The Department of Homeland Security has acknowledged the existence of three more intelligence analysis systems that appear to include information about the American people, according to documents obtained by the Center for Investigative Reporting.
Turned over in response to a Freedom of Information Act request first made in December of 2008, the documents describe three noteworthy programs called Pantheon, Pathfinder and Organizational Shared Space, which among other things enable authorities to examine message traffic from the intelligence community using computers and a variety of software tools.
The initiatives add more evidence to the proliferation of domestic intelligence and surveillance efforts in the aftermath of the Sept. 11, 2001, terrorist attacks. Those include a vast array of information-sharing programs, dozens of intelligence “fusion” centers formed by local, state and federal officials, and data-mining projects that involve probing mountains of telecommunications and commercial records for leads.
Details about the programs are contained in so-called “privacy impact assessments,” although officials blacked out large portions of them pointing to security exemptions under federal open-government laws. The documents nonetheless offer hints about the scope of such initiatives. Privacy impact assessments are actually supposed to demonstrate what the Department of Homeland Security is doing to protect sensitive private information such as social security numbers, names, birthdates and biometric records used in national security data systems and programs.
Sections of the documents that are not redacted describe Pathfinder as an “integrated text search, retrieval, display and analytic tool suite used to analyze intelligence community message traffic,” which would appear to fit the definition of data mining and includes personal information belonging to Americans.
But the actual practice of data mining is politically controversial. Government secrecy expert and blogger Steven Aftergood noted recently that the federal government tends to narrowly define it, and so intelligence officials don’t have to elaborate on certain activities in congressionally mandated annual reports such as “link analysis” that they don’t consider to be data mining.
Lisa Graves, executive director of the Center for Media and Democracy and a former Justice Department official with expertise in the oversight of government databases, said that most Americans assume authorities are “only looking at bad guys” when they collect information for the war on terror.
“The documents certainly make clear that the foreign intelligence model of the National Security Agency and the CIA has been replicated within the Department of Homeland Security,” Graves said. It seems likely to her that much of the data being collected refer to people who have never done anything wrong. Graves added that citizens don’t know how such information could be used or abused in the future if the government chooses to retain it for long periods of time.
The Office of Intelligence Analysis, according to the records, isn’t required to show its collection efforts are linked to a foreign threat the way other agencies must. “Even purely domestic threats to the homeland may be appropriate for its analytic efforts, and therefore appropriately acquired into Pathfinder.”
Pantheon, meanwhile, is defined in the records as a system for the Department of Homeland Security to share intelligence with other federal, state and local governments when requested, which again includes information about U.S. citizens and permanent residents. But compared to other federal agencies, DHS specifically has the authority to transmit potentially sensitive data “to state, local and private entities.”
Teasing out much else is a challenge, although the documents do concede there’s no formal procedure for individuals to fix incorrect information the system might contain – such as people being wrongly identified as terrorism or criminal suspects. Pantheon “contains classified and sensitive unclassified information” making it exempt from certain provisions of the Privacy Act.
Organizational Shared Space is an umbrella portal for systems like Pantheon and allows agencies within DHS, from the Coast Guard to the Transportation Security Administration, to access classified intelligence internally. But it’s housed on the Joint Worldwide Intelligence Communications System used by the defense and state departments for moving classified information securely, so presumably they would have access to it as well.
The records don’t go far in identifying who exactly can utilize the system saying only that its purpose includes sharing information with “other federal components, including the larger [intelligence community.]” The intelligence community officially includes everyone from the National Security Agency and the CIA to the Treasury Department and the Drug Enforcement Administration.
Some experts interviewed by the RAND Corporation for a 2008 study sponsored by the Homeland Security Department argued that the structure of domestic intelligence in the United States has become too complex involving numerous information-sharing initiatives and programs for data collection. One expert described domestic counterterrorism intelligence as a “pick-up ball game” without real leadership or management. RAND concluded that having so many people involved makes “oversight of those activities challenging.”
Others complain that endless efforts by the government to stockpile electronic information, from records of consumer purchases to suspicious activities reports, in hopes of detecting terrorist patterns merely overwhelms the system and inhibits officials from becoming aware of attack planning.
Dozens of other “privacy impact assessments” are available to the public online as required by the E-Government Act of 2002. The reports ostensibly describe how private information used for anti-terrorism and other law enforcement purposes is being safeguarded by the government, from the border patrol’s controversial practice of searching laptops without suspicion to a self-explanatory system known as ICEGangs used by Immigration and Customs Enforcement.
A Bush Administration official responsible for enforcing privacy rights, Hugo Teufel III, insisted in a 2008 report to Congress that such assessments provide the public with “greater transparency of government operations” and prove the Department of Homeland Security is committed to “implementing privacy practices and controls early in the process of the department’s programs and systems.”
The same report disclosed that five of the assessments were not publicly available for national security reasons, at least until we submitted a FOIA request for them. Extensive redactions additionally would seem to limit their value as an instrument for government transparency. Answers to critical questions about the databases and programs such as how private information is being collected, how it’s used and what measures are taken to ensure content is accurate are blacked out.
Government agencies also disclose their creation and use of databases in the Federal Register to comply with the Privacy Act. But the Office of Intelligence and Analysis does so only in general terms here without listing individual systems like Pathfinder.
2008 Privacy Impact Assessment – Pathfinder
2007 Privacy Impact Assessment – Pantheon
2008 Privacy Impact Assessment – Organizational Shared Space
2008 Privacy Impact Assessment – Homeland Security Information Network/Intelligence Portal
2008 Privacy Impact Assessment – Information Sharing Fellows Program