Our local fusion center, BRIC, has been at the core of police efforts to surveil and suppress social movements for over a decade. And, since 2012, we’ve been calling them out on their abusive and un-Constitutional practices.
This October 30, please join us for a livestreamed discussion on fusion centers, with Boston City Councilor Ricardo Arroyo, law student Dani Hargus, and journalist Emma Best, moderated by our own Alex Marthews!
The key to understanding this document is that BRIC is legally obliged to follow 28 CFR Part 23. This is part of a Clinton-era Executive Order that tried to ensure that “criminal intelligence systems” don’t violate your Fourth Amendment rights. It makes it illegal for BRIC to keep a file on you not based on a “criminal predicate” — in other words, reasonable suspicion of your involvement in an actual crime.
As it turns out, BRIC’s attitude to this whole “Constitution” thing is a little … different.
BRIC’s Permanent Files
For its “Permanent” files, BRIC does indeed require a criminal predicate — though this document doesn’t include any information on how well that policy is followed.
BRIC’s Temporary Files
For its “Temporary” files, however, BRIC retains information on Boston area residents where “involvement in the suspected activity is questionable”, or where their identity cannot be established with certainty. The examples are that they have “possibleassociations with known criminals,” or that they have “criminal history” and “could again become criminally active.” BRIC retains “Temporary” files for up to a year, to see if information emerges that would enable to upgrade it to a “Permanent” file.
No. No, no. That’s not how the Fourth Amendment works. The government isn’t supposed to keep “criminal intelligence files” of people they generally believe to be Bad, or people with Bad Associations, based on a belief that they have a generalized propensity to commit crimes in the future. BRIC’s belief must be a reasonable one, based on evidence of your involvement in an actual crime. This violates 28 CFR Part 23 and, with it, the Fourth Amendment itself.
BRIC’s Interim Files
Oh, and it gets worse. Just in case their rules on “Temporary” criminal intelligence files don’t provide them with enough room to wiggle around the Constitution, BRIC allows itself a further category of “Interim” files. Apparently, BRIC can open an “Interim” file and retain it for up to 90 days if they receive “information that, absent additional information or change, would be deemed unnecessary for retention beyond a short term period,” or that is “specific to an anticipated event or incident with the potential for criminal conduct.”
I know, vague much?
It seems BRIC considers that they can open a file for 90 days based on literally anything at all. There’s no such thing as an “event or incident” with no “potential for criminal conduct.” This could cover everything down to your aunt’s Sunday evening knitting circle. “Interim Files” only exist as a category to allow BRIC essentially unfettered discretion.
To be fair, the Guidelines also tell BRIC employees what shouldn’t be in an intelligence file. This includes protected criminal record information, information “based solely on support of an unpopular cause”, information “based on ethnic background”, “based on religious or political affiliations” or “based on non-criminal personal habits;” and “associations that are not of a criminal nature.” However, we know from their gang databasing practices that their definition of what constitutes “associations of a criminal nature” is extremely broad, and that their notion of surveillance not “based solely” on religion, politics or ethnicity may differ sharply from Bostonians’ common understanding.
We call on BRIC to make available to the public, with any legally necessary redactions, a representative sample of its current Temporary, Interim and Permanent Files, and then to delete the Temporary and Interim Files as contrary to the Fourth Amendment.
Then, at least, we will know how much surveillance BRIC is conducting that is not based on at least reasonable suspicion of involvement in an actual crime.
The U. S. House just passed two bills under suspension, HR. 3503 and HR. 3598, sponsored by Rep. McCaul (R-TX-10) and Rep. Peter King (R-NY-2). For some reason, McCaul and King are fans of the inept and wasteful “fusion centers”, a network of 78 state-based centers funded partly through DHS.
The idea back in 2006 was that fusion centers would provide “joined-up intelligence”, coordinating federal and state information that would then thwart terrorist attacks in advance.
