• United States



by Dave Gradijan

Justice Dept. Pushes FBI to Hasten Data Sharing

Jan 09, 20075 mins
CSO and CISOData and Information Security

The U.S. Department of Justice (DoJ) is pushing the FBI and its other operating units to speed up and expand their efforts to share a wide array of information with outside law enforcement agencies via a centralized database called OneDoJ.

In a Dec. 21 memo, Deputy Attorney General Paul J. McNulty also directed CIO Vance Hitch to work with the DoJ’s component agencies to develop “an aggressive but practical plan” for increasing their information-sharing capabilities. The plans, which must be submitted to McNulty’s office by Feb. 9, will include steps that can be taken within the next 180 days to enable the units to participate more fully in seven ongoing data-sharing initiatives.

In addition, McNulty assigned Hitch to a new committee that will coordinate the DoJ’s information-sharing program. And he said in the memo that the coordinating committee and his staff will work with Hitch’s office to develop plans for implementing the Unix-based OneDoJ technology internally in 15 high-priority metropolitan areas and other regions.

The plan to expand the use of OneDoJ by other law enforcement authorities at the federal, state and local levels has raised the hackles of some privacy and civil-rights advocates, who said last week that the DoJ will need to work hard to ensure that the increased information sharing doesn’t infringe on the rights of law-abiding Americans.

“The problem is the ease with which the information held by multiple agencies can be accessed in one place,” said Allison Knight, staff counsel at the Electronic Privacy Information Center in Washington. Any inaccurate data stored in OneDoJ could be quickly disseminated to a large number of law enforcement officials, she said, adding that the DoJ should enable people to correct erroneous information.

Knight also said that the centralized database could become a big target of hackers and other unauthorized users. DoJ officials need to ensure that deep security and safety mechanisms are in place to prevent breaches, she said.

OneDoJ is “far more than just bringing together all the information they have,” said Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union. “Once you put all the information in one place, it enables the kind of data mining that’s not possible by traditional law enforcement.”

One problem, Steinhardt added, is that the DoJ, and the FBI in particular, have been “notoriously inept at managing [their] computing resources.”

For example, the FBI in 2005 scrapped a three-year, US$170 million effort to develop an automated case management system and now is pursuing a project called Sentinel that isn’t due for completion until late 2009. And the DoJ received a “D” grade for computer security on an annual report card issued by a congressional committee last March.

“Maybe they ought to get their house in order to increase confidence in their IT systems,” Steinhardt said.

But McNulty wrote in his memo that in order to fulfill its law enforcement mission and help prevent terrorism, the DoJ is “committed to sharing as much information as possible, lawful and practicable.” He added that OneDoJ “enables and indeed obligates” the agency’s units to aggressively expand their information-sharing capabilities.

“Everyone recognized the need for improving information sharing after 9/11,” DoJ spokesman Dean Boyd said last week. The data stored in OneDoJ is available to state and local law enforcement now, Boyd said, but they must get the information from individual DoJ units.

“What [OneDoJ] does is simply consolidate that information in a way that state and local authorities can access it in a single portal,” Boyd said. “We clearly feel that this is not a new giant database in any way but is a new way for law enforcement to use information that is available to them.”

Hitch was unavailable for an interview about OneDoJ last week. Boyd said the database has high-level safeguards and includes an access log that keeps records of all users who search and review the database. He wouldn’t identify the software that the DoJ is using for the database, which contains about 1 million records now and is expected to triple in size within three years.

Work on OneDoJ began in late 2005, and pilot projects linking the database to local and regional information-sharing systems in locations such as Seattle and San Diego were launched last year.

In his memo, McNulty wrote that the DoJ will support a set of common standards with OneDoJ and remain vendor-neutral, allowing state and local governments to use any compatible systems. Boyd said the standards include terminology and data exchange specifications and an XML data model that are built into the National Information Exchange Model created by the DoJ and the Department of Homeland Security in 2005.

McNulty ordered the DoJ’s units to share information on open and closed cases, as well as criminal event data, criminal history records and identifying information about offenders. The memo was addressed to all of the 93 U.S. attorneys and to the directors of the FBI, the Drug Enforcement Administration, the U.S. Marshals Service, the Federal Bureau of Prisons and the Bureau of Alcohol, Tobacco, Firearms and Explosives.

According to the memo, the DoJ won’t disclose information that endangers national security or the lives of law enforcement personnel, witnesses “and certain crime victims.” Data about public corruption cases and some civil rights investigations will also be withheld, McNulty wrote.

By Todd R. Weiss, Computerworld (US online)

Keep checking in at our Security Feed for updated news coverage.