Home Stats & Services Reports and Publications National Information Sharing Strategy FBI Information Sharing Report 2010

FBI Information Sharing Report 2010

FBI Information Sharing Report 2010
view printable version (pdf)

I. Executive Summary
The Federal Bureau of Investigation (FBI) accomplished several significant information sharing initiatives in 2010 and continues to promote appropriate sharing and collaboration. The FBI remains committed to ensuring that information sharing practices are an integral part of the FBI culture and advance its mission: to protect the United States and defeat national security threats while preserving the privacy and civil liberties of our citizens. This report, presented by the FBI Chief Information Sharing Officer (CISO), summarizes and characterizes the many information sharing activities currently engaged in by the FBI.

The FBI continues to participate in a wide variety of information sharing governance activities, reflecting the diversity of our Federal system. The National Security Staff (NSS) organizes collaboration among the Executive Departments to enhance information sharing. The FBI participates in several Interagency Policy Committees (IPCs) that affect the manner in which the federal government shares information. The Program Manager for the Information Sharing Environment is co-chair of one of those IPCs and ensures that State, Local, Territorial, Tribal, and Private Sector equities are included in policy decisions associated with counterterrorism, weapons of mass destruction, and homeland security. The Office of the Director of National Intelligence (ODNI) sets ground rules for the sharing of sensitive intelligence among the members of the Intelligence Community, including the FBI. The Department of Justice assumed new roles and continues to sponsor other initiatives that enhance FBI information sharing. Within the FBI, the Information Sharing Policy Board provides senior-level policy coordination while the CISO provides full-time oversight and coordination of day-to-day information sharing issues.

Information sharing is a dynamic process, influenced by shifting policies and technological capabilities. Events at the close of 2009 and throughout 2010 reinforced the continued need for broad, agile, but secure information exchange. The need for information sharing will endure as the complexity of national security threat environment demands situation awareness and participation by partners across the spectrum. This Information Sharing Report highlights the efforts undertaken by FBI to ensure law enforcement remains relevant to this process in a manner consistent with national security and applicable legal standards relating to privacy and civil liberties.

II. Recent Highlights
The year 2010 saw a variety of incremental improvements in the authorities and legal/policy foundation for information sharing. The Department of Justice (DOJ) issued a new privacy policy for the Information Sharing Environment (ISE). The FBI National Information Sharing Strategy (NISS)1 , updated in 2010, provides the foundation to shape and implement information sharing initiatives with the FBI’s many mission partners, including federal agencies, state, local, and tribal officials, foreign government counterparts, and private sector stakeholders while protecting the privacy and civil liberties of our citizens. New Executive Orders signed in 2010 provide additional guidance for sharing both unclassified but sensitive and classified national security information.

The FBI’s eGuardian system, which facilitates the sharing at the unclassified level of information derived from Suspicious Activity Reports, has become increasingly widely used, not only within the FBI, but across the larger ISE. Building on the success of eGuardian, the FBI assisted the Department of Justice in the establishment of a larger Nationwide Suspicious Activities Reporting Initiative (NSI) Program Management Office with participation at all levels of government. The tragic events at Fort Hood, as well as the potentially serious targeting of the New York subway system, Times Square, and other locations, highlighted the need for systems that facilitate the sharing of very large quantities of sensitive or classified data, and have resulted in an accelerated adoption of eGuardian by the Department of Defense (DoD).

The FBI implemented a Strategy for Engagement with Fusion Centers based on several years of experience that demonstrate the value of effective engagement both to State and local fusion centers and to FBI field offices. The strategy helps field offices capture information in a standardized manner to identify best practices, characterize effective collaboration between FBI field office and fusion centers, and highlights the areas in which deeper engagement can be expected to enhance the value of fusion centers to the FBI as well as increase FBI support to many fusion centers.

Implementation of the strategy reflected intensified cooperation between Department of Homeland Security (DHS) and the Department of Justice (DOJ). In 2010, DHS formed a multiagency Program Management Office (PMO) to coordinate support for a growing network of state and major urban area fusion centers. In addition, DOJ established a multiagency PMO charged with developing a nationwide framework for reporting suspicious activities, the National Suspicious Activity Reporting (SAR) Initiative (NSI) PMO. The dual PMOs were chartered by Presidential Memorandum and are designed to expand joint capabilities to protect the United States from terrorist activity, violent crime and other threats to the homeland.2 The Bureau provided the Deputy for the Fusion Center PMO as well as a deputy for the NSI PMO.

The locus of interagency oversight of the ISE shifted from the office of the ISE Program Manager to the National Security Staff and its Information Sharing and Access Interagency Policy Committee (ISA IPC). The FBI was a strong contributor to activities of the ISA IPC, including work on information sharing with fusion centers, creation of a nationwide unclassified network upon which to communicate sensitive but unclassified information, development of governance structure for a national interoperable secret network, as well as continued work on the NSI and eGuardian. In addition, the Bureau continued its strong support of the Interagency Threat Assessment Coordination Group (ITACG) to ensure that intelligence information regarding international terrorism is made available from the National Counterterrorism Center to State, local, and tribal authorities in ways that are prompt, clear, coordinated, and responsive to the needs of these authorities.

The FBI is also a full participant in many information sharing initiatives taken by the Director of National Intelligence (DNI), notably including the establishment of a Library of National Intelligence in which classified intelligence information from the entire IC is posted in a form that is searchable by those with the necessary security clearances.

In 2010, the FBI continued to adjust its intelligence dissemination practices. During the early years of the FBI Directorate of Intelligence, intelligence reporting was prepared by the Field Intelligence Groups (FIGs) in each of the FBI’s Field Offices, and was then sent to FBI Headquarters in Washington, DC, for review and editing prior to dissemination. This was necessary to ensure consistency and quality in the raw reporting that the FBI provided to other parts of the Federal Government, as well as to its State, local, tribal, and foreign partners. However, in 2009 the Bureau determined that its raw intelligence reporting had reached a state of maturity that justified direct dissemination of intelligence reporting The FBI accelerated its original timetable and, in March 2010, authorized all 56 field offices to directly disseminate most intelligence information reports (IIRs) to its Intelligence Community and law enforcement partners. While the FBI continues to disseminate its analytic intelligence reports centrally, a new dissemination team was added to the Directorate of Intelligence to improve efficiencies in sharing analytic intelligence with its partners and customers.

Finally, the FBI earned recognition for efforts that are revolutionizing criminal justice information sharing. The Criminal Justice Information Services (CJIS) Division Law Enforcement National Data Exchange (N-DEX) Program Office won the 2010 Homeland Security Award in the field of cyber security and information sharing for cutting-edge technology. Congress established the Christopher Columbus Fellowship Foundation in 1992 to encourage and support research, study and labor designed to produce new discoveries in all fields of endeavor for the benefit of mankind. The organization annually presents four awards for cutting-edge technology in the realm of homeland security.

III. Policy Updates
The Department of Justice (DOJ) Privacy, Civil Rights and Civil Liberties Protection Policy for the Information Sharing Environment, published in February 2010, applies to all DOJ Components, including the FBI. This policy, and the FBI Privacy and Civil Liberties Framework, support the principles of information sharing while protecting the privacy and civil liberties of our citizens.3 FBI reviewed and revised its privacy policy Protecting Privacy in the Information Sharing Environment (ISE), previously published in 2008, to ensure consistency with the DOJ ISE Privacy Policy, including a proposal to confine the FBI policy’s scope to only "protected" terrorism information, which more accurately reflects that privacy is not implicated in all FBI terrorism information.

The FBI issued a new National Information Sharing Strategy (NISS) 4 in 2010 reflecting advances made in FBI information sharing. This update provides the foundation to shape and implement information sharing initiatives with the FBI’s many mission partners, including federal agencies, state, local, and tribal officials, foreign government counterparts, and private sector stakeholders while protecting the privacy and civil liberties of our citizens.

President Obama signed Executive Order 13549, “Classified National Security Information Program for State, Local, Tribal and Private Sector Entities,” on August 18, 2010. This order extended the rules governing security of classified information to State, local, tribal, and private sector entities by establishing a program to safeguard and govern access to classified national security information shared with them by the Federal Government. The order names the Department of Homeland Security as executive agent for drafting implementation guidelines, with the concurrence of the Secretary of Defense, the Attorney General, the Director of National Intelligence, and the Director of the Information Security Oversight Office.

On November 4, 2010, President Obama issued Executive Order (EO) 13556, which directed the Executive Branch to move towards a common framework for identifying, marking, and safeguarding sensitive unclassified information. In the words of the EO, “At present, executive departments and agencies (agencies) employ ad hoc, agency-specific policies, procedures, and markings to safeguard and control this information, such as information that involves privacy, security, proprietary business interests, and law enforcement investigations. This inefficient, confusing patchwork has resulted in inconsistent marking and safeguarding of documents, led to unclear or unnecessarily restrictive dissemination policies, and created impediments to authorized information sharing. The fact that these agency-specific policies are often hidden from public view has only aggravated these issues.

