Criminal justice information sharing in Connecticut: 21st Century growing pains

(Photo credit: IceNineJon/Flickr)

Following a family’s horrific murder, bureaucratic squabbles and multiple iterations of a complicated system, the state of Connecticut finally landed on a solid plan to release a criminal justice information sharing interface between state agencies later this year — one that could help save the state money and hopefully prevent tragedies like the Cheshire murders from happening again.

The Cheshire murders, during which two assailants who were recently released from prison invaded a Connecticut doctor’s house, held his family hostage and then killed them, spurred state legislators to create a criminal justice information sharing system that addresses the coordination gap between agencies with different but intersecting responsibilities. It was later learned that the assailants were granted parole without a full hearing prior to the killings, which could have kept the family from ever encountering the criminals.

The administrative aftermath of the incident also revealed troubling holes in the way criminal history information was shared between different agencies: The decisions to release them were made without the benefit of important presentence investigation documents that might have changed the outcome of their release. In the state, there are 52 different information systems managed by over 23,000 staff, which, without a centralized information portal, resulted in a lack of data integration that left the parole board without access to key court documents.

Following the murders, Gov. M. Jodi Rell proposed the development of an entirely new integrated computer system for all law enforcement, criminal justice and corrections officials. “If ever an issue shouted ‘urgency,’ it is this one,” noted Rell in a January 2008 press release.

The legislature was quick to respond with Public Act 08-01, which, besides increasing the penalties for home invasion charges, mandated the creation of a “comprehensive, statewide information technology system to facilitate the immediate … sharing of information between all state agencies … having any cognizance over matters relating to law enforcement and criminal justice.” Rell then signed the bill that would mandate the creation of the Connecticut Information Sharing System (CISS), addressing the scope of integrating such a massive network of existing information systems.

With the establishment of legislation and a governing board for oversight, the groundwork was set for such a system to come together seamlessly. Over the next few years, though, financial, political and legal conflicts consistently challenged the completion of the CISS project. The state’s path to creating an integrated justice information system demonstrates some important kinds of challenges that can arise.

Internal problems

Almost three years later, Rell left an $8 million funding request for CISS off of the agenda for her final Bond Commission meeting in December 2010. The funds — based on first-year cost estimates by MTG Management — had already been approved for request by the legislature in a special September 2009 session. The benefits of the project were estimated to outweigh its costs in under three years.

Unfortunately, internal political struggle had sapped energy from the project’s execution, as members of the task force clashed on personnel issues determining its future. A gap analysis published by MTG to assess holes in the future of the project determined that “agency staff required to manage and support the CISS program [had] not been allocated,” and that “existing staff would not be sufficient to provide a substantial time commitment due to other job responsibilities.” Sean Thakkar, the executive director of the CISS project, complained that state IT staff were insufficiently accountable to him. Meanwhile, the state’s chief information officer at the time, Diane Wallace, disagreed with the CISS director’s planned allocations, fearing that she would lose funding for existing state IT staff. Not long after, she criticized the director’s overall performance to his governing board.

Connecticut Department of Corrections Commissioner Leo Arnone’s anecdote from a March 2013 newsletter summarizes how friction caused by new initiatives can stall progress. Like Wallace, many employees may equate changes in structure with job losses: “There is a fear that ‘If it is my job to guard that information, and I don’t have to do that anymore, what am I going to do?’”

Audit and legal restrictions

Coordination problems, staffing shortages and funding woes were not anticipated by legislators mandating the CISS, but working through these growing pains allowed the project’s board to address its next significant issue: federal security compliance.

About a year after contractors started formally constructing CISS, the Connecticut Auditors of Public Accounts began investigating “serious issues” with the project based on a whistleblower’s complaint. The auditors’ report highlighted misunderstandings between the board and those implementing the system about “FBI information.” Even before the auditors’ recommendations were relayed to the board, a quarterly report to the legislature revealed that uncertainties about “FBI data” had created a domino effect of delays in many project areas.

Concern about the FBI’s regulations stemmed from the agency’s Criminal Justice Information Sharing (CJIS) Security Policy, which sets strict limits on what information can be shared between PII-collecting agencies. The regulations in the 191-page document are extensive, delineating specific organizational requirements, roles and responsibilities for all agencies covered in the policy. The policy “applies to all entities with access to, or who operate in support of, FBI CJIS Division’s services and information” and governs almost all data that is also submitted to the FBI’s Uniform Crime Reporting program, per its definition of Criminal Justice Information. This broad scope implicated not only the Connecticut CJIS Governing Board but also CISS and every agency linked with it.

A discussion on FBI data management policy only appeared in meeting minutes beginning in June 2013, when CISS Business Manager Nance McCauley addressed the fact that the system could not store any FBI information. The FBI’s policy had technical implications for the project, forcing the staff to redesign the workflow of the system and adding substantial time and financial cost. From that point on, concern about FBI regulations continued to dominate meeting time, and board members criticized the lack of understanding and coordination around the subject of federal compliance. While opening a channel of communication with the federal agency was proposed and clearly necessary for the success of the project, debates arose about how the board fit into the security policy’s definition of a criminal justice agency.

Eventually, the project team settled on conforming to FBI regulations in two ways. First, the staff decided that they would separate agencies that needed and did not need access to FBI information; the former would abide by the federal agency’s rules, while the latter would follow the state’s own CJIS security policy. Second, they would begin work on a Management Control Agreement (MCA) with the FBI to alleviate the federal agency’s concerns about the status of the board under the state legislation that mandated its creation. With the agreement finalized and the state’s CJIS Security Policy approved, the board’s last publicly available meeting minutes describe positive steps to share the MCA with the FBI. Finally, the budget for the project was determined to be on schedule, paving the way for a timely release that will hopefully avoid many of the setbacks the project endured throughout its conception.

Connecticut’s example demonstrates that legislation is only the first step in achieving the promise of information sharing. Despite several challenges, the desperate need for information sharing was repeatedly affirmed in public discussion of the project throughout this period. Stakeholders all understood that information sharing gives them an opportunity to better protect the public they serve.

Finally, while the information sharing system is intended to help agencies make decisions internally, it could result in benefits for the open data world, too. For example, the Connecticut Racial Profiling Prohibition Project will use advancements made possible by the state’s CJIS to provide citizens with comprehensive traffic stop data available in a raw, manipulatable format through the state’s data portal. According to a state traffic stop data report:

Developing a transparent system to view the data by members of the public, policy makers, and law enforcement administrators is an important component of the project. For the first time, the electronic collection system developed by CJIS makes it possible to create a system for public consumption of data.