Wednesday, January 2, 2013

"White House National Strategy for Information Sharing" is a blueprint for corporations to spy on Americans.

We recognize departments and agencies have achieved an unprecedented ability to gather, store, and use information consistent with their missions and applicable legal authorities; correspondingly they have an obligation to make that information available to support national security missions. The remaining objectives represent additional priority activities for departments, agencies, and other stakeholders to advance the goals of this Strategy.

1. Align information sharing and safeguarding governance to foster better decisionmaking, performance, accountability, and implementation of the Strategy’s goals.

2. Develop guidelines for information sharing and safeguarding agreements to address common requirements, including privacy, civil rights, and civil liberties, while still allowing flexibility to meet mission needs.

3. Adopt metadata standards to facilitate federated discovery, access, correlation, and monitoring across Federal networks and security domains.

4. Extend and implement the FICAM Roadmap across all security domains.

5. Implement removable media policies, processes and controls; provide timely audit capabilities of assets, vulnerabilities, and threats; establish programs, processes and techniques to deter, detect and disrupt insider threats; and share the management of risks, to enhance unclassified and classified information safeguarding efforts.

6. Define and adopt baseline capabilities and common requirements to enable data, service, and network interoperability.

7. Provide information sharing, safeguarding, and handling training to appropriate stakeholders using a common curriculum tailored to promote consistent, yet flexible, and trusted processes.

8. Define and implement common processes and standards to support automated policy-based discovery and access decisions.

9. Establish information sharing processes and sector specific protocols, with private sector partners, to improve information quality and timeliness and secure the nation’s infrastructure.

10. Develop a reference architecture to support a consistent approach to data discovery and correlation across disparate datasets.

11. Implement the recommendations and activities of the Federal IT Shared Services Strategy among appropriate stakeholders to facilitate adoption of shared services.

12. Refine standards certification and conformance processes enabling standards-based acquisition among departments and agencies, standards bodies, and vendors to promote interoperable products and services.

13. Promote adherence to existing interagency processes to coordinate information sharing initiatives with foreign partners, as well as adopt and apply necessary guidelines, consistent with statutory authorities and Presidential policy to ensure consistency when sharing and safeguarding information.

14. Create a common process across all levels of government for Requests for Information, Alerts, Warnings, and Notifications to enable timely receipt and dissemination of information and appropriate response.

15. Complete the implementation of the NSI programs in the National Network of Fusion Centers and Federal entities while expanding training and outreach beyond law enforcement to the rest of the public safety community.

16. Achieve the four Critical Operational Capabilities, four Enabling Capabilities, and other prioritized objectives, across the National Network of Fusion Centers to enable effective and lawful execution of their role as a focal point within the state and local environment for the receipt, analysis, gathering and sharing of threat-related information.

An incredibly prescient 2004 Report from the ACLU documented the Surveillance Industrial Complex.

The Report documents how two early Bush era surveillance programs were killed by Congress for overreaching:  one — the Total Information Awareness project from John Poindexter - which would have data mined virtually all online data to detect individuals of interest to the Government, and a second - the Terrorism Information and Prevention System (TIPS) - which was designed to recruit 1 million private citizens to inform the Government of suspicious acts.  But as the ACLU Report warned, both projects ended up being developed in alternative forms.  Indeed, a wide array of government agencies have created countless programs to encourage and formally train various private workers (such as cable installers, utilities workers and others who enter people’s homes) to act as government informants and report any “suspicious” activity; see one example here.  Meanwhile, TIA has been replicated, and even surpassed, as a result of private industries’ willingness to do the snooping work on American citizens which the Government cannot do.

Oftentimes, private corporations simply turn over whatever information the Government requests even in the absence of legal compulsion.  They do so due to a variety of motives:  an eagerness to build profitable relationships with the Government, fear of regulatory or legal reprisals if they resist, or a belief that they are being patriotic.  Numerous large corporations, such as airlines, have been caught voluntarily turning over to the Government vast amounts of invasive information about their passengers.  And, of course, the illegal Bush NSA spying program was accomplished by the voluntary (though highly profitable) participation by most of the telecom industry, which literally turned over unfettered access to the Government to their customers’ calling and Internet records and even communication content.

But it’s the emergence of a private market for this data - whereby the Government pays corporations to collect, process and then furnish it - that has vastly elevated the Government’s ability to collect such data about citizens.  As the ACLU Report put it, this arrangement provides the best of all worlds for the Government and the worst for citizens:
The use of private-sector data aggregators allows the government to insulate surveillance and information-handling practices from privacy laws or public scrutiny. That is sometimes an important motivation in outsourced surveillance.  Private companies are free not only from complying with the Privacy Act, but from other checks and balances, such as the Freedom of Information Act.  They are also insulated from oversight by Congress and are not subject to civil-service laws designed to ensure that government policymakers are not influenced by partisan politics. . . .
In light of this, it’s not surprising that - just as is true for all of their surveillance activities - government officials have been actively developing ways to recruit private corporations into spying on American citizens for them.  The FBI created a particularly creepy program - called InfraGard -   in which 23,000 companies (including most of the Fortune 500) are in an information-sharing program with federal law enforcement agencies.  From the ACLU Report:
The program has more than 10,000 members organized into 79 local chapters; the list of participating companies is kept secret. Members wishing to participate fully must undergo a security check and obtain clearance by the FBI.  The Cleveland Plain Dealer described it as a “a vast informal network of powerful friends,” a “giant group of tipsters” created by the FBI under a “philosophy of quietly working with corporate America” in order to “funnel security alerts away from the public eye and receive tips on possible illegal activity.”
But there is evidence that InfraGard may be closer to a corporate TIPS program, turning private-sector corporations - some of which may be in a position to observe the activities of millions of individual customers - into surrogate eyes and ears for the FBI. . . .
There is a long and unfortunate history of cooperation between government security agencies and powerful corporations to deprive individuals of their privacy and other civil liberties, and any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future.
Another option open to government agencies seeking information on individuals is to simply purchase it on the open market.  As private-sector information-gathering has exploded in recent years, so has the amount of data that is now available to the government (and any other customer) willing to pay the price.  Although government information-purchasing was once a minor matter, the explosion of private-sector data collection has begun to significantly undermine the laws meant to protect Americans from government snooping.

No comments: