Homeland Security Watch

News and analysis of critical issues in homeland security

April 19, 2006

GAO assesses feds’ info-sharing problems

Filed under: Intelligence and Info-Sharing — by Christian Beckner on April 19, 2006

The Government Accountability Office issued a very important report on Monday on one of the most important homeland security issues: the challenge of government information-sharing. The report makes a strong case that 4 1/2 years after 9/11, the federal government has still not improved information-sharing to the degree necessitated by the terrorist threat to the United States.

The report suggests several reasons for this poor record of performance:

  1. The frequent shifts in lead responsibility for info-sharing over the past few years, from the White House and OMB, on to DHS with the passage of the Homeland Security Act in 2002, and then over to the DNI with the passage of the Intelligence Reform and Terrorism Prevention Act (IRTPA) in 2004.
  2. The subsequent setbacks that the DNI has faced in meeting their timetable for establishing an Information Sharing Environment, as required by IRTPA.
  3. The uncoordinated designation of unclassified information as “sensitive.” On this issue, the report notes that “Federal agencies report using 56 different sensitive but unclassified designations (16 of which belong to one agency) to protect sensitive information [ed. note: see Appendix II for the breakdown of these]…There are no governmentwide policies or procedures that describe the basis on which agencies should use most of these sensitive but unclassified designations, explain what the different designations mean across agencies, or ensure that they will be used consistently from one agency to another.”

The report also hints at cultural reasons why agencies have been unable to share information. And it comments on the impact of private sector concerns on information-sharing:

DHS said that sensitive but unclassified information disseminated to its state and local partners had, on occasion, been posted to public Internet sites or otherwise compromised, potentially revealing possible vulnerabilities to business competitors.

If that sentence had mentioned revealing vulnerabilities to al-Qaeda and terrorist groups, then that would be a valid concern. But business competitors? To be sure, DHS should make all reasonable efforts to protect commercially sensitive information (just as it should make reasonable efforts to protect individual privacy). But do these commercial concerns trump the vital need to share critical information with state and local homeland officials? That’s a difficult argument to make.

Finally, the DNI’s response to the report hints at the very reason why information-sharing will likely remain problematic for a long time to come:

We are aware that you have been previously advised by the Department of Justice that the review of intelligence activities is beyond the GAO’s purview. For similar reasons, we decline to provide the GAO with comments on the draft report.

Nevermind that the GAO report is completely focused on unclassified information. And nevermind that the GAO has been looking at intelligence activities for decades. This response smacks of smarmy indifference to oversight - a dangerous attitude when so much more needs to be done to improve government information-sharing.

2 Comments »

658

Comment by William R. Cumming

April 20, 2006 @ 3:00 am

The 9/11 Commission’s final report identified the necessity of development of a “Need to Share” doctrine as soon as possible instead of the “Need to Know” doctrine that brought us in part the events of September 11th. Executive Order 10450 written so that President Eisenhower would not have to personnally strip Dr. Robert Oppenhiemer’s security clearance (leaving that to Lewis Strauss-Chairman of the AEC)continues to allow abuses in granting and withdrawing security clearances. But at least that system has some written guidance, even though ineffective as for example on sexual orientation and drug use. But the “Need to know” doctrine which is not statutory and allows mid-level bureaucrats to misuse and mislead other agencies and even parts of their own agency is a recipe for disaster. Part of Director of FEMA James Lee Witt success in making the agency more operational and effective in working with the states was elimination of 60% of the positions requiring security clearances thus indirectly abolishing “Need to Know” abuses which are often conducted without the knowledge of the chain of command since usually undocumented and therefore unreviewable. Personnel security and document security in DHS is run in a haphazard sloppy and unprofessional manner leading to even more reports like this GAO report. A simple system of review establishing no arrest or conviction record and a reasonable credit record should be enough to grant at least a temporary secret level clearance. The use of compartmented classification, however, is abusive and unnecessary. And the granting of program access to those who do have a “Need to Know” outside the agency needs deep and thoughtful review. A starting point would be to have all those with classified access read deceased Senator Daniel Patrick Monyihan’s book entitled “Secrecy”. A lasting gift to the nation. Without reforms another 9/11 has to occur.

665

Comment by DaveyM

April 20, 2006 @ 8:44 am

When you say:

“To be sure, DHS should make all reasonable efforts to protect commercially sensitive information (just as it should make reasonable efforts to protect individual privacy). But do these commercial concerns trump the vital need to share critical information with state and local homeland officials? That’s a difficult argument to make.”

I think you may be missing a key part of the point. If commercially sensitive information isn’t protected from public view, the private sector will be much less likely to share homeland security relevant information with the government,leading to a reduction of critical infrastructure security and a general mistrust of critical infrastructure public-private partnerships. In my experience the business community is generally public spirited and will submit sensitive information if it has a reasonalbe chance to increase homeland security generally. However, unless that information is both protected AND put to good use, the perceived costs of information sharing will outweigh both puplic and private benefits and no rational actor (which businesses tend to be) would conclude that information sharing is wise.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>