The Senate report said local and state officials entrusted with the fusion center grants sometimes spent lavishly. More than $2 million was spent on a center for Philadelphia that never opened. In Ohio, officials used the money to buy rugged laptop computers and then gave them to a local morgue. San Diego officials bought 55 flat-screen televisions to help them collect “open-source intelligence” — better known as cable television news.

The scores of 'fusion centers' across the country threaten civil liberties while doing little to counter terrorism, a two-year study by a Senate subcommittee finds.

Senate investigators concluded that Homeland Security liaisons to the centers "forwarded 'intelligence' of uneven quality — oftentimes shoddy, rarely timely, sometimes endangering citizens' civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism."

The investigators also found that some local analysts had written inappropriate and potentially illegal reports about constitutionally protected activities of American citizens. Homeland Security officials prevented most from being disseminated.

Last year, for example, the Illinois Statewide Terrorism and Intelligence Center in Springfield published a report asserting that a hacker in Russia had stolen an unknown number of user names and passwords to sensitive utility control systems and used that information to break into a local water district's computerized control system.

In fact, the "hacker" was a utility employee who had accessed the system legitimately while on a family vacation, the report found.

The U.S. Office of Management and Budget said in March that a total of 107,655 security incidents were reported in fiscal 2011 by federal, state and local governments, commercial enterprises, U.S. citizens and international cyber organizations.

Federal agencies are required to report such incidents, but corporate reports are voluntary.

State Security Breach Notification Laws

Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.