Police Check Out Faster, Friendlier Investigative Tools

Det. Doug Garrett, a crime analyst with the city of Kent, Wash., earlier this year investigated a crime ring suspected of auto theft, mail theft, forgery and drug trafficking. An analyst for just more than a year, Garrett said solving the case was like unraveling a ball of twine: Eighteen people were believed to be involved, but investigators didn't know who the ringleaders were or how all the players were connected.

Then, on a visit to the city prosecutor's office, Garrett saw a demonstration of software that he thought could help untangle the conspiracy. The application, CaseLink, from Seattle-based software developer WinShapes Inc., analyzed criminal data and created charts that showed how suspects were linked to events, places or other suspects. Seeing a fit with the software and his case, Garrett got a beta version of the package.

"It was pretty easy to use," said Garrett, who within a few hours had entered his evidence data, selected criteria to search for significant links in the data and then watched the program create a chart of the relationships in the information. The resulting graphic showed how the 18 suspects were associated with one another, and it identified three people with links to nearly all the suspects and key crimes.

"You can talk all day about how this guy is linked to that guy, but once you can see it, well, a picture is worth a thousand words," said Garrett, who used the chart to present his case to his superiors and to help city prosecutors prepare charging sheets for the suspects. He believes the best use of the software might be for prosecuting cases. "The charts will help a jury go through all the information and tie it all together," he said.

CaseLink is one of a growing number of new commercial off-the-shelf investigative tools that use database and visualization technology to sift through vast, seemingly unrelated sets of data to expose incriminating connections and patterns. Crime and fraud analysis teams use the tools in cases involving homicides, organized crime and drug trafficking as well as for insurance fraud and health care fraud investigations.

"These tools help us process multidetailed information much faster than we ever could do by hand," said Ritchie A. Martinez, an intelligence analyst supervisor with the Arizona Department of Public Safety. "They give us the ability to put together a visual investigative aid and construct the data behind it for investigative briefings, search warrants and court documents."

Historically, such programs have been complex, geared for specialists who are trained to mine mountains of data to help solve cases. They have also been expensive-as much as $4,000 per seat. These two factors have kept investigative software largely out of the hands of many smaller police departments. But now, new products and new versions of existing products signal a trend toward less expensive, easier-to-use tools geared more for the average investigator or detective.

"The software lately is a lot simpler to use," said Marilyn Peterson, a management specialist with the New Jersey Division of Criminal Justice and president of the International Association of Law Enforcement Intelligence Analysts, a nonprofit membership group of law enforcement analysts. "It has become more user-friendly because the market demands it."

For example, to use CaseLink, which is a combination database and visualization tool, users plug data into simple forms or import data through custom data bridges. Users can select criteria for identifying links by checking criteria boxes; the program then creates a chart that illustrates the links discovered. Icons in the chart are object-linked so that objects can be dragged and dropped in the chart without scrambling the source data.

In addition to becoming easier to use, start-up requirements are now simpler. Most of the packages require only a Microsoft Corp. Windows-based 486 computer, 16M of memory and 10M to 30M of storage to get started (see chart, Page 23). While each is different, packages generally fall under three types: databases designed to store, classify and correlate case information and evidence; visualization software that create charts and time lines; or applications that combine both functions.

Despite an overall increase in use, some reluctance to using computers for such work persists. "Most police administrators are still learning to appreciate the fact that money for computer technology is just as important as the buying of traditional police equipment. But once they see a demonstration of these tools on an actual case, they are very quickly convinced of their worthiness," Martinez said.

A case in point involves the Gainesville, Fla., Police Department, which last year purchased Analyst's Notebook, a visualization tool from Springfield, Va.-based i2 Inc., to help investigate a serial rape case. The suspect ran his own construction company near Athens, Ga., and frequently crossed state lines on business. Elaine Posey, the lead crime analyst on the case who worked with the Georgia Bureau of Investigation, was tasked with analyzing the suspect's business, phone and cash machine records to try to connect him to certain locations at certain times.

"The magnitude of data that needs to be analyzed on a case like this is enormous," said Posey, who recalled a 1989 case involving murderer Danny Rowlings, who killed five university students in Gainesville and is now on death row. "That was a data-entry nightmare," she said. "We had over 6,000 leads and, at one point, over 75 people assigned to the case from the FBI to the Florida Department of Law Enforcement. I knew the data nightmare that could happen."

Posey imported all the Georgia suspect's records into Analyst's Notebook. Anything that didn't come on disk was scanned. Within hours, Posey had created a "link analysis" chart that detailed all the people closely associated with the suspect, including those on his payroll. She then created a time line of where he was on specific days. He was eventually linked to more than 22 rapes in Florida and Georgia.

"Within two weeks of getting Analyst's Notebook, we had hard-core evidence of places he had been to put him at various locations," Posey said. "Without it, it would have taken months to sift through all the data." Since then, she has used Analyst's Notebook to solve nearly two dozen other rape cases, some from as far back as the 1970s. "Although the statute of limitations had run out, the victims got closure, and that's important," she said. As the complexity and cost of investigative tools comes down, it's not only law enforcement agencies that are turning to the software.

Agencies with security concerns, as well as financial companies and merchants dealing with check fraud, are also expressing interest.

