Post-9/11 intelligence tools aren't just ways for investigators to collect and organize information from multiple complex sources. They also focus on intelligence sharing. Some comply with the new Global Justice XML Data Model (GJXDM); others have built interfaces to each of the major content management systems law enforcement agencies use and are moving toward GJXDM. Regardless, many agencies are adding intelligence tools to their arsenals of mission-critical investigative tools.
Xanalys Investigators' Desktop and NESPIN
Waltham, Massachusetts-based Xanalys Corp.'s Investigators' Desktop is such a new product that so far, only two major customers use it regularly (it's under evaluation in other agencies). Those customers are the Province of Ontario, Canada, and NESPIN (the New England State Police Information Network), one of the six centers of the Regional Information Sharing System (RISS). (RISS regional centers share intelligence and coordinate efforts against criminal networks that operate in many locations across jurisdictional lines.)
NESPIN helped Xanalys develop Investigators' Desktop as part of a broader RISS push toward comprehensive computer-based intelligence analysis.
"Intelligence analysts spend 80 to 90 percent of their time hand-collecting and hand-formatting data to export into spreadsheets for link analysis," says Glenn Conradt, Xanalys' vice president of marketing. "In the last few years, data sources have become more complex, so even though analysts are more computer literate, they still need a simple way to pull, analyze and present data. Investigators' Desktop's greatest value is data analysis — sorting vast amounts of structured and unstructured information (such as phone records and e-mail text), comparing it, correlating it, drawing inferences and noting trends, and other functions." Investigators' Desktop complements Xanalys' other products, including Link Explorer (formerly called Watson) and Investigation Manager (formerly called PowerCase), by addressing its customers' specific practical need.
NESPIN used a beta version of Investigators' Desktop at the 2004 Democratic National Convention in Boston, Massachusetts. NESPIN personnel used it to employ both public and restricted data sources in reviewing convention attendees. "Not many arrests were made, because demonstrators for the most part were peaceful and few requests for information were made to our people," says Bill Deyermond, NESPIN director.
After the convention, Xanalys used NESPIN member feedback to refine Investigators' Desktop. The final version will be released in 2005.
Currently available on standalone and network-share computers, Investigators' Desktop will soon be available in an enterprise edition. This will allow member agencies to access information — but not free rein of the solution's analytical tools — from a central intelligence database. "RISS has specific business rules for its intelligence databases, which ensure proper audit trails," says Deyermond. "In the future, we plan to allow analysts from our member law enforcement fusion centers to use Investigators' Desktop to access our intelligence database, which will assist them in their analytical efforts."
Deyermond says one of Investigators' Desktop's main attractions is its emphasis on audit trails. "People are the weakest link in any investigation, regardless of their trustworthiness," he explains. "The audit trail shows analysts' thought processes, a history of all the directions they took. It's an electronic chain of evidence that proves a case's foundation — how they arrived at certain conclusions. Audit trails help us ensure that the information is being used properly."
Conradt says the audit trails provide an additional benefit: they make information available to future investigations, so analysts don't have to search for the information again and again. Because Xanalys has strategic partnerships with subscriber services like ChoicePoint (and soon, LexisNexis and the major credit bureaus) to grant Investigators' Desktop users full access to their systems, he notes this solution reduces retyping and the chance of errors. Another time saver, as Sean Barry, a NESPIN senior analyst, points out, is that Investigators' Desktop doesn't take a whole team to run — an important feature for individual analysts, who may be responsible for entire boxes full of potential leads.
Conradt says Investigators' Desktop, is a facilitator, not a solve-all: "The software enables easier analysis, but it doesn't mean everything can be thrown into the mix, only to drown an investigation. Analysts must use their expertise to decide what information to work with." Barry agrees, "The software allows analysts to organize large amounts of data and thus identify leads to pursue." Investigators' Desktop narrows down the "box" of data, organizing it so investigators can effectively move forward with cases.
JRIES intelligence sharing with K2 Enterprise
The Department of Homeland Security (DHS)'s Joint Regional Information Exchange System (JRIES) has been using Verity K2 Enterprise (K2E) for just over a year. JRIES includes 6,200 users in 650 agencies across all 50 states, federal agencies, and agencies in the United Kingdom and Canada. "K2E provides independent law enforcement organizations with a way to collaborate," says Andrew Feit, Verity general manager of intelligent content services. "At the same time, it remains sensitive to their specific information and security needs. For instance, small-town users may share information with the larger agencies, and vice versa. K2E forms a network of users that all help each other."
K2E grew out of the Sunnyvale, California-based company's government contract work 16 years ago. Its main function is to monitor, categorize, locate and analyze data based on user-defined profiles. "Users determine what they want to achieve, then customize our product accordingly," explains Feit. K2E culls information from each JRIES member's content repositories, which can include RMS, CAD, criminal records, electronic unstructured information like e-mail or field reports, and even multimedia content like tele-conferences or videotaped traffic stops.
Search terms can be as specific or as broad as necessary. "An analyst looking for information about fertilizer bombs can query that term," says Feit. "Or, if a suspect name and address exist, he can search on those terms." In this way, K2E mimics an Internet search engine. Yet K2E differs from search engines' format in one critical way: its ability to categorize data into taxonomies. Instead of returning hundreds of hits on a query, K2E's taxonomies enable users to "drill down" through all the different levels to reach the information they're looking for. When users must generalize a query, drilling down can lead from, say, an anthrax query to groups that work with it to individual names. Feit says this feature has another benefit. "No individual can think of every query term, so K2E's ability to distill vast amounts of data gives analysts more time to explore," he explains.
Adding to these features is K2E's Recommendation Engine. At the same time that K2E returns documents, the Recommendation Engine provides names of experts who are familiar with a query topic. Experts don't have to register; the Recommendation Engine watches query streams and other user activity to determine who qualifies. Feit says JRIES specifically requested an added chat capability, so users can enter into real-time dialogue with experts and others.
The final fit between K2E and JRIES comes from its flexibility. First, the smallest agencies to the largest can customize to search just one or two data sources, or a whole network spanning multiple databases, security levels and profiles. Second, JRIES members retain complete control over their data. They can limit access depending on individuals' clearance levels or affiliations; they can require uncleared individuals to make direct contacts for requested information. "Balancing security with the value of sharing is a real challenge," Feit notes. "But K2E doesn't force anyone to share. The hope is, although agencies may not now be comfortable sharing some things, as they use K2E to collaborate more, they'll become comfortable."
Visual Analytics' DIG helping HIDTAs
In late 2004, Poolesville, Maryland-based Visual Analytics Inc., together with the Philadelphia/Camden High-Intensity Drug Trafficking Area (HIDTA), deployed a solution that not only enabled the federal task force to share information with its local counterparts, but also enabled information sharing among HIDTAs and task forces along the eastern seaboard.
That solution was the Digital Information Gateway (DIG). Using DIG, agencies including the U.S. Postal Service, the U.S. Marshals Service, Immigration and Customs Enforcement, the FBI, and the Baltimore/Washington, D.C., and Florida HIDTAs (local task forces include the Philadelphia Police Department [PPD]'s and the Pennsylvania Attorney General's Office), cull data from a huge array of internal databases. These include arrest documents and controlled postal shipment logs, as well as agency-specific documents like the PPD's "Tell Sheets," daily reports the different precincts make to the department's commissioner. "Rather than build an entirely new warehouse for data, we simply offer a way to connect all the small data warehouses," says David O'Connor, Visual Analytics' president and chief technology officer.
Investigators can enter DIG at any point in the network, and search the screens and items to which they have access. They then use Visual Analytics' VisuaLinks (included with DIG in the company's Data Clarity Suite) to do what O'Connor refers to as "walking the data." "It's like the Six Degrees of Separation," he says. "Based on a single search of a person or address, the investigator can see the rest of that person's network."
However, because the network is so extensive, DIG emphasizes security. "Two main challenges associated with information sharing are the technical issues — what happens under the hood — and the political issues," explains Bennett McPhatter, Visual Analytics' chief operating officer. "With our solution, the agency that creates the data maintains full control over it; no copy exists on a central server somewhere. They can share as much or as little of it as they want; they can turn off access entirely, or change it as needed."
To that end, DIG makes use of role-based authentication: investigators' individual logons determine which information they can see. "Most organizations on this network grant full read-access to outside agencies," says McPhatter. "However, some give only pointer permissions, meaning outsiders can run searches, but must contact the source agency for more sensitive information." These security measures are reinforced with encryption. The HIDTAs operate over a virtual private network (VPN) with 3DES encryption; DIG itself has 3DES encryption, so the network is effectively double encoded. The system also logs accesses and information viewed.
Although the tight security may make DIG seem complicated, it's an easy-to-use, out-of-the-box product. "Setups and configurations need to be customized, as with any software, but the base product can be used as soon as it's installed," says McPhatter, who estimates it took just two weeks to install DIG on the Philadelphia/Camden and Florida HIDTAs and just one week on the Washington/Baltimore HIDTA. O'Connor adds, "You want to tweak it to maximize its value to your agency, but it's not necessary for operation."
