7 October 2004. Thanks to S.
http://www.wired.com/news/privacy/0,1848,65242,00.html
http://www.wired.com/news/print/0,1294,65242,00.html
Senate Wants Database Dragnet
By Ryan Singel
02:00 AM Oct. 06, 2004 PT
[Excerpt]
The Senate could pass a bill as early as Wednesday evening that would let government counter-terrorist investigators instantly query a massive system of interconnected commercial and government databases that hold billions of records on Americans.
The proposed network is based on the Markle Foundation Task Force's December 2003 report, which envisioned a system that would allow FBI and CIA agents, as well as police officers and some companies, to quickly search intelligence, criminal and commercial databases. The proposal is so radical, the bill allocates $50 million just to fund the system's specifications and privacy policies.
______________
There is Security in Sharing
Information Network Would Aid Terror Fight
by Zoë Baird and James Barksdale
San Jose Mercury News
August 16, 2004
Today, our government still does not have the information it needs to fight terrorism. And the information it does have is isolated in different agencies, and therefore we cannot see its significance. While the discussion over how to implement the 9/11 Commission's recommendations to restructure the intelligence community is important, another key commission recommendation, creating a "trusted information network" to facilitate better information sharing among our intelligence agencies, needs immediate attention. Implementing such a network would make America safer today.
Read more (113K)
Download Action Plan for Federal Government Development of the SHARE Network (68K)
Download Achieving a Networked Community for Homeland Security (470K)
Read Congressional Testimonies of the Markle Foundation's National Security Task Force Members
_____________
The Senate and Markle proposals appear to be forbidden by FY2005 funding for the Department of Defense:
[Appendix, Budget of the United States Government, Fiscal Year 2005]
[Page 322-336]
[DOCID:2005_app_mil-13]
From the Budget of the U.S., FY 2005 Online via GPO Access
[wais.access.gpo.gov]
GENERAL PROVISIONS, DEPARTMENT OF DEFENSE
[Excerpt]
[Sec. 8131. (a) Notwithstanding any other provision of law, none of
the funds appropriated or otherwise made available in this or any other
Act may be obligated for the Terrorism Information Awareness Program:
Provided, That this limitation shall not apply to the program hereby
authorized for Processing, analysis, and collaboration tools for
counterterrorism foreign intelligence, as described in the Classified
Annex accompanying the Department of Defense Appropriations Act, 2004,
for which funds are expressly provided in the National Foreign
Intelligence Program for counterterrorism foreign intelligence purposes.
(b) None of the funds provided for Processing, analysis, and
collaboration tools for counterterrorism foreign intelligence shall be
available for deployment or implementation except for:
[[Page 334]]
(1) lawful military operations of the United States conducted
outside the United States; or
(2) lawful foreign intelligence activities conducted wholly
overseas, or wholly against non-United States citizens.
(c) In this section, the term ``Terrorism Information Awareness
Program'' means the program known either as Terrorism Information
Awareness or Total Information Awareness, or any successor program,
funded by the Defense Advanced Research Projects Agency, or any other
Department or element of the Federal Government, including the
individual components of such Program developed by the Defense Advanced
Research Projects Agency.]
[Congressional Record: October 5, 2004 (Senate)]
[Page S10446-S10458]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr05oc04-161]
TEXT OF AMENDMENTS
[Excerpt]
SA 3972. Mr. DURBIN submitted an amendment intended to be proposed by
him to the bill S. 2845, to reform the intelligence community and the
intelligence and intelligence-related activities of the United States
Government, and for other purposes; which was ordered to lie on the
table; as follows:
At the appropriate place, insert:
SEC. 206. INFORMATION SHARING.
(a) Definitions.--In this section:
(1) Advisory board.--The term ``Advisory Board'' means the
Advisory Board on Information Sharing established under
subsection (i).
(2) Executive council.--The term ``Executive Council''
means the Executive Council on Information Sharing
established under subsection (h).
