New Bill Incorporates Private Sector Into Terrorism Monitoring and Reporting

Internet service providers and other essential entities to the nation’s cyber-infrastructure may be required to take a more active role in terrorism prevention. A new bill aims to assimilate the private sector into the monitoring and reporting of “suspicious terrorist activity.”

 H.R 5094, also known as the ‘Enhancing Suspicious Activity Reporting Act,’ passed in the house on June 25th, 2018. The two primary purposes of the bill are to develop a strategy “to improve the operations and activities of the Department of Homeland Security related to training, outreach, and information sharing for suspicious activity reporting to prevent acts of terrorism,” and to establish a working group to “provide advice to the Secretary [of Homeland Security] regarding improvements to the operations and activities related to suspicious activity reporting to prevent acts of terrorism.”   

This includes training and outreach to entities in the private sector, and requiring the private sector to share information on suspicious targets. In theory, these provisions from law enforcement would help the private sector to quickly identify and report possible acts of terrorism.

New York representative and bill sponsor, Peter King, sits on the House Committee on Homeland Security Subcommittee on Counterterrorism and Intelligence, which also proposed the ‘Terrorism Prevention and Critical Infrastructure Protection Act of 2017’ in February. This bill also suggested that the Department of Homeland Security strengthen and protect ‘critical infrastructure’ by sharing information/training with the private sector and establishing a research task force to provide the Secretary of Homeland Security with “the cyber preparedness of suppliers, contractors, or service providers of critical infrastructure.” As several of the same committee members are backing this bill, it may be safe to assume that H.R 5094 is, simply speaking, a rework of the earlier bill, with similar intentions.

Employing the concept of terrorism prevention as a means for government collusion in the private sector has become a platitude among officials since 9-11, through the Snowden revelations and up to now. But could this be a hazardous preface for more warrantless monitoring of citizens? And furthermore, what will be the criteria for determining whether or not someone can be suspected of “terrorist activity?”

The committee report on H.R 5094 references another report titled “Preventing Another Boston Marathon Bombing: Reviewing the Lessons Learned from the 2013 Terror Attack,” in discussing the background and need for this legislation. The report specifies that educating the public and empowering them to speak out when they notice potential signs of terrorism is a long term solution for preventing events such as the Boston Bombing. It suggests that had there been stronger communication between people that could have identified Tamerlan Tsarnaev and authorities, law enforcement may have been able to apprehend Tsarnaev before he was able to take the life of MIT Police Officer Sean Collier,

“As this Committee has often highlighted, the public can be a powerful ally in identifying potential terrorist activity. Law enforcement’s ability to build a strong partnership with the
public, based on trust and transparency is crucial to obtaining information that will prevent violent attacks like Boston in the future. In order for the community to assist in preventing
terrorist attacks, it is incumbent upon the federal government to provide the public with mechanisms to facilitate communication with law enforcement and to educate them on the threat posed by homegrown violent extremists.”

But would this information be given to or taken by law enforcement? Much like HR 5094, the report on the Boston Bombing references reaching out to the private sector for the collection of useful information in preemptively striking against acts of terrorism,

“According to the Department, it has evolved its CVE [Countering Violent Extremism] strategy over recent months to become a more comprehensive prevention model that allows it to work with communities and recognize at-risk individuals before violent extremism takes root. A pilot program has been developed that encourages local partners to develop mechanisms for engaging various resources including the private sector and social service providers.”   

Participants in the pilot program, titled the Federal Joint Terrorism Task Force, include the Austin Police Department, The Texas Department of Public Safety and the University of Texas at Austin Police Department, among New York and Boston law enforcement agencies.

In April of 2017, APD, with the JTTF pilot program, apprehended Steven Boehle, after they were informed of a mass shooting plot by a “confidential human source.” Authorities discovered the presence of 13 firearms, over 1,100 rounds of ammunition and a letter that was used to determine Boehle’s plan. Though Judge Mark Lane initially released Boehle on bond, due to what he claimed to be prosecutors’ failure to prove Boehle a threat to the community and claiming that his letter was “marijuana-induced gibberish,” he was later returned to police custody.

EFF-Austin on KOOP radio (Jun 17)

EFF-Austin’s Jon Lebkowsky and Gregory Foster were interviewed by Mark Boyden on KOOP Radio’s “Reflections of Community Outreach” program on June 17, 2013. The conversation ranged across the history of EFF-Austin, the 2013 Texas Legislature session, and NSA domestic spying.

APD #OpWardrive Open Records Update

Official seal of the Office of the Attorney General of Texas
Official seal of the Office of the Attorney General of Texas

In late September, the Austin Police Department (APD) aimed to identify open residential wireless access points around the city and educate their owners about the risks of providing free Internet access. The initiative, dubbed Operation Wardrive, was announced by an APD Public Information Office press release which was quickly picked up by local ABC-affiliate KVUE. Word circulated throughout the community and back to local officials, who quashed the nascent effort by APD’s Digital Analysis Response Unit (DART) prior to deployment. It remains uncertain whether the project will be restarted.

One facet of the community response to #OpWardrive was an open records request filed by EFF Austin with the City of Austin’s Communications and Public Information Office on September 21st. We made ten distinct requests for information, ranging from details about the inception and planning of the initiative, to the technologies and techniques DART intended to employ to reliably associate an omnidirectional access point signal with a particular residence in a densely populated metropolitan area.

Why did we make these requests? If the Austin Police Department gathers data about open wireless access points operated by local citizens and organizations, we think it’s important to have a full and complete understanding of both intention and process. How will this data be used? Where will it be stored? Will it be retained and mapped? Is there a surveillance aspect to this activity? IF this activity is limited in scope, as suggested by one email we acquired suggesting that the wardrive would be only one time for a few hours, what is the target area, and why was it selected?

As compared to other states, Texas has admirable Open Records laws defined in Chapter 552 of the Texas Government Code. Conforming with § 552.301(b), the City of Austin (CoA) responded to our request on October 5th (within 10 business days) providing a handful of documents responsive to our inquiry while simultaneously requesting a decision from the Office of the Attorney General (OAG) on the disclosure of additional records.

Operation Wardrive Open Records Request – City of Austin Response (Oct 5, 2011) – Letters

The documents withheld are alleged to fall under the protection of the attorney-client privilege (§ 552.107(1)) or potentially interfere with law enforcement and crime prevention efforts (§ 552.108(b)(1)). The documents provided to EFF Austin included emails discussing the Operation Wardrive press release and a heavily redacted document detailing APD DART’s Standard Operating Procedures (SOP).

Operation Wardrive Open Records Request – City of Austin Response (Oct 5, 2011) – Records

The Texas Attorney General had 45 business days to issue a ruling on the CoA’s request, and dutifully responded on December 13th (EFF Austin opted not to exercise its right to comment in support of the release of the requested materials as described in § 552.304). The Office of the Attorney General concurred with the City of Austin concerning records protected by attorney-client privilege, but did not entirely agree with the assertion that the remaining documents could be withheld for fear of disrupting law enforcement efforts. The remaining documents include an “operational briefing” and the redacted sections of the SOP (with the exception of the cellular phone numbers of DART detectives, which are wisely protected pursuant to Open Records Decision 506 at 2 (1988)).

Operation Wardrive Open Records Request – Attorney General Response (Dec 13, 2011)

The City of Austin now has ten calendar days to either provide the requested information or access to it, or contest the OAG’s decision in court. We’ll post updates as the story unfolds.