Bills Introduced – 02-26-18

Yesterday, with both the House and Senate back in town after the long week off for President’s day, there were 21 bills introduced. Of those, two may be of specific interest to readers of this blog:

HR 5089 To improve threat information sharing, integrated operations, and law enforcement training for transportation security, and for other purposes. Rep. Barragan, Nanette Diaz [D-CA-44]

HR 5094 To direct the Secretary of Homeland Security to improve suspicious activity reporting to prevent acts of terrorism, and for other purposes. Rep. King, Peter T. [R-NY-2]

I will be watching HR 5089 for its potential effects on chemical transportation security.

While I suspect that HR 5094 will be very generic in scope, I will be watching it for potential impacts on chemical facility security and (a real remote possibility) cybersecurity.

FEMA SAR Privacy Exemption NPRM

Yesterday I wrote about a new Privacy Act system of records being established by the Federal Emergency Management Administration (FEMA) to support that agency’s implementation of the Department of Homeland Security’s ‘See Something Say Something’ program. Today, FEMA published in the Federal Register (76 FR 60387-60388) the notice of proposed rulemaking (NPRM) that I mentioned in that posting proposing the standard law enforcement Privacy Act exemptions for disclosure of personal information be applied to this new system of records.

Generally the Privacy Act provides that if a Federal government agency is keeping personal information on an individual that agency has a responsibility for notifying the individual of that record keeping, allowing the individual access to the information in those records, and providing a method for the individual to correct any incorrect information in that record.

The Privacy Act provides guidance on when those rules may legitimately be ignored by Federal agencies upon notice of proposed rulemaking. One of the typical examples is for records maintained for law enforcement or national security related investigations. Obviously law enforcement and intelligence type agencies cannot be forced to disclose information obtained in the process of an investigation while that investigation is on-going; that would allow subjects of investigation to better hide their illegal activities.

This NPRM is proposing that the FEMA Suspicious Activity Reporting system of records be exempted from four specific requirements related to the processing of requests for information under the Privacy Act. Those exemptions would be applied on a case-by-case basis when such requests are received by FEMA. Those exemptions cover:

• Accounting for disclosure of information to other Federal, State and local investigational agencies;

• Allowing individuals access to personal information being held about them in the system of records;

• Justifying the relevancy and necessity of the information being held in the system of records; and

• Maintaining rules and procedures for allowing access to the information being exempted.

As with all NPRM’s, public comments are being solicited. Comments may be posted to the Federal eRulemaking Portal (www.regulations.gov; Docket Number: DHS-2011-0091) and need to be submitted by October 31, 2011.

FEMA SAR Privacy Act Notice

Today, the Federal Emergency Management Agency (FEMA) published a notice in the Federal Register (76 FR 60067-60070)that they were establishing a new system of records covered under provisions of the Privacy Act of 1974; the DHS/FEMA – 012 Suspicious Activity Reporting System of Records. In general this system of records would allow FEMA to implement a formal system to support the Department’s ‘See Something Say Something’ program.

This FEMA SARs program would be operated by the Office of the Chief Security Officer’s Fraud and Investigations Unit. Suspicious activity reports received by FEMA elements would be forwarded to this office for analysis. Reports determined to have a ‘nexus to terrorism or hazards to homeland security’ would be shared with the FBI Joint Terrorism Task Force, Federal Protective Service or other appropriate federal agency with the responsibility to investigate and respond to terrorist threats.

In addition FEMA will be publishing a notice of proposed rulemaking (these NPRMs are normally in the same issue of the Federal Register, but I don’t see it today) providing this new system of records with the standard law enforcement exemption from certain disclosure provisions of the Privacy Act.

While certain elements that see FEMA black helicopters supporting the new world order will be alarmed about this notice, this is a standard bureaucratic notice supporting a minor program of a small office within FEMA. Every DHS agency that doesn’t have existing law enforcement systems of records will eventually get around to issuing similar notices. This will almost certainly include the CFATS program at ISCD.

Public comments are being solicited on this notice. They may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # DHS-2011-0090). They need to be submitted by October 27^th, 2011.

Committee Hearings Week of 07-18-11

Congress continues on a streak this week with both Houses in Washington. Lots of hearing action but very little of specific interest to either the chemical security or cyber security communities. In fact there is only one hearing this week that will be mentioned hear and that is a markup hearing that will cover multiple bills with only one being of any interest.

On Wednesday and Thursday the House Judiciary Committee will be conducting a full Committee markup of seven bills including HR 963, the See Something, Say Something Act of 2011. I discussed this suspicious activity reporting (SAR) immunity bill in an earlier blog when it was introduced.

