What if the private sector banded together to create its own intelligence sharing networks exempt from FOIA law and public accountability?
In the last decade a number of different industries ranging from financial services and health care to nuclear energy and defense have created what are known as Information Sharing and Analysis Centers (ISACs). They allow member companies to share information anonymously without fear that it will be subject to FOIA requests or anti-trust violations. Now the oil and gas industry is getting in on the act.
In late June, the oil and gas industry announced the creation of an ISAC. According to the group’s website the ONG-ISAC, “is being created to provide shared intelligence on cyber incidents, threats, vulnerabilities, and associated responses present throughout our industry.” The website explains that the analysis center is built around four core principles, among them, “anonymous submissions” and “protection from FOIA disclosure and anti-trust violations.” This is apparently a hallmark of private sector intelligence-sharing networks, even though they continue to share information with government agencies. An ISAC primer published by Booz Allen Hamilton states, “ISACs operate in a manner to protect members from anti-trust violations and Freedom of Information Act queries.”
David Frazier, the chairman of the newly formed ONG-ISAC and director of information technology for Halliburton, told a cybersecurity website that the group, “Will provide industry participants a secure way to share information and stay connected with law enforcement agencies.” So far, according to the Houston Chronicle, at least 25 oil and gas companies have signed on, with membership rates ranging from $2,000 to $50,000 a year.
The first ISAC was established in 1999 to help facilitate the sharing of information between the financial services sector and the federal government. (The Financial Services ISAC now has some 4,500 members and has obtained more than 250 Secret level clearances for key financial services sector personnel, according to congressional testimony in March). After 9/11 the mandate was greatly expanded to encourage “the development of information sharing and analysis mechanisms” between the public and private sectors. But the private sector was reluctant to enter into such partnerships if there was a chance that information or intelligence would be disclosed through FOIA requests. As part of The Homeland Security Act of 2003 a new FOIA exemption was created for “critical infrastructure information.” At the time, Senator Patrick Leahy, a Vermont Democrat, warned that the exemption, “guts the FOIA at the expense of our national security and public health and safety.” Yet even with such protections industry has been less than enthusiastic to share information with the federal government.
“The government has an interest in promoting sharing of threat information, but industry has made its participation conditional on limiting FOIA access to such shared information,” Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, wrote in an email. “In this conflict of interests, FOIA requesters seem to hold the weak hand.”
Although ISACs are privately owned and operated, they still work with government agencies, including the DHS and FBI. According to a white paper published by the National Council of ISACs in 2004, strong public private partnerships are key to any ISAC’s success. “Close relations between the private sectors and the Department of Homeland Security and between each sector and its Lead Agency are vital,” they wrote. Of course, under one condition: Any information exchanged between the private sector and Homeland Security would be exempt from FOIA law.
The idea for an oil and gas industry ISAC was floated at a Homeland Security Critical Infrastructure Partnership Advisory Council meeting in August 2013. The American Petroleum Institute delivered a presentation on “the formation of an ONG ISAC,” according to documents obtained by Earth Island Journal through a FOIA request. The API representative “provided several options for sharing information, among those were to operate under the existing Financial Services ISAC, Homeland Security Information Sharing Network (HSIN), or information sharing via API SharePoint.” (A Downstream Natural Gas Information Sharing and Analysis Center (DNG ISAC) was established in September).
And though the group will focus on cyber security threats, as do all ISACs, there’s no way for the public to know what kind of information is being circulated, either among members or with the federal government. As we’ve documented here at Earth Island Journal, the American Petroleum Institute has taken a keen interest in environmental organizations and contracted with Stratfor, the global intelligence company, to gather information on activist groups and the investigative news web site ProPublica. ExxonMobil, with its own sophisticated in-house security operation, also solicited a background brief from Stratfor on shale gas activism in 2009. Two years later a spokesperson for Anadarko Petroleum described the anti-fracking movement as an “insurgency.”
Today oil and gas companies routinely share information about activists and environmental groups with state level Homeland Security Fusion Centers and law enforcement agencies. In most cases these stories have only come to light because of FOIA. What will happen now that the oil and gas industry has created its own intelligence-sharing network? What will stop them from anonymously filtering information on activists and environmental groups through the ISAC, which is exempt from FOIA disclosure? It’s anyone’s guess. But chances are the public will be kept in the dark.