Tag Archives: 28 CFR Part 23

Large DA Office deploys IntelNexus™ from Crime Tech Solutions for Criminal Intelligence Management

Crime Tech Solutions deploys software suite at one of the nation’s largest District Attorneys offices.

(July 31, 2018) Crime Technology Solutions, LLC is very pleased to announce that one of the largest District Attorneys offices in the United States has selected them to provide sophisticated crime analytics and criminal intelligence management software. The deal, over a year in the making, will see Crime Tech Solutions provide software and services to the DA Office in support of their mission to provide the members of their community with a safe place to live by holding the guilty accountable, protecting the innocent, and preserving the dignity of victims and their families.

At the core of the solution, according to Crime Tech Solutions’ CEO Doug Wood, is the IntelNexus™criminal intelligence software. IntelNexus is an advanced intelligence database management system designed specifically for law enforcement and other investigative agencies to collect, organize, maintain, and analyze sensitive information about individuals, organizations, and their activities. Crime Tech Solutions is also deploying CrimeMap Pro™ to the DA Office. CrimeMap Pro is a crime analytics and predictive policing software suite that helps agencies better react to emerging crime patterns.

“Our customer investigates and prosecutes crime in their region and supports victims of crime. They have over 200 staff made up of prosecutors, victim advocates, paralegals, and other support staff”, said Mr. Wood. “The software we are providing will enable them to better serve their constituents, both now and in the future.”

Criminal Intelligence Management: Best Practices

Criminal intelligence analysts provide a key element of effective law enforcement, at both the tactical and strategic levels. Analysts study information related to suspects, trends, known criminals, and more. Through a process of gathering evaluating this information, trained intelligence analysts identify associations across various illegal activities over many locations.
ciaGovernment decisions and policies are heavily influenced by the insights provided by the criminal intelligence analyst, and police investigations use the intelligence in support of their missions. To that end, the main functions of criminal intelligence analysts include:

  • Supporting law enforcement activities and large-scale investigations
  • Providing an ongoing analysis of potential threats to public safety
  • Helping senior officials and policy makers to deal with ever-evolving challenges and uncertainty

There are both tactical and strategic elements to the role of the criminal intelligence analyst. These categories differ with respect to the minutia of details, and the ‘customer’ or end-user of the intelligence.
A. Tactical Criminal Intelligence
Criminal intelligence of a tactical nature attempts to achieve a specific outcome related to law enforcement. Perhaps a disruption of organized criminal groups, a search warrant, seizure of assets, or an arrest.
Tactical criminal intelligence includes:

  1. The identification of potential connections between people, places, and other entities of interest… and their potential involvement in unlawful activities;
  2. Recognizing and reporting important gaps in intelligence data;
  3. Designing and creating detailed dossiers of suspected or confirmed criminals.

strategy tacticsB. Strategic Criminal Intelligence
Strategic analysis of criminal intelligence is expected to continuously educate policy makers and senior officials about current and evolving criminal activities and patterns. The benefits of strategic analysis tend to be realized over a longer period of time than does tactical analysis.
Emerging criminal trends and activities sit at the core of strategic intelligence analysis. The intelligence can provide advanced warning of potential threats, and can provide law enforcement officials with the information required to prepare their agencies for emerging illegal actions.
Strategic criminal intelligence analysis includes the recognition and documentation of:

  • Evolving trends and patterns of illegal activities
  • Developing threats
  • Modus operandi
  • The possible effect of demographics, technologies, and evolving socio-economic factors on criminal activities

privacyD. Abuse and Misuse of Criminal Intelligence
The misuse and/or improper storage and unauthorized access to sensitive criminal intelligence data has always been a concern of civil liberty advocates, and has recently been brought to light again with stories regarding misuse of California’s CalGang database. Given the diverse and growing requirements of criminal intelligence management, certain best-practices and policies have evolved in order to help law enforcement agencies collect, store, and disseminate this important criminal intelligence without invading individual rights to privacy.
E. Best Practices for Criminal Intelligence Management
28-cfr-part-23Specifically, 28 CFR Part 23 is a federal regulation that provides guidance to law enforcement agencies on the standards for implementing and operating federally funded criminal intelligence systems that cross jurisdictions. The protection of individual constitutional rights and civil liberties sits at the core of 28 CFR Part 23. Every American, of course, is afforded a reasonable expectation of privacy. The guidelines outline specific methods to gather, store, disseminate, review, and purge criminal intelligence data.
Recommending the use of these guidelines is The National Criminal Intelligence Sharing Plan (NCISP). NCISP suggests that the regulations ensure that the operations of a criminal intelligence system protect the rights and privacy of individuals and organizations. Importantly, The NCISP suggests that criminal intelligence groups adhere to 28 CFR Part 23, irrespective of whether or not the system was implemented using federal funds and grants.
The criminal intelligence guidelines prescribed by 28 CFR Part 23 have been identified as the minimal policies and rules for sharing data across law enforcement agencies.

28-cfr-cop
28 CFR Part 23 outlines best practices for secure criminal intelligence management

The best practices prescribed within the regulation include specific guidelines related to:

  • Proper procedures for querying, reviewing, sharing, validating, and purging of criminal intelligence data.
  • Multi-jurisdictional memorandums and participation agreements (if applicable).
  • The gathering and submission of criminal intelligence information.
  • The definition of key criminal intelligence terminology, including ‘the right to know’ and ‘the need to know’.
  • The specific activities that may or may not be maintained within the criminal intelligence system.
  • Individual rights to access the criminal intelligence systems.
  • Security requirements including the auditing and inspection of data.

F. An Excellent Solution
IntelNexus_logo_v1IntelNexus™ from software developer Crime Tech Solutions is an affordable, yet powerful criminal intelligence management system that complies with the regulations and best practices set forth in 28 CFR Part 23. Whether or not an agency (or agencies) absolutely require compliance to 28 CFR Part 23, the software lays out a framework and enforces the principles that should be incorporated into the criminal intelligence database. IntelNexus offers the foundation for gathering, storing, maintaining, sharing, authenticating, and purging criminal intelligence while ensuring the privacy and civil rights afforded to us all.
The company also develops the popular Case Closed™ investigation case management software, and provides a suite of advanced crime analytics and link analysis software.

Compliance with CFR 28 Part 23 Criminal Intelligence Systems Operating Policies

28-cfr-part-23
As a guide for those interested in criminal intelligence systems such as IntelNexus™, Crime Tech Weekly is publishing the following overview of Title 28, Part 23 of the Code of Federal Regulations (CFR 28 Part 23). The policy reads as follows:

CFR 28 PART 23–CRIMINAL INTELLIGENCE SYSTEMS OPERATING POLICIES
1. Purpose.
2. Background.
3. Applicability.
4. Operating principles.
5. Funding guidelines.
6. Monitoring and auditing of grants for the funding of intelligence systems.

1 Purpose.
The purpose of this regulation is to assure that all criminal intelligence systems operating through support under the Omnibus Crime Control and Safe Streets Act of 1968 are utilized in conformance with the privacy and constitutional rights of individuals.
2 Background.
It is recognized that certain criminal activities including but not limited to loan sharking, drug trafficking, trafficking in stolen property, gambling, extortion, smuggling, bribery, and corruption of public officials often involve some degree of regular coordination and permanent organization involving a large number of participants over a broad geographical area. The exposure of such ongoing networks of criminal activity can be aided by the pooling of information about such activities. However, because the collection and exchange of intelligence data necessary to support control of serious criminal activity may represent potential threats to the privacy of individuals to whom such data relates, policy guidelines for Federally funded projects are required.
3 Applicability.
(a) These policy standards are applicable to all criminal intelligence systems operating through support under the Omnibus Crime Control and Safe Streets Act of 1968.
(b) As used in these policies: Criminal Intelligence System or Intelligence System means the arrangements, equipment, facilities, and procedures used for the receipt, storage, interagency exchange or dissemination, and analysis of criminal intelligence information; Inter-jurisdictional Intelligence System means an intelligence system which involves two or more participating agencies representing different governmental units or jurisdictions; Criminal Intelligence Information means data which has been evaluated to determine that it: (i) is relevant to the identification of and the criminal activity engaged in by an individual who or organization which is reasonably suspected of involvement in criminal activity, and (ii) meets criminal intelligence system submission criteria; Participating Agency means an agency of local, county, State, Federal, or other governmental unit which exercises law enforcement or criminal investigation authority and which is authorized to submit and receive criminal intelligence information through an inter-jurisdictional intelligence system. A participating agency may be a member or a nonmember of an inter-jurisdictional intelligence system; Intelligence Project means the organizational unit which operates an intelligence system on behalf of and for the benefit of a single agency or the organization which operates an inter-jurisdictional intelligence system on behalf of a group of participating agencies; and Validation of Information means the procedures governing the periodic review of criminal intelligence information to assure its continuing compliance with system submission criteria established by regulation or program policy.
us-constitution4 Operating principles.
(a) A project shall collect and maintain criminal intelligence information concerning an
individual only if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity.
(b) A project shall not collect or maintain criminal intelligence information about the political, religious or social views, associations, or activities of any individual or any group, association, corporation, business, partnership, or other organization unless such information directly relates to criminal conduct or activity and there is reasonable suspicion that the subject of the information is or may be involved in criminal conduct or activity.
(c) Reasonable Suspicion or Criminal Predicate is established when information exists which establishes sufficient facts to give a trained law enforcement or criminal investigative agency officer, investigator, or employee a basis to believe that there is a reasonable possibility that an individual or organization is involved in a definable criminal activity or enterprise. In an inter-jurisdictional intelligence system, the project is responsible for establishing the existence of reasonable suspicion of criminal activity either through examination of supporting information submitted by a participating agency or by delegation of this responsibility to a properly trained participating agency which is subject to routine inspection and audit procedures established by the project.
(d) A project shall not include in any criminal intelligence system information which has been obtained in violation of any applicable Federal, State, or local law or ordinance. In an inter-jurisdictional intelligence system, the project is responsible for establishing that no information is entered in violation of Federal, State, or local laws, either through examination of supporting information submitted by a participating agency or by delegation of this responsibility to a properly trained participating agency which is subject to routine inspection and audit procedures established by the project.
(e) A project or authorized recipient shall disseminate criminal intelligence information only where there is a need to know and a right to know the information in the performance of a law enforcement activity.
(f) (1) Except as noted in paragraph (f) (2) of this section, a project shall disseminate criminal intelligence information only to law enforcement authorities who shall agree to follow procedures regarding information receipt, maintenance, security, and dissemination which are consistent with these principles. (2) Paragraph (f) (1) of this section shall not limit the dissemination of an assessment of criminal intelligence information to a government official or to any other individual, when necessary, to avoid imminent danger to life or property.
28-cfr-cop
(g) A project maintaining criminal intelligence information shall ensure that administrative, technical, and physical safeguards (including audit trails) are adopted to insure against unauthorized access and against intentional or unintentional damage. A record indicating who has been given information, the reason for release of the information, and the date of each dissemination outside the project shall be kept. Information shall be labeled to indicate levels of sensitivity, levels of confidence, and the identity of submitting agencies and control officials. Each project must establish written definitions for the need to know and right to know standards for dissemination to other agencies as provided in paragraph (e) of this section. The project is responsible for establishing the existence of an inquirer’s need to know and right to know the information being requested either through inquiry or by delegation of this responsibility to a properly trained participating agency which is subject to routine inspection and audit procedures established by the project. Each intelligence project shall assure that the following security requirements are implemented: (1) Where appropriate, projects must adopt effective and technologically advanced computer software and hardware designs to prevent unauthorized access to the information contained in the system; (2) The project must restrict access to its facilities, operating environment and documentation to organizations and personnel authorized by the project; (3) The project must store information in the system in a manner such that it cannot be modified, destroyed, accessed, or purged without authorization; (4) The project must institute procedures to protect criminal intelligence information from unauthorized access, theft, sabotage, fire, flood, or other natural or manmade disaster; (5) The project must promulgate rules and regulations based on good cause for implementing its authority to screen, reject for employment, transfer, or remove personnel authorized to have direct access to the system; and (6) A project may authorize and utilize remote (off-premises) system data bases to the extent that they comply with these security requirements.
(h) All projects shall adopt procedures to assure that all information which is retained by a project has relevancy and importance. Such procedures shall provide for the periodic review of information and the destruction of any information which is misleading, obsolete or otherwise unreliable and shall require that any recipient agencies be advised of such changes which involve errors or corrections. All information retained as a result of this review must reflect the name of the reviewer, date of review and explanation of decision to retain. Information retained in the system must be reviewed and validated for continuing compliance with system submission criteria before the expiration of its retention period, which in no event shall be longer than five (5) years.
(i) If funds awarded under the Act are used to support the operation of an intelligence system, then: (1) No project shall make direct remote terminal access to intelligence information available to system participants, except as specifically approved by the Office of Justice Programs (OJP) based on a determination that the system has adequate policies and procedures in place to insure that it is accessible only to authorized systems users; and (2) A project shall undertake no major modifications to system design without prior grantor agency approval.
audit-400x400(j) A project shall notify the grantor agency prior to initiation of formal information exchange procedures with any Federal, State, regional, or other information systems not indicated in the grant documents as initially approved at time of award.
(k) A project shall make assurances that there will be no purchase or use in the course of the project of any electronic, mechanical, or other device for surveillance purposes that is in violation of the provisions of the Electronic Communications Privacy Act of 1986, Public Law 99-508, 18 U.S.C. 2510-2520, 2701-2709 and 3121-3125, or any applicable State statute related to wiretapping and surveillance.
(l) A project shall make assurances that there will be no harassment or interference with any lawful political activities as part of the intelligence operation.
(m) A project shall adopt sanctions for unauthorized access, utilization, or disclosure of
information contained in the system.
(n) A participating agency of an inter-jurisdictional intelligence system must maintain in its agency files information which documents each submission to the system and supports compliance with project entry criteria. Participating agency files supporting system submissions must be made available for reasonable audit and inspection by project representatives. Project representatives will conduct participating agency inspection and audit in such a manner so as to protect the confidentiality and sensitivity of participating agency intelligence records.
(o) The Attorney General or designee may waive, in whole or in part, the applicability of a particular requirement or requirements contained in this part with respect to a criminal intelligence system, or for a class of submitters or users of such system, upon a clear and convincing showing that such waiver would enhance the collection, maintenance or dissemination of information in the criminal intelligence system, while ensuring that such system would not be utilized in violation of the privacy and constitutional rights of individuals or any applicable state or federal law.
federal-funds5 Funding guidelines.
The following funding guidelines shall apply to all Crime Control Act funded discretionary assistance awards and Bureau of Justice Assistance (BJA) formula grant program subgrants, a purpose of which is to support the operation of an intelligence system. Intelligence systems shall only be funded where a grantee/subgrantee agrees to adhere to the principles set forth above and the project meets the following criteria:
(a) The proposed collection and exchange of criminal intelligence information has been
coordinated with and will support ongoing or proposed investigatory or prosecutorial activities relating to specific areas of criminal activity.
(b) The areas of criminal activity for which intelligence information is to be utilized represent a significant and recognized threat to the population and: (1) Are either undertaken for the purpose of seeking illegal power or profits or pose a threat to the life and property of citizens; and (2) Involve a significant degree of permanent criminal organization; or (3) Are not limited to one jurisdiction.
(c) The head of a government agency or an individual with general policy making authority who has been expressly delegated such control and supervision by the head of the agency will retain control and supervision of information collection and dissemination for the criminal intelligence system. This official shall certify in writing that he or she takes full responsibility and will be accountable for the information maintained by and disseminated from the system and that the operation of the system will be in compliance with the principles set forth in 23.20.
(d) Where the system is an inter-jurisdictional criminal intelligence system, the governmental agency which exercises control and supervision over the operation of the system shall require that the head of that agency or an individual with general policymaking authority who has been expressly delegated such control and supervision by the head of the agency: (1) assume official responsibility and accountability for actions taken in the name of the joint entity, and (2) certify in writing that the official takes full responsibility and will be accountable for insuring that the information transmitted to the inter-jurisdictional system or to participating agencies will be in compliance with the principles set forth in 23.20. The principles set forth in 0 23.20 shall be made part of the by-laws or operating procedures for that system. Each participating agency, as a condition of participation, must accept in writing those principles which govern the submission, maintenance and dissemination of information included as part of the inter-jurisdictional system.
(e) Intelligence information will be collected, maintained and disseminated primarily for State and local law enforcement efforts, including efforts involving Federal participation.
6 Monitoring and auditing of grants for the funding of intelligence systems.
(a) Awards for the funding of intelligence systems will receive specialized monitoring and audit in accordance with a plan designed to insure compliance with operating principles as set forth in 23.20. The plan shall be approved prior to award of funds.
(b) All such awards shall be subject to a special condition requiring compliance with the
principles set forth in 23.20.
(c) An annual notice will be published by OJP which will indicate the existence and the objective of all systems for the continuing inter-jurisdictional exchange of criminal intelligence information which are subject to the 28 CFR Part 23 Criminal Intelligence Systems Policies.
___________
black versionCrime Tech Solutions is a leading provider of criminal intelligence database management software for 28 CFR Part 23 compliance. The company also develops Case Closed™ investigation case management software, sophisticated link analysis software, and advanced crime analytics.

Criminal Intelligence Databases: Violations of privacy rights are the exception, not the rule.

privacyThe notion that law enforcement fusion centers regularly violate individuals’ privacy rights as they capture intelligence on gangs, terrorist activities, organized crime, and other threats to public safety is simply not true. That, according to a study published in the Journal of Police and Criminal Psychology.
The paper, “Law Enforcement Fusion Centers: Cultivating an Information Sharing Environment while Safeguarding Privacy,” was authored by Jeremy Carter, an assistant professor of  Public and Environmental Affairs at Indiana University-Purdue University Indianapolis. His article carefully addresses the privacy-rights issue of criminal intelligence gathering, among others.
fusion_centers_mapThere are approximately 80 fusion centers in the United States. They were created in response to the 9/11 terrorist attacks. The attacks exposed the requirement for greater information sharing and improved intelligence capabilities at all law enforcement levels.  According to the article’s author, the idea was to have the key pieces of data funneled into fusion centers so that highly trained analysts could stay atop of threats and correspond with local law enforcement agencies on these potential threats.
Designed with a view to enhance information-sharing among agencies, fusion centers act as ‘hubs’ of data and intelligence on gang activities, terrorist cells, organized crime, and other public safety threats. Vast amounts have data has been collected, and concerns about individual privacy and civil rights have ensued. The very legitimacy of these fusion centers has been called into question.
bigbrotherThe notion that law enforcement fusion centers represent ‘Big Brother’, and that data is being stored and disseminated about people irrespective of whether they are suspected of criminal activity is simply wrong, according to Professor Carter.
Still, concerns remain about who can access the data, and for what purpose. However, a survey of fusion centers across the country suggests that they take appropriate steps to safeguard individual privacy via something called Federal Regulatory Code CFR 28 Part 23.
28-cfr-part-23“Fusion centers are following the federal regulatory code, 28 CFR Part 23, that is the legal standard for collecting information,” Carter said. “That code says you have to establish a criminal predicate, basically probable cause, to keep information on identifiable individuals.”
Additionally, the majority of the fusion centers have implemented strong controls that provide built-in safeguards that protect the privacy of individuals. The fusion centers are also regularly audited to ensure that only the correct type of data is gathered, and that is stored and disseminated in a need-to-know basis.
black versionCrime Tech Solutions develops and markets a suite of crime fighting software including IntelNexus™, a criminal intelligence database system that complies with the above mentioned code 28 CFR Part 23. The company also provides software for investigation case management, advanced crime analytics, and link/social network analysis.

The CalGang Audit: Lessons Learned for Law Enforcement.

The following article is a continuation, of sorts, to our article ‘Intelligent Gang Intelligence’ on September 28…

CalGang is a California statewide database that law enforcement agencies use to store and disseminate information about gang activities and suspected gang members. The system has been in place for more than ten years, but has remained largely hidden from public scrutiny.

Shirley Weber, a California Assemblyperson has been working diligently to make CalGang more transparent, and her efforts have recently begun to pay off.

ap_85119713364-web
California Assemblywoman Shirley Weber

Last year, Ms. Weber requested an audit of the CalGang system. The database contains activities, addresses, names, aliases and other information related to people that are either known gang members or affiliates. According to an article by The San Diego Union-Tribune, the database has approximately 150,000 entries.

California law enforcement agencies are not obligated to notify individuals whose names appear in the system, unless that person is a minor. The average length of time that an individual had existed in CalGang was approximately 5.5 years.

CalGang can be accessed only by law enforcement officials for legitimate reasons only, and only on a need-to-know basis.

The CalGang audit requested by Ms.Weber was released in August of this year, and reveals that the database may contain a significant number of errors including the presence of dozens of individuals who were less than one year old when first added to the system. The audit also showed that hundreds of individuals that ought to have been removed from the system were, in fact, not.

The findings led Governor Jerry Brown to sign a bill in September that requires law enforcement to notify individuals whose names are added to CalGang, unless it can be shown that providing that disclosure would impact an ongoing criminal investigation.

The audit has shed some light on how gang databases are operated in general, and offers an opportunity for agencies across the country to improve policies and processes. Specifically, 28 Code of Federal Regulations (CFR) Part 23 (28 CFR Part 23) is a U.S. Department of Justice regulation that governs “the operation of criminal intelligence systems that are operated by and principally for the benefit of state, local, tribal, or territorial law enforcement agencies.”

28-cfr-part-23
CFR 28 Part 23

28 CFR Part 23 was designed as a regulation specific to multi-jurisdictional criminal intelligence (gang database) systems that receive federal grant funds. It is an excellent guide for intelligence agencies, as it attempts to fairly balance the intelligence needs of law enforcement with an individual’s rights to privacy.

Followed appropriately, 28 CFR Part 23 guidelines would minimize criticism of CalGang and other intelligence management systems.

“This report concluded that CalGang’s current oversight structure does not ensure that law enforcement agencies collect and maintain criminal intelligence in a manner that preserves individuals’ privacy rights,” wrote state auditor Elaine Howle in a letter to the governor and Legislature.

Of concern, the audit of CalGang also uncovered some instances where the data was used for purposes other than intended. Some agencies used the database for employment background screening, as an example.

The guidelines and regulations contained within 28 CFR Part 23 work to prevent these embarrassing and potentially unlawful scenarios by enforcing strict policies related to the input, storage, and dissemination of data.

28-cfr-cop
28 CFR Part 23 regulations enforce how gang and criminal intelligence data is gathered, stored, and disseminated.

Gang and criminal intelligence data is defined within 28 CFR Part 23 as “data which has been evaluated to determine that:

A) it is relevant to the identification of, and the criminal activity engaged in by, an individual who – or an organization which – is reasonably suspected of involvement in criminal activity, and

B) meets criminal intelligence system submission criteria

The ‘submission criteria’ is essentially the basis for something to be entered into the gang intelligence system. The criteria include the following:

  • A reasonable suspicion that an individual is relevant to the criminal activity
  • Prospective information to be entered is relevant to the criminal activity
  • Information does not include data related to political, religious, or social views unless that information related directly to the criminal activity that formed the basis for focus on the gang or group
  • Information was not obtained in violation of any federal, state, or local law or ordinance
  • Information establishes sufficient facts to give trained law enforcement officials a basis to believe that an individual or gang/organization is involved in a definable criminal activity

Data that is deemed to be irrelevant and unimportant should be purged from the system. This is true even if the data is discovered to be noncompliant before five years.

