In response to past incidents of improper intelligence collection efforts directed against legal U.S. groups, the Department of Homeland Security (DHS) has reemphasized its commitment to civil liberties and privacy protections, including creating a possible connection between those policies and grant awards at the state and local level.

Yesterday’s revelation that the Department of Homeland Security (DHS) gathered intelligence in 2007 on the Chicago-based Nation of Islam group again raised the specter of civil rights violations in the name of homeland security. 

​To its credit, DHS discovered the intelligence gathering violations and acted swiftly to remedy the situations. “Hours after the report was issued in 2007, officials recalled it, deciding it violated intelligence rules against collecting or disseminating information on U.S. citizens,” reported the Associated Press in the Chicago Sun-Times.

While the incident highlights the importance of having protections in place, it also calls for a closer look at how those not abiding by civil liberty restrictions will be held accountable—an issue that Security Management was exploring even before the latest news broke.

One concern is that much intelligence collection and analysis happens at the local, state, and regional levels at fusion centers where the actors may not be under the direct purview of DHS.

Fusion centers began after the 9-11 attacks as a grassroots effort within cities, regions, and states to share information to prevent terrorist attacks. They bring together law enforcement and intelligence personnel from state, local, and federal government into one building to collect, analyze, vet, and disseminate intelligence to first responders on the ground as well as up the federal chain. The centers are considered one key post-9-11 response to help law enforcement "connect the dots" and disrupt terrorist plots before an attack can occur.

Domestic Surveillance Fears

Civil libertarians have been suspicious of fusion centers since their creation, fearing a return to the days of COINTELPRO, a secret FBI surveillance program of American radicals from the mid-1950s until the early-1970s. Critics, however, never had evidence to support such fears. That changed in the winter of 2009 when two leaked intelligence reports issued by fusion centers in Missouri and Texas cast suspicion on fringe groups associated with the far left and the far right. The February strategic report from the Missouri Intelligence Analysis Center (MIAC)  described the resurgence of the modern militia movement and fueled outrage by conflating support for former presidential candidates Rep. Ron Paul and former congressman Bob Barr with support for right-wing militias.

Also in February, the North Central Texas Fusion System (NCTFS) issued a "prevention awareness bulletin" telling police officers that certain elements of the Muslim-American community are attempting to institute Islamic law that "could ultimately change American life and laws." The report also alleged that anti-war leftist groups were aiding Islamic extremist groups in an effort to end what they see as U.S. imperialism in the Middle East.

"Given the stated objectives of these lobbying groups and the secretive activities of radical Islamic organizations," the report stated, "it is imperative for law enforcement officers to report these types of activities to identify potential underlying trends emerging in the North Central Texas region."

The American Civil Liberties Union (ACLU) decried the leaked NCTFS report.

“The idea that the tolerance advocated by the groups being targeted would be treated as a menace to American security demonstrates a disregard for civil liberties and a disdain for democracy itself," Caroline Fredrickson, director of the ACLU Washington Legislative Office, said in a statement. "The kind of indiscriminate and unlawful investigations this bulletin calls for always results in a chilling effect on free speech and association.”

A little more than a month later, the DHS Office of Intelligence and Analysis (I&A)—which provides intelligence support to state-based fusion centers—came under a firestorm of criticism for producing an internal threat assessment on rightwing extremism. The report identified returning veterans from the wars in Afghanistan and Iraq as possible terrorist recruits, much like former veteran Timothy McVeigh, the Oklahoma City bomber. The report speculated that right-wing extremists might target returning soldiers for radicalization to exploit and harness their military knowledge and skills.The report was quickly recalled from state and local law enforcement and pulled by Secretary of Homeland Security Janet Napolitano in May.

And yesterday came the aforementioned revelations about intelligence collection on the Nation of Islam, which was discovered when the ACLU and the Electronic Frontier Foundation obtained documents through a Freedom of Information Act request. In addition to the 2007 incident, there was documentation that in 2008, I&A also improperly collected and retained information on a Muslim conference in Georgia and its intended speakers, some of whom were U.S. citizens, despite no links to terrorism. In that case, as in the 2007 incident before it, I&A policed itself by deleting or destroying the information collected on the Muslim conference and its American speakers.

Making Civil Liberties a Priority

DHS has also made it a priority to educate fusion centers in how to collect and store domestic intelligence while respecting civil liberties and privacy. After the two fusion center reports provoked public outcry last winter, the DHS's Office for Civil Rights and Civil Liberties deployed staff to conduct civil liberties and privacy training at MIAC and NCTFS.

In Missouri, DHS sent the civil liberties team to conduct a one-day training course after a DHS intelligence analyst inside the MIAC asked headquarters for guidance, Dave Hall, the fusion center's director, told Security Management. Neither DHS nor MIAC staff brought up the strategic report that caused the controversy, he said.

