Hendon Publishing - Article Archive Details
Think twice before purchasing data mining tools that lack regulatory compliance capability
Knowing the “rules of engagement” for information management before investing in technology for law enforcement is very important. If you’re not well versed in these regulations and laws, you could wind up with software that puts your agency in non-compliance with the law. Worse yet, you may have spent a lot of money on a tool that doesn’t do what you need it to do.
Recently, there’s been a trend toward some agencies purchasing new data mining tools for their needs at fusion centers. It is great to see this investment in technology. However, many agencies are choosing solutions from providers that offer the latest “whiz-bang” functionality but that don’t have any inherent method for capturing SARs (Suspicious Activity Reports) and RFS (Request for Service) data, which fusion centers use to track case management activities. Additionally, these solutions are built by companies that do not have the requisite knowledge or the appropriate members on staff with law enforcement backgrounds. That means they don’t generally comply with 28CFR23, which is the section of federal guidelines that governs intelligence sharing by local, tribal, state and federal law enforcement agencies.
Although these sleek new data mining tools can be useful, they don’t comprise an end-to-end solution. They cannot communicate bi-directionally with Regional Information Sharing Systems (RISS), an innovative national initiative designed to support local, state, federal and tribal law enforcement efforts to combat organized criminal activity, drug trafficking and terrorism. RISS enables member agencies to search and share intelligence data over the secure RISSNET intranet.
They are also unable to communicate with the National Data Exchange system (N-DEx), the FBI’s criminal justice information-sharing platform, which simplifies the ability for law enforcement agencies to exchange data with each other and to submit that data to N-DEx, if desired.
Four Streams of Law Enforcement Data
Before proceeding further, it makes sense to review the four types of data that law enforcement officers encounter in their daily work. There are several aspects to the way law enforcement agencies collect, store and share such data:
.Open-Source Data: This includes anything from the Internet, newspapers, other public sources and observations out on the street. There are no prohibitions to sharing this data.
2.SARs: This is information reported to law enforcement by citizens or observed by police; no identifiable crime is being committed, but there is something suspicious that warrants additional scrutiny. This type of information was not traditionally shared because law enforcement didn’t have systems in place to share it. How far it can be shared today is not clear, but the National SAR Initiative is in the process of development.
3.Investigative-related: This refers to evidence or information collected for a crime that has been committed or the belief that an infraction will be committed with a goal to prosecute or prevent crimes. It is shared on a case-by-case basis; however, there are countless varying policies for data sharing among the 50 states and local municipalities, so no clear mandate is in place.
4.Intelligence: This is important data in assessing threats to the community. Proactive, strategic analysis is conducted, and patterns of activities are identified. Resources focus on the problem at hand, be it street gangs or organized crime. 28CFR23 governs this type of data; if information rises to the level of reasonable suspicion, then it can be entered into intelligence systems and shared with other agencies.
Challenges to Data Sharing
All four types of data streams have separate and distinct rules, regulations, policies and laws governing what law enforcement can and cannot do with them, which has caused some confusion. Police are reluctant to share information out of the fear that they may be sharing improperly and have some liability. In addition, fusion centers are under even more scrutiny by civil libertarians and privacy advocates in the types of information being shared. Public safety professionals want to ensure they are holding data consistent with all the rules and regulations that pertain to that type of data, that their staffs are properly trained and knowledgeable in these rules and regulations, and that they are abiding by these rules and regulations when they do share information.
The NSI, in particular, is shining a giant spotlight on how SAR information should be shared, largely because the federal government does not want to be holding the proverbial “leaky bag” of information that may have been shared illegally.
When you apply these challenges to the context of fusion centers buying the latest data mining tools from technology providers that are unfamiliar with the labyrinth of regulations for sharing, you have a recipe for disastrous consequences.
Most of these “Johnny-come-lately” data mining technology companies have not considered any of the aforementioned issues. Their tools are putting fusion centers at risk of violating statutes, laws and regulations. The information management tools needed by fusion centers can be likened to the tools needed for carpentry. If you’re going to do rough framing, you need heavy-duty saws, and large hammers and nail guns. If you’re going to do finished carpentry, you need precision chisels, exacting miter saws and light hammers. If you’re going to do both, then you need both sets of tools in your tool bag.
So, if fusion centers want to comply with 28CFR23 and all of the other regulations, then they need to deploy technology that helps them or ensures they comply with those rules. Once they have such tools in place, they can tap into sophisticated open-source data mining tools. But it’s not a “one or the other” proposition.
At least one fusion center I have had the pleasure of working with realized this back in 2008. Instead of settling for a one-size-fits-all intelligence analysis system, it thoroughly vetted the vendors that answered its Requests for Proposals, and it selected one vendor for information/intelligence management and another for analyzing the information managed by the other system.
This is what should be happening more often. Technology buyers should make sure they have identified the appropriate tools for the appropriate jobs. The notion of buying only data mining or text analytical tools before having any data to analyze is like putting the cart before the horse. Public safety officials should think twice about abandoning traditional intelligence management tools for ones being offered by technology companies that don’t know the compliance landscape.
Captain Stephen G. Serrao is a former New Jersey State Police Counterterrorism Bureau chief, and now helps shape the direction of intelligence management software as director of Product Management, Americas Region for Memex, Inc., a worldwide provider of intelligence management, data integration, search and analysis solutions. He can be reached at firstname.lastname@example.org.
Published in Public Safety IT, Jul/Aug 2010
Rating : Not Yet Rated
Click to enlarge images.