FBI APB June 2017 Staff Papers (1).pdf

Viewer
Transcript

Criminal Justice Information Services (CJIS) Advisory Policy Board (APB) June 7-8, 2017 Jacksonville, Florida AGENDA as of 5/16/17

Wednesday, June 7, 2017 9:00 a.m. Board Convenes Mr. Michael D. McIntyre, Jr. Acting Designated Federal Officer CJIS Division Federal Bureau of Investigation Roll Call Mr. John K. Donohue APB Chairman Assistant Chief Executive Officer Intelligence Bureau New York City Police Department Introduction of Attendees and Special Guests Mr. John K. Donohue Welcoming Remarks Mr. Charles P. Spencer Special Agent in Charge Jacksonville Field Office Federal Bureau of Investigation Mr. Mike Williams Sheriff Jacksonville Sheriff’s Office

*No staff paper 1

CJIS Advisory Policy Board Wednesday, June 7, 2017 Item #1* Executive Briefings Mr. Christopher M. Piehota Executive Assistant Director Science and Technology Branch Federal Bureau of Investigation Mr. Douglas E. Lindquist Assistant Director CJIS Division Federal Bureau of Investigation Item #2* National Crime Prevention and Privacy Compact Council Report Ms. Dawn A. Peck - Chair Manager Bureau of Criminal Identification Idaho State Police Item #3 Chairman's Report on the National Data Exchange Subcommittee Ms. Carol A. Gibbs – Vice Chair Illinois State Police Item #4 Chairman's Report on the National Instant Criminal Background Check System (NICS) Subcommittee Ms. Lynn Rolin - Chair South Carolina Law Enforcement Division Item #5* NICS Section Status Report Ms. Robin A. Stark-Nutter Chief, NICS Section CJIS Division Federal Bureau of Investigation

*No staff paper 2

CJIS Advisory Policy Board Wednesday, June 7, 2017 Item #6* National Consortium for Justice Information and Statistics Update Ms. Becki Goggins Director, Law and Policy SEARCH Item #7* Nlets, The International Justice and Public Safety Network Update Ms. Kate Silhol Lead Software Engineer Nlets Item #8 Chairman's Report on the National Crime Information Center (NCIC) Subcommittee NCIC 3rd Generation Task Force Update Mr. Walter M. Neverman - Chair Director Crime Information Bureau Wisconsin Department of Justice Item #9 Chairman's Report on the Identification Services Subcommittee Mr. Michael C. Lesko - Chair Deputy Assistant Director Crime Records Service Texas Department of Public Safety Item #10* The International Association for Identification Update Mr. Larry Stringham Board of Directors IAI

*No staff paper

3

CJIS Advisory Policy Board Wednesday, June 7, 2017 Item #11* Use of Force Update Colonel Douglas A. Middleton Deputy County Manager for Public Safety Henrico County Manager’s Office Henrico, Virginia Item #12 Chairman's Report on the Uniform Crime Reporting Subcommittee Colonel Douglas A. Middleton - Chair Item #13* National Incident-Based Reporting System Conversion Update Ms. Amy C. Blasher Chief, Crime Statistics Management Unit CJIS Division Federal Bureau of Investigation Item #14* Chairman's Report on the Compliance Evaluation Subcommittee Ms. Dawn A. Peck – Chair Confirmation - APB Representative for the Compact Council

*No staff paper

4

Day Two - Board Reconvenes CJIS Advisory Policy Board Thursday, June 8, 2017 Item #15* U.S. Office of Personnel Management National Background Investigations Bureau Mr. Charles S. Phalen, Jr. Director National Background Investigations Bureau U.S. Office of Personnel Management Item #16 Chairman's Report on the Security and Access Subcommittee Mr. Bradley D. Truitt – Chair Information Systems Director Tennessee Bureau of Investigation Item #17* CJIS Information Security Officer Update Mr. George A. White Chief, CJIS Information Assurance Unit CJIS Division Federal Bureau of Investigation Item #18* Conference of Chief Justices Mr. Corey R. Steel State Court Administrator Administrative Office of the Courts Nebraska Supreme Court Item #19* Tribal Update Mr. Christopher A. Nicholas Chief, Law Enforcement Support Section CJIS Division Federal Bureau of Investigation Mr. William J. Denke - Chair Chief of Police Sycuan Tribal Police Department El Cajon, California *No staff paper 5

