§ 485. Information sharing
(a)
Definitions
In this section:
(2)
Information Sharing Council
The term “Information Sharing Council” means the Information Systems Council established by Executive Order 13356, or any successor body designated by the President, and referred to under subsection (g) of this section.
(3)
Information sharing environment
The terms “information sharing environment” and “ISE” mean an approach that facilitates the sharing of terrorism and homeland security information, which may include any method determined necessary and appropriate for carrying out this section.
(4)
Program manager
The term “program manager” means the program manager designated under subsection (f) of this section.
(5)
Terrorism information
The term “terrorism information”—
(A)
means all information, whether collected, produced, or distributed by intelligence, law enforcement, military, homeland security, or other activities relating to—
(i)
the existence, organization, capabilities, plans, intentions, vulnerabilities, means of finance or material support, or activities of foreign or international terrorist groups or individuals, or of domestic groups or individuals involved in transnational terrorism;
(6)
Weapons of mass destruction information
The term “weapons of mass destruction information” means information that could reasonably be expected to assist in the development, proliferation, or use of a weapon of mass destruction (including a chemical, biological, radiological, or nuclear weapon) that could be used by a terrorist or a terrorist organization against the United States, including information about the location of any stockpile of nuclear materials that could be exploited for use in such a weapon that could be used by a terrorist or a terrorist organization against the United States.
(b)
Information sharing environment
(1)
Establishment
The President shall—
(A)
create an information sharing environment for the sharing of terrorism information in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties;
(2)
Attributes
The President shall, through the structures described in subparagraphs (B) and (C) of paragraph (1), ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment that—
(A)
connects existing systems, where appropriate, provides no single points of failure, and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector;
(C)
facilitates the availability of information in a form and manner that facilitates its use in analysis, investigations and operations;
(E)
employs an information access management approach that controls access to data rather than just systems and networks, without sacrificing security;
(I)
incorporates strong mechanisms to enhance accountability and facilitate oversight, including audits, authentication, and access controls;
(J)
integrates the information within the scope of the information sharing environment, including any such information in legacy technologies;
(K)
integrates technologies, including all legacy technologies, through Internet-based services, consistent with appropriate security protocols and safeguards, to enable connectivity among required users at the Federal, State, and local levels;
(L)
allows the full range of analytic and operational activities without the need to centralize information within the scope of the information sharing environment;
(M)
permits analysts to collaborate both independently and in a group (commonly known as “collective and noncollective collaboration”), and across multiple levels of national security information and controlled unclassified information;
(c)
Preliminary report
Not later than 180 days after December 17, 2004, the program manager shall, in consultation with the Information Sharing Council—
(1)
submit to the President and Congress a description of the technological, legal, and policy issues presented by the creation of the ISE, and the way in which these issues will be addressed;
(d)
Guidelines and requirements
As soon as possible, but in no event later than 270 days after December 17, 2004, the President shall—
(1)
leverage all ongoing efforts consistent with establishing the ISE and issue guidelines for acquiring, accessing, sharing, and using information, including guidelines to ensure that information is provided in its most shareable form, such as by using tearlines to separate out data from the sources and methods by which the data are obtained;
(2)
in consultation with the Privacy and Civil Liberties Oversight Board established under section
2000ee of title
42, issue guidelines that—
(3)
require the heads of Federal departments and agencies to promote a culture of information sharing by—
(e)
Implementation plan report
Not later than one year after December 17, 2004, the President shall, with the assistance of the program manager, submit to Congress a report containing an implementation plan for the ISE. The report shall include the following:
(1)
A description of the functions, capabilities, resources, and conceptual design of the ISE, including standards.
(3)
A budget estimate that identifies the incremental costs associated with designing, testing, integrating, deploying, and operating the ISE.
(5)
The policies and directives referred to in subsection (b)(1)(C) of this section, as well as the metrics and enforcement mechanisms that will be utilized.
(6)
Objective, systemwide performance measures to enable the assessment of progress toward achieving the full implementation of the ISE.
(7)
A description of the training requirements needed to ensure that the ISE will be adequately implemented and properly utilized.
(8)
A description of the means by which privacy and civil liberties will be protected in the design and operation of the ISE.
(9)
The recommendations of the program manager, in consultation with the Information Sharing Council, regarding whether, and under what conditions, the ISE should be expanded to include other intelligence information.
(10)
A delineation of the roles of the Federal departments and agencies that will participate in the ISE, including an identification of the agencies that will deliver the infrastructure needed to operate and manage the ISE (as distinct from individual department or agency components that are part of the ISE), with such delineation of roles to be consistent with—
(f)
Program manager
(1)
Designation
Not later than 120 days after December 17, 2004, with notification to Congress, the President shall designate an individual as the program manager responsible for information sharing across the Federal Government. The individual designated as the program manager shall serve as program manager until removed from service or replaced by the President (at the President’s sole discretion). The program manager, in consultation with the head of any affected department or agency, shall have and exercise governmentwide authority over the sharing of information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, by all Federal departments, agencies, and components, irrespective of the Federal department, agency, or component in which the program manager may be administratively located, except as otherwise expressly provided by law.
