The Homeland Security Apparatus: Fusion Centers, Data Mining and Private Sector Partners

This article is an extraction of material contained in "Dissent or Terror: How the Nation's 'Counter Terrorism' Apparatus, in Partnership with Corporate America, Turned on Occupy Wall Street," published by DBA Press and the Center for Media and Democracy.

Following the terrorist attacks of September 11, 2001, a nationwide "homeland security"/"counter terrorism" apparatus emerged. Components of this apparatus include the U.S. Department of Homeland Security, the Office of the Director of National Intelligence, the National Counterterrorism Center, and state/regional "fusion centers." Fusion centers, by and large, are staffed with personnel working in "counter terrorism"/ "homeland security" units of municipal, county, state, tribal and federal law enforcement/public safety/"counter terrorism" agencies. To a large degree, the "counter terrorism" operations of municipal, county, state and tribal agencies engaged in fusion centers are financed through a number of U.S. Department of Homeland Security grant programs.

Initially, fusion centers were intended to be intelligence sharing partnerships between municipal, county, state, tribal and federal law enforcement/"counter terrorism" agencies, dedicated solely to the dissemination/sharing of "terrorism"-related intelligence. However, shortly following the creation of fusion centers, their focus shifted from this exclusive interest in "terrorism," to one of "all hazards"-- an umbrella term used to describe virtually anything (including "terrorism") that may be deemed a "hazard" to the public, or to certain private sector interests. And, as has been mandated through a series of federal legislative actions and presidential executive orders, fusion centers (and the "counter terrorism" entities that they are comprised of) work-- in ever closer proximity-- with private corporations, with the stated aim of protecting items deemed to be "critical infrastructure/key resources."

This article examines the genesis and evolution of the nation's "homeland security"/"counter terrorism" apparatus, as well as the integration of corporate interests in that apparatus.

The Arizona Fusion Center as an Illustrative Example

AcTIC logoAs an illustrative example of how fusion centers function, we will examine the Arizona Counter Terrorism Information Center (ACTIC, commonly known as the "Arizona fusion center"). While each of the nation's more than 70 fusion centers may have their own unique structures and protocols, ACTIC (one of the nation's first fusion centers) serves as an excellent illustrative example of a fusion center, as envisioned by both federal legislative action and presidential orders issued over the past decade.

ACTIC was established jointly by then-Arizona Governor (and current U.S. Department of Homeland Security Secretary) Janet Napolitano and the Arizona Department of Public Safety (AZDPS) in October of 2004. ACTIC is best described as a "counter-terrorism"/"all-hazards" resources and information sharing center, consisting of personnel from more than 25 Arizona law enforcement/public safety entities and 16 federal agencies. Largely, local law enforcement personnel active in ACTIC (or other state/regional fusion centers) are employed in such "homeland defense"/"homeland security," "counter terrorism," or "intelligence" units of their respective agencies. These units, by and large, were created as "counter terrorism" entities in response to the terrorist attacks of September 11, 2001. Such local entities active in ACTIC include the AZDPS Intelligence Bureau, the Phoenix Police Department Bureau of Homeland Defense (PPDHDB), the Tempe Police Department Homeland Defense Unit, the Mesa Police Department Intelligence and Counter Terrorism Unit, and the Maricopa County Sheriff's Office. These local entities are joined through ACTIC with federal "counter terrorism" entities, which include the FBI Phoenix Joint Terrorism Task Force (Phoenix JTTF, of which PPDHDB is also a part), the U.S. Department of Homeland Security (U.S. DHS) offices of Infrastructure Protection and Intelligence and Analysis, as well as U.S. DHS component agencies such as the Transportation Security Administration, the U.S. Secret Service and U.S. Immigration and Customs Enforcement.

While many agencies take part in ACTIC, the fusion center is managed primarily by the AZDPS Intelligence Bureau, the Arizona Department of Homeland Security (AZDOHS, the state agency that, through five Arizona "regional advisory councils," essentially acts as a bursar for U.S. DHS Arizona grant awards, and implements state "homeland security" initiatives promulgated by U.S. DHS) and the FBI (primarily involved in ACTIC through Phoenix JTTF. Such task forces are the primary vehicle for FBI involvement in fusion centers nationwide).

A quick note here on the mechanics of Joint Terrorism Task Forces: JTTFs may relay intelligence gathered at the local level to the FBI's National Joint Terrorism Task Force (NJTTF), which, according to the FBI, is comprised of representatives from at least 35 law enforcement/public safety agencies. This counter-terrorism intelligence cooperative is fed information through the nation's 104 JTTFs (which work, in turn, with regional law enforcement agencies through state "fusion centers"). NJTTF, originally situated within the FBI Strategic Information and Operations Center (SIOC, the same FBI office that issued a request for information to vendors in January 2012 for the development of a social media application capable of trolling Facebook, Twitter, and other social media for certain keywords and other information), is currently situated within the National Counter Terrorism Center (NCTC). NCTC, an entity of the Office of the Director of National Intelligence (ODNI) is the nation's leading "counter terrorism" intelligence sharing partnership. NCTC is comprised of staff from partner intelligence agencies. Such agencies include: the Central Intelligence Agency (CIA), FBI, Department of Defense (DoD) and the Department of Homeland Security.

Initially intended to combat "terrorism," ACTIC, while still retaining its "counter terrorism" appellation, has shifted to an "all hazards/all crimes" mission. This shift in the focus of fusion centers from "terrorism" to "all hazards/all crimes" (which does include "terrorism," along with any and every other activity that could be deemed a "hazard") occurred nationwide as the result of both legislative action and presidential directives. ACTIC pursues this "all hazards" detection, disruption and investigation model through the use of several programs/units-- including the ACTIC Intelligence Analyst Unit, the ACTIC Computer Forensics Unit, ACTIC Facial Recognition Unit and the ACTIC Threat Mitigation Unit.

Perhaps the most widely utilized feature of ACTIC is the Terrorism Liaison Officer (TLO) Program. The function of ACTIC TLOs is to disseminate ACTIC intelligence and "critical infrastructure/key resources" "threat and vulnerability assessments" within their respective law enforcement agencies, and to feed intelligence gathered by these agencies back into ACTIC, for the use of other ACTIC-engaged entities (both in the public and private sectors).

There are roughly 800 active TLOs active in Arizona through ACTIC member agencies.

Take a moment to consider this number. The total population of Arizona is roughly 6.5 million people-- nearly 4 million of whom reside in Maricopa County (primarily comprised of Phoenix and its suburbs). Another million reside in Pima County (primarily concentrated in Tucson and outlying municipalities). That leaves a remainder of roughly 1.5 million people, scattered throughout the state's remaining 13 rural counties. As such, there is one "terrorism liaison officer" for every 8,125 residents of Arizona, most of whom live in, or around, either of the state's two major cities-- neither of which has ever been the site of any substantial act of "terrorism."

Just as the vast majority of Arizona "Terrorism Liaison Officers" serve Maricopa County and the Phoenix metropolitan area, federal "homeland security" funding to the area far outstrips the rest of the state. According to AZDOHS records, Phoenix was the sole Arizona city to receive U.S. DHS Urban Area Security Initiative (UASI) grant funding during fiscal 2012-- receiving $4,018,455 in UASI funding for the fiscal 2012 grant cycle. [Note: both UASI and U.S. DHS State Homeland Security Grant Program (SHSGP) funding is supposed to be awarded on a 24-month grant cycle, but, according to AZDOHS Assistant Director of Planning and Preparedness Lisa Hansen, AZDOHS anticipates further UASI and SHSGP funding in fiscal 2013.]

By comparison, the entire state of Arizona received $3,310,348 in U.S. DHS SHSGP funding for fiscal year 2012. Of this amount, the AZDOHS Central Region (supervised by the AZDOHS Central Regional Advisory Council, which is comprised largely of Phoenix-area/Maricopa County law enforcement/public safety personnel) received $1,064,131-- the largest share of SHSGP funding allocated to any the five AZDOHS regions in fiscal 2012.

As compared to the combined $5,082,586 in UASI and SHSGP funding received by Phoenix/Maricopa County, AZDOHS Southern Region (containing Tucson and outlaying municipalities in Pima County) received a relatively scant $701,028 in SHSGP funding for fiscal 2012, and no UASI funding (Tucson lost its status as a U.S. DHS "Urban Area Security Initiative community" and all UASI funding on October 1, 2011). The remaining $883,120 in U.S. DHS SHSGP funding for fiscal 2012 was divided up between the state's three remaining, very rural, AZDOHS regions.

Given the picture these numbers portray, it is accurate to say that the "Arizona Counter Terrorism Information Center," along with the web of surveillance capabilities thrown over the state by this fusion center, is intended to serve the Phoenix metropolitan area-- a portion of the state that has little in common with the rest of Arizona.

Fusion Center Data Mining of Social Media

So, how do agencies active in fusion centers spend their U.S. DHS grant money? Records illustrate that, in Arizona for example, U.S. DHS grant streams are often expended on training, improved communications systems and sundry items associated with incidents that may generate mass causalities. Interestingly, records show that U.S. DHS grant funding has also been spent on programs dedicated to the monitoring and mining of information posted to social media.

U.S. Secretary of Homeland Security Janet NapolitanoAccording to records obtained by DBA/CMD from AZDOHS, the Phoenix Police Department (PPD) was awarded $1,016,897 in U.S. DHS State Homeland Security Grant Program funding in September of 2010 for the PPD "ACTIC Intelligence Analyst Project." According to AZDOHS records, these funds were intended to fill positions for both a PPD "ACTIC Intelligence Analyst" and "IT Planner." Records obtained by DBA/CMD indicate that these project funds have been used, in part, to hire and pay the more than $71,000 compensation annual (this figure includes salary and benefits) of PPDHDB/ACTIC "Terrorism Liaison All-Hazards Analyst" Brenda Dowhan.

Dowhan's primary role at ACTIC over the course of 2011 (according to records, Dowhan appears to have been hired in July of 2011) and 2012 appears to have been the monitoring of Phoenix activists.

According to records obtained by DBA/CMD, in order to facilitate Dowhan's work PPD personnel regularly fed the "Terrorism Liaison All-Hazards Analyst" logs containing the names, addresses, Social Security numbers, driver's license/state identification numbers, and physical descriptions of citizens arrested, issued citations-- or even given warnings by police-- in connection with Occupy Phoenix. The vast majority of these citizens who had been arrested, or had other interactions with PPD, were cited/warned for alleged violations of the city's "urban camping" ordinance.

The fact that Dowhan was regularly provided these detailed logs is important to note, as records indicate that much of Dowhan's work for ACTIC/PPDHDB during 2011/2012 involved the monitoring of social media sites and other online forums-- such as Facebook pages and blogs-- associated with individuals and organizations involved in Occupy Phoenix. Records indicate that Dowhan would take information trolled from these "open source" [note: "counter terrorism" personnel refer to information culled from social media and other "open sources" as "open source intelligence"] resources and either distribute it immediately to fellow law enforcement/"counter terrorism" personnel in the form of "alerts," or include it in her sometimes daily "Occupy Phoenix Social Media and Events Updates," which were distributed to PPDHDB personnel and other TLOs. Records obtained by DBA/CMD indicate that this type of activity was Dowhan's primary duty, beginning as early as October, 2011 and extending well into 2012 [note: available records, returned pursuant to public records requests submitted by DBA/CMD in June, 2012, show Dowhan still carrying out these duties during June of 2012].

Given the duties of a "Terrorism Liaison All-Hazard Analyst," it is worth noting that when, in November, 2011, when Dowhan first became concerned that those she surveilled within the Phoenix activist community may eventually detect her presence online, she asked her PPDHDB superiors if they could discuss the possibility of her using a "clean computer," possibly one with an "anonymizer," in the future. This appears to have been a reference to a computer utility product, made by Anonymizer, Inc., that allows users to visit websites anonymously.