CJIS Advisory Policy Board Thursday, June 8, 2017 Item #20* Association of State Uniform Crime Reporting Programs Update Mr. Derek Veitenheimer Wisconsin Department of Justice ASUCRP Representative to the APB Item #21* International Association of Chiefs of Police Update Mr. Mark A. Marshall Sheriff Isle of Wight County Sheriff’s Office Windsor, Virginia Item #22* Major County Sheriffs’ Association Update Mr. Anthony Wickersham Sheriff Macomb County Sheriff’s Office Mt. Clemens, Michigan Item #23* National Sheriffs’ Association Update Mr. John W. Thompson Deputy Executive Director National Sheriffs' Association Alexandria, Virginia Item #24* Major Cities Chiefs Association Update Colonel Edwin C. Roessler Chief of Police Fairfax County Police Department Fairfax, Virginia

*No staff paper

6

Other Business Adjourn Advisory Policy Board

7

CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) ADVISORY POLICY BOARD (APB) JACKSONVILLE, FL JUNE 7-8, 2017 STAFF PAPER APB ITEM #3 Chairman's Report on the National Data Exchange (N-DEx) Subcommittee N-DEx ISSUE #1* N-DEx Program Status N-DEx ISSUE #2 Approach for the National Instant Criminal Background Check System to Query the N-DEx System as a Secondary Resource N-DEx ISSUE #3 N-DEx Audit Task Force System Access Policy Proposal N-DEx ISSUE #4** N-DEx Audit Program Update N-DEx ISSUE #5** National Crime Information Center 3rd Generation Project Update N-DEx ISSUE #6 CJIS Division Tribal Engagement Program Update N-DEx ISSUE #7** Law Enforcement Enterprise Portal Update

Ad Hoc Discussion Items** • Probation/Parole ORI Structure Solution • N-DEx User Survey Discussion • New N-DEx Use Code “S” • Federal CSO Pilot Project • Integrated Justice Information Systems Report

*Delivered with the Information Only staff papers **No staff paper

APB Item #3, Page 1

CJIS ADVISORY POLICY BOARD (APB) NATIONAL DATA EXCHANGE (N-DEx) SUBCOMMITTEE CLARKSBURG, WV APRIL 25, 2017 STAFF PAPER N-DEx ISSUE #2 Approach for the National Instant Criminal Background Check System (NICS) to Query the N-DEx System as a Secondary Resource PURPOSE To request endorsement of the proposed additions to the N-DEx Policy and Operating Manual to account for the permanent expansion of the NICS to query the N-DEx System as a secondary resource. POINT OF CONTACT NICS Section, NICS Business Unit Law Enforcement Support Section, N-DEx Program Office Questions regarding this topic should be directed to REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide appropriate comments, suggestions, and recommendations regarding the proposed approach, specifically the proposed N-DEx Policy and Operating Manual language, for the permanent expansion of the NICS to query the N-DEx System. BACKGROUND The Brady Handgun Violence Prevention Act of 1993 (Brady Act) required the United States Attorney General to establish the NICS for Federal Firearms Licensees (FFL) to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: •

Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.”

N-DEx Issue #2, Page 1 APB Item #3, Page 2

•

Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.”

•

Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.”