(2)
Duties and responsibilities
(A)
In general
The program manager shall, in consultation with the Information Sharing Council—
(ii)
assist in the development of policies, as appropriate, to foster the development and proper operation of the ISE;
(iii)
consistent with the direction and policies issued by the President, the Director of National Intelligence, and the Director of the Office of Management and Budget, issue governmentwide procedures, guidelines, instructions, and functional standards, as appropriate, for the management, development, and proper operation of the ISE;
(B)
Content of policies, procedures, guidelines, rules, and standards
The policies, procedures, guidelines, rules, and standards under subparagraph (A)(ii) shall—
(i)
take into account the varying missions and security requirements of agencies participating in the ISE;
(iii)
take into account ongoing and planned efforts that support development, implementation and management of the ISE;
(iv)
address and facilitate information sharing between and among departments and agencies of the intelligence community, the Department of Defense, the homeland security community and the law enforcement community;
(v)
address and facilitate information sharing between Federal departments and agencies and State, tribal, and local governments;
(vi)
address and facilitate, as appropriate, information sharing between Federal departments and agencies and the private sector;
(g)
Information Sharing Council
(1)
Establishment
There is established an Information Sharing Council that shall assist the President and the program manager in their duties under this section. The Information Sharing Council shall serve until removed from service or replaced by the President (at the sole discretion of the President) with a successor body.
(2)
Specific duties
In assisting the President and the program manager in their duties under this section, the Information Sharing Council shall—
(A)
advise the President and the program manager in developing policies, procedures, guidelines, roles, and standards necessary to establish, implement, and maintain the ISE;
(B)
work to ensure coordination among the Federal departments and agencies participating in the ISE in the establishment, implementation, and maintenance of the ISE;
(C)
identify and, as appropriate, recommend the consolidation and elimination of current programs, systems, and processes used by Federal departments and agencies to share information, and recommend, as appropriate, the redirection of existing resources to support the ISE;
(D)
identify gaps, if any, between existing technologies, programs and systems used by Federal departments and agencies to share information and the parameters of the proposed information sharing environment;
(F)
recommend means by which the ISE can be extended to allow interchange of information between Federal departments and agencies and appropriate authorities of State and local governments;
(G)
assist the program manager in identifying and resolving information sharing disputes between Federal departments, agencies, and components;
(3)
Consultation
In performing its duties, the Information Sharing Council shall consider input from persons and entities outside the Federal Government having significant experience and expertise in policy, technical matters, and operational matters relating to the ISE.
(h)
Performance management reports
(1)
In general
Not later than two years after December 17, 2004, and not later than June 30 of each year thereafter, the President shall submit to Congress a report on the state of the ISE and of information sharing across the Federal Government.
(2)
Content
Each report under this subsection shall include—
(A)
a progress report on the extent to which the ISE has been implemented, including how the ISE has fared on the performance measures and whether the performance goals set in the preceding year have been met;
(D)
actions taken to ensure that procurement of and investments in systems and technology are consistent with the implementation plan for the ISE;
(E)
the extent to which all terrorism watch lists are available for combined searching in real time through the ISE and whether there are consistent standards for placing individuals on, and removing individuals from, the watch lists, including the availability of processes for correcting errors;
(G)
the extent to which private sector data, including information from owners and operators of critical infrastructure, is incorporated in the ISE, and the extent to which individuals and entities outside the government are receiving information through the ISE;
(H)
the measures taken by the Federal government to ensure the accuracy of information in the ISE, in particular the accuracy of information about individuals;
(i)
Agency responsibilities
The head of each department or agency that possesses or uses intelligence or terrorism information, operates a system in the ISE, or otherwise participates (or expects to participate) in the ISE shall—
(1)
ensure full department or agency compliance with information sharing policies, procedures, guidelines, rules, and standards established under subsections (b) and (f) of this section;
(2)
ensure the provision of adequate resources for systems and activities supporting operation of and participation in the ISE;
(j)
Report on the information sharing environment
(1)
In general
Not later than 180 days after August 3, 2007, the President shall report to the Committee on Homeland Security and Governmental Affairs of the Senate, the Select Committee on Intelligence of the Senate, the Committee on Homeland Security of the House of Representatives, and the Permanent Select Committee on Intelligence of the House of Representatives on the feasibility of—
(A)
eliminating the use of any marking or process (including “Originator Control”) intended to, or having the effect of, restricting the sharing of information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, between and among participants in the information sharing environment, unless the President has—
(B)
continuing to use Federal agency standards in effect on August 3, 2007, for the collection, sharing, and access to information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, relating to citizens and lawful permanent residents;
(C)
replacing the standards described in subparagraph (B) with a standard that would allow mission-based or threat-based permission to access or share information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, for a particular purpose that the Federal Government, through an appropriate process established in consultation with the Privacy and Civil Liberties Oversight Board established under section
2000ee of title
42, has determined to be lawfully permissible for a particular agency, component, or employee (commonly known as an “authorized use” standard); and
(D)
the use of anonymized data by Federal departments, agencies, or components collecting, possessing, disseminating, or handling information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, in any cases in which—
(k)
Additional positions
The program manager is authorized to hire not more than 40 full-time employees to assist the program manager in—
(l)
Authorization of appropriations
There is authorized to be appropriated to carry out this section $30,000,000 for each of fiscal years 2008 and 2009.
[1] See References in Text note below.