Interview Michael German

An ill-defined mission … broad dissemination of inaccurate information … lack of oversight -- these are some of ACLU policy counsel Mike German's concerns about the post-9/11 domestic intelligence apparatus. Prior to joining the ACLU, he was an FBI agent for 16 years, working on domestic terrorism and covert operations. This is the edited transcript of an interview conducted Nov. 18, 2010.

• HIGHLIGHTS
• Can the CIA access domestic suspicious activity reports?
• Fusion centers operating in a "netherworld" -- neither feds nor states claim oversight
• How the Director of National Intelligence worked with civil liberties groups to improve intelligence reporting standards
• What's stopped terrorism in the past? "Police officers doing what police officers do."

Let's start with the fusion centers. What is the purpose of them, and who pays for them?

Good questions. The difficulty with fusion centers is that no two are alike. ...

But essentially, a fusion center is a multijurisdictional intelligence information and analysis collection and dissemination point. Typically, they involve a number of government agencies from different levels -- from federal government, from state and local government. They can also involve private companies. They can involve the U.S. military, in some instances.

But there is very little regulation that mandates any particular form, so they can really adapt to whatever environment they're in.

And their role in terrorism is to do what?

Initially, their focus was on counterterrorism. And to a certain extent, they were a creation of the failure of the Joint Terrorism Task Force [JTTF] system to enable or empower state and local law enforcement authorities with terrorism-related information, because the way the Joint Terrorism Task Force system worked was that state and local officers were deputized federal law officers to participate with the federal government. But because of security clearance issues and the use of classified information in those environments, they weren't allowed to share the information they learned in the Joint Terrorism Task Force back with their state and local agencies. So the state and local still felt as if they didn't have enough information to protect their communities.

So these fusion centers started developing sort of organically as efforts by state and local agencies to collect information that they knew at their own level and share it among each other. And once that system started sprouting up, the federal government saw that as another opportunity to expand intelligence collection and dissemination. ...

And a lot of federal money started growing this system and networking it so that these centers were all connected through various information-sharing networks, so that information collected or analyzed at one fusion center could easily be disseminated through the network of fusion centers, and then up to the Joint Terrorism Task Forces.

So what do the fusion centers do that the JTTF doesn't do?

Because they're run typically at the state and local level, they have far greater access to state and local information that might not pass up to the Joint Terrorism Task Force.

And also, the Joint Terrorism Task Force, it's supposedly more focused on actual terrorism investigations, where the state and local fusion centers are expanded beyond terrorism information. Initially it was grown into what was called "all crimes," and eventually into what they called "all hazards," because again, it's not just law enforcement agencies that are in these fusion centers. It's sometimes emergency response, fire departments and medical-response sort of capabilities.

So it's really ballooned into something that has a very ill-defined mission.

Is that a bad thing?

It certainly poses a significant risk to the price of civil liberties, ... because literally, information picked up in a neighborhood, in one particular locality, is quickly gathered, analyzed and disseminated throughout this network of fusion centers. So if any particular aspect of this network is doing something inappropriate and collecting information they shouldn't, that information can rapidly spread up into not just other states and regions, but into federal databases, including up to the federal intelligence community.

So you're not talking about something like an arrest; you're talking about something short of an actual criminal accusation against somebody?

Sure. A neighbor that doesn't like you reporting something bad about you; some political advocacy can be improperly collected by a police agency, or even by a public citizen, and then reported to these fusion centers, where it can be collected, sometimes misinterpreted, and yet disseminated widely without enough checks and balances to make sure that the information, number one, is correct, and number two, is appropriate for a law enforcement agency to be collecting.

So have you seen actual examples of that?

Certainly we've seen a lot of examples of that, unfortunately. We did our first report on fusion centers in 2007, when we saw a lot of the federal money going into expanding the network. At that point, we just warned about a number of emerging problems that we saw with the fusion centers.

But only six months later, we saw so many examples of fusion centers that were collecting inappropriate information and sharing it inappropriately that we wrote a second report [PDF] in 2008, and now have a portion of our website -- www.aclu.org/spy-files -- where we have a lot of information about different intelligence products that were produced by fusion centers that show that information is being collected about different political advocacy groups, and that that information is often wrong and mischaracterized in these information products that go out to state and local law enforcement agencies, encouraging them to conduct further surveillance of these groups. So this is a significant problem. …

I notice from reading the Spy Files that a lot of the activity that you highlight ... looks like it's surveilling, paying attention to groups that are peaceful antiwar groups and others. Can you give us some examples of that and how those things happen?

Sure. There's a long history in the United States when there aren't sufficient guidelines and checks and balances and oversight of police intelligence activities, that it often goes beyond reasonable bounds and starts to be used to suppress or at least surveil political activity.

In the post-9/11 environment, when many of these standards and guidelines have been relaxed, it's not a surprise to us to see that this sort of political spying has increased. ... We've documented in 33 states and the District of Columbia some type of political spying and/or obstruction of First Amendment-protected activity.

There are interesting comments that have been made, that we've documented, where officials have said, "Well, if you're engaged in a war and there's a group that's protesting that war, they are in league with the enemy and therefore are potentially targets for our intelligence activities."

We have a case where a Department of Defense test had a question about what is low-level terrorism, and the correct answer, according to the test, was protest. So there is this sort of pervasive attitude within the intelligence community that opposing government policies is a security threat. ...

And the information that's derived from the spying or derived from surveillance [of] peaceful protest, where does that information end up going?

That is an excellent question, and it's hard to know. The problem there is this idea that information sharing is the answer to all our intelligence problems. And that's only true if the information being shared is both relevant and correct. And unfortunately, building these information-sharing environments and breaking down the guidelines that would restrict what's being collected is resulting in so many different information tunnels ... that it's very difficult, once improper information is being collected or erroneous information is being collected, that you can find all the places that it might have gone in the first place.

In the second place, you're creating a system where there's information overload and where some of the information is incorrect or inappropriate. You pollute the entire system, and the entire system then becomes unreliable, and that's really a big danger of this. ...

I don't know if we have reliable figures on this, but they certainly have spent hundreds of millions of dollars since '04 on the fusion centers.

Certainly.

... We have a problem of terrorism, experts say. It's definitely a problem in the United States. What's wrong with spending a lot of money to give to the fusion centers to try to help the FBI find terrorists?

There's nothing wrong with law enforcement agencies effectively and efficiently sharing lawfully collected and appropriately collected information among and throughout the law enforcement agencies. And if the fusion centers are the way that the government wants to accomplish this, that's fine.

The problem that we're having with fusion centers is their mission is very ill defined, ... and also that there is insufficient oversight of the fusion centers to ensure that they are only collecting the appropriate information, that they are analyzing in a way that's appropriate and correct, and that they're only disseminating it to agencies that should be getting this type of information. ...

The DHS [Department of Homeland Safety] says they're training fusion center analysts. They haven't trained everybody. They require people to have eight hours of training as an intelligence analyst. Do you think the level of training is sufficient to make sure that fusion center employees do the right thing?

It's a difficult question. Obviously training is important. Training in the legal requirements is extremely important. But part of the problem with intelligence collection is that the activity itself is very poorly defined. The U.S. federal intelligence agencies don't have a common definition for what intelligence is and what it is that they're collecting. ...

The methodologies used in collecting intelligence are such that they create an unreliability of the information right from the get-go; it's masking sources and methods. So if somebody gives you a piece of information about a local politician, that he's cheating on his taxes, knowing whether that's a disgruntled ex-spouse or their accountant or their political opponent in the next election is very important to discerning whether that information is true. ...

And it's not like evidence where people are going into court and having to stand up and identify themselves and say, "This is what I saw." It's information that is rumor and innuendo and disinformation sometimes.

So part of the problem with any intelligence system is that the nature of the methods that we use to collect it often affect the reliability of it.

So now you've made a natural segue into the SARs, the Suspicious Activity Reporting, which, by its nature, is only a suspicious activity and not a crime. Can you talk about how that system works and whether the guidelines are clear enough?

Sure. The public has always had a relationship with their local police departments, where if they see something that they think is dangerous to the community or somehow illegal, that they report it to the police. ...

Standards developed for what the police could keep. When it was found out in the '60s, '70s and '80s that many police intelligence units were collecting political information and these efforts were exposed, a federal regulation went into effect that limited the amount of criminal intelligence that could be kept in a system where it's shared with other agencies. ... They wanted to make sure that it was only collected when there was a reasonable suspicion of criminal activity and only shared with other law enforcement agencies so that there would be some standards around what type of information is being collected.

And the problem with the Suspicious Activity Reporting program ... is that many of the programs identify specific behaviors that they say are suspicious and should be reported. And some of those behaviors in some of the different programs involve things like stealing explosives and breaking into secure facilities, which of course are, on their face, criminal activities that we would all expect people who see that to report it to their local law enforcement agencies.

But they also include a lot of other activities, such as taking photographs or videotapes, taking notes, like you're doing right now -- (laughter) -- and other activities that are ubiquitous, that everybody's doing them. I mean, with today's technology, we all carry a camera on our phone, so photographing in and of itself is not suspicious.

But if you're a police officer who now has this Suspicious Activity Reporting program telling him that photography is in and of itself suspicious, that then creates two problems. One is it seems to create an initiative to go and interact with people who are not engaged in anything inappropriate. So if somebody is taking pictures, and the police officer, who must see dozens of people taking pictures every day, for some other reason suspects this person -- whether that's because of racial bias or because they're wearing some sort of religious garb -- now feels that because of this program they can go up and harass that individual, demand identification, in some cases handcuff those photographers, when the activity itself, taking pictures, is not illegal and is not really indicative of any sort of planning for any sort of criminal event, ... it breaks down what is the current standard under Terry v. Ohio, which is reasonable suspicion that there is criminal activity taking place, to an idea where these innocuous activities are inherently suspicious.

And then the second problem is, once that information is collected, once your identification is demanded, a report is made that is funneled out through the fusion center, off into the Joint Terrorism Task Force, or to the FBI's eGuardian program, or to the Director of National Intelligence Information Sharing Environment [ISE]. So this information -- again, completely innocuous -- deserved no police attention, is now being put on a report deemed "suspicious activity" and forwarded on to the intelligence community.

And if you're the individual who saw something you thought would make a nice photograph, now you have this shadow of suspicion over your activity, and that information is disseminated widely and could be very easily misinterpreted.

Particularly concerning is that the program started as a program within police agencies. So the federal government was saying, "Hey, different law enforcement agencies, train your officers to report this type of information."

But now it's become a public reporting system, and there are very broad and sensationalistic public service announcements out there that encourage people to report their neighbors. And again, they use these innocuous behaviors -- taking measurements, taking notes, taking photographs -- as inherently suspicious, that should be reported.

And number one, it's a problem because it's going to fill up these law enforcement databases with a lot of innocuous information. But number two, it opens the door to racial profiling; it opens the door to all sorts of inappropriate activities within our communities. And it's just un-American to encourage our neighbors to spy on one another.

Are you saying that your name and information about you could sit in this database? It's not just the activity itself with your name masked, but your actual name, maybe your Social Security number?

Right. I mean, part of this is that the police will actually stop a photographer, collect their information and put it on an a form that gets reported up through a number of different avenues, to a number of different agencies. And there is personally identifiable information on those documents. And there are a number of different programs.

The Director of National Intelligence Information Sharing Environment initially came out with a program that would have allowed this material collected by state and local law enforcement to be funneled up to the intelligence community, where it could be easily shared among federal agencies, but also among state and local agencies across the nation.

And we complained about the standards of their reports. So they actually worked with us and a number of other privacy and civil liberties groups and improved their standard and brought it up to where a reasonable indication that the behavior was indicative of criminal activity or terrorism was required, which was great. And it also made sure that race was not used as a factor -- race, religion were not used as factors in determining that suspicion, which was a very positive development.

It was not used as the sole criteria, right?

Right, right. They made a number of changes to the reporting. Another was, they broke out the behaviors so that the ones that were inherently criminal -- the breaking into secured facilities and stealing explosives -- were sort of one category. And then this other category that included things like photography and note taking, there was an explanation that this is First Amendment-protected activity and should not be collected, absent some other factors that raised the police officer's suspicion. And there is right in there that race, religion shouldn't be one of those factors in raising suspicion.

So it's a much improved policy, and we're appreciative that they made those improvements.

But the problem is, that's only one SAR program. ... It doesn't prevent that initial law enforcement contact, where somebody who is minding their own business and doing nothing inappropriate is harassed by the police and demanded for identification and, again, sometimes actually arrested.

So does this mean that the CIA would have access to reports or the names of Americans listed just because someone thought they were doing something suspiciously?

Certainly. This information is accessible by the intelligence community. ... So much of it's done in secret that we don't know what they're doing. There isn't appropriate oversight. There aren't the checks and balances that exist in a typical criminal justice system.

So it's almost as if we're expanding the intelligence community to include every police officer on the street, and in some cases, even citizens and private companies, into being sort of the eyes and ears of the federal intelligence community.

Have they refused to answer some of those detailed questions so far?

I don't know if I can say they refuse to answer. I think it's just there is so much conflicting information. There are so many different platforms. So you could pick a particular fusion center and say, absolutely, the Central Intelligence Agency has no place in our fusion center. OK, well, is the Joint Terrorism Task Force in your fusion center? Well, of course, the Joint Terrorism Task Force is. OK, does the CIA have access to information that the Joint Terrorism Task Force has? Of course.

So the information can flow through a number of different avenues to get to any number of agencies, including the military. And so, without the appropriate guidelines and oversight, it's impossible to know what's actually happening. ...

We go to state legislators and local legislators and say, "Hey, do you know what's happening in this fusion center?" And they say, "Well, it's federal money, so we really have no control over what they're doing in the fusion center." And if we go to the federal government and say, "Hey, do you know what's going on in the fusion centers?," and they say, "Well, that's really a state entity, not a federal agency, so we can't tell them what to do," so it's sort of fits into this netherworld, and our concern is that's sort of part of the way that these were constructed, was to create this ambiguity of who is actually in charge and who has a right to conduct oversight.

I think since, when our first report came out in 2007, our concerns were dismissed as, "Oh, this is really no problem," where in the ensuing years, I think we have established there is a problem, and there are some efforts being made to establish some sort of controls.

The Department of Homeland Security, last year, at the end of last year, for the first time tied DHS grants to fusion centers to the fusion center having a privacy policy. And that's a very small step, ... but it was an important step, because it was really the first time the Department of Homeland Security said, "We do have some authority, because it is Department of Homeland Security money, to restrict the money going to agencies that aren't engaging in the proper activities. ..."

There is a program to educate fusion center leaders, which hopefully can help standardize and professionalize some of the activities that are happening.

There is another effort made between the Georgia fusion center and the Florida fusion center, where they conducted audits of each other. And these were audits just to determine whether they had the appropriate policies in place and the appropriate structures. They didn't actually get down to actually examining the information collected and determining whether it fit. But it's a great start, that somebody is recognizing that there is this problem of lack of oversight and governance, and trying to create some solution to make sure that there's some controls over what's happening.

Can we go back to SAR for a minute? What's the status of it? Is it in place everywhere or not?

There are a number of different SAR programs that are actually up and running. The Information Sharing Environment's Suspicious Activity Reporting has just gone through a pilot-program phase and is up and running in a number of cities. The FBI's eGuardian system, I believe, is up and running.

But there are also a number of programs, like the Department of Homeland Security's "See Something, Say Something" program. ... People are actually reporting things. And many state and local entities, whether they're fusion centers or actual police departments, have their own Suspicious Activity Reporting [programs]. Colorado has a public service announcement called "The Eight Signs of Terrorism" that again says photography and video taking, taking notes and taking measurements are suspicious activities that should be reported to the Colorado fusion center. …

Do you know whether it's designed to have these competing systems? Or is the competition the result of turf battles and --

I think all of the above. I mean, once you bring in a network that includes so many different government entities, not to mention private companies, the military and everybody else, everybody has to have their own internal system.

So you're trying to mix and match all these different systems, and if one entity creates a system that, for whatever reason, the user has difficulty using, they'll want something else. So you have some of it driven by a bunch of different things, but also that's where the money is. So if you say that you have this great system, you could attract more dollars. ...

Tell us about the Maryland case. How did it begin, and where did it go?

In Maryland, there was a protest out in front of a National Security Agency facility that resulted in some civil disobedience arrests, and the government proceeded to prosecute some of the individuals involved. And during the discovery phase, it was learned that there was actually surveillance conducted of some of the activists.

So the American Civil Liberties Union submitted a number of Freedom of Information Act requests to the Maryland State Police and uncovered a widespread political surveillance operation that affected some 53 individuals who were political activists, collected their personal information, uploaded it into federal databases as terrorism suspects.

It involved political advocacy groups, anti-war groups, anti-death penalty groups, environmental activists, pretty much you name it. There were so many different groups involved; I think it was 20-some different groups involved in this activity which took place over the course of several years.

So it was a widespread problem and involved things like the use of undercover police officers that were sent into meetings of these advocacy groups, and collection of a lot of political information that they were discussing about their political causes.

So what agency was doing it, and why were they doing it? Did they think there were terrorists inside?

It doesn't appear so. And certainly, if that was the purpose initially, it was very quickly learned that there was no criminal activity. As a former law enforcement officer, one of the things that I was struck by was how the reports made it very clear that no criminal activity was anticipated at the events that were being discussed.

So it's very difficult to understand why they thought this was an appropriate activity. It seemed more that they just, in this post-9/11 intelligence collection mania, that they felt the collection of any intelligence information, however ill defined, was appropriate.

At one point during the subsequent investigations, apparently one Maryland State Police official said, "Well, we thought this was a great training opportunity for an undercover agent because the risk of harm was so slight." Well, if the risk of harm was so slight, that should have been a clue that maybe this wasn't the group that the police should be spending their resources investigating.

So this was the Maryland State Police. Was it a rogue group of officers who were doing it, or was it planned within the administration of the police?

No. Former Maryland Attorney General [Stephen] Sachs did a thorough investigation that showed that this was all officially approved activity, and even had gone to the attorney general's office for an opinion about whether they could collect this information. So this wasn't something that people didn't know about.

And the information was reported up to a federal High Intensity Drug Trafficking Area [HIDTA] database, which is a federal program that, at that point in time, in 2004 and 2005, was being used to retain terrorism intelligence as well as drug intelligence. So these activists who were being spied on were actually being reported to the federal government as terrorists.

And where was that information going? Who was that shared to?

Hard to say. The people who have access to the High Intensity Drug Trafficking Area database include many of the local police agencies in the area, as well as the Maryland fusion center and the Joint Terrorism Task Force. ...

Plus, if you actually look at the reports themselves, it was very clear that the officers involved, as they got information, were also contacting other local police agencies around the county and around the state, and even entities such as the Joint Terrorism Task Force, such as the National Security Agency, such as unnamed military intelligence people.

So the information was being disseminated very broadly.

Are we talking about violent protesters? What sort of groups and what sort of people were they actually spying on?

No, they were spying on people who were well-known political activists, who were not any sort of criminal threat. ... So this was the type of political spying that we thought had gone by the wayside decades ago, and in fact has been empowered by these new intelligence authorities.

So these weren't groups that anybody had any reasonable suspicion were actually engaged in criminal activity. And yet not only were they being spied on and having their information collected for these intelligence databases, but they were actually being mischaracterized as terrorists.

So again, this has a much greater risk to those individuals not only of being wrongly put on watch lists and impacted in a way that ... any sort of innocuous law enforcement contact would have a heightened threat of risk, but also because their political activity is being characterized in a way that they're a security threat. ... Once there's this shadow of suspicion that you may be doing something wrong, when you're a political activist trying to get public support for your opinions, that becomes very detrimental.

Were any of the activists aware they were a subject of interest? Did police come and interview them?

No. This was all surreptitious. The use of undercover agents, the use of secret intelligence methods to collect information about them from their websites -- it appears that there was some collection of e-mails that were on these listservs, so the groups organizing efforts to reach out to the public were being surveilled, and the information was being collected and disseminated.

And there were a couple of nuns that were involved?

Right. Some of the peace groups involved, Women in Black, which is a group of nuns that silently stand in vigil and protest the war. There were all sorts of peace groups, environmental groups, civil rights groups, racial justice groups. There didn't really seem to be much of a limiting factor in anything that the police were collecting.

But again, this is one case with the Maryland State Police, but this is the type of activity we have seen all across the country and at all levels of government -- state, local police, as well as FBI, Department of Homeland Security, even the Department of Defense.

Let's talk about Maryland's other collection activities. ... Do you know much about their license plate scanning?

I don't know particularly about their system. License plate scanners have been a great concern to the American Civil Liberties Union, because it allows the collection of so much data from people who aren't suspected of doing anything wrong. A police officer, obviously, can see your license plate and collect that information, but when you're doing that in an automated way, you can collect an extraordinary amount of information that can then be mined for all sorts of different purposes. ...

What happens to you in the end is unclear. If you're a student and you're hoping now to get a job in the federal intelligence system and you're looking to get a security clearance and they say, "Well, there's this suspicion about you having been at this event," it's difficult to explain, if you ever get the chance to explain. You may just get the denial notice and never really know why it was you didn't get the job or didn't get the loan. Now, that Material Support for Terrorism [Law], if a private company is involved with a fusion center and they know that the police are investigating a certain person as a possible terrorist, and that person is asking for a loan from their bank or is an employee of their company, or a tenant in one of the buildings that the company controls, is there private harm that can come that the individual would have no idea why they're being treated this way? They would just know that their lease was canceled, or their loan was denied, or the job opportunity was lost. They would never really know that it's because there's some erroneous information that's been collected by someone out there and that they've created a pattern of activity that looks suspicious to someone.

So you raised the obvious question, which is, can I ask them if I'm in the database?

You can't. (Laughs.) What answer you get may be questionable. We had that situation with the Maryland activists. ... It took some time and the support of Maryland senators to get these federal agencies to search their databases. And originally, when the Department of Homeland Security searched their database, they said, "No, there's no indication that we have any information about these individuals."

Well, as we continued getting information from the Maryland State Police, we uncovered a document that said information about one of the groups was obtained from the Department of Homeland Security, including two e-mails from individuals involved with the groups. So we had to go back to the Department of Homeland Security, and then they said, "Well, that sort of activity is OK, because we're just alerting other police agencies to the fact that there was some protest activity taking place."

Well, that's First Amendment-protected activity. There's no suspicion that there was actually going to be any violent activity taking place there. So it does create a lot of concerns about what information is being collected by these agencies. And in many cases, they don't even know what information they're collecting and disseminating. ...

If you add on to those sort of databases, the technology that's new this generation, a lot of it coming from developments from the war, are you drifting toward a surveillance state, or is that an overstatement?

No, I don't think it's an overstatement. I think that is part of the problem. And part of the problem is the intelligence agencies see any data as useful data. With the FBI's abuse of the National Security Letters [NSL] that was uncovered through a number of inspector general audits, what the inspector general found was that there were a number of cases where the National Security Letters were used not to prove somebody was a criminal, but to prove they weren't. And yet, even though that information proved they weren't, the FBI keeps it and retains that information, for whatever use they might make of it later.

So people who the FBI has determined [are] innocent remain in the system for exploitation later. And again, where there is so much associational material that's being used to assess guilt or suspicion now, the way that information might get used in the future is questionable. And if the information is there, it's going to be used in some way.

Do you see a rise in different types of information being collected that weren't before that would have to do with the ability now to do it, like biometrics?

Sure. The FBI has an investigative data warehouse that has some 1.5 billion records in it. And when you look at their budgetary requests, when they talk about what type of information in it, it's things like phone books and data about people's travel from private companies, hotels and whatnot, and just a tremendous amount of information that if the FBI had to build a warehouse to house it, they never would. But because they can retain all the data very easily because of the new technology, the attitude has become "Why not keep it?," rather than "Do we need this? Is it helpful? Is it reliable?"

There's a reason why we don't keep five-year-old phone books on our desk. It's because they're no longer reliable. Information and data is only relevant and reliable for a short period of time, and yet, because the information can be retained, it is. ...

The National Academies of Science a couple years ago, at DHS's request, conducted a study to determine whether data mining, in the way that many of these agencies are using it, would be effective for locating terrorists. And what they found was, it wouldn't be worth the civil liberties abuse. The chances of it working to find terrorists are so small that it doesn't justify the abuse of privacy and civil liberties for so many of the innocent people who would be either wrongly targeted because of problems with the system, or would simply have their information collected for not legitimate purpose.

So did that put the issue to rest?

Oh, hardly. Hardly. It's been routinely ignored, and these data collection programs continue apace. And you know, that's true of a lot of these different programs. I mean, there is no comprehensive study of fusion centers to determine whether they are actually serving a public good that justifies the types of money that's being spent there. There's no study that determines whether any of these Suspicious Activity Reporting programs are actually producing tangible evidence of assistance to criminal investigations that actually result in protecting the community. ...

... There's so much commercial data available to police departments. Is that a good thing?

