Intelligence Reform and Terrorism Protection Act of 2004 (IRTPA), Pub. L. No. 108-458, 118 Stat. 3638 (Dec. 17, 2004), codified at 42 U.S.C. §2000ee, 50 U.S.C. §403-1 et seq., §403-3 et seq., §404o et. seq.
The Act was passed largely in response to recommendations from the National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission), which investigated the September 11, 2001 terrorist attacks. The Commission recognized that before the attacks of September 11, 2001, federal agencies had been unable to effectively share information about suspected terrorists and their activities.
In addressing this problem, the 9/11 Commission recommended that the sharing and uses of information be guided by a set of practical policy guidelines that would simultaneously empower and constrain officials, closely circumscribing what types of information they would be permitted to share as well as the types of information they would need to protect. This Act provided for sweeping changes to the U.S. Intelligence Community structure and processes, and creates new systems that are specially designed to combat terrorism.
Among other actions, the Act:
- Established a Director of National Intelligence with specific budget, oversight, and programmatic authority over the Intelligence Community;
- Established the National Intelligence Council and redefines “national intelligence”;
- Required the establishment of a secure ISE and an information-sharing council;
- Established a National Counterterrorism Center, a National Counterproliferation Center, National Intelligence Centers, and a Joint Intelligence Community Council;
- Established, within the Executive Office of the President, a Privacy and Civil Liberties Oversight Board;
- Required the Director of the FBI to continue efforts to improve the intelligence capabilities of the FBI and to develop and maintain, within the FBI, a national intelligence workforce;
- Directed improvements in security clearances and clearance processes;
- Enhanced efforts to crack down on terrorist financing and money laundering by expanding the authority and tools of the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), directed the Secretary of the Treasury to prescribe regulations requiring financial institutions to report certain cross-border money transfers, and directed the President to submit to Congress a report evaluating U.S. efforts to curtail international financing of terrorism.
- Required DHS to: develop and implement a National Strategy for Transportation Security and transportation modal security plans; enhance identification and credentialing of transportation workers and law enforcement officers; conduct R&D into mass identification technology, including biometrics; enhance passenger screening and terrorist watchlists; improve measures for detecting weapons and explosives; improve security related to the air transportation of cargo; and implement other aviation security measures;
- Directed enhancements to maritime security;
- Directed enhancements in border security and immigration matters;
- Enhanced law enforcement authority and capabilities, and expands certain diplomatic, foreign aid, and military authority and capabilities for combating terrorism;
- Required expanded machine-readable visas with biometric data; implementation of a biometric entry and exit system, and a registered traveler program; and implementation of biometric or other secure passports;
- Required standards for birth certificates and driver’s licenses or personal identification cards issued by States for use by Federal agencies for identification purposes and enhanced regulations for social security cards;
- Required DHS to improve preparedness nationally, especially measures to enhance interoperable communications and to report on vulnerability and risk assessments of the Nation’s CIKR; and
- Directed measures to improve assistance to and coordination with State, local, and private sector entities.
The Act requires the President to establish an Information Sharing Environment (ISE) "for the sharing of terrorism information in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties." It also requires designation of a Program Manager for the Information Sharing Environment (PM-ISE) "responsible for information sharing across the Federal Government" to oversee the implementation of and manage the ISE. Working in consultation with the Information Sharing Council (ISC), an interagency advisory body for federal departments and agencies with counterterrorism missions, the PM-ISE is charged with planning and overseeing the ISE's implementation and management. The PM-ISE's responsibilities include:
- Planning for and overseeing the implementation of, and managing, the ISE;
- Assisting in the development of policies, procedures, guidelines, rules, and standards as appropriate to foster the development and proper operation of the ISE; and
- Assisting, monitoring, and assessing the implementation of the ISE by Federal departments and agencies to ensure adequate progress, technological consistency and findings to Congress.
Among other duties, the PM-ISE is responsible for assisting the President in submitting to Congress an ISE Implementation Plan (ISE IP) that addresses eleven requirements set forth in Section 1016(e) of IRTPA.
- ensuring that the protection of civil liberties and privacy is appropriately incorporated into the policies and procedures of the Office of the Director of National Intelligence and the elements of the intelligence community within the National Intelligence Program;
- overseeing compliance by the Office of the Director of National Intelligence with all laws, regulations, and guidelines relating to civil liberties and privacy;
- reviewing complaints about abuses of civil liberties and privacy in Office of the Director of National Intelligence programs and operations;
- ensuring that technologies sustain, and do not erode, privacy protections;
- ensuring that personal information contained in a system of records subject to the Privacy Act of 1974 is handled in full compliance with fair information practices as set out in that Act;
- conducting privacy impact assessments when appropriate or as required by law; and
- performing such other duties as may be prescribed by the Director of National Intelligence or specified by law.
The Bush Administration took steps, beginning in 2005, to establish an information sharing environment to facilitate the sharing of terrorism-related information. The move was driven by the recognition that before the attacks of September 11, 2001, federal agencies had been unable to effectively share information about suspected terrorists and their activities.
Section 1016 of the Act applied the lessons of the September 11th attacks to reform the Intelligence Community and the intelligence and intelligence-related activities of the U.S. Government. Section 1016 requires the President to establish an Information Sharing Environment (ISE) "for the sharing of terrorism information in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties." Moreover, the section defines the ISE to mean "an approach that facilitates the sharing of terrorism information."
The Act also required that the ISE incorporate protections for individuals' privacy and civil liberties. Among other things, the Act established the Privacy and Civil Liberties Oversight Board. The Board, composed of five members, two of whom (the chairman and vice-chairman) must be confirmed by the U.S. Senate.
The Board's mandate is to ensure that privacy and civil liberties are not neglected when implementing terrorism-related laws, regulations, and policies. The 9/11 Commission had recommended creation of such a Board because of concern that the USA PATRIOT Act of 2001, enacted soon after the attacks, shifts the balance of power to the government.
Section 1016 was amended in 2007 to include homeland security information and weapons of mass destruction information. It codifies many of the recommendations developed in response to the President's information sharing guidelines, such as the creation of the ITACG and the development of a national network of state and major urban area fusion centers.
The Act also required the designation of a Program Manager for the Information Sharing Environment (PM-ISE) "responsible for information sharing across the Federal Government" to oversee the implementation of and manage the ISE.
Application to cybersecurity
The Act does not contain a single reference to cyber, cybersecurity, or related activities. Its stated purpose is to "reform the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes." The Act contains findings and recommendations offered in the 9/11 Commission Report and other assessments that address national and homeland security shortcomings associated with the terrorist attacks of September 11, 2001.
Numerous organizations, programs, and activities in the Act currently address cybersecurity-related issues. IRPTA addresses many types of risks to the nation and threats emanating from man-made and naturally occurring events. The broad themes of the Act could be categorized as how the federal government identifies, assesses, defeats, responds to, and recovers from current and emerging threats. The Act might be updated to incorporate cybersecurity-related issues. However, any such update could affect numerous organizations and activities.
- IRTPA § 1016(b)(1)(A).
- Id. §1016(f).
- Id. §1016(g).
- Id. §1016(f)(2)(A).
- Id. §1011.
- Id. §1016(b)(1)(A).
- Id. §1016(a)(2).
- Id. §1016(f).