Cyberspace Sleuths Uncover Covert Connections

May 2002
By Maryann Lawlor
E-mail About the Author

Electronic case files help law enforcement officers coordinate efforts.

The Federal Bureau of Investigation is turning to 21st century tools to solve today’s crimes and move from a primarily reactive law enforcement approach to one that will allow agents to anticipate, then prevent, illegal acts. Data management capabilities will enable bureau personnel to identify relationships between cases as well as various sources of criminal activities.

Adoption of these new technologies is part of the bureau’s effort to update its internal communications systems. The Federal Bureau of Investigation’s (FBI’s) technology upgrading plan, known as the Trilogy Program, leaped into fast-forward after the September 11 terrorist attacks. Although the bureau has spent the past decade investing in technologies that support state and local law enforcement agencies, it has lacked the funds required to upgrade the tools that meet the basic investigative needs of both special agent and professional support personnel. Trilogy is the overall program designed to meet those needs, and individual FBI programs recently have adopted file management technologies that will help agents coordinate the data they collect while investigating crimes.

Mark A. Tanner, information resources manager, FBI, Washington, D.C., explains that Trilogy will provide an information technology infrastructure that enhances the investigative capabilities of agents. All FBI offices will have a secure intranet with a server-based integrated office automation package, new e-mail software and easy-to-use Web-based applications. Agents will be able to access, analyze, share and report information, such as text, images and scanned documents, and possibly audio and video files.

Originally, the technology was scheduled to be up and running by October 2003; however, this timetable changed following the terrorist attacks, and a new deadline was set for December 2002. According to Tanner, the plan was revised yet again with a current deployment target date of July 2002. Dyncorp, Reston, Virginia, is providing the infrastructure portion of the program, and Science Applications International Corporation, San Diego, is enhancing legacy applications and databases. While the infrastructure upgrade will be done on the accelerated timetable, Tanner relates that the user application component is longer-term, with a goal of deployment in 2004. It will include a migration to Web applications, security elements and functional capabilities.

“Right now the majority of our records are in paper form. This will make all of that electronic so we can better manage the information we have. It should make us work more efficiently and effectively,” Tanner notes.

Although a comprehensive overhaul of FBI information technology systems will not be complete for several months, some individual programs are reaping the benefits of technologies today. These same capabilities could be used to help in any area where case files are part of the investigative method, Tanner says.

The FBI’s Innocent Images national initiative currently is using a case management system developed by Vredenburg, Reston, Virginia. The program is part of the bureau’s Crimes Against Children (CAC) project, a program that began in 1997. Each FBI field office has at least two designated special agents who act as CAC coordinators and utilize all available investigative, forensic, tactical, information and behavioral sciences resources for investigations. They coordinate their efforts with local law enforcement agencies and federal or state prosecutors.

The initial wave of operation Candyman, which resulted in more than 80 arrests, is one example of the effectiveness of collaboration. All 56 FBI field offices, nearly every U.S. attorney’s office and the U.S. Justice Department’s criminal division participated in the investigation.

According to Carl F. Muller, senior vice president, systems integration services, Vredenburg, the Innocent Images program is using Vredenburg’s Case Management System (VeCASE), which is a vertical product that is built on one of the company’s core offerings called HighView. The firm has developed three similar products based on HighView that are used by other types of organizations, including the intelligence community, Muller states.

Because the Internet has changed the way people can commit crimes, the FBI must change the way it monitors and investigates criminals, Muller shares. Much of the evidence of criminal activity is now in electronic format, such as e-mail, e-photographs and videos, and people reporting suspected criminal activity using electronic communications, he explains.

Web technology allows FBI agents to monitor e-mail and chat rooms; however, the traditional case management system, which is paper-based, is not an effective means to gather, store and access the collected data. It also does not lend itself to collating or sharing the information so that it can be cross-referenced.

Tanner relates that FBI cases are managed today in much the same way as they were when he joined the bureau in 1983. “An agent creates a document and underlines the names of people of interest, then gives it to a clerk who puts it into a database. A lot of what we get today is images from other law enforcement agencies, but they are given to us in a [paper] file folder. If all the other information is in electronic form, then the images can be scanned, and we will have everything in electronic form,” he offers.

Muller explains that this is exactly the technique that VeCASE provides for Innocent Images special agents. It allows the agent to create an electronic media case file rather than or in addition to a traditional file.

In many ways, the Innocent Images program exemplifies how a typical case progresses in an FBI investigation. A tip is received from a source, and special agents follow up on it, collecting and saving evidence as they go.

To pursue child pornographers that use the cyberspace as their venue, this same process takes place electronically, and agents can use VeCASE to create an electronic file of the case. An Internet user who receives child pornography via e-mail, for example, reports it to the Internet service provider (ISP) electronically. The ISP passes this information to the FBI special agent, who begins an e-file on the report.

VeCASE analyzes and categorizes the e-mail. By examining e-mail header information, agents can find out whether the individual sending the illegal message also has sent similar e-mail to other individuals. They can take the investigation further to determine if this same individual is engaging minors in inappropriate discussions in chat rooms. Chat sessions can then be added to the electronic case file. As the data builds up in the electronic file, a profile emerges. While it may be difficult to identify the person involved in an individual case, the system allows investigators to link data and forward it to other agents, Muller explains. “So the case file system enables agents to create a database that includes what a traditional file would have in it but also gives them the ability to put these e-mails and chat sessions into the database,” he adds.

At the highest level of the electronic file is the case number. Profiles, which are database files with information about a person, are attached to this identifier. Objects, such as e-mail, e-mail attachments or photographs, are placed in the data folder, and links are created between the objects.

“We also can create an index of every word in every file we have. So, for example, an agent can search for ‘Carl Muller’ in any e-file and be able to go instantly to all the files where the name occurs. Then, the agent also may see that another agent has gone through the file and can follow up on it. Individual agents can add to the file. It includes hundreds of forms that have been automated, so they can be added to the file. Because it resides on an intranet, workflow occurs between individuals,” he explains. Although technically the system is open within the secured intranet, Muller notes that some protocols have been set up to limit access.

The capability allows the FBI to conduct some of the preventative activities that Tanner suggests. Muller points out that the FBI can get ahead of the curve of fighting crime. “Instead of waiting until the kidnapping occurs, they can get to the perpetrator before it happens,” he offers.

VeCASE also features some ancillary capabilities that handle and track legal documents and processes such as subpoenas and grand jury activity; however, its primary purpose is to help agents collect information, he adds.

And collecting information to track people’s activities is a task that more than one type of organization undertakes. Some of HighView’s other vertical products support the intelligence community, including the National Security Agency, the Central Intelligence Agency and the National Reconnaissance Office.

F. Dyson Richards, director of sales and marketing, Vredenburg, relates that the technology can be applied in any type of business or agency whose business process involves a case file approach, such as insurance, medical and social service organizations. It also facilitates the auditing of investigations, he notes.

To ensure that VeCASE could be widely deployed, Vredenburg designed it to be user-friendly. “All of our systems are typically used by people who are not computer scientists. They want to know ‘How am I going to view this object in this window?’ So a lot of our research goes into reviewing this,” Muller says. Richards adds that this was one of the reasons the user interface was designed in the current manner. “We set it up like these people were used to working before—case numbers and names. The difference is that now they can pull that information up on the screen,” he says.

As with any information collection capability, an opportunity for abuse exists. However, Muller asserts that VeCASE is aimed solely at helping the FBI manage files based on complaints they have received. “In the case of the FBI, they’re not sitting out there collecting information that anyone on the Internet can’t collect. They’re working on complaints. So, if you want to have police investigate crimes, then they have to have the tools,” he says.  Richards points out that “holding back the technology won’t keep us safe.”

The FBI fully recognizes the advantages that technology gives the bureau. Tanner notes that technologies such as VeCASE will allow investigators to correlate information, and this will allow agents to identify relationships that they do not see today between cases. “And it’s not only between cases, but also between areas. Terrorism sometimes has a relationship to organized crime, for example. As we’re investigating crimes, we have to be able to draw the relationships between the information we have and use them to identify emerging trends, so we can be more preventative in our activities. Technology allows us to do this. We can work smarter,” Tanner says. The military, intelligence community and law enforcement all are becoming more closely aligned in this effort, he adds.

Larry E. Den, senior vice president of information technology at Vredenburg, points out that immediately following the terrorist attacks, law enforcement agencies relied on traditional methods to collect information. However, a transformation is taking place about how agencies are handling the information. Now that voluminous amounts of data have been collected, Den believes the agencies will begin employing technology to facilitate the analysis.

Additional information on HighView is available on the World Wide Web at

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.