(3) Homeland security information.--The term ``homeland
security information'' means all information, whether
collected, produced, or distributed by intelligence, law
enforcement, military, homeland security, or other activities
relating to--
(A) the existence, organization, capabilities, plans,
intentions, vulnerabilities,
[[Page S10452]]
means of finance or material support, or activities of
foreign or international terrorist groups or individuals, or
of domestic groups or individuals involved in transnational
terrorism;
(B) threats posed by such groups or individuals to the
United States, United States persons, or United States
interests, or to those of other nations;
(C) communications of or by such groups or individuals; or
(D) groups or individuals reasonably believed to be
assisting or associated with such groups or individuals.
(4) Network.--The term ``Network'' means the Information
Sharing Network described under subsection (c).
(b) Findings.--Consistent with the report of the National
Commission on Terrorist Attacks upon the United States,
Congress makes the following findings:
(1) The effective use of information, from all available
sources, is essential to the fight against terror and the
protection of our homeland. The biggest impediment to all-
source analysis, and to a greater likelihood of ``connecting
the dots'', is resistance to sharing information.
(2) The United States Government has access to a vast
amount of information, including not only traditional
intelligence but also other government databases, such as
those containing customs or immigration information. However,
the United States Government has a weak system for processing
and using the information it has.
(3) In the period preceding September 11, 2001, there were
instances of potentially helpful information that was
available but that no person knew to ask for; information
that was distributed only in compartmented channels, and
information that was requested but could not be shared.
(4) Current security requirements nurture over-
classification and excessive compartmentalization of
information among agencies. Each agency's incentive structure
opposes sharing, with risks, including criminal, civil, and
administrative sanctions, but few rewards for sharing
information.
(5) The current system, in which each intelligence agency
has its own security practices, requires a demonstrated
``need to know'' before sharing. This approach assumes that
it is possible to know, in advance, who will need to use the
information. An outgrowth of the cold war, such a system
implicitly assumes that the risk of inadvertent disclosure
outweighs the benefits of wider sharing. Such assumptions are
no longer appropriate. Although counterintelligence concerns
are still real, the costs of not sharing information are also
substantial. The current ``need-to-know'' culture of
information protection needs to be replaced with a ``need-to-
share'' culture of integration.
(6) A new approach to the sharing of intelligence and
homeland security information is urgently needed. An
important conceptual model for a new ``trusted information
network'' is the Systemwide Homeland Analysis and Resource
Exchange (SHARE) Network proposed by a task force of leading
professionals assembled by the Markle Foundation and
described in reports issued in October 2002 and December
2003.
(7) No single agency can create a meaningful information
sharing system on its own. Alone, each agency can only
modernize stovepipes, not replace them. Presidential
leadership is required to bring about governmentwide change.
(c) Information Sharing Network.--
(1) Establishment.--The President shall establish a trusted
information network and secure information sharing
environment to promote sharing of intelligence and homeland
security information in a manner consistent with national
security and the protection of privacy and civil liberties,
and based on clearly defined and consistently applied
policies and procedures, and valid investigative, analytical
or operational requirements.
(2) Attributes.--The Network shall promote coordination,
communication and collaboration of people and information
among all relevant Federal departments and agencies, State,
tribal, and local authorities, and relevant private sector
entities, including owners and operators of critical
infrastructure, by using policy guidelines and technologies
that support--
(A) a decentralized, distributed, and coordinated
environment that connects existing systems where appropriate
and allows users to share information among agencies, between
levels of government, and, as appropriate, with the private
sector;
(B) the sharing of information in a form and manner that
facilitates its use in analysis, investigations and
operations;
(C) building upon existing systems capabilities currently
in use across the Government;
(D) utilizing industry best practices, including minimizing
the centralization of data and seeking to use common tools
and capabilities whenever possible;
(E) employing an information access management approach
that controls access to data rather than to just networks;
(F) facilitating the sharing of information at and across
all levels of security by using policy guidelines and
technologies that support writing information that can be
broadly shared;
(G) providing directory services for locating people and
information;
(H) incorporating protections for individuals' privacy and
civil liberties;
(I) incorporating strong mechanisms for information
security and privacy and civil liberties guideline
enforcement in order to enhance accountability and facilitate
oversight, including--
(i) multifactor authentication and access control;
(ii) strong encryption and data protection;
(iii) immutable audit capabilities;
(iv) automated policy enforcement;
(v) perpetual, automated screening for abuses of network
and intrusions; and
(vi) uniform classification and handling procedures;
(J) compliance with requirements of applicable law and
guidance with regard to the planning, design, acquisition,
operation, and management of information systems; and
(K) permitting continuous system upgrades to benefit from
advances in technology while preserving the integrity of
stored data.
(d) Immediate Actions.--Not later than 90 days after the
date of the enactment of this Act, the Director of the Office
of Management and Budget, in consultation with the Executive
Council, shall--
(1) submit to the President and to Congress a description
of the technological, legal, and policy issues presented by
the creation of the Network described in subsection (c), and
the way in which these issues will be addressed;
(2) establish electronic directory services to assist in
locating in the Federal Government intelligence and homeland
security information and people with relevant knowledge about
intelligence and homeland security information; and
(3) conduct a review of relevant current Federal agency
capabilities, including--
(A) a baseline inventory of current Federal systems that
contain intelligence or homeland security information;
(B) the money currently spent to maintain those systems;
and
(C) identification of other information that should be
included in the Network.
(e) Guidelines and Requirements.--As soon as possible, but
in no event later than 180 days after the date of the
enactment of this Act, the President shall--
(1) in consultation with the Executive Council--
(A) issue guidelines for acquiring, accessing, sharing, and
using information, including guidelines to ensure that
information is provided in its most shareable form, such as
by separating out data from the sources and methods by which
that data are obtained; and
(B) on classification policy and handling procedures across
Federal agencies, including commonly accepted processing and
access controls;
(2) in consultation with the Privacy and Civil Liberties
Oversight Board established under section 211, issue
guidelines that--
(A) protect privacy and civil liberties in the development
and use of the Network; and
(B) shall be made public, unless, and only to the extent
that, nondisclosure is clearly necessary to protect national
security; and
(3) require the heads of Federal departments and agencies
to promote a culture of information sharing by--
(A) reducing disincentives to information sharing,
including overclassification of information and unnecessary
requirements for originator approval; and
(B) providing affirmative incentives for information
sharing, such as the incorporation of information sharing
performance measures into agency and managerial evaluations,
and employee awards for promoting innovative information
sharing practices.
(f) Enterprise Architecture and Implementation Plan.--Not
later than 270 days after the date of the enactment of this
Act, the Director of Management and Budget shall submit to
the President and to Congress an enterprise architecture and
implementation plan for the Network. The enterprise
architecture and implementation plan shall be prepared by the
Director of Management and Budget, in consultation with the
Executive Council, and shall include--
(1) a description of the parameters of the proposed
Network, including functions, capabilities, and resources;
(2) a delineation of the roles of the Federal departments
and agencies that will participate in the development of the
Network, including identification of any agency that will
build the infrastructure needed to operate and manage the
Network (as distinct from the individual agency components
that are to be part of the Network), with the delineation of
roles to be consistent with--
(A) the authority of the National Intelligence Director
under this Act to set standards for information sharing and
information technology throughout the intelligence community;
and
(B) the authority of the Secretary of Homeland Security and
the role of the Department of Homeland Security in
coordinating with State, tribal, and local officials and the
private sector;
(3) a description of the technological requirements to
appropriately link and enhance existing networks and a
description of the system design that will meet these
requirements;
(4) an enterprise architecture that--
(A) is consistent with applicable laws and guidance with
regard to planning, design, acquisition, operation, and
management of information systems;
(B) will be used to guide and define the development and
implementation of the Network; and
[[Page S10453]]
(C) addresses the existing and planned enterprise
architectures of the departments and agencies participating
in the Network;
(5) a description of how privacy and civil liberties will
be protected throughout the design and implementation of the
Network;
(6) objective, systemwide performance measures to enable
the assessment of progress toward achieving full
implementation of the Network;
(7) a plan, including a time line, for the development and
phased implementation of the Network;
(8) total budget requirements to develop and implement the
Network, including the estimated annual cost for each of the
5 years following the date of the enactment of this Act; and
(9) proposals for any legislation that the Director of
Management and Budget determines necessary to implement the
Network.
(g) Director of Management and Budget Responsible for
Information Sharing Across the Federal Government.--
(1) Additional duties and responsibilities.--
(A) In general.--The Director of Management and Budget, in
consultation with the Executive Council, shall--
(i) implement and manage the Network;
(ii) develop and implement policies, procedures,
guidelines, rules, and standards as appropriate to foster the
development and proper operation of the Network; and
(iii) assist, monitor, and assess the implementation of the
Network by Federal departments and agencies to ensure
adequate progress, technological consistency and policy
compliance; and regularly report the findings to the
President and to Congress.
(B) Content of policies, procedures, guidelines, rules, and
standards.--The policies, procedures, guidelines, rules, and
standards under subparagraph (A)(ii) shall--
(i) take into account the varying missions and security
requirements of agencies participating in the Network;
(ii) address development, implementation, and oversight of
technical standards and requirements;
(iii) address and facilitate information sharing between
and among departments and agencies of the intelligence
community, the Department of Defense, the Homeland Security
community and the law enforcement community;
(iv) address and facilitate information sharing between
Federal departments and agencies and State, tribal and local
governments;
(v) address and facilitate, as appropriate, information
sharing between Federal departments and agencies and the
private sector;
(vi) address and facilitate, as appropriate, information
sharing between Federal departments and agencies with foreign
partners and allies; and
(vii) ensure the protection of privacy and civil liberties.
(2) Appointment of principal officer.--Not later than 30
days after the date of the enactment of this Act, the
Director of Management and Budget shall appoint, with
approval of the President, a principal officer in the Office
of Management and Budget whose primary responsibility shall
be to carry out the day-to-day duties of the Director
specified in this section. The officer shall report directly
to the Director of Management and Budget, have the rank of a
Deputy Director and shall be paid at the rate of pay payable
for a position at level III of the Executive Schedule under
section 5314 of title 5, United States Code.
(h) Executive Council on Information Sharing.--
(1) Establishment.--There is established an Executive
Council on Information Sharing that shall assist the Director
of Management and Budget in the execution of the Director's
duties under this Act concerning information sharing.
(2) Membership.--The members of the Executive Council shall
be--
(A) the Director of Management and Budget, who shall serve
as Chairman of the Executive Council;
(B) the Secretary of Homeland Security or his designee;
(C) the Secretary of Defense or his designee;
(D) the Attorney General or his designee;
(E) the Secretary of State or his designee;
(F) the Director of the Federal Bureau of Investigation or
his designee;
(G) the National Intelligence Director or his designee;
(H) such other Federal officials as the President shall
designate;
(I) representatives of State, tribal, and local
governments, to be appointed by the President; and
(J) individuals who are employed in private businesses or
nonprofit organizations that own or operate critical
infrastructure, to be appointed by the President.
(3) Responsibilities.--The Executive Council shall assist
the Director of Management and Budget in--
(A) implementing and managing the Network;
(B) developing policies, procedures, guidelines, rules, and
standards necessary to establish and implement the Network;
(C) ensuring there is coordination among departments and
agencies participating in the Network in the development and
implementation of the Network;
(D) reviewing, on an ongoing basis, policies, procedures,
guidelines, rules, and standards related to the
implementation of the Network;
(E) establishing a dispute resolution process to resolve
disagreements among departments and agencies about whether
particular information should be shared and in what manner;
and
(F) considering such reports as are submitted by the
Advisory Board on Information Sharing under subsection
(i)(2).
