September 19, 2012

A new report by the American Civil Liberties Union of Illinois details the ways in which the state’s two “fusion centers” lack some critical safeguards to protect the privacy of Illinois residents.  The report notes, for example, that the fusion center operated in Chicago permits the gathering and retention of information based, in part, on the individual’s race, religion or political views.

Fusion centers are entities that integrate the gathering, storage, sharing, and analysis of information about suspected criminal activity among federal, state and local law enforcement.  Two “fusion centers” were created in Illinois in the aftermath of the terrorist attacks of September 11, 2001 – the Illinois Statewide Terrorism and Intelligence Center (STIC) operated by the Illinois State Police, and the Crime Prevention Information Center (CPIC) operated by the Chicago Police Department.

“Fusion centers use a multitude of private and public resources to gather vast quantities of personal information about many people,” said Adam Schwartz, senior staff counsel at the ACLU of Illinois in releasing the report.  “Given that this work is done mostly in secret, it is critical that there be appropriate privacy guidelines to insure that privacy and First Amendment rights are not abused.”

The ACLU of Illinois began seeking information about the operations of the fusion centers after they were formed, specifically seeking information about guidelines that protected person privacy and free speech rights.  In September 2010, the organization went to court to enforce its Freedom of Information Act request about the State Police fusion center.  The ACLU was concerned about privacy policies after it was disclosed that fusion centers in other states had abused individual rights.  For example, the Missouri fusion center targeted supporters of Congressman Ron Paul as a potential threat, and the Virginia fusion center identified that state’s historically black colleges as “nodes of radicalization.”

Today’s report notes that both the Chicago Police’s CPIC and the State Police’s STIC lack some critical privacy guidelines.

First, fusion centers should be barred from gathering, storing or sharing any information about any individual person absent individualized “reasonable suspicion” that the person is engaged in criminal activity.  The STIC privacy policy generally seems to adopt this standard.  Unfortunately, the CPIC privacy policy allows Chicago police to retain “suspicious activity reports” based on a mere “potential terrorism nexus,” and other information based on a mere “possible threat to public safety.”  These nebulous standards are far less protective of individual privacy than “reasonable suspicion.”

Second, fusion centers should be barred from gathering, storing, or sharing any information about any individual person due, in whole or in part, to that individual’s race, religion, political beliefs, and the like – unless such information directly relates to criminal activity.  Again, the STIC privacy policy generally seems to adopt this standard.  And again, unfortunately, the CPIC does not.  Rather, the CPIC permits law enforcement to retain information about an individual based in part on their race, religion and political views.  The CPIC policy bars retaining this information only if based solely on these factors.  The ACLU reports notes the problem with this lax guideline: if a Caucasian person and an Arab person both engage in identical photography on a public sidewalk (same time, place, subject and equipment) a Chicago fusion center employee might treat the latter but not the former as suspicious based in part (though not “solely”) on the latter’s ethnicity.  Such distinctions raise First and Fourteenth Amendment concerns, unfairly burden people based on identity and belief, chill and deter expressive and religious activity.

Third, fusion centers should independently determine the accuracy of information, before they store and share that information with other police and intelligence agencies.  It is easy to understand the dire consequences of sharing incorrect information, including possible wrongful investigation or even arrest.  Unfortunately, neither the Chicago Police’s CPIC nor the State’s Police’s STIC does so.

Fourth, people should be able to find out whether a fusion center is storing information about them, and if so, to correct or supplement their file.  Unfortunately, the STIC bars members of the public from learning whether it is storing any information about them.

“The vast new power of government fusion centers to concentrate all of our sensitive information in one place, and then to widely share that information with a broad array of other government agencies, creates new threats to our personal privacy,” added the ACLU’s Schwartz.  “Given these threats, we call on state and local government to adopt these modest privacy protections.”

Dan Feeney of the Chicago law firm Miller, Shakman & Beem served as co-counsel in the Freedom of Information Act lawsuit against the Illinois State Police, which yielded numerous key records that informed this report.