A NICS background check is conducted based on the subject’s name and descriptive data to identify any matching records in the national databases comprising the NICS. Currently, the databases searched as a primary resource include the Interstate Identification Index (III), the National Crime Information Center (NCIC), and the NICS Index. During the NICS background check, if the NICS returns to the user a hit based on the data provided, the transaction is reviewed to determine if a valid match has occurred and if a prohibiting record exists. If the transaction has been reviewed and it is determined that a valid match exists based on the descriptive data, the NICS Section will review secondary resources such as the Disposition Document File (DDF), the Voluntary Appeal File Database, the ATF Relief of Disabilities Database, and state websites as necessary. This would be considered a secondary search after a potential prohibition has been determined. In addition, if the prospective buyer is a non-U.S. citizen, the FBI Criminal Justice Information Services (CJIS) Division’s NICS Section submits an Immigration Alien Query to the Department of Homeland Security’s U.S. Immigration and Customs Enforcement. When conducting research for a potentially disqualifying offense, the NICS Legal Instruments Examiner may need to contact external entities. The process of contacting the agency and receiving the response can be a lengthy process. If the information needed to make a final determination cannot be obtained within the three-business-day expiration, and the NICS Section is unable to provide a proceed or deny response, it is at the discretion of the FFL whether to transfer the firearm. This creates a potential threat to both public and officer safety. The N-DEx System is a national investigative information-sharing system which contains records that span the criminal justice lifecycle, and includes information related to incident/case reports, arrests, missing persons’ reports, service calls, booking and incarceration reports, pretrial, probation and parole reports, warrants, citations/tickets, and field contacts/interviews. The N-DEx System was developed and is managed by the FBI CJIS Division and is provided to local, state, tribal, and federal criminal justice agencies. The N-DEx System’s information promotes public safety from the initial contact to the supervision of an individual reintegrated into the community. In a collaborative effort between the NICS Section and the N-DEx Program Office (PO), along with support from the CJIS Division Advisory Policy Board (APB) Executive Committee members, a pilot project was facilitated to expand the background check for the NICS Section to include a query of the N-DEx System. The purpose of the pilot was to determine whether the information in the N-DEx System would lead to more timely or additional determinations as to

N-DEx Issue #2, Page 2 APB Item #3, Page 3

whether an individual was prohibited from purchasing a firearm, as well as those individuals eligible to possess and receive firearms. At the conclusion of the pilot, it was determined the data provided to the NICS Section from the N-DEx System was valuable in providing information prior to the third business day and would be beneficial to add as a permanent expansion to the NICS background check process as a secondary resource. These findings were supported by the APB’s decision at its Fall 2016 Meeting where it motioned “The N-DEx System will be a secondary search within the NICS background check process and the information will be treated as other secondary sources.” DISCUSSION AND ANALYSIS The NICS Section and the N-DEx PO have partnered to formulate and identify the key success factors to implement the ability for the NICS to query the N-DEx System as a secondary resource. A high-level synopsis of those required changes necessary for the permanent implementation are provided below: Technical Focus Area As a secondary resource, the NICS will only search the N-DEx System if a potential prohibition is found from one of the three national databases (NCIC, III, and NICS Index) searched by the NICS. The N-DEx System information will be provided to the NICS Section via the NICS. The state entities conducting a background check, in accordance with the permissible uses of the NICS, may be provided the information either via the NICS State Information Sharing Initiative (SISI) or via logging into the N-DEx System. With the secondary search, the states are not mandated to query the N-DEx System for the additional information. However, if a state elects to obtain the N-DEx System information via the NICS, they would need to opt in to the SISI. When the user submits a query of the NICS record with the extended search options, all data is returned via the existing NCIC message interface. The exception to this is the DDF image data, which is binary in nature and cannot be made available for download via a Web server hosted on the CJIS Division Wide Area Network. Instruction and guidelines for SISI will be provided on the Interface Control Document via the Law Enforcement Enterprise Portal (LEEP). If a user chooses to obtain the N-DEx System information via the SISI, the N-DEx System will perform two simultaneous searches after it receives a query, the Use Code “F”, and Search Reason from the NICS. The N-DEx System searches all of the person entities and records within the N-DEx System. A query of the N-DEx System via the NICS would return potential person entity matches and records, according to the user’s search criteria. The user would review the person entities and records to determine if they are matches to their initial query. Once a match is determined, the user would open the N-DEx System records to review the information. All searches to the N-DEx System would meet or exceed current NICS performance requirements. If a user wants to search the N-DEx System directly, they will need to log in via their identity provider and be granted Use Code “F” search privileges by the CJIS Systems Officer (CSO). N-DEx Issue #2, Page 3 APB Item #3, Page 4