(4) Inapplicability of federal advisory committee act.--The
Council shall not be subject to the requirements of the
Federal Advisory Committee Act (5 U.S.C. App.).
(5) Reports.--Not later than 1 year after the date of the
enactment of this Act, and annually thereafter, the Director
of Management and Budget, in the capacity of Chair of the
Executive Council, shall submit a report to the President and
to Congress that shall include--
(A) a description of the activities and accomplishments of
the Council in the preceding year; and
(B) the number and dates of the meetings held by the
Council and a list of attendees at each meeting.
(6) Informing the public.--The Executive Council shall--
(A) make its reports to Congress available to the public to
the greatest extent that is consistent with the protection of
classified information and applicable law; and
(B) otherwise inform the public of its activities, as
appropriate and in a manner consistent with the protection of
classified information and applicable law.
(i) Advisory Board on Information Sharing.--
(1) Establishment.--There is established an Advisory Board
on Information Sharing to advise the President and the
Executive Council on policy, technical, and management issues
related to the design and operation of the Network.
(2) Responsibilities.--The Advisory Board shall advise the
Executive Council on policy, technical, and management issues
related to the design and operation of the Network. At the
request of the Executive Council, or the Director of
Management and Budget in the capacity as Chair of the
Executive Council, or on its own initiative, the Advisory
Board shall submit reports to the Executive Council
concerning the findings and recommendations of the Advisory
Board regarding the design and operation of the Network.
(3) Membership and qualifications.--The Advisory Board
shall be composed of no more than 15 members, to be appointed
by the President from outside the Federal Government. The
members of the Advisory Board shall have significant
experience or expertise in policy, technical and operational
matters, including issues of security, privacy, or civil
liberties, and shall be selected solely on the basis of their
professional qualifications, achievements, public stature and
relevant experience.
(4) Chair.--The President shall designate one of the
members of the Advisory Board to act as chair of the Advisory
Board.
(5) Administrative support.--The Office of Management and
Budget shall provide administrative support for the Advisory
Board.
(j) Reports.--
(1) In general.--Not later than 1 year after the date of
the enactment of this Act, and semiannually thereafter, the
President through the Director of Management and Budget shall
submit a report to Congress on the state of the Network and
of information sharing across the Federal Government.
(2) Content.--Each report under this subsection shall
include--
(A) a progress report on the extent to which the Network
has been implemented, including how the Network has fared on
the government-wide and agency-specific performance measures
and whether the performance goals set in the preceding year
have been met;
(B) objective systemwide performance goals for the
following year;
(C) an accounting of how much was spent on the Network in
the preceding year;
(D) actions taken to ensure that agencies procure new
technology that is consistent with the Network and
information on whether new systems and technology are
consistent with the Network;
(E) the extent to which, in appropriate circumstances, all
terrorism watch lists are available for combined searching in
real time through the Network and whether there are
consistent standards for placing individuals on, and removing
individuals from, the watch lists, including the availability
of processes for correcting errors;
(F) the extent to which unnecessary roadblocks,
impediments, or disincentives to information sharing,
including the inappropriate use of paper-only intelligence
products and requirements for originator approval, have been
eliminated;
(G) the extent to which positive incentives for information
sharing have been implemented;
(H) the extent to which classified information is also made
available through the Network, in whole or in part, in
unclassified form;
(I) the extent to which State, tribal, and local
officials--
(i) are participating in the Network;
(ii) have systems which have become integrated into the
Network;
(iii) are providing as well as receiving information; and
(iv) are using the Network to communicate with each other;
(J) the extent to which--
[[Page S10454]]
(i) private sector data, including information from owners
and operators of critical infrastructure, is incorporated in
the Network; and
(ii) the private sector is both providing and receiving
information;
(K) where private sector data has been used by the
Government or has been incorporated into the Network--
(i) the measures taken to protect sensitive business
information; and
(ii) where the data involves information about individuals,
the measures taken to ensure the accuracy of such data;
(L) the measures taken by the Federal Government to ensure
the accuracy of other information on the Network and, in
particular, the accuracy of information about individuals;
(M) an assessment of the Network's privacy and civil
liberties protections, including actions taken in the
preceding year to implement or enforce privacy and civil
liberties protections and a report of complaints received
about interference with an individual's privacy or civil
liberties; and
(N) an assessment of the security protections of the
Network.
