Data Integration is a Necessary Building Block for Sound Analytical, Threat Assessment Capabilities
by Stephen G. Serrao, Captain, New Jersey State Police (ret.)
In the aftermath of 9/11, many law enforcement agencies sought to establish new data repositories to capture information, such as Suspicious Activity Reporting (SAR, also known as Tips & Leads), Organized Crime Intelligence, Counter-terrorism Intelligence, and even Web-based and electronic document open-source data. There was a strong focus on collecting new and previously unknown information.
The last three years has seen a shift, however. Quite a few agencies – perhaps a result of the growth of Fusion Centers – are equally interested in setting up information management systems that can mine existing data repositories that they have been populating with records for many years.
My own experience bears witness to this trend. Before the recent shift, the company for which I work had a single customer among its many clients that desired search capabilities for existing databases – in this particular case, for its five RMS (Records Management Systems).
Now, it seems, almost all of our work involves some form of data mining or data integration capabilities for existing databases, such as CAD (Computer Aided Dispatch) as well as RMS. To be sure, we’re still building databases from the ground up. But the overarching goal of many of our customers seems to be to integrate data, not just create new silos of data.
A big reason for this shift may have to do with N-DEX (National Data Exchange), the FBI’s criminal justice information-sharing platform. N-DEX is a national system that enables law enforcement agencies to share non-intelligence information, such as CAD and RMS much more easily. Such information sharing aids in catching criminals as well as identifying trends and patterns to help prevent crimes and terrorist attacks.
One large Fusion Center in the Northeast is a prime example. While it created a new SAR database to track new and original Tips & Leads, it also fused and joined more than five-million CAD/RMS records from two of its largest participants – a large urban municipal police department and a large county Regional Information System.
The officials there, like many others, have come to realize that opening a Fusion Center and relying on new information collection doesn’t necessarily bring value. That’s because new information trickles in slowly.
But a Fusion Center that mines millions of existing records brings tremendous capabilities to bear in the fight against crime and terrorism. The key take-away is that law enforcement agencies don’t have the luxury of waiting for a period of time for a new center to become useful while a myriad of challenges continue to face them.
It’s a function of utility. A Fusion Center is only as valuable as the information to which it has access. Getting the building blocks in place and tracking new information are important steps, but integrating data and mining existing information for patterns of criminal behavior are of paramount importance.
These integration and full text-search capabilities must necessarily lead to the analytical function; otherwise, the effort still falls short. Meaningful analysis requires trained staff and powerful software tools. Assessing the threat and preventing future criminal activity are the ultimate goals.
To achieve them, rules-based logic, as one finds in some industries, should be considered to assist the analysts. Take the insurance industry, for example. If a claim is made on a policy within 30 days of inception, then the record is flagged for investigation. If a recovered stolen car is burned beyond recognition, investigators are alerted to potential insurance fraud.
Law enforcement executives and staff don’t have similar business rules at their disposal right now, but such rules are something to consider.
If there are incidents and reports of graffiti and spray painting, for example, then a rule could be developed indicating the probability of gang involvement. Even though such law enforcement rules will never be as cut and dry as in other industries, they should give law enforcement executives and supervisors pause.
While such rules-based algorithms for law enforcement are still wishful thinking, here are three current recommendations for evaluating data integration capabilities and establishing the aforementioned building blocks:
Insist on a single-source portal for examining RMS, CAD, Intelligence, SAR, open-source and any other data. Such a system empowers intelligence officers and staff with the capabilities of examining all the data in one place, using the same data mining tools without the need to log on and off different systems. This scenario breeds an environment of efficiency and productivity. Make sure that your integrator offers a 28CFR23 (Part 28 Section 23 of the Code of Federal Regulations)-compliant system.
Ensure that the system is N-DEX compliant. There is no sense in buying from, or working with, a data integrator that doesn’t speak in N-DEX-compliant terms. The future is now, as the saying goes. Law enforcement agencies are migrating to N-DEX, and they want to be able to transport data to N-DEX in an easy, straightforward way.
Avoid “home-grown” systems that often fail to capitalize on the wealth of thought leadership that has been generated in law enforcement circles. Leverage experienced practitioners and their technologies to ensure compliance with civil liberty, privacy and other statutes.
Data integration is the beginning – not the end – of sound law enforcement practices. But it’s an important foundational step for the necessary analysis and threat assessments that can prevent crimes and terrorist plots, and make us all safer.
Captain Stephen G. Serrao is a former New Jersey State Police Counterterrorism Bureau Chief, and now helps shape the direction of intelligence management software as Director of Product Management, Americas Region for Memex, Inc., a worldwide provider of intelligence management, data integration, search and analysis solutions (www.memex.com).