Playing With Fire

by: Shawn K. Hall and Annette M. Hall

National Intelligence Reform Act of 2004

The National Intelligence Reform Act of 2004 is an ambitious piece of legislation, seeking to facilitate the communication efforts between government agencies, in order to produce more accurate intelligence data. The documents are lengthy, stretching to just under one thousand pages of changes in our current law.

As news agencies prattle on about the two Republican legislative hold-outs, keeping this all-important piece from passage, they are discussing little regarding the actual contents.

While I am pleased to report the bill includes provisions to address and protect the rights and privacy of citizens. I am unconvinced that those who are ultimately appointed to such a post will actually prove effective in their position.

Section 126
(a) There is an Officer for Civil Rights and Civil Liberties of the National Intelligence Authority who shall be appointed by the President.
(b) The Officer for Civil Rights and Civil Liberties of the National Intelligence Authority shall report directly to the National Intelligence Director.

The National Intelligence Authority is also appointed by the President which does not provide a great deal of incentive for differing opinions or adequate protection for the rights of citizens.

Section 126
(3) Duties are to: review, investigate, and assess complaints and other information indicating possible abuses of civil rights or civil liberties, as provided in the Constitution, laws, regulations, and Executive orders of the United States, in the administration of the programs and operations of the Authority, and in the relationships described in paragraph (1), unless, in the determination of the Inspector General of the National Intelligence Authority, the review, investigation, or assessment of a particular complaint or information can better be conducted by the Inspector General;

The bill further complicates the matter:

The Constitution For Kids

Section 141
(e) Limitations on Activities – (1) The National Intelligence Director may prohibit the Inspector General of the National Intelligence Authority from initiating, carrying out, or completing any investigation, inspection, or audit if the Director determines that such prohibition is necessary to protect vital national security interests of the United States.

As we read on, things get even more dicey.

Section 141 H
5(F) An action taken by the Director or the Inspector General under this paragraph shall not be subject to judicial review.

Not a great deal of recourse offered here.

Scholarship Program

Planning ahead, this piece of legislation impliments a scholarship program for current or prospective intelligence workers.

Section 152 C
(1) The National Intelligence Director, in consultation with the head of each agency, shall establish a scholarship program (to be known as the ‘Intelligence Community Scholarship Program’) to award scholarships to individuals that is designed to recruit and prepare students for civilian careers in the intelligence community to meet the critical needs of the intelligence community agencies.

(c) In order to be eligible to participate in the Program, an individual shall–

  1. be enrolled or accepted for enrollment as a full-time student at an institution of higher education and be pursuing or intend to pursue undergraduate or graduate education in an academic field or discipline described in the list made available under subsection (e);
  2. be a United States citizen; and
  3. at the time of the initial scholarship award, not be an employee (as defined under section 2105 of title 5, United States Code).

Interestingly enough, no provision is made for any of the directors or department heads to be United States citizens. Either this is stipulated somewhere else in current law or this is a huge oversite on the part of legislators. Personally, I’m hoping it’s the former, rather than the latter.

Cradel to Grave Tracking

By and large, the largest problem I see with this bill is the fact that it creates a giant data-gathering mechanism, which once the genie is unleashed on society, cannot be put back into the bottle.

As a homeschooling advocate, I have been involved in the fight against the "cradle to grave" educational model, where children are tracked from birth until death. If you think this is impossible, think again. This bill would facilitate that goal.

The president’s mental health commission recommended comprehensive mental health screening for "consumers of all ages," including preschool children. Public education advocates have tried unsuccessfully for years to lower the age of compulsory education. Legislation has been drafted and at times introduced in various states that would reduce that age to 3. Of course screening during pregnancy could facilitate tracking children at even earlier ages.

As written this bills stipulates:

Section 206 B

  1. The effective use of information, from all available sources, is essential to the fight against terror and the protection of our homeland. The biggest impediment to all-source analysis, and to a greater likelihood of ‘connecting the dots’, is resistance to sharing information.
  2. The United States Government has access to a vast amount of information, including not only traditional intelligence but also other government databases, such as those containing customs or immigration information. However, the United States Government has a weak system for processing and using the information it has.
  3. Current security requirements nurture over-classification and excessive compartmentalization of information among agencies. Each agency’s incentive structure opposes sharing, with risks, including criminal, civil, and administrative sanctions, but few rewards for sharing information.
  4. The current system, in which each intelligence agency has its own security practices, requires a demonstrated ‘need to know’ before sharing. This approach assumes that it is possible to know, in advance, who will need to use the information. An outgrowth of the cold war, such a system implicitly assumes that the risk of inadvertent disclosure outweighs the benefits of wider sharing. Such assumptions are no longer appropriate. Although counterintelligence concerns are still real, the costs of not sharing information are also substantial. The current ‘need-to-know’ culture of information protection needs to be replaced with a ‘need-to-share’ culture of integration.

Under these stipulations, it would be possible to track a student with medical records, school records, police and vital statistics records. Sharing access to such sensitive data across such a wide spectrum of agencies including those in the private sector, is an open invitation for abuse.

In our technology rich society, given the current cronic problems with identity theft, which has yet to be properly addressed, we are headed straight down the path to a national identification system, with little or no recourse of action.