“To address these problems, this order establishes a program for managing this information, hereinafter described as Controlled Unclassified Information that emphasizes the openness and uniformity of Government-wide practice.”

The EO 13556 standardizes the way that the Executive Branch handles unclassified information that requires safeguarding or dissemination controls. Controlled Unclassified Information (CUI) will encompass most categories of unclassified information that require some measure of protection or control pursuant to, and consistent with, law, regulations, or government-wide policies. The National Archives and Record Administration (NARA) has been designated as the Executive Agent (EA). The EA has the authority and responsibility for overseeing and managing the implementation of the CUI Program.

The FBI played a leading role in the interagency process that has developed the concept of CUI over the last five years, and we are convinced that full implementation of the CUI program will greatly facilitate the sharing of unclassified information in the future. As the CUI program gains momentum and leads our partners -- both inside and outside the Federal Government -- to train their staffs to common standards, we expect that our continuing efforts to provide these partners with FBI information they can use will become both more effective and less risky.

It will take time to craft and implement the CUI standards and regulations, but the Executive Order established a demanding schedule for moving forward from concept to implementation.

The Office of the Director of National Intelligence (ODNI) plans to mandate use of a marking tool within the Intelligence Community for CUI information- ODNI is committed to developing training, policy, and a marking tool. A computer-based IC-focused CUI awareness training, currently being developed by ODNI, will be made available via Virtual Academy after the first of the year. The purpose of this training is to familiarize people with CUI from an IC perspective. A more advanced training with more specific information will be developed by ODNI in about 1 year (once policies are developed). This training will be mandatory for all members of the IC and completion will be tracked. NARA (CUI Office) will soon distribute its own training/informational module, but we have no details about it at this time.

In November 2010, FBI issued an Electronic Communication to advise all FBI divisions about the CUI Executive Order and to emphasize that CUI markings should not be used until such time that FBI policy or guidance is issued to permit such use. The FBI has identified all markings and dissemination controls that are currently being used and what each of the markings mean, citing the legal authority upon which they are based, and identifying any dissemination controls.

The Assistant Director for Security Division has been named as the CUI Senior Agency Official for the FBI.

IV. FBI Information Sharing Elements
The FBI is committed to sharing timely, relevant, and actionable intelligence with its mission partners as part of its national security and law enforcement missions. A number of entities have been established within the organization to further this commitment. They work to codify information sharing principles, to engender an information sharing culture, and to enable information sharing practices and operations.

A. Information Sharing Policy Board
The Information Sharing Policy Board (ISPB) is the FBI’s primary authority for information and intelligence sharing policy. The Information Sharing Policy Board (ISPB) was chartered by the FBI Director in 2005 to develop FBI policy for external and internal information sharing from an intelligence and operational mission perspective. The ISPB is chaired by the Executive Assistant Director for the National Security Branch, and is supported by the Access Policy Group (APG).The ISPB’s primary goal is to initiate, develop, enact, monitor, and maintain the policies, decisions, and relevant procedures concerning substantive criminal and intelligence information sharing. The ISPB evaluates business practices that bear on information and intelligence sharing and provides policy direction to produce a mission-driven information exchange across all FBI components and external partners.

The policy-making authority of the ISPB derives directly from the Director of the FBI and is vested in the Director’s designated Principal FBI Official for Information and Intelligence Sharing Policy, the Executive Assistant Director, National Security Branch (EAD NSB). The ISPB is chaired by the EAD NSB. Board membership consists of all EADs and Assistant Directors (ADs), the CISO, the FBI Senior Privacy Official and the General Counsel.

B. The Chief Information Sharing Officer
The FBI Chief Information Sharing Officer (CISO) position was created to build a unified and effective information sharing environment within the FBI. As the principal advisor to FBI executives on information-sharing issues, the CISO provides policy direction to FBI divisions on information sharing and leads coordination of FBI information sharing activities. Within the FBI, the CISO participates in FBI forums and groups to advocate for appropriate information sharing and to identify emerging issues or gaps in communication. The CISO also supports the ISPB, serves as Chair of the Access Policy Group (APG), and oversees the formation of APG Information Sharing Teams (ISTs), which investigate information sharing issues and recommend solutions.

The CISO also represents the FBI to external policy and information-sharing organizations. FBI information sharing activities extend well beyond the organization into the IC and other communities. The FBI is represented by the CISO at the White House National Security Staff Information Sharing and Access Interagency Policy Committee, the Intelligence Community Information Sharing Steering Committee, the Law Enforcement Information Sharing Program (LEISP) Coordinating Committee (LCC), the Global Justice Criminal Intelligence Coordinating Council (CICC), at fusion center conferences, and in public discussions of information sharing topics. The CISO facilitates, monitors, assesses, and reports on interagency information-sharing initiatives between the FBI and these and other organizations (which comprise federal, state, local, tribal, foreign, and private partners) to identify issues and inconsistent policies and to recommend and inform policy creation and revisions. The CISO also contributes to the preparation of Congressional testimony and other public statements by FBI senior leadership on information sharing topics.

The CISO often functions as an enabler or policy coordinator. For instance, in 2010 the CISO was appointed to the State Local Tribal and Private Sector Policy Advisory Committee, established by EO 13549 to discuss program-related policy issues in dispute and to facilitate resolutions. The CISO also publishes the FBI National Information Sharing Strategy, publishes an annual report on FBI Information Sharing activities, and publicizes information sharing initiatives through web pages on the Law Enforcement Online (LEO) and FBI internal networks. Critical information sharing policy documents and related materials, including a current calendar of information sharing meetings and resource documents, are maintained on the CISO web sites.

C. Access Policy Group
The Access Policy Group (APG) is a standing committee which supports the Information Sharing Policy Board (ISPB) and is chaired by the FBI Chief Information Sharing Officer. The APG performs assessments for and makes policy recommendations to the ISPB on user access issues to include IT and non-IT aspects of user access policies and data source approvals for FBI analytic, intelligence, and investigative systems and tools. It serves as the primary point of coordination for FBI IT and operational components working on different facets of internal and external information sharing. The APG functions as the primary point of coordination between the FBI Office of Chief Information Officer (OCIO) and the ISPB.

The APG focus in 2010 centered on access issues – defining need-to-know access requirements, ensuring information is appropriately accessible, and working to make information discoverable within these constraints – for both internal and external users. This involved new levels of collaboration between software developers, security, and policy personnel to achieve desired goals. One result of this collaboration was process and code development in manner that is transferable to multiple information sharing environments. Continued collaboration and focus on access policy is expected to continue in 2011.

D. Information Sharing Teams
Information Sharing Teams are ad hoc working groups serving the APG under the authority of the FBI ISPB. They are formed to conduct specific or targeted assessments in response to ISPB requirements relating to FBI analytic, intelligence, and investigative systems, data and tools. They also work in conjunction with the FBI Office of Congressional Affairs on formulating responses to Congressional requests. ISTs active during 2010 included:

  • Controlled Access and Information Sharing on FBI Intranet Websites
  • ICD 501 Implementation Plan
  • Automated Case Support System (ACS) Data Restriction Policy
  • Non-FBI Personnel Access to ACS
  • Enterprise Data Access Policy
  • Integrated Data Warehouse (IDW) Access Controls
  • National Counterterrorism Center Bulk Data Feed Policy
  • Name Check Policy

V. Information Sharing Communities and Programs
The FBI participates in many external organizations, programs and initiatives to facilitate the sharing of information and fusion of information into actionable intelligence. Information sharing relationships exist at all levels between and among federal agencies and the IC; state, local, and tribal agencies; private sector businesses, academic institutions, and associations; and international partners. These organizations work within their communities to enhance communications, coordination, and cooperation on terrorism and threat matters in support of the shared missions of public safety and the national security of the United States.

A. Information Sharing and Access Interagency Policy Committee
The Information Sharing and Access Interagency Policy Committee (ISA IPC) serves as the National Security Staff focal point for issues related to information sharing. Its focus extends beyond terrorism-related issues to a broad range of information sharing issues which impact national security. The ISA IPC is charged with leading an interagency policy process to identify information sharing and access priorities to more fully address the needs of federal, state, local, tribal, and private sector stakeholders while protecting privacy and civil liberties.

The IPC has five sub-committees: Watchlisting and Screening; Fusion Centers; Suspicious Activity Reporting; Privacy, Civil Rights and Civil Liberties; and Information Integration. The FBI actively participated in the ISA IPC itself, in the sub-committees, and in focused working groups in 2010. The FBI CISO regularly represented the FBI and its equities at the general ISA IPC meetings. Much of the work occurred at the sub-committee and working group levels.

The Fusion Center sub-committee was co-chaired by an FBI Deputy Assistant Director (DAD). In 2010 this sub-committee provided executive oversight for the newly established National Fusion Center Program Management Office, directed an update to the Fusion Center Baseline Capabilities Assessment, and drafted guidelines for federal resource allocation to fusion centers.

The Suspicious Activity Reporting sub-committee was also co-chaired by an FBI DAD. This group provided executive oversight for the newly established Nationwide SAR Initiative (NSI) Program Management Office and collaborated on policy with the other sub-committees.

The Watchlisting Sub-Committee focused early in 2010 on resolving issues raised by the 25 December 2009 attempted terrorist attack and information sharing among the major counterterrorism centers. Subsequent terrorist attack attempts throughout the year kept the committee busy. The Counterterrorism Division provided subject matter experts as well as operational expertise for this group.

The CISO, with concurrence and support of the Information Technology Branch (ITB) and the Directorate of Intelligence, represented FBI at the Information Integration sub-committee. This group had two very active working groups. Representatives from ITB and the Criminal Justice Information Services (CJIS) Division participated in the aggressive schedule set by the Assured Sensitive But Unclassified (SBU) Interoperability Working Group to link four SBU networks , ensure email and services could be exchanged across them, documented Segment Architecture Guidance, and facilitated single-sign on capability for trusted users. The CISO collaborated with DOJ in the second working group, Assured Secret Network Interoperability, which developed work plans and established governance structure for both fusion center connectivity and enterprise governance to ensure information sharing across a nationwide secret network.

B. Information Access and Security Policy IPC
The Information Access and Security Policy IPC was formed by the National Security Staff in late 2010 to identify and develop the structural reforms needed in light of the Wikileaks breach. Leadership from the Information Technology Branch, the Security Division, and the Directorate of Intelligence were engaged by this nascent, multi-dimensional activity.

C. Office of the Program Manager for the Information Sharing Environment
The Program Manager for the Information Sharing Environment (PM-ISE) changed leadership in 2010. The new PM brought an engineering approach to the ISE and charged partners in the ISE to accelerate delivery of the policy, governance, and technical components needed to fully implement the ISE. The PM was named co-chair of the ISA IPC mid-year, resulting in a shift in some of his office’s coordinating functions to the ISA IPC structure. Many of the activities managed under this joint approach focused on communications network connectivity and information flow between the federal and state or local levels: the Sensitive But Unclassified network linkage; development of a federal SECRET communications fabric that extends to state and local levels; emplacement of equipment/processes for Nationwide Suspicious Activity Reporting (SAR); and policies to ensure protected information flow. The PM-ISE worked with Department of Homeland Security (Intelligence and Analysis), FBI, and fusion centers to assess and validate baseline capabilities at fusion centers. The PM also worked with FBI and the Nationwide Suspicious Activity Reporting Initiative (NSI) Program Management Office to ensure fusion centers have necessary capabilities to receive, fuse, report, and share information appropriately with Joint Terrorism Task Forces and other NSI partners.

Different FBI offices participated in the interactions with PM-ISE depending upon the issue being addressed. The CISO coordinated many of these interactions and maintained familiarity with the rest to ensure coordination of FBI internal and external activities.

D. Intelligence Community Information Sharing Steering Committee
The CISO represents FBI at the Intelligence Community Information Sharing Steering Committee (IC ISSC), which shifted sponsorship within the ODNI in 2010 from the IC CIO to the Policy, Plans and Management Staff. Designed to facilitate, direct, and provide a venue for collaborating on information sharing issues including policy, budgetary, process, and technical aspects, many of the functions were split between the IC CIO, the DNI Policy, Plans and Management staff, or subsumed under the ISA IPC. Nonetheless, the IC ISSC addressed information sharing challenges spanning the five critical building blocks of governance, policy, technology, culture, and economics. The IC ISSC also worked closely with ISA IPC and DoD to align and improve information sharing across the Federal Government and with state, local and tribal entities. The Information Sharing Executives from each IC element served as representatives to the IC ISSC.

E. Law Enforcement Information Sharing Program Coordinating Committee
Established by the Deputy Attorney General in 2006 and sponsored by DOJ, the Law Enforcement Information Sharing Program (LEISP) Coordinating Committee (LCC) promotes information sharing among law enforcement communities. The LCC is chaired by a member of the DAG’s staff who reports directly to the DAG on the Department’s progress on information sharing policy objectives. The Committee also includes the DOJ Chief Information Officer, the FBI CISO, senior representatives from the FBI and other DOJ investigative components, a representative from the Office of Justice Programs, a United States Attorney, and at least one additional prosecutor.

F. Criminal Intelligence Coordinating Council (CICC)
A working group under the DOJ Global Advisory Committee (GAC), the Criminal Intelligence Coordinating Council (CICC) provides policy recommendations to help agencies establish criminal intelligence sharing policies, procedures, standards, technologies, and training. The CICC comprises representatives from law enforcement and homeland security agencies from all levels of government, including the FBI. The CICC acts as an advocate for state, local, and tribal law enforcement organizations and their efforts to develop and share criminal intelligence in the promotion of public safety and national security. Senior leadership (Associate Director and DAD level) from FBI regularly made presentations to and participated in the CICC forums during 2010. The FBI also provided significant coordination on The Fusion Process Program Communications and Outreach Guidebook, published by the GAC.

G. Interagency Threat Assessment Coordination Group
Established by the President and the Congress, the Interagency Threat Assessment and Coordination Group (ITACG) facilitates the increased sharing of terrorism, homeland security, and weapons of mass destruction information between the US Intelligence Community (IC) and its State, local, tribal, and private-sector (SLTP) partners. It is led by the National Counterterrorism Center, DHS, and the FBI. The ITACG consists of state, local, and tribal first responders and federal intelligence analysts. Its mission is to facilitate the development, production, and federally coordinated dissemination of terrorism-related intelligence reporting through existing channels established by the FBI, DHS, and other agencies. The ITACG is also charged with providing advice to IC agencies on how to tailor their products to satisfy the needs of SLTP entities so that they, in turn, can better serve their customers.

H. National Joint Terrorism Task Force and Joint Terrorism Task Forces
The National Joint Terrorism Task Force (NJTTF) is a multi-agency task force consisting of 48 government agencies and critical industry representatives collocated at the NCTC. The mission of the NJTTF is twofold: 1) to enhance communications, coordination and cooperation concerning terrorism intelligence between federal, state, and local government agencies representing the intelligence, law enforcement, defense, diplomatic, public safety and homeland security community, and, 2) to support the JTTFs throughout the United States.

Located in more than 100 cities across the United States — including one in each of the FBI’s fifty-six field offices — JTTFs comprise small teams of highly-trained, locally-based investigators, analysts, linguists, SWAT experts, and other specialists from dozens of federal, state, local, and tribal law enforcement organizations and federal intelligence agencies. JTTFs investigate leads, gather evidence, make arrests, provide security for special events, conduct training, collect and share intelligence, and respond to threats and incidents at a moment’s notice.

JTTFs, like State and Local Fusion Centers, work across organizational boundaries on national terrorism issues. JTTFs, however, have a strict counterterrorism focus in contrast to SLFC’s broader focus, and JTTFs conduct investigations, whereas SLFCs do not.

Comparison of State and Local Fusion Centers and Joint Terrorism Task Forces
Joint Terrorism Task Forces State and Local Fusion Centers
Sponsored by the FBI Run by state and local authorities
Regionally and nationally-focused Are State/local-centric
Deal exclusively with terrorism matters Deal with terrorism, criminal, and public safety matters
Conduct investigations Produce actionable intelligence for dissemination to appropriate law enforcement agencies but do not conduct investigations

I. State and Local Fusion Centers
The FBI implemented a Strategy for Engagement with Fusion Centers in 2010, designed to strengthen interaction between and enhance the missions of both field offices and fusion centers. The strategy helps field offices capture information in a standardized manner to identify best practices, characterize effective collaboration between FBI field office and fusion centers, and highlights the areas in which deeper engagement can be expected to enhance the value of fusion centers to the FBI as well as increase FBI support to many fusion centers. An intense pilot phase in nearly one-quarter of the field offices was completed in the spring and lessons learned from that experience folded into full-scale implementation across all FBI field offices. By the end of the summer, a report was provided to FBI executive management detailing the engagement efforts each field office has undertaken with fusion centers. The engagement report also identified plans to resolve areas of concern, increase engagement, and enhance flow of information between field offices and fusion centers.

