By Antoine Babinsky, Chief Superintendent and Assistant Chief Information Officer, Royal Canadian Mounted Police, Ottawa, Ontario, Canada
here are many truths in public safety and security information sharing:
These truths are widely touted and largely accepted. They are also well-worn clichés. In the past, these clichés have dominated discussions and slowed information sharing progress by masking the difficult compromises and tough decisions that the attainment of these truths requires.
- Getting the required information to the right people at the right time is crucial for improving public safety and security, so everyone has an interest in information sharing.
- The technology exists to provide trusted tools and a secure network that can make information sharing easy.
- Information sharing must respect current methods and best practices without compromising investigations.
- The rising importance of information-led policing changes the mode of operations from need-to-know to need-to-share.
The underlying and unspoken truth is that real progress requires a frank debate, where stakeholders join as equals to set the national safety and security information sharing agenda, debate the risks and tradeoffs, work toward solutions, and pledge to put in the effort necessary.
In Canada, the early call for this level of debate has been a key to developing a national approach to information sharing. Until recently, information sharing was improving across police services but in regional pockets. Getting information quickly from federal government public safety and security agencies to provincial and local police and other authorities was inherently challenging.
To expedite progress, the government created the Canada Public Safety Information Network (CPSIN), which brought together public safety and security partners to create a new, national, and comprehensive network of partners, an action plan, and systems for delivering electronic information sharing capabilities in support of public safety business processes. The technology component of the action plan included several key initiatives, among the most urgent being the modernization of national police service information sharing systems.
CPSIN put down the foundation for a strategy created by Public Safety and Emergency Preparedness Canada (PSEPC) in collaboration with the Royal Canadian Mounted Police (RCMP) to accomplish improved inter- and intrajurisdictional information sharing through the new National Integrated Interagency Information (N-III) initiative.
At inception, the N-III initiative examined the hidden and unspoken truths of information sharing. This led to collaborative, concrete actions that set the stage for improved interoperability among the many public safety and security organizations in Canada. This includes the development of a long-term vision for N-III, as well as the immediate mechanism for the sharing of police occurrence information, the national Police Information Portal (PIP). The staged implementation of the PIP system has already resulted in many operational successes as the following recent example attests:
A municipal police officer in London, Ontario, observed an out-of-town vehicle parked at a local motel. A routine records check revealed that the registered owner was facing serious criminal charges.
The officer followed up by conducting a PIP check on the vehicle and its registered owner. The inquiry returned information from other police agencies that identified other individuals associated with that vehicle.
The officer dug deeper, conducting PIP checks on all subjects. He learned they all had ties to violent crimes and fraud-related matters. Additional intelligence from other police agencies connected the subjects to a known gang. This information convinced the officer that the vehicle and its occupants warranted further investigation.
The officer arranged for a surveillance team to follow the vehicle. The suspects proceeded to several stores, making purchases on counterfeit credit cards. Police arrested the suspects, searched the vehicle, and seized several counterfeit credit cards and a laptop computer with an attached thumb drive.
The thumb drive contained valuable information related to the gang’s activities, including the location of their card skimming device, a list of card subscribers and card numbers, and numerous photographs of the gang members and their activities. Police followed up on this information and learned that the group had been committing crimes all over southwest Ontario.
This kind of result would have been unthinkable if none of the stakeholders in the Canadian public safety and security sector had been able to see past the information sharing clichés to the hard truths that lay beneath.
Cliché 1: Everyone has an interest in sharing information; getting the required information to the right people at the right time is crucial to public safety and security.
Everyone vehemently agrees with this cliché: information sharing is critical to public safety and security. The challenge is that every organization has a different idea of its responsibilities in sharing information. Identifying what those responsibilities are and how they can contribute to a larger interest is the key challenge in any interoperability effort.
The N-III initiative addressed these differences in perceived responsibility through an approach to program and project governance that respects and extends existing governance constructs while requiring tradeoffs from each body in favour of common objectives.
The key stakeholders in what was to become the N-III project already held strong opinions about solving interoperability issues. They had formed committees and governance bodies to deal with the issues and with the potential solutions. Agreements were in place to clarify the responsibilities of all participants.
The Canadian Association of Chiefs of Police (CACP) Informatics Committee was already examining how to extend the success of the Law Enforcement Information Portal (LEIP) used by police services in Ontario and British Columbia as well as other regional information sharing arrangements. Smaller municipal police services were looking to the RCMP to provide the kind of information sharing solutions that they themselves simply could not afford.
The British Columbia LEIP arose from our realization that police agencies needed to share operational information. This was especially acute in the metropolitan Vancouver area, which is policed by six separate municipal forces and seven detachments of the RCMP. We needed a means to share records information. We worked with the Ontario police agencies who also implemented a LEIP solution and when we successfully connected both LEIP systems, we proved the concept of a national information sharing network in terms of technology, governance, and disparate privacy and information disclosure laws.”
– Jim Chu, Deputy Chief Constable, Operations Support Division, Vancouver, British Columbia, Police Department
At that time, PSEPC started working on (and continues to develop) a data exchange standard, another CPSIN initiative, with the objective of providing a way for public safety and security stakeholders to drive and leverage a common data dictionary, a data model, and XML schemas across the sector.
Once the N-III initiative was mandated, a collaborative, overarching governance committee formed and each of the existing governance bodies and committees were called together. The resulting NIII governance model provided a way to agree on common interests and define responsibilities, including such activities as adopting resolutions put forward by the CACP and using common information management approaches for advancing that interest in the same way.
Then the tradeoffs began. The CACP Informatics Committee recognized that a move to a standards-based and centralized national system would take significantly longer to implement. In a fall 2005 resolution, they agreed to put aside the operational bias toward just getting it done in favor of a long-term approach.
The sharing of operational information amongst all public safety and security organizations is necessary for effective response to crime and social disorder and the safety and security of communities; that the effective sharing of information can best be accomplished through a national system, accessible to all police agencies and approved public safety organizations. The Police Information Portal (PIP) is endorsed as the national information sharing standard for police agencies.
— Excerpts from CACP Resolution 05-2005
This resolution resulted in the folding of many of the existing regional police information sharing environments into the national PIP. The national PIP architecture is centrally managed by the RCMP on secure RCMP premises. This provides capital and operational savings that can be reinvested into expanding information sharing technologies across the public safety and security sector, a move that benefits all stakeholders.
Federal public safety and security agencies also had to trade, at least in the short term, larger visions for full cross-sector interoperability. PSEPC leads the production of an interoperability program for the government of Canada, including an overarching approach to develop solutions that can serve the entire Public Safety and Security sector.
While not a full implementation of this vision, carefully mediated access to the police service occurrence data available in the national PIP eliminates manual information gathering processes and speeds information processing for public safety and security agencies. What government agencies gain is early access to information that is available now. It also moves many public safety and security agencies one step forward in their overall interoperability objectives.
The sacrifices required from the NIII stakeholders are quite different, as are their original objectives. Through reasoned decisions and tradeoffs at a governance level, N-III has proffered an immediate-term information sharing solution in the form of the national PIP that builds a solid foundation for achieving the outcomes to which all stakeholders are committed.
In a day and age where criminals know no bounds to their mobility, law enforcement executives have a professional and moral obligation to ensure that information is widely available to law enforcement personnel who need it while safeguarding it from those on the outside who should not have it. A system that puts this depth of reliable information at the fingertips of first responders will help to prevent crime before it happens. This is ultimately our goal.”
– Vince Bevan, Chief of Police, Ottawa Police Service, and Chair, PIP Governance Body
Cliché 2: The technology exists to provide trusted tools and a secure network that can make information sharing easy.
The unspoken truth here is that the gee-whiz factor of new information communications technology, combined with the time required to engage the government apparatus, allows technology to lead the change—entirely the wrong approach.
Technology is not just hardware and software. Technology is inherent in the application of concepts, process improvement, enterprise components, and services. A successful information sharing network does not start with technology; it starts with strategy—why share, what to share, and who should share it. Only after answering these questions is it logical to ask the technology question: how do we share?
In Canada, early information sharing efforts were fortunately strategy driven, such as in BC and Ontario where business effectiveness strategies drove the creation of regional LEIP applications. The strategic underpinnings of these early PIP building blocks were easily extrapolated into the conceptual approach to the national PIP.
It became clear to us what we had to do with respect to information sharing: jumpstart the parts of our system where work hadn’t begun and correct other parts, so we’ll have a renewed system that will significantly improve the way we manage information within the policing community and in the way we share it with our public safety and security partners.”
– Eldon Amoroso, Senior Director, Support Services Division, London, Ontario, Police Service
An early PIP strategy was to encourage participating police services to apply the CPSIN Data Standard. The goal of the CPSIN Data Standard is to have the sender and receiver of information share a common, clear understanding of the meaning of information; to be reliable and useful, public safety and security data must have the same meaning for those who receive it and those who send it. The emphasis on data exchange standards ensures that each police service can contribute effectively to a common repository, no matter how the actual information sharing technology evolves.