Recent news reports have shown that counterfit currency problems persist, due in part to the advances in technology which, provide consumers with high-quality printers, capable of producing authentic looking fake bills. Criminals manage to remain one step-ahead of law enforcement agencies.

This legislation does nothing to curb the current influx of illegal aliens across our borders and with the focus on sharing intelligence information between legal operations within the country, it does nothing to address current immigration concerns.

SHARE Network

The bill asserts the following:

Section 206 B
(6) A new approach to the sharing of intelligence and homeland security information is urgently needed. An important conceptual model for a new ‘trusted information network’ is the Systemwide Homeland Analysis and Resource Exchange (SHARE) Network proposed by a task force of leading professionals assembled by the Markle Foundation and described in reports issued in October 2002 and December 2003.

But isn’t this exactly what the government has decidedly prevented in the past in the private sector, on the basis that the potential for the abuse of the information is too likely? Are we to trust the government with the same information aggregation and individual profiling data that we deny ourselves? The same government of Waco, Ruby Ridge, _____________ [insert other well-known event(s)] that demonstrate the federal governments incapacity to use common sense.

One of the primary problems with this bill is that it does not define many of the terms used. Without defining the terms or specifying the limits they ‘impose’, no limitations are actually applied. It amounts to the age-old question of “how big is a hole?”

Section 206 C
(1) The President shall establish a trusted information network and secure information sharing environment to promote sharing of intelligence and homeland security information in a manner consistent with national security and the protection of privacy and civil liberties, and based on clearly defined and consistently applied policies and procedures, and valid investigative, analytical or operational requirements.

What are the "clearly defined and consistently applied policies and procedures" they intend to "base" their limitations on? Where do they differ from the existing policies and procedures? Where is the line that decides what is "fair" use of information and what is abuse? Who decides when this information is allowed to be shared and under what circumstances? What do they base that determination on?

Section 206 C
2(A) a decentralized, distributed, and coordinated environment that connects existing systems where appropriate and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector;

Private Sector Databases

Note the use of the terms above – ‘share information…with the private sector’. ‘With’ is bidirectional, in other words, the private sector can submit and receive information from this network. Further, since the implementation described is a ‘tie’ and not a reimplementation or duplication of data, this means that the engine would directly access private sector databases in both directions.

Once a private entity was tied to the system their employees, staff and any random attacker that gained access to their systems would have access to the extensive range of information available within the various other databases conjoined.

As a computer security expert myself, I am extremely fearful because this bill relies on automated tools for all of the mechanisms to preserve privacy and civil liberties. ‘Automated’ means that it relies upon software at every level. There is no actual user validation process imposed, which means that an effective hack into the system could be actively cloaked or entirely concealed from the automated process. As a government system, there is also no security community review of the methods and software imposed, and any flaws that are found are never publicized – they may not even be shared with the government, providing them with no opportunity to patch the holes in their system.

You’ve probably heard it said that the only secure computer is unplugged and buried in a nuclear-shielded shelter a mile below the surface. This is entirely true. Computers rely on hundreds of thousands of hardware and software components working together flawlessly, which is compounded infinitely more by networking several computers together. Including these multiple points of failure guarantees that there are no less than a handful of points of attack to compromise the system. And since it is, by design, closed from the public eye, there is no way for the public peer review necessary to ensure the system is as secure as possible.

Anyone familiar with my family and our ideologies knows we have an agenda to preserve privacy and guarantee the rights protected by our constitution. Of those, the fourth, fifth and sixth amendments guarantee our right to privacy, due process, and to know when a criminal accusation is made against us, among other things. The sharing of information specifically for the purposes of ‘national security’ cannot be anything other than a criminal review by social profiling. As such, it fails to meet the requirements of the constitution.

This is not the first time the federal government has encouraged the abuse of government powers. The entire child protective services system is built upon the imposition of government control under duress. The federal government literally pays various-level government employees based upon their ability to remove children from their homes, whether or not there is substantiated cause to remove.

US Department of Health and Human Services Data

Of 1,820,608 report dispositions in 51 States, 532,063 (29.2%) were "substantiated" or "indicated." (See figure 3-2.) Nearly twice as many reports (57.2%) were found to be "unsubstantiated," and more than a tenth (13.6%) received other dispositions. Thus, of all referrals that came to the attention of CPS agencies, approximately two-thirds (64.9%) were investigated during the reporting period, and slightly fewer than one-fifth (19.0%) of all referrals ultimately resulted in a "substantiated" or "indicated" finding of maltreatment.

Has the federal government learned a lesson from this? Only that bribery works to convince government employees to fabricate reasons for their activities. And so, they continue:

(B) providing affirmative incentives for information sharing, such as the incorporation of information sharing performance measures into agency and managerial evaluations, and employee awards for promoting innovative information sharing practices.

Continue and extend the practice of the turn-in-your-friends-and-neighbors-for-a-dollar. If you thought the book 1984 was fiction you’ve had your head in the sand.

Legislators are expected to vote on this bill tomorrow, if they can get it to the floor. If you are concerned with this piece of pending legislation I would encourage you to contact your congressman and voice those concerns.