Critical Information Flows

“For, everything considered, he will find things which, though seeming good, will lead to his ruin if pursued, and others which, though seeming evil, will result in his safety and well-being.” Niccolo Machiavelli, The Prince

Critical Information Flows: Effective Policymaking Critical Information Flows: Effective Policymaking in Governmentin Government

Alina J. Johnson


TABLE OF CONTENTS

INTRODUCTION ……………………………………………………………………………. 3

Laws and Initiatives of the 9/11 Report ………………………………………………………..3

The Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004 …………………… 3

The TOPAS© 2008 Framework of Policy Analysis ………………………………………………. .5

Analysis – IRTPA ………………………………………………………………………………..6

Analysis – Memorandum for the Heads of Executive Departments and Agencies ……………..7

Analysis – Message to the Congress on Information Sharing ………………………………….9

Analysis – National Strategy on Information Sharing ………………………………………....11

The TOPAS(c) 2008 Approach ….................……………………………………………………….12

Discussion ……………………………………………………………………………………..12

Recommendations ……………………………………………………………………………..13

Conclusion ……………………………………………………………………………………..14

Cited References ........................................................................................................................15

APPENDICES ...……………………………………………………………………………....16


The National Commission on Terrorist Attacks Upon the United States report, commonly known as the 9/11(Commissioners) report, has been the single greatest source of policy inspirations and serves as the provenance document with which to find the driving force behind many of the policy decisions we face today as Americans. In a time in our nation's history when we were fearful, a series of laws were recommended, adopted and further implemented by a nation in varying degrees of rage, fear, and terror. In times of uncertainty and doubt, difficult decisions were made and questions remain with us today almost seven years later. This paper will seek to address the constraints faced by policy-makers by introducing a new framework of analysis which was built robustly to identify flawed self-assessments and lessons learned through compare and contrast to understand, resolve, and respond to defective information flows for the purposes of public policy matters.

The five-point TOPAS(c) 2008 framework I have developed can be utilized within both private and public sector entities to illustrate a robust, comprehensive, and holistic approach towards being able to resolve some of the ethical, legal, political, economical, technological, cultural, competitive, and social consequences of such policy actions. This framework is an acronym for Transparency, Oversight, Privacy, Accountability, and Security. It was developed to assist in assessing policy matters and allows a deeper level of analysis to get at the root of the issues, and also broadens some of the salient points of the Critical Information Flows presentation given earlier.

The 9/11 report, broadly stated, gave a series of recommendations to be implemented in view of the fact that federal, state, and local responders reacted poorly along many key aspects, and were greatly blamed for the deaths of many Americans, as seen by the number of lawsuits filed. As such, these thirty-eight recommendations touched upon the following aspects of public policy that are still debatable today: secure identification (biometrics), information sharing, infrastructure threat assessment (border security and private industry electronic and physical safeguards), travel, federal government organizational structure (chain of command), privacy, security, and national intelligence. Rather than review each of these aspects due to time constraints and brevity, this paper will focus upon the laws and initiatives which encourage the practice of information sharing, and explore key principles and themes. Furthermore, it shall be identifiable which policy implementations will further impact public and private entities, thus, providing a guide towards effective policy-making for the future.

To give an even broader perspective, some of the laws and initiatives that are recommended in the report which promote information sharing as a matter of national security policy include the IRTPA (2004), WHTI, and the REAL ID Act (2005). Of the three, WHTI, the Western Hemisphere Travel Initiative, is only one aspect of the broader IRTPA act. WHTI requires all travelers entering the United States by land or sea to provide proper identity documentation. In all, there will be two phases of the initiative to allow the public an adjustment period of time as this is a federal law. If considering global implications, its fatal flaw is that it is only enforceable in Canada, the Caribbean, Mexico and Bermuda. According to the U.S. Department of State, it does require United States citizens to present a WHTI-compliant document when traveling to the countries.[1]

IRTPA, the broadest of the three aforementioned, is the acronym which is the Intelligence Reform and Terrorism Prevention Act, and passed into law in 2004. It is, broadly speaking, one of the most comprehensive policy documents that stemmed from the 9/11 Commissioners Report, containing no less than eight titles, twelve subtitles, seven detailed reports, and no less than 215 sections. Its purpose was to restructure the intelligence community (IC) to address the failures of the past in anticipation and


readiness for future attacks. However, for the purposes of this paper, my focus will remain on the analysis of the IRTPA law as a whole, along with two other specific documents issued by the President, the Message to the Congress, and the Memorandum to Executive Department Heads. However to provide context, I will briefly address other key aspects of the Real ID Act, and the National Strategy on Information Sharing, along with a textual analysis of the mission and vision statements of the Intelligence Community. All of these records refer to specific information sharing practices within the federal government that are conducive to free flows of critical information among all government levels and private entities for the purposes of national security. In addition, these records (with the exception of the IC statements) are recommendations of the 9/11 report, and as such, are given additional scrutiny for the purposes of analysis.

As an aside and not fully explored under the framework in this paper, the REAL ID Act (2005) is another recommendation which addresses the issues of secure identification and infrastructure threat assessment, indeed, unifying the two. By doing so, matters of privacy, security, accuracy, authentication, and technical feasible come into play. Already, many states and public interest groups are in direct opposition to such mandates, particularly without federal funding [2]. Recently, the Department of Homeland Security (another implemented recommendation into law) extended the deadline for states to comply [3]. It remains to be seen if this controversial law can truly be adopted by all states, and the resistance makes for an interesting history lesson to come. It is mentioned only because it is a related policy matter that stemmed from the 9/11 report and includes many of the same matters of interest to policy makers.

To further explore IRTPA a review of the Intelligence Community (IC) is necessary. The IC encom-passes seventeen agencies, some with non-mutually exclusive and thus, overlapping mission and vision statements [Table A] which provide ambiguous clues as to authority and span of control. For this reason, IRTPA in section 1001, subtitle A, established the Director of National Intelligence who serves as the head of the IC and principal advisor to the President, Department of Homeland Security and National Security Council as the premier expert on national security matters. The purpose of the law is to ensure that the events leading up to terrorist attacks never occur again on American soil. According to Jim Surowiecki in The Wisdom of Crowds, “given the almost complete failure of the IC to anticipate...terrorist attacks...(it is) possible that organizing (it) differently would have...improved its chances of recognizing what the Joints Inquiry called “the collective significance” of the data it had on hand” [4]. While collectively they held the data which could have been disseminated, and appropriate actions taken, this did not happen. In other words, the IC was largely ineffectual in being able to identify and restrain terrorist activities domestically or abroad. Therefore, a complete overhaul (or, reform) of the IC was needed to ensure the right information flows to the right people in time to avert danger.

An information sharing environment (ISE), defined in IRTPA is “an approach that facilitates the sharing of terrorism information, which approach may include any methods determined necessary and appropriate for carrying out this section” [5]. This type of technical environment is a necessarily decentralized information systems environment in which critical data (or information) is collected and shared collaboratively. The ability for each department to retain control of its records, yet collaboratively share information, is key to defending and protecting American lives. Failure to develop and implement a system of sharing may result in more loss of lives. It is also appropriate to consider whether or not conflicts of interest exist which may further erode trust relationships and deter


sharing activities.

Prior to 9/11, government interbranch access to information was a significant source of agency and departmental disputes, according to Harold Relyea in the CRS report Access to Government Information in the United States [6]. He goes on to say, “No statutory arrangements have been created to facilitate access by one branch of the federal government to records and information holdings of the other two branches” [Ibid]. It is for this reason that the National Strategy for Information Sharing was created to guide efforts to amplify and strengthen the capabilities of key stakeholders in the dis-semination of critical information between and among one another for the purposes of deterring terrorist activities.

Arguably, one of the most controversial policy aspects of the IRTPA law is that of information sharing. While there are other debatable issues which are significant, found within the separate and distinct titles of the law, my focus will be to relate specifically to the subject of the methodologies and implementations of information flows across and within government units. The other main documents of interest for this paper include that of the Memorandum for the Heads of Executive Departments and Agencies (Memo) [7], the Message to the Congress of the United States on Information Sharing (Message) [8], and the National Strategy for Information Sharing [9]. Together, these four documents will be explored within the TOPAS(c) 2008 framework.

One consideration of note is in order to successfully analyze policy, one must not be blinded by myopic thinking or locked into domain-specific protections of shared information policies such as HIPAA (1996), FERPA (1974) or PCI-DSS (2006) which protect health, student records, and credit card transactions, respectively. Instead, a holistic approach should be utilized which incorporates all aspects of information sharing. My argument, indeed, is that once all forms of information flows are treated equally, many of the tensions and discords among conflicting parties will greatly lessen. My position is that of an egalitarian, as no one form of information should be treated differently than any other, and this is the basis of my argument. In addition, any and all policy matters created hold accountability to the American people, the basis for any policy action. Next, I will describe in more detail the framework as a whole.

Specifically, each aspect of the framework is developed in the following manner:

TRANSPARENCYTransparency is the two-way mirror model which allows internal and external parties to (re)view the information actions of one another. To protect civil liberties of the stakeholders, this model may benefit from filtering or screening mechanisms to avert or otherwise lessen the effects of full transparency when matters do not warrant such scrutiny. However, controls must be in place to ensure full access is restricted to those with a need-to-know. A minimization implementation is a method of averting full access in the absence of full scrutiny. In addition, issues of power and control can be mitigated by a combination of other models, namely, the oversight model. Full transparency, by itself, is not useful l to fully implement any policy action and must be carefully balanced with the remainder of the framework models. A good balance of full use of all models is needed to fully realize the benefits of the TOPAS(c) 2008 framework of analysis.


OVERSIGHTOversight is the authoritative model which allows a party/parties an ability to provide checks and balances, or otherwise interpret and execute the information actions of another. By nature, this role is largely one of enforcement powers, but this effect can be mitigated by the accountability model. This model prevents any one entity from accumulating too much power or control, and ultimately, eliminates monopoly powers of any one entity. PRIVACYPrivacy is the alternate side of the security model, and allows an ability of a party/parties to shield (or protect) one's information actions from another. This is largely a dual-role of each party involved and is therefore, the most broadly applicable model of the five. If privacy is seen as a fundamental or constitutional right, then it is a birthright of every human being. However, if seen as a policy matter, it is subject to the interpretation of the laws at that time. This is, arguably, also one of the most highly controversial models of the five. For the purposes of this model, privacy is ubiquitous and broader in nature than security.

ACCOUNTABILITYAccountability, closely related to oversight, refers to the stakeholders who are affected by the information flows taking place between and among the parties. As such, due to guides, laws, directives, mandates, or regulations, this role may be somewhat mutable and slightly lower (or higher) than expectations due to the acuteness of stakeholder involvement. It can be said that this model follows that of a flowchart in many ways, outlining who is responsible for the actions of (an)other.

SECURITYSecurity is the alternate side of the security model, and as such, is but one half of the whole. This model indicates whether parties believe their information actions are protected from access or use by any others. Due to its wide applicability within the realm of critical information flows, it can be implemented in a wide variety of ways. This, however, can be mitigated by drafting policies that provide foundational guidance, based on best practices. Security could also be understood as narrower than privacy, and but one way to implement or attain private status, although many other options exist and could be substituted. For this reason, security is myopic but ever-important in policy matters.

While the aforementioned types of micro-analysis can be used within the framework, they are but one methodology of use; in fact, higher-level analysis could be done, as well. In fact, whole sections of policies, laws, guidelines, and reports could be dumped into the framework for analysis to find flaws and begin corrective actions. As an example, I took entire sections of the IRTPA law and input them into the framework. While this type of analysis is too broad for the purposes of this paper, it does serve to illustrate the framework is robust and scaleable to the needs of the audience. [Table B].

Insight at this level of analysis is found within the titles of IRTPA, the first record analyzed. Within the IRTPA law, there are no less than eight titles, twelve subtitles, seven detailed reports, and well over 210 sections. The titles (and subtitles), however, provide analysis at a higher macro-level than can be found within the sections, but a higher level analysis is also useful for pointing out differences or comparison purposes, either with implementation, or similarly themed policy items of interest.


TOPAS (c) 2008 Framework Policy, Law, or Guideline of Interest: IRTPA (2004)

TRANSPARENCYTITLE I—REFORM OF THE INTELLIGENCE COMMUNITY, Subtitle A—Establishment of Director of National Intelligence - Sec.1016. Information Sharing; Subtitle E—Additional Improvements of Intelligence Activities - Sec. 1052. Open-source intelligence; TITLE V—BORDER PROTECTION, IMMIGRATION, AND VISA MATTERS, Subtitle F—Grand Jury Information Sharing

OVERSIGHT TITLE V—BORDER PROTECTION, IMMIGRATION, AND VISA MATTERS, Subtitle B—Border and Immigration Enforcement, Subtitle D—Additional Enforcement Tools

PRIVACY

TITLE I—REFORM OF THE INTELLIGENCE COMMUNITY, Subtitle F—Privacy and Civil Liberties, Sec. 1061. Privacy and Civil Liberties Oversight Board, Sec. 1062. Sense of Congress on designation of privacy and civil liberties officers; Sec. 8304. Protection of civil rights and civil liberties by Office of Inspector General; TITLE VII—IMPLEMENTATION OF 9/11 COMMISSION, Subtitle C—Homeland Security Civil Rights and Civil Liberties Protection, Sec. 8305. Privacy officer.

ACCOUNTABILITY TITLE I—REFORM OF THE INTELLIGENCE COMMUNITY, Subtitle A—Establishment of Director of National Intelligence

SECURITY

TITLE IV—TRANSPORTATION SECURITY, Subtitle A—National Strategy for Transportation Security; Subtitle B—Aviation Security; Subtitle C—Air Cargo Security; Subtitle D—Maritime Security; TITLE V—BORDER PROTECTION, IMMIGRATION, AND VISA MATTERS, Subtitle A—Advanced Technology Northern Border Security Pilot Program; TITLE VII—IMPLEMENTATION OF 9/11 COMMISSION RECOMMENDATIONS, Subtitle B—Terrorist Travel and Effective Screening, Sec. 7206. Immigration security initiative, Subtitle D—Homeland Security; TITLE VIII—OTHER MATTERS, Subtitle C—Homeland Security Civil Rights and Civil Liberties Protection, Sec. 8306. Protections for human research subjects of the Department of HomelandSecurity; SEC. 8304. PROTECTION OF CIVIL RIGHTS AND CIVIL LIBERTIES BY OFFICE OF INSPECTOR GENERAL.

Table B: Macro analysis of the IRTPA law within the framework

The examples used within the framework do not necessarily reflect all that could be included from the IRTPA law but serve to inform us of the absence of attention to a particular area. What remains clear in this analysis is the fact that accountability (explicit statements) to the American public is completely lacking in this document. In a democratic society, it is necessary for governments to recognize it serves at the demand or bequest of its public. While it does provide protection of civil rights and civil liberties, it does not explicitly state any defined accountability to the public. The lack of accountability serves to remind us that we have a long way to go towards government accountability efforts for the public.

For the purposes of this paper, for these records, I shall define terms in the policy records of interest which refer back to the framework. For instance, in the Memorandum for the Heads of Executive Departments and Agencies, the following terms apply in this context and framework of analysis: any term relating back towards “information sharing” fits into the transparency model; “Project Manager”, “DNI”/Director of National Intelligence, “President”/”George W. Bush”, “Attorney General”, “Director of OMB”, “APHS-CT” (Assistant to the President for Homeland Security and Counterterrorism), “APNSA” (Assistant to the President for National Security Affairs”, “ISC”/“Information Sharing Council”, “Attorney General”, a list of laws led by the Constitution of the United States, secretaries of defense, treasury, commerce, homeland security, state, energy and health & human services, along with


the “heads of executive departments and agencies” fit into the oversight model; the conditions set forth for “Guideline 5” relates to the privacy rights (privacy model) of Americans; the term “Americans” in this record fits into the accountability model; the terms “homeland security” and “national security” fit rather sloppily into the security model.

The President of the United States may issue memorandum to quickly disseminate public policies. In analyzing this particular record, it is not easily identifiable as incomplete. But in order for the framework to deal effectively with these issues, it must refer back to the premise that any policy (national security, information sharing, or otherwise) must readily conform to an accountability to the American public. In light of this context, the transparency model is not complete. It includes a term “as appropriate” when referring to private industry. A review of the National Strategy for Homeland Security reveals that private industry controls 85% of American infrastructure [10]. It is not in our best interests as a nation to preclude any part of the private sector as the control of infrastructure will not be simply given over to comply with information sharing demands, nor should it be. Trust must be maintained and developed by systematically going through the framework as a whole. Cooperation is needed between private and public entities because any one entity alone can not carry out security of these infrastructures. According to secrecy expert Sissela Bok, “no one lives in complete isolation; and the problems of each person are intertwined with those of family members, friends, adversaries, colleagues, and other individuals”[11]. The same can be noted of organizations, and their relationships between and within each other. It is absolutely critical that there be interdependency among the public and private sector. For these reasons, it is best to move forward onto the next model to give a more complete picture of the analysis.

Taking a look into the next model, oversight, it is evident that much thought went into this particular realm. While the President remains at the top of the oversight hierarchy, directly beneath this role is that of the Director of National Intelligence who holds “authority, direction, and control over the PM”. Next in this line of hierarchy is that of the Project Manager whose responsibility is to ensure information sharing across the federal government. To facilitate these processes, various executive orders (EOs) were written to establish, implement, and maintain the ISE. In addition, the Constitution and the laws of the United States provide a backdrop with which to frame these matters in context of the American people. Namely, the memorandum itself is a formality, simply summarizing the key, salient points of the various EOs, acts, and guidelines in place directing facilitation of the ISE established under EO 13388 (2005).