The FBI Engagement Strategy was one example of intensified efforts in the last year to increase cooperation between the Department of Justice (DOJ) and the Department of Homeland Security (DHS). In 2010, the Program Manager for Information Sharing Environment and DHS conducted a “Baseline Capabilities Assessment” of 68 of the 72 designated state or local fusion centers. Staff from FBI participated in validation visits to each of these centers. The objectives of the task were to assess critical operations capabilities, identify gaps and resources needed by each fusion center, and assess the overall status of the national network of fusion centers. The critical operations capabilities were a key component in this assessment, measuring five areas:

  • The ability to receive classified and unclassified information from federal partners
  • The ability to assess local implications of threat information through the use of a formal risk assessment process
  • The ability to further disseminate threat information to other state, local, tribal, territorial, and private sector entities within their jurisdiction.
  • The ability to gather locally-generated information, aggregate it, analyze it, and share it with federal partners, as appropriate.
  • Privacy and Civil Rights/Civil liberties protection measures.

A report of findings from this assessment was briefed to the Information Sharing and Access IPC in the fall.

FBI expenditures in support of fusion centers in Fiscal Year 2010 were approximately $12.5 million. The FBI has 115 personnel assigned to 59 state, local, tribal and territorial fusion centers, and has established operational access to FBINet in 33 of the 59 centers. The role of the embedded personnel is to increase information sharing through efforts to enhance the understanding and knowledge of both local and FBI needs, and to facilitate smart access to FBI systems. Embedded staff members also work to leverage the information collection capabilities of the fusion centers to support FBI mission needs and to utilize the fusion centers as dissemination points for FBI intelligence products, e.g., Intelligence Assessments, Intelligence Bulletins, and Intelligence Information Reports.

J. National Gang Intelligence Center
The National Gang Intelligence Center (NGIC) shares information and analysis on the growth, migration, and association of gangs that threaten communities throughout the United States. The NGIC manages the exchange of gang information among LEO (Law Enforcement Online), the National Crime Information Center (NCIC), the Violent Gang and Terrorist Organizations File (VGTOF), GangNet, and other major systems. NGIC supports law enforcement requests for information on suspected or known gangs and gang members and consolidates gang-related investigative data and raw intelligence into an up-to-date library of gang identification symbols, clothing, signs, tattoos, codes, writings, graffiti, and philosophies. Over 170,000 NGIC files are available to state, local, and tribal law enforcement partners.

K. The Organized Crime Drug Enforcement Task Force Fusion Center
Sponsored by the Department of Justice, the Organized Crime and Drug Enforcement Task Force (OCDETF) Fusion Center (OFC) aggregates the resources of multiple agencies and actively uses intelligence to disrupt and dismantle the most significant drug trafficking and money laundering enterprises. OFC participants include DOJ components (FBI, ATF, and DEA, whose personnel represent the largest single segment of the OFC workforce) and other agencies, such as the Internal Revenue Service, the US Postal Service, and the US Coast Guard. In total, 15 agencies are represented at OFC, with additional agencies expected to join the network.

The OFC’s information is stored in COMPASS, a DOJ-owned database.5 COMPASS acts as a single repository of information, which all fusion center personnel, regardless of home agency, are able to access and search. Using hundreds of millions of records from approximately 19 different agency case file groups, OFC personnel collect and analyze all investigative reports and source reporting related to drug, gang, weapons smuggling, organized crime, money laundering, healthcare fraud, and Indian Country violations in order to support coordinated, multi-jurisdictional investigations.

The FBI shares with OFC partner agencies data from FBI automated case files related to OCDETF, gang and other criminal enterprise matters, Controlled Substances Act/drug-related offenses, Firearms Act offenses, kidnapping, violent crimes, Indian Country criminal activity on a government reservation, health care fraud, confidential human source reporting in drug and general crimes matters, and extortion.6 The FBI screens case file data using automated and manual review prior to transmittal. Documents are provided on a regular basis. The FBI also provides more than 30 personnel in support of the OFC, including Supervisory Special Agents, Intelligence Analysts, and Management and Program Analysts. Finally, the FBI has taken steps to ensure that the needs of the OFC are incorporated into Sentinel functionality by facilitating OFC input into Sentinel programs.

L. Private Sector Stakeholders
The FBI is committed to developing effective and efficient information sharing partnerships with the private sector. While ensuring that all proprietary information is protected, the FBI will share information on incidents, threats, consequences and vulnerabilities, as appropriate. Each operational program (CI, CT, Criminal, Cyber, and WMDD) and Community Outreach has an organized, ongoing effort to engage with the private sector, and to increase awareness and build partnerships.

1. InfraGard
InfraGard is a partnership between the FBI, state and local law enforcement agencies, academic institutions, an association of businesses, and other organizations dedicated to protecting the United States national critical infrastructure7 by sharing information regarding both cyber and physical threats and vulnerabilities. The goal of InfraGard is to promote an ongoing dialogue and timely communication between InfraGard members and the FBI for investigative and intelligence gathering purposes. Since it’s founding in 1996, InfraGard has helped to establish a relationship of trust and credibility between the private sector and the FBI regarding the exchange of terrorism, intelligence, criminal, and security information.

The FBI provides information to InfraGard members in the form of alerts and advisories via secure email and a secure website. InfraGard members share information with the FBI and with each other by posting articles on the secure website, communicating via secure e-mail, bulletin boards, list servers, and networking at membership meetings. InfraGard chapters are geographically linked with FBI field office territories, and are assigned an FBI Special Agent Coordinator. The FBI Coordinator also works closely with Supervisory Special Agent Program Managers in the Cyber Division at FBI Headquarters (FBIHQ).

2. Cyber Initiative Resource Fusion Unit
The Cyber Initiative Resource Fusion Unit (CIRFU) is an FBI Cyber Division unit embedded at the National Cyber Forensics and Training Alliance (NCTFA), a non-profit corporation located in Pittsburgh, Pennsylvania. The NCFTA is a fusion center combining personnel, resources and law enforcement expertise with academia and the private sector. Experts from federal agencies, universities, Internet security companies, Internet service providers, the telecommunications sector, and the financial sector share information and collaborate on security breaches, as well as identifying current and emerging cyber threats.

3. Domestic Security Alliance Council
The Domestic Security Alliance Council (DSAC), a strategic partnership between the FBI and the US private sector, was established to promote the timely and effective exchange of information. DSAC advances the FBI mission of preventing, detecting, and investigating criminal acts, particularly those affecting interstate commerce, while advancing the ability of the U.S. private sector to protect its employees, assets, and proprietary information. Following the model built by the DOS Overseas Security Alliance Council (OSAC), the FBI stood up DSAC within the Criminal Investigative Division in 2007.

4. Counterintelligence Strategic Partnership Program
The Strategic Partnership Unit and the Strategic Partnership Coordinator in each FBI Field Office collaborate with the key private sector stakeholders of critical technology targeted by foreign adversaries. This is accomplished by fostering communication and building awareness with key academic, business and strategic entities, and by educating and enabling our partners to identify what is at counterintelligence risk and how to protect it. The FBI calls this knowing your domain: identifying the research, information and technologies that are targeted by our adversaries, and establishing an ongoing dialog and information exchange between partners to change behaviors and reduce opportunities that benefit the opposition.

M. Sharing with International Partners
The FBI routinely shares unclassified and classified information with foreign governments as part of its authorized law enforcement, national security, and intelligence missions. Sharing with foreign partners, including the exchange of biographic and biometric information regarding known or suspected terrorists, requires both flexibility and adequate security precautions. As always, the FBI adheres to strict handling restrictions and ensures the protection of U.S. Persons data. The FBI will share unclassified information with foreign governments in order to enhance the effectiveness of those governments in dealing with both terrorism and other criminal activity on foreign territory that might threaten the United States, U.S. citizens, or U.S. interests. This exchange is governed by U.S. statutes, Intelligence Community directives, MOUs, and FBI policy. The FBI only shares classified information with foreign governments when doing so advances an identifiable US national interest. FBI personnel (including contractors, task force members, detailees, etc.) may only share, disclose, or disseminate classified information to a foreign government as part of their official duties. In accordance with DCID 6/7, the exchange must be approved by a Foreign Disclosure Official (FDO)/Designated Intelligence Disclosure Official (DIDO).

The foundation of the FBI’s international program is the Legal Attaché (Legat) Program, which is administered by the FBI’s International Operations Division (IOD). IOD’s mission is to support the FBI’s mission to defeat national security and criminal threats by building a global network of trusted partners and strengthening international capabilities. The FBI has Legat offices and sub offices in over 70 key cities around the world, providing coverage for more than 200 countries, territories, and islands. Due to their relationships with law enforcement and intelligence services abroad, Legats are familiar with investigative rules, protocols, and practices that differ from country to country. They are thus well-positioned to collect, analyze, and disseminate the intelligence that directly impacts the US national interests both domestically and abroad.