BTW: If anyone is keeping track I won the bet (I doubt that there were any takers on this suckers bet). Chairman Smith’s bill will be considered before his Committee looks at the earlier and substantially identical bill introduced by Rep. King (R, PA). Actually King’s bill will never get considered. So much for the dispassionate and fair exercise of personal political power. Hopefully, this won’t be one of those silly things that poisons relationships between Committee Chairmen.

S 505 Introduced – SAR Immunity

Yesterday Senators Collins (R, ME) and Lieberman (I, CT) introduced S 505, the See Something, Say Something Act of 2011. The language in this bill is identical to that found in HR 495 that was introduced last month by Rep. King, making it a ‘companion bill’. Introduction of companion bills allows committee work to proceed in both houses of Congress at the same time, increasing the likelihood of passage and potentially shortening the time needed for consideration.

Early consideration in Committee in both the Senate and House is probable because the bills were introduced the Chairs (effectively co-chairs in the Senate) of each Committee. A further indication of the relative importance of this bill is the fact that a link to a copy of the committee draft was placed on the Senate Homeland Security and Governmental Affairs Committee. This makes a copy of the legislation publicly available before the bill is officially available on the Government Printing Office Site.

BTW: HR 963 introduced yesterday by Rep. Smith (R, TX) apparently addresses the same issue but a copy of the bill is not yet publicly available.

SAR Training

There is an interesting blog post over at ISE.org (Information Sharing Environment, the lead organization for managing the Suspicious Activity Reporting (SAR) project at DOJ). The blog briefly describes a new training program for ‘front line officers’ to support the SAR goal of helping to “detect and prevent terrorism-related criminal activity in a manner that rigorously protects the privacy and civil liberties of Americans”. It also provides three separate links to the training program.

Training Program Review

I watched the 18 minute presentation on the Law Enforcement And Public Safety (LEAPS.tv) channel and was pretty satisfied with the above average presentation. The audio-slide show format was well done and provides a smooth presentation at a relatively low bandwidth. It provided a good overview of the SARS process and the place of the police patrol officer within the process. It did provide a pretty good balance between suspicious activity reporting and protecting civil liberties. It even hit on the issue of photographers, a problem that I talked about in an earlier blog. It also provides a number of real-world examples of instances where police patrol officers discovered information that directly led to the arrest of terrorists or prevention of terrorist attacks.

I would have liked to have seen more information on how a police officer should approach individuals in those borderline cases that might be suspicious activity or it might be constitutionally protected activity. That might be too much to expect from a SAR program overview like this. I would like to see someone do a video presentation on how those situations could be recognized and how to best deal with them.

Program Management

I understand that this is a training program for police officers. I was concerned, however, when I went to view this at Memorial Institute for the Prevention of Terrorism site and as part of the registration I was expected to “Swear or Affirm” that I was either a police officer or an intelligence analyst before I could watch the presentation. That seemed to me to be a bit much. The registration process at the NSI [Nationwide Suspicious Activity Reporting (SAR) Initiative; that’s a strange acronym for that name; maybe they wanted to sound like those TV folks] site implies that it is strictly limited to police officers. The registration process at the LEAPS.TV site specifically includes ‘Company’ in the description of the organization to which you belonged, so I felt ‘safe’ registering on that site. All three sites do require registration to view the program.

The NSI site does offer a post-training testing and certification process (including awarding Continuing Education Units), but there is a charge for that. Otherwise the training program is free.

Alternative Use

I think that this would be a pretty decent training program for security personnel at high-risk chemical facilities to take. I understand that there are some very real legal differences between security guards and police officers, but those are not germane to a discussion of suspicious activity reporting. As I have mentioned on a number of occasions, all personnel and particularly security personnel at high-risk facilities are going to have to be actively watching for suspicious activity if the terrorist planning cycle is going to be interrupted before an attack is initiated.

The only problem is I have seen nothing in the discussion of the SAR process that deals with reporting by security professionals who are not members of law enforcement. Now I am fairly sure that a security manager at a Tier 1 or Tier 2 high-risk chemical facility will not have any problem with working out a reporting system with the local Joint Terrorism Task Force. At many Tier 3 or 4 facilities where the security manager may not be a security professional, may have a more difficult time getting routine SARs accepted into the formal system. They may have more pull though with the local police intelligence unit.

As I have mentioned on a number of occasions, it would seem to me to be a good idea to have a Chemical Fusion Center that would specifically address this issue. They would have the trained personnel to evaluate the SAR and the pull to get additional follow-up investigation by the JTTF where it was warranted.

In any case, however you work out your SAR submission process, I recommend that any security manager at a high-risk chemical facility should consider having the security guards at that facility sit down for this 18 minute training program. It may help them to understand the importance of making timely reports of suspicious activity.