Perhaps the most important element of a gang database system complying with 28 CFR Part 23 is that no information whatsoever from the database should be disseminated without a legitimate law enforcement reason, such as criminal investigation cases and charges being filed against a suspect.

CalGang is an important and vital part of California law enforcement’s ability to deter and investigate gang related activities. A system this large is bound to contain some errors – both in data and judgement. That said, following and adhering to the guidelines of 28 CFR Part 23 may just prevent other agencies from undergoing such a painful public flogging.

About the Author

Tyler Wood is Operations Director of Austin, TX based Crime Tech Solutions (www.crimetechsolutions.com). The company develops and deploys low price / high performance software for law enforcement including Case Closed investigative case management software, sophisticated Sentinel Visualizer link analysis and data visualization software, and CrimeMap Pro advanced crime analytics. The company also develops the popular GangBuster gang database, and IntelNexus criminal intelligence software for 28 CFR Part 23 compliance.

Intelligent Gang Intelligence

The backbone of any functioning criminal intelligence unit is the strength of its intel files and/or gang records. Best practices for gang intelligence suggests that agencies should regularly update and contribute gang intelligence to a specialized gang intelligence system (aka gang database). These intelligence systems can manage and store thousands or millions of records of gangs, their activities, and their members.

With gang intelligence software, authorized users may read and update specific files, search and retrieve photos/videos/audio, and generally utilize the solution to assist investigation efforts. An example of some attributes stored within a gang intelligence system are:

  • Activitiesgang
  • Locations
  • Names
  • Vehicles
  • Addresses
  • Tattoos
  • Marks and Scars
  • Incidents
  • Reports
  • Tips
  • Aliases

Properly utilized, the gang intelligence system should allow the collection, analysis, storage and retrieval of data that qualifies as criminal intelligence. The data should only be disseminated to agency members with a specific need, and that need should be logged as part of the dissemination.

Gang Intelligence Integrity

With a gang intelligence database, agencies must preserve the integrity of the system through security and access restriction from unauthorized users – internal and external – because of constitutional protection for individuals whose personal information is contained within the system.

Importantly, for gang intelligence, a rigid purging process must be adhered to as this ensures the integrity and credibility of the data. If, for example, a record has not been reviewed or appended for a period of five years, best practices suggest that the record be purged.

Access governance is also critical to gang intelligence systems to ensure integrity of the data entered and maintained and, importantly, to comply with applicable regional, state, and federal laws.

Gang / Criminal Intelligence and U.S. Law

us-constitutionThe United States Constitution prohibits the criminalization of mere membership in a gang (or other similar organization). There is nothing illegal about being a gang member, according to our country’s laws. However, it is perfectly legal for agencies to add gang members to the database even if no crime has been committed by that member.

The tracking and storage of this data is widely criticized, however. Opponents suggest that agencies are profiling or targeting groups that are not engaged in criminal activities, and/or installing a ‘guilt by association’ mentality by tracking those members.

Conversely, advocates of gang intelligence database systems know that law enforcement has a legitimate interest in monitoring the individuals and groups engaged in ‘group criminal behavior’.

The back-and-forth between sides creates tension between the rights of society to be protected by law enforcement, and the individual privacy expectations of gang members.

CFR 28 Part 23

The result of these competing interests is something called Code of Federal Regulations, Title 28, Part 23 (CFR 28 Part 23) which details the requirements for gathering, entering, storing, and disseminating information about individuals and organizations (gangs) into an intelligence system.

28-cfr-part-2328 CFR Part 23 was designed as a regulation specific to multi-jurisdictional intelligence systems that have received federal grant funds for the development or purchase of the gang database. It is, however, an excellent guide for individual agencies, as the regulation attempts to fairly balance the intelligence needs of law enforcement against individual privacy requirements. In other words, it helps agencies get their jobs done without violating individual rights.

Compliance with 28 CFR Part 23 in Gang Intelligence

Gang and criminal intelligence data is defined within 28 CFR Part 23 as “data which has been evaluated to determine that:

A) it is relevant to the identification of, and the criminal activity engaged in by, an individual who – or an organization which – is reasonably suspected of involvement in criminal activity, and

B) meets criminal intelligence system submission criteria

The ‘submission criteria’ is essentially the basis for something to be entered into the gang intelligence system. The criteria include the following:

  • A reasonable suspicion that an individual is relevant to the criminal activity
  • Prospective information to be entered is relevant to the criminal activity
  • Information does not include data related to political, religious, or social views unless that information related directly to the criminal activity that formed the basis for focus on the gang or group
  • Information was not obtained in violation of any federal, state, or local law or ordinance
  • Information establishes sufficient facts to give trained law enforcement officials a basis to believe that an individual or gang/organization is involved in a definable criminal activity
28-cfr-cop
28 CFR Part 23 compliant software

As referenced above, 28 CFR Part 23 also indicates that information contained within a compliant database or criminal intelligence system must be reviewed and evaluated for relevance and importance every five years. Data that is deemed to be irrelevant and unimportant should be purged from the system. This is true even if the data is discovered to be noncompliant before five years.

Perhaps the most important element of a gang database system complying with 28 CFR Part 23 is that no information whatsoever from the database should be disseminated without a legitimate law enforcement reason, such as criminal investigation cases and charges being filed against a suspect.

Conclusion

If managing a gang intelligence system seems intimidating, it ought not be. If an agency desires to comply with 28 CFR Part 23, the rules for managing such as system are clearly spelled out. If an agency simply wants to collect and manage data outside of the federal guidelines – and has not accepted federal grant monies for such a program – they are free to do so as long as the system meets the security and ‘common sense’ guidelines that protect an individual’s right to privacy.

About the Author

Tyler Wood is Operations Director of Austin, TX based Crime Tech Solutions (www.crimetechsolutions.com). The company develops and deploys low price / high performance software for law enforcement including Case Closed investigative case management software, sophisticated Sentinel Visualizer link analysis and data visualization software, and CrimeMap Pro advanced crime analytics. The company also develops the popular GangBuster gang database, and IntelNexus criminal intelligence software for 28 CFR Part 23 compliance.

Report: California 'Gang Intelligence Database' fails to ensure individual privacy

gangHere is another great reason why it is important for agencies to follow best practices in intelligence data management. The regulations behind DOJ 28 CFR Part 23 are meant to help agencies walk the line between effective intelligence gathering and the right to an individual’s privacy.
28 CFR Part 23 compliant intelligence management software is available and an inexpensive way for agencies to walk the line between effective criminal intelligence and individual privacy.
SFGate writer Vivian Ho’s article is at http://www.sfgate.com/crime/article/Audit-Many-in-California-gang-database-listed-9137916.php
We think it is well-written and accurately describes a real problem faced by law enforcement agencies across the country.
Crime Tech Solutions  is a low price / high performance innovator in crime analytics and law enforcement crime-fighting software. The clear price/performance leader for crime fighting software, the company’s offerings include sophisticated Case Closed™ investigative case management and major case management, GangBuster™ gang intelligence software, powerful link analysis software, evidence managementmobile applications for law enforcement, comprehensive crime analytics with mapping and predictive policing, and 28 CFR Part 23 compliant criminal intelligence database management systems.
 
 
 

Study: Violations of privacy rights by fusion centers are the exception, not the rule

Great 28 CFR Part 23 article from Indiana University – Purdue University Indianapolis discussing Jeremy Carter’s “Law Enforcement Fusion Centers: Cultivating an Information Sharing Environment while Safeguarding Privacy.”
See the article at http://news.iupui.edu/releases/2016/07/fusion-centers-privacy-concerns-carter.shtml
 
 
 

Why is Oregon conducting Intelligence work?

The headline on OPB.org is rather silly, actually….

Why Is The State Of Oregon Conducting Intelligence Work?

Well, you know, because Intelligence work is kind of important. The question isn’t ‘why’… the question is ‘how’. Read on…
criminalThe article is an excellent read, and outlines precisely why compliance with Federal regulation 28 CFR Part 23 is important. The regulation outlines standards for operating federally grant-funded multijurisdictional criminal intelligence systems. It specifically provides guidance in five primary areas: submission and entry of criminal intelligence information, security, inquiry, dissemination, and review-and-purge process.
See a robust 28 CFR Part 23 compliant criminal intelligence system from Crime Tech Solutions HERE.
What follows is a cut-and-paste of the article as it appears originally.
“The Oregon Department of Justice recently commissioned a review into why state investigators were scrutinizing Oregonians who used the hashtag #BlackLivesMatter on social media, including tweets by the head of the agency’s own Civil Rights Division. The resulting report suggests that two employees potentially broke state laws with their searches, but ultimately acted on their own volition.The state investigators who conducted the searches are part of an intelligence unit at the DOJ’s Terrorism Information Threat Assessment Network Fusion Center, part of a criminal intelligence unit at the DOJ. The Fusion Center is designed to prevent criminal activity and monitor public safety and specifically, terrorism threats in Oregon. The center collects data and shares information up and down the chain between federal, state and local law enforcement agencies.The Black Lives Matter investigation has raised questions about the role of the Oregon Fusion Center and the cultural competency of its employees. OPB decided to take a closer look at this criminal intelligence unit:Who Works At The Fusion Center, And What Exactly Do They Do?The state-run center has been part of the DOJ’s Criminal Justice Division since 2007 and consists of eight employees, mostly research analysts. Some of those employees also work on other criminal cases. But Fusion Center work is often focused on producing terrorism threat assessments. Analysts research potential threats in advance of major events, such as the governor’s inauguration. Those assessments are used by law enforcement for event preparation and security. In an interview with OPB’s John Sepulvado, Oregon Attorney General Ellen Rosenblum said the center is essential to public safety.

