Policing terror

Pioneering law enforcement agencies use data sharing and analysis tools to step up anti-terrorism contributions


Thinking of local police as first responders recognizes only one of the important contributions they can make to homeland security. A recent Rand report suggests that local law enforcement is the critical line of defense for thwarting homegrown terrorist activity.

The book, 'Unconquerable Nation: Knowing our Enemies, Strengthening Ourselves,' states that the country's 600,000 police officers 'are in the best position to monitor potential'terrorists.'

Rand says police can take advantage of their local knowledge to identify recruiting hot spots and develop intelligence sources.

But there's a rub. Police departments require resources and training to pursue the intelligence dimension.

As a step in that direction, local and state authorities are starting to create intelligence centers that use information technology systems to gather, analyze and share intelligence data. Behind the scenes, technologists must gather multiple databases, engineer a fast and intuitive search capability, and provide a means to distribute alerts.

The integration task involves policy hurdles and technical challenges. Various jurisdictions must forge agreements to permit data sharing. In addition, law enforcement must follow state and federal data privacy directives.

Police agencies and their technology vendors take different approaches when it comes to intelligence analysis systems. Intelligence centers in Los Angeles and Louisiana are case studies of how such centers work.

Los Angeles' take on intelligence

The Los Angeles Joint Regional Intelligence Center, dubbed JRIC, is one of the newest law enforcement intelligence centers. JRIC started in July as a cooperative effort involving the Los Angeles County Sheriff's Department, the Los Angeles Police Department, the FBI and the Homeland Security Department.

JRIC's local, state and federal intelligence analysts and investigators cover a seven-country region that encompasses more than 40,000 square miles.

The analysts use an intelligence management and analysis system from Memex, a company based in Glasgow, Scotland. The system lets analysts gather and track leads and collect information from various law enforcement data sources.

'Technical requirements were a system that was user-friendly, could manage cases for us, and do analysis on information contained in several data sources,' said Lt. Robert Fox, co-director of JRIC and the senior LAPD officer on site.

The latter system function ' accessing multiple datasets ' can present a technical headache. The scalability of a solution becomes an issue when organizations reach out to additional information sources, industry executives said.

JRIC's workaround is to replicate databases of interest inside the facility. Fox said the center draws data from traditional law enforcement systems but added that he couldn't identify specific databases for security reasons.

John McCarthy, director of law enforcement solutions at Memex, said the center replicates fewer than 10 databases. He added that it is negotiating to obtain additional data sources.

The center's schedule for replicating particular databases depends on factors such as the volume and volatility of the source data, with the frequency ranging from near-real-time to weekly.

The databases feed into a central repository, the Memex Intelligence Engine database. JRIC uses tools such as the Memex Extensible Markup Language Data Loader to migrate data.

In addition, JRIC programmers use application programming interfaces to build techniques for loading various databases, a Memex spokesman said.

Database integration raises policy considerations. For example, one part of the Code of Federal Regulations establishes data management and control guidelines for criminal intelligence systems receiving federal funds.

'To accept a copy of any organization's criminal database that has been funded by the federal government, you must agree to the same rules and guidelines that the parent organization has instituted,' said Mario Cruz, IT project manager at JRIC.

Cruz said compliance tasks duplicate efforts and require an enormous amount of work to manage and monitor daily activity against the data.

But Cruz said that if organizations establish a memorandum of understanding with data sharing in mind, they can move data from one database to another without worrying about someone else's data warehouse policies. Databases can also be replicated within an individual agency without restriction.

As for future moves, JRIC will use the Global Justice XML protocol to connect to several federal databases.

In addition to structured data from databases, JRIC's data repository can also accept unstructured text data. People can drop electronic documents into Memex and scan paper records, too.

With the data in place, analysts can start combing for clues. Fox cited the ability to perform one-stop, drill-down searches as a major requirement.

Multiple searches on multiple data sources can take hours. In one test, JRIC found that the process of searching through 20 million records to isolate a phone number took 19 seconds with the new Memex system, compared with more than three hours using an older system.

