1 / 50

State and Local Fusion Center Training Part 1

1. State and Local Fusion Center Training Part 1 . The Privacy Office www.dhs.gov/privacy Ken Hunt Rebecca Richards Toby Levin (Training) . The Office for Civil Rights and Civil Liberties www.dhs.gov/CivilLibertiesInstitute. 2. Two Offices. The Privacy Office

Sophia
Download Presentation

State and Local Fusion Center Training Part 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 1

  2. State and Local Fusion Center Training Part 1 The Privacy Office www.dhs.gov/privacy • Ken Hunt • Rebecca Richards • Toby Levin (Training) The Office for Civil Rights and Civil Liberties www.dhs.gov/CivilLibertiesInstitute 2

  3. Two Offices The Privacy Office First statutorily –created Privacy Office in the Federal government – Section 222 of the Homeland Security Act Responsible for privacy policy across the Department Hugo Teufel III, Privacy Officer Office located in Virginia Q Office for Civil Rights and Civil Liberties (CRCL) Responsible for advising on civil rights and civil liberties policy within DHS Responsible for ensuring compliance with civil liberties protections of persons affected by DHS programs and activities Daniel Sutherland, Officer for Civil Rights and Civil Liberties Offices located in Washington, DC 3

  4. “In the News”: Privacy, civil rights, civil liberties and SLFCs 4

  5. How Our Offices Support Fusion Centers Privacy Office Conducting a Privacy Impact Assessment on Fusion Centers Available for requests for guidance on privacy issues from Fusion Centers and their Federal partners CRCL Has conducted a soon-to-be-released Civil Liberties Impact Assessment Responds to informal requests for guidance on CRCL issues from SLFC and their Federal partners CRCL leads domestic Federal government engagement with American Arab, Muslim, Sikh communities and supports SLFCs in pursuing similar engagement activities Available to receive and investigate complaints related to Fusion Centers from those alleging that their civil rights and civil liberties have been compromised Q 5

  6. How Our Offices Support Fusion Centers Both the Privacy Office and CRCL: • Actively participate in the Information Sharing Privacy Guidelines Committee and • Have been tasked by Congress with providing training on privacy, civil rights and civil liberties to Fusion Center staff 6

  7. Goals for Today's Session • To increase awareness among DHS staff deployed to the SLFCs of the • privacy, civil rights and civil liberties protections required by law , • the polices and procedures to ensure that protection, and • the resources we can offer to assist SLFC in these areas. • To jointly plan the development of a “toolkit” and future training for all staff at SLFC on these issues. Q 7

  8. 8

  9. Why Privacy Matters – it’s the Law The Privacy Act • Applies to all Federal Agencies • Code of Fair Information Practices (FIP) • Governs personally identifiable information (PII) • Requires system of records notices (SORNs) • Civil and criminal penalties for misuse of PII. Privacy Impact Assessments mandated for all Federal Agencies where new collections OR new technologies applied to PII E-Government Act of 2002 9

  10. Why Privacy Matters – Public Support Question For the Record: What checks are in place at fusion centers that might help them avoid becoming mini spy agencies? CRS Report: Privacy issues a potential risk to the program. 10

  11. TSA’s Secure Flight Program Purpose: to prevent known terrorists from boarding aircraft or gaining access to “sterile” areas of an airport. Privacy issues not addressed AND… $$$ withheld by Congress “None of the funds provided by this or previous appropriations acts may be obligated for deployment or implementation… of the Secure Flight Program…, until the Government Accountability Office has reported to Congress that there are no specific privacy concerns with the technological architecture of the system.” DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS ACT, 2005 - PUBLIC LAW 108–334 11

  12. A Possible Future We Cannot Allow !!! “None of the funds provided by this or previous appropriations Acts may be obligated for personnel deployment to or information sharing with State and Local Fusion Centers until the Government Accountability Office has reported to Congress that the Centers have addressed privacy.” DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS ACT, 2009 12

  13. … or Worse • Outright Cancellation – MATRIX pilot program involved information sharing agreement between states – Privacy concerns eroded public confidence. • Litigation – CRS Report: “without federal oversight, litigation is likely to serve as the only significant oversight mechanism”. 13

  14. Personally Identifiable Information(PII) Personally identifiable information is… Q 14

  15. PII Any information that permits the identity of an individual to be directly or indirectly inferred, including any other information which is: • linked or • linkable to an individual. regardless of whether the individual is a U.S. Citizen, Legal Permanent Resident, alien or a visitor to the U.S.

