Agencies must resolve difficult cultural and policy challenges to get homeland security and law enforcement information flowing freely.
Whether it’s a new regional fusion center or a venerable storehouse such as the FBI’s National Crime Information Center, there’s no shortage of ways for federal, state and local officials to share information about criminal or possible terrorist activity. But as the troubled Homeland Security Information Network shows, creating centralized clearinghouses of information doesn’t guarantee that they will be widely used. The Government Accountability Office criticized the Homeland Security Department in a report last April for neglecting to provide basic policies and training on how to use HSIN. Homeland security and law enforcement officials must grapple with numerous management and policy challenges when they set up data-sharing programs. Those challenges include agency cultures predisposed to hoarding data and fears about how data might be mishandled or abused. For managers, setting policies so that sharing initiatives can overcome those roadblocks is daunting. However, some law enforcement agents and security analysts say the solution lies in a combination of controls and incentives that can get around most roadblocks to communication and collaboration. Here are some of the most common obstacles to sharing and suggested ways to bypass them. Departmental silos and long-standing turf battles can discourage officials from freely sharing information that might be important for preventing or prosecuting terrorist activities. “If departments do not have effective structures for managing cooperative relationships, existing ‘silo’ thinking is difficult to overcome,” said Natalie Tarry, director of research at the Social Market Foundation, a think tank in the United Kingdom that specializes in homeland security issues. Breaking down the walls that block sharing should involve a two-part strategy, experts say. First, do not underestimate the value of personal relationships. Develop programs based on personal interactions among related jurisdictions to promote trust. Second, establish controls to let agencies choose how their information is distributed and used. Tom Bush, assistant director of the FBI’s Criminal Justice Information Services Division, said he experienced firsthand the importance of forging professional relationships to combat turf battles. As an FBI field agent, Bush worked with local task forces on violent crimes and drugs. Buy-in from officers involved in joint operations came through trips to local police departments to inquire about the kind of help they expected from the FBI. “Clearly, that level of trust has to be established,” Bush said about interactions between the FBI and local law enforcement agencies. Bush and the FBI applied that lesson with N-DEx, an information exchange system set to launch this month for sharing incident and arrest reports created by local authorities. Local departments can decide the types of files and the level of detail they make available to N-DEx. Each department also can view audits that show who is using the data. “The bottom line is they’re your agency’s records to maintain,” Bush said. “It’s your responsibility for putting the information in and keeping it current and accurate. [Local agencies] need to be close to the security of their data.” Local law enforcement incident reports, quickly becoming the first line of defense against criminal activity, could distribute inaccuracies throughout data-sharing networks or, conversely, represent missed opportunities. For example, a police officer might question a driver who has stopped his ve icle outside a nuclear facility, ostensibly to check a mechanical problem with his car. Even though no formal police action might be warranted, the officer describes the encounter and enters the driver’s name and license number in a field report. The incident could prove to be insignificant, or it might help reveal a pattern of suspicious activity if officers in other areas match it to similar activities at nearby power plants. But because the information resides in informal field reports rather than formal arrest and conviction records, suspicions often go unvalidated. Agencies need to institute a series of checks and balances for further evaluating information. “If a local law enforcement organization sees suspicious activity, there needs to be validation at that level by pulling in managers, supervisors and experts,” said Harold Relyea, who writes about data-sharing challenges as a U.S. government specialist at the Congressional Research Service. If that information is sent to a fusion center and is determined to have implications for anti-terrorism activities, it should be shared. “After some period of time, the law enforcement officials who receive this information should report back as to how they used it and correct and update the information so you get another stab at quality control,” Relyea said. Privacy advocates worry about violations of the spirit, if not the letter, of the Privacy Act, which restricts federal agencies from directly sharing certain personal information about people. For example, questions can arise when agencies acquire aggregated information from commercial data brokers. “Some agencies are going out to the private sector to ask them to do data mining and assisting them with getting information that would be in the hands of other agencies,” said Lillie Coney, associate director of the Electronic Privacy Information Center. “It’s a completely opaque process” because citizens might be unaware of how their information is being handled, she added. Audit trails that show people how their records are being used could help them monitor government and third-party activity and ease concerns, Tarry said. Several experts suggested a system that citizens could use to monitor data sharing in much the same way that consumers can check their credit histories. Also, frameworks that index existing state and local law enforcement records might be less prone to privacy breaches than composite dossiers built from a mix of government and public data. Similarly, new distributed data management architectures might be better suited to the task of reducing privacy risks than older data-sharing approaches that rely on centralized data warehouses run by the government and fed by federal, local and state users. “The FBI has long said, ‘Give us all your information, and we’ll put it in this huge supercomputer warehouse and be responsible for taking care of it.’ That is a political problem that will not ever lead to any successful integration,” said Barry Bellue, chief executive officer of Think- Stream, which specializes in collaboration technology for law enforcement agencies. “It has to be a distributed model, and it has to be subject to local control and supervision,” Bellue said. “Otherwise, a lot of officials are scared to share simply because they don’t want confidential information getting into the wrong hands.” Inconsistencies in how agencies mark sensitive documents with labels such as for official use only or confidentia can be confusing when the files travel to other law enforcement organizations. Such labels can inhibit officials from taking advantage of potentially important data. “I’m not going to take the initiative because I might get in trouble,” Relyea said. Clarify classifications and reduce their use, as the Defense Department is doing, Relyea said. “By cutting down on the use of these markings or otherwise making it clear what activity can be done with information under those rubrics, we get a lot farther down the [information-sharing] road,” he said. As an alternative, agencies could mandate the use of the access controls included with content management systems that rely on passwords and biometric identifiers to limit distribution to certain individuals or job functions.
Challenge: Lack of trust
SOLUTION
Challenge: Inadequate vetting and feedback
SOLUTION
Challenge: Protecting privacy
SOLUTION
Challenge: Semantic confusion
SOLUTION
Joch (ajoch@worldpath.com) is a business and technology writer based in New England.
Challenge: Lack of trust
SOLUTION
Challenge: Inadequate vetting and feedback
SOLUTION
Challenge: Protecting privacy
SOLUTION
Challenge: Semantic confusion
SOLUTION
Joch (ajoch@worldpath.com) is a business and technology writer based in New England.