include any form of criminal behavior and even natural disasters. This article takes a look at the activities of fusion centers in the United States and criticism of these centers from a civil liberties and privacy perspective.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/ US Government (CIPP/G), a privacy professional should be comfortable with topics related to this post, including:
- Requirements under Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (I.C.g.)