FBI is revising its Foreign Dissemination Policy Implementation Guide (FDPG) to reflect several policy updates. The new version will include the provisions for the dissemination of unclassified information (i.e. CUI, Law Enforcement Sensitive (LES), and For Official Use Only (FOUO) information). This information will be posted on the FBINet Foreign Dissemination SharePoint site. The site provides a single reference point for the latest FBI and ODNI policy on foreign dissemination, and helps those who directly disseminate information to foreign governments by providing an extensive policies and procedures guide. The site also includes resources for FBI DIDOs including current DNI foreign dissemination policies, FBI internal foreign dissemination policies, and many pertinent materials regarding foreign dissemination for those individuals authorized to share classified and unclassified information with foreign governments.

VI. Information Sharing Environments and Products
Technology is generally considered an enabler for information sharing. Appropriate application of technology received more attention across the government for both enabling and controlling access to information. At the same time, the FBI continued to adjust its intelligence dissemination practices to meet current information sharing practices. This was reflected within the Information Technology Branch (ITB), as it led modernization of the FBI information technology infrastructure, as well as the Directorate of Intelligence (DI), which expanded efforts to ensure that information gets to the right place, in the right form, in the right time.

A. Next Gen Network (NGN) and Next Generation Workspace (NGW)
This year the FBI was honored with the prestigious “Government Innovator” award at the InformationWeek 500 Awards dinner for two programs that provide dramatic improvements to the Bureau’s IT capabilities: The Next Generation Network (NGN) and the Next Generation Workspace (NGW). Cited as a landmark achievement for the Bureau, the NGN project increased bandwidth and reduced latency in 800 locations worldwide. Additionally, the NGN team replaced outdated hardware, “flattened” the network, and migrated the FBI’s Wide Area Network to Internet Protocol (IP) /Multi-Protocol Label Switching architecture. Users now enjoy faster login times, connections, downloads/uploads of data transfers, and communications.

Similarly, the NGW project was developed to bring state-of-the-art workstations to FBI employees. The FBI now has 30,177 new NGW desktop environments. These top-notch stations include upgraded operating systems; faster computers with supersized memory; 24-inch monitors with integrated speakers; upgraded office suite software; instant messaging; and secure video cameras, headsets, speakers, and voice over IP network phones.

Both projects assist the agents, analysts, and professional staff share information and quickly arrange for impromptu meetings and conferences with colleagues around the globe.

B. Data Integration and Visualization System (DIVS)
The Data Integration and Visualization System (DIVS) program is one of the Director’s top priority initiatives. It provides FBI users access to information contained in multiple FBI, Intelligence Community, and Law Enforcement data repositories. DIVS provides a single point through which Agents and Analysts search multiple data sources, filter their results and quickly locate the information that is most pertinent to their investigations.

  • Searches data from multiple data systems
  • Supports intelligence analysis
  • Provides advanced search capabilities
  • Ability to search on foreign character sets
  • Supports Boolean operators such as (AND, OR, NOT)
  • Provides a graphical representation of search results
  • Threat assessment timeline supports filtering based on dates
  • Displays Analyst markings

C. Law Enforcement Online
The FBI’s Law Enforcement On-Line (LEO) system provides a web-based platform on a secure computer network accessible via the Internet and available to international, federal, state, local, and tribal law enforcement agencies. LEO enables the expedient sharing of sensitive information and provides access to an extensive array of FBI and other law enforcement agency databases and services at the sensitive but unclassified level. LEO gives law enforcement officers around the country access to CUI/SBU information, intelligence reports, and alerts. LEO also offers a real time electronic command center known as the Virtual Command Center (VCC) for information sharing and crisis/incident management accessible at local and remote sites.

LEO has other information sharing features:

  • A national alert system capable of sending emergency alerts and notifications to e-mails, pagers, cellular telephones, Blackberries, and other wireless devices.
  • SIGs (Special Interest Groups) that allow authorized members who share expertise or interests in specific topic areas (e.g., terrorism, street gangs, bombs) to share information and connect with each other.
  • Access to important and useful databases, such as run by the National Center for Missing and Exploited Children and the Violent Criminal Apprehension Program.
  • Secure e-mail services, which enable members to submit fingerprints to the FBI for processing by the Integrated Automated Fingerprint Identification System (IAFIS).
  • Distance learning classes, including several online learning modules on topics such as terrorism response and forensic anthropology.
  • A multimedia library of publications, documents, studies, research, technical bulletins, and other reports of interest to LEO users.

In 2010, LEO implemented final steps to facilitate identity management and access control across its own network and also across three other government networks carrying sensitive but unclassified (SBU) data. Success pilot of the LEO program was instrumental in allowing creation of a SBU-network called for by the White House.

D. N-DEX: The National Data Exchange and OneDOJ
Two initiatives within the LEISP – National Data Exchange (N-DEX) and OneDOJ – are in the process of merging into a single, unified capability.

N-DEX is a national criminal law enforcement information-sharing system available through LEO and other web-based means to law enforcement and criminal justice agencies. It provides law enforcement agencies with a powerful investigative tool to search, link, analyze and share criminal justice information on a national basis to a degree never before possible. N-DEX was developed as a full criminal justice life-cycle data repository by the FBI’s CJIS Division and is governed by the Criminal Justice Information Services (CJIS) Advisory Policy Board (APB), which is an inter-agency board responsible for reviewing policy issues and appropriate technical and operational issues related to the programs administered by the FBI's CJIS Division. N-DEX serves as a repository of information contributed by local, state, tribal, and federal Law Enforcement Agencies, including DOJ. Data currently consists mostly of incident and arrest reports, but will eventually include booking, incarceration, parole, probation, and other types of information. N-DEX allows any agency to contribute and share law enforcement information with any other agency.8 The system provides collaborative tools and powerful analytical and correlation capabilities to help investigators solve crimes by illuminating useful but not obvious relationships between people, places, and things. As of October 2010, the N-DEX system had approximately 8,000 registered federated users and a total of 101 million records contributed by 23 local, state, regional, or federal information sharing systems comprised of law enforcement agencies (LEAs), including the FBI.

OneDOJ is a DOJ repository for law enforcement information sharing with other federal, state, local and tribal law enforcement agencies through connections with regional information sharing systems. All DOJ law enforcement components—ATF, DEA, the FBI, and the USMS—are sharing information in OneDOJ under consistent policy and technical standards. Shared information includes open and closed case documents, investigative reports, witness interviews, criminal event data, criminal history, incarceration information, and other identifying information about individual offenders.

External partners may access and search the OneDOJ system (but may not contribute information to the system) through a federated access service. As of October, 2010, there were over 20 million searchable records and nearly 700 registered users, including both federal law enforcement agencies and local law enforcement agencies.

LEISP and CJIS are converging capabilities delivered by OneDOJ and N-DEX in support of the LEISP strategy to share criminal information routinely and securely across jurisdictional boundaries. The integration will enable users to experience the best aspects of both systems: it will provide a transparent vehicle that will leverage the advantages of a data repository with the capabilities and characteristics of a federated system. All participating LEA users will be able to use existing applications or tools to access both national law enforcement data and the advanced operational functions of N-DEX, including the ability to search and correlate data from multiple sources. CJIS has developed and fielded a national implementation plan for integrating N-DEX and OneDOJ and for the phased addition of field offices to cover all regions of the country.

E. Nationwide Suspicious Activity Reporting Initiative/eGuardian
The FBI Counterterrorism Division's (CTD) Guardian Management Unit (GMU) created an unclassified version of its Guardian program, called eGuardian, to provide participating federal, state, local, and tribal law enforcement partners with a free, secure but unclassified web-based suspicious activity reporting (SAR) system, accessible via Law Enforcement Online, and facilitate situational awareness of potential terrorist threats and activity. It was created in response to the Intelligence Reform and Terrorism Prevention Act of 2004 mandate to share terrorism information with federal, state, local, and tribal law enforcement partners. The system has been modified and improved based on feedback and suggestions from officers and analysts in local, state, federal and tribal law enforcement partner agencies. Modifications have also been made to enable system incorporation into the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI), which stood up a Program Management Office in 2010.9

The number of eGuardian agencies and users continued to grow in 2010. As of November 2010, there were over 860 member agencies with a total of 2,790 users in the system. These member agencies include local police and sheriff departments, state-level agencies and fusion centers, tribal law enforcement, campus law enforcement, and federal agencies.

Two major developments helped to expand the use of eGuardian last year. First, on September 30, 2010, the Department of Defense (DoD) began a two-year, multi-stage enrollment of users which will culminate in the addition of approximately 8,500 users/contributors to the eGuardian system. Second, the FBI modified its internal business processes and began pushing unclassified Guardian incidents to eGuardian, ensuring the FBI participation in the eGuardian system and the information sharing process; 592 unclassified incidents have been pushed from Guardian to eGuardian and the ISE Shared Space.

