Fusion centers pose privacy and civil liberties risks, says The Constitution Project
The nation's 77 state and regional fusion centers can pose serious risks to civil liberties, finds a new report from The Constitution Project, which makes a number of recommendations about how the centers should collect and store data.
Among the report's (.pdf) findings is that the threshold for entry of a person's personally identifiable information into a fusion center database--where it could be accessed by other fusion centers--is too low. Ordinarily, federal regulations prohibit state law enforcement agencies that receive federal funding from maintaining personally identifiable information in criminal intelligence databases unless there exists reasonable suspicion that the individual is involved in criminal conduct or that the information is relevant to criminal conduct.
But the Justice Department interprets regulations to exclude from those conditions the data gleaned from suspicious activity reports on the ground that SARs are "tips and lead data" and not criminal intelligence information.
State and federal standards for activities that can cause local law enforcement to file an SAR are broad, the report notes, encompassing behavior such as using binoculars or taking notes. The report doesn't suggest stricter SAR thresholds, stating that such behavior might warrant an initial inquiry, but does say that reports on individuals should not be retained in government databases unless reasonable suspicion can be established.
The center also urges greater federal oversight of fusion centers, recommending that the departments of Homeland Security and Justice should periodically audit fusion centers to ensure compliance with privacy and civil liberties rules.
"One of the most pressing concerns regarding fusion centers is accountability," report authors say, adding that fusion centers should also allow individuals to correct inaccurate information about them in fusion center databases. Some state fusion centers have adopted policies that allow individuals to access their records although with some restrictions, but they don't have a clear process for individuals who seek correction of mistaken information.
Report authors also recommend immutable audit logs for any database accessed by fusion center personnel, whether the database is an outside one hosted by other government agencies or the commercial information reseller databases that many fusion centers subscribe to.