Right. And that's a big part of the problem, is that there are many private companies out there that collect and aggregate data, and because of the way we all live today, where so much of our daily activity is recorded in some kind of electronic fashion, there's a lot of information for these companies to collect.

So rather than the government doing it, these companies are doing it, but the government is then contracting with these companies to gain access to it. And that opens up a whole new world for abuse. ...

So there's a line that gets crossed when the government is actually encouraging or directing a private company to collect information on their behalf, and, again, there is not proper oversight about what is happening within the agencies in directing these companies. Many of the contractual arrangements are secret. It's hard to know what information the government has access to and how much the companies are acting as agents of the government in going out and collecting it. ...

[What happened with Amtrak?]

One of the episodes that was reported in a number of different outlets that we have on our Spy Files website is an incident where a gentleman who was photographing an Amtrak was arrested by Amtrak police and handcuffed and detained because they thought this behavior was suspicious.

Well, it turned out upon investigation that he was not any security threat; [he] was photographing the trains because Amtrak has an annual train photography contest where they ask photographers to go out and take pictures of trains and submit to the photography contest.

It's sort of a humorous example, but we have to take it back to the fact that this was a person, minding his own business, doing something that's entirely legal and appropriate, and yet police officers put handcuffs on him. He was arrested in front of other passengers and humiliated. And it's simply inappropriate.

And it's gotten so bad that a number of police agencies, including the Amtrak police, other transit agencies, New York Police Department, the Department of Homeland Security had to put out announcements to their personnel that photography is not illegal: "Please don't arrest anybody for taking pictures." ...

At the center of all this is the debate over security versus civil liberties. And when we talked to [former head of National Intelligence and CIA Director] Gen. [Michael] Hayden and some of the authorities up in Maryland, they keep sort of coming back to the fact of, "Hey, listen, you've got to give us some leeway here in what we're doing, because if another attack happens, the public is going to be knocking on our doors, telling us there's too many rights and that we're giving too much attention to civil liberties and that security is what we're all about." What is your view on that?

The balancing-security-against-liberty paradigm is a false one. And in my law enforcement career, working domestic terrorism issues, what I found was reasonable restrictions compelling me to have some sort of articuable [sic] evidence that gives me the reasonable belief that somebody's doing something wrong actually helped me focus on people who were doing bad things, rather than people who were just saying things I didn't like. And this idea that an innocent person giving up their privacy or liberty would somehow help find a guilty person is simply false. ...

There's a reason why it's against the law to pull fire alarms when there's no fire. It's because they know that the fire department won't react as quickly when they come out the 15th time, when the first 14 were false alarms.

So are we building a system here where there are so many false alarms that when there's a real event -- such as when a person's father walks into a foreign embassy and says, "My son is a threat to your country" -- that that alarm isn't answered in time, because we've created this system where we're drowning our intelligence officers with irrelevant and valueless information.

Is there evidence that SAR, fusion centers and such have found people, have stopped terrorism?

I'm not aware of any evidence.

The [Najibullah] Zazi case. They always talk about the Zazi case. Colorado fusion center is very proud of that.

It's sort of part of the problem with all the intelligence systems, and in that case, where there wasn't a criminal trial so we could see some of the evidence, that it's easy to say, "Oh, our program helped that." Well, do we have to just take your word for it? (Laughs.) I mean, I don't know if it did or didn't.

And I'm not saying that there's no use for these. I would hope that they are doing some things good. But I think we need measurable metrics to determine that. And I'm not aware of any study of the Suspicious Activity [Report] or a program that has determined that this is more effective than chance. ...

On the issue of diverting resources to something more useful, there have been suggestions that if we just beefed up the FBI, that we wouldn't need the fusion centers; we wouldn't need actually a lot of this homeland security intermediary.

And it's hard to talk about the FBI as one thing, because the FBI is two different things. It's both a law enforcement agency and an intelligence agency. And if you're talking about beefing up the law enforcement side, I'm with you, because in my experience, what's very effective is bread-and-butter law enforcement activity. And empowering the state and locals with resources that actually help them accomplish their law enforcement mission I think is great. I think that would be far more effective.

And if you look at the cases where terrorism has actually been interdicted in the United States, very often they come from regular law enforcement investigations, rather than from the Patriot Act, the National Security Agency warrantless wiretapping program, any of these other sort of broad programs. It's actually police officers doing what police officers do. ...