A final factor has also contributed to the growth of the eGuardian user base: it has demonstrated the ability to mitigate threats. Of the roughly 6500 incidents entered into eGuardian in the last two years, 101 incidents have been converted to either Preliminary or Full Field Investigations and 364 cases enhanced as a result of information provided through eGuardian. A total of five arrests have been made in five separate investigations, of which two have resulted in convictions thus far.

F. FBI Information Production
As part of its extensive intelligence collection and analysis efforts, the FBI produces written products to be shared within the FBI and with other members of the Intelligence Community (IC), as well as federal, state, local, tribal, and foreign law enforcement agencies. In order to facilitate information sharing across the Intelligence Community, the FBI posts its intelligence products on several unclassified, secret, and top secret platforms. The FBI began disseminating raw, unfinished intelligence reporting from field offices this year. However, all FBI finished intelligence products that are meant for an external audience are coordinated through and disseminated by the Directorate of Intelligence. The intelligence products produced by the FBI are described in detail below.

1. Library of National Intelligence
Intelligence Community Directive (ICD) 501 requires IC agencies to populate the Library of National Intelligence (LNI) with all eligible product types. The FBI is meeting this requirement. The purpose of the LNI is to provide a single, searchable repository for all text-based intelligence disseminated across the IC in order to promote secure, IC-wide information sharing and collaboration. Information sharing disputes within the FBI will be facilitated and resolved by the FBI Sensitive Review Board, as required by ICD 501.

The LNI distinguishes between the discovery and retrieval of information. In this context, “discovery” means learning of the existence--but not necessarily of the content--of intelligence or analysis; while “retrieval” refers to obtaining the actual content of the intelligence or analysis. Authorized Intelligence Community Personnel (AICPs) are able to discover all information contained within the LNI regardless of classification, but can retrieve only those documents for which they have approved access based on their security clearance, agency affiliation, and approved mission-need.

The LNI is being implemented in phases with the first four phases focusing on the type of disseminated products. These products include FBI Intelligence Assessments, Intelligence Bulletins, and Intelligence Information Reports, and Intelligence Studies. In accordance with the requirements of ICD 501, the FBI is posting these intelligence products to the LNI unless a document contains information outside the scope ICD 501 or information that the FBI has requested be exempted from inclusion in the LNI. The scope of ICD 501 does not apply to purely law enforcement information, including domestic terrorism, public corruption, civil rights violations, financial crime, or crimes against children. Other categories of information that are exempt from discovery include reports about espionage, espionage damage assessments, sensitive source information/sensitive operational equities, and counterintelligence investigation information on allies or strategic partners.
The Directorate of Intelligence published guidance in 2010 detailing FBI policies on dissemination of raw and finished intelligence. An introductory-level training course for FBI analysts on this topic is available via the FBI Virtual Academy. Additional training on application of these policies is offered in training to field offices.

2. FBI Finished Intelligence Products
Intelligence Assessments (IAs): IAs10 are intended to convey analytic conclusions about an issue or threat based on a comprehensive analysis of all available information, usually from multiple and open sources. They are tailored to the needs of intelligence consumers and are intended to be relevant, timely, and forward-looking. IAs address issues and identify implications and potential alternative outcomes or explanations to help the user formulate a course of action. IAs range from seven to ten pages in length and are approved for dissemination by the Section Chief in the relevant FBIHQ Directorate of Intelligence (DI) Analytical Section.

Intelligence Bulletins (IBs): IBs highlight new developments or trends. They are more limited in focus and depth than IAs, but as finished intelligence products go beyond reporting raw information. They create context for the new information and may offer an analytic judgment regarding its importance and impact. IBs are generally one to three pages in length, and like IAs, are approved for dissemination by the Section Chief in the relevant DI Analytical Section.

Intelligence Studies (ISs): ISs are comprehensive analytical works intended to convey conclusions about issues or threats that are based on comprehensive analyses of all available information, generally from multiple sources.

Intelligence Notes (INs): INs are operational vehicles used to convey tactical or operational intelligence between investigative and case support/case management entities, and are not intended for dissemination outside the FBI.

Intelligence Memorandums (IMs): IMs are text-based briefing or information-sharing products, generally for senior management officials. To achieve brevity, much of the underlying reporting and analysis in the memos are condensed to provide the audience with an essential understanding of the threats, as well as the actions proposed or actions already taken by the FBI to counter such threats.

Special Event Threat Assessments (SETAs): SETAs are a specific type of intelligence assessment designed to inform law enforcement and security planners of potential threats to an event, its venue, or its participants. Events are assigned ratings according to the Special Event Assessment Rating (SEAR) scale.

Intelligence Information Reports (IIRs): IIRs are the mechanism through which raw intelligence is shared within the FBI and throughout the intelligence and law enforcement communities. They are also the primary means by which the ODNI monitors and measures the FBI’s intelligence reporting performance. ‘Raw intelligence’ refers to unevaluated intelligence information, generally from a single source, which has not been fully evaluated, integrated with other information, or interpreted and analyzed. The FBI produced 25,012 IIRs in CY 2010 across the counterintelligence, counterterrorism, criminal intelligence, cyber, and weapons of mass destruction programs.

The intelligence in IIRs must be new, detailed, authoritative, and of interest. IIRs must also respect the right of U.S. persons to participate in constitutionally protected activities. They may not be based solely on the exercise of First Amendment protected activities, or on the race, ethnicity, national origin, or religion of the subject. Threats should be reported via IIR only if the information is sufficiently detailed and reliable to serve as a basis for preventive action. IIRs must conform to these specifications:

  • New: The information contained in the IIR must not have been previously reported by the same source, open source, or be well-known and assumed as fact by the Intelligence or Law Enforcement Communities;
  • Detailed: The IIR should answer who, what, where, when, why, and how events in the IIR were attributed to or occurred. All six need not necessarily be included, but the totality of information should provide recipients with enough information to actually use the intelligence (i.e. it should be actionable);
  • Authoritative: An IIR is authoritative if its source (or sources) could credibly have access to the information presented. The source's access need not be confirmed, but the standard is whether the source could be in a position to have learned the intelligence that the IIR contains;
  • Of Interest: The IIR must address at least one FBI National or Field Office Collection Requirement; and
  • U.S. Persons: Any U.S. Person named in the IIR should meet the following standards:
    • The FBI has an open investigation on the individual or there is an indication or allegation that the person has engaged (or will engage) in criminal activity or a threat to national security;
    • The IIR would be devoid of analytic/actionable value if the name were excluded and the IIR will assist the recipient agency in conducting a lawful criminal or intelligence investigation or will assist the recipient agency in the performance of any of its authorized functions.

Tearlines: A tearline is the area in a raw or finished intelligence product where selected information of a more highly classified and/or controlled report is removed and/or sanitized to enable broader dissemination of the product at various classification levels. The remaining material contains the substance of the original intelligence without identifying sensitive sources and methods. The Director of Central Intelligence Directive (DCID) 8/1 Intelligence Community Policy on Intelligence Information Sharing (Section 2.B) requires the FBI to provide intelligence at multiple security levels appropriate to the security authorizations of the intended recipients, and tearlines are one method to accomplish this. The following topics would be suitable for tearline dissemination:

  • Imminent threats to state, tribal, or local personnel or jurisdictions;
  • Potential targets of terrorism within foreign, state, tribal, or local jurisdictions;
  • Activities, financing, and capabilities of terrorist or criminal organizations; and
  • Collaboration among terrorist or criminal organizations.

Situational Information Reports (SIRs): SIRs are vehicles for field offices to share locally derived information on criminal or domestic terrorism matters that are relevant or of interest to only entities within their domain, such as state, local, and tribal law enforcement partners. Because the information is typically operational in nature and actionable by or relevant to only a limited audience in specific domains, it usually does not meet the same criteria that the FBI has established for intelligence products such as IIRs, IBs, ISs, or IAs.

Appendix A: Authorities and Governing Principles for FBI Information Sharing, Privacy and Civil Liberties (Annotated) Framework11

The vital role of information sharing in the protection of our national security has been recognized and embraced at all levels of our federal government. Legislation and regulations have been enacted and programs and strategies established which operationalize and mandate the principles of information sharing, all while protecting the privacy and civil liberties of United States citizens. The important legislation, directives, regulations and programs which mandate and authorize information sharing activities and protection of privacy and civil liberties are described here.

Privacy and civil liberties are deeply respected and vigorously protected by the FBI. Rigorous obedience to the Constitution of the United States, respect for the dignity of all those we protect, compassion, fairness, and uncompromising personal and institutional integrity are core values of the organization and are reflected in the implementation of FBI programs. The United States Constitution, for example and particularly the Bill of Rights, especially the First Amendment relating to freedoms of speech, assembly, the press and religion, and the Fourth Amendment relating to searches and seizures and probable cause as a basis for warrants.

