The Seven Years’ War

Boston police used their fusion center to surveil my journalistic actions. It took nearly seven years for BPD to hold itself somewhat accountable, and only after they used my information in a Department of Homeland Security conference presentation.

The department violated transparency laws and their own policies to hide their surveillance of me covering the Boston Marathon as a reporter. Despite their silence and purging of records, I finally got answers.

In April 2015, two years after the bombing of the Boston Marathon, the city’s police announced that they would detain anyone present on the streets around the finish line on the day of the race in order to search their personal property. The Boston Police Department also announced a sweeping ban on bags and containers (unless they were small and transparent).

While the events of 2013 spurred compelling reasons to upgrade security measures, they didn’t unwrite constitutional protections against unreasonable search and seizure. Or at least that’s what I thought, and so my goal on Marathon Monday in 2015 was to examine the gray area police were operating in by phrasing the bans as requests but then enforcing them like laws.

My news-gathering activities that day were monitored by law enforcement who identified my former news outlet, the Bay State Examiner, and knew they were tracking a journalist. As part of their targeted monitoring, officers disseminated a live timeline of my travel and activity to all their colleagues and partners from various local, state, and federal agencies. Later, they would use a photo of their surveillance operation-in-progress in a presentation at a Department of Homeland Security conference to brag about their skill in real-time tracking of a target.

Only now, years after I complained about this chilling violation of my First Amendment rights and privacy, do I know the truth about what happened behind the scenes—including how the Boston police handled my complaint. The lesson they appear to have learned: if the department conducts similar surveillance on reporters in the future, they need to do a better job of covering their actions to avoid getting discredited and exposed.

Marathon Monday, 2015

The marathon was in progress when I entered an area near the security hub near the finish line wearing a backpack. To begin documenting the checkpoints, I spoke with security guards and police officers and asked what would happen if I entered the area and exercised my Fourth Amendment rights to refuse to allow a search of my bags. They initially responded that I would not be able to enter through the checkpoint, but I wasn’t threatened with arrest. 

I didn’t know it at the time, but as I advanced to other checkpoints and continued to ask questions about bag searches, police began to monitor me as the only “Sig[nificant]” security event present. At some checkpoints, cops said that I would be arrested if I entered the secure area, despite it being a public sidewalk, while declining to allow a search of my bag (the contents of which included a wooden middle-finger statue and about a hundred printed copies of the Fourth Amendment). 

In speaking with police in Back Bay, there was confusion about what I’d actually be cuffed for. Still, they were explicit in that I would be arrested. Eventually, they said the charges would be for disorderly conduct due to my refusing to allow a search of my bag.

After that explanatory interaction, another cop tailed me to the next checkpoint. When I asked the checkers there if they’d arrest me for trying to enter with my bag, I was told no, but that I would “be dealt with accordingly”—a threat to stop me by force, but without detaining me. Their behavior only escalated from there; I was then physically removed from two other checkpoints by cops. I was not injured, but noted that the use of physical force on a journalist for declining a search of her bags on a public sidewalk is not justifiable. In comparison, police routinely arrest members of the public for using the level of force that they used on me against officers.

As I now know, my journalistic attempts to document the BPD’s unconstitutional bag searches led to my actions being deemed that day’s “significant event.” As a result of this designation, I was tracked, with data on my real-time location and activity broadcast to all working law enforcement by the BPD-run Boston Regional Intelligence Center, better known as the BRIC.

BRIC is one of America’s many regional fusion centers, which are law enforcement hubs built under the guise of the war on terror. They supposedly exist to pass intelligence between federal, state, and local agencies with the idea that such coordination will help foil terrorist plots. In practice, however, the BRIC has been used to, among other things, build a problematic “gang database” that was rebuked by the courts, to target activists and journalists like myself, and to circumvent sanctuary city policies so that Boston school records could be used in deportation hearings against students

On Marathon Monday 2015, BRIC helped officers working the race perimeter target and monitor a journalist. In doing so, those manning the intelligence center failed to follow their own privacy policy by spreading information about me without checking that information’s value. This failure coincides with, and appears to have led to, the aforementioned escalations in tactics including threatening and violent policing of me. They also violated their privacy policy by showing a photo of their surveillance setup in a presentation made to a number of law enforcement agencies, plus broke the Bay State’s public information law by purging records they received and shared about me.

