Applied Coursework. Technology for Homeland Security Course Paper. Author: David Heller Cohort 0801/0802. Lead Instructor: Richard Bergin

Transcription

1 Applied Coursework Technology for Homeland Security Course Paper Author: David Heller Cohort 0801/0802 Lead Instructor: Richard Bergin The Nation s Homeland Security Educator Learn more about the CHDS Master s Degree Program: Website: chdsmaap@nps.edu Phone:

2 Naval Postgraduate School Technology for Homeland Security COHORT 802:IS4010 David E. Heller Research Paper: Leveraging Technology to Track State, Local & Tribal Domestic Terrorism Subjects (3.2.1) Information sharing and collaboration capabilities to enable effective prevention, protection, response, and recovery activities: The Federal Bureau of Investigation s (FBI) mission is to protect and defend the United States against terrorism, foreign intelligence threats, and to uphold and enforce the criminal laws of the United States. In combating Domestic Terrorism (DT), however, the United States has not implemented an adequate process to designate DT groups or individuals or to track and share information concerning those individuals. This failure to define such a process may have a deleterious affect of law enforcement impinging on the First Amendment Rights of our citizens: The Right of Free Speech, Free Exercise of Religion, and Right of Assembly. Defending the United States from terrorism and protecting our citizen s Constitutional Rights are not mutually exclusive. To the contrary, by properly defining the process of designating a DT group or individual and a universal system to share information, law enforcement will be able to avoid a Hobson s Choice of impinging upon First Amendment Rights so as to defend the nation against another Oklahoma City bombing. The FBI has the unique responsibility for identifying and investigating DT within the United States. The FBI s role in investigating DT has been defined within numerous government Presidential Directives and legislative actions. States have also developed laws and legislation providing for local law enforcement to take action against DT

3 activities within its own jurisdictions. In September of 2003, President Bush signed Homeland Security Presidential Directive (HSPD) 6 which directed the Attorney General to establish a process to consolidate the Government's approach to terrorism screening and provide for the appropriate and lawful use of Terrorist Information in a screening process. This directive led to the so named Watch List which is primarily used for affecting suspected terrorists travel. A second list, known as the Violent Gang/Terrorist Organization File (VGTOF), was established to track and identify gang members and terrorists. To date, these lists are the only repositories for the FBI and limited federal government entities to externally publish or identify DT subjects. To date there is no system/process for the tracking of state, local or tribal DT subjects. For the purpose of moving forward the FBI should accept there is significant ambiguity between the defining laws and regulations which address DT investigations and intelligence collection across the nation. This type of investigative diversity traditionally does not lend itself as an efficient process for connecting the dots. Conversely, the collection and retention of intelligence, when U.S. citizens are the target, promulgate significant First Amendment legal challenges further emphasizing the need for uniformity throughout the nation. Although this process has not yet failed catastrophically, the FBI should recognize the vulnerabilities and not wait for failure. Therefore, the FBI should leverage current technology combined with state, local and tribal policies and procedures for the purpose of information sharing, collaboration and full visibility of DT subjects across the nation. The Law Enforcement National Data Exchange (N-DEx) is a viable information technology system currently being deployed by the FBI which could be leveraged as a

4 platform for national information sharing concerning all DT subjects and investigations. The N-DEx information sharing platform houses law enforcement data with specific standardized elements. These data elements will be capable of capturing information which may be utilized to track DT adherents. When N-DEx reaches maturity, over the next three years, it will provide unprecedented accessibility to information across all local, state, tribal and federal agencies as depicted by the diagram below. Inciident/Case Reports Warrants Arrests FBI CJIS Local/ State/ Federal/ Tribal/Regional Systems N-DEx NCIC II IAFIS DOJ Data OneDOJ 18,000 LE Agencies 3,200 SO Agencies 50 State DOC Although N-DEx was not developed for the purpose of tracking DT adherents, this research paper suggests, after a detailed study of the system and technology, N-DEx has the capabilities to do so. By leveraging the N-DEx platform the FBI can continue to enhance the terrorism screening process as detailed within HSPD 6.