In addition, McCarthy said the Memex analysis module can discover relationships among people, places and organizations that would otherwise remain unnoticed. Memex uses a proximity search capability to scour the intelligence database for those connections.

JRIC analysts share their findings with law enforcement agencies and other relevant parties through analysis reports, requests for information and e-mail distribution, Fox said.

Data fusion in Louisiana

The Louisiana Fusion and Analytical Center and Los Angeles' JRIC have similar goals, but the center has taken a different technical approach.

The Louisiana State Police launched the center for counterterrorism and crime investigation purposes. Apogen Technologies' Apogen Services subsidiary won a contract in July 2005 to develop the center's IT core.

That component involves a combination of custom and commercial products. On the custom side, Apogen has developed an incident reporting system based on Microsoft's .NET, said Scott McCumsey, Apogen program manager for the fusion center project.

The system, which runs on a SQL Server database, captures incident information from police who contact the Fusion Center. The system can also pull in reports of suspicious activity that people submit through the Louisiana State Police Web site.

By using the incident information, state police officers in the center can review leads and assign them to investigators. As a case unfolds, an automated workflow script routes incident information to the appropriate officers. The incident reporting system was moving into a beta testing phase at press time.

Another Fusion Center component lets analysts perform single searches of multiple data sources. The Louisiana Fusion Center's access extends to six Department of Public Safety databases.
Those sources provide data such as criminal history, driver's license photos, driver's license images, driver's license/identification card information, motor vehicle registration and official driving records.

Analysts enter information such as name, sex and date of birth, and the system searches the databases and returns results based on that criteria, McCumsey said.

Instaknow, an Apogen partner on the fusion center project, provides the data integration software behind the single-search capability. Instaknow's approach doesn't require database replication.

Instead, the company's product emulates a user's access into each system. The software learns how an authorized person uses a Web browser to connect to an Internet or intranet database.

'You don't need a technical interface, nor do you need to copy [other parties'] data to your database,' said Paul Khandekar, chief executive officer of Instaknow. 'All we need to do is provide valid user IDs and passwords to Instaknow to access each of the source systems.'

To share the data it collects, the center may make use of the Global Justice XML format. 'Our intent is to be able to take information in the incident reporting system and use Global Justice XML to tag that information and make it available to other agencies through Web services,' McCumsey said.

The fusion center also dispatches alerts based on its intelligence findings. Khandekar said center employees define the thresholds that trigger an alert ' such as the number of felonies found for a person ' and to whom the center should send alerts. Those polices are stored in a spreadsheet.

Epilogue

The IT deployments represent only part of the law enforcement intelligence-gathering picture. Law enforcement organizations must address cultural, policy and human resources issues to make a system work, industry executives said.

On the cultural side, organizations must be encouraged to share data. 'The stumbling blocks to these initiatives are, generally, that people don't want to share their information, even if it's mandated,' said Sam Roth, an executive vice president at Svivot, an Israeli firm that makes intelligence analysis systems for law enforcement agencies.

Police chiefs, he said, might balk at providing data if they think they are contributing data and not getting anything valuable in return.

Ronald Dick, director of homeland security, national security and foreign affairs at Computer Sciences Corp., said huge policy and legal issues face law enforcement organizations planning to share data.

He cited the case of 'Sunshine Laws,' which allow people to access information on state databases. Under those laws, an exemption restricts public access to information in the law enforcement category, he said.

But the situation becomes complicated if one agency shares data with another that can't protect the data under a law enforcement exemption.

Law enforcement entities also face security questions, such as whether employees have the authority to take classified information out of a federal system, said Morgan Wright, global industry solutions manager of public safety and homeland security at Cisco Systems.

Finally, the technology tools established to share and analyze data must have trained users at the controls, executives said.

The training component involves how to use the tools and being able to analyze the data that the various systems and databases provide, Dick said.

'It's not entirely an IT solution and tools that are going to connect the dots,' he
said.

inside gcn

  • smart city (jamesteohart/Shutterstock.com)

    Toolkit for building a smart city plan

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group