While the Constitution does not reference privacy in any way, it is so interpreted by the courts to provide (or include) such rights to Americans. Many private sector companies with a web presence include privacy statements, and the Gramm-Leach-Bliley Act (1999) mandates that financial institutions must provide notice of such statements to consumers and comply with the law as enforced by the Federal Trade Commission. Unfortunately, many other industries do not have such privacy coverage, so efforts are largely mutually independent, and mainly a patchwork approach. As such, this concludes the privacy model of the framework.

Along these lines, a whole set of documents beginning with the EO 13388 and IRTPA form the basis for the memo, and would thus, also fall into this framework model. Other documents would include the Constitution of the United States (as the principle law document), followed by the executive orders and other pertinent laws which govern or are consistent with types of information sharing.


Under the accountability model, the main source of concentration should be that of the American public, but this is too simplistic. Instead, a fuller analysis of these provisions is needed to more fully complement the set of models in the framework. This would necessarily include the roles and responsibilities of the President and the Director of National Intelligence (DNI). While the President is ultimately responsible for the facilitation of information sharing within the federal government, he has clearly delegated main authority to the DNI, who is also over the PM. Under the role of the DNI are various councils, namely that of the ISC (Information Sharing Council) and the ISPCC (Information Sharing Policy Coordination Committee). Both furnish another set of eyes with which to scrutinize the work and powers of the upper hierarchy by providing advice, analysis, and recommendations on these matters.

Beneath these roles and next in line is that of the Attorney General and the Secretaries of State, Defense, and Homeland Security. Specifically, the Attorney General must coordinate, review, submit, and consult with agencies and the President, having authority over the agents as the chief law enforcement agent of the federal government. This role and the others provide yet another layer of accountability to one another to ensure the requirements of an ISE are performed completely. Without this type of hierarchy, it may be presupposed that the requirements and guidelines for information sharing would not be completed. This concludes the accountability model of the TOPAS(c) 2008

framework.

While the terms “homeland security” and “national security” fit rather sloppily into the security model, it is incomplete to believe that these encompass the full range of security as a whole. The security model of the framework is severely lacking in form and function, possibly due to the genre of the document. While it does reference the National Security Act and Council, along with the Department of Homeland Security Act and Department, there is no methodology mentioned to provide any type of security towards information sharing. It may be implied that the five guidelines infer a use of security measures to implement information sharing, but it is not explicitly stated in this document. Security is a necessary step needed to provide a form of protection of the types of information flows between and among the agencies and departments of the federal government. Because these methods are not explicitly stated in the model, this completes the analysis of the Memorandum for the Heads of Executive Departments and Agencies using the security model. And, another method of analysis for this document can be found in Table B.

In all, the goal of this memorandum is to establish common standards, frameworks to govern roles and responsibilities, and to provide five guidelines and training for those referenced in the document. For the purposes of this paper, this concludes an analysis of the Memorandum to the Heads of Executive Departments and Agencies using the five models of the TOPAS(c) 2008 framework.

The third document of analysis is that of the Message to the Congress of the United States on Information Sharing. A precursor to the previous document, Memorandum for the Heads of Executive Departments and Agencies, this record is also sent by the President aims to disseminate key policy information quickly. Documents like these are published and searchable for the public record on the White House website, as well as other publicly accessible websites. This document disseminates key, salient features of the guidelines and requirements for the ISE direct from the executive to the legislative branch. It also refers to related, complementary work in partnership between the two


branches that have historically provided checks-and-balances oversight powers to one another.

The transparency model would include any references to “information sharing”, “privacy information” and “terrorism information”. It includes partnerships between the federal government and other entities, as well as references to the fact that this is an ongoing initiative that many stakeholders have a vested interest in due to terrorist attacks. It also discusses relationships, culture, and designated resources assigned to terrorism information sharing activities. However by not explicitly stating that information sharing, is of itself, a crucial and critical problem which hindered the IC ability to detect and further identify terrorist activities here and abroad, it falls short. The sharing of information will forever be the most critical tool we can use to thwart and otherwise hinder terrorist activities and there should be a firm understanding that this is expected (or required) of every single American. Designating resources only shortens the list of personnel expected (or required) to implement information sharing and this is a severe limitation of this document. This concludes the analysis section of the transparency model.

For this document, the oversight model is lacking, mainly due to the length and breadth of the document as a whole. The Message does refer back to EOs and specific laws such as IRTPA, which is the basis for the Message and Memo. This record also references the guidelines set forth are in compliance and consistent with IRTPA. In fact, both the Memo and the Message contain reference to the policy guidelines which are direct implementations of the broader policy mandates of the Intelligence Reform and Terrorism Prevention Act (2004). These guidelines in of themselves provide oversight to inter- and intra-agency communication flows within both the intelligence community, as well as the heads of government, as directed by the President. As stated before, the President is ultimately responsible for implementation of the laws of the United States as the nation's chief executive, tasked to ensure the laws of the United States are carried out. Directly under the President in these guidelines is the Director of National Intelligence, and the authority of this officer is control over the actions of the Project Manager, specifically tasked with making sure information sharing occurs at the federal level.

Utilizing the privacy model, it is equally evident that brevity rules this matter in this document. Information protection is mentioned several times with respect to privacy “and other legal rights” of Americans, summarized in guideline 5, while it makes only two references to the “information privacy” of Americans. A strength is that it does mention the partnership with the private sector, which is very significant.. Referencing EO 13353 (2004), the President commits the federal government as a whole to protect the privacy rights of its citizens in the facilitation of national and homeland security functions within 90 days from the issuance of the memo. The memo itself does not indicate the manner in which information privacy will be protected, and blatantly encourages agencies to promote a culture of information sharing, thus precluding any privacy of information between and among agencies and departments. As the shorter document of the two submitted by the President, it contains much less detail than the other.

Next, the accountability model implies that the protection of information is “vital” to protect American (lives). Rather than stating that the people are the foundation of the government and must be protected, it instead references “decision makers and the men and women on the front lines in the War on Terror” as the accountable figureheads. I think this is a dangerous mistake, as framed in this way appears to denote that without support, something tragic could occur. This is also a crucial limitation, as this


constraint, in the eyes of this researcher, demonstrates the strained and contentious relationship between the two branches and thus, provides many points for further analysis of the actual implementation of IRTPA.

Finally, the security model is lacking altogether in this document. While it does make mention of the Homeland Security Act, there is not enough detail within from which to go forward under the model. The Message provides a basic summary without getting into specific details of how the ISE will be accomplished. Only in implementation can one really observe whether the security model meets (or misses) the mark in terms of successful facilitation and use of information sharing standards and guidelines. This is a micro-analysis of this document and serves to illustrate the scaleability of the framework.

Figure A: Foundations of the National Strategy for Information Sharing [also, reference 9]TOPAS (c) 2008 Framework Policy, Law, or Guideline of Interest:

National Strategy on Information SharingTRANSPARENCY Part III, Sharing Information at the Federal Level; Part IV;

Part IV, Sharing Information with State, Local, and Tribal Governments; Part V, Sharing Information with the Private Sector; and Part VI, Sharing Information with Foreign Partners

OVERSIGHT No mention at all in this record

PRIVACY Part I, Introduction & Overview - Protecting Information Privacy and Other Legal Rights

ACCOUNTABILITY Part I, Introduction & Overview - Protecting Information Privacy and Other Legal Rights

SECURITY Part I, Introduction & Overview - Protecting Information Privacy and Other Legal Rights

Table C: Macro analysis of the National Strategy on Information Sharing within the framework


The fourth document of analysis is the National Strategy for Information Sharing, produced by the presidential administration of George W. Bush. It contains nine parts and is over 40 pages long. It is one of five national strategies; the others include the National Security Strategy, and National Strategy for Combating Terrorism, the National Strategy for Homeland Security, and the National Intelligence Strategy. Per the National Strategy for Information Sharing, the foundation of information sharing is the protection of privacy and other legal rights of the American people. In direct contrast to the IRTPA law, it does explicitly state, “accordingly, our efforts will remain relentless on two fronts -- protecting our people, communities, and infrastructure from attack and zealously protecting the information privacy and other legal rights of Americans” [12]. However, it is strangely lacking any mention of oversight, unlike that of the IRTPA law which clearly and explicitly details oversight.

The National Strategy for Information Sharing, issued in Sept. 2006 shows an effort among the government and state, local, tribal, private sector, and foreign partners to alter practices that remain stagnant in the past belief that terrorist acts would not touch U.S. soil, and reinforces the imperative of improved information sharing in this dangerous climate. The Strategy was developed with the understanding that homeland security information, terrorism information, and law enforcement information related to terrorism can emanate from multiple sources, at all levels of government, as well as from private sector organizations and foreign sources.

The TOPAS© 2008 Approach

The TOPAS© 2008 approach seeks to be a holistic, comprehensive, and robust tool of analysis to discover discrepancies, strengths, and to identify flawed self-assessments and lessons learned through compare and contrast to understand, resolve, and respond to defective information flows for the purposes of public policy matters. Combined with a view of the micro-level and macro-levels described in Table D, it is useful and can be applied broadly or narrowly defined for analysis purposes.