The Privacy Act of 1974, 5 U.S.C. § 552a, Public Law No. 93-579 (Dec. 31, 1974), which governs the collection, use, maintenance and dissemination of information concerning U.S. citizens and aliens lawfully admitted for permanent residence by the FBI and other federal agencies. The Act restricts what agencies can do with personally identifiable information in the absence of consent of the individual to whom the information pertains and imposes rules on agencies to be transparent about what information they collect and why.

FBI records are largely exempt from the access and amendment provisions of the Privacy Act because of their nature, but as a matter of discretion, the FBI may permit one-page statements of disagreement with facts found in records to be submitted by the record holder. This process is described in 28 C.F.R. 16.46(d).

The Freedom of Information Act (FOIA), Public Law 89-554, 80 Stat. 383 (September 6, 1966; Amended 1996, 2002, 2007); which offers transparency of government operations by allowing any individual to request government records and to receive them, subject to applicable statutory exemptions.

Since FBI records are largely exempt from the access and amendment provisions of the Privacy Act, most individuals obtain access to FBI information through the FOIA.

Section 108 of the E-Government Act of 2002, Public Law 107–347347, 44 U.S.C. Ch 36 (December 17, 2002), as amended, which requires agencies to analyze privacy protections when developing information technology systems and to prepare Privacy Impact Assessments explaining privacy risks and their mitigation.

As a matter of policy, FBI conducts PIAs on all IT systems, despite the fact that national security systems are exempt from this requirement and a significant number of our systems qualify as national security systems.

Section 1016 of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004, Public Law 108-458 (December 17, 2004), applied the lessons of the September 11 attacks to reform the IC and the intelligence and intelligence-related activities of the United States Government. Among other things, the Act established the position of DNI, the NCTC, and the Privacy and Civil Liberties Oversight Board. Section 1016 of IRTPA was amended in 2007 to include homeland security information and weapons of mass destruction information. It codifies many of the recommendations developed in response to the President’s information sharing guidelines, such as the creation of the ITACG and the development of a national network of state and major urban area fusion centers; and, requires the President to establish an Information Sharing Environment (ISE).

The ISE is defined in the Act as “an approach that facilitates the sharing of terrorism and homeland security information, which approach may include any methods determined necessary and appropriate for carrying out this section.” Its principal goal is to enable and encourage the sharing of terrorism information in a manner consistent with national security and applicable legal standards relating to privacy and civil liberties. In practice, the ISE leverages existing capabilities by adjusting and integrating current policies, business processes, standards, and systems in order to improve information sharing among all ISE participants. The authors of IRTPA carefully avoided calling the ISE a “system” or “information sharing network.” The term “environment” was used to describe a virtual infrastructure or framework which enhances and streamlines information sharing in the IC.

The IRTPA also required that the ISE incorporate protections for individuals' privacy and civil liberties. Our policy for protecting privacy in the Information Sharing Environment is intended to implement this statute.

Foreign Intelligence Surveillance Act of 1978 (FISA), Public Law 95-511, 92 Stat. 1783, 50 U.S.C. ch.36, S. 1566 (October 25, 1978), as amended, which, among other provisions, establishes a separate court to oversee the collection of electronic communications in the United States and requires minimization of U.S. person information prior to use or dissemination unless the information is evidence of a crime.

Executive Order 12333, United States Intelligence Activities (December 4, 1981), as amended, which governs intelligence collection activities and which states that “[t]he United States Government has a solemn obligation, and shall continue in the conduct of intelligence activities under this order, to protect fully the legal rights of all United States persons, including freedoms, civil liberties, and privacy rights guaranteed by Federal law.” This Executive Order sets out the responsibilities for all members of the Intelligence Community, including the FBI.

Executive Order 13388, Further Strengthening the Sharing of Terrorism Information to Protect Americans (October 25, 2005), superseded Executive Order 13356, which encouraged the sharing of terrorism information but only in a way that protects freedom and information privacy rights of Americans. Executive Order 13388 requires agencies to give the highest priority to the detection, prevention, disruption, preemption, and mitigation of the effects of terrorist activities against the territory, people, and interests of the United States of America; and to share terrorism information with all federal, state, local, tribal and private partners, but to do so in a way that protects the freedom, information privacy, and other legal rights of Americans.

Attorney General Guidelines for Domestic Operations (AGG-DOM), which recognize importance of conducting all activities in "a lawful and reasonable manner that respects liberty and privacy and avoids unnecessary intrusions into the lives of law-abiding people." These Guidelines are issued under the authority of the Attorney General as provided in sections 509, 510, 533, and 534 of title 28, United States Code, and Executive Order 12333. They apply to domestic investigative activities of the FBI and are enforced through FBI and DOJ oversight.

FBI Policy for Protecting Privacy in the Information Sharing Environment, which states that the FBI will share terrorism information, as defined in section 1016 of the IRTPA (codified at 6 U.S.C.A. Section 485), according to law, Executive Orders, Department of Justice and FBI policy, Office of the Director of National Intelligence Directives, mission justification, and the lawful authority of the requester and in a manner that protects the privacy, civil liberties, and other legal rights of U.S. people.

FBI Core Values, which begin with and are based on "rigorous obedience to the Constitution."

"Rigorous obedience to constitutional principles ensures that individually and institutionally our adherence to constitutional guarantees is more important than the outcome of any single interview, search for evidence or investigation... Fairness and compassion ensure that we treat everyone with the highest regard for constitutional, civil, and human rights."

Domestic Investigations and Operations Guide (DIOG), which expands upon this privacy and civil liberties policy statement, weaving respect for privacy and civil liberties throughout the manual and making them an integral part of every investigative activity. The DIOG establishes the FBI’s internal rules and procedures to implement the Attorney General’s Guidelines for Domestic FBI Operations and is enforced through internal FBI oversight, as well as review by DOJ.

Strong oversight by Congress, the Executive Branch and the courts:

  • Intelligence Oversight Board (IOB) - reports violations of statutes, executive orders, presidential directives, and regulations and other significant or highly sensitive matters to the President
  • Department of Justice – National Security Division (NSD) – conducts National Security Reviews for compliance with AG Guidelines and Minimization reviews for compliance with minimization procedures
  • Department of Justice – Office of the Inspector General (OIG) - Conducts internal investigations of suspected violations of law and internal regulations
  • FISA Court - approves minimization procedures adopted by the Attorney General
  • Legislative Oversight: Senate and House Select Committees on Intelligence; Senate and House Judiciary Committees
  • FBI Office of Integrity and Compliance – develops, implements, and oversees a program to ensure strict compliance with all applicable laws, regulations, rules and policies. Program managers must proactively identify legal risks and implement plans to mitigate them.

Intelligence Community Directive 501, “Discovery and Dissemination or Retrieval of Information Within the Intelligence Community,” was issued by the DNI and became effective on January 21, 2009. This directive charges each agency in the IC with a “responsibility to provide” information, thereby ensuring agencies can “discover” and “request” intelligence from each other in order to fulfill their respective missions. ICD501 does not apply to purely law enforcement information. If, however, it contains intelligence-related information, that information is subject to ICD 501. In order to facilitate the efficient sharing of this information, members of the IC, including the FBI, must make all intelligence and analysis available to each other by automated means. Although there remain ways to withhold information in limited circumstances, authorized IC members who request intelligence will be presumed to have a “need to know.” To withhold information, an IC element must show that sharing will jeopardize the protection of sources, methods or activities, compromise a criminal or national security investigation, or be inconsistent with the law. The ODNI has defined standards and information technology architecture requirements that all IC elements must follow to perform this process. The IC Information Sharing Executive will develop, in consultation with IC elements, including the FBI, integrated implementation plans that set forth the required benchmarks each IC element must meet in order to achieve ICD 501 policy objectives.

Law Enforcement Information Sharing Program. The Department of Justice established the LEISP to achieve the Department’s vision of creating relationships and methods for routinely and securely sharing criminal information across jurisdictional boundaries. It mandates the kind of wide-reaching information sharing program necessary to deter terrorism and to increase the amount of information available for the investigation and prosecution of criminal activity. The LEISP was designed in response to IRTPA requirements and Attorney General mandates for sharing DOJ data with the ISE.

The LEISP requires all DOJ components to share law enforcement information—unclassified and classified—with all law enforcement partners, with the exception of certain categories of information designated by the Deputy Attorney General (DAG). It minimizes barriers to information sharing, provides a single point of contact for DOJ information, and provides a foundation for information sharing among law enforcement at the federal, state, local, and tribal levels.