It didn’t quite work out that way. In fact, there’s good reason why fusion centers are not now the focus of intelligence sharing efforts: They turned out to be a waste of time and resources better spent elsewhere.
A bipartisan 2012 US Senate report blasted the fusion centers for failing to thwart any attacks, for wasting public funds on things like widescreen TVs (for “open source intelligence collection”), and for articulating absurd rationales for surveilling peaceful domestic activists. One fusion center labeled supporters of Ron Paul and the Campaign for Liberty as potential domestic terrorists; in Boston and around the country, veterans’ groups, the Occupy movement and Black Lives Matter have come under sustained scrutiny. Fusion centers don’t thwart terrorism; they offer states a bureaucratic mechanism to funnel DHS grants to, say, northeastern Ohio (which has its own fusion center), distributing them away from areas more likely to be targeted by terrorists. They collect and sit on mounds of unverified gossip about “suspicious” people, gossip that often appears motivated by racial or religious bias. These threats are nonsensical; there is no reason to lend them credence.
These bills should be seen clearly for what they are. They’re not efforts to actually thwart terrorist attacks better; they’re salvos in a turf war between intelligence agencies. Fusion centers are often left out of data sharing by other surveillance agencies, such as the FBI, TSA, CBP and other DHS agencies. Instead of allowing discretionary sharing with individual fusion centers, H. 3598 requires support for the National Fusion Center Network specifically, and aims to “ensur[e] that fusion centers in the Network are the primary focal points for the sharing of homeland security information, terrorism information, and weapons of mass destruction information with state and local entities.” HR. 3503 seeks to integrate fusion centers more closely with border security, in the form of CBP, TSA and the Coast Guard, forcing those agencies to analyze whether it would be beneficial to station CBP, TSA and CG personnel at fusion centers, in lieu of simply sharing data electronically. The bill gives the Under-Secretary of Intelligence and Analysis at DHS an ultimatum to agree within one year with all 78 fusion centers how DHS and the fusion centers will share and disclose data. Of course, the bills take no steps to make fusion centers effective in the future, so there’s no way to test whether the bills will actually do good if they pass. All they offer Congress is reports on whether fusion centers have particular policies, not whether the policies work; whether they are sharing information, not whether the sharing actually results in less terrorism or less crime.
We support the sharing of important, verified leads, based on probable cause of actual criminal plots. But these bills make us less, not more, safe, by encouraging the kind of information sharing that will overwhelm agencies like FBI and other parts of DHS with useless false positives. They will waste the time of FBI Joint Terrorism Task Force personnel, forcing them to spend time dealing with an extra agency when time is of the essence. There is no language that would involve actual evaluation of whether the information they hold is accurate, useful or constitutionally appropriate to hold. As constitutional activists, we’re no fans of the FBI’s efforts to convert themselves into a federal counterterrorism and domestic surveillance agency, and there’s plenty of overlap already among federal agencies fighting for a piece of the seemingly unending stream of counterterrorism tax dollars; but extending sharing further by forcing everything to go via the fusion centers seems even more counterproductive.
Call your Senator, and urge them to vote against these bills!
This story comes via a former Emmanuel College student, who received a BRIC “intelligence bulletin” to all students regarding a man stealing cell phones on his bicycle in the Fenway area (see below). Is it upsetting to have your cellphone stolen by an environmentally conscious thief? Yes. Is it at a level of criminality that warrants shoveling tens of millions of our dollars towards a gee-whiz high-tech surveillance center to gather information on all Massachusetts residents? Uh, probably not. Tell me again when we signed up for that?
Far from focusing on intelligence related to terrorism, in practice, the BRIC concentrates almost exclusively on criminal activity unrelated to any conceivable notion of what “terrorism” actually is. The truth is that the risk we face from terrorism is extremely low, but the continued existence of the BRIC, of 77 other “fusion centers” around the country, of the Department of Homeland Security itself, and of a whole ecosystem of security grifting companies, depends on taxpayers not working that out. So, to keep themselves going, BRIC has to use surveillance to disrupt a broad array of minimally criminal or even entirely non-criminal activity, and redefine that activity as much as possible as being terrorism. We have to be told, repeatedly, that the wolf is at the door, that things are getting worse, and that mass surveillance will actually help make things better. Here at Digital Fourth, we call this the “Bureaucratic Counterterrorism Imperative.”
