Fusion centers don't find terrorists, filled with 'crap' that violates privacy

After two years of investigations, a 141-page bipartisan Senate report blasts DHS fusion centers for wasting money, violating civil liberties, having 'useless' and inaccurate intelligence reports which have never uncovered a terrorist plot.

After 9/11, in the name of intelligence sharing to fight terrorism, 77 fusion centers popped up across the USA. We've seen increasingly disturbing you-might-be-a-terrorist-if lists, mixing innocuous behaviors labeled as allegedly suspicious with truly scary behaviors, which are all supposed to be reported, dumped into suspicious activity reports (SARs) and shared among intelligence agencies via fusion centers—that DHS has called 'centerpieces of the U.S. counterterrorism strategy.' We all know those lists are ridiculous; a two-year bipartisan Senate investigation into fusion centers agreed in a report stating that those intelligence hubs "often produced irrelevant" and "useless" intelligence reports. "Many produced no intelligence reporting whatsoever." It was also confirmed by a former fusion center chief, who said "There were times when it was, 'what a bunch of crap is coming through'."

The Department of Homeland Security has spent hundreds of millions of dollars on a network of 77 fusion centers and hailed them as "a major force multiplier in the counterterrorism enterprise." However, a fusion center report [PDF] published on Oct. 3 by the Senate Homeland Security and Governmental Affairs permanent subcommittee stated that the investigation "could identify no reporting which uncovered a terrorist threat, nor could it identify a contribution such fusion center reporting made to disrupt an active terrorist plot."

One chapter in the 141 page report is devoted to "DHS 'success stories' do not demonstrate fusion centers' value to counterterrorism efforts."

Another chapter on how-it-hindered counterterrorism cited an example of the "Russian 'cyberattack' in Illinois" where the hacker allegedly cracked into the utility control system. According to the red-alert fusion center report, the hacker "sent commands which caused a water pump to burn out." The Department of Defense said such cyberattacks would be treated as "acts of war" and the FBI launched an investigation. However, according to the report:

"In truth, there was no intrusion, and DHS investigators eventually concluded as much. The so-called "intrusion" from Russia was actually an incident of legitimate remote computer access by a U.S. network technician who was working while on a family vacation.


Almost no part of the initial reports of the incident had been accurate - not the fusion center report, or DHS's own intelligence report, or its intelligence briefing. The only fact they got right was that a water pump in a small Illinois water district had burned out.

That is just one of several examples. The Senate investigation found that:

claims made by DHS did not always fit the facts, and in no case did a fusion center make a clear and unique intelligence contribution that helped apprehend a terrorist or disrupt a plot. Worse, three other incidents examined by the Subcommittee investigation raised significant concerns about the utility of the fusion centers, and raised the possibility that some centers have actually hindered or sidetracked federal counterterrorism efforts.

The Senate report continually blasted DHS fusion centers. A spokesman for Napolitano immediately blasted back, calling the report "out of date, inaccurate and misleading."

Oh really? Let's follow the money—not that it's easy to do since no one seems to know exactly how much has been dumped into fusion centers. The Senate investigation revealed that in the Homeland Security's counterterrorism mission, it spent between $289 million and $1.4 billion in state and local fusion centers. They are primarily operated through grants provided by DHS' Federal Emergency Management Agency. However, FEMA officials say they have no mechanism in place to accurately account for the total amount of grant funding spent toward fusion center support. That's not the only confusion since one chapter is devoted to how some DHS-recognized fusion centers don't even exist!

A case study was conducted on some fusion centers that used DHS grant funds for what DHS called "must-have" basics for intelligence. Without constantly throwing dollar amounts at you, here's a tiny portion of what the federal money (your tax dollars at work) purchased. According to the Senate investigative report, fusion center funds were spent:

In Arizona:

  • Chevrolet Tahoes which were later given away to other agencies in Arizona;
  •  a surveillance monitoring wiretap room;
  • 42" flat-screen TVs

In Cleveland, Ohio, the fusion center spent $15,848 to buy the medical examiner "ruggedized Toughbook laptop computers." When asked why, the fusion center "responded that the laptops were for processing human remains in the aftermath of a mass casualty event in the Cleveland area."