The Fraud Division of the Florida Department of Insurance, for one, plans to use CaseLink in 11 offices on cases involving staged-accident rings, medical provider fraud and accident solicitations.

CaseLink developer WinShapes is also marketing the product to other industries. "[The tool] was designed for anyone who deals with investigative data," said John Avery-Morrison, the company's co-founder and vice president. Indeed, the company's original product, FraudTracker, was developed specifically for investigating insurance fraud.

Despite its user-friendly features, most software still requires training, analysts said. "These tools are designed to do a multiplicity of things, and there are many different levels at which one can use the software," Peterson said. "But there is still a gap between what analysts have available to them and what they are actually able to do with the product."

In fact, untrained users are like amateur race car drivers, Peterson said. "You can drive a Formula One car," she said. "You won't get the same performance as Mario Andretti, but you still know how to drive."


Pittsburgh Customizes Its Own Crime Database

Even with the arrival of easier-to-use investigative software, some jurisdictions defy shrink-wrapped solutions. Three years ago the Pittsburgh Police Department was shopping for investigative software. The problem, recalls Sgt. Mona Wallace, head of the department's Criminal Intelligence Unit, was that no commercial system met Pennsylvania's standards for reviewing and purging criminal-history records.

The state has one of the nation's most stringent laws for retaining unsubstantiated criminal information. The process of reviewing criminal data, gathering updated intelligence and deciding whether to retain or purge information must be carefully documented and disseminated to all agencies that may have documents on a particular suspect.

Also, due to the sensitive nature of the information, its dissemination path must be recorded in the system. "We need to know what happens to a report over time, who has accessed it, who has queried it, who has disseminated it, and who it was disseminated to," Wallace said. "If I send a case to Philadelphia and I later purge the case, I need to notify Philadelphia to purge it as well."

Finding an investigative software program that emulated the state's criminal intelligence gathering process and supported compliance with state laws was a tall order. Today, however, the city is putting the finishing touches on a new criminal intelligence database system, called IQ2, which was developed by two researchers at Carnegie Mellon University along with the Pittsburgh Police Department.

Andreas Olligschlaeger and his partner Wil Gorr, who worked with law enforcement agencies on criminal database systems for nearly a decade, saw a need for an affordable system that emulated the criminal intelligence gathering process. "Our goal was to make the system available to any Pennsylvania police department free of charge," Olligschlaeger said.

The researchers received a $260,000 grant from the Pennsylvania Commission on Crime and Delinquency to develop the system. They spent months sifting through the process of intelligence gathering, dissemination and evaluation and examing how the state's laws would affect the system. Several more months were spent designing the prototype based on feedback from the Criminal Intelligence Unit.

"The police department was just as much responsible for the success of the product as [we] who developed it," said Olligschlaeger, who described the product as a marriage of technical and practical expertise. Last August the system was installed in Pittsburgh's Criminal Intelligence Unit, and analysts began using it on cases.

The IQ2 system provides linkage analysis of data elements, including persons, addresses, locations, organizations, vehicles and weapons and allows analysts to follow patterns of crimes and events over time. The system also tracks cases from the moment they enter the system, providing an audit trail of all case activity.

"It gives us an extra tool to ensure that we are in compliance with federal and state law," Wallace said. "We can show it and prove it." For example, IQ2 notifies crime analysts 30 days before the review date of a case, giving them time to gather updated intelligence to help decide whether to retain or purge a case from the system. If a case is purged, the system automatically generates letters to any police agencies that received information on the case instructing them to delete the case. "It save us a lot of time," Wallace said.

The system's search capability is powerful and versatile. "I can query the database for all narcotics crimes that involved stamped heroin in a particular area of the city, or all street gangs involved in homicides citywide," said Wallace, who explained that drug dealers typically trademark or stamp their heroin with slogans such as "I'll be back" or "Mambo King."

Because certain drug territories are usually provided with particular types of heroin, the police keep tabs on what's coming in and from where largely from drug-seizure information that is entered into IQ2. The system is also helpful in identifying relationships in cases involving straw purchases of firearms, in which guns are purchased, reported stolen and then sold to other individuals who, because of their criminal history, cannot purchase guns.

The IQ2 system houses an Oracle Corp. engine and was built with Oracle development tools. "We chose Oracle because of its compatibility and versatility," Olligschlaeger said. "Oracle is inexpensive on a single-user platform and one of the most stable systems out there. And it runs on just about anything."

A stand-alone version could run on any PC with 6G of hard disk space, 32M of RAM (64M is recommended) and a 166 MHz processor or higher. Personal Oracle, a "light" version of Oracle's database software, is also required. Pittsburgh's networked system runs on a SPARC Enterprise 350 Server from Sun Microsystems Inc.

Agencies that want to use the system have to purchase an Oracle license, which runs about $300 to $400. Agencies can also add other software programs to IQ2, depending on their needs. Olligschlaeger said he is negotiating a contract with i2 Inc. to bring Analyst's Notebook's visualization and link-charting capabilities into the IQ2 system.

While IQ2 was developed for Pennsylvania law enforcement, it could be shared with agencies in other states. "Certainly if other states are interested, they could use IQ2," said Linda Rosenberg, an electronic data processing manager at the Pennsylvania Commission on Crime and Delinquency.


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected