The National Security Agency story has pushed military spying on anti-war groups off the front pages, and the Pentagon appears to have seized upon administrative error to explain away its slide into domestic spying.
Department of Defense now says that analysts may not have followed the law and
its own guidelines that require the purging of information collected on U.S. persons after 90 days. The law
states that if no connection is made between named persons and foreign
governments or transnational terrorist organizations or illegal activity, U.S. persons have a right to their
privacy and information about them must be deleted.
to RL, I now know that the database of "suspicious incidents" in the
United States first revealed by NBC
Nightly News last Tuesday and subject of my
blog last week is the Joint Protection Enterprise Network (JPEN) database,
an intelligence and law enforcement sharing system managed by the Defense
Department's Counterintelligence Field Activity (CIFA).
What is clear about JPEN is that the military is not inadvertently keeping information on U.S. persons. It is violating the law. And what is more, it even wants to do it more.
Follow-up reporting on the Pentagon spying story -- both by this newspaper and by the New York Times -- mistakenly refers to the suspicious incidents database that I obtained for the time period July 2004-May 2005 as the TALON database, for the Threat and Local Observation Notice reporting system.
according to the Pentagon, is merely a non-threatening compilation of
data on incidents is used "to estimate possible threats," DOD
says. "It is in effect, the place where DOD initially stores
"dots," which if validated, might later be connected before an attack
occurs," the department says in a written statement prepared for reporters.
existing procedures, a "dot" of information that is not validated as
threatening must be removed from the TALON system."
JPEN is more than just a compilation of TALON's. It is a near real-time
sharing system of raw non-validated force protection information among Department
of Defense organizations and installations. Feeding into JPEN are
intelligence, law enforcement, counterintelligence, and security reports, TALONs
as well as other reports.
shares this information at all levels, from military police guarding entry
gates at military bases to terrorism warning watch standers at the Defense
Intelligence Agency. JPEN began as a pilot project in the Washington, D.C. area and was initially
fielded in June 2003.
the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the military can
maintain information on specific individuals (name of individual or other
personal identifiers such as Social Security number or driver's license number)
in the JPEN database system for 90 days. JPEN then is supposed to purge all
Privacy Act information after 90 days, unless it is part of an ongoing
the beginning of JPEN, system designers have attempted to balance their task of
collecting and retaining information of intelligence and warning value with the
oversight" and Privacy Act restrictions. According to a JPEN
classified briefing obtained by this blogger, the 90-day "data content
limit … creates issues for long-term correlation and analysis."
other words, how can the military connect the dots if it is restricted to a
90-day deadline? According to the briefing the NORTHCOM says it will
"continue to purge required information IAW [in accordance with] the
law" but it is also working "privacy act restrictions with legal
office to retain information previously subject to purging."
though, the JPEN maintainers didn't abide by the law, and the collectors
feeding TALON and other reports into the system overreached in monitoring and
retaining information on anti-war and anti-military organizations of no
The managers of JPEN are hardly being inadvertent about either the 90-day restriction or the intentional collection of information on U.S. persons. So far, it appears that they have broken the law. And what is more, they are agitating internally to find ways of circumventing the legal restrictions.