(k) Agency Responsibilities.--The head of each department
or agency possessing or using intelligence or homeland
security information or otherwise participating in the
Network shall--
(1) ensure full department or agency compliance with
information sharing policies, procedures, guidelines, rules,
and standards established for the Network under subsections
(c) and (g);
(2) ensure the provision of adequate resources for systems
and activities supporting operation of and participation in
the Network; and
(3) ensure full agency or department cooperation in the
development of the Network and associated enterprise
architecture to implement governmentwide information sharing,
and in the management and acquisition of information
technology consistent with applicable law.
(l) Agency Plans and Reports.--Each Federal department or
agency that possesses or uses intelligence and homeland
security information, operates a system in the Network or
otherwise participates, or expects to participate, in the
Network, shall submit to the Director of Management and
Budget--
(1) not later than 1 year after the date of the enactment
of this Act, a report including--
(A) a strategic plan for implementation of the Network's
requirements within the department or agency;
(B) objective performance measures to assess the progress
and adequacy of the department or agency's information
sharing efforts; and
(C) budgetary requirements to integrate the agency into the
Network, including projected annual expenditures for each of
the following 5 years following the submission of the report;
and
(2) annually thereafter, reports including--
(A) an assessment of the progress of the department or
agency in complying with the Network's requirements,
including how well the agency has performed on the objective
measures developed under paragraph (1)(B);
(B) the agency's expenditures to implement and comply with
the Network's requirements in the preceding year; and
(C) the agency's or department's plans for further
implementation of the Network in the year following the
submission of the report.
(m) Periodic Assessments.--
(1) Comptroller general.--
(A) In general.--Not later than 1 year after the date of
the enactment of this Act, and periodically thereafter, the
Comptroller General shall evaluate the implementation of the
Network, both generally and, at the discretion of the
Comptroller General, within specific departments and
agencies, to determine the extent of compliance with the
Network's requirements and to assess the effectiveness of the
Network in improving information sharing and collaboration
and in protecting privacy and civil liberties, and shall
report to Congress on the findings of the Comptroller
General.
(B) Information available to the comptroller general.--Upon
request by the Comptroller General, information relevant to
an evaluation under subsection (a) shall be made available to
the Comptroller General under section 716 of title 31, United
States Code.
(C) Consultation with congressional committees.--If a
record is not made available to the Comptroller General
within a reasonable time, before the Comptroller General
files a report under section 716(b)(1) of title 31, United
States Code, the Comptroller General shall consult with the
Select Committee on Intelligence of the Senate, the Permanent
Select Committee on Intelligence of the House of
Representatives, the Committee on Governmental Affairs of the
Senate, and the Committee on Government Reform of the House
of Representatives concerning the Comptroller's intent to
file a report.
(2) Inspectors general.--The Inspector General in any
Federal department or agency that possesses or uses
intelligence or homeland security information or that
otherwise participates in the Network shall, at the
discretion of the Inspector General--
(A) conduct audits or investigations to--
(i) determine the compliance of that department or agency
with the Network's requirements; and
(ii) assess the effectiveness of that department or agency
in improving information sharing and collaboration and in
protecting privacy and civil liberties; and
(B) issue reports on such audits and investigations.
(n) Authorization of Appropriations.--There are authorized
to be appropriated--
(1) $50,000,000 to the Director of Management and Budget to
carry out this section for fiscal year 2005; and
(2) such sums as are necessary to carry out this section in
each fiscal year thereafter, to be disbursed and allocated in
accordance with the Network implementation plan required by
subsection (f).
______