Irreducibly Complex Questions
A few good answers can make a world of difference.
"May I see your license and registration?"
It is the first question that a selected (often misbehaving) motorist hears after being pulled out of traffic on a routine stop.
Researching those two documents in the minutes that follow is anything but routine. Hidden from the motorist's view is the overwhelming complexity and the widely variable comprehensiveness of the systems that use that information to interrogate databases across the criminal justice food chain.
Making the data sharing successful has taken the efforts of people at all levels of government, private-sector integrators and research- and relationship-driven organizations, including SEARCH, the National Consortium for Justice Information and Statistics.
SEARCH recognized early on that the challenge was as much about statecraft in a highly federated environment as it was about technology. Witness the change in language from criminal justice "integration" to "information sharing" -- largely a political compromise to acknowledge concerns over the data sovereignty of the respective systems owners.
Data sovereignty is the deceptively simple idea that system owners can share certain data with authorized users from partnering agencies without losing control over it. The concern under earlier integration models was that data owners ceded control over who accessed and manipulated data in their respective systems. The justice community has shifted its focus to how best to get its core business done by exploiting the core competencies of the data-sharing partners.
The complexity of this effort has been reduced to three core questions about the offender:
Who are you?
Where are you?
What have you done?
Impressively, the answers appear to be within reach in more than two-thirds of the states as identity, custody and criminal history come together on a single screen. Though progress has been made, it only gets harder from here.
Enter homeland security. It brings the criminal justice and intelligence communities together with public health, transportation and critical networked infrastructure. The confluence appears to defy simplicity.
Homeland Security Director Tom Ridge recently told the National Emergency Management Association, "We are intercepting and getting bits and pieces of information that you try to put together and then analyze .... It's an entirely different kind of war, which means that we need to do an even better job of analyzing and processing all the information we pull down from a variety of sources." That is a daunting task.
But what if we were to begin with the common functional or business problem shared across agencies directly and indirectly responsible for homeland security? From that point of view, the three core questions of criminal justice could be amplified by five questions (not yet in irreducibly complex form) about threats to where we live, work and govern -- spaces that have become known collectively as the "attack surface":
What is it?
What would it do?
Where are its targets?
Where is it from?
How credible is it?
The answers to this combined list of eight questions could change the world, or at least make it more secure. Importantly, as with criminal justice, the answers to these questions do not assume vast data warehouses in which everything known by every agency is pooled. Instead, the focus is on defining exchange points for a finite set of data elements among previously discrete systems.
There is an impulse to think about the management of such mission-critical data in terms of ERP or CRM. But that impulse needs to be tempered with the important lesson of Google -- that understanding the links among select data can be more valuable than surveying vast amounts of data by itself.
Given the sensitivity of the records, the underlying systems, and the transactions they support, both privacy and security need to be confronted. On the latter point, the most recent Digital State Survey results, released this month by the Center for Digital Government, the knowledge-management and research division of e.Republic, and the Progress & Freedom Foundation, indicate that more than three-quarters of states have made significant strides in aligning their criminal justice IT security architecture, infrastructure, policy, practices and communications. Forty percent of responding states report that they are where they want to be by this measure, with another 38 percent closing in.
The promise of data sharing in this space is to provide actionable information for investigations, access control and the lifecycle of arrest, booking, charging, disposition and custody events. That presents the interesting architectural challenge of archiving records created on the fly so they can be re-created after the fact. The current data storage practices for the underlying production systems will not do, unless they can be coupled with the capture of middle layer data that comprises the end users' view. Perhaps the only unacceptable alternative is requiring officers, judges and jailers to hit the print button every time they make a decision. The architect, archivist or auditor that reduces that complexity to irreducible form will have earned her country's undying gratitude.