In San Diego, fusion center funds bought:

  • a covert, wireless audio/video recorder with a "shirt-button camera";
  • an ultra-low-light "pinhole" VGA camera;
  • an ultra-low-light shirt-button camera "with interchangeable tops."

But because that surveillance equipment was "simply too complicated for our customers to use," the San Diego "fusion center received other undercover surveillance devices," including:

  • "A camera hidden in a hat and one disguised as a water bottle."

Software, LCD monitors and computers would seem perhaps a reasonable intelligence sharing expense, but the San Diego fusion center purchased:

  • 116 computers, monitors and related equipment, even though there are only 80 full-time employees.
  • That was topped by buying 55 flat-screen TVs supposedly justified because they "displayed calendars" and were used for "open-source monitoring" which they later admitted was also called "watching the news."

The D.C. fusion center ripped through $2.7 million in Homeland Security grants to upgrade:

  • an electronic records management system;
  • data mining software;
  • and an Automated License Plate Recognition system (LPR system).

But wait, it was not for the fusion center; it was purchased for the local cops. The LPR system was later dropped, in favor of buying:

  • more "analytic software;"
  • "sophisticated cell phone tracking devices;"
  • and "handheld citation issuance units and accessories" all to enhance the capabilities of the D.C. police department.

That doesn't count the money spent on computers, laptops, LCD Status Boards, CCTVs or paying cellular provider fees.

Regarding "troubling" reports that some fusion centers may have violated the privacy and civil liberties of U.S. citizens:

DHS personnel "are prohibited from collecting or maintaining information on U.S. persons solely for the purpose of monitoring activities protected by the U.S. Constitution, such as the First Amendment protected freedoms of religion, speech, press, and peaceful assembly and protest.


The Privacy Act prohibits agencies from storing information on U.S. persons' First Amendment-protected activities if they have no valid reason to do so.

Yet of all those SARs because you might be a domestic terroist if, the Senate panel wrote, "The apparent indefinite retention of cancelled intelligence reports that were determined to have raised privacy or civil liberties concerns appears contrary to DHS's own policies and the Privacy Act."

After promising the condition of anonymity, NBC News spoke with a Homeland Security official who said "the department has made improvements to the fusion centers and that the skills of officials working in them are 'evolving and maturing'."

Not matured, after nine years and hundreds of millions, if not billions of dollars later? This was only a fraction of the 141-page Senate investigation report which basically concluded that fusion centers are filled with 'crap' suspicious activity reports that are not helping the counterterrorism mission one little bit, but that are violating Americans' civil liberties and privacy.

Like this? Here's more posts:
  • Time to disable Java AGAIN: 1 billion at risk from newest critical Java bug
  • Microsoft data center pollutes, then wastes millions of watts to avoid paying fine
  • Feds Warn of Zombie Apocalypse! Buy emergency kit, but you might be a terrorist if...
  • Apache fires at Microsoft over IE10's DNT privacy settings
  • Smartphone snoop: Even when phone sleeps, digital assistant always eavesdrops
  • ACLU: Electronic Spying Skyrocketed 64% Since President Obama Took Office
  • Punch to user privacy as Twitter surrenders Occupy protester's tweets
  • 'We will find you' marketing gone wild: Candy bars that guarantee stalkers
  • Microsoft: Companies should pay Uncle Sam $10k per H-1B Visa to hire skilled foreigners
  • IE emergency patch issued, but rumors fly that Microsoft knew about 0-day for 7 weeks
  • Windows Phone 8 has 'baked-in cybersecurity goodness'
  • Laptop fingerprint reader destroys 'entire security model of Windows accounts'

Follow me on Twitter @PrivacyFanatic

Copyright © 2012 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)