The Way Forward
Total Page:16
File Type:pdf, Size:1020Kb
Information Sharing in the 21st Century The Way Forward REPORT TO THE MARKLE FOUNDATION OF THE COLUMBIA UNIVERSITY CAPSTONE TEAM May 2012 A Project of School of International & Public Affairs Columbia University New York, New York [This page is intentionally left blank] INFORMATION SHARING IN THE 21ST CENTURY: THE WAY FORWARD 1 Table of Contents Overview ...............................................................................................................................5 Disclaimer ............................................................................................................................6 Acknowledgements .......................................................................................................6 Executive Summary ......................................................................................................7 Introduction .......................................................................................................................13 Information Sharing – Where We Are Today .............................................15 Legislative History of U.S. Intelligence Activities Pre 9/11 ...........................15 The National Security Act of 1947 ......................................................................................15 Title III of the Omnibus Crime Control and Safe Streets Act of 1968 ...................19 The Foreign Intelligence Surveillance Act of 1978 (FISA) ........................................19 Executive Order 12333 (1981)............................................................................................21 Intelligence in the 1990s – A New Focus on the Third World and Non-State Actors ...................................................................................................................22 1995 Department of Justice Guidelines ............................................................................22 Expansion of Surveillance Following 9/11 to Support Counter-Terrorism Efforts – Working to Promote an Information Sharing Environment ..........................................................................................................24 The United State of America Patriot Act of 2001 ..........................................................24 Homeland Security Act of 2002 (HSA) .............................................................................25 The 9/11 Commission (2004) .............................................................................................26 Intelligence Reform and Terrorism Protection Act of 2004 (IRTPA) ...................27 Executive Orders 13354, 13355 and 13356 (2004) ...................................................27 Executive Order 13388 (2005)............................................................................................28 Where We are Now – A Decade After 9/11 ...............................................................29 Intelligence Community Directive Number 501 (2009) ............................................29 The Culture of Information Sharing ..................................................................31 Responsibility to Protect vs. Responsibility to Provide ...................................31 Culture Acts as an Impediment to Better Collaboration ............................................31 “Stovepiping” Inhibits Information Sharing ..................................................................31 Building Networks to Reinforce a Culture of Information Sharing .......................32 The Use of Standardized Training Modules ....................................................................32 INFORMATION SHARING IN THE 21ST CENTURY: THE WAY FORWARD 2 Self-Interest of the Data Stewards ...................................................................................33 Incentivizing Information Sharing ........................................................................................34 Joint Duty-Like Assignments to Foster Information Sharing .....................................34 Integration of Stakeholder Missions and Responsibilities .............................35 Information Sharing with State and Local Agencies ................................................... Increasingly Important ..........................................................................................................35 Failure of Coordination between the FBI and the New York Police Department ...............................................................................................36 State and Local Law Enforcement Agencies Lack Protection for Sharing Both Classified and Unclassified Data .......................................................36 Cultivating Understanding and Culture of Information Sharing ............................38 Information Sharing with Non-Government Actors ....................................................38 Information Sharing with Private Entities ......................................................................39 Information Sharing with the Public .................................................................................39 Balancing Responsibilities – Protection and Privacy ............................41 Information Privacy Issues in Information Sharing ............................................41 Types of Information of Importance to Counter-Terrorism ....................................41 Privacy Concerns of U.S. Persons ........................................................................................46 Privacy Guidelines for the Information Sharing Environment ...............................49 Division of Responsibilities for Protecting Privacy .....................................................50 Conflicting Privacy Policies Among Agencies ................................................................50 NCTC Sharing Agreements ....................................................................................................50 Secondary Use of Information Collected for Counter-Terrorism Purposes .......54 Information Collected on U.S. Persons Requires Particular Care...........................57 The Foreign Intelligence Surveillance Act of 1978 (FISA) and Privacy ..............59 Evolving Constitutional Concerns....................................................................................61 Data Mining is Not Inherently Antithetical to Privacy................................................65 Legislative and Regulatory Assessment ......................................................................68 The Privacy Act and Its Relevant Exemptions ...............................................................69 The Freedom of Information Act and Its Relevant Exemptions .............................70 Executive Order 12333 (1981)............................................................................................72 The E-Government Act of 2002 ...........................................................................................72 Intelligence Reform and Terrorism Prevention Act of 2004 (IRPTA) ..................74 INFORMATION SHARING IN THE 21ST CENTURY: THE WAY FORWARD 3 The 9/11 Commission Report (2004) ..............................................................................76 Executive Order 13353 (2004)............................................................................................76 Intelligence Community Directive Number 501 (ICD 501) ......................................77 Maintaining Security for Shared Information ............................................79 Expansion of Security Clearances Following 9/11 ..............................................80 Inclusion of State and Local Law Enforcement in Federal Systems ......................80 Federal Information Security Act of 2002 (FISMA) ............................................82 Risk Assessment and Management in Information Sharing ....................................82 “Authorized Use” of Classified and Sensitive Data – Updating the “Need-to-Know” ............................................................................................................................84 Insider Threats to Information Security ..........................................................................85 Capability and Intent in Risk Management .....................................................................86 Examining System Failures ...................................................................................................87 Architecture for Information Sharing ..............................................................89 Alternative Information Sharing Models ....................................................................89 Centralized Models for Information Sharing .................................................................89 Current Advantages of a Centralized Model ..................................................................90 Current Disadvantages of a Centralized Model ............................................................91 Example of a Centralized Model: The National Counterterrorism Center..........93 Decentralized Models for Information Sharing .............................................................95 Current Advantages of a Decentralized Model .............................................................96 Current Disadvantages of a Decentralized Model .......................................................97 Examples of a Decentralized Model - The Fusion Centers ......................................98 The Impact of Technology on Information