In fact, Dowhan was so dedicated to her job of monitoring the Facebook posts (and other social media/blogs) of members of Occupy Phoenix that, when, on December 16, 2011, FBI agent Alan McHugh contacted ACTIC/Arizona JTTF personnel (including FBI Phoenix JTTF Special Agent Marcus Williams and U.S. DHS Intelligence Analyst Anthony Frangipane) to advise them of a planned December 17 Occupy Phoenix protest to be held outside the Phoenix office of U.S. Senator John McCain (R-AZ) in opposition to the National Defense Authorization Act of 2012 (NDAA 2012), ACTIC "Terrorism Liaison All-Hazards Analyst" Dowhan giddily responded:

Good Morning Alan [sic] [paragraph break] Tracking the activities of Occupy Phoenix is one of my daily responsibilities. My primary role is to look at the social media, websites, and blogs. I just wanted to put it out there so that if you would like me to share with you or you have something to share, we can collaborate [sic].

It should be noted that, according to AZDPS Northern Intelligence District Commander, Captain Steve Harrison, who supervises AZDPS functions and personnel at ACTIC (as AZDPS is the managing agency of ACTIC, Harrison is the closest thing there is to an ACTIC personnel manager), while ACTIC personnel do monitor social media primarily for the purpose of tracking "criminals" and "criminal activity"-- as opposed to Dowhan's dedicated use of social media in tracking activists and activist activity-- some of Dowhan's online monitoring of activist social media may be considered an appropriate use of ACTIC resources. According to Harrison, preparation for "special events" (including large events, such as the Governor's "State of the State" address, other political rallies and large sporting events) falls under ACTIC's "all hazards" mission. However, said Harrison, the monitoring of such events is only intended to ensure public safety. According to Harrison, some public safety concerns related to protests may include the possibility of violent conflict between protestors and counter protestors, traffic disruptions, and considerations regarding food, water and toilet facilities for protestors.

"We do use social media for criminal activity [...] I'm not aware of ever using it for activist or protestor events, other than to try and determine when and where they're going to go, and how many people are going to show up," said Harrison. "So, it's not uncommon for-- let's say there's going to be an event at the capitol-- a couple of years ago, we had all those high school students who started tweeting, saying 'hey, let's march on the capitol-- we'll meet down there at two o'clock.' That was kind of good to know, from a public safety standpoint, that we're going to have two thousand, or five thousand, students at the state capitol [Note: students from eight Phoenix high schools marched on the capitol in protest of anti-illegal immigration bill SB 1070 in March, 2011]. And so that is, I guess, the extent that we monitor it. I'm not aware of any instance where we would go, 'John Smith is an activist. I'm gonna go look up his Facebook information and'-- I hate to say-- 'track him.' We don't care, quite honestly-- I don't want to sound rude, but we don't really care."

Evidently, not all ACTIC personnel are so scrupulous in their use of ACTIC resources where activists are concerned.

Records obtained by DBA/CMD indicate that at 1:30 p.m., December 14, 2011, a concerned citizen wrote an email to PPD personnel:

"Dear Sir or Madam," the email began. "Please consider leaving the Occupy movement alone. They speak for me and I suspect a large portion of America who are upset with corporate greed and the ability to purchase politicians and their votes. We are going to take America back for its citizens, and it would probably be better for your careers not to get in the way. Thanks[,] David Mullin."

Mullin had written his email in reaction to a PPD raid of Occupy Phoenix's small camp in Caesar Chavez Plaza on the evening of December 8. During this raid, PPD confiscated supplies/equipment and arrested six activists on charges of violating the city's "urban camping" ordinance.

Records obtained from PPDHDB show that, at 1:39 p.m., Mullin sent his email off to a number of PPD precinct commanders and sergeant. Among those to receive the email was PPD Central Precinct Commander Louis Tovar.

At 1:42 p.m., Tovar forwarded the email up the chain of command to a number of PPD executive personnel/administrators.

"Fyi.....I've had a few of these types of email. I'm sure you all have [sic]," wrote Tovar.

Among those who received the Mullin email from Tovar was PPD Assistant Police Chief, Homeland Security Division, Tracy Montgomery. Records indicate that Montgomery then forwarded the Mullin email on to personnel within PPDHDB, PPDCRB and PPDDOU. In her forward of the Mullin email to these officers, Montgomery wrote: "Interesting e-mail threatening our careers. Anyone know the name?"

At 6:44 p.m. on the evening of December 14, PPDHDB Commander Geary Brase requested that PPDHDB Intelligence and Investigations Unit Lieutenant Lawrence "Larry" Hein have someone "check out" the Mullin email. Records indicate that Hein assigned this task to PPHDB Detective/ACTIC TLO CJ Wren and PPHDB ACTIC "Terrorism Liaison All-Hazards Analyst" Dowhan. [Note: Wren is an ACTIC TLO and intelligence analysts who, according to AZDPS Captain Harrison, is situated within the ACTIC intelligence analyst section of ACTIC.]

At 6:51 a.m. the following day, December 15, Dowhan emailed a link to Mullin's Facebook page to Hein, Wren and PDHDB Sgt. Patrick "Pat" Kotecki. It is not clear how Dowhan determined that this Facebook profile was in fact the profile administered by the email's author, as there are scores of "David Mullin" profiles on Facebook. Currently, Mullin's profile gives no location, and, at the time of Dowhan's investigation, Mullin was using the image of a Guy Fawkes mask as his profile picture. Mullin could not be reached for comment.

At 8:29 a.m., Wren followed up with the following email to Hein:

"Sir, Thanks to Brenda, we figured out exactly where this guy got the names and emails to send that message to... (Great work Brenda!) [sic]"

Wren went on to state that a Facebook page called "Occupy the Signal" had posted details relating to the December 8 Occupy Phoenix Caesar Chavez Plaza raid. Accompanying this information, "Occupy the Signal" posted contact email addresses for then-Phoenix Mayor Phil Gordon along with PPD precinct commanders/sergeants. Mullin had responded to this Facebook post with a post of his own on the "Occupy the Signal" page: "emailing them now," wrote Mullin in this post.