This will require the CSO, in his or her role as N-DEx administrator, to access the N-DEx System and provide the user with Use Code “F” search privileges via the N-DEx user management tools. Once completed, the user will be able to log into the N-DEx System, select the NICS-related Checks Use Code “F,” insert their search reason, and then conduct their search request. Audit Focus Area The NICS Section and the N-DEx PO collaborated with the CJIS Audit Unit (CAU) and were provided preliminary guidance on the audit requirement for the permanent expansion of the NICS, to include the N-DEx System. All users who access the N-DEx System as a secondary resource (through the NICS or directly) will be subject to N-DEx System audits. However, due to the N-DEx System being accessed as a secondary resource, there will be no impact to the NICS audit. The N-DEx System audit is a policy-based audit, conducted via teleconference, which assesses agencies’ users, to include their system access and data usage, according to the CJIS Security Policy and the N-DEx Policy and Operating Manual. The N-DEx PO, through a partnership with the CAU, has developed tools, such as the N-DEx Audit Best Practices document and standardized questions) to support CSOs and agencies with their N-DEx System audit. Additionally, the N-DEx PO will provide the NICS Section with policy compliance information to incorporate into the NICS Section training. Training/Outreach Focus Area The NICS Section has provided training modules for all of the federal prohibitions and necessary criteria via the LEEP. Additionally, the NICS Section will provide training modules to the state entities on LEEP to include screen shots of the N-DEx System’s data as provided via the NICS. The NICS Section will modify their standard operating procedures to provide instructions and navigation steps to obtain the N-DEx System’s data via a query of the secondary databases. The NICS Section will conduct a teleconference with the ATF to provide awareness of the new search capability and the potential of an increase in their workload. In addition, the NICS Section will conduct a teleconference with the state NICS users. The N-DEx PO has developed and provided its user community with multiple resources to further their understanding of the N-DEx System and policies. These resources include, but are not limited to: computer-based training modules, video tutorials, quick reference cards, and policy and reference manuals. The resources will be made available to all NICS users and are currently available on the N-DEx System or by contacting the N-DEx PO. In addition to assisting with outreach to the NICS users, the N-DEx PO will contact all of the N-DEx System record-owning agencies to discuss with them, answer questions, and identify their sharing rules (i.e., Green or Red) for the permanent implementation of Use Code “F.”

N-DEx Issue #2, Page 4 APB Item #3, Page 5

Legal and Privacy Focus Area The NICS Section and the N-DEx PO have already begun taking the necessary steps to update their legal and privacy documentation to include the Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIA) and System of Records Notices (SORN). The FBI’s Office of the General Counsel (OGC) has opined that a change to the current NICS regulation will not be necessary for a query of the N-DEx System as a secondary resource. The NICS Section is preparing a PTA to provide information relating to the connectivity between the NICS and the N-DEx System. The NICS Section is updating the PIA to indicate the N-DEx System will be leveraged for NICS background checks as a secondary resource. The NICS Section is preparing the SORN to ensure all information is accurate to NICS practices. Similar to the NICS Section, the N-DEx PO’s PTA is being updated to document the required changes for the permanent implementation of the N-DEx System as a secondary resource for the NICS. The N-DEx PO, in collaboration with the OGC, is also updating its PIA and SORN to incorporate all of the necessary information regarding the utilization of the N-DEx System by the NICS as a secondary resource. Policy Focus Area The NICS Section and the N-DEx PO will continue to adhere to all the existing policies and procedures and meet the NICS purge requirements. However, following a review of the N-DEx Policy and Operating Manual, a need was identified to update the policy manual to account for the permanent expansion of the NICS to query the N-DEx System as a secondary resource. The N-DEx PO recommends the following additions to the N-DEx Policy and Operating Manual. Proposed additions to existing policy are indicated by underline (inserts). •

Revise Policy 1.2.7 to read as follows: “In accordance with the CJIS Security Policy and consistent with 28 C.F.R. Part 20, Subpart A, N-DEx System access is restricted to “criminal justice agencies” and agencies performing the “administration of criminal justice” or “NICS-related checks.”

•

Add the following policy language under Policy 1.3.4 Acceptable System Use: “National Instant Criminal Background Check System (NICS)-related checks, i.e., to obtain information when conducting a NICS-related background check.”