5 Curre nt Technologies The criteria for information sharing within the law enforcement community are broken down in two primary areas; secure networks and trusted partners. Prior to the development of the internet, data transfer/streams between law enforcement agencies were usually accomplished by hard copy paper files, computer media such as floppy disks, or point to point telecommunication lines. Accountability and audit trail requirements imposed on investigative products are part of the day-to-day business practices of all law enforcement agencies. Additionally, specific federal regulations govern the manner in which intelligence and investigative data will be stored and maintained by all federal and state government data systems. 1 The available technologies for information sharing are endless. But when the requirements for the sharing and retention of law enforcement data are imposed on a national technology solution the field of available candidates is greatly diminished. There are few trusted network systems currently being used on a national level. These systems include; National Crime Information Center (NCIC), VGTOF, Law Enforcement On-Line (LEO) and N-DEx. The Criminal Justice Information Services (CJIS) complex is located within the State of West Virginia. The complex houses a wide range of technologies that serve the FBI and the criminal justice community. The services they provide consist of the automated fingerprint system, gun background check system and secure communications networks for the law enforcement community (Federal Bureau of Investigation, 2008) C.F.R. part 23 establishes the policies surrounding the retention of information within government databases.

6 The pre-established trusted networks housed at the CJIS complex include NCIC, VGTOF, LEO and N-DEx. The NCIC network was established in 1967 and is a computerized index of criminal justice information. The information is available to criminal justice agencies nationwide. The data housed in NCIC assists authorized users to identify stolen property, locate missing persons and apprehend fugitives. All agencies who are authorized subscribers may add pertinent data directly into NCIC, such as warrants, missing persons, and fugitives. Additionally, NCIC is the gateway into the VGTOF database. But users may not enter suspected terrorists for watch list purposes directly into VGTOF. Only the FBI is authorized to do so. Although various data sets are located within NCIC, it is not a database for storing intelligence. The LEO network is an FBI sponsored secure web based platform providing local, state, tribal and federal law enforcement agencies access to an extensive array of law enforcement databases and additional networks. These include; OneDOJ, N-DEx, National Law Enforcement Telecommunications System (NLETS), the Regional Information Sharing Systems Network (RISSNet), which supports law enforcement users in six regional centers, and various Department of Homeland Security (DHS) law enforcement elements. Currently there are in excess of 100,000 LEO account holders. (Federal Bureau of Investigation, National Information Sharing Strategy, 2008). The OneDOJ system is a federation of regional data systems including the FBI, Bureau of Prisons, Drug Enforcement Administration, Bureau of Alcohol, Tobacco and Firearms, and US Marshals. This system is sponsored by the Department of Justice (DOJ). The system provides the user with limited investigative information based on the

7 contributor s discretion. State and local law enforcement agencies are not authorized to contribute data to this system. The RISSNet and NLETS systems service a wide range of law enforcement agencies. Both receive federal funding but are owned and operated by non-federal organizations. State and local law enforcement agencies are permitted to contribute criminal investigative information directly to these systems. Currently there is not a separate tracking data base within either system. The N-DEx system is designed for use by all local, state, tribal and federal law enforcement agencies. The system permits any agency to contribute, receive and share law enforcement information within a collaborative secure environment. The system does have unique functions which would allow for tracking of a specified target crime type. The FBI is the owner and administrator of the N-DEx system. The FBI s Office of General Council (OGC) was consulted with regard to legal liability and civil liberty issues in utilizing the aforementioned systems for tracking of DT adherents. The OGC s concern was databases used for the retention and collection of possible First Amendment protected activity may be problematic. The fact that the aforementioned systems are owned or under the access control of the FBI may expose the FBI to civil liability issues if the data collected, by the contributing agency, was collected outside the policies set forth by the Attorney General (Ptasienski, 2008).

8 Evaluating Technologies The terrorist watchlist process was thoroughly examined by the U.S. Department of Justice in The report looked at the following objectives: (1) DOJ s processes and standards for nominating individuals to the consolidated watchlist are consistent, are articulated in policy or other guidance, and are understood by nominators; (2) DOJ components have quality control processes to help ensure nominations are accurate, understandable, updated with new information, and include all individuals who should be placed on the watchlist based on information available to the agencies; (3) the responsibility for watchlist nominations is clear, effective, and understood; (4) nominators receive adequate training, guidance, or information on the nominations process; (5) DOJ components maintain records of their nominations, including the source of the nomination and what information was provided; and (6) DOJ organizations with terrorism, counterterrorism, and domestic counterterrorism information in their possession, custody, or control appropriately participate in the nominations process (U.S. Department of Justice of Justice Office of the Inspector General, 2008, page 2). The report evaluated the process but not the actual technology used to enable the process; although the process and technology are not mutually exclusive. Therefore, the technologies were evaluated based on their ability to support the aforementioned process. All of the systems were accessible through NCIC or LEO. Both are considered trusted secure networks. The systems available through these networks have individual aspects of functionality but may not support all the objectives identified by the DOJ report. Currently the most logical candidate would be a VGTOF-like database. The following diagram depicts the FBI s watchlist process: FBI Field Division TREX IT Cases DT Cases National Counterterrorism Center Terrorist Screening Center