  16. 8 Fair Information Practice Principles (FIPPs) rooted in the tenets of the Privacy Act Transparency Purpose Specification Use Limitation Data Minimization Data Quality Accountability Individual Participation Security Safeguards 16

  17. Transparency • No Secret Systems. • Notice to the public on the collection, use, dissemination, and maintenance of PII. • DHS satisfies this principle with System of Record Notices and Privacy Impact Assessments. Published at www.dhs.gov/privacy. 17

  18. Purpose Specification DHS must specifically articulate: the authority which permits the collection of PII and the purpose for which the PII is intended to be used. 18

  19. Use Limitation Use only for the purpose specified in the SORN. Share outside the Department only for a purpose compatible with the purpose for which the PII was collected. 19

  20. Data Minimization Collection:DHS should collect PII only if it is: directly relevant and necessary to accomplish the stated purpose. Retention:Dispose of PII following the DHS records disposition schedules (as approved by NARA). 20

  21. Data Quality & Integrity Data must be • accurate, • relevant, • timely and • complete for each use. 21

  22. Individual Participation Obligated to involve the individual in the use of PII through: Consent – direct collection.Examples Mechanism for appropriate access, correction, and redress. 22

  23. Security Protect against: • loss, • unauthorized access or use, • destruction, modification, or • inappropriate or unintended disclosure. 23

  24. Accountability and Auditing • DHS is accountable for complying with the FIPPs. • Provide training. • Audit to demonstrate compliance. 24

  25. 2 questions summarize it all! #1 Should this information be collected? # 2 Should this information be shared?

  26. Top 5 Privacy Rules # 1 Collect and use PII only for I&A approved purposes. # 2 Understand which SORN covers the information you want to share. # 3 Share PII only if the SORN authorizes it. # 4 Minimize the PII when sharing. # 5 Document with whom and why PII was shared. Call Ole Broughton or Tim Bailey if you have a question. 26

  27. 2 questions summarize it all! #1 Should this information be collected? # 2 Should this information be shared?

  28. Collection: First Ask… Identify which I&A functional responsibilities your collection falls under: • Terrorism or Terrorist Related Activity NOTE: If intelligence information does not fall under “terrorism or terrorist-related activity”, must consult with Tim Bailey for guidance before undertaking any collection activity. 2. Other Threats to the Homeland 3. Support to a Component of DHS 4. Support to or Activities Directed by the Secretary 5. Directed by Statute or Presidential Directive 28

  29. Collection: Then Ask… Do you anticipate collecting information associated with the First Amendment (such as an individual’s race, religion, speech, and/or the groups he/she associates with) in order to draft this product? ____Yes ____No • If YES, is it part of any ongoing authorized law enforcement investigation or lawful national security intelligence investigation? ____Yes ____No • If NO, the information may NOT be collected. 29

  30. 2 questions summarize it all! #1 Should this information be collected? # 2 Should this information be shared? Q

  31. Privacy Checklist for Sharing _____1. Ask why specifically the PII is needed. _____2. Look at the context of the request. ▫ Is it related to the DHS I&A mission? _____3. Share information only if there is an approved Privacy Act routine use. _____4. If sharing information directly out of a non I&A system, identify which SORN covers the PII being requested. _____5. Check with the Watch at the NOC if uncertain. _____6. If you are asked for information related to a name check, ask the NOC to process the request. _____7. Document why and with whom the PII is shared. 31

  32. Sharing: Privacy Act authorized sharing for I&A systems Generally Applicable HSOC Routine Uses (RU) • Violation of the Law If the record, (on its face or in conjunction with other info), indicates a violation (or potential violation) of any law, the record may be disclosed to the entity charged with investigating, prosecuting and/or enforcing such law or contract. 32

  33. Sharing:Privacy Act authorized sharing for I&A systems Generally Applicable HSOC Routine Use (RU) B.Serves Security Interest Record disclosure is OK if it will “promote, assist, or otherwise serve homeland or national security interests” May be disclosed to: • Federal, State, local, joint or tribal agencies • foreign, international or other public agency or organization, or • to any person or entity in either the public or private sector, (domestic or foreign) 33

