CJIS Governing Board Meeting August 15, 2013, 1:30 pm Division of Criminal Justice, 300 Corporate Place, Rocky Hill, CT 06067 CJIS Governing Board Members and Designees in attendance Michael P. Lawlor, Co-Chair, Under Secretary, Office of Policy and Management; Judge Patrick L. Carroll, III, Co-Chair, Deputy Chief Court Administrator, Judicial; Garvin Ambrose, Victim Advocate, Office of Victim Advocate; Reuben Bradford, Commissioner, Department of Emergency Services and Public Protection; Sue Brown, representing Chief Public Defender’s office; Cheryl Cepelak, Designee, Department of Corrections; Melody Currey, Commissioner, Department of Motor Vehicles; John DeFeo, Designee, Board of Pardons and Paroles; Kevin Kane, Chief State’s Attorney, Division of Criminal Justice; Richard C. Mulhall, Chief, Connecticut Police Chiefs Association; Michael Pollard, Designee for Sen. Eric Coleman, Co-Chair of the Joint Standing Committee of the General Assembly on Judiciary; Mark Raymond, CIO, Bureau of Enterprise Systems and Technology, and Designee, Department of Administrative Services; and Joe Verrengia, Representative, Designee for State Representative Gerald Fox III, Co-Chair of the Joint Standing Committee of the General Assembly on Judiciary. Other attendees Brian Austin (OCSA-DCJ), Michael Cole (Office of the Attorney General), Bob Corona (CSP), Bob Cosgrove (DOC), Joe D’Alesio (JUD), Evelyn Godbout (DCJ), Dean Myshrall (DAS), Captain Mark Panaccione (DESPP), Ed Peruta (American News), John Russotto (Deputy Chief State’s Attorney), Terry Schnure, Celia Siefort (JUD), Steven Spellman (DESPP), Terry Walker (JUD), Patricia Wilson (Auditor of Public Accounts), and Antoinette Webster (DESPP). CJIS staff and contractors Jeanine Allin, Phil Conen (Xerox), Bob Kaelin (MTG), Richard Ladendecker, Nance McCauley, Patty Meglio, Sean Thakkar, Mark Tezaris, Elizabeth Ugolik, and David Wright (Xerox). I. Welcome and Introduction  Mr. Michael Lawlor, Governing Board Co-Chair, brought the meeting to order at 1:35 and welcomed everyone. In his opening remarks, Mr. Lawlor introduced a new member of the Governing Board, Representative Joe Verrengia, who is the Designee for State Representative Gerald Fox, III.  Mr. Lawlor explained the postponements of the July Governing Board meeting was due in part that time was needed to look into the concerns and issues that were brought to the Co-Chairs’ attention and that Mr. Bob Kaelin could not be present on August 1st to discuss the IV&V results.  Mr. Lawlor said that the concerns dealt with the pace of the project. One issue focused on compliance with FBI and CJIS security standards. There were countless meetings with Judge Carroll, Mr. Lawlor, Xerox, CJIS and the state police to get a sense of what other issues exist and which are solvable and which are not. It is important to ensure that communications take place to help the project be a success.  August 15 Governing Board Meeting Minutes Page 1 of 7            Mr. Lawlor mentioned that the most significant item that occurred is that Xerox volunteered a national expert, Jason Mull, as the CJIS Security expert who engaged with Commissioner Bradford’s group (DESPP) and the Chief State’s Attorney Office to review concerns, proposal, FBI security standards, and what other states do. As a result, there’s a better understanding of the CJIS project, including a better understanding of how it will comply with FBI standards. Mr. Lawlor stated that Xerox also has concerns on the billing process, standards, expectations, and benchmarks. Ms. Karen Buffkin, Deputy Secretary with OPM, is participating in the mitigation effort to incorporate several changes to the Xerox contract. Mr. Kane suggested a meeting to address some obvious friction between the local and state police and with the CJIS staff in order to obtain a better understanding of what the issues are, create a process to move the project forward, and understand clearly the technical and legal processes. Commissioner Bradford expressed a concern that the report that was sent to the Legislature was not completely accurate concerning OBTS; that there is a need to clarify and identify the issues and make sure that they are being accurately reported. Mr. Lawlor explained that Mr. Kaelin will talk about the risks of the project, some of which are very real with very complex mitigation. He said that they are now addressing all of the concerns and that today’s meeting is an opportunity for the Governing Board members to provide input, brainstorm ideas, and come up with proposed solutions. The Board should bring forth the concerns of the stakeholders and different people involved in the project, give some sense of what is happening as a result of those concerns, and talk about the possible solutions and ideas for moving forward. Mr. Lawlor mentioned that one idea was to bring in a Durational Project Manager (2-3 years) that would work on the CISS project as well as stakeholder relations. This solution has already been approved by OPM and candidates are being identified. Mr. Lawlor stated that it is “very