To advance and support the LEISP strategy, the DAG directed the FBI and other DOJ components to participate in regional and national law enforcement information sharing initiatives.12 Accordingly, the FBI has implemented information sharing technologies which support this directive and which operationalize the FBI’s National Information Sharing Strategy. The Law Enforcement National Data Exchange (N-DEX) program is a national information sharing system designed for use by all federal, state, local, and tribal law enforcement agencies. N-DEX allows agencies to search and analyze data using powerful automated capabilities. It will soon incorporate OneDOJ, an alliance of law enforcement systems, to create a single, unified resource for information sharing services. OneDOJ allows information sharing among the DOJ’s law enforcement components—the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF); the Bureau of Prisons (BOP); the Drug Enforcement Agency (DEA); the FBI; and the US Marshals Service (USMS)—and regional law enforcement agency partners. More information on this merged capability is presented in the N-DEX section.

FBI National Information Sharing Strategy. The NISS is the FBI’s strategy for information sharing. It provides the common vision, goals, and framework to guide FBI information sharing initiatives. The NISS complies with both the Attorney General and the DNI guidelines for information sharing and seeks to balance the "responsibility to provide" with the need to protect sources, investigative operations, national security information, and the civil liberties of US Persons.

The NISS has two primary objectives: 1) to create and sustain a culture of information sharing, and 2) to develop and maintain an information technology (IT) infrastructure that enables a broad spectrum of standards-based information sharing activities. The NISS identifies specific customer sets for these information sharing activities: internal FBI; Executive Branch; federal departments and agencies; state, local, and tribal entities; private sector; and foreign partners.

Appendix B: Acronyms
AAT Advanced Analysis and Tools Cell
ACS Automated Case Support System
AGG-DOM Attorney General Guidelines for Domestic Operations
APG Access Policy Group
A-Space Analytic Space
ATF Bureau of Alcohol, Tobacco, Firearms, and Explosives
BOP Bureau of Prisons
CDC Chief Division Counsel
CICC Criminal Intelligence Coordinating Council
CISO Chief Information Sharing Officer
CJIS Criminal Justice Information Services
COI Community of Interest
CSG Counterterrorism Steering Group
CTMIX Community Terrorism Metadata Index
CUI Controlled Unclassified Information
DAG Deputy Attorney General
DaLAS Data Loading and Analysis System
DEA Drug Enforcement Agency
DHS Department of Homeland Security
DI Directorate of Intelligence
DIDO Designated Intelligence Disclosure Official
DIOG Domestic Investigations and Operations Guide
DNI Director of National Intelligence
DoD Department of Defense
DOJ Department of Justice
FBI Federal Bureau of Investigation
FBIHQ FBI Headquarters
FDM Foreign Dissemination Manual
FDO FBI Foreign Disclosure Officer
FIG Field Intelligence Group
FISA Foreign Intelligence Surveillance Act
FOIA Freedom of Information Act
FOUO For Official Use Only
FPAG Federal Private Alliance Group
HSDN Homeland Secure Data Network
HSPD Homeland Security Presidential Directive
IA Intelligence Assessment
IAFIS Integrated Automated Fingerprint Identification System
IB Intelligence Bulletin
IC Intelligence Community
ICD Intelligence Community Directive
IC ISSC Intelligence Community Information Sharing Steering Committee
IDW Integrated Data Warehouse
IIR Intelligence Information Report
IOB Intelligence Oversight Board
IOC International Organized Crime
IM Intelligence Memorandum
IN Intelligence Note
IPM/ASAC Intelligence Program Manager/Assistant Special Agent in Charge
IS Intelligence Study
ISA IPC Information Sharing and Access Interagency Policy Committee
ISC Information Sharing Council
ISE Information Sharing Environment
ISPB Information Sharing Policy Board
ISPG Information Sharing Policy Group
IRTPA Intelligence Reform and Terrorism Prevention Act of 2004
IST Information Sharing Team
ITACG Interagency Threat Assessment Coordination Group
JTTF Joint Terrorism Task Forces
JWICS Joint Worldwide Intelligence Communications System
LCC LEISP Coordinating Committee
LEA Law Enforcement Agency
LEGAT Legal Attaché
LEISP Law Enforcement Information Sharing Program
LEO Law Enforcement Online
LES Law Enforcement Sensitive
LNI Library of National Intelligence
MLAT Mutual Legal Assistance Treaties
MOU Memorandum of Understanding
NCTC National Counterterrorism Center
N-DEX Law Enforcement National Data Exchange
NCIC National Crime Information Center
NGIC National Gang Intelligence Center
NIS National Intelligence Strategy
NISS National Information Sharing Strategy
NJTTF National Joint Terrorism Task Force
NSB National Security Branch
NSC National Security Council
NSD National Security Division
NSI Nationwide SAR Initiative
NSIS National Strategy for Information Sharing
OCDETF Organized Crime Drug Enforcement Task Force
ODNI Office of the Director of National Intelligence
OFC Organized Crime Drug Enforcement Task Force Fusion Center
OIG Office of the Inspector General
PII Personal Identifying Information
POC Point of Contact
PM-ISE Program Manager - Information Sharing Environment
PMO Program Management Office
PSU Production Services Unit
SAR Suspicious Activity Report
SBU Sensitive but Unclassified Information
SCI Sensitive Compartmented Information
SEAR Special Event Assessment Rating
SETA Special Event Threat Assessment
SIG Special Interest Group
SIPRNET Secret Internet Protocol Router Network
SIR Situational Information Report
TIDE Terrorist Identities Datamart Environment
USC United States Code
USMS United States Marshals Service
VGTOF Violent Gang and Terrorist Organizations File
VPN Virtual Private Network

End Notes

1 Federal Bureau of Investigation, National Information Sharing Strategy.  Posted at http://www.fbi.gov/stats-services/publications.

2 See Document Library:  Presidential Memo, 2009-12-17:  Strengthening Information Sharing with the Establishment of Two Program Management Offices.

3 See Appendix A for additional information on the authorities and guiding principles that govern FBI information sharing, Privacy and Civil Liberties Privacy Framework and the oversight bodies.

4 Federal Bureau of Investigation, National Information Sharing Strategy.  http://www.fbi.gov/stats-services/publications

5  This is separate and independent from the internal FBI reporting system of the same name.

6 The complete list of FBI case classifications shared with the OFC is available upon request to the CISO office.

7 Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government.  These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States.

8  The Template for FBI Participation in Law Enforcement National Data Exchange (N-DEx) is available upon request to the CISO office.

9 The NSI is a program designed to record and share terrorism-related SARs.  eGuardian and the FBI are full partners with the Office of the Director of National Intelligence, the Department of Justice Bureau of Justice Assistance, the Department of Homeland Security, and the Program Manager for the NSI.  Local repositories of suspicious activity reports with a potential nexus with terrorism are referred to individually as an ISE “Shared Space” and collectively as the ISE Shared Spaces, to include the eGuardian system.  SAR data in the ISE Shared Spaces is accessible via secure Controlled Unclassified Information (CUI) networks by authorized users.

10 Intelligence Assessments serve a different purpose and are distinct from investigative activities called Assessments; see the FBI Domestic Investigations and Operations Guide (DIOG), section 5.

11 The FBI Privacy and Civil Liberties Framework has been annotated with additional information, such as statute and U.S. Code (USC) section numbers, dates, etc.

12 See Document Library:  Deputy Attorney General, Paul J. McNulty, Memorandum, "Law Enforcement Information Sharing Policy Statement and Directives" 21 December 2006.

Table of Contents line

I. Executive Summary

II. Recent Highlights

III. Policy Updates

IV. FBI Information Sharing Elements

A. Information Sharing Policy Board
B. The Chief Information Sharing Officer
C. Access Policy Group
D. Information Sharing Teams

V. Information Sharing Communities and Programs

A. Information Sharing and Access Interagency Policy Committee
B. Information Access and Security Policy IPC
C. Office of the Program Manager for the Information Sharing Environment
D. Intelligence Community Information Sharing Steering Committee
E. Law Enforcement Information Sharing Program Coordinating Committee
F. Criminal Intelligence Coordinating Council (CICC)
G. Interagency Threat Assessment Coordination Group
H. National Joint Terrorism Task Force and Joint Terrorism Task Forces
I. State and Local Fusion Centers
J. National Gang Intelligence Center
K. The Organized Crime Drug Enforcement Task Force Fusion Center
L. Private Sector Stakeholders
1. Infragard
2. Cyber Initiative Resource Fusion Unit
3. Domestic Security Alliance Council
4. Counterintelligence Strategic Partnership Program
M. Sharing With International Partners

VI. Information Sharing Environments and Products

A. Next Gen Network (NGN) and Next Generation Workspace (NGW)
B. Data Integration and Visualization System (DIVS)
C. Law Enforcement Online
D. N-DEX: The National Data Exchange and OneDOJ
E. Nationwide Suspicious Activity Reporting Initiative/EGuardian
F. FBI Information Production
1. Library of National Intelligence
2. FBI Finished Intelligence Products

Appendix A: Authorities and Governing Principles For FBI Information Sharing, Privacy and Civil Liberties (Annotated) Framework

Appendix B: Acronyms

End Notes