  34. Sharing:Privacy Act authorized sharing for I&A systems If sharing meets either of these routine uses, document in the comments section of I&A 24 Hour Log ▫ Name of the agency with which the information is being shared. ▫ Justification for sharing the information. ▫ What information was shared. 34

  35. Sharing: Privacy Act authorized sharing for non I&A systems: Applicable CBP TECS Routine Use If agency is aware of a violation of the law(potential, civil or criminal) You may disclose pertinent informationto appropriate Federal, State, local or foreign agencies responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license. Q 35

  36. Sharing: Privacy Act authorized sharing for non I&A systems: If sharing meets this routine use, Fill out the CBP Form 191 that comes up in TECS when you are ready to share information. 36

  37. Other Important Reminders • Safeguard PII ▫ Secure transfer ▫ Extracts and mobile devices pose risks ▫ Hard copies also pose risks • Report Privacy Incidents to your Program Manager. • SLFCs must also comply with State privacy laws, which may be stricter, and State open access laws. 37

  38. When You Have a Privacy Question, Contact: • Your I&A counsel: XXXX • Your Intelligence Oversight Officer: XXXXXXX • Your Component Privacy Point of Contact: XXXX • The DHS Privacy Office: Ken Hunt Becky Richards Toby Levin 38

  39. 39

  40. Summary of CRCL Mission Helping DHS respect civil rights and civil liberties while we protect the homeland and our way of life. The Intelligence Reform and Terrorism Prevention Act of 2004 added this language to the DHS mission (codifying existing DHS policy): “to ensure that civil rights and civil liberties of persons are not diminished by efforts, activities and programs aimed at securing the homeland”. 8

  41. Understanding the Terms: Civil Rights and Civil Liberties Quick Summary Civil rights – generally involves affirmative government action to protect against infringement Civil liberties – involves restrictions on government to protect individual liberties 41

  42. Your Mission and CRCL Issues How does the CRCL mission relate to your role? Q 42

  43. Red Flags #1What are the primary CRCL concerns related to the open flow of information? Information about activities that are protected, such as protest or criticisms of the government, boycott of products, exercise of religious freedom, freedom of assembly, etc.; Capture of video feeds that are retained and used to identify people; Extending the mission of a particular partner agency without assuring proper authorities, procedures and protections; 43

  44. Red Flags #2What are the primary CRCL concerns related to the open flow of information? Information Sharing can have “downstream” consequences Use of materially inaccurate or misleading information Search and seizure issue (4th Amendment) Due process issues (5th and 14th Amendment) Capture or sharing demographics that could be used to target or watch a class of people in a community; Need for redress – sufficient? Q 44

  45. Suspicious Activity Reporting • This man is the subject of one of your center’s suspicious activity reports. • Describe him. 45

  46. Red Flags#3What are the primary CRCL concerns related to the open flow of information? Collection/retention of information or descriptions of individuals perpetuating or relying on racial or ethnic stereotypes Requests to vet private sector personnel who are involved in critical infrastructure Tension between federal and state law and practice on what information should be public: FOIA, Sunshine laws (EPIC and VA Fusion Center) Data tracking and criminal record expungement Q 46

  47. Integrating Civil Liberties @ Your SLFC: 5 Best Practices (KATEI) 1. Know your operating statutes and authorities. 2. Adopt a civil rights and civil liberties policy. 3. Train Fusion Center staff and partnerson privacy, civil rights and civil liberties standards and best practices. 4. Encourage engagement with the public, media, and outside groups to provide a level of transparency. 5. Identify a coordinator to address privacy, civil rights and civil liberties issues. 47

  48. Engage with the public, media, and outside groups to provide a level of transparency. Common Question: Should we engage community groups, advocacy groups and others that are curious / critical of the fusion centers? Q General approach: CRCL encourages meeting with community and advocacy groups SLFC Director determines appropriate level of engagement, transparency Meetings, some degree of transparency and explanation can build bridges You don’t have to agree with the groups, and their criticism may be helpful DHS HQ Elements and the Secretary meet with similar groups. Community Engagement Best Practices 48

  49. Q Leverage the CRCL Training & Awareness Materials Develop an Incident Management plan – CRCL can offer technical assistance Hold Community Forums & Outreach Through Community Media Treat Seriously Complaints and Suggestions Regarding DHS Activities Read the CRCL terminology paper Engagement – a good practice for working with any community of concern Integrating Civil Liberties: Potential SLFC Engagement Activities 49

  50. 50

More Related