•

Add the following policy language under Policy 1.3.6 Use Code: “National Instant Criminal Background Check System (NICS)-related checks Use Code “F”: Must be used when the N-DEx System is utilized to conduct NICS-related background checks.” The NICS-related checks must be made in accordance with the Brady Handgun Violence Prevention Act of 1993 (Brady Act). In addition, the N-DEx System shall purge all Use Code “F” search criteria in adherence with the Consolidated Appropriations Bill, H.R. 2673, as is required by the NICS operating procedures and policies. N-DEx Issue #2, Page 5 APB Item #3, Page 6

The Brady Act required the U.S. Attorney General to establish the NICS for Federal Firearm Licensees to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: o Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.” o Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.” o Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.” Implementation Timeframe The NICS Section and the N-DEx PO are currently sponsoring multiple initiatives in the focus areas discussed earlier to fulfill the required changes necessary for the permanent implementation. The FBI CJIS Division estimates, based on the workload, the concept implementation should take approximately 12-24 months. OPTIONS The Subcommittee is requested to recommend one of the options for the proposed additions to the N-DEx Policy and Operating Manual. Proposed additions to existing policy are indicated by underline (inserts). Option 1—incorporate the following policies into the N-DEx Policy and Operating Manual: •

Revise Policy 1.2.7 to read as follows: “In accordance with the CJIS Security Policy and consistent with 28 C.F.R. Part 20, Subpart A, N-DEx System access is restricted to “criminal justice agencies” and agencies performing the “administration of criminal justice” or “NICS-related checks.”

•

Add the following policy language under Policy 1.3.4 Acceptable System Use: “National Instant Criminal Background Check System (NICS)-related checks, i.e., to obtain information when conducting a NICS-related background check.”

•

Add the following policy language under Policy 1.3.6 Use Code: “National Instant Criminal Background Check System (NICS)-related checks Use Code “F”: Must be used when the N-DEx System is utilized to conduct NICS-related background checks.” N-DEx Issue #2, Page 6 APB Item #3, Page 7

The NICS-related checks must be made in accordance with the Brady Handgun Violence Prevention Act of 1993 (Brady Act). In addition, the N-DEx System shall purge all Use Code “F” search criteria in adherence with the Consolidated Appropriations Bill, H.R. 2673, as is required by the NICS operating procedures and policies. The Brady Act required the U.S. Attorney General to establish the NICS for Federal Firearm Licensees to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: o Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.” o Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.” o Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.” Option 2—No Change RECOMMENDATION The FBI recommends the proposed additions to the N-DEx Policy and Operating Manual to account for the permanent expansion of the NICS querying the N-DEx System as a secondary resource.

SPRING 2017 WORKING GROUP ACTIONS:

FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried.

NORTH CENTRAL WORKING GROUP ACTION: Motion 1: To accept Option 1 as outlined in the staff paper. Action: Motion carried.

N-DEx Issue #2, Page 7 APB Item #3, Page 8

Motion 2: Action:

Identify the process for the ability to tie the original (primary) search to the reason for conducting the secondary search. Motion carried.

NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1 as outlined in the staff paper. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. SPRING 2017 SUBCOMMITTEE ACTIONS: SPRING 2017 N-DEx SUBCOMMITTEE ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. SPRING 2017 NICS SUBCOMMITTEE ACTION: Accepted as information only. SPRING 2017 SA SUBCOMMITTEE ACTION: Accepted as information only.

N-DEx Issue #2, Page 8 APB Item #3, Page 9

CJIS ADVISORY POLICY BOARD (APB) NATIONAL DATA EXCHANGE (N-DEx) SUBCOMMITTEE CLARKSBURG, WV APRIL 25, 2017 STAFF PAPER N-DEx ISSUE #3 N-DEx Audit Task Force System Access Policy Proposal PURPOSE To inform the Subcommittee of the N-DEx Audit Task Force results and recommend a permanent implementation of the proposed system access policy. POINT OF CONTACT Law Enforcement Support Section, N-DEx Program Office Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide appropriate comments and suggestions. BACKGROUND As the N-DEx System Audit has begun its initial sanctionable cycle, members of the N-DEx Subcommittee recognized the need to clarify audit expectations and work towards the creation of system functionalities that will allow more streamlined audit practices, while decreasing the resource burden which audit places on the Criminal Justice Information Services (CJIS) Systems Officers (CSOs) and their staffs. To that end, the N-DEx Subcommittee tasked the N-DEx Program Office to establish an N-DEx Audit Task Force to standardize N-DEx System audit requirements, develop N-DEx System audit tools, and define the ability for CSOs to delegate audit responsibility to regional systems and agency points-of-contact. The N-DEx Audit Task Force is made up of N-DEx Subcommittee Members, CJIS Systems Agency (CSA) representatives, CSOs, and identity provider points-of-contact. DISCUSSION AND ANALYSIS After completing five teleconferences, the N-DEx Audit Task Force has identified N-DEx System access requirements that will enable identity providers to permit access to the N-DEx System via their regional systems. The initial five bullets are requirements stated within the

