Monday, January 29, 2007

Can ECM prevent another 9/11

Paul Garrett, Special Assistant to the CIO at the Dept. of Justice, spoke to the January meeting of NCC AIIM. Garrett described himself as passionate about information sharing and described his task as finding out how to persuade 18,000 law enforcement agencies to talk to a handful of federal agencies.

The federal work consists of bringing together the case management and litigation systems at: Justice, FBI, the Law Enforcement Information Sharing Program, and the National Information Exchange Model (NIEM), the last of which Garrett characterized as the glue which held the rest together.

Executive Order 13388 requires federal agencies to make the necessary arrangements for information sharing. One problem is the hundreds of different markings that law enforcement documents have, many more than the secrecy classifications in intelligence.

Garrett compared the work of his group to the process described by Tom Friedman in his book The World is Flat. In the book, Friedman talks about how Linux started with a small group of programmers and began to spread as others found it useful. IBM adopted Linux when it recognized the value of a single standard. Garrett quoted Friedman’s observation that, “Once a standard takes hold, people start to focus on the quality of what they are doing as opposed to how they are doing it.” Garret explained how you have to build some “vanilla standards” that are obvious.

Here, Garrett reminded the audience of the recent advertising campaign by Dunkin' Donuts, which ridicules Starbucks’ Tall, Grande, and Venti, whereas Dunkin' Donuts uses the more obvious terms of small, medium, and large. Garrett said his group needs to “make sure that vendors understand the need for the ’vanilla standard.’ He showed a slide with a list of the terms “small, medium, large” with a bracket to the right of the list, and to the right of the bracket “add foreign names” and then TWPDES (for the Terrorist Watchlist Person Data Exchange Standard). This was an example of adopting simple terminology for information sharing taxonomy.

Garrett referred to an article in the Harvard Business Review that ran in August 2000 , How to Start an Insurrection:
Establish a point of view
Write a manifesto
Create a coalition (Garrett said this is the present stage of the NIEM project)
Pick your targets
Co-opt / neutralize opposition
Find a translator (to translate the project’s ideas to workers outside the project)
Win small, win early, win often

GJXDM was created by local law enforcement out of frustration with federal agencies. The idea was to take what works and build upon it. That is why NIEM takes GJXDM and other existing standards and builds upon them. Garrett explained that the federal government does not want to build new stove pipes on top of old stove pipe systems.

Old Model - Form Driven
USCIS - application - person
FBI - target - event
CPB - cargo - thing
Treasury - bank - corporation
CDC - location - event

New Model - Data Driven
People, places, things - This is how I do a name; this is how I will do a foreign name, and so on.

The new model is data driven, data and metadata in any order. In this way, “chunks” of data can by reused and shared by different agencies as appropriate. Garrett said that NIEM will handle the chunking.

Here, a member of the audience asked whether the agencies will change their systems on the front end or the back end. Garrett replied that they would change the back end, based on query. Changes will be made when information needs to be shared. Ultimately, front end systems will have to be changed, which is why NIEM needs the tech commercial sector, such as Documentum and Adobe, to embrace the standard. (At the mention of Adobe, there was general laughter, as Jason Goetz, president of NCC AIIM, works at Adobe and this was a nice plug.)

Garrett said that his group is asking that new systems be NIEM compliant on the front end. For that reason, the CIO’s office is working to get NIEM written into specifications for case management RFP’s and grants.

NIEM is being built on a shoestring. A small group of core people manage the standard. The challenge lies in convincing developers that this will make their life easier. NIEM is 70% done; developers can take it and then build the rest. With schema reuse, time to market should be reduced. Garrett said that NIEM’s strongest selling point is its compliance with OMB Circular No. A-130.

Currently, the Dept. of Justice cannot answer congressional questions such as how many open cases we have in what area , for example, how many environmental cases in the North East? The Justice Department’s Litigation Case Management System (LCMS) will address this problem.

The recently awarded Sentinel case management system at the FBI will probably be the biggest case management system in the world. I asked if Sentinel would be NIEM compliant and was astonished to learn that at its core it will not be compliant; but it will be able to share information according to NIEM standards. If the FBI can share information without printing documents, if it is no longer necessary to print out case histories and walk them over to the Dept. of Justice, it will be able to save a bundle of money on printing.

Garrett predicted that as NIEM adoption spreads, it would be possible to add services and benefits to the many forms generated by the federal government, such as the Customs Service, FEMA, the Coast Guard, and many others.

A member of the audience asked if there was a parallel with intelligence? Garrett said, “yes.” He went on to explain that the intelligence community had established good metadata standards, but not data standards.

Another questioner asked if there was any thought of sharing information for security clearances, going on to say it was expensive to hire someone with DOD clearance and then pay for FBI clearance for what would be a short project. Garrett replied yes, and that a Line of Business had been established for this.

