Download
1 / 50

State and Local Fusion Center Training Part 1 - PowerPoint PPT Presentation


  • 335 Views
  • Uploaded on

1. State and Local Fusion Center Training Part 1 . The Privacy Office www.dhs.gov/privacy Ken Hunt Rebecca Richards Toby Levin (Training) . The Office for Civil Rights and Civil Liberties www.dhs.gov/CivilLibertiesInstitute. 2. Two Offices. The Privacy Office

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'State and Local Fusion Center Training Part 1' - Sophia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

1


State and local fusion center training part 1 l.jpg
State and Local Fusion Center Training Part 1

The Privacy Office

www.dhs.gov/privacy

  • Ken Hunt

  • Rebecca Richards

  • Toby Levin (Training)

The Office for Civil Rights and Civil Liberties

www.dhs.gov/CivilLibertiesInstitute

2


Two offices l.jpg
Two Offices

The Privacy Office

First statutorily –created Privacy Office in the Federal government – Section 222 of the Homeland Security Act

Responsible for privacy policy across the Department

Hugo Teufel III, Privacy Officer

Office located in Virginia

Q

Office for Civil Rights and Civil Liberties (CRCL)

Responsible for advising on civil rights and civil liberties policy within DHS

Responsible for ensuring compliance with civil liberties protections of persons affected by DHS programs and activities

Daniel Sutherland, Officer for Civil Rights and Civil Liberties

Offices located in Washington, DC

3


In the news privacy civil rights civil liberties and slfcs l.jpg
In the News”: Privacy, civil rights, civil liberties and SLFCs

4


How our offices support fusion centers l.jpg
How Our Offices Support Fusion Centers

Privacy Office

Conducting a Privacy Impact Assessment on Fusion Centers

Available for requests for guidance on privacy issues from Fusion Centers and their Federal partners

CRCL

Has conducted a soon-to-be-released Civil Liberties Impact Assessment

Responds to informal requests for guidance on CRCL issues from SLFC and their Federal partners

CRCL leads domestic Federal government engagement with American Arab, Muslim, Sikh communities and supports SLFCs in pursuing similar engagement activities

Available to receive and investigate complaints related to Fusion Centers from those alleging that their civil rights and civil liberties have been compromised Q

5


How our offices support fusion centers6 l.jpg
How Our Offices Support Fusion Centers

Both the Privacy Office and CRCL:

  • Actively participate in the Information Sharing Privacy Guidelines Committee and

  • Have been tasked by Congress with providing training on privacy, civil rights and civil liberties to Fusion Center staff

6


Goals for today s session l.jpg
Goals for Today's Session

  • To increase awareness among DHS staff deployed to the SLFCs of the

    • privacy, civil rights and civil liberties protections required by law ,

    • the polices and procedures to ensure that protection, and

    • the resources we can offer to assist SLFC in these areas.

  • To jointly plan the development of a “toolkit” and future training for all staff at SLFC on these issues.

    Q

7


Slide8 l.jpg

8


Why privacy matters it s the law l.jpg
Why Privacy Matters – it’s the Law

The Privacy Act

  • Applies to all Federal Agencies

  • Code of Fair Information Practices (FIP)

  • Governs personally identifiable information (PII)

  • Requires system of records notices (SORNs)

  • Civil and criminal penalties for misuse of PII.

    Privacy Impact Assessments mandated for all Federal Agencies where new collections OR new technologies applied to PII

    E-Government Act of 2002

9


Why privacy matters public support l.jpg
Why Privacy Matters – Public Support

Question For the Record:

What checks are in place at fusion centers that might help them avoid becoming mini spy agencies?

CRS Report:

Privacy issues a potential risk to the program.

10


Tsa s secure flight program l.jpg
TSA’s Secure Flight Program

Purpose: to prevent known terrorists from boarding aircraft or gaining access to “sterile” areas of an airport.

Privacy issues not addressed AND…

$$$ withheld by Congress

“None of the funds provided by this or previous appropriations acts may be obligated for deployment or implementation… of the Secure Flight Program…, until the Government Accountability Office has reported to Congress that there are no specific privacy concerns with the technological architecture of the system.” DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS ACT, 2005 - PUBLIC LAW 108–334

11


A possible future we cannot allow l.jpg
A Possible Future We Cannot Allow !!!

“None of the funds provided by this or previous appropriations Acts may be obligated for personnel deployment to or information sharing with State and Local Fusion Centers until the Government Accountability Office has reported to Congress that the Centers have addressed privacy.”

DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS ACT, 2009

12


Or worse l.jpg
… or Worse

  • Outright Cancellation – MATRIX pilot program involved information sharing agreement between states – Privacy concerns eroded public confidence.

  • Litigation – CRS Report: “without federal oversight, litigation is likely to serve as the only significant oversight mechanism”.

13


Personally identifiable information pii l.jpg
Personally Identifiable Information(PII)

Personally identifiable information is…

Q

14


Slide15 l.jpg
PII

Any information that permits the identity of an individual

to be directly or indirectly inferred,

including any other information which is:

  • linked or

  • linkable

    to an individual.

    regardless of whether the individual is a U.S. Citizen, Legal Permanent Resident, alien or a visitor to the U.S.


