Don Gemberling spent his earliest years as a civil servant during the late 1960s helping Minnesota establish its first criminal-justice information system and teaching police about the emerging technology. At the time, officers in the Twin Cities of Minneapolis and St. Paul collected police intelligence on biker gangs and other organized criminals, Gemberling said in an interview.
By the early 1970s, however, the then-head of Minnesota’s infant IT infrastructure converted Gemberling to the cause of privacy rights long before many anticipated the threat posed by government databases, criminal or otherwise. His mentor, a moderate Republican named Dan Magraw, warned that the easier it became to preserve large volumes of personal information electronically, the greater the risk it could be abused and entered incorrectly, potentially destroying someone’s credit rating or erroneously leading to an employment denial.
So Magraw helped persuade the state legislature to pass a bill in 1974 that became one of the first government computer privacy laws of its kind in the United States. Gemberling drafted language for the bill, and after it was enacted, he spent the rest of his career until he retired in 2004 teaching Minnesota’s public workforce how to comply with the law.
It came to be known as the Minnesota Government Data Practices Act, and the state’s unique effort to address privacy implications created by new databases preceded even the groundbreaking federal Privacy Act of 1974, passed months later in the wake of Nixon-era spy scandals to ensure the confidentiality of personal information such as Social Security numbers held by U.S. government agencies.
Since the Sept. 11 attacks, Gemberling said, police are more aggressively resisting protections enshrined in such privacy laws, such as the right of Minnesotans to access law-enforcement data to make certain they haven’t been wrongly branded a criminal. A common refrain he hears from police today is, “We can’t have privacy laws that coddle terrorists.”
“Sometimes it’s like I’m in a time machine,” Gemberling said. “We’re having some of the same discussions we were having in the 1960s and 1970s. Sometimes I ask myself, ‘Have we made any progress at all?’” He noted that fusion centers are part of the new sense of urgency implied in everything police are doing since 9/11, from preemptive intelligence gathering to information sharing.
The Minnesota Joint Analysis Center has access to multiple databases, dozens of which were created or dramatically bolstered after 9/11. There is SIPRNet, a Department of Defense network used to transmit classified information, the Homeland Secure Data Network, which maintains secret-level communications on mitigating threats to the nation, and LEO, the Justice Department program for sharing antiterrorism and intelligence information with state and local governments.
Minnesota’s Department of Public Safety, the FBI and several local police departments created the state’s fusion center in May 2005. Much of its deployment costs were covered by nearly $4 million in federal homeland security grants received by the state between 2005 and 2007, according to figures supplied to the Center for Investigative Reporting in response to an open-records request.
The state also erected the ICEFISHX communications network, which collects reports about suspicious activity – both terrorist and generally criminal in nature – and provides them to the FBI, whose field intelligence groups look for patterns, part of the bureau’s own massive expansion of domestic intelligence gathering operations initiated after 9/11. Authorities in the neighboring states of North Dakota and South Dakota are regional allies in the venture.
Private corporations even contribute “intelligence” to ICEFISHX. Douglas Reynolds, security director for the Mall of America, the largest retail complex in the United States based in Bloomington, described his office to Congress in July of 2008 as the “number one source of actionable intelligence in the state,” having handed more information regarding suspicious activities to the fusion center than anyone else. Several attempts to reach Reynolds for elaboration failed.
Then there’s CriMNet, yet another data-sharing effort in Minnesota intended to better synchronize criminal and additional records making them more accessible to agencies across the state with just one user name and password. Police can swiftly retrieve driving histories and license photos, warrants, protective orders, the state’s gang files and digital fingerprints, as well as details on potential suspects, witnesses and victims, not just data on those who’ve served time in jail.
CriMNet received at least $350,000 in federal homeland security grants in 2004 through Minnesota’s Bureau of Criminal Apprehension, based in St. Paul. Police and state agencies located in the Twin Cities also used federal subsidies totaling approximately $500,000 between 2002 and 2004 to purchase various types of police surveillance and crime-busting equipment from video cameras for Hennepin County, which surrounds Minneapolis, to “data-collection software” for neighboring Ramsey County, according to homeland security grant spending records obtained by CIR.
While the notion of better enabling police to access information about key individuals seems laudable, all of Minnesota’s new databases and spy toys come on the heels of controversies that have dogged such investments. In 2003, another statewide database of police records that was not supposed to be publicly accessible and didn’t conform to Minnesota law had to be shut down after a state legislator and champion of privacy, Republican Mary Liz Holberg, learned how extraordinarily easy it was for anyone to penetrate.
To prove the point, an anonymous whistleblower accessed Holberg’s online files – minor complaints she’s exchanged with neighbors near her Lakeville home. It was enough to persuade Holberg that millions of files were vulnerable. The database was owned by the private nonprofit Minnesota Chiefs of Police Association but used by dozens of agencies across the state for information-sharing purposes.
“If the system was worth anything, they should have been able to track who was accessing my data, like an audit trail,” Holberg said in an interview. “But they had nothing.” She said employees working for private companies also were illegally entering the system to conduct background checks on job applicants.
In another privacy breach, early last year the state’s Department of Public Safety disciplined two employees for conducting unauthorized searches of hundreds of Minnesotans, including several public figures, in a driver’s license database that was supposed to be strictly controlled.
The executive director of Minnesota’s fusion center, Michael Bosacker, says it does not contract for any special software capable of randomly analyzing large volumes of information in search of anomalies, i.e. data-mining. But it does subscribe to LexisNexis, one of the largest brokers of public records in the world, including property deeds, voter registrations, liens and professional licenses.
As for CriMNet, considering the approximately $105 million in state and federal funds spent on creating it between 1996 and 2004 alone, “I don’t think they have a lot to show for it,” Holberg said.
This story is part of a collaborative project by the Center for Public Integrity and CIR examining the effectiveness of America’s homeland security efforts. Support for this partnership project is provided by the Open Society Institute.
More from this investigation: