#pagename#

Daniel J. Gallington
Senior Research Fellow
Potomac Institute for Policy Studies
July 29, 2003

One of the key findings of the Joint Congressional Intelligence Committee Inquiry into the 9/11 terrorist attack, was that Government agencies did not share the information they had that was relevant to the attacks and the hijackers. Despite the creation of the Terrorist Threat Information Center and the Department of Homeland Security, information sharing will continue to be a serious problem until the Federal Government re-defines traditional information categories relevant to terrorism. This is because many nontraditional categories of information are potentially relevant to catching terrorism in its planning stages and preventing another catastrophic attack, which, if carried out with weapons of mass destruction, could cause many thousands of deaths and injuries in America.

What do we mean by "information categories", and why are they so important in the war on terrorism? If you ask the Intelligence Community about relevant terrorism information, they will talk about highly classified information, usually acquired through sensitive means, called "sources and methods". Ask Federal law enforcement, and they will tell you that criminal investigations are the best source of terrorist related information, and that a network of informants is the best way to "get inside". Ask state and local law enforcement, and they will tell you that they rarely get helpful information, whether it's intelligence or law enforcement related, from their Federal counterparts. Yet, as it turned out in the 9/11 situation, a lot of the information about the hijackers was at the state and local level; it was never asked for by Federal officials, because they didn't know to ask for it or what to ask for.

The reason for these anomalies is that each agency jealously protects its "turf" and the information category related to it; they are not set up to share information because of the way responsibilities were divided between them more than 30 years ago! Essentially, we are still trying to force a responsive terrorism information system into a structure defined by out of date rules and practices. For example:

The Privacy Act, parts of which requires Federal agencies to not share information; or to keep information in separate categories;
The "ORCON" rule, which allows the originator of intelligence information to control its release;
Essentially, there are no incentives to "mix" different sources or categories of information together; in fact, attempts to do this create "problems" for information managers, classifiers and de-classifiers, so the practice is avoided;
There remains a bureaucratic bias against using or even finding out about different sources of potentially relevant federal regulatory data and information from state and local authorities - while some of this reluctance comes from Privacy Act limitations, some of it is just "old thinking" and lack of creativity in the various agencies; and,
A general reluctance to use, collect, incorporate any "U.S. Person" information in any intelligence product, because of the perceived internal handling problems such creates within the agency - such practice goes beyond the original intention of restrictions on use of such information.

In addition, there are serious dangers to privacy in continuing this approach to gathering terrorist related information. Why? The shortcomings of the old structure have encouraged the development and use of private sources of information, which include commercial information and information "publicly available." This means that the Federal Government can essentially buy all the information that is available for sale on a specific person, providing it also meets the criteria of the particular agency's rules.

While private sources of information will continue to be legitimate and important sources of information in the war on terrorism, no one imagined (when the rules were written which allow this practice) that so much data would be in this category. The point here is that the category of publicly available information has grown far too large and needs to be more precisely defined with regard to its nature, content, and relationship to the terrorist threat, rather than its simple availability by purchase.

How can we make changes to information categories in a responsible way - and in a way that will more effectively use information to go after terrorists who want to strike us in America?

A new category of information is necessary for the war on terrorism. It has to be flexible, including intelligence, counter-intelligence, law enforcement, agency regulatory data, state and local information; and, to protect the privacy of Americans, the categories of relevant information should be more specifically defined. As with the system of Congressional oversight of traditional intelligence activities, the new system needs an oversight structure to build confidence, and separate protocols for tailored release of relevant information to federal, state, and local authorities.

There are several technical challenges to such a new system: it must assure the anonymity of all "U.S. Person" related information, from whatever source; in other words, identities would be protected through a system of coding and "selective revelation." The system should require the constant application of current "red team" terrorist scenarios to the data deemed relevant to terrorist activity. Finally, it should be subject to continuous review and update to ensure that the specific information categories remain relevant and that the right information is getting to the right place at the right time.

On June 24, 2003, at a Capitol Hill Roundtable Discussion held by the Potomac Institute for Policy Studies, the details of such a new information structure were proposed (see discussion proposal). The Potomac Institute, through Project GUARDIAN, will continue to serve as a forum for discussion of the dynamics between new technologies and civil liberties in context of the war on terrorism. One of the goals of Project GUARDIAN is to provide workable policy solutions to these intricate problems; the discussion proposal is a framework for such a solution.