important at this point to hold weekly meetings with key people to address and resolve issues.” Attendees would include himself, Ms. Buffkin, Mr. Thakkar, the vendor, and any Governing Board members who wish to attend. It was suggested that these meetings occur until the project is back on schedule. Mr. Lawlor emphasized that, in conversations with the Governor, Auditors Office, Mark Raymond and others, they are “all committed to getting this project completed. Sean didn’t have the initial resources needed, so we are now at the point of maximum pressure. Problems have surfaced and they need to get resolved.” It was requested to the Board that the members all participate today and after as they feel appropriate. Judge Carroll said he had a discussion with Phil Conen (Xerox) and determined that the problem is not a technology problem – the technology exists to create a working system. The problem is that information is siloed in different locations and we need to find a way to get that information to law enforcement and other users through one central pipeline; and to resolve the stakeholder concerns and remove the identified impediments. Judge Carroll said that it may take a little more time on our part, but stakeholder agencies need to be more involved and offer resolutions to the impediments they have identified. Mr. Michael Pollard said he is absolutely convinced that “if we don’t walk out of here as a team and embrace this, this project will fail.” He identified three key elements that need to exist in order to succeed: Collaboration– people must have a common ground Communication – resolve issues, open up dialog Alignment – if there is no alignment, the probability of failure goes up II. PowerPoint Presentation  August 15 Governing Board Meeting Minutes Page 2 of 7           Mr. Thakkar, CJIS Executive Director, presented the agenda. He reiterated Mr. Pollard’s statement and committed CJIS to do what it takes to move the project forward. Mr. Thakkar then introduced Mark Tezaris, CJIS Program Manager, for a brief status update on CISS. Mr. Tezaris presented an update on CISS. (Slides 3-11). The target completion date for PRAWN (Paperless Re-Arrest Warrant Network) and OBIS (Offender Based Information System) was changed to January 2014. Judge Carroll asked Mr. Tezaris what the probability is of Wave 0, Version 1.5 ending in September 2013. Mr. Tezaris said it was highly likely and that they are 60-70% completed. Search Release1 (PRAWN and OBIS) is targeted for completion by the end of January 2014 and will include additional functionality while MNI/CCH will be moved to a future release. Mr. Kane wanted to know about the significant issues on these releases. Mark Tezaris said that some things are not working as first thought. Issues occur when we meet with stakeholders to define the requirements, specifically the data elements and business rules. CJIS will facilitate source agencies and consumers of that data to come together to determine what is needed, what can be shown and what cannot be shown. This is where there are glitches. Judge Carroll mentioned that there may be claimed statutory and policy bars to prevent the disclosure of certain information but that all developers have exercised Non-Disclosure Agreements, so it should be something that is solvable. In discussing some of the target milestones, Mr. Tezaris said that Wave 1’s requirements are moving forward. For Record Management System (RMS) vendors, CJIS is developing the technology document for how the RMS will interface to CISS. Judge Carroll asked how many RMS vendors there are. Mr. Tezaris said that of the twenty-eight, there are twenty-three that are currently servicing Law Enforcement Agencies. Mr. Kane asked if the large municipalities are on board. Mr. Tezaris said they are but, it is a timing issue. CJIS is ready to move forward now with some. Arrest information will be obtained to close any gaps. Mr. Tezaris outlined two key risks. o First, all of the stakeholders are collaborating and there are some concerns that can’t be addressed at the CJIS program level. Because CJIS is trying to change a lot of things within the criminal justice system in two years, there are problems arising with agencies that can’t change quickly enough.  One reason is a lack of resources and time to integrate with CISS. CJIS will help to bring in resources to help build and test, but they do not replace the Subject Matter Expert (SME). Mr. Tezaris said that CJIS is looking at providing technical resources and possibly financial assistance to help mitigate the mentioned risk.  Another reason is issues concerning the sharing of specific data elements by source agencies. Therefore, we have created a Governance Process to help resolve these issues between source agencies and consumers of that data by facilitating meetings between the two. If the issues are not resolved after the meetings, then the CJIS Executive Director will escalate the issues to the CJIS Governing Board for final determination.  The final reason is the perception by some stakeholders that CISS is a competitive and redundant system in relation to their own. This causes significant delays to the project schedule, increased costs, and strained relationships with stakeholders, CJIS, and the vendor. Mr. Tezaris spoke about the second risk, which is FBI data being received, transmitted, or stored by CISS and the relationship with a CJIS Security Policy. These delays have a negative “domino” effect  August 15 Governing Board Meeting Minutes Page 3 of 7              in many other areas of the project including delays to the project schedule, increased costs, and strained relationships with some stakeholders, CJIS, and the vendor. Agreement was obtained by both Administrative and Technology Committees to use Search.org, a non-profit organization that specializes in data sharing for criminal justice agencies, to be an independent facilitator in the creation of the CJIS Security Policy jointly with the FBI and DASBEST security experts. Mr. Kane asked if the FBI will do it? Mr. Tezaris said it is our understanding that they will. Commissioner Currey asked if a model exists anywhere in the country where this has been done successfully. Mr. Tezaris said there is, and what he found out was that they had experienced the same problems as we are. In some states, where the Governor has said to do it, it moves forward. In other states, they get people together in a room with an independent moderator and go step-by-step through the process. Mr. Kaelin added that throughout those states and regions, the two common issues are (1) what is actual data being shared and (2) what the FBI’s interpretation is. One example is the state ID – a data element that is not generally an FBI data element. Mr. Tezaris introduced Nance McCauley, CJIS Business Manager. Ms. McCauley provided an update on the Business team’s activities. (Slides 12-13). The search releases are expected to be completed in the first quarter of 2014 and all requirements defined for Phase 1 by February, 2014. Ms. McCauley introduced Rick Ladendecker, CJIS Technology Architect. Mr. Ladendecker surmised the status of the Technology department’s activities. (Slide 14). He said that it is now time for the twenty-three RMS vendors to come aboard. There is now a way to get data much faster. CJIS is working with some vendors to make a prototype and try it out. There is collaboration with Xerox and Microsoft on a new architecture. They will take a large environment and clone it. The plan is to have 600 virtual machines, for version one, two, and three. Mr. Ladendecker introduced Bob Kaelin of MTG. Mr. Kaelin presented the findings of the IV&V report. (Slides 16-18) Risk increased significantly since the last Governing Board meeting, from 62 to 68 percent. Areas to concentrate on are Scope, User Involvement, Organization, Project Controls, and Contractor Performance. . These risks are due in part by the conflict between DESPP and CJIS over FBI data, lack of collaboration with the stakeholders, an increase in consulting staff, and issues surrounding Xerox’s contract. Judge Carroll asked Mr. Kaelin to describe the methodology he uses to come up with these risks. Mr. Kaelin says he uses sixty criteria, five for each of the twelve areas, which are then rated on a scale of low, medium, or high. Data is collected through interviews, Dennis Gaige calling into the weekly status meeting, and periodic calls with the CJIS staff, it’s purely observational. Mr. Lawlor wanted to know if there are benefits for a weekly status meeting. Mr. Kaelin said that the key is communication. It’s a chance to nip things in the bud early. Mr. Lawlor wanted to know what the barometers are that show the fluctuation. Mr. Kaelin said that there was nothing specific that created the risk, rather it was compounded. Mr. Kaelin said that CJIS projects are unique. Other projects see an increase in risk go up on the first year, and then go down the next two to three years. This project has stayed the same for eighteen months, and has remained at sixty-two to sixty-three percent for a while. Now it is going up, however, this was not unexpected or atypical. There is solid political support and solid funding. The amplitude (how high the risk is) is lower than most other projects. Comparatively this project is not as bad as most projects. Commissioner Currey stated that what she is hearing is that the problem exists between CJIS and DESPP, and why not deal with resolving that issue first? Mr. Kaelin said that it is solvable and is in  August 15 Governing Board Meeting Minutes Page 4 of 7               the works. Mr. Lawlor added that the interpersonal issues need to be dealt with in a respectful and transparent way. Chief Mulhall asked Mr. Kaelin if he and Mr. Gaige took into consideration that there were not any CJIS staff in the first six months, and if hiring a lot of new people at once added to the confusion. Mr. Kaelin said that to some degree it may have, but the hiring has not been necessarily in alignment with the readiness to do the work. Mr. Kane wanted to know if there is more to the problem than agencies