It is not a violation of Arizona law for constituents to write their public servants with their concerns. The addresses for the publicly-funded email services used by these public servants published by "Occupy the Signal" are a matter of public record and can be found on other documents or websites freely available on the Internet-- most of which are published by PPD (or the City of Phoenix), or by other law enforcement associations in which PPD personnel are active.

"Occupy the Signal" describes its mission on Facebook as being "to empower people to be IN DIRECT COMMUNICATION with politicians, corporations and communities around the world [sic]."

Encouraging open communication is not an act of terrorism.

"We have him possibly identified as David L. Mullin, formally of Glendale, (currently lives in Vegas). Still working on confirming that - but I have a search warrant to go to at 0900. Will work on it some more when I get back," concluded Wren in December 15 email communications regarding the investigation into Mullin.

As such, according to records relating to PPDHDB actions spurred by the Mullin email, both Dowhan and PPDHDB Det./ACTIC TLO Wren devoted the better part of two days to an attempt to discover the identity and whereabouts of the email's author. It is not clear what the purpose or conclusion of this investigation into the identity and whereabouts of Mullin was. Neither Wren nor Dowhan could be reached for comment.

Furthermore, speaking to AZDPS Northern Intelligence District Commander Harrison's assertion that ACTIC personnel "don't really care" about the activities of activists outside the realm of public safety concerns associated with large gatherings, consider this: records show that, thanks to the vigilance of ACTIC PPDHDB "Terrorism Liaison All-Hazards Analyst" Dowhan, Terrorism Liaison Officers in the Flagstaff area were alerted when two members of Occupy Phoenix posted plans to travel to Flagstaff for Christmas, 2011 on Facebook. Furthermore, records show that Dowhan promptly re-notified Flagstaff TLOs when the Occupy Phoenix members altered their travel dates.

None of this activity-- let alone the bulk of Dowhan's use of social media and other means in the tracking of activists-- falls under Harrison's definition of appropriate, public safety-related, activist social media monitoring. Nevertheless, records obtained by DBA/CMD show that Dowhan's, and ACTIC's, ability to troll Internet social media for "open source intelligence" took a massive leap forward in mid 2012. According to records obtained from AZDOHS, PPD expended $606,890.35 out of the $1,016,897 "ACTIC Intelligence Analyst Project" SHGP funding in the purchase and installation of intelligence/investigation management software. According to AZDOHS Assistant Director of Planning and Preparedness Lisa Hansen, this funding was used to purchase a SAS Memex Intelligence Center module. Records obtained by DBA/CMD reference this system as being an "SAS Fusion Center Solution" (which is described as including an "SAS Confidential Informant Management Module"). According to these records, PPDHDB likely commenced installation of this system in ACTIC in July of 2012.

The SAS Memex Intelligence Center is produced by the North Carolina-based analytical software firm SAS Institute, Inc., which purchased United Kingdom-based "intelligence management solutions" software developer Memex in June of 2010. SAS/Memex purports to provide intelligence management and acquisition services to more than one dozen fusion centers. According to U.S. Patent and Trademark Office records associated with SAS/Memex technologies, Memex products are described as being software and hardware products utilized in the collection and management of intelligence data by military, law enforcement and private businesses.

Map of fusion centersWhile available information relating to the specific functions of the SAS Memex Intelligence Center (or "SAS Fusion Center Solution") is vague at best, it is clear that the system provides automated intelligence collection and collation services to intelligence analysts by combining (or "fusing") data gleaned from both "open source" intelligence streams and traditional intelligence sources (such as confidential informants), along with information contained in state databases (such as criminal and motor vehicle licensing/registration records), into "actionable intelligence."

SAS/Memex purports to offer "open source intelligence" solutions that essentially function as automated intelligence analysts in that such SAS/Memex products troll the Internet, mine text, aggregate data, map relationships between Internet users, and flag patterns of behavior (as well as changes in the attitudes of social media users toward specific issues)-- all, apparently, within whatever guidelines are set for it by its user.

[Note: PPDHDB/ACTIC gained access to the SAS Memex Intelligence Center Module after DBA/CMD submitted records requests seeking information on the department's monitoring of Occupy Phoenix activists. As such, records relating to the potential application of this technology in the monitoring of Occupy Phoenix and other activist groups are outside the scope of records requests submitted by DBA/CMD. It is not known whether this system has been used to further Dowhan's work in this field. However, given the fact that this technology was purchased through funding for the same "ACTIC Intelligence Analyst" project that resulted in Dowhan's employment in the monitoring of activists, it does seem likely that this system may be similarly engaged.]

PPDHDB is not the only Arizona law enforcement/"counter terrorism" entity to utilize U.S. DHS-funded Internet data mining, or other telecommunications-based surveillance, technology.

According to records obtained by DBA/CMD from AZDOHS, in April of 2011, the Tucson Police Department (TPD) was awarded $116,500 in U.S. DHS UASI funding for the implementation of their "Open Source Intelligence/Information Data Mining Program." According to records, this funding was to be used in aiding TPD Office of Emergency Management and Homeland Security Tucson Urban Area Security Initiative Regional Intelligence Analyst/ACTIC Terrorism Liaison Officer Carmen Rios, as well as another regional intelligence analyst employed by the Pima County Sheriff's Office, in their assigned (and U.S. DHS-funded) task of 'surfing the net' in an effort to thwart "domestic and international terrorism." As stated in the TPD SHSGP grant application:

"The two Regional Intelligence Analysts 'surf the net' & other open sources daily looking for information that may be of help in securing our region, state, & nation. This information is almost unlimited in scope & requires a great deal of time & effort to analyze. The data mining software will free up our analysts from sorting through the vast amount of available information & greatly enhance their efficiency. Our analysts are Az TLOs & collaborate daily with the ACTIC. Purchase of this software will enhance their information collection capabilities on one end, and provide for effective intelligence analysis on the other - intelligence that can be readily shared with the ACTIC & our other partners [sic]."