As a COTS product, DIG is sold on the GSA [U.S. General Services Administration] schedule. "The cost is relative to what you want to accomplish," McPhatter says. For example, says O'Connor, DIG can adapt to many different environments outside the criminal justice community. This means not being limited to GJXDM. "Because our product allows data control and responsibility, in the event of another catastrophe like 9/11, DIG can connect everyone quickly," he says. Conceivably, DIG could link law enforcement agencies to hospitals, public utilities or other organizations.
"This is a full end-to-end solution combining search and analysis capabilities with strict security," O'Connor says. "It was developed prior to 9/11 to adapt to disparate environments, to enable secure sharing that helps people regardless of background. It's information sharing people can swallow."
NESPIN's Deyermond concludes: "Federal, state and local investigators should not work alone, and the information they gather shouldn't be kept from each other. The more information you can organize, the better handle you have on where a case is and isn't going."
Conradt adds, "Thousands of law enforcement personnel use NESPIN and thousands of law enforcement agencies use the RISS centers. Access to shareable intelligence is critical to them because most would otherwise have no access to the analysis tools."
Beyond intelligence: CALEA accreditation with ISYS:desktop
Most of the law enforcement agencies on Sydney, Australia-based ISYS Search Software's extensive customer list use its ISYS:desktop for intelligence purposes. The Branford (Connecticut) Police Department (BPD), however, put the software's versatility to a different use — collecting proofs as part of its Commission on Accreditation for Law Enforcement Agencies (CALEA) process. "Our in-house RMS's built-in search engine worked well for searches on incident and related reports, but it wasn't good enough to gather proofs across our range of data sources," says BPD information technologist Sgt. Kevin Halloran. "For instance, it has no data fields to let us search on a particular text string, let alone Boolean or menu-driven searches. Also, because our officers dictate their reports, if a term is improperly dictated or entered, it won't be searchable."
BPD Deputy Chief John DeCarlo explains that the agency's RMS is built on a Microsoft SQL relational database; 350 data elements comprise 300 million words going back to 1995 alone. In addition, incident reports are saved in Rich Text Format (.rtf) files apart from data fields like names and addresses, and are unsearchable via SQL. Commanders needed a way to find CALEA proofs quickly and easily, and although the agency's accreditation consultants told commanders they could use Microsoft's search engine, even that didn't meet their specific needs. ISYS:desktop did.
"ISYS:desktop found 140 references to handcuffs over the previous two years' worth of unsearchable .rtf files," DeCarlo says. "It even displayed the .rtf files and helped put those references in context, even though they weren't in tabular form. Since we've been using ISYS:desktop, our stack of proofs has grown over a matter of weeks, to the same point it would've taken us months to build."
Halloran says the time saved in collecting proofs has been "immeasurable;" DeCarlo narrows this to a "conservative" estimate of a 50 percent time savings. "When you type a word, you get an instantaneous result because ISYS has already indexed every file in every folder on your network," Halloran explains. "It discards common words like 'the,' 'a' and 'that,' then compiles a list of the remaining words."
BPD has been so successful that other administrators in Connecticut's consortium of accreditation-seeking agencies want ISYS:desktop for themselves. "Collecting proofs is so time-consuming, and you can apply ISYS:desktop to so many applications, you really get twice as much functionality for what you pay," DeCarlo says, adding now that he and others in charge of accreditation have become used to the software, they're exploring other ways to use it, including crime analysis. CALEA standards include mandatory crime analysis guidelines, and Halloran says ISYS:desktop will be a perfect solution for some of those standards.
Halloran anticipates that as officers move toward CALEA-mandated standardization, it will be easier to find proofs. Moreover, says DeCarlo, not only will the product expedite accreditation, but it will also let commanders focus less on the "busy work" of collecting proofs, and more on the organizational and training work of incorporating CALEA standards.
DeCarlo believes BPD is only "scratching the surface" of ISYS:desktop's true capabilities. "We looked at a comprehensive intelligence tool when we first started out, but it cost over a hundred thousand dollars," he says. "Of the 17,500 police departments in this country, only 500 serve populations of 50,000 or more. That leaves the other 17,000 police departments without the budget to acquire technology for their communities like the larger agencies. A relatively low-cost and versatile product like ISYS:desktop is a huge asset to these average American departments."
Christa Miller is a freelance writer based in southern Maine. She specializes in public safety issues and can be reached through her Web site at www.christammiller.com.