W. Va. Debuts iPhone Snitch App
[A] project of the West Virginia Division of Homeland Security and Emergency Management and the West Virginia Intelligence Fusion Center, the app sends submitted information, including photos and texts, to the Fusion Center where the information can help authorities react to and prevent incidents from occurring.
What's wrong with this? As Spencer says:
There’s nothing in the app to stop you from snapping a picture of your annoying neighbor and sending it to the attention of federal and state counterterrorism agents in West Virginia, who can keep information on your neighbor’s face, body and perhaps his vehicle for an unspecified period of time.
As Spencer notes, W. Virginia is hardly a hotbed of terrorism. And this isn't just happening in West Virginia. The Department of Homeland Security has its "If You See Something, Say Something" program. Here is its current list of partners.
Under the federal program, "behavior reasonably indicative of criminal activity related to terrorism" is shared with federal partners through the Nationwide Sar Initiative.
The NSI is an administration-wide effort to develop, evaluate, and implement common processes and policies for gathering, documenting, processing, analyzing, and sharing information about terrorism-related suspicious activities. Led by the Department of Justice, the NSI is implemented in partnership with state and local officials across the nation.
Spencer correctly notes:
On its face, there’s nothing about the app that protects either the civil liberties of citizens or the busy schedules of West Virginia homeland security operatives. You don’t have to affirm that you have evidence of a crime, or even a suspected crime, to send information to the Fusion Center. Nor is it clear how long the Fusion Center can keep information on U.S. citizens or persons sent to it through the app. (More broadly, the guidelines for the nationwide network of homeland security Fusion Centers don’t spell out so-called “minimization” procedures for any of the information they collect.)
There are supposed to be privacy guidelines for the fusion centers. Guideline 8 directs centers to "Develop, publish, and adhere to a privacy and civil liberties policy." A Supplement to the Fusion Center Guidelines was released in 2008 that "includes a gap analysis between Guideline 8 and the ISE Privacy Guidelines." See page 26 on developing privacy guidelines.
The NCISP recommends that law enforcement agencies’ chief executive officers “ensure that individuals’ privacy and constitutional rights are considered at all times” when performing the intelligence function within an agency.
...Agencies should consider implementing policies that not only incorporate the tenets of 28 CFR Part 23 for criminal intelligence information but also offer broader guidance that will ensure
that privacy, civil rights, and civil liberties are protected for all information and intelligence sharing. Once these policies are adopted, agencies must implement them agencywide through appropriate training and practice.
Here is the Justice Department's privacy page for fusion centers. Here is the 2010 Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise, developed to "assist law enforcement agencies in determining whether they are in compliance with applicable privacy-related policies, procedures, rules, and guidelines." And the 2011 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy. Here are some best practices.
Key questions: How long is information retained? What are the procedures for the review, purge, and destruction of information? How does an individual find out what information has been submitted and collected about him or her? What information can be shared with third parties outside of government?
Programs encouraging people to report suspicious activities carry a risk that individuals identified or misidentified in the transmitted information will have their lives disrupted by being subjected to adverse action by a government agency or private entity.
First Amendment violations can occur as a result of reporting and sharing information. Fourth Amendment issues arise if information is reported and shared about an individual that is inaccurate or misleading and results in the person or his property being searched and seized. Due process rights are implicated when reported and shared information results a denial of government benefits or rights and there is no opportunity to challenge the facts underlying the adverse action.
These programs need strong data quality policies and practices and meaningful oversight. There must be a mechanism for a right of redress. There must also be enforcement of privacy policies and accountability when they are violated.
How much money will it cost the taxpayer for law enforcement to check out all these reports?
I don't trust state or federal agencies to collect this information from the average Joe on the street and maintain privacy rights. It's even worse that they can share it so widely amongst themselves. A better policy:
(Tee-shirt available here.)
|< Sunday Open Thread | US Files Kim DotCom Extradition Request >|