With that in mind, here are the results of our latest Public Records Act request to the BRIC, which documents for the first time that BRIC does get data from intelligence agency sources.
The fusion centers gather a vast array of data on law-abiding Massachusetts residents whom they believe to have been behaving “suspiciously” in some lawful way. This violates the Fourth Amendment, and is also bad policy. Right now, as far as we have been able to determine, no external body ever evaluates the accuracy or appropriateness of the data the fusion centers hold. DHS evaluates them every five years to certify their adherence to DHS procedures for fusion centers; the fusion centers self-certify annually that they are ramping up according to plan, and that they respect privacy and civil liberties. (They give themselves full marks, naturally). That’s it.
We too dislike the fusion centers, and also see them as sinisterly ensnaring Massachusetts residents in a web of surveillance. To us, the question is not so much whether we as a state should regulate the fusion centers, but whether we should fire all their employees, blow up their buildings, and then salt the earth beneath them as a mark of horror for future generations. Still, still, we love that there is a fusion center reform bill, and we warmly support it.
The bill’s provisions make good, if incremental, sense. They require the fusion centers to audit themselves annually to determine whether they have investigations open that shouldn’t be, and make the report of that a public record; they empower an inspector-general to conduct outside audits; and they specify some metrics whereby the fusion centers can determine how well they are respecting people’s privacy. These are important first steps toward establishing whether anything that the fusion centers do, actually does the rest of us any good; and will prepare the ground better for us to have discussions in future years about closing them entirely.
8000-1001 For the Boston Regional Intelligence Center to upgrade, expand, and integrate technology and protocols related to anti-terrorism, anti-crime, anti-gang, and emergency response; provided that intelligence developed shall be shared with the BRIC communities and other State municipal and federal agencies as necessary; provided further, that BRIC shall provide technology required to access the intelligence with its municipal partners, the State police, the MBTA, the Mass Port Authority, and appropriate federal agencies to assure maximum interagency collaboration for public safety and homeland security………………………………………………………………………..$2,250,000
Commissioner Evans of the Boston PD came before the Boston City Council last week to counter activists’ arguments that adopting an ordinance mandating police body-worn cameras would decrease police uses of force and complaints. His favored alternative solutions were (1) more ice-cream socials, because Boston is a “model” city for community policing; (2) delay, because more research is needed on whether they would work in Boston; and (3) in a sit-down interview with the Boston Herald, calling for laws requiring citizens filming police to keep their distance and for them to help police subdue suspects.
We’ll get to the ice-cream socials in a minute, shall we?
“Fusion centers” are intelligence-aggregation operations, created after the 9/11 Commission found that, had agencies (namely the FBI and CIA) engaged in more free and open sharing of information, the terrorist attacks could have been prevented. (The laws in 2001 permitted sharing that would have prevented the attacks; but the agencies were overly cautious about sharing data out of turf concerns.)
There are now at least 78 fusion centers dispersed throughout the United States. They claim to focus mostly on collecting intelligence of activity that may have a “nexus” to terrorism, but also criminal activity more broadly. But they operate in almost total darkness, with virtually no transparency. The little we do know suggests that fusion centers neither prevent terrorist acts nor respect First Amendment rights to free speech and free association.
