Sniper Hunt: Debriefing
What worked, what failed in pressure test of intergovernmental cooperation
- By Wilson P. Dizard III
- Nov 01, 2002
Amid all the tools available to investigators pursuing the Washington area snipers last month'such as fingerprint databases and high-bandwidth communications networks'some users of the FBI's Rapid Start case management system had to rely on a sneakernet to exchange information.
Because the case involved numerous federal, state and local law enforcement agencies, users of Rapid Start had to download updates onto CDs and hand-deliver them to other locations.
That's one example of how investigators had to make do under a sudden mix of personnel and technologies. The shootings, in which 10 people were killed and three others injured, cast a spotlight on nascent efforts within the law enforcement community to work together across jurisdictional lines. Many of the efforts initially were propelled by the Sept. 11 terrorist attacks.Lessons learned
Now that the sniper suspects have been moved into the criminal justice domain, law enforcement agencies from the federal to local levels are reviewing what worked and what didn't during the intense investigation. And they are laying plans for improving future cooperative efforts.
The FBI is working on upgrades to the Rapid Start system that would eliminate the need for physical disk delivery and improve coordination among law enforcement agencies, a senior systems official for the bureau said.Task too tough
But in the sniper case, as in previous cases such as the 1995 bombing of the Alfred P. Murrah federal building in Oklahoma and the investigation of the Sept. 11 terrorist attacks, Rapid Start was not up to the task, sources said.
Rapid Start 'was something developed to work in a single FBI office. It was not designed to work in a task force environment,' said one local government IT official involved in the case. 'It was not coordinated with other agencies' systems.'
The FBI is planning to eliminate that problem through its upgrades. The first, dubbed Icon for information coordination, will provide 'more of an FBI look and feel to Rapid Start,' said Tom Hansen, chief of the bureau's Rapid Deployment Logistics Unit in Stafford, Va.
A subsequent upgrade, Icon Plus, will synchronize Rapid Start's Microsoft Access database across a WAN to give state and local agencies access to continuous updates of lead information. Rapid Start currently uses a client-server architecture and can be linked across a LAN.
If Icon Plus had been available for the sniper case, law enforcement officials would not have had to field five versions of Rapid Start in the Washington region. Officials deployed Rapid Start systems in Richmond, Fredricksburg, Prince William County and Fairfax County, Va., and in Montgomery County, Md., Hansen said.
At times, law enforcement officials updated the local Rapid Start systems by downloading data from the Access database to a disk and physically transferring it to remote Rapid Start locations, Hansen said.LEO network
'In the sniper case, a couple of venues were able to transfer the database using the LEO [Law Enforcement Online] network, and refresh it twice a day,' Hansen said. 'There were a couple of venues that could not utilize LEO in that manner so we copied the database on a disk and hand-carried it to those locations.' Hansen said Icon Plus will have a central Access database linked by a WAN for continuous updates.
The FBI is creating the graphical user interface for Icon and has hired High Performance Technologies Inc. of Arlington, Va., to create Icon Plus and develop the WAN connectivity it needs. The bureau plans to field Icon early next year and Icon Plus after May 2003.
Shortly after the sniper case began, FBI agents, trainees, analysts and other employees staffed a call center that the Montgomery County Police and the county's Information Systems and Telecommunications Department set up in rented space adjacent to police headquarters in Rockville.
The center used 123 PCs running Microsoft Windows 98 and XP to support Rapid Start and other systems.
Rapid Start, which has been in service since 1992, acts as a front end to the FBI's trouble-prone Automated Case File System, sources said.Perfect world
'Rapid Start is a case management tool,' one FBI source said. 'It is used to manage leads, and it was developed in-house. But it is still a practice to use binders for [paper] lead slips.
'In a perfect world, Rapid Start would be more integrated with our other systems,' he said.
'Using Rapid Start doesn't solve the underlying problem, which is that it is difficult to get the information out of ACS once you get it in. It is very difficult to manipulate it, process it and get it out,' another FBI source said.
The Justice Department's inspector general detailed Rapid Start's shortcomings in a report in March, 'An Investigation of the Belated Production of Documents in the Oklahoma City Bombing Case.'
The report explained how FBI computer systems contributed to management problems that delayed and could have derailed the prosecution of Oklahoma City bomber Timothy McVeigh.
According to the report, the bureau used Rapid Start to help track leads in the probe. 'Even for tracking leads, Rapid Start had its limitations,' according to the report.
Because the system was not integrated with other systems in other FBI offices, field offices' reports would not be tracked automatically by the Oklahoma City task force.
'Accordingly, the task force would not know what locally generated leads the field offices had failed to pursue or if they had failed to submit documentation after submitting the lead,' according to the report.
The Oklahoma City investigators, just like their counterparts in Montgomery County seven years later, used binders to track leads in the case.History repeated
Justice Department officials reported that FBI personnel supervising the lead management section of the Oklahoma City investigation did not trust the output of the system.
Because Rapid Start was not integrated with other FBI systems, the Oklahoma City investigators were not able to make sure that documents entered in Rapid Start were reflected in the databases used for discovery, according to the IG's report. That problem contributed to the document foul-up that jeopardized the McVeigh prosecution, according to the report.