8 fair information practice principles fipps rooted in the tenets of the privacy act l.jpg
8 Fair Information Practice Principles (FIPPs) rooted in the tenets of the Privacy Act

Transparency

Purpose Specification

Use Limitation Data Minimization

Data Quality

Accountability

Individual Participation

Security Safeguards

16


Transparency l.jpg
Transparency

  • No Secret Systems.

  • Notice to the public on the collection, use, dissemination, and maintenance of PII.

  • DHS satisfies this principle with System of Record Notices and Privacy Impact Assessments.

    Published at www.dhs.gov/privacy.

17


Purpose specification l.jpg
Purpose Specification

DHS must specifically articulate:

the authority which permits the collection of PII and

the purpose for which the PII is intended to be used.

18


Use limitation l.jpg
Use Limitation

Use only for the purpose specified in the SORN.

Share outside the Department only for a purpose compatible with the purpose for which the PII was collected.

19


Data minimization l.jpg
Data Minimization

Collection:DHS should collect PII only if it is:

directly relevant and

necessary to accomplish the stated purpose.

Retention:Dispose of PII following the DHS records disposition schedules (as approved by NARA).

20


Data quality integrity l.jpg
Data Quality & Integrity

Data must be

  • accurate,

  • relevant,

  • timely and

  • complete

    for each use.

21


Individual participation l.jpg
Individual Participation

Obligated to involve the individual in the use of PII through:

Consent – direct collection.Examples

Mechanism for appropriate access, correction, and redress.

22


Security l.jpg
Security

Protect against:

  • loss,

  • unauthorized access or use,

  • destruction, modification, or

  • inappropriate or unintended disclosure.

23


Accountability and auditing l.jpg
Accountability and Auditing

  • DHS is accountable for complying with the FIPPs.

  • Provide training.

  • Audit to demonstrate compliance.

24


2 questions summarize it all l.jpg
2 questions summarize it all!

#1 Should this information be collected?

# 2 Should this information be shared?


Top 5 privacy rules l.jpg
Top 5 Privacy Rules

# 1 Collect and use PII only for I&A approved purposes.

# 2 Understand which SORN covers the information you want to share.

# 3 Share PII only if the SORN authorizes it.

# 4 Minimize the PII when sharing.

# 5 Document with whom and why PII was shared.

Call Ole Broughton or Tim Bailey if you have a question.

26


2 questions summarize it all27 l.jpg
2 questions summarize it all!

#1 Should this information be collected?

# 2 Should this information be shared?


Collection first ask l.jpg
Collection: First Ask…

Identify which I&A functional responsibilities your collection falls under:

  • Terrorism or Terrorist Related Activity

    NOTE: If intelligence information does not fall under “terrorism or terrorist-related activity”, must consult with Tim Bailey for guidance before undertaking any collection activity.

    2. Other Threats to the Homeland

    3. Support to a Component of DHS

    4. Support to or Activities Directed by the Secretary

    5. Directed by Statute or Presidential Directive

28


Collection then ask l.jpg
Collection: Then Ask…

Do you anticipate collecting information associated with the First Amendment (such as an individual’s race, religion, speech, and/or the groups he/she associates with) in order to draft this product? ____Yes ____No

  • If YES, is it part of any ongoing authorized law enforcement investigation or lawful national security intelligence investigation? ____Yes ____No

  • If NO, the information may NOT be collected.

29


2 questions summarize it all30 l.jpg
2 questions summarize it all!

#1 Should this information be collected?

# 2 Should this information be shared?

Q


Privacy checklist for sharing l.jpg
Privacy Checklist for Sharing

_____1. Ask why specifically the PII is needed.

_____2. Look at the context of the request.

▫ Is it related to the DHS I&A mission?

_____3. Share information only if there is an approved Privacy Act routine use.

_____4. If sharing information directly out of a non I&A system, identify which SORN covers the PII being requested.

_____5. Check with the Watch at the NOC if uncertain.

_____6. If you are asked for information related to a name check, ask the NOC to process the request.

_____7. Document why and with whom the PII is shared.

31


Slide32 l.jpg

Sharing: Privacy Act authorized sharing for

I&A systems

Generally Applicable HSOC Routine Uses (RU)

  • Violation of the Law

    If the record, (on its face or in conjunction with other info),

    indicates a violation (or potential violation) of any law,

    the record may be disclosed to the entity charged with investigating, prosecuting and/or enforcing such law or contract.

32


Slide33 l.jpg

Sharing:Privacy Act authorized sharing for

I&A systems

Generally Applicable HSOC Routine Use (RU)

B.Serves Security Interest

Record disclosure is OK if it will “promote, assist, or otherwise serve homeland or national security interests”

May be disclosed to:

  • Federal, State, local, joint or tribal agencies

  • foreign, international or other public agency or organization, or

  • to any person or entity in either the public or private sector, (domestic or foreign)

33


Slide34 l.jpg

Sharing:Privacy Act authorized sharing for

I&A systems

If sharing meets either of these routine uses,

document in the comments section of I&A 24 Hour Log

▫ Name of the agency with which the information is being shared.

▫ Justification for sharing the information.

▫ What information was shared.

34


Slide35 l.jpg

Sharing: Privacy Act authorized sharing for

non I&A systems:

Applicable CBP TECS Routine Use

If agency is aware of a violation of the law(potential, civil or criminal)

You may disclose pertinent informationto appropriate Federal, State, local or foreign agencies responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license.

Q

35


Slide36 l.jpg

Sharing: Privacy Act authorized sharing for

non I&A systems:

If sharing meets this routine use,

Fill out the CBP Form 191 that comes up in TECS when you are ready to share information.

36


Other important reminders l.jpg
Other Important Reminders

  • Safeguard PII

    ▫ Secure transfer

    ▫ Extracts and mobile devices pose risks

    ▫ Hard copies also pose risks

  • Report Privacy Incidents to your Program Manager.

  • SLFCs must also comply with State privacy laws, which may be stricter, and State open access laws.

37


When you have a privacy question l.jpg
When You Have a Privacy Question,

Contact:

  • Your I&A counsel: XXXX

  • Your Intelligence Oversight Officer: XXXXXXX

  • Your Component Privacy Point of Contact: XXXX

  • The DHS Privacy Office:

    Ken Hunt

    Becky Richards

    Toby Levin

38



Summary of crcl mission l.jpg

Summary of CRCL Mission

Helping DHS respect civil rights and civil liberties while we protect the homeland and our way of life.

The Intelligence Reform and Terrorism Prevention Act of 2004 added this language to the DHS mission (codifying existing DHS policy):

“to ensure that civil rights and civil liberties of persons are not diminished by efforts, activities and programs aimed at securing the homeland”.

8


Understanding the terms civil rights and civil liberties l.jpg
Understanding the Terms: Civil Rights and Civil Liberties

Quick Summary

Civil rights – generally involves affirmative government action to protect against infringement

Civil liberties – involves restrictions on government to protect individual liberties

41


Your mission and crcl issues l.jpg
Your Mission and CRCL Issues

How does the CRCL mission relate to your role?

Q

42


Red flags 1 what are the primary crcl concerns related to the open flow of information l.jpg
Red Flags #1What are the primary CRCL concerns related to the open flow of information?

Information about activities that are protected,

such as protest or criticisms of the government,

boycott of products,

exercise of religious freedom,

freedom of assembly, etc.;

Capture of video feeds that are retained and used to identify people;

Extending the mission of a particular partner agency without assuring proper authorities, procedures and protections;

43


Red flags 2 what are the primary crcl concerns related to the open flow of information l.jpg
Red Flags #2What are the primary CRCL concerns related to the open flow of information?

Information Sharing can have “downstream” consequences

Use of materially inaccurate or misleading information

Search and seizure issue (4th Amendment)

Due process issues (5th and 14th Amendment)

Capture or sharing demographics that could be used to target or watch a class of people in a community;

Need for redress – sufficient? Q

44


Suspicious activity reporting l.jpg
Suspicious Activity Reporting

  • This man is the subject of one of your center’s suspicious activity reports.

  • Describe him.

45


Red flags 3 what are the primary crcl concerns related to the open flow of information l.jpg
Red Flags#3What are the primary CRCL concerns related to the open flow of information?

Collection/retention of information or descriptions of individuals perpetuating or relying on racial or ethnic stereotypes

Requests to vet private sector personnel who are involved in critical infrastructure

Tension between federal and state law and practice on what information should be public: FOIA, Sunshine laws (EPIC and VA Fusion Center)

Data tracking and criminal record expungement Q

46


Slide47 l.jpg

Integrating Civil Liberties @ Your SLFC: 5 Best Practices (KATEI)

1. Know your operating statutes and authorities.

2. Adopt a civil rights and civil liberties policy.

3. Train Fusion Center staff and partnerson privacy, civil rights and civil liberties standards and best practices.

4. Encourage engagement with the public, media, and outside groups to provide a level of transparency.

5. Identify a coordinator to address privacy, civil rights and civil liberties issues.

47


Slide48 l.jpg

Engage with the public, media, and outside groups to provide a level of transparency.

Common Question: Should we engage community groups, advocacy groups and others that are curious / critical of the fusion centers? Q

General approach: CRCL encourages meeting with community and advocacy groups

SLFC Director determines appropriate level of engagement, transparency

Meetings, some degree of transparency and explanation can build bridges

You don’t have to agree with the groups, and their criticism may be helpful

DHS HQ Elements and the Secretary meet with similar groups.

Community Engagement Best Practices

48


Slide49 l.jpg

Q a level of transparency.

Leverage the CRCL Training & Awareness Materials

Develop an Incident Management plan – CRCL can offer technical assistance

Hold Community Forums & Outreach Through Community Media

Treat Seriously Complaints and Suggestions Regarding DHS Activities

Read the CRCL terminology paper

Engagement – a good practice for working with any community of concern

Integrating Civil Liberties: Potential SLFC Engagement Activities

49


Slide50 l.jpg

50 a level of transparency.


ad