PIP infrastructure architects have also designed a future-looking architectural framework that includes current Web services technologies, as well as service-oriented architecture (SOA) concepts that provide the flexibility to grow the national PIP system, or add new technology advances, without having to redesign the originating systems or the centralized indexing system.
This strategy creates the technical foundation for public safety and security information sharing solutions that capture the information once and make it visible and reusable throughout the sector, creating interoperable solutions that still allow a level of self-determination regarding how a particular police agency wishes to conduct their business.
Cliché 3: Information sharing must respect current methods and best practices without compromising investigations.
In the N-III context, there is a pressing need to find ways to work with diverse partners in order to deliver the program, the project, and its services efficiently while respecting individual autonomy and requirements and at the same time accruing benefits to the public safety and security community as a whole. This requires an accountability design that allows each organization to retain a sense of the individual organization and willingly adopt practices that are best for the sector.
The national PIP addressed this accountability requirement through the PIP Protocol, a document that provides the necessary framework, along with associated standards and definitions, to ensure that the PIP is used consistently by participating police services.
By signing the document, participating police services voluntarily take on several accountabilities, including the following:
- A participating police service may place restrictions on access to its information and is not required to post all of its internally available records on the PIP.
- Information on a records management system (RMS) contributing to or accessed by the PIP is and remains the property of the contributing participating police service.
- Query access to the information through the PIP is for law enforcement purposes only.
- Except where disclosure is required by law, a participating police service shall not disclose information originating from another participant without the prior consent of that participant.
Other practices that affect the overall effectiveness of the national PIP include data quality, data retention policies, information handling, security clearance policies, and the treatment of young offender (juvenile) information. These practices vary widely across Canada and are determined by precedence and legislation. By participating in PIP, police services volunteer to apply common standards to information that is to be shared nationally.
Federal public safety and security agencies are provided mediated access to RCMP occurrence data that complies with privacy and legal information sharing restrictions. The Governance Based Access Control (GBAC) is a control mechanism used to accommodate the legal restrictions that surround information sharing among federal agencies.
The N-III initiative and the national PIP had to respect existing methods and practices to get off the ground. Attaining a sustainable and effective information sharing system requires the participants to comply with the accountability guidelines and restrictions established at a national level.
Cliché 4: The rising importance of information-led policing changes the modus operandi from need-to-know to need-to-share.
Information sharing in the past occurred between comparable organizations, in need-to-know amounts, among people who knew each other. Meeting today’s threats requires disparate organizations to share large amounts of information between people unknown to each other.
How is it possible to transfer the trust between individuals into a trust of organizations and their processes, particularly those without a history of collaboration? There is an important role for technology to fill.
N-III is scaling up trust using the RCMP-stewarded National Police Services Network, an existing network that provides access to other federally funded services such as the national fingerprint database and other forensic services.
A tool such as the national PIP adds to this trust by transferring information between people who do not know each other; essentially, PIP becomes a bridge of trust between the two. Accountability is established by the logging of specific requests for information.
Another of the technologies that N-III uses for transferring trust is GBAC, a solution that facilitates robust information sharing while mitigating the inherent risks. The premise of GBAC is simple: information assets are managed according to their governing legislation. GBAC considers why information is held in the first place and takes into account that multiple authorities may be required to determine an access control or information sharing decision. GBAC rigorously enforces access permission rules based on key governance questions related to jurisdiction, collection authority, collection purpose, security designation, disclosure authority, and disposition authority.
PSEPC is increasingly taking on the role of a trust broker because we recognize successful safety and security outcomes depend on creating trust among people who don’t know each other. We’re not telling agencies how they should store information; we’re giving them a framework and a vocabulary for sharing it so they can build trust in the information.
– Doug Dalziel, Acting Director General, Public Safety and Security Interoperability Directorate, PSEPC
Lesson Learned: Approach Information Sharing with Facts
Ultimately, attaining information sharing goals requires difficult compromises and tough decisions, specific roles and responsibilities, and a willingness to sacrifice personal and organizational preferences and priorities for the sake of improved public safety and security. If there is a lesson to be shared from the Canadian experience so far, it is to approach information sharing challenges not with clichés but with the following facts:
- It is necessary to respect and extend existing governance constructs, define clear responsibilities, and accept tradeoffs from each body to meet common objectives.
- Technology is important, but a national strategy must come first. Determine why we share, what we share, and with whom we should share it and before deciding how we should use technology to share.
- It is impossible to start over. Adding a layer of national-level accountability encourages participation while respecting existing information management methods and practices.
- It is necessary to scale up information sharing systems through trust — to find ways to transfer trust in an individual into trust of organizations and processes.