The TPD grant application goes on to describe the mission of the regional intelligence analysts as being "information detection directed towards domestic and international terrorist threats; threats and current conditions on the U.S.-Mexican border; and assisting with the protection of our region's critical infrastructure [...]." This stated focus on "terrorist threats" is important to note, given the fact that TPD Regional Intelligence Analyst/ACTIC TLO Rios aided PPDHDB/ACTIC "Terrorism Liaison All-Hazards Analyst" Dowhan in gathering information on Occupy Tucson and tribal activists on a number of occasions in 2012.

Records indicate that, with their $116,500 U.S. DHS "Open Source Intelligence/Information Data Mining Program" grant, TPD purchased OpenMIND, an Internet "open source intelligence harvesting" system produced by Swiss intelligence software corporation, 3i-MIND Technologies GmbH.

Like the SAS Memex Intelligence Center Module, OpenMIND is a tool that aids investigators in obtaining and processing vast amounts of information obtained from "open sources," such as Facebook and other Internet social media. According to 3i-MIND promotional material, OpenMIND utilizes user-programmed "customized collection robots" in collecting data from user-designated web resources. This collected data is then aggregated and analyzed by OpenMIND. OpenMIND presents users with intelligence products gleaned from this raw data, relating to Internet user relationships and patterns of behavior.

[Note: according to AZDOHS Southern Regional Advisory Council (SRAC, covers Tucson and outlaying municipalities in Pima County, as well as other southern Arizona counties/municipalities) records, Tucson lost its status as a "Urban Area Security Initiative community" and all UASI funding (a grant program of U.S. DHS) on October 1, 2011. However, according to AZDOHS Assistant Director of Planning and Preparedness Lisa Hansen, the City of Tucson will continue to receive UASI funding until July 31, 2013. According to SHSGP grant funding extension requests filed with SRAC by the Pima County Office of Emergency Management (PCOEM) through 2011 and 2012, as well as SRAC records detailing AZDOHS allocation of U.S. DHS funds in fiscal 2011, SHSGP funding had also been drastically reduced to the region.]

Records indicate that AZDOHS denied TPD further funding for the continuance of the "Open Source Intelligence/Information Data Mining Program" following the loss of Tucson's UASI eligibility. Records indicate that, rather than discontinuing the program, TPD intends to draw funds for the program (more than $20,000 annually for maintenance and support services from the vendor, and for a dedicated ethernet connection) from both the TPD and Pima County Sheriff's Office budgets, or from U.S. DHS Operation Stonegarden (a U.S. DHS border security/immigration enforcement initiative) grant funding.

TPD has utilized the Stonegarden grant stream to purchase other intelligence products; according to records obtained by DBA/CMD from AZDOHS, in June of 2010 TPD purchased a Stingray II mobile phone tracking system from Harris Corporation for $396,500. According to U.S. Patent and Trademark Office records, Stingray II is defined as: "multi-channel, software-defined, two-way electronic surveillance radios for authorized law enforcement and government agencies for interrogating, locating, tracking and gathering information from cellular phones"-- in short, Stingray II is a system used to track the movements of individuals carrying cell phones.

Records obtained from AZDOHS also indicate that the salaries of both Rios and the Pima County Sheriff's Office Regional Intelligence Analyst were paid, at least in part, through Tucson UASI grants (grant applications refer to this project as the "Regional Intelligence Analyst Project"). While it is not clear what will become of these positions, SRAC records show that AZDOHS personnel recommended that $153,750 for TPD "regional intelligence analyst training" be drawn from PCOEM funding in 2012.

As such, it seems unlikely that-- even in the absence of the federal funds that initiated these 'web surfing' programs-- the SRAC "Regional Intelligence Analyst Project" or the TPD "Open Source Intelligence/Information Data Mining Program" will be discontinued. Rather, it seems costs associated with these programs will be shifted onto already-taxed local budgets. This is worth noting in light of the fact that many public school systems in southern Arizona can only afford to keep schools open four days a week.

Nevertheless, the value of "open source intelligence" gleaned from Internet social media is of the utmost importance to Arizona fusion center "counter terrorism" personnel. Consider a December 23 email from PPDHDB Det. and ACTIC Intelligence Unit Terrorism Liaison Officer Wren, to his PPDHDB/ACTIC TLO colleagues, in which Wren reflected on the value of social media:

"Been on several FB [Facebook] pages today from O.P. [Occupy Phoenix] participants. They all seem to be talking about doing something like this [reference to a YouTube video clip of an Occupy San Francisco flash mob in which 100 'occupiers' peacefully danced in public]... no concrete dates set-- but the discussion is at a mall, post christmas [sic]. I know one girl sent this message out to a group called Occupy Phoenix Student Movement (appears to be high school and ASU college students / about 75 of them) and they were trying to drum up participation."

"The benefit we have going for us, is the coordination it takes to set up a flash mob (especially a dance routine like the one in the video) is pretty extensive. But just to create a 'flash mob' protest / sit-in would be a new tactic we haven't dealt with this group yet [sic]. I'll keep watching twitter and FB to see if this moves past the discussion phase, and I'll let you know when and where."

Legislative and Executive Roots of the Homeland Security/Counter Terrorism Apparatus

The creation of ACTIC, and the more than 70 fusion centers currently in operation across the nation, was spurred by the implementation of the "homeland security" "information sharing environment" (ISE) between law enforcement/"counter terrorism" and intelligence agencies-- as well as private sector actors-- established through a series of federal legislative actions and presidential orders in the wake of the 2001 terrorist attacks.

President George W. BushThe first of these pieces of federal legislation was the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001" (also known by the much more convenient and euphemistic acronym, "U.S.A. PATRIOT Act of 2001"), signed into law by then-President George W. Bush on October 26, 2001. The key contribution of the "Patriot Act" in the development of ISE was the loosening of restrictions on a broad array of law enforcement/intelligence agency information gathering and dissemination practices.