viewing CISS as competitive and redundant. He believes that there are legal and regulatory obstacles that need to be adhered to. He also mentioned having better communications and coordinating with the FBI. He believes that they need to find a vehicle to work with legal and regulatory processes. Mr. Kaelin agreed that there is not enough clear communication as to what we are trying to do. It compounds the agency concerns and what they will do. He said that we need to get people together to find out what CJIS should and can have, and what is restricted. Commissioner Bradford said that DESPP fully supports this project. He said that they are not being obstructionists, but they will not do it if it violates mandates that they have with COLLECT with the FBI. Mr. Kaelin said that CISS will not compete with COLLECT. CISS is designed to be an information source for the rest of the community. CISS does not need any information that is FBI data. Commissioner Bradford said that he understood that it can’t be. If FBI information is not included, it means that you don’t have all of the information. Mr. Kaelin said that CISS does not need any information that is FBI data. The purpose of CISS is to link state data together. The state ID is needed, which is data from AFIS. Commissioner Bradford understood that the State ID is only state information, and Mr. Kaelin agreed. The idea is to link state data together, to get a complete picture of that individual or that event across where we interacted with them. Commissioner Bradford wanted to know how one would find out about infractions in other states. Mr. Kaelin said that the agency will take the State ID, if possible and others states do this, the FBI number, and then go to COLLECT and run the FBI number. CISS was never intended to be a national information source. Commissioner Bradford asked if we have that system now. Mr. Kaelin replied that we did not. NELTS does not get information from the stovepipes across the state. That’s the reason that OBTS is ineffective today. Commissioner Bradford wanted to know what the problem was. Mr. Lawlor said that the process that exists right now hasn’t been helpful in getting to that answer. Mr. Jason Mull (Xerox/CJIS Security Expert) is able to explain what information you can run. For Joan Hilliard, it helps to understand what is needed and better understand what is being proposed. Example: you can’t go back eight years to find a report right now. Now it’s a whole production to get things. With CISS, you can. Mr. Kaelin said that the State ID is a biometrically validated way of validating people. It is important base information to attach a record to. It does not exist in OBTS today. Even the best algorithms don’t work correctly. Mr. Lawlor said that the decision was made early on to base the system on an FBI number. Mr. Kaelin said no, not the FBI number. He said that we’ve confused AFIS and IAFIS, which is federal and we’ve confused State ID with FBI numbers. The intent is not to store IAFIS information. It creates a whole new mandate of requirements that we have to deal with. Mr. Lawlor mentioned that there is a process now, with Xerox and others, to find out what is  August 15 Governing Board Meeting Minutes Page 5 of 7              exactly going on. What’s happening now, he said, should have happened two years ago. Chief Mulhall said that it was discussed but the players have changed. Information was always state information based on UAR, misdemeanor, and infractions. The idea was to decide who gets what information and be able to see someone from point of arrest to release. Local agencies would pass information to the state system and decide who gets the information, and the record was corrected and returned as a clean record. You would see someone from the point of arrest to point of release. CISS was not designed to be like COLLECT. AFIS provides a printout, the agency enters information into the NCIC system, and then the FBI number is used in COLLECT. The FBI number means nothing. It would be helpful to store the FBI number in the RMS system for the investigator to find out about a federal record. We do not share the number, and no data is shared. FBI number is stored only to get information. It is a closed system. Mr. Kane said that he is not sure we understand the difference between IAFIS and AFIS. It’s more of a communication problem. He wanted to know what we are losing. His understanding is that CJIS said that unless we do not get access to FBI, it won’t work. Chief Mulhall said that there is no loss. When it’s constructed, CISS must be in compliance with FBI rules and requirements. There are smaller systems in our state and there’s nothing in our systems that are FBI information. This is geared to get arrest information. Agencies are identified and checked to make sure they are legitimate to get information. Information has to be checked. Business rules are put out and they are following that. It is important to stakeholders to make sure the rules that you have are being followed. FBI numbers will not be used for public safety agencies. Mr. Lawlor said that Mr. Kane mentioned that CJIS needed access to state police information and if they didn’t get this, the project would grind to a halt. He wanted to know what this access was about. Mr. Kaelin said that CJIS was looking for the AFIS ID. The reluctance was in the confusion of what went with it, what the record set was and where it would come from. Mr. Lawlor said that the challenge is to figure it out and move forward. Mr. Kane said that we need to figure out how important other information would be. When fingerprints are taken, they go to the FBI and a prior history may come back. Mr. Kaelin said that information still comes back to the agency (state police), and CISS gets updates of the state AFIS. The FBI number allows you to get an instant check on the person you are looking for, if the number is there. Chief Mulhall summarized that if you don’t have it, it takes longer to search for it, but the agency will eventually get it. Fingerprints go up the line to the state police, then to the FBI. Information comes back to state police and goes into the system and a printout is made. This information is entered into our system. The AFIS ID will eliminate all of this paperwork. The key is to use the AFIS number as a unique identifier. All departments have their own number system. Mr. Kane said that it seems important to find a solution and that Judicial needs the information too. Chief Mulhall said that the system has three parts, UAR, misdemeanor, and infractions, which carry their own numbers. The system creates a way of doing it. In the end, there will be a CJIS number. Mr. Kane mentioned that it would be phenomenal if you could go to another state for other information. Mr. Kaelin said that the design is extensible. The Legislature wants to fix our house first. Under FBI guidance, there are other national types, once called CONNECT, that link CISS systems. Chief Mulhall reminded everyone that the system didn’t replace COLLECT. Before we use  August 15 Governing Board Meeting Minutes Page 6 of 7        COLLECT and AFIS, the intention is to check using other information. It would be nice to punch a name in and get everything. Mr. Kaelin, summing it up, said that the program is twelve months overdue. This significantly impacts the XEROX work effort, and without a mechanism to compensate them it won’t work. He also said that they should not be doing work that is not in the plan. The project team is larger and accomplishing work at the expected pace, but potentially, it may raise cost of project, so it should have our attention and be properly managed. Mr. Kaelin said that the project should continue with the UAR piece. The project team must refocus and get stakeholders engaged. It is important to get the Xerox schedule and work effort aligned, and publicly let people know and get the buy in from the stakeholders. Mr. Conen brought up some key issues: work out what CISS is, figure it out and let them know. Xerox does not need the FBI information. This collaboration is very important. Every time the requirements for search are looked at, it’s from the point of view of people that have data. CISS needs to search for people who are going to consume it. He suggested that we put people that need information and those that have information together and help them to work it out. Mr. Pollard said that from a Board standpoint, it should first mitigate the risks and increase transparency. It would also be helpful to have an Executive Summary of the data on the slides. As it is, he doesn’t understand what is being conveyed. The Board should have tactical plans of what will happen between meetings. They should think more about what is needed and be more accountable. He suggested that maybe the Board should meet six times a year. He feels like he is not coming away with a clear idea of what has happened and what needs to happen. Mr. Lawlor suggested a plan to meet a month from now. The contractual issues with Xerox need to be resolved and there is a need to discuss compliance and determine the new project manager. He also suggested that the Board, Mr. Thakkar, Mr. Kaelin, Xerox and other stakeholders who are interested meet weekly. Mr. Pollard reiterated that the Board needs to know the critical issues that need attention immediately between now and the next meeting. III. Minutes of previous meeting Mr. Lawlor asked for any additions or corrections to the minutes of the previous meeting held on April 18, 2013. There being no changes to the minutes, a motion was made by Mr. Pollard and seconded by Mr. Kane. The minutes were approved unanimously. IV. Introductions and Conclusion Mr. Lawlor introduced Patty Meglio, the technical writer. He also welcomed Representative Joe Verrengia. We will get back about the meeting next month, and about the weekly meeting, in perhaps a conference call. There being no further business, the meeting was closed at approximately 3:45 pm. The next meeting, to take place in September, will be announced at a later date.  August 15 Governing Board Meeting Minutes Page 7 of 7 