Image via BRIC presentation at DHS headquarters

BRIC city

I learned about the BRIC’s surveillance of me several months after the 2015 Boston Marathon. The discovery came after BPD/BRIC Senior Intelligence Analyst Ryan Walsh spoke at DHS headquarters in Washington, DC during the agency’s National Geospatial Preparedness Summit later that year. His presentation, including a photo from the BRIC’s Boston Marathon command center, was posted online where it was found by another journalist and also flagged by the ACLU

On Oct. 24, 2015, I sought all records related to my surveillance under the Massachusetts public records law. The BPD violated the law by missing the 10(ish) business day deadline to respond; then, on Nov. 16, they claimed to not have any records. I responded by sending them the picture from the BRIC presentation that clearly shows that they had records of law enforcement surveillance occurring. The department never turned over those records, despite the law requiring them to and it being a violation that could carry fines or jail time (if the law were ever enforced).

Seeking another course of action, I then examined the BRIC privacy policy, which states that “if an individual has a complaint with regard to the accuracy or completeness of terrorism-related protected information that … Is exempt from disclosure … or … Is held by the BRIC and … Allegedly has resulted in demonstrable harm to the complainant … the individual may submit a complaint.” After which, “The Privacy Officer, on behalf of the Privacy Committee, will then acknowledge the complaint and state that it will be reviewed, but will not confirm the existence or nonexistence of the information to the complainant unless otherwise required by law.”

On Nov. 28, 2015, I filed a complaint under the above provisions with help from Digital Fourth, a nonprofit that advocates for Fourth Amendment rights. I was in a rare situation, where the existence of the picture from the presentation at the DPH proved the BRIC had watched me and passed records about me and my news outlet to other law enforcement outfits. Due to their reporting about my activity, the officers I met at checkpoints intensified our encounters, first to threats and then to the actual use of physical force. I clearly had standing to make a privacy complaint under the policy, and cited harms related to my physical treatment as well as the chilling effect that such handling and surveillance has on the First Amendment’s free press protections.

My complaint also addressed the violation of the state’s public records law—both in terms of missing the 10-day window to respond to my request, and then for returning a response saying they had no records about me or the Bay State Examiner when their own presentation showed that to be untrue. The state’s public records law is dysfunctional and rarely enforced, but I still asked the Secretary of the Commonwealth’s office (which oversees the law) to send the case to the Attorney General’s Office for criminal prosecution. Violations of the law can carry fines and penalties including up to a year of prison time, but despite the clearcut violations, no enforcement action was taken.

After a long wait … 

Nearly six years passed before I heard anything about my complaint. Even then, the information didn’t come from the BPD or BRIC.

In August 2021, Emiliano Falcon, policy counsel for the Technology for Liberty Program at the ACLU of Massachusetts, received a partial log of cases pending before the BRIC Privacy Committee. My complaint was among them. In September 2022, Digital Fourth obtained a full copy of the fusion center’s privacy log. According to that document, my complaint had moved from “pending” to “resolved.”

Getting a complaint sent to the so-called Privacy Committee sounds like it should have been a step towards some answers. However, subsequent public records work by Digital Fourth found that “prior to September 2022, the ‘Privacy Committee’ was not an official board with standing meetings. … Meeting minutes or agendas were not drafted.” In other words, no records exist that could show what was done about my complaint, by who, or even when.

What we do know is that in the time since they were called out for the activities described herein, the BPD and BRIC have not made public efforts to improve relations with the media or the department’s compliance with the records law. Critics including the ACLU have fried the fusion center on multiple occasions. And while the Boston City Council has put some checks on law enforcement in place around these issues, BPD is always seeking workarounds and back doors.

At this year’s marathon, targeted policing was again on full display. A massive police presence was rolled out at the Heartbreak Hill cheer zone. The area was home base for two of the region’s premier clubs for BIPOC runners, and reportedly had more attention from authorities than locations nearby where there were drunk people vomiting on the actual course. The over-policing was flagrant enough (and documented in enough viral videos) that the Boston Athletic Association even had to apologize.

The policing of a section of this year’s race where Black running clubs were gathered made national news

Let the records show

As Digital Fourth and I learned more than half-a-decade after the incident, the BRIC first fielded an inquiry about their monitoring of me from another journalist whose name and publication are redacted in the privacy log. The reporter asked why the BRIC was monitoring the media, and according to their log from Nov. 9, 2015, the agency explained in response: “The purpose of the presentation was mistaken. The presentation was showing the capabilities of the software to share activities in real time to assist our (BPD) management of dynamic events, and this was an example of that capability, nothing to do with relationship with the media.”

