Scott McPherson, CIO to Florida’s House of Representatives and former CIO of Florida’s Department of Corrections, has a new post on Computer World, where he addresses the continued need for data integration for law enforcement in this country. While I am generally against the comprising of privacy for gains in security, I believe that most of what Mr. McPherson is talking about are perfectly reasonable changes that we should be calling upon the government to finance, as they are our best chance at true security, and for the most part require virtually no sacrifices on our part.

To sell his point McPherson tells the story of Mohammad Atta, one of the 9/11 hijackers, and his run-ins with the law shortly before that infamous attack. Basically, he’d been cited, failed to appear in court, got a warrant issued in his name. got pulled over again, and because he was in the next county received another citation because the officer had no way to find out about the warrant which was filed in a neighboring county. If Atta had been pulled over in a neighboring state, I think we’d like the officer to know about outstanding warrants, but the next county? Certainly an arrest should have been made.

Had Atta been arrested, strong evidence of the plot may have been discovered that would have potentially allowed the entire plot to be foiled. Of course, further communication problems within the Intelligence Community (namely the CIA and the FBI) likely would have served as a further detriment to anything actually begin caught, but that is for another post, at another time.

So what would this require? A fairly basic, standardized architecture of services which would allow queries to be made by officers, even if they were in the field, which would return any relevant information. What does that require? A standard method of communication, which luckily the Department of Justice has created. And companies are already working on solutions in this space. ANalyze Soft did a presentation at Boise Code Camp this year about their project that is providing consitent data integration for the Idaho Dept. of Corrections. McPherson has wonderful things to say about Appriss’ JusticeXchange products, including how much it helped the Florida DoC track repeat offenders and probation violations. Using JusticeXChange, corrections officers can be notified if an absent parolee gets arrested across the state or across the county, and take action on the issue before the parolee ever sees a Judge.

Most people don’t commit crimes. We just don’t. But there is a lot of evidence to suggest that the people who do tend to commit more than one. Perhaps laws or policies will become necessary that limit how long infractions show up on criminal records like this, particularly as that information becomes more easily shared. However, the benefits to sharing this data are enormous, and we need to be funding these sorts of projects. Small towns don’t need riot gear, nearly as bad as they need good means to communicate crime data with other policing agencies across the nation.

Interesting, but more frightening, was the discussion on Hank Asher’s MATRIX system. Now, Hank Asher is a big name in the Data Mining industry, earning quite a fortune by examining personal information for patterns. He chose, in 1999, to turn this focus toward law enforcement, which is where MATRIX was born. MATRIX analyzed criminal and other governmental records (Licensing, etc) looking for ‘anomalous’ behaviors that could potentially be related to terrorist activity. Incidentally this is fairly similar to what Visa and the other Credit card providers do to try to find fraudulent activity on your credit card.

It is unclear whether or not MATRIX was tapped into commercial data, though it almost certainly could have been. The ACLU did a lot of research on MATRIX trying to determine what information it was pulling it. Ultimately, these probes led to MATRIX losing it’s funding becuase of it’s similarities to DARPAs Total Information Awareness project, which sought to perform an amazing amount of discovery on hundreds of millions of Americans, the vast majority of which were not engaged in anything resembling terrorist activity. Congress ended up killing TIA, and MATRIX followed, due to it’s similarities in functions.

So, how do I feel about MATRIX, and technologies like it? In general, I think it almost certainly going to be too broad in scope. I don’t really need anything keeping track of my purchasing habits, correlating that data with my phone records and browsing habits. These are the reasons I’m generally against data mining. Visa isn’t watching my transaction history for my own good, I can always report fraud myself, they’re doing it so that they can better target their ads at people like me, or to sell advertising information to others. The sort of data mining the first part of this post was okay. It was tracking criminals engaged in criminal activity. It wasn’t even tracking criminals on everything else we’re doing.

Associating data across many, many databases can be a very, very powerful tool, but I disagree with Mr. McPherson that just because people are data mining means that we need to just suck it up and deal, as he basically says in the comments. Large scale data-mining like MATRIX had the possibility to prevent terrorist attacks, Asher demonstrated that after the fact with the 9/11 attackers. However, is the potential loss of liberty, and additional harassment that could come to honest American’s who happened to have fit the profile MATRIX was looking for worth it? I’m not convinced.