Garrett explained the Law Enforcement Information Sharing Program (LEISP ). Like NIEM, it was launched to ensure information sharing. The idea is to create a “storefront” for all agencies, FBI, BATF, etc., with regional storefronts where local authorities could decide how their regional “storefront” should be arranged. Garrett emphasized the importance of protecting civil liberties; some information should not be shared.

Garrett illustrated the international nature of information sharing, referring to the bombing of the London subway. In July of 2005, DC Police Chief Charles Ramsey received a message about the bombing and had to decide whether it was necessary to shut down the Washington Metro. After consulting with the Justice Department, he decided to keep it open. This illustrates why local authorities need access to the best information available to the federal government.

A member of the audience asked about the feedback from FBI field operations. Garrett responded that reaction had been mixed. Some chiefs are worried about information getting out. The intelligence folks get it and love it.

Garrett said it was important to get some successes in information sharing and spread the word of those successes. A member of the audience asked if there was any way to give credit to the SACs (Special Agent in Charge, the head of an FBI field office) for sharing information. Garrett said, “No, we need to find a way to do that.”

He said that while NIEM’s search engine works reasonably well for photos, they have no present way to search video. I asked if they were familiar with Podzinger-. Garrett said that he was not familiar with Podzinger, but that someone could propose it to be included with NIEM. However, it would have to be nonproprietary to be included in the standard.

The Office of Justice Programs Bureau of Justice Administration funded the development of the Global Justice XML Data Model (GJXDM). It was developed for the requirements for information sharing with careful privacy guidelines. It has made possible the establishment of Regional Data Exchanges (R-Dex) and the National Data Exchange (N-Dex). Garrett described these as “Google for cops” and offered as a mischievous example query, “What do you have on Jason Goetz?”, to general laughter. Goetz is the President of NCC AIIM.

Garrett talked about the different requirements of the federal agencies. The NIEM representative from the Dept. of Interior is fond of reminding his colleagues that Interior patrols more land than the FBI. Because of the wilderness character of federal lands, cellphone coverage is not very good.

He reminded the audience of the importance of maintaining the quality of information, saying, “Where do I get a response that can I trust?”, going on to say that no one would make an arrest simply on the basis of an N-Dex hit. In general, one would call the original investigative officer on any given N-Dex hit.

Currently, there is an R-Dex pilot project in Seattle. It is a strategic location, because in addition to being a large port city, Seattle has two Naval bases and several major dams in the area.

Garrett pointed out that the greater Washington, DC area is the poster child for the need for such information sharing, with multiple jurisdictions and numerous targets.

The NIEM group has identified 100 different markings law enforcement has for access to documents and 164 different policies for handling such documents. In many cases, it is simply a matter of an individual worker adopting a certain practice and the local jurisdiction maintianing that practice. The Presidential Memo, Guideline 3 orders agencies to share data, and this will give the necessary pressure to rationalize the existing practices. As Garrett explained, when stakeholders complain, “No, we can’t do this,” the NIEM group can simply say that they have a Presidential memo. Reform will enable the criminal justice community to share information with greater trust and accuracy. The new markings will be on the NIEM website.

NIEM is best understood as a framework for the development of standards for information exchange. The group strives for simplicity. It will unite different domains under one federated scheme. While currently NIEM covers only criminal justice IT, plans are underway to build it out to international trade, immigration, and emergency management.

A member of the audience asked, “Where does DOD fit in all this?”
Garrett responded that “DOD is playing nicely” and added, “They are DOD; they play where they want. Same with FBI, they have guns, I don’t.” Garrett went on to say that it is not necessary for every IT system in DOD to be NIEM compliant. Weapons systems do not need information sharing capability.

The NIEM website has been a great success; there have been over 30,000 downloads of the data standard. Garrett observed that this was amazing, as it is not a video or anything with obvious mass appeal. In the opinion of this observer, this is a good omen for acceptance of the standard.

Describing NIEM governance, Garrett said, “You have to bring in the technical guys pretty quick.” He went on to stress the importance of bringing in all stakeholders, including local authorities, academic authorities, and industry groups such as IJIS.

Al Linden asked, “How do you set up a standard PMO with various government agencies?” Garrett answered that it had to be community based, with general involvement with the groups directly affected.

Garrett observed that IT governance and policy are critical, not technology. Ultimately, adoption of the standard would be by choice; you can’t mandate compliance. However, like clean air, “How can you be against standards?” He concluded by asking the assembled audience to “get on the bandwagon.”

Edit -

Please this comment by Owen Ambur, which somehow was directed to another post, but clearly belongs with this one.

1 comment:

James McGovern said...

It would be great if your next blog entry was a response to: http://duckdown.blogspot.com/2007/07/more-thoughts-on-ecm-standards.html

FYI. 9/11 could only be prevented if standards exist that allow for interoperability which ECM is lacking...