MYOPIC HOLISTIC local or national approaches global approaches

intra-agency communications (information flows) inter- and intra-agency communications (information flows)

industry (domain) specific protections of information

adoption of best practices applied to all information flows

(c) 2008 – Alina J. Johnson Table D

DiscussionIntelligence Reform and Terrorism Prevention Act, 2004Message to the Congress of the United States on Information Sharing, Dec. 16, 2005Memorandum for the Heads of Executive Departments and Agencies, Dec. 16, 2005National Strategy for Information Sharing, October 2007

The purpose of this paper was to explore the information sharing policies within a framework of analysis to determine if better outcomes could occur. As in most policy documents, the first few


sections of IRTPA in its entirety are terms and definitions to assist the reader in wading through the repetitive phrases throughout. Section 1016 is the Information Sharing section that established and defines a Program Manager; an Information Sharing Council composed entirely of designees from the IC; terrorism information; and an Information Sharing Environment (ISE). The ISE is a term shared by all of the documents, and serves to provide a common language for these types of policy matters across agencies. As the 9/11 report states, “the major policy agencies of the government did not meet the threat” [13]. In order to meet the threat, the federal government developed a series of national strategies and passed a series of laws meant to facilitate communicative sharing between and among private and public sector.

The documents produced (plans, reports, and guidelines) are broad- reaching as they affect secure identification (biometrics), infrastructure threat assessment (border security and private industry electronic and physical safeguards), travel, federal government organizational structure (chain of command), privacy, security, national intelligence, and most importantly, information sharing. Before the 9/11 report recommendations, there was no one established policy, rule, standard, architecture, procedure, process, or system to facilitate the sharing of information across independent and autonomous communities. According to the National Strategy on Information Sharing, five distinct communities worked in isolation: intelligence, law enforcement, defense, homeland security, and foreign affairs [14].

Recommendations

First, policy makers must not insist upon secrecy as a shield to conducting anti-terrorist activities. Trust can not be built or developed with the American public by hiding or otherwise concealing its activities. It is my belief that this policy must be reversed to gain buy-in with policy implementation not only by the private sector and industry, but with the American consumer. Government secrecy must not be the norm for activities conducting to counter terrorism.

Second, policy makers and decision makers must acknowledge their faults. In a recent Parade magazine article interview with CIA director Hayden, he failed to acknowledge the faults of the agency. When asked if he agreed with the belief that the CIA failed to see the rise of Islamic terrorism, he said, “I strongly disagree”[15]. This is a blatant disregard to acknowledge and correct the problems that led up to the events surrounding 9/11 from a top agency official, and quite simply, detestable. Leaders must not fall to hubris or cognitive biases that limit their understanding and ability to adapt to changing situations.

Third, there must be reasoning by analysis that explores the full set of possibilities in which circumstances warrant a response on a yearly, monthly, weekly, daily, hourly, or minute-by-minute basis. It is my hope that the TOPAS© 2008 framework can provide several levels of analysis for policymakers to make good, effective policies and/or examine existing policies. Fourth, there must be a paradigm shift in thought processes at the highest level of government to understand that no one wants to be left out of the process, and secrecy (not sharing information) is dangerous, in light of what did occur. It is no longer acceptable nor expected that secrecy be used as a means to implement policy or shield actions from oversight and accountability. While there is a need for classification, it should not be used, as it has by the Vice-President Dick Cheney, to shield documents from public review. In a surprising move, he blatantly refused to submit documents for declassification as every cabinet officer


in his position has, simply stating his office was (a) not an agency of the executive branch, and (b) his office and the President’s office are the same, therefore exempt from EO 12958 [16]. The National Archives has historically kept the records of American Presidents and their administration, and America does not need leaders who believe and adopt practices that submit that they are above the law, and frankly, this is just embarrassing. Perhaps if he were challenged by then-Attorney General Gonzalez, he would have been more forthcoming. Transparency must be a staple of the government as it seeks to implement laws that affect our everyday lives.

Conclusion

Finally, it is highly recommended that transparency, accountability, privacy measures, accountability, and security measures be used as a guide for policy making and policy analysis. Experience has shown that there is no single source for information related to terrorism. It is derived by gathering, fusing, analyzing, and evaluating relevant information from a broad array of sources on a continuous basis. Much like the diversification of portfolio stocks where risk is equitably dispersed throughout, relying too much on any one source can expose one to the single point of failure phenomenon. It is important that the risks weighed are distributed fairly among all stakeholders, and it must be known that pivotal and critical information can come through the valiant efforts of many. Risk can be mitigated by establishing sound practices. In this way, we are all responsible for protecting our information, whether we are citizens, the private sector, security specialists, law enforcement, or governmental entities. We must all think holistically in ways that encourage partnerships and collaborations, here and abroad. Collectively and collaboratively, we must work together to ensure that our information is soundly protected as we are the guardians of our destiny for ourselves, and our future. Effective policymaking in government is possible, if we remain accountable to one another and provide transparency, oversight, security, and privacy principles for our critical information flows.


Cited References

[1] http://travel.state.gov/travel/cbpmc/cbpmc_2223.html

[2] http://epic.org/press/011108.html

[3] http://www.dhs.gov/index.shtm

[4] Surowiekcki, J. (2004). The Wisdom of Crowds. New York: Doubleday, p. 69.

[5] http://www.gpoaccess.gov/serialset/creports/intel_reform.html

[6] http://www.fas.org/sgp/crs/secrecy/97-71.pdf

[7] http://www.whitehouse.gov/news/releases/2005/12/20051216-10.html

[8] http://www.whitehouse.gov/news/releases/2005/12/20051216-9.html

[9] http://www.whitehouse.gov/nsc/infosharing/

[10]http://www.whitehouse.gov/homeland/book/nat_strat_hls.pdf

[11] Bok, S. Secrets: On the Ethics of Concealment and Revelation. New York: Vintage Books, p. 85.

[12] http://www.whitehouse.gov/nsc/infosharing/sectionI.html

[13] Editors. (2008, Feb. 10) Newsmakers: Inside the CIA. Parade Magazine, 12.

[14] The 9/11 Commission Report. (2004). New York: W.W. Norton & Company, 349.

[15] http://www.whitehouse.gov/nsc/infosharing/NSIS_book.pdf

[16] http://www.slate.com/id/2169209/entry/0/

http://www.slate.com/id/2169209/entry/0/

http://www.whitehouse.gov/nsc/infosharing/NSIS_book.pdf

http://www.whitehouse.gov/nsc/infosharing/sectionI.html

http://www.whitehouse.gov/homeland/book/nat_strat_hls.pdf

http://www.whitehouse.gov/nsc/infosharing/

http://www.whitehouse.gov/news/releases/2005/12/20051216-9.html

http://www.whitehouse.gov/news/releases/2005/12/20051216-9.html

http://www.fas.org/sgp/crs/secrecy/97-71.pdf

http://www.gpoaccess.gov/serialset/creports/intel_reform.html

http://www.dhs.gov/index.shtm

http://epic.org/press/011108.html

http://travel.state.gov/travel/cbpmc/cbpmc_2223.html


Appendices

Table A: The Intelligence Community (IC) Mission and Vision Statements

The Intelligence Community (IC) Mission and Vision Statements Word Frequency Cloud

All IRTPA (2004) sections (only)

National Strategy for Information Sharing (front cover)

Message to the Congress of the United States on Information Sharing

Memorandum for the Heads of Executive Departments and Agencies

The Intelligence Community (insignias) – from the DNI Handbook: An Overview of the United States Intelligence Community.pdf


The Intelligence Community Mission and Vision Statements

ARMY The mission of Army Intelligence is to facilitate Army transformation and support the warfighting Combatant Commanders by resourcing, fielding and sustaining the world's premier military intelligence force.

NSA The National Security Agency (NSA) is the nation's cryptologic organization and as such, coordinates, directs, and performs highly specialized activities to produce foreign intelligence information and protect US information systems.

NRO The National Reconnaissance Office's mission is to enable US global information superiority, during peace through war.

NGA The National Geospatial-Intelligence Agency (NGA) is a major intelligence and combat support agency of the Department of Defense. It supports U.S. national policy makers and military forces by providing timely, relevant, and accurate geospatial intelligence derived by the exploitation and analysis of imagery and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the Earth. As the Intelligence Community's functional manager for baseline geospatial intelligence, NGA provides critical support to the national decision-making process and the operational readiness of America's military forces.

NAVY

The US Navy, one of the four military services in the Department of Defense, mission is to maintain, train and equip combat-ready Naval forces capable of winning wars, deterring aggression and maintaining freedom of the seas.

MARINES The Marine Corps is committed to achieving excellence in intelligence capability - tailored to meet the needs of the National Military Strategy and the complexity and rigors of supporting deployed expeditionary forces.

NSI The Office of National Security Intelligence is responsible for providing drug-related information responsive to IC requirements. DEA/NN establishes and manages centralized tasking of requests for and analysis of national security information obtained during the course of DEA's drug enforcement.

DEA Terrorism and Financial Intelligence (TFI) - TFI was created in 2004 to marshal the Department's


unique policy focus, financial intelligence, global network, regulatory responsibilities, tools and authorities to safeguard the financial system and counter the financial underpinnings of national security threats.