“The Pendleton Round-Up, I know they’ve used the Fusion Center to do threat assessments to ensure safety of those who come to Pendleton for the event,” Rosenblum said. She also cited Oregon’s frequent hosting of international track meets: “I know we have participated there to ensure the safety of the participants and the community.”The Fusion Center also distributes safety and informational bulletins to other law enforcement agencies. Department of Justice spokeswoman Kristina Edmunson pointed to a 2014 example in which a center’s bulletin helped identify a rape suspect. The Port of Portland Police Department requested the Fusion Center distribute information about a rape at a hotel near Portland International Airport. The suspect’s description was distributed statewide and to the National Fusion Center Network, which DOJ officials said led to the identification and eventual arrest of the suspect.
Why Is The State Engaged In This Level Of Security And Intelligence Work?
Oregon’s Fusion Center is one of more than 70 such criminal intelligence centers across the country. President George W. Bush approved the establishment of fusion centers in 2006 with the goal of having local law enforcement and U.S. Department of Homeland Security authorities collaborate and share information. The Salem office is the only one of its kind in Oregon. The Department of Homeland Security describes fusion centers as “information sharing hubs that provide comprehensive and appropriate access, analysis, and dissemination that no other single partner can offer.” “The TITAN Fusion Center is highly regarded throughout Oregon, and highly relied upon by entities throughout the state that have events, for example, where they want to make ensure the safety of the participants,” Rosenblum said.  A core concept of these centers is that employees may have local knowledge or context that federal authorities lack. So, hypothetically, if the Department of Homeland Security learned of a terrorism threat in, say, Eugene, federal investigators could forward that threat to Oregon’s Fusion Center. Research analysts could investigate that threat in partnership with Eugene-area law enforcement officials, and provide local context. “The whole point of a fusion center is to fuse information,” said Portland attorney Sean Riddell, who was chief of the DOJ’s Criminal Justice Division from 2009-2011 and oversaw Oregon’s Fusion Center.

“Say for instance, a law enforcement agency in Medford calls, says ‘We’re looking at this house and this person for trafficking of narcotics, and we don’t want to trip over another agency,” Riddell said. “They’d ask, ‘Is somebody else looking at him?’” The Fusion Center could then examine the files of other law enforcement agencies, such as the U.S. Drug Enforcement Agency. If the DEA did in fact have an open file on that individual, the center could facilitate the sharing of information about the two investigations between agencies.

How Is The Fusion Center Funded?
Five Fusion Center positions are funded by the state legislature in the amount of $1.3 million for the 2015-2017 biennia. The other three staffers are paid via grants or federal money, according to the DOJ.
What Kinds Of Information Can Oregon’s Fusion Center Collect And Analyze?
The Fusion Center has access to an array of criminal and law enforcement records including criminal histories, suspicious activity reports and case records from federal, local and state agencies. They can research individuals, locations or organizations based on “reasonable suspicions.” The center may follow-up on tips and reports that come from individuals as well as other law enforcement agencies.  
Fusion Centers have been criticized by the American Civil Liberties Union and other organizations for excessive secrecy standards that may limit public oversight, data collection that could threaten individual privacy, and ambiguous lines of authority.
The Oregon center is not allowed to seek out information about an individual on the basis of religious, political, racial or social views, per state law. They’re also not supposed to investigate people based on their participation in a particular non-criminal organization or event.
So it’s possible that Fusion Center investigators violated state law by conducting social media searches for #BlackLivesMatter on Twitter.
Rosenblum wouldn’t speak to whether the DOJ investigators involved broke the law. She said the DOJ plans to require diversity and bias training among staff in the future.
Carolyn Walker, an employment attorney with Portland law firm Stoel Rives prepared the DOJ report looking into the incident. She determined that intelligence unit staff need cultural competency training to help separate potential threats from everyday social media traffic.
The report shows that a DOJ employee was concerned that Erious Johnson Jr., who heads the Oregon Department of Justice’s Civil Rights Division, “constituted a potential threat to police,” citing several of Johnson’s tweets. One tweet the employee referenced included the lyrics “Consider yourself warned,” and a logo from the 1980s rap group Public Enemy. The investigators apparently didn’t understand the cultural reference.
“The Intelligence Unit as a whole would benefit from clear and consistent leadership and direction,” Walker wrote in her report, “specifically with respect to electronic monitoring of social media.””
__
Crime Tech Solutions  is a low price / high performance innovator in crime analytics and law enforcement crime-fighting software. The clear price/performance leader for crime fighting software, the company’s offerings include sophisticated Case Closed™ investigative case management and major case management, GangBuster™ gang intelligence software, powerful link analysis software, evidence managementmobile applications for law enforcement, comprehensive crime analytics with mapping and predictive policing, and 28 CFR Part 23 compliant criminal intelligence database management systems.