Another BRIC privacy log, from December 2015, addresses my complaint:

On December 8, David Carabin,” [Carabin is now the director of the BRIC, and was on the 2016 National Geospatial Preparedness Summit steering committee]  “received and reviewed a letter addressed to the BRIC Privacy Committee…

Synopsis: On August 4th, the BRIC presented at the National Geospatial Preparedness Summit in Washington, DC. The presentation was intended to share GIS (mapping) related lessons learned by the BRIC over the last several years in our efforts to provide support to BPD’s special events and critical incidents, and our development of a “Common Operating Picture” (COP) for sharing operational information during such events/incidents in real time. On October 19, we were advised that our presentation was posted on the internet by the hosts of the training conference. We requested that it be removed and destroyed, and our request was honored. Unfortunately, the ACLU and others picked up on it, found it controversial and brought additional attention to it on Twitter.

The “unfortunate” part of the incident—that the media and watchdogs caught them, not that they targeted a journalist in the first place. The entry continues:

One of the slides includes a photo of our COP while it was being used during the 2015 Boston Marathon. In the photo (attached), there is a stream of information being shared, advising leadership that “3 individuals from the [REDACTED] [are] going from checkpoint to checkpoint testing security measures and filming interactions…” If you recall, this originally was reported as suspicious activity involving unknown people testing security checkpoints, and it was later determined to be the [REDACTED].”

In Ms. [REDACTED]’s letter, she advises of several matters that she believes to be a violation of the BRIC’s Privacy Policy, but also violations to her rights. She also believes that we did not properly honor her FOIA from March 13, 2015, requesting all BRIC files on “[REDACTED]” and/or the “[REDACTED]”. BPD’s response advised that the BRIC does NOT have records that satisfy her request. 

The fact of the matter is that the BRIC did not and still does not have records on [REDACTED] or the [REDACTED]. The photo is not part of an intelligence file or record of criminal activity, nor was the original information retained for intelligence purposes.

The record does exist. I requested it. Under the law, that is a responsive record. They claim it isn’t responsive because it wasn’t “retained for intelligence purposes,” but the law does not consider why a record exists or what it was retained for, except to check to see if it falls under a specific exemption. If it is exempt, the record’s existence must be disclosed and the exemption must be cited with an explanation as to why it applies to the record. Agencies cannot pretend the record does not exist.

BRIC respondents also claimed that the “original information was shared by a partner agency to advise on the context of a situation that was affecting security procedures during the Boston Marathon, and this information was purged after the event.” This appears to be an explanation of how BRIC agents destroyed records related to the monitoring of a journalist, and since the state has thorough laws determining retention, it could also be a blunt admission of criminal destruction of records.

Left unaddressed in the intel center’s minimal opaque responses is that the BRIC’s privacy policy states agents cannot share information without first assessing it for sensitive data, checking its value, and attempting to verify. The BRIC/BPD received and shared my info, both of which should have triggered copy retention. But if they shared my info in real time, they could not have possibly verified or assessed it. Meanwhile, the BRIC must have determined that the information was not valuable, given the agency’s claim that they “purged” all the records related to me immediately after the event.

Nearly 500 Massachusetts National Guardsmen were activated to augment local authorities in providing public safety missions during the 2015 Boston Marathon, April 20, 2015. The Soldiers and Airmen provided route security along the historic route of the Boston Marathon. (Image and description via Massachusetts National Guard)

Transparency time travel

In an apparent desperate attempt to discredit me internally while dodging my inquiries, the BRIC accused me of either lying or traveling through time. As their logs falsely claim: my “FOIA request was received and handled on March 13, 2015 and handled/resolved on March 18, 2015. This was a month BEFORE the 2015 Boston Marathon. So, both the activities and the photo that she is complaining about did NOT exist at the time of her FOIA, which makes at least part of her argument irrelevant.”

In present-day reality, the request I made on Oct. 24, 2015 did not arrive at the BRIC/BPD on March 13, 2015. I do not have a flux capacitor; rather, they created a bizarre fiction (my copy of the records request can be seen here). The logs also claim my case was sent to a board that we now know didn’t meaningfully exist at the time: “On 12/8/15, this information was forwarded to the BRIC’s leadership and Privacy Committee, as well as BPD Legal and Media Relations, for advisement.”

At no point in the seven-year long complaint process was I contacted—including when the complaint was “resolved.” Still, the incident and coverup had a significant effect on me. The fact that cops can so freely surveil a reporter using a counterterrorism fusion center and broadcast her information to law enforcement brings the First Amendment’s freedom of the press protections into question. In my case, I wound up stepping away from in-person police documentation, in part because I was concerned about having the cops target me among other possible repercussions.

At the same time, I’m glad that I was able to follow up on my complaint. As it turns out, I can travel through time after all—almost eight years, into the future, to finally see how I was targeted and watched, and to then report back to the public about what happens when the media attempts to impugn law enforcement misconduct and blatant violations of our right to privacy.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.