N-DEx Issue #3, Page 1 APB Item #3, Page 10

current CJIS Security Policy (CSP) and the final bullet is a recommendation from the Audit Task Force specific to N-DEx. The access requirements agreed upon are the following: N-DEx System access requirements include the following: • User attached to a valid Originating Agency Identifier (ORI) – CJIS Security Policy Version 5.4, 5.6 Policy Area 6: Identification and Authentication • User account via a CJIS Division recognized identity provider – CJIS Security Policy Version 5.4, 5.6 Policy Area 6: Identification and Authentication • A national fingerprint-based check (within 30 days of assignment) – CJIS Security Policy Version 5.4, 5.12 Policy Area 12: Personnel Security • A state of residency fingerprint-based check (within 30 days of assignment) – CJIS Security Policy Version 5.4, 5.12 Policy Area 12: Personnel Security • Security Awareness Training (within six months of assignment and biennially thereafter) – CJIS Security Policy Version 5.4, 5.2 Policy Area 2: Security Awareness Training • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. The N-DEx Audit Task Force continues to work toward additional goals and objectives that will be presented as they are completed. OPTIONS The Subcommittee is requested to address the two motions below. Proposed additions to existing policy are indicated by underline (inserts). Motion 1: Option 1 – Approve the following additional requirement for N-DEx users: • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Option 2 – No change

N-DEx Issue #3, Page 2 APB Item #3, Page 11

Motion 2: Option 1 – Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1 above) to the N-DEx Policy and Operating Manual as follows: N-DEx System Access Requirements: Users shall adhere to the following access requirements: • • • • • •

Attached to a valid ORI User account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) Security Awareness Training (within six months of assignment and biennially thereafter) Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met.

Option 2 — No change. RECOMMENDATION The FBI recommends Option 1 for both Motions 1 and 2.

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion 1: To accept Option 1: Approve the following additional requirement for N-DEx users: • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Action: Motion carried. Motion 2:

To accept Option 1: Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1 above) to the N-DEx Policy and Operating Manual as follows: N-DEx System Access Requirements: Users shall adhere to the following access requirements:

N-DEx Issue #3, Page 3 APB Item #3, Page 12

• • • •

Action:

Attached to a valid ORI User account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) • Security Awareness Training (within six months of assignment and biennially thereafter) • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Motion carried.

NORTH CENTRAL WORKING GROUP ACTION: Motion: To accept Option 1 on both Motions Option 1: Approve the following additional requirement for N-DEx users: •

Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met.

Option 1: Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1 above) to the N-DEx Policy and Operating Manual as follows: N-DEx System Access Requirements: Users shall adhere to the following access requirements: • • • •

Action:

Attached to a valid ORI User Account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) • Security Awareness Training (within six months of assignment and biennially thereafter) • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity pkrovider, to ensure any additional state-imposed access requirements for N-DEx are met. Motion carried with 19 Yay/1 Nay

N-DEx Issue #3, Page 4 APB Item #3, Page 13

NORTHEASTERN WORKING GROUP ACTION: Motion 1: To accept Option 1: Approve the following additional requirement for N-DEx users: • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Action: Motion carried. Motion 2:

To accept Option 1: Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1 above) to the N-DEx Policy and Operating Manual as follows: N-DEx System Access Requirements: Users shall adhere to the following access requirements: • • • • •

Action:

Attached to a valid ORI User account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) Security Awareness Training (within six months of assignment and biennially thereafter) • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Motion carried.

