Access to 'suspicious-activity' reports now restricted after MOA security details revealed

The Mall of America
Since the 9/11 attacks, The Mall of America in Bloomington, Minn. has created its own security program to guard against potential terrorist threats. Minnesota public safety Commissioner Ramona Dohman has restricted so-called "suspicious-activity reports" of mall customers from public scrutiny, a move that came after news organizations collected data on the mall's counterterrorism program.
TIMO GANS/AFP/Getty Images

Minnesota's public safety commissioner has quietly restricted so-called "suspicious-activity reports" from public scrutiny, a move that came after news organizations collected data on the Mall of America's counterterrorism program.

The action by Commissioner Ramona Dohman came after mall authorities expressed dismay over the volume of data sent to the Center for Investigative Reporting, which was a partner with National Public Radio for a series of reports on a security unit in the mall.

Open-government advocates have decried the change, arguing that it threatens the state's tradition of transparency.

Last year, the Center for Investigative Reporting began sending open-records requests to law enforcement agencies across the country, asking for reports of suspicious activities in their areas. The only officials who sent back documents were in Minnesota.

Grow the Future of Public Media

MPR's budget year comes to a close on June 30. Help us close the gap by becoming a Sustainer today. When you make a recurring monthly gift, your gift will be matched by the MPR Member Fund for a whole year!

Bloomington police and the Minnesota Joint Analysis Center, known as the state's fusion center, released more than 120 reports they received from the Mall of America. The documents gave a glimpse into how private entities like the mall are on the front lines of fighting suspected terrorism.

The center's work with National Public Radio centered on the mall's special security unit, know as Risk Assessment and Mitigation. NPR reports noted that the documents revealed how the unit focused on things like unattended suitcases but also on seemingly ordinary behavior. For example, the security unit confronted one man because they thought he was looking at them oddly and walking nervously. It turns out he was looking for a SpongeBob SquarePants watch for his son.

NPR also reported that in half of the cases reviewed in the investigation, the mall sent the reports onto law enforcement, including federal agencies.

Mall of America security chief
In this July 21, 2011 photo, Mall of America Security Director Major Douglas Reynolds talks about new measures that have been implemented since the Sept. 11 attacks. Terror threats against U.S. malls have made huge behind-the-scenes changes to security at the Mall of America, the largest shopping mall in the country.
Craig Lassig/AP

Mall authorities have admitted they were upset with the data dump, saying it could jeopardize security.

Last December, the mall's head of security, Doug Reynolds, told a state task force assigned to study criminal intelligence proposals that the mall was once the top source of "actionable intelligence" for the fusion center. The mall had submitted its suspicious-activity reports to the police, which then forwarded them to the fusion center.

That cooperation ended, Reynolds told the group, when the fusion center and police released exhaustive reports that included information on the mall's security operations.

"It took every report we've ever given them — didn't edit it, just scanned it — and gave them electronic and paper copies," Reynolds said. "The concern for me was there was operational information in there."

After that, the mall essentially stopped sharing its reports with Bloomington or the state, Reynolds said.

"There is tension right now between our department and Bloomington police department," he said. "And I understand that, I do. They want the information, and I want to give them the information. But I also realize if I give them that information, there's a lot of liability out there for us. We are struggling with that."

Three months after that hearing, state officials made sure to tighten their rules on releasing that kind of information. Dohman signed new restrictions in March declaring that suspicious-activity reports sent to the fusion center are now private "security information."

While the order appears to be legal, critics like open-government watchdog Rich Neumeister say there was no public input.

"They've gone around the Legislature. They've gone around the public accountability," said Neumeister, who advocates for open government and individual privacy rights. "They've gone around the public transparency and openness to let people know they're collecting files on people, and folks don't even know about it."

Individuals who are the subjects of the reports can still access the data, but the media and other members of the public can't. That means news organizations will no longer be able to scrutinize whether there are any abuses of power, University of St. Thomas law professor Nekima Levy-Pounds said.

"If violations are occurring, then who is there to connect the dots, to alert the public, and to push for changes in laws and policies that are infringing on individuals' civil rights and civil liberties?" she said.

Levy-Pounds also is concerned that the broad language of the order could be extended to shield far more than just suspicious-activity reports from the public. She said it's essential to strike a balance between the government's need to collect data and the public's need for oversight and accountability.

But Mike Bosacker, director of the state's joint analysis center — one of more than 70 fusion centers across the country backed by the Department of Homeland Security — defends the new classification.

The centers share and analyze information about signs of terrorist activity, including information from other states that have stronger protections in their laws for what they consider criminal intelligence.

Bosacker said other agencies need to be assured that data they share with Minnesota will remain secure.

"Otherwise they won't share," he said. "And we run the risk of becoming an island within the country regarding criminal activity."

Bosacker said many of the suspicious-activity files released to the news organizations last year have since been destroyed. The center is required to purge records that don't rise to the level of a reasonable suspicion after one year.

The commissioner's classification doesn't prevent local law enforcement from disclosing their own reports about suspicious activities, Bosacker said. The original copies of the reports remain with the police departments, and they are can choose to release them to the public, he said.

But cities like Bloomington have learned they can issue their own security declarations making the documents private.

At a counterterrorism panel at the Mall of America this week, Bloomington police chief Jeff Potts said his department sought such a declaration that works to protect the data.

Potts said his department's relationship with the mall "has never been better," and that they are sharing information with each other.