The "Homeland Security Act of 2002," as the name suggests, called for the creation of the U.S. Department of Homeland Security, a single federal agency with oversight over 22 federal entities whose duties include "counter terrorism" activities, border security, intelligence gathering, "critical infrastructure/key resources" protection and transportation security. U.S. DHS also funds, through grants related to various "homeland security" initiatives, state, county and municipal law enforcement/public safety agencies that have adopted the mantle of fighting the "war on terror."

Perhaps the most important piece of federal legislation in the establishment of the ISE is the "Intelligence Reform and Terrorism Prevention Act of 2004" (IRTPA). IRTPA, essentially an omnibus intelligence "community" restructuring bill affecting a broad array of domestic intelligence functions, established the cabinet-level Director of National Intelligence (DNI) and the Office of the National Director of Intelligence (ODNI). As laid out in IRTPA, the DNI "[serves] as head of the intelligence community." This "community" consists of 16 agencies, including the Central Intelligence Agency (CIA), the Federal Bureau of Investigation (FBI), DHS, the Drug Enforcement Administration (DEA) and numerous military intelligence agencies. As such, IRTPA designated the DNI as the chief "national security" intelligence advisor to the president, the National Security Council and the Homeland Security Council. The DNI, per IRTPA, is also tasked with providing such intelligence to heads of federal executive branch agencies, the U.S. Congress and the Joint Chiefs of Staff.

IRTPA also mandated the creation of several "counter terrorism" entities under the control of the ODNI. One such entity is the National Counter Terrorism Center (NCTC), intended to be the nation's highest aggregator and clearinghouse for "counter terrorism" intelligence. IRTPA also authorized the DNI to open "National Information Centers" throughout the nation to facilitate in this strategy of information gathering and dissemination.

With the creation of this powerful new intelligence office, IRTPA went on to mandate that the president and an ISE "program manager" (to be appointed by the president), establish guidelines for a national ISE implementation, to include all agencies tasked with "counter terrorism" operations-- including such designated municipal, county, state, tribal and federal agencies. This mandate also explicitly called for private sector involvement in the ISE. IRTPA also created the "Information Sharing Council" (ISC), an entity tasked with aiding the president and ISE program manager in implementing, managing and maintaining ISE [Note: ISC had previously existed prior to IRTPA as the "Information Systems Council," established by Executive Order 13356, which was issued on August 27, 2004 by then-President George W. Bush in response to recommendations of the 9-11 Commission. Executive Order 13356 contained many concepts that were formalized and expanded upon by IRTPA, including a forerunner to ISE as mandated through IRTPA. It is worth noting that the fledgling domestic "counter terrorism" information sharing environment called for through Executive Order 13356 was to be directed by the director of the CIA].

Subsequent to the passage of IRTPA, Bush, through a series of executive orders and memoranda, handed the reins of ISE implementation and management over to ODNI.

In a June 2, 2005 memo, the president designated that the office of the ISE program manager exist as an office of ODNI and that the DNI "exercise authority, direction, and control over the PM and ensure that the PM carries out his responsibilities under IRTPA." On October 25, 2005, Bush, through Executive Oder 13388, designated the ISE program manager, operating under the auspices of ODNI, as head of ISC. Executive Order 13388 also stated that ISC would be "composed exclusively of designees of: the Secretaries of State, the Treasury, Defense, Commerce, Energy, and Homeland Security; the Attorney General; the Director of National Intelligence; the Director of the Central Intelligence Agency; the Director of the Office of Management and Budget; the Director of the Federal Bureau of Investigation; the Director of the National Counterterrorism Center; and such other heads of departments or agencies as the Director of National Intelligence may designate."

Furthermore, in a December 16, 2005 memo, Bush delegated much of his IRTPA-mandated role in establishing ISE implementation guidelines to the DNI-- though through this memo, Bush did outline certain requirements for ISE implementation.

In August of 2007, with the signing into law of the "Implementing Recommendations of the 9-11 Commission Act of 2007" (9-11 Commission Act of 2007), the U.S. DHS secretary, working in consultation with the ISE program manager, was formally tasked with establishing the "Department of Homeland Security State, Local and Regional Fusion Center Initiative." As such, the 9-11 Commission Act of 2007 mandated that U.S. DHS would provide management support and training to fusion centers and their personnel. The law also required that U.S. DHS provide intelligence services to fusion centers and work to foster greater intelligence sharing between fusion centers and other relevant intelligence agencies within the ISE. Part of this DHS information sharing facilitation, as mandated by the 9-11 Commission Act of 2007, would include the dissemination and review, within the ISE, of "homeland security information, terrorism information, and weapons of mass destruction information" gathered by fusion center personnel.

The 9-11 Commission Act of 2007 also explicitly directed the undersecretary of U.S. DHS Office of Intelligence and Analysis (DHS I&A) to assign "officers and intelligence analysts" from approved DHS components to all fusion centers in order to meet the advisory/liaison duties laid out under the act. Approved DHS components from which personnel may be drawn are: DHS I&A, DHS Office of Infrastructure Protection (U.S. DHS IP, an agency under the U.S. DHS National Programs and Protection Directorate), the Transportation Security Administration (TSA), U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, U.S. Coast Guard, and other components "as determined by the Secretary." As such, the DHS I&A (through its State and Local Program Office) became responsible for managing and coordinating federal involvement in fusion centers nationwide.

While the roots of fusion centers and ISE were anchored in concepts of terrorism prevention and terrorism-related "critical infrastructure/key resources" protection, the role of these information sharing cooperatives quickly shifted to an "all hazards/all crimes" approach through a series of presidential executive orders/homeland security presidential directives issued by former President W. Bush (the issuance of many of these executive directives was called for through either the "Homeland Security Act of 2002" or IRTPA). "All hazards/all crimes" is essentially an umbrella term used to describe virtually anything (including "terrorism") that may be deemed a "hazard" to the public, or to certain private sector interests.

Furthermore, as has been mandated through a series of federal legislative actions and presidential executive orders, fusion centers (and the "counter terrorism" entities that they are comprised of) work-- in ever closer proximity-- with private corporations, with the stated aim of protecting items deemed to be "critical infrastructure/key resources" from "all hazards/all crimes."

Public-Private Intelligence Sharing Partnerships

On December 17, 2003, then-President W. Bush issued Homeland Security Presidential Directive 7 (HSPD-7), calling for "critical infrastructure identification, prioritization and protection." HSPD-7 reinforced two previously introduced directives: the protection of "critical infrastructure" through public-private partnerships (as called for through a section of the "U.S.A. Patriot Act of 2001" entitled "Critical Infrastructure Act of 2001"), and the assessment and protection of "key resources" by U.S. DHS (as called for through the "Homeland Security Act of 2002").

As defined by the "U.S.A. Patriot Act of 2001," items of "critical infrastructure" are defined as: "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."

As defined by the "Homeland Security Act of 2002," "key resources" are defined as: "publicly or privately controlled resources essential to the minimal operations of the economy and government."

As stated in HSPD-7, it is a matter of national policy to protect the nation's critical infrastructure and key resources from "terrorist acts" that could-- in addition to causing general disruption of services, national governmental/economic collapse and loss of life-- "undermine the public's morale and confidence in our national economic and political institutions." As such, Bush mandated that U.S. DHS, and other federal agencies, would work closely with members of the private sector, along with state and local governments, in an array of initiatives intended to identify and prioritize the protection of "critical infrastructure and key resources." An example of such prioritization resultant from HSPD-7 is the National Infrastructure Protection Plan (NIPP), a plan issued by U.S. DHS that relies heavily on public-private intelligence sharing partnerships. NIPP is also used as a metric in determining amounts of U.S. DHS funding to certain public-private intelligence sharing partnerships active in fusion centers nationwide.

President Barack ObamaAs a result of HSPD-7 and other presidential directives (including those issued by President Barack Obama), the stated purpose of protecting "critical infrastructure/key resources" (CI/KR) has come to serve as the single largest avenue for corporate involvement in the "homeland security" apparatus.

There are two primary domestic public-private intelligence sharing partnerships at work at the federal level: Infragard and the Domestic Security Alliance Council (DSAC).

Infragard is a public-private intelligence sharing partnership managed by the FBI Cyber Division Public/Private Alliance Unit (PPAU). As described by the FBI, Infragard is an "association of businesses, academic institutions, state and local law enforcement agencies and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States." There are 86 Infragard chapters nationwide. These Infragard chapters serve as representatives of private sector "stakeholders" in the many of the nation's fusion centers.

While Infragard is primarily an FBI operation, U.S. DHS does play a key role in this public-private intelligence sharing partnership. According to a March, 2011 U.S. DHS report, entitled "DHS Private Sector Information-Sharing Working Plan," obtained by DBA/CMD through a Freedom of Information Act (FOIA) request submitted to the office of U.S. DHS Secretary Napolitano, U.S. DHS IP provides funding to the FBI for distribution to Infragard chapters that have "[demonstrated] the ability to organize and host specific activities to implement the National Infrastructure Protection Plan (NIPP) at the community level and to expand outreach and communication to a diverse group of critical infrastructure owners and operators." Furthermore, according to the "DHS Private Sector Information-Sharing Working Plan," U.S. DHS I&A furnishes FBI PPAU with intelligence for distribution to Infragard private sector partners, participates in meetings with private sector members, briefs the Annual Infragard Coordinators Conference, and is otherwise active in local Infragard chapters.

DSAC is a public-private intelligence sharing partnership between the FBI, U.S. DHS I&A and several of the nation's leading corporate/financial interests. Some of these corporate/financial interests comprise the DSAC Leadership Board. The DSAC Leadership Board consists of 29 corporations and banks, including several entities that have been the subject of OWS protests/criticism. Corporate/financial interests active in the DSAC Leadership Board include: Bank of America, MasterCard, Citigroup, American Express, Barclays, RBS Citizens, 3M, Archer Daniels Midland, ConocoPhillips, Time Warner and Wal-Mart. Along with DSAC chairmen from the FBI and U.S. DHS I&A, DSAC is co-chaired by a representative of these private sector interests-- currently Grant Ashley, vice president of global security for pharmaceutical giant Merck & Co.

It is worth noting that a number of corporations active in the DSAC Leadership Board also took part, along with several other banks and corporations, in the U.S. DHS Private Sector Information-Sharing Working Group. This working group, consisting of 79 representatives from 51 Fortune 500 corporations, was instrumental in drafting (through collaboration with U.S. DHS I&A, the U.S. DHS Private Sector Office and the U.S. DHS NPPD office of Infrastructure Protection) the "DHS Private Sector Information-Sharing Working Plan," which-- predictably enough-- called for the dedication of further resources to public-private intelligence sharing partnerships, largely through the national network of "fusion centers."

Such corporate/financial interests partnered in this "working group" include Bank of America, Wells Fargo, Business Executives for National Security, ASIS International, National Defense Industrial Association, Xcel Energy, Colonial Pipeline Company, Boeing, Microsoft, Motorola, Oracle Corporation and Google.

[Note: Business Executives for National Security (BENS), is a private organization that purports to work with U.S. DHS, the CIA, ODNI, the U.S. Department of Defense and other agencies in the protection of "national security." The BENS Board of Directors consists of executives from a number of real estate firms, legal firms, defense contractors, and various financial/corporate interests. Some notable BENS Board of Directors members include executives with military/intelligence/law enforcement contractor Booz Allen Hamilton, Quaker Chemical Corporation, Janus Capital Group and J.P. Morgan Chase & Co.]

The ACTIC Community Liaison Program

An example of a fusion center partnership with the private sector is the ACTIC Community Liaison Program (CLP). Created in April of 2006 in response to federal legislative action, presidential directives and U.S. DHS grant funding guidelines calling for active private sector involvement in CI/KR protection through "fusion centers," ACTIC CLP is a partnership between ACTIC law enforcement/public safety/"counter terrorism" agencies and security personnel employed by members of the Arizona business community. Such business-sector members include banks, private security firms, utility companies and businesses engaged in the tourism industry. The purpose of the program, as stated by ACTIC, is to prevent terrorist activity, to identify terrorist threats, protect CI/KR and "create an awareness of localized security issues, challenges, and business interdependencies." As such, ACTIC states that, through CLP, all member businesses are treated as CI/KR.

