Sep 26 2007

Pointing The Way

The National Virtual Pointer System is fostering law enforcement cooperation and preventing case conflicts while safeguarding sensitive data.

Last year, a Junction City, Kan., police officer arrested a suspect for dealing methamphetamine. When the Kansas City Drug Enforcement Administration Interdiction Task Force became involved, the agent there logged into the Missouri Statewide Police Intelligence Network to see if there were any other active cases naming this suspect. She input her contact information and some basic data on the suspect and, through the National Virtual Pointer System, reached out to 400 participating law enforcement agencies across the country.

Soon after, she was talking to the DEA New Jersey Field Division, where another agent had input data on the same person of interest. The New Jersey agent was ready for the call: As soon as the match was made, NVPS sent him an e-mail alerting him to the Kansas City inquiry.

“Coordination between the Junction City Police Department, the Kansas City DEA Interdiction Task Force, and the New Jersey Field Division resulted in the identification of additional members of this drug trafficking organization and subsequent arrests,” says Patrick Lowry, chief, intelligence policy and liaison section with the Drug Enforcement Administration headquarters in Arlington, Va. “This is due to the National Virtual Pointer System, which allows federal, state and local agencies and departments to share target information on active, multijurisdictional cases.”

A Simple Messaging System

In 2004, the DEA and three national information-sharing networks formed NVPS to provide cross-agency information sharing through electronic connectivity and innovation. Based on eXtensible Markup Language, the NVPS is a target deconfliction system. Deconfliction systems foster cooperation on a common target of investigation and prevent an investigator from jeopardizing an existing case by stumbling into an active investigation (see sidebar, previous page).

The three information-sharing networks that helped launch NVPS include the High Intensity Drug Trafficking Area (HIDTA); Nlets, an international justice and public safety information sharing network; and Regional Information Sharing Systems (RISS). Developed for about $500,000 and costing about $300,000 a year to maintain, the NVPS contains anywhere from 300,000 to 600,000 active records at a time, garnering participation from more than 400 individual state, local and federal agencies and resulting in a seven to eight percent case-matching rate, according to Lowry and other program managers.

NVPS communicates with databases in other intelligence networks. “Obviously, agencies and investigators in the past, with good reason, were reluctant to put their case information out there because it could affect wiretaps, confidential sources and undercover agents,” Lowry says. “That’s why this [the NVPS] is not a query-able database.”

In order to get information from the system, users have to enter some information about the target, as well as their contact information to facilitate information sharing.

Not long after it went live, NVPS won an innovation award from the American Council of Technology (ACT). What set NVPS apart from other entries is how quickly intelligence networks integrated into NVPS. At the time, several regional HIDTAs, the National Alliance of State DEAs (NASDEA), Nlets, DEA and several RISS Intelligence Centers had already built their interfaces.

“XML was novel at the time, and we felt that the NVPS’ XML data set and architecture was transformative in itself for bridging together multiple systems like this,” says Venkatapathi Puvvada, former chairman of ACT’s Management of Change conference. (Puvvada is now chair of the Industry Advisory Council and CTO of Unisys Federal Systems.)

The data set he refers to is the Justice XML Data Dictionary, which is part of the standards-based architecture behind the NVPS. This architecture, with its single adopted menu of data elements, relies on the building of XML translators at each of the intelligence networks it communicates with. From their own databases, participating systems parse only very specific information on targets of open investigations, assign case numbers to new targets, and allow participating system operators to use their own business rules and manage their own data relating to the NVPS system.

Because of all these variables, building the XML interface to the NVPS system is the most difficult part of the process, and one that can’t be replicated from network to network completely. But early adopters (see sidebar) have created specific XML models, code and processes that can be replicated to reduce development time for new entrants into the system, says Brian Dawson, systems manager for the Midwest HIDTA in Kansas City, Mo.

Julie Humphry, applications development manager at RISS Technology Center in Murfreesboro, Tenn., where the hub is housed, says the system is always evolving. “The biggest lesson learned is that everybody who is a stakeholder had a part in how this hub was built,” she says. “The other lesson: Whenever possible, use standards.”

Julie Humphry, applications development manager for RISS Technology Center, recommends using standards.

Building Bridges

The South Florida HIDTA’s interface into the NVPS took about $75,000 and five months to complete, says Gary Grimm, intelligence center coordinator for the SFLHIDTA in Miramar, Fla. Completed in June 2005, the interface had to integrate with SFLHIDTA’s pointer index system, in which its database records are stored. This way, when officers enter new suspect data into the SFLHIDTA system, it automatically creates a NVPS message. NVPS messages are proxied through the NVPS hub, which launches queries to all the databases in participating intelligence networks.

“The NVPS message exchange connects to other like systems by bringing back pointer index information [from those systems]. Essentially it just passes a message to all the connecting deconfliction systems asking, ‘Do you know anything about this person of interest? If yes, contact so-and-so,’ ” Grimm explains. “For us, it’s an automatic, behind-the-scenes process.”

If no match is found, the NVPS returns a negative response to the originating system. If there is a match, messages show up as notifications to the originating system, indicating that there was a positive hit and how to reach the other investigating agency.

Once the notification has been reviewed, it’s deleted from the messaging exchange hub. NVPS traffic travels through encrypted tunnels to the hub over two proprietary Intranets — the RISSNET secure intranet and Nlets.

Holding Back

“The NVPS is a fully operational system,” says Angelo Fiumara, deputy chief technology officer for program facilitation for the RISS Office of Information Technology in West Chester, Pa. But he, like others active in NVPS program management, says adoption is not where it should be. He adds, “Information sharing will continue to be enhanced among law enforcement and criminal justice as more agencies and organizations participate in the NVPS.”

To judge by the number of records entered, NVPS has been growing. In 2005, there were 197,000 subjects of investigation in its indexes. Today, the average number of active records is 400,000, though that number has held steady since 2006.

Recent growth has slowed, agrees Lowry, who blames it on lack of budget for participating organizations to build their interfaces. He continues to look for avenues of funding to help offset development costs for new entrants into the system and to pay for upgrades at the NVPS hub.

In some cases, the budget needs are bigger than simply building a new interface. Sometimes, work has to be done on back-end modernization first. This is what’s keeping the Virginia State Police from connecting into the NVPS even though Virginia State Police signed off on a National Alliance of State Drug Enforcement Agencies memo in strong support of the NVPS in 2004. Lt. Col. H.C. Davis, director of criminal investigations for the Virginia State Police in Richmond, says his agency is waiting until it can build its own new intelligence database linking statewide police agencies, and then it will build an interface from there into the NVPS.

Internal infrastructure build out was also needed before the Iowa Department of Public Safety could tap into the NVPS. In addition to completing a new statewide database earlier this year, the data center also moved locations, says Russ Porter, assistant director and intelligence bureau chief for Iowa DPS. He adds that the NVPS interface is near completion and being readied for testing.

“The success of NVPS is dependent upon all law enforcement agencies entering target information about their criminal investigations [into NVPS] on a routine basis,” says Roy McKinney, director of the Maine Drug Enforcement Agency, Department of Public Safety, Augusta.

Despite budgeting and growth problems, Puvvada, the ACT awards program judge, believes the NVPS — or something modeled like it — has what it takes to succeed in the sharing of information outside of agency silos without jeopardizing cases.

“A lot of information-sharing systems never go live because participants can’t agree to the mode of operation,” Puvvada says. “The NVPS is a good example of an innovative program, both technically and in business process and operations, that’s simple enough to actually be implemented.”

Conflict Avoidance

“Before the New York Police Department goes out and conducts an investigative activity, they’ll do a case deconfliction to make sure this person they’re meeting with is not a confidential source working with the FBI, or that no other outside agency is investigating that target at the same time,” says Patrick Lowry, chief, intelligence policy and liaison section with the Drug Enforcement Administration.

Most state and local law enforcement agents and officers have access to some sort of event deconfliction through their information-sharing networks. Some of these networks are huge, such as Nlets, which represents 53 state and 21 federal agencies connecting more than 1 million justice and public safety professionals. Another, the Regional Information Sharing Systems (RISS), connects nearly 7,100 law enforcement and criminal justice agencies representing more than 750,000 officers from local, state, federal and tribal law enforcement in all 50 states, the District of Columbia, U.S. territories, Australia, Canada and England.

Interface Implementation Advice

Organizations have to build their own interface to the National Virtual Pointer System. Because each system has its own unique ways of handling, storing and processing investigative information, the key to making all of it work is integration with existing intelligence systems, says Brian Dawson, systems manager for the Midwest High Intensity Drug Trafficking Area (HIDTA) network.

“Our system stores data entries. Other systems store theirs in indexes. Some store their information in Microsoft SQL databases, others in Lotus Notes, some developed in C programs I’ve never heard of,” he says.

Challenges Dawson encountered as he integrated the Midwest HIDTA and helped other regional HIDTAs integrate concerned reutilization of existing database structure, search capability, messaging and existing queries.

Dawson has resolved some of the issues by keeping the data schema to a minimum — only 25 to 30 basic fields (name, age, sex, hair and eye color, and so on). Setting which data fields to share is unique to each participating agency but must include a minimum data set of basic characteristics.

By using the yet-unproven Global Justice XML Data Model at the time, Dawson says, the interface was completed in six months. Upon going live, false positives were caused by single agents entering the same subject data into multiple intelligence networks instead of just one. This verified that the messaging system worked, and alerted Dawson to the need to educate users on this fine point.

Another issue was matching foreign names. Even with its extensive soundex library of phonic algorithms (used to match names like Bob and Robert), his translation system demonstrated a hard time connecting some names. This means ongoing tweaking of the system in the form of updating soundex matching routines and search rules, says Dawson.

HIDTAs and other NVPS members have prepared a package for new entrants into the system. The package includes advice, processes, best practices and code modules for various flavors of databases and messaging systems previously interfaced with the NVPS through other participating members. So, if someone’s looking for a module that accepts messages into a SQL database, they’re given code to integrate, which they can modify to fit their environment.

Once integration is complete, post-production testing is critical. Julie Humphry, applications development manager for RISS Technology Center, suggests keeping a close eye on your system and audit logs to ensure they function correctly.

National Virtual Pointer System Facts and Figures

The Problem: Post 9-11 inter-agency intelligence was being mandated from the top. But logically, agencies didn’t want to share their data with one another or open up their systems.

What they did about it: Built the National Virtual Pointer System, a messaging system called that merely queries participating intelligence systems for potential matches (instead of searching through sensitive data) and alerts participants to matches.

How they did it: By linking some of the largest intelligence networks already sharing information amongst themselves and opening up their data stores for queries.

Network Details: Traffic flows into the hub over the Nlets network that represents 53 state and 21 federal. Traffic also flows in through the Regional Information Sharing Systems Secure Intranet, funded by the Bureau of Justice Assistance, Department of Justice. In addition, RISSNET became the location for the hub because it already connects 675,000 devices and over one million justice and public safety professionals in the U.S., parts of Canada, Australia and England.

Hub Details: Using the DOJ'S GJXDM 3.0 Web services standard, RISSNET built its first iteration messaging hub in six months, something Julie Humphrey, manager of the applications development group at RISS Technology Center in Murfreesboro, Tenn., says is always evolving. Today, this hub:

  • Monitors and sends traffic to all participating intelligence systems
  • Receives and routes traffic back to the appropriate systems when matches are made
  • Ensures the proper notice is sent to affected officers
  • Logs, troubleshoots, and reports statistics
  • Queues messages and holds them for later when a participating system is down

This latter point, queueing of messages when systems are down, was a lesson learned when Hurricane Katrina took down a participating network connection for a substantial amount of time, Humphrey says.

“The biggest lesson learned is that everybody who was a stakeholder had a part in how this hub was built,” says Humphrey. “The other lesson: Whenever possible, use standards.”