State Department The Bureau of Intelligence and Research (INR) functions as the "eyes and ears" of the State Department and provides continuous real-time intelligence support to both senior policymakers and working-level officials.

FBI The mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United States, and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

DHS The Department's mission is to prevent and deter terrorist attacks and protect against and respond to threats and hazards to the nation.

DOE The Department of Energy is a cabinet-level agency whose mission it is to foster a secure and reliable energy system that is environmentally and economically sustainable, to be a responsible steward of the Nation's nuclear weapons, and to support continued United States leadership in science and technology

DIA DIA’s mission is to provide timely and objective military intelligence to warfighters, policymakers, and force planners.

USCG USCG (Coast Guard) Its core roles are to protect the public, the environment, and U.S. economic and security interests in any maritime region in which those interests may be at risk, including international waters and America's coasts, ports, and inland waterways.

CIA CIA's primary mission is to collect, analyze, evaluate, and disseminate foreign intelligence to assist the President and senior US government policymakers in making decisions relating to national security.

AIR FORCE Air Force ISR operators seek to advance the Air Force core competency of information superiority on a global basis. Their mission is to build the foundation for information dominance in tomorrow's battlespace and to ensure mission success by delivering on-time, tailored ISR information to users worldwide, from the crewmember to the Commander in Chief.


SECTION 1. SHORT TITLE; TABLE OF CONTENTS.


(a) SHORT TITLE.—This Act may be cited as the ‘‘IntelligenceReform and Terrorism Prevention Act of 2004’’.(b) TABLE OF CONTENTS.—The table of contents for this Act isas follows:

TITLE I—REFORM OF THE INTELLIGENCE COMMUNITYSec. 1001. Short title.

Subtitle A—Establishment of Director of National IntelligenceSec. 1011. Reorganization and improvement of management of intelligence community.Sec. 1012. Revised definition of national intelligence.Sec. 1013. Joint procedures for operational coordination between Department of Defenseand Central Intelligence Agency.Sec. 1014. Role of Director of National Intelligence in appointment of certain officialsresponsible for intelligence-related activities.Sec. 1015. Executive Schedule matters.Sec. 1016. Information sharing.Sec. 1017. Alternative analysis of intelligence by the intelligence community.Sec. 1018. Presidential guidelines on implementation and preservation of authorities.Sec. 1019. Assignment of responsibilities relating to analytic integrity.Sec. 1020. Safeguard of objectivity in intelligence analysis.

Subtitle B—National Counterterrorism Center, National Counter ProliferationCenter, and National Intelligence CentersSec. 1021. National Counterterrorism Center.Sec. 1022. National Counter Proliferation Center.Sec. 1023. National intelligence centers.

Subtitle C—Joint Intelligence Community CouncilSec. 1031. Joint Intelligence Community Council.

Subtitle D—Improvement of Education for the Intelligence CommunitySec. 1041. Additional education and training requirements.Sec. 1042. Cross-disciplinary education and training.Sec. 1043. Intelligence Community Scholarship Program.

Subtitle E—Additional Improvements of Intelligence ActivitiesSec. 1051. Service and national laboratories and the intelligence community.Sec. 1052. Open-source intelligence.Sec. 1053. National Intelligence Reserve Corps.

Subtitle F—Privacy and Civil LibertiesSec. 1061. Privacy and Civil Liberties Oversight Board.Sec. 1062. Sense of Congress on designation of privacy and civil liberties officers.

Subtitle G—Conforming and Other AmendmentsSec. 1071. Conforming amendments relating to roles of Director of National Intelligenceand Director of the Central Intelligence Agency.Sec. 1072. Other conforming amendments.Sec. 1073. Elements of intelligence community under National Security Act of 1947.Sec. 1074. Redesignation of National Foreign Intelligence Program as National IntelligenceProgram.Sec. 1075. Repeal of superseded authority.Sec. 1076. Clerical amendments to National Security Act of 1947.Sec. 1077. Conforming amendments relating to prohibiting dual service of the Directorof the Central Intelligence Agency.Sec. 1078. Authority to establish inspector general for the Office of the Director ofNational Intelligence.Sec. 1079. Ethics matters.Sec. 1080. Construction of authority of Director of National Intelligence to acquireand manage property and services.Sec. 1081. General references.

Subtitle H—Transfer, Termination, Transition, and Other ProvisionsSec. 1091. Transfer of Community Management Staff.Sec. 1092. Transfer of Terrorist Threat Integration Center.Sec. 1093. Termination of positions of Assistant Directors of Central Intelligence.Sec. 1094. Implementation plan.Sec. 1095. Director of National Intelligence report on implementation of intelligencecommunity reform.


Sec. 1096. Transitional authorities.

Subtitle H—Transfer, Termination, Transition, and Other ProvisionsSec. 1097. Effective dates.

Subtitle I—Other MattersSec. 1101. Study of promotion and professional military education school selectionrates for military intelligence officers.Sec. 1102. Extension and improvement of authorities of Public Interest DeclassificationBoard. ((43 so far))Sec. 1103. Severability.

TITLE II—FEDERAL BUREAU OF INVESTIGATIONSec. 2001. Improvement of intelligence capabilities of the Federal Bureau of Investigation.Sec. 2002. Directorate of Intelligence of the Federal Bureau of Investigation.Sec. 2003. Federal Bureau of Investigation intelligence career service.Sec. 2004. Federal Bureau of Investigation Reserve Service.Sec. 2005. Federal Bureau of Investigation mandatory separation age.Sec. 2006. Federal Bureau of Investigation use of translators.

TITLE III—SECURITY CLEARANCESSec. 3001. Security clearances.

TITLE IV—TRANSPORTATION SECURITY

Subtitle A—National Strategy for Transportation SecuritySec. 4001. National Strategy for Transportation Security.

Subtitle B—Aviation SecuritySec. 4011. Provision for the use of biometric or other technology.Sec. 4012. Advanced airline passenger prescreening.Sec. 4013. Deployment and use of detection equipment at airport screening checkpoints.Sec. 4014. Advanced airport checkpoint screening devices.Sec. 4015. Improvement of screener job performance.Sec. 4016. Federal air marshals.Sec. 4017. International agreements to allow maximum deployment of Federal airmarshals.Sec. 4018. Foreign air marshal training.Sec. 4019. In-line checked baggage screening.Sec. 4020. Checked baggage screening area monitoring.Sec. 4021. Wireless communication.Sec. 4022. Improved pilot licenses.Sec. 4023. Aviation security staffing.Sec. 4024. Improved explosive detection systems.Sec. 4025. Prohibited items list.Sec. 4026. Man-Portable Air Defense Systems (MANPADs).Sec. 4027. Technical corrections.Sec. 4028. Report on secondary flight deck barriers.Sec. 4029. Extension of authorization of aviation security funding.

Subtitle C—Air Cargo SecuritySec. 4051. Pilot program to evaluate use of blast resistant cargo and baggage containers.Sec. 4052. Air cargo security.Sec. 4053. Air cargo security regulations.Sec. 4054. Report on international air cargo threats.

Subtitle D—Maritime SecuritySec. 4071. Watch lists for passengers aboard vessels.Sec. 4072. Deadlines for completion of certain plans, reports, and assessments.

Subtitle E—General ProvisionsSec. 4081. Definitions.Sec. 4082. Effective date.

TITLE V—BORDER PROTECTION, IMMIGRATION, AND VISA MATTERS

Subtitle A—Advanced Technology Northern Border Security Pilot ProgramSec. 5101. Establishment.Sec. 5102. Program requirements.Sec. 5103. Administrative provisions.


Sec. 5104. Report.Sec. 5105. Authorization of appropriations.

Subtitle B—Border and Immigration EnforcementSec. 5201. Border surveillance.TITLE V—BORDER PROTECTION, IMMIGRATION, AND VISA MATTERSSubtitle B—Border and Immigration EnforcementSec. 5202. Increase in full-time Border Patrol agents.Sec. 5203. Increase in full-time immigration and customs enforcement investigators.Sec. 5204. Increase in detention bed space.

Subtitle C—Visa RequirementsSec. 5301. In person interviews of visa applicants.Sec. 5302. Visa application requirements.Sec. 5303. Effective date.Sec. 5304. Revocation of visas and other travel documentation.

Subtitle D—Immigration ReformSec. 5401. Bringing in and harboring certain aliens.Sec. 5402. Deportation of aliens who have received military-type training from terroristorganizations.Sec. 5403. Study and report on terrorists in the asylum system.

Subtitle E—Treatment of Aliens Who Commit Acts of Torture, Extrajudicial Killings,or Other Atrocities AbroadSec. 5501. Inadmissibility and deportability of aliens who have committed acts oftorture or extrajudicial killings abroad.Sec. 5502. Inadmissibility and deportability of foreign government officials whohave committed particularly severe violations of religious freedom.Sec. 5503. Waiver of inadmissibility.Sec. 5504. Bar to good moral character for aliens who have committed acts of torture,extrajudicial killings, or severe violations of religious freedom.Sec. 5505. Establishment of the Office of Special Investigations.Sec. 5506. Report on implementation.