After the DHS training, Hall's fusion center instituted a review process to ensure that civil liberties are taken into account before a report is released as well as put a moratorium on strategic reports until further notice.​

Things happened a little bit differently in North Central Texas.

The fusion center's chief, Kelley Stone, director of Collin County Department of Homeland Security, told Security Management that he didn't even learn of the report until DHS informed him of it. When the report was issued, Stone was overseas while his senior intelligence officer who would have normally reviewed the bulletin was in training. At that time, a private contractor, ADB Consulting, drew up the bulletin for the NCTFS. Stone said that the antiwar and Muslim-American activities the private contractor flagged as threatening were "obviously constitutionally protected."

After learning of the bulletin, Stone said he suspended publication of the bulletins and prohibited private contractors from writing the prevention awareness bulletins. Today, either Stone or his senior intelligence officer must approve the bulletins, which are now written in-house, before they are distributed to customers.

Stone then asked DHS for additional guidance on civil liberties and privacy issues. In June, DHS visited the fusion center for a one-day training session in key civil liberties and privacy concepts, including discussions on the First Amendment. Group workshops also broke down hypothetical situations involving the training's core concepts. The center then rewrote its privacy policy after DHS reviewed it and provided technical assistance. Stone finally reached out to the Texas chapter of the ACLU and the Freedom and Justice Foundation, an advocacy organization made up of Texas Muslims, to show its concern for civil liberties and privacy issues.

 "We've learned from our mistakes," he said. "We thought we had the appropriate checks and balances in place."

David Gersten, acting deputy officer at the Office for Civil Rights and Civil Liberties, told Security Management that the controversial reports issued by MIAC and NCTFS were isolated incidents and that no individual has ever come forward to complain about state fusion centers violating their privacy rights or civil liberties. The ACLU, however, has alleged violations and Gersten said his office is investigating. (Read a 2007 ACLU report questioning fusion centers, here.)

To further help state-based fusion centers to respect civil liberties and privacy rights, DHS has implemented a number of other initiatives besides civil liberties and privacy training sessions. The department now actively pushes fusion centers to adopt  Fusion Center Guidelines drafted by DHS and the Department of Justice, according to Bart R. Johnson, acting under secretary of intelligence and analysis.

Gerstein’s office also performs privacy impact assessments on fusion centers, one of which is forthcoming in the next few months.

Another way DHS  exerts oversight over fusion centers is through a federal regulation known as 28 CFR Part 23, said Johnson. The code regulates what type of information can be collected and stored in “criminal intelligence information systems” run by law enforcement agencies that receive federal money.

According to the code, police cannot collect or maintain information on any person or group—especially information about their “political, religious, or social views, associations, or activities"— unless there's reasonable suspicion they’re involved in a crime.

Enforcement Problems

A regulatory loophole seemingly remains nevertheless. Because fusion centers are not federal entities, both Johnson and Gersten told Security Management that there isn't a lot DHS can do to hold fusion centers accountable. Fusion centers, however, do rely substantially on federal funding to sustain operations, a fact not lost on groups like the ACLU.

Civil libertarians have seized upon this to force DHS to hold fusion centers more accountable. In a recent letter to the House Homeland Security Committee, a group of privacy and civil liberty organizations complained that DHS’s Chief Privacy Officer needed to use the power of the federal purse on fusion centers.

“Merely writing the [privacy impact assessment on fusion centers] does not provide this necessary oversight,” the letter signed by the ACLU and the Electronic Privacy Information Center said. “Neither does ‘encouraging’ fusion centers to take certain actions without mandating those actions as conditions of receiving funding.”

DHS is considering this approach, according to Johnson. He told Security Management that DHS is working on policy to make fusion centers implement privacy and civil liberties protections before they can receive homeland security grants.

But whether or not that policy will ever be adopted is still up in the air.

“It takes time in government for policies to be drafted, reviewed, cleared and finally approved,” I&A spokesman Andrew Lluberes said.

UPDATE: On December 15, DHS released its "Guidance and Application Kit" for the Homeland Security Grant Program for  fiscal year 2010, explicitly tying grant funding for fusion centers to civil liberties and privacy protections. 

Within the document, DHS mandates that all fusion centers that receive federal funding in fiscal year 2010 certify that they have civil liberties and privacy protections in place "at least as comprehensive as the ISE Privacy Guidelines" within 6 months of receiving the award.

If they do not submit their civil liberties and privacy protections for review to the ISE Privacy Guidelines Committee within the 6-month time frame, "DHS grants funds may only be leveraged to support the development and/or completion of the fusion center's privacy protections requirements."

DHS also expects all fusion center employees in 2010 to complete online 28 CFR Part 23 certification training.