The Intercept reported last week on the fusion centers’ targeting of Black Lives Matter protests, but there are also many other examples, going back to the fusion centers’ founding. The ACLU of Massachusetts found that the Boston Regional Intelligence Center — one of two fusion centers in the Bay State — was spying on antiwar groups; the Austin Regional Intelligence Center was caught monitoring peaceful animal rights activists protesting a circus (I reported on this for MuckRock); and a fusion center in Nebraska — the Nebraska Information Analysis Center — has a special network focusing on activists opposing the Keystone XL pipeline. They justify such activities by claiming that they are monitoring “for situational awareness”, and that this doesn’t constitute surveillance. In fact, that’s exactly what surveillance is; “For Your Situational Awareness” is military jargon for obtaining the intelligence needed to make appropriate battlefield decisions.
Given the lack of sunlight surrounding the everyday activities of the dozens of fusion centers throughout the country, we decided we want to find out more. Naturally, we filed a public records request. We wanted to find out where our other local fusion center — the Commonwealth Fusion Center run by the Massachusetts State Police — gets their intelligence; who has authorized access to their databases; whether any errors in their databases have been discovered; and what kind of information the CFC has on myself and Alex Marthews, the national chair of Restore the Fourth.
I was willing to lay money that our friendly neighborhood fusion centers, the state-and-DHS-funded arms of the surveillance state, would be mixed up with HackingTeam somewhere. Looks like I win that bet.
Email #2640 shows the setup of a presentation from HackingTeam to the New Jersey fusion center’s most senior people, which apparently went ahead on November 1, 2013. The meeting was a success; by January, email #255362 shows that the fusion center was “interested in deploying” HackingTeam’s product. The subject line “DaVinci” shows what software is involved; “DaVinci” is the brand name for HackingTeam’s “remote control system” that promises to “break encryption and allow law enforcement agencies to monitor encrypted files and emails, Skype and other Voice over IP or chat communication […] It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer and works worldwide.” DaVinci has infamously been used by Middle Eastern governments to spy on Arab Spring activists.
It appears that the senior NJROIC figures were “excited about its capabilities.” I’ll bet they were.
The emails don’t go on to show whether NJROIC actually implemented DaVinci. Whether or not they did, it’s reasonable to deduce that NJROIC has a strong interest in being able to subvert NJ residents’ communications privacy. Reached for comment, an NJROIC spokesman was at pains to state that everything they do is under the guidance of the Attorney-General, conforms to applicable laws, and involves obtaining court orders and warrants as appropriate, but would not be drawn on the hypothetical question of whether encryption-subversion software would be treated as requiring a warrant.
Subverting encryption is, to an extent, a natural part of the arms race between users on one side, and the government and criminal hackers on the other. But if it’s done without the procedural safeguards embodied in the Fourth Amendment – safeguards that third-party firms like HackingTeam appear willing gleefully to ignore in pursuit of juicy contracts – it opens all of our communications to the government’s unsleeping eye, whether we try to encrypt them or not. The government should steer well away from this kind of “offensive cybersecurity”, and focus on keeping its elderly, hole-filled networks secure instead of exploring new ways to weaken yours and mine.
Ten months ago, Digital Fourth submitted a public records request to Boston’s fusion center, the Boston Regional Intelligence Center. It took two appeals to the Secretary of State to get it, but we finally got a response.
The states operate a network of 78 fusion centers across the nation, which coordinate intelligence-related information between federal agencies and state and local law enforcement, in the name of thwarting terrorist attacks. They have never, to anyone’s knowledge, actually thwarted one, and they have become bywords in Washington for waste and ineffectiveness. Previously, we reported on constitutional violations and the results of a FOIA request at Massachusetts’ “Commonwealth Fusion Center”, operated by the State Police; now it’s the turn of Massachusetts’ other fusion center, headquartered at the Boston PD.
The most interesting document we received is the “2013 Fusion Center Assessment Individual Report: Boston Regional Intelligence Center”. This report was heavily redacted, but luckily the State of Colorado has posted on its website an unredacted 2014 report from Colorado’s fusion center that is absolutely identical in format to the Boston report we received, rendering all of the redactions in the Boston report moot. So if you’d like to understand what the BRIC didn’t want us to see, read on.