TITLE VI—TERRORISM PREVENTION

Subtitle A—Individual Terrorists as Agents of Foreign PowersSec. 6001. Individual terrorists as agents of foreign powers.Sec. 6002. Additional semiannual reporting requirements under the Foreign IntelligenceSurveillance Act of 1978.

Subtitle B—Money Laundering and Terrorist FinancingSec. 6101. Additional authorization for finCEN.Sec. 6102. Money laundering and financial crimes strategy reauthorization.

Subtitle C—Money Laundering Abatement and Financial Antiterrorism TechnicalCorrectionsSec. 6201. Short title.Sec. 6202. Technical corrections to Public Law 107–56.Sec. 6203. Technical corrections to other provisions of law.Sec. 6204. Repeal of review.Sec. 6205. Effective date.

Subtitle D—Additional Enforcement ToolsSec. 6301. Bureau of Engraving and Printing security printing.Sec. 6302. Reporting of certain cross-border transmittal of funds.Sec. 6303. Terrorism financing.

Subtitle E—Criminal History Background ChecksSec. 6401. Protect Act.Sec. 6402. Reviews of criminal records of applicants for private security officer employment.Sec. 6403. Criminal history background checks.

Subtitle F—Grand Jury Information SharingSec. 6501. Grand jury information sharing.

Subtitle G—Providing Material Support to TerrorismSec. 6601. Short title.Sec. 6602. Receiving military-type training from a foreign terrorist organization.


Sec. 6603. Additions to offense of providing material support to terrorism.Sec. 6604. Financing of terrorism.

Subtitle H—Stop Terrorist and Military Hoaxes Act of 2004Sec. 6701. Short title.Sec. 6702. Hoaxes and recovery costs.Sec. 6703. Obstruction of justice and false statements in terrorism cases.Sec. 6704. Clarification of definition.TITLE VI—TERRORISM PREVENTION

Subtitle I—Weapons of Mass Destruction Prohibition Improvement Act of 2004Sec. 6801. Short title.Sec. 6802. Weapons of mass destruction.Sec. 6803. Participation in nuclear and weapons of mass destruction threats to theUnited States.

Subtitle J—Prevention of Terrorist Access to Destructive Weapons Act of 2004Sec. 6901. Short title.Sec. 6902. Findings and purpose.Sec. 6903. Missile systems designed to destroy aircraft.Sec. 6904. Atomic weapons.Sec. 6905. Radiological dispersal devices.Sec. 6906. Variola virus.Sec. 6907. Interception of communications.Sec. 6908. Amendments to section 2332b(g)(5)(b) of title 18, United States Code.Sec. 6909. Amendments to section 1956(c)(7)(d) of title 18, United States Code.Sec. 6910. Export licensing process.Sec. 6911. Clerical amendments.

Subtitle K—Pretrial Detention of TerroristsSec. 6951. Short title.Sec. 6952. Presumption for pretrial detention in cases involving terrorism.

TITLE VII—IMPLEMENTATION OF 9/11 COMMISSION RECOMMENDATIONSSec. 7001. Short title.

Subtitle A—Diplomacy, Foreign Aid, and the Military in the War on TerrorismSec. 7101. Findings.Sec. 7102. Terrorist sanctuaries.Sec. 7103. United States commitment to the future of Pakistan.Sec. 7104. Assistance for Afghanistan.Sec. 7105. The relationship between the United States and Saudi Arabia.Sec. 7106. Efforts to combat Islamist terrorism.Sec. 7107. United States policy toward dictatorships.Sec. 7108. Promotion of free media and other American values.Sec. 7109. Public diplomacy responsibilities of the Department of State.Sec. 7110. Public diplomacy training.Sec. 7111. Promoting democracy and human rights at international organizations.Sec. 7112. Expansion of United States scholarship and exchange programs in the Islamicworld.Sec. 7112. Pilot program to provide grants to American-sponsored schools in predominantlyMuslim countries to provide scholarships.Sec. 7113. International Youth Opportunity Fund.Sec. 7114. The use of economic policies to combat terrorism.Sec. 7115. Middle East partnership initiative.Sec. 7116. Comprehensive coalition strategy for fighting terrorism.Sec. 7117. Financing of terrorism.Sec. 7118. Designation of foreign terrorist organizations.Sec. 7119. Report to Congress.Sec. 7120. Case-Zablocki Act requirements.Sec. 7121. Effective date.

Subtitle B—Terrorist Travel and Effective ScreeningSec. 7201. Counterterrorist travel intelligence.Sec. 7202. Establishment of human smuggling and trafficking center.Sec. 7203. Responsibilities and functions of consular officers.Sec. 7204. International agreements to track and curtail terrorist travel through theuse of fraudulently obtained documents.Sec. 7205. International standards for transliteration of names into the Roman alphabetfor international travel documents and name-based watchlist


systems.Sec. 7206. Immigration security initiative.Sec. 7207. Certification regarding technology for visa waiver participants.Sec. 7208. Biometric entry and exit data system.Sec. 7209. Travel documents.Sec. 7210. Exchange of terrorist information and increased preinspection at foreignairports.Sec. 7211. Minimum standards for birth certificates.Sec. 7212. Driver’s licenses and personal identification cards.Sec. 7213. Social security cards and numbers.

TITLE VII—IMPLEMENTATION OF 9/11 COMMISSION RECOMMENDATIONSSubtitle B—Terrorist Travel and Effective ScreeningSec. 7214. Prohibition of the display of social security account numbers on driver’slicenses or motor vehicle registrations.Sec. 7215. Terrorist travel program.Sec. 7216. Increase in penalties for fraud and related activity.Sec. 7217. Study on allegedly lost or stolen passports.Sec. 7218. Establishment of visa and passport security program in the Departmentof State.Sec. 7219. Effective date.Sec. 7220. Identification standards.

Subtitle C—National PreparednessSec. 7301. The incident command system.Sec. 7302. National capital region mutual aid.Sec. 7303. Enhancement of public safety communications interoperability.Sec. 7304. Regional model strategic plan pilot projects.Sec. 7305. Private sector preparedness.Sec. 7306. Critical infrastructure and readiness assessments.Sec. 7307. Northern command and defense of the United States homeland.Sec. 7308. Effective date.

Subtitle D—Homeland SecuritySec. 7401. Sense of Congress on first responder funding.Sec. 7402. Coordination of industry efforts.Sec. 7403. Study regarding nationwide emergency notification system.Sec. 7404. Pilot study to move warning systems into the modern digital age.Sec. 7405. Required coordination.Sec. 7406. Emergency preparedness compacts.Sec. 7407. Responsibilities of counternarcotics office.Sec. 7408. Use of counternarcotics enforcement activities in certain employee performanceappraisals.

Subtitle E—Public Safety SpectrumSec. 7501. Digital television conversion deadline.Sec. 7502. Studies on telecommunications capabilities and requirements.

Subtitle F—Presidential TransitionSec. 7601. Presidential transition.

Subtitle G—Improving International Standards and Cooperation to Fight TerroristFinancingSec. 7701. Improving international standards and cooperation to fight terrorist financing.Sec. 7702. Definitions.Sec. 7703. Expanded reporting and testimony requirements for the Secretary of theTreasury.Sec. 7704. Coordination of United States Government efforts.

Subtitle H—Emergency Financial PreparednessSec. 7801. Delegation authority of the Secretary of the Treasury.Sec. 7802. Treasury support for financial services industry preparedness and responseand consumer education.Sec. 7803. Emergency Securities Response Act of 2004.Sec. 7804. Private sector preparedness.

TITLE VIII—OTHER MATTERS

Subtitle A—Intelligence MattersSec. 8101. Intelligence community use of National Infrastructure Simulation and


Analysis Center.rDate Aug 04 2004 09:32 Dec 10, 2004 Jkt 097107 PO 00000 Frm 00006 Fmt 6659 Sfmt 6613 E:\HR\OC\HR796.XXX HR796Subtitle B—Department of Homeland Security MattersSec. 8201. Homeland security geospatial information.

Subtitle C—Homeland Security Civil Rights and Civil Liberties ProtectionSec. 8301. Short title.Sec. 8302. Mission of Department of Homeland Security.Sec. 8303. Officer for Civil Rights and Civil Liberties.Sec. 8304. Protection of civil rights and civil liberties by Office of Inspector General.Sec. 8305. Privacy officer.Sec. 8306. Protections for human research subjects of the Department of HomelandSecurity.

TITLE VIII—OTHER MATTERSSubtitle D—Other MattersSec. 8401. Amendments to Clinger-Cohen Act provisions to enhance agency planningfor information security needs.Sec. 8402. Enterprise architecture.Sec. 8403. Financial disclosure and records.Sec. 8404. Extension of requirement for air carriers to honor tickets for suspendedair passenger service.

For Immediate ReleaseOffice of the Press Secretary


December 16, 2005

Message to the Congress of the United States on Information Sharing TO THE CONGRESS OF THE UNITED STATES: The robust and effective sharing of terrorism information is vital to protecting Americans and the Homeland from terrorist attacks. To ensure that we succeed in this mission, my Administration is working to implement the Information Sharing Environment (ISE) called for by section 1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). The ISE is intended to enable the Federal Government and our State, local, tribal, and private sector partners to share appropriate information relating to terrorists, their threats, plans, networks, supporters, and capabilities while, at the same time, respecting the information privacy and other legal rights of all Americans.

Today, I issued a set of guidelines and requirements that represent a significant step in the establishment of the ISE. These guidelines and requirements, which are consistent with the provisions of section 1016(d) of IRTPA, are set forth in a memorandum to the heads of executive departments and agencies. The guidelines and requirements also address collateral issues that are essential to any meaningful progress on information sharing. In sum, these guidelines will:

• clarify roles and authorities across executive departments and agencies;

• implement common standards and architectures to further facilitate timely and effective information sharing;

• improve the Federal Government's terrorism information sharing relationships with State, local, and tribal governments, the private sector, and foreign allies;

• revamp antiquated classification and marking systems, as they relate to sensitive but unclassified information;

• ensure that information privacy and other legal rights of Americans are protected in the development and implementation of the ISE; and

• ensure that departments and agencies promote a culture of information sharing by assigning personnel and dedicating resources to terrorism information sharing.

The guidelines build on the strong commitment that my Administration and the Congress have already made to strengthening information sharing, as evidenced by Executive Orders 13311 of July 27, 2003, and 13388 of October 25, 2005, section 892 of the Homeland Security Act of 2002, the USA PATRIOT Act, and sections 1011 and 1016 of the IRTPA. While much work has been done by executive departments and agencies, more is required to fully develop and implement the ISE.

To lead this national effort, I designated the Program Manager (PM) responsible for information sharing across the Federal Government, and directed that the PM and his office be part of the Office of the Director of National Intelligence (DNI), and that the DNI exercise authority, direction, and control over the PM and ensure that the PM carries out his responsibilities under section 1016 of IRTPA. I fully support the efforts of the PM and the Information Sharing Council to transform our current capabilities into the desired ISE, and I have directed all heads of executive departments and agencies to support the PM and the DNI to meet our stated objectives.

Creating the ISE is a difficult and complex task that will require a sustained effort and strong partnership with the Congress. I know that you share my commitment to achieve the goal of providing decision makers and the men and women on the front lines in the War on Terror with the best possible information to protect our Nation. I appreciate your support to date and look forward to working with you in the months ahead on this critical initiative.

GEORGE W. BUSH

THE WHITE HOUSE,


December 16, 2005.

# # #

For Immediate ReleaseOffice of the Press Secretary

December 16, 2005

Memorandum for the Heads of Executive Departments and Agencies SUBJECT: Guidelines and Requirements in Support of the Information Sharing Environment

Ensuring the appropriate access to, and the sharing, integration, and use of, information by Federal, State, local, and tribal agencies with counterterrorism responsibilities, and, as appropriate, private sector entities, while protecting the information privacy and other legal rights of Americans, remains a high priority for the United States and a necessity for winning the war on terror. Consistent with section 1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 (Public Law 108 458) (IRTPA), my Administration is working to create an Information Sharing Environment (ISE) to facilitate the sharing of terrorism information (as defined in Executive Order 13388 of October 25, 2005).

Section 1016 of IRTPA supplements section 892 of the Homeland Security Act of 2002 (Public Law 107 296), Executive Order 13311 of July 29, 2003, and other Presidential guidance, which address various aspects of information access. On April 15, 2005, consistent with section 1016(f) of IRTPA, I designated the program manager (PM) responsible for information sharing across the Federal Government. On June 2, 2005, my memorandum entitled "Strengthening Information Sharing, Access, and Integration - Organizational, Management, and Policy Development Structures for Creating the Terrorism Information Sharing Environment" directed that the PM and his office be part of the Office of the Director of National Intelligence (DNI), and that the DNI exercise authority, direction, and control over the PM and ensure that the PM carries out his responsibilities under IRTPA. On October 25, 2005, I issued Executive Order 13388 to facilitate the work of the PM and the expeditious establishment of the ISE and restructure the Information Sharing Council (ISC), which provides advice concerning and assists in the establishment, implementation, and maintenance of the ISE.

On June 2, 2005, I also established the Information Sharing Policy Coordination Committee (ISPCC), which is chaired jointly by the Homeland Security Council (HSC) and the National Security Council (NSC), and which has the responsibilities set forth in section D of Homeland Security Presidential Directive 1 and other relevant presidential guidance with respect to information sharing. The ISPCC is the main day-to-day forum for interagency coordination of information sharing policy, including the resolution of issues raised by the PM, and provides policy analysis and recommendations for consideration by the more senior committees of the HSC and NSC systems and ensures timely responses.

Section 1016(d) of IRTPA calls for leveraging all ongoing efforts consistent with establishing the ISE, the issuance of guidelines for acquiring, accessing, sharing, and using information in support of the ISE and for protecting privacy and civil liberties in the development of the ISE, and the promotion of a culture of information sharing. Consistent with the Constitution and the laws of the United States, including section 103 of the National Security Act of 1947, as amended, and sections 1016 and 1018 of IRTPA, I hereby direct as follows:

1. Leveraging Ongoing Information Sharing Efforts in the Development of the ISE . The ISE shall build upon existing Federal Government policies, standards, procedures, programs, systems, and architectures (collectively "resources") used for the sharing and integration of and access to terrorism information, and shall leverage those resources to the maximum extent practicable, with the objective of establishing a decentralized, comprehensive, and coordinated environment for the sharing and integration of such information.

a. The DNI shall direct the PM to conduct and complete, within 90 days after the date of this memorandum, in consultation with the ISC, a comprehensive evaluation of existing resources pertaining to terrorism information sharing employed by individual or multiple executive departments and agencies. Such evaluation shall assess such resources for their utility and


integrative potential in furtherance of the establishment of the ISE and shall identify any unnecessary redundancies.

b. To ensure that the ISE supports the needs of executive departments and agencies with counterterrorism responsibilities, and consistent with section 1021 of IRTPA, the DNI shall direct the PM, jointly with the Director of the National Counterterrorism Center (NCTC), and in coordination with the heads of relevant executive departments and agencies, to review and identify the respective missions, roles, and responsibilities of such executive departments and agencies, both as producers and users of terrorism information, relating to the acquisition, access, retention, production, use, management, and sharing of terrorism information. The findings shall be reviewed through the interagency policy coordination process, and any recommendations for the further definition, reconciliation, or alteration of such missions, roles, and responsibilities shall be submitted, within 180 days after the date of this memorandum, by the DNI to the President for approval through the Assistant to the President for Homeland Security and Counterterrorism (APHS-CT) and the Assistant to the President for National Security Affairs (APNSA). This effort shall be coordinated as appropriate with the tasks assigned under the Guidelines set forth in section 2 of this memorandum.

c. Upon the submission of findings as directed in the preceding paragraph (1(b)), the DNI shall direct the PM, in consultation with the ISC, to develop, in a manner consistent with applicable law, the policies, procedures, and architectures needed to create the ISE, which shall support the counterterrorism missions, roles, and responsibilities of executive departments and agencies. These policies, procedures, and architectures shall be reviewed through the interagency policy coordination process, and shall be submitted, within 180 days after the submission of findings as directed in the preceding paragraph (1(b)), by the DNI to the President for approval through the APHS-CT and the APNSA.

2. Information Sharing Guidelines. Consistent with section 1016(d) of IRTPA, I hereby issue the following guidelines and related requirements, the implementation of which shall be conducted in consultation with, and with support from, the PM as directed by the DNI:

a. Guideline 1 - Define Common Standards for How Information is Acquired, Accessed, Shared , and Used Within the ISE

The ISE must, to the extent possible, be supported by common standards that maximize the acquisition, access, retention, production, use, management, and sharing of terrorism information within the ISE consistent with the protection of intelligence, law enforcement, protective, and military sources, methods, and activities.

Consistent with Executive Order 13388 and IRTPA, the DNI, in coordination with the Secretaries of State, Defense, and Homeland Security, and the Attorney General, shall develop and issue, within 90 days after the date of this memorandum, common standards (i) for preparing terrorism information for maximum distribution and access, (ii) to enable the acquisition, access, retention, production, use, management, and sharing of terrorism information within the ISE while safeguarding such information and protecting sources and methods from unauthorized use or disclosure, (iii) for implementing legal requirements relating to the handling of specific types of information, and (iv) that include the appropriate method for the Government-wide adoption and implementation of such standards. Such standards shall accommodate and reflect the sharing of terrorism information, as appropriate, with State, local, and tribal governments, law enforcement agencies, and the private sector. Within 90 days after the issuance of such standards, the Secretary of Homeland Security and the Attorney General shall jointly disseminate such standards for use by


State, local, and tribal governments, law enforcement agencies, and the private sector, on a mandatory basis where possible and a voluntary basis where not. The DNI may amend the common standards from time to time as appropriate through the same process by which the DNI issued them.

b. Guideline 2 - Develop a Common Framework for the Sharing of Information Between and Among Executive Departments and Agencies and State, Local, and Tribal Governments, Law Enforcement Agencies, and the Private Sector

Recognizing that the war on terror must be a national effort, State, local, and tribal governments, law enforcement agencies, and the private sector must have the opportunity to participate as full partners in the ISE, to the extent consistent with applicable laws and executive orders and directives, the protection of national security, and the protection of the information privacy rights and other legal rights of Americans.