One primary benefit to corporate interests engaged in ACTIC CLP is the delivery of advisories and other bulletins to corporate security personnel through a secure information sharing system known as AZ PASS (Arizona Partners for Arizona Safety and Security). AZ PASS is a service provided to these corporate interests through the Arizona Division of Emergency Management Private/Public Partnership Unit, ACTIC, U.S. DHS (particularly through the U.S. DHS NPPD IP Protective Security Advisor assigned to ACTIC) and the FBI-administered Arizona Infragard [note: ACTIC CLP is not the only vehicle through which private Arizona corporations are provided with taxpayer-funded intelligence services. Like many other fusion centers, the interests of ACTIC's private sector "stakeholders" (corporations deemed important enough to engage in ISE through ACTIC) are also represented in the fusion center by a local Infragard chapter, Arizona Infragard]. Advisories and bulletins may also be distributed to ACTIC CLP private sector members through the Homeland Security Information Network, a secure information sharing system administered by U.S. DHS.

ACTIC CLP is managed by the ACTIC Threat Mitigation Unit (ACTIC TMU). The ACTIC CLP program coordinator is PPDHDB/ACTIC TMU Det. Jennifer O'Neill. According to records obtained by DBA/CMD, ACTIC TMU is staffed solely by PPD personnel and is tasked with supporting "[PPDHDB's] effort at the ACTIC through the management of grant funded programs directed toward the protection of critical infrastructure and key resources." ACTIC TMU is also tasked with "federal grant applications and management, rapid deployment of surveillance technology to support emerging threats and emergency incidents, and management of protection efforts at key sites and special events."

According to records obtained by DBA/CMD, ACTIC TMU has been responsible for "bringing in excess of $80 million in [federal] grant funding to the citizens of Phoenix and the state of Arizona." Furthermore, according to a federal grant application for funds to be used in an ACTIC "public outreach campaign" (for which PPDHDB was awarded $30,000 in U.S. DHS UASI funding for use in 2012), PPD expends more than $500,000 in federal grant funding annually. As such, for a city with a population of less than 1.5 million people (not to be confused with the conglomeration of towns and cities that constitute the Phoenix metropolitan area, which is home to nearly 4 million residents), the business of protecting citizens-- especially corporate citizens-- from "terrorism," and/or "all hazards," has become a big business in its own right.

As previously mentioned, ACTIC (through PPDHDB) received $30,000 U.S. DHS UASI funding for use in a "public outreach"/"advertising" campaign throughout 2012. As indicated by records obtained by DBA/CMD, this campaign appears to have been conducted by O'Neill, intended largely for the expansion of ACTIC CLP private sector membership. Records returned to DBA/CMD by PPD pursuant to a public records request seeking all records relating to ACTIC CLP in possession of O'Neill and other PPD personnel employed at ACTIC consisted solely of records relating to this $30,000 "public outreach"/"advertising" campaign grant and three Powerpoint presentations. These presentations were created by O'Neill and appear to be the bulk of the work product produced by O'Neill with the $30,000 U.S. DHS UASI grant ($28,000 of which, according to records, was earmarked for campaign "planning"). Since O'Neill is the ACTIC CLP coordinator-- and as two of the three presentations are explicitly dedicated to promotion of ACTIC CLP (and as the third dwells largely on ACTIC CLP)-- these Powerpoint presentations clearly served to promote private sector involvement in ACTIC CLP.

Perhaps the most interesting feature of O'Neill's promotional Powerpoint presentations is the fact that, in a section of one of these ACTIC CLP presentations devoted to discussion of threats addressed by ACTIC, discussion is dedicated to Occupy Phoenix. Indicative of ACTIC's view of Occupy Phoenix, the Occupy Phoenix section of this presentation (adorned with a photograph of dozens, if not scores, of riot gear-clad PPD officers surrounding a very small group of seated Occupy Phoenix protestors), is immediately preceded by discussion of "lone wolf" Tucson gunman Jared Loughner, hacking attacks allegedly perpetrated by "hacktivist" group Anonymous on the email accounts of Phoenix law enforcement agencies, and an alleged foiled "terrorist plot" at Texas military base, Fort Hood.

[Note: despite the fact that public records requests submitted to PPD by DBA/CMD sought all records relating to ACTIC CLP (particularly those in possession of O'Neill), PPD has failed to deliver (pursuant to these requests) any records divulging the identities of corporations engaged in ACTIC CLP-- despite the fact that records obtained by DBA/CMD show that O'Neill maintains records relating to ACTIC CLP private sector membership.

While a full accounting of the identities of ACTIC CLP's corporate members is not available at this time, records obtained by DBA/CMD do show that ACTIC engages in public-private intelligence sharing partnerships with a number of Arizona trade associations, including the Arizona Banking Association.]

Furthermore, records obtained by DBA/CMD show that, during 2011 and 2012, O'Neill engaged in communications relating to Occupy Phoenix with representatives of banks and other corporations that were subjects of Occupy Phoenix demonstrations. According to records, O'Neill also distributed advisories (based largely on "open source intelligence" provided by ACTIC "Terrorism Liaison All-Hazards Analyst" Dowhan, as well as other sources of intelligence) relating to Occupy Phoenix to corporations and banks that were subjects of Occupy Phoenix demonstrations.

Read the full report and Appendix on SourceWatch.

Read the full report on DBA Press and view the source materials archive for the report at DBA Press.


Wow: Drones = terror from the sky (directed by joysticks in Arizona) = inflicting terror to suppress terroism! And all along I thought "counterterrorism" is just a mistaken construction really meaning "antiterrorism." Indeed, the US is countering. It's not a war AGAINST terrorism, but a war OF terrorism.