Mobilizing Information to Prevent Terrorism Accelerating Development of a Trusted Information Sharing Environment Third Report of the Markle Foundation Task Force ZOË BAIRD, JAMES BARKSDALE CHAIRMEN M ARKLE F OUNDATION TASK FORCE ON NATIONAL SECURITY IN THE INFORMATION AGE MEMBERS AND ASSOCIATES, 2006 Chairmen John Gage Richard Wilhelm Sun Microsystems, Inc. Booz Allen Hamilton Zoë Baird Markle Foundation John Gordon Associates United States Air Force, Retired Jim Barksdale Bruce Berkowitz Barksdale Management Slade Gorton Hoover Institution, Stanford University Corporation Preston Gates & Ellis LLP Fred Cate Members Morton H. Halperin Indiana University School of Law Open Society Institute Bloomington Robert D. Atkinson Information Technology Margaret A. Hamburg Scott Charney and Innovation Foundation Nuclear Threat Initiative Microsoft Corporation Rand Beers John J. Hamre Bob Clerman Coalition for American Leadership Center for Strategic and International Mitretek Systems and Security Studies David Gunter Eric Benhamou Eric H. Holder, Jr. Microsoft Corporation 3Com Corporation, Palm, Inc., Benhamou Covington & Burling Global Ventures, LLC Drew Ladner Jeff Jonas JBoss, Inc. Jerry Berman IBM Center for Democracy & Technology Bill Neugent Arnold Kanter MITRE Robert M. Bryant The Scowcroft Group National Insurance Crime Bureau Daniel B. Prieto Tara Lemmey Reform Institute Ashton B. Carter LENS Ventures Kennedy School of Government, Clay Shirky Harvard University Gilman Louie Writer and Consultant Alsop Louie Partners Wesley Clark Peter Swire Wesley K. Clark & Associates John O. Marsh, Jr. Moritz College of Law, The Ohio State Marsh Institute for Government and University William P. Crowell Public Policy, Shenandoah University Security and Intelligence Consultant Mel Taub Judith A. Miller Independent Consultant Bryan Cunningham Bechtel Group, Inc. Morgan & Cunningham LLC Markle Foundation Staff James H. Morris Jim Dempsey Carnegie Mellon University Karen Byers Center for Democracy & Technology Managing Director and Chief Financial Craig Mundie Officer Mary DeRosa Microsoft Corporation Center for Strategic and International Kimberly Hogg Studies Jeffrey H. Smith Assistant to the President Arnold & Porter LLP Sidney D. Drell Danna Lindsay Stanford Linear Accelerator Center, Abraham D. Sofaer Administrative Assistant Stanford University Hoover Institution, Stanford University Michelle Maran Esther Dyson James B. Steinberg Manager, Public Affairs CNET Networks Lyndon Johnson School of Public Affairs, University of Texas at Austin Linda Millis Amitai Etzioni Director, National Security Program The George Washington University Kim Taipale Center for Advanced Studies in Stefaan Verhulst Richard Falkenrath Science and Technology Policy Chief of Research The Brookings Institution Rick White David J. Farber former Member of Congress Carnegie Mellon University Mobilizing Information to Prevent Terrorism Accelerating Development of a Trusted Information Sharing Environment THIRD REPORT OF THE MARKLE FOUNDATION TASK FORCE July 2006 A Project of The Markle Foundation New York City Copyright © 2006 Markle Foundation All rights reserved. Table of Contents Overview ..................................................................................................................................................................... 1 Acknowledgements ....................................................................................................................................... 3 Executive Summary ....................................................................................................................................... 7 Mobilizing Information to Prevent Terrorism while Protecting Civil Liberties ...................................................................................................17 The Importance of Maintaining Trust and Sustaining Determination towards Transformation...........................................................................23 Leadership and the Integration of Policy and Technology to Guide Implementation and Use...........................................................................................25 Persistent Leadership and Strong Oversight from all Branches of Government...................................................................................................................25 Leadership from the President to Steer Cross-Agency Implementation, Facilitate Transformational Change, and Establish Public Confidence ...........................25 Leadership from Congress to Oversee Effective Implementation .....................................27 Leadership throughout the Executive Branch to Promote Information Sharing while Preventing Misuse ..........................................................................................................27 Policies, Processes, and Guidelines that Facilitate Information Sharing and Provide Trust by Empowering and Constraining Users.......................................29 Policies, Processes and Guidelines to Access, Protect, and Share Information ...........29 A New Authorized Use Standard .........................................................................................................32 A Process to Resolve Disputes in Information Sharing ...........................................................41 Managing the Risks of Sharing and Not Sharing ..........................................................................44 Improving the Decision-Making Processes of Senior Officials ...........................................48 Developing Adequate Training and Education to Improve Information Sharing Expertise................................................................................................................51 Creating an Information Sharing Institute ........................................................................................57 Technologies that Support Policies and Processes to Connect People and Information.................................................................................................................................................57 Improving Information Sharing and Analysis with Technology ...........................................58 Enhancing System and Information Security with Technology ............................................65 Facilitating Privacy and Accountability through Rules-Based Technology......................69 The Limits of Technology ........................................................................................................................71 Conclusion ...............................................................................................................................................................72 Appendices ..............................................................................................................................................................73 Appendix 1: Overview of Major Developments towards Establishing an Information Sharing Environment ............................................................................................73 Appendix 2: Letter to the President of September 7, 2005 and White House response of October 21, 2005..................................................................89 Overview For four years, we have been privileged to chair the Markle Task Force on National Security in the Information Age. In its two previous reports, the Task Force has advocated the mobilization of information to prevent terrorism through the creation of a trusted information sharing environment. That environment enhances collaboration, and facilitates the flow of information across the federal government, state and local agencies, and the private sector to enhance understanding of the threats to our nation’s security. It does so in a trusted manner, using information effectively and appropriately, and protecting civil liberties. This vision of a trusted network, along with the key attributes of our proposed Systemwide Homeland Analysis and Resource Exchange (SHARE) Network, outlined in our previous report, were enacted into law in the Intelligence Reform and Terrorism Prevention Act of 2004. The Task Force has not been alone in issuing such recommendations. Concepts such as ours have been proposed by the Report of the Joint Inquiry into the Terrorist Attacks of September 11, 2001, the National Commission on Terrorist Attacks Upon the United States, the Commission on the Intelligence Capabilities Regarding Weapons of Mass Destruction, and many others. Yet despite general agreement on the need for enhanced information sharing to combat terrorism, the nation remains far from achieving this goal. Indeed, we are struck by the wide gap that persists between ambition and vision on the one hand, and actual achievement and concrete steps towards implementation on the other. To be sure, the President and Congress have adopted the vision of information sharing, and have acted in a bipartisan way to remove barriers to achieve that vision. We have witnessed some genuine improvements in information sharing. But two years since the publication of our last report, and almost five years since the terrorist attacks of September 11, systematic, trusted information sharing remains more of an aspiration than a reality. The government has yet to articulate a credible implementation plan for a broad and trusted information sharing environment, and the sense of commitment and determination that characterized the government’s response in the