Within 180 days after the date of this memorandum, the Secretary of Homeland Security and the Attorney General, in consultation with the Secretaries of State, Defense, and Health and Human Services, and the DNI, and consistent with the findings of the counterterrorism missions, roles, and responsibilities review under section 1 of this memorandum, shall:

(i) perform a comprehensive review of the authorities and responsibilities of executive departments and agencies regarding information sharing with State, local, and tribal governments, law enforcement agencies, and the private sector; and

(ii) submit to the President for approval, through the APHS-CT and the APNSA, a recommended framework to govern the roles and responsibilities of executive departments and agencies pertaining to the acquisition, access, retention, production, use, management, and sharing of homeland security information, law enforcement information, and terrorism information between and among such departments and agencies and State, local, and tribal governments, law enforcement agencies, and private sector entities.

c. Guideline 3 - Standardize Procedures for Sensitive But Unclassified Information

To promote and enhance the effective and efficient acquisition, access, retention, production, use, management, and sharing of Sensitive But Unclassified (SBU) information, including homeland security information, law enforcement information, and terrorism information, procedures and standards for designating, marking, and handling SBU information (collectively "SBU procedures") must be standardized across the Federal Government. SBU procedures must promote appropriate and consistent safeguarding of the information and must be appropriately shared with, and accommodate and reflect the imperative for timely and accurate dissemination of terrorism information to, State, local, and tribal governments, law enforcement agencies, and private sector entities. This effort must be consistent with Executive Orders 13311 and 13388, section 892 of the Homeland Security Act of 2002, section 1016 of IRTPA, section 102A of the National Security Act of 1947, the Freedom of Information Act, the Privacy Act of 1974, and other applicable laws and executive orders and directives.

(i) Within 90 days after the date of this memorandum, each executive department and agency will conduct an inventory of its SBU procedures, determine the underlying authority for each entry in the inventory, and provide an assessment of the effectiveness of its existing SBU procedures. The results of each inventory shall be reported to the DNI, who shall provide the compiled results to the Secretary of Homeland Security and the Attorney General.


(ii) Within 90 days after receiving the compiled results of the inventories required under the preceding paragraph (i), the Secretary of Homeland Security and the Attorney General, in coordination with the Secretaries of State, Defense, and Energy, and the DNI, shall submit to the President for approval recommendations for the standardization of SBU procedures for homeland security information, law enforcement information, and terrorism information in the manner described in paragraph (iv) below.

(iii) Within 1 year after the date of this memorandum, the DNI, in coordination with the Secretaries of State, the Treasury, Defense, Commerce, Energy, Homeland Security, Health and Human Services, and the Attorney General, and in consultation with all other heads of relevant executive departments and agencies, shall submit to the President for approval recommendations for the standardization of SBU procedures for all types of information not addressed by the preceding paragraph (ii) in the manner described in paragraph (iv) below.

(iv) All recommendations required to be submitted to the President under this Guideline shall be submitted through the Director of the Office of Management and Budget (OMB), the APHS-CT, and the APNSA, as a report that contains the following:

(A) recommendations for government-wide policies and procedures to standardize SBU procedures;

(B) recommendations, as appropriate, for legislative, policy, regulatory, and administrative changes; and

(C) an assessment by each department and agency participating in the SBU procedures review process of the costs and budgetary considerations for all proposed changes to marking conventions, handling caveats, and other procedures pertaining to SBU information.

(v) Upon the approval by the President of the recommendations submitted under this Guideline, heads of executive departments and agencies shall ensure on an ongoing basis that such recommendations are fully implemented in such department or agency, as applicable. The DNI shall direct the PM to support executive departments and agencies in such implementation, as well as in the development of relevant guidance and training programs for the standardized SBU procedures.

d. Guideline 4 - Facilitate Information Sharing Between Executive Departments and Agencies and Foreign Partners

The ISE must support and facilitate appropriate terrorism information sharing between executive departments and agencies and foreign partners and allies. To that end, policies and procedures to facilitate such informational access and exchange, including those relating to the handling of information received from foreign governments, must be established consistent with applicable laws and executive orders and directives.

Within 180 days after the date of this memorandum, the Secretary of State, in coordination with the Secretaries of Defense, the Treasury, Commerce, and Homeland Security, the Attorney General, and the DNI, shall review existing authorities and submit to the President for approval, through the APHS-CT and the APNSA, recommendations for appropriate legislative, administrative, and policy changes to facilitate the sharing of terrorism information with foreign partners and allies, except for those activities conducted pursuant to sections 102A(k), 104A(f), and 119(f)(1)(E) of the National


Security Act of 1947.

e. Guideline 5 - Protect the Information Privacy Rights and Other Legal Rights of Americans

As recognized in Executive Order 13353 of August 27, 2004, the Federal Government has a solemn obligation, and must continue fully, to protect the legal rights of all Americans in the effective performance of national security and homeland security functions. Accordingly, in the development and use of the ISE, the information privacy rights and other legal rights of Americans must be protected.

(i) Within 180 days after the date of this memorandum, the Attorney General and the DNI, in coordination with the heads of executive departments and agencies that possess or use intelligence or terrorism information, shall (A) conduct a review of current executive department and agency information sharing policies and procedures regarding the protection of information privacy and other legal rights of Americans, (B) develop guidelines designed to be implemented by executive departments and agencies to ensure that the information privacy and other legal rights of Americans are protected in the development and use of the ISE, including in the acquisition, access, use, and storage of personally identifiable information, and (C) submit such guidelines to the President for approval through the Director of OMB, the APHS-CT, and the APNSA. Such guidelines shall not be inconsistent with Executive Order 12333 and guidance issued pursuant to that order.

(ii) Each head of an executive department or agency that possesses or uses intelligence or terrorism information shall ensure on an ongoing basis that (A) appropriate personnel, structures, training, and technologies are in place to ensure that terrorism information is shared in a manner that protects the information privacy and other legal rights of Americans, and (B) upon approval by the President of the guidelines developed under the preceding subsection (i), such guidelines are fully implemented in such department or agency.

3. Promoting a Culture of Information Sharing . Heads of executive departments and agencies must actively work to create a culture of information sharing within their respective departments or agencies by assigning personnel and dedicating resources to terrorism information sharing, by reducing disincentives to such sharing, and by holding their senior managers and officials accountable for improved and increased sharing of such information.

Accordingly, each head of an executive department or agency that possesses or uses intelligence or terrorism information shall:

a. within 90 days after the date of this memorandum, designate a senior official who possesses knowledge of the operational and policy aspects of information sharing to (i) provide accountability and oversight for terrorism information sharing within such department and agency, (ii) work with the PM, in consultation with the ISC, to develop high level information sharing performance measures for the department or agency to be assessed no less than semiannually, and (iii) provide, through the department or agency head, an annual report to the DNI on best practices of and remaining barriers to optimal terrorism information sharing;

b. within 180 days after the date of this memorandum, develop and issue guidelines, provide training and incentives, and hold relevant personnel accountable for the improved and increased sharing of terrorism information. Such guidelines and training shall seek to reduce obstructions to sharing, consistent with applicable laws and regulations. Accountability efforts shall include the requirement to add a performance evaluation element on information sharing to employees' annual Performance Appraisal Review, as appropriate, and shall focus on the sharing of information that supports the mission of the recipient of the information; and


c. bring to the attention of the Attorney General and the DNI, on an ongoing basis, any restriction contained in a rule, regulation, executive order or directive that significantly impedes the sharing of terrorism information and that such department or agency head believes is not required by applicable laws or to protect the information privacy rights and other legal rights of Americans. The Attorney General and the DNI shall review such restriction and jointly submit any recommendations for changes to such restriction to the APHS-CT and the APNSA for further review.

4. Heads of executive departments and agencies shall, to the extent permitted by law and subject to the availability of appropriations, provide assistance and information to the DNI and the PM in the implementation of this memorandum.

5. This memorandum:

a. shall be implemented in a manner consistent with applicable laws, including Federal laws protecting the information privacy rights and other legal rights of Americans, and subject to the availability of appropriations;

b. shall be implemented in a manner consistent with the statutory authority of the principal officers of executive departments and agencies as heads of their respective departments or agencies;

c. shall not be construed to impair or otherwise affect the functions of the Director of the Office of Management and Budget relating to budget, administrative, and legislative proposals; and

d. is intended only to improve the internal management of the Federal Government and is not intended to, and does not, create any rights or benefits, substantive or procedural, enforceable at law or in equity by a party against the United States, its departments, agencies, or entities, its officers, employees, or agencies, or any other person.

GEORGE W. BUSH

# # #

Critical Information Flows

News & Politics

Transcript of Critical Information Flows