9 The FBI currently has a detailed process for nominating an individual for placement into VGTOF. The VGTOF placement automatically places the nominee onto the Terrorism Watchlist, which is housed within the Terrorist Screening Center (TSC). During the nomination process the FBI provides a nomination form to the Terrorist Review and Examination Unit (TREX). The TREX Unit is responsible for reviewing and approving the nomination. International Terrorism nominees are forwarded directly to the National Counterterrorism Center. Domestic Terrorism nominees are sent directly to the TSC. Creating a VGTOF-like database would meet many of the DOJ objectives. The objectives which would come into to question in utilizing this model would be an increased burden of creating, reviewing, vetting, and maintaining a separate database by TSC and CJIS. Additionally, the FBI could not ensure the information was gathered in compliance with the Attorney General Guidelines creating potential violations of civil liberties. The technology deployed in support of N-DEx would provide the necessary attributes to address all of the DOJ objectives. Information could be provided directly into the system by local law enforcement. The data to be uploaded would be provided form local data systems which have already been certified as 28 C.F.R. part 23 compliant. The specific data sets would be in keeping with the National Information Exchange Model (NIEM) standard. This would shift the burden of liability of potential violations of civil liberties away from the FBI and back to the contributor. Law enforcement would have the ability to search for specific information and an audit trail would be fully recoverable for each search, for quality control purposes. This process will lessen the burden of review by TREX and federal data entry personnel.

10 # Auto Theft Pickaway, Fairfield, Union, Licking, Time 142 Washburn Seattle Wa Map It Other Addresses J. Blueman Parole Other Phone #s Associates Incident Bank Robbery Jesse Bluefield Arrest Report - Tacoma John Bluefield Arrest Report Seattle Jamie Bluefield Incident - DUI More More Jesse James More Next Auto Thefts January February Implementation Choosing the N-DEx solution for the tracking of local DT adherents would leverage the systems many attributes. Below is a graphic depiction of the process: Data Submitted Information Returned Data 2 Corruption Case XYZ Name: John England SSN: Sharing Attributes Share: OK Do Not Share: Conditional Share Options: Select Subscribe: Next Entity Inquiry James Bluefield 04/15/1968 Recent Address Disposition Entity Relationships Recent Phone Aliases Records Mug Franklin County Crime Characteristics Offense: Forcible Rape Suspect: Male Victim: Race: White Height: 0 to 64 Sex: Female Weight: 0 to 130 ORAge: 55 to 65 Hair: Blonde Find Similar: Subscribe: Next Services Entity Correlation Automated Processing Incident/ Case Correlation Entity Resolution N-DEx Catalog/ Index Capabilities Notification Visualization Search Collaboration Subscription Analytical/ Reporting People, Places, Things, Relationships, Characteristics Entities Contributors to N-DEx would follow the process as outlined bellow: 1. The N-DEx member agency would configure their legacy report/case management information technology system in accordance to the NIEM standard. 2. The contributor would create a report as specified within their department s legacy case management system. The report would have an Information Exchange Package Documentation (IEPD) corresponding to N-DEx.

11 3. The contributor would populate the Criminal Activity Code with the word terrorism. This is a specific IEPD within N-DEx. 4. The contributor would request he/she be notified by the N-DEx network if other N-DEx members queried his/her subject at a later date. 5. Other N-DEx users may query the terrorism Criminal Activity Code to assist them in furthering their investigative or intelligence missions. Conclusion The N-DEx technology will leverage existing trusted networks and extensive user base. Civil Liability issues will be overcome by contributing agencies following their own normal business practices. Providing local, state, and tribal law enforcement with a process for tracking DT adherents will further enhance there ability to connect the dots.

12 References Federal Bureau of Investigation. Criminal Justice Information Services. Retrieved October 15, 2008, from Federal Bureau of Investigation. (2008, August). National Information Sharing Strategy Ptasienski, Drew J. (2008, May). Database for Local and State Entry of Terrorist Information. Federal Bureau of Investigation