Recently, there’s been a trend toward some agencies purchasing new data mining tools for their needs at fusion centers. It is great to see this investment in technology, but watch out – many of these solutions don’t have any inherent method for capturing Suspicious Activity Reports (SARs) and Request for Service (RFS) data, which fusion centers use to track case management activities.
Also, these new data mining tools typically don’t communicate bi-directionally with Regional Information Sharing Systems (RISS), nor can they communicate with National Data Exchange system (NDEX), the FBI’s information-sharing platform.
In fact, many of these software vendors don’t understand these systems need to comply with 28CFR23, the federal guideline that governs intelligence sharing.
Let’s review the four types of data that law enforcement officers encounter in their work:
1. Open-Source Data – Anything from the Internet, newspapers, other public sources [No prohibitions to sharing]
2. SARs – Information reported by citizens or police; no identifiable crime being committed but something’s suspicious [Can be shared between agencies under National SAR Initiative]
3. Investigative related – Evidence or information collected from a crime that has been committed with a goal to prosecute or prevent crimes [data sharing polices vary widely]
4. Intelligence – Important data in assessing threats to the community; proactive, strategic analysis conducted and patterns of activities are identified; resources focus on problem at hand, be it street gangs or organized crime [28CFR23 governs this type of data – If information rises to level of reasonable suspicion, then it can be entered into an intelligence system and shared with other agencies.]
All four types of data streams have separate and distinct laws governing what law enforcement can and cannot do with them.
Agencies want to ensure that they are holding data consistent with all the rules and regulations. But if the data mining technology companies have not considered any of the aforementioned issues, their tools are putting fusion centers at risk of violating statutes, laws and regulations.
One fusion center I use as an example vetted vendors with this criteria, and instead of settling for a one-size fits all intelligence analysis system, it selected one vendor for information/intelligence management and another for analyzing the information managed by the other system.
This is what should be happening more often – using the right tool for the right job.
Bottom line: Look for technology companies that know the compliance landscape.