WASHINGTON, DC—The Markle Foundation Task Force on National Security in the Information Age released its third report today with recommendations on how to reconcile national security needs with civil liberties requirements. The report offers a new “authorized use” standard for government handling of legally collected information that bases authorization to view information on how the information is going to be used, rather than on the nationality of the subject or the location of collection. The report also proposes a new risk management approach to sharing classified information that balances the risk of compromising classified information with the security risk that can come from failing to share information with those who need it to understand the threats to national security. Further, the report identifies examples of technology that can be used effectively to provide appropriate oversight and accountability.
In its two previous reports that were incorporated in the information sharing provisions of the Intelligence Reform and Terrorism Prevention Act of 2004 and several Executive Orders, the Task Force called for the creation of a trusted information sharing environment where terrorist-related information is shared among all the people who need it—at the federal, state and local level as well as the private sector—with confidence and accountability for security and civil liberties protections.
Better information sharing is essential in the fight against terrorism. Two years since the publication of its last report, and nearly five years since the terrorist attacks of September 11, the Task Force finds that while more information is being shared, the government still has not taken many key steps to meet the challenges of sharing information to prevent terrorism while protecting civil liberties.
“We have consistently said that public trust in a network that uses personally-identifiable information can only be achieved if government-wide guidelines for information sharing and privacy protection are established after open public debate,” said Zoe Baird, co-chair of the Task Force and President of the Markle Foundation.
The Task Force again emphasized the importance of trust in the information sharing environment. Government agencies must trust each other with sensitive information, and the American people must trust their government to use information in a manner that protects their privacy and civil liberties.
The report calls for renewed leadership by the President and Congress to accelerate the process already underway. “Persistent leadership in the implementation and strong oversight of the operation of information sharing systems is required from all branches to accelerate the creation of a trusted information sharing environment” said James Barksdale, Co-Chair of the Task Force.
To help implement a trusted information sharing environment, the Task Force recommends the adoption of:
- An “authorized use” standard to determine who should have access to information the government has lawfully collected based on the use to which they will put the information rather than its place of collection. “The borderless nature of the threat has rendered unworkable some of the old rules on sharing lawfully collected information. Under the authorized use approach we propose, each agency can get the information it needs to pursue a clearly articulated mission, subject to auditing to ensure accountability and protect privacy,” says Jim Dempsey of the Center for Democracy and Technology and a member of the Task Force. The rules for the authorized use standard should be developed through open public debate. The current outdated standards for sharing and accessing information based on nationality and place of collection have caused confusion and in some cases produced a rigidity that impedes desirable information sharing without protecting civil liberties. The Task Force recommends an “authorized use” standard based on well-defined missions for participants in the information sharing environment.
- A “risk management” approach to classification that better balances the risks of inappropriate disclosure with the risks of failing to share information. Current classification procedures are frequently a barrier to effective information sharing because they overemphasize the risks of inadvertent disclosure over those of failure to share information. To avoid this situation, the Task force recommends a new risk management approach to classification that gives adequate weight to the risks of not sharing information.
- Clear guidelines for sharing information while protecting civil liberties. “Government-wide policies, processes and guidelines that facilitate information sharing and provide trust by empowering and constraining users should be developed as well as the technology solution we have suggested,” says Bill Crowell of the Task Force. “The guidelines should clarify agency missions and address the requisite security, civil liberties and privacy protections.” Every government agency and department should know and understand the rules of information sharing – not only to improve our anti-terror efforts but also to provide a standard to measure success and ensure accountability.
- Technology that facilitates sharing while protecting security and privacy. The Task Force calls for the continued development and use of technology to connect people in ways that improve trust among government officials and the public. Technology exists that can improve data sharing, enhance security, as well as facilitate privacy and accountability.
- An effective dispute resolution process. Even with clear and consistent guidelines for information sharing, disputes will inevitably arise over decisions not to share information. The Task Force recommends the creation of a systematic, workable, efficient process to resolve these disputes. The recommendations address disputes about dissemination and retention, accuracy and correction, as well as broader disagreements about access to and use of databases and categories of information.
- A new Information Sharing Institute. The Institute could make operational and professional expertise available beyond that of individuals working in any particular government agency, department, or contractor. This Institute would provide a mechanism to identify and distribute best practices, and to apply technologies available in other sectors. It should have the full and active participation of organizations from federal, state, and local governments as well as the private sector.
The Task Force promotes a trusted environment that fosters sharing and collaboration among those with information useful to understand terrorist threats; where policies and technologies are developed in tandem; and where security is enhanced and civil liberties are protected.
The Markle Task Force on National Security in the Information Age is a diverse and bipartisan group of former policy makers from the past six presidential administrations, senior information technology executives, and privacy advocates from both the public and private sectors. The Markle Task Force has recommended ways of improving national security decisions by transforming business processes and how information is shared. Its recommendations informed the 9/11 Commission Report and were subsequently included in two federal laws. Learn more about the Markle Task Force at www.markle.org/national-security.