SOUTHERN WORKING GROUP ACTION: Motion 1: To adopt Option 1: Approve the following additional requirement for N-DEx users: Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Action: Motion carried. Motion 2:

To adopt Option 1: Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1 above) to the N-DEx Policy and Operating Manual as follows:

N-DEx Issue #3, Page 5 APB Item #3, Page 14

N-DEx System Access Requirements: Users shall adhere to the following access requirements: • • • • •

Attached to a valid ORI User account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) Security Awareness Training (within six months of assignment and biennially thereafter) Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Motion carried.

•

Action:

WESTERN WORKING GROUP ACTION: Motion 1: To accept Option 3. Approve the following additional requirement for N-DEx users: Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the regional data sharing provider, to ensure any additional state-imposed access requirements for N-DEx are met. Action:

Motion carried.

Motion 2:

To accept Option 3: Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1 above) to the N-DEx Policy and Operating Manual as follows: N-DEx System Access Requirements: Users shall adhere to the following access requirements: • • • • •

Action:

Attached to a valid ORI User account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) Security Awareness Training (within six months of assignment and biennially thereafter) Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the regional data sharing provider, to ensure any additional state-imposed access requirements for N-DEx are met. Motion carried.

N-DEx Issue #3, Page 6 APB Item #3, Page 15

SPRING 2017 N-DEx SUBCOMMITTEE ACTION: Motion1a: To accept Option 1: Approve the following additional requirement for N-DEx users: • Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator, and not incumbent upon the identity provider, to ensure any additional state-imposed access requirements for N-DEx are met. Action: Motion carried. Motion1b:

Action: Motion 2:

To revise the language of Motion 1a to “Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator to ensure any additional state-imposed access requirements for N-DEx are met.” Motion carried. To accept Option 1: Approve the addition of the current, five requirements and additional proposed requirement (as listed in Motion 1b above) to the N-DEx Policy and Operating Manual as follows: N-DEx System Access Requirements: Users shall adhere to the following access requirements: Attached to a valid ORI User account via a CJIS Division recognized identity provider A national fingerprint-based check (within 30 days of assignment) A state of residency fingerprint-based check (within 30 days of assignment) Security Awareness Training (within six months of assignment and biennially thereafter) o Access requirements may also include any state-required certifications, if applicable. However, it is the responsibility of the user and N-DEx Agency Coordinator to ensure any additional state-imposed access requirements for N-DEx are met. Motion carried.

o o o o o

Action:

N-DEx Issue #3, Page 7 APB Item #3, Page 16

CJIS ADVISORY POLICY BOARD (APB) NATIONAL DATA EXCHANGE (N-DEx) SUBCOMMITTEE CLARKSBURG, WV APRIL 25, 2017 STAFF PAPER N-DEx ISSUE #6 FBI CJIS Division Tribal Engagement Program Update PURPOSE To summarize the recent activities and initiatives of the FBI CJIS Division’s Tribal Engagement Program. POINT OF CONTACT Law Enforcement Support Section (LESS), Partner Relations and Outreach Unit (PROU), Tribal Engagement Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEES The Subcommittees are requested to review the information provided in this paper and provide appropriate comments. BACKGROUND In December 2011, the FBI CJIS Division’s Assistant Director identified the LESS Chief as the FBI CJIS Division’s Executive Tribal Liaison. Quickly following this designation, the FBI CJIS Division identified a tribal point of contact for each program. The goal of the Internal CJIS Tribal Working Group was to maintain consistency and provide a liaison to Indian Country on connectivity issues, policy compliance, and program awareness. After the establishment of an FBI CJIS Division Executive Tribal Liaison and program points of contact for each FBI CJIS Division program, the Advisory Policy Board’s (APB) Executive Committee established a Tribal Task Force (TTF) in June 2012. The TTF was formed with the following mission: To enhance officer and public safety by improving local, state, tribal, territorial, and federal participation in the FBI CJIS Division systems. The Task Force will review all relevant issues that may prevent or discourage tribal law enforcement agencies from entering records/data into FBI CJIS Division systems and make recommendations that will address those issues. N-DEx Issue #6, Page 1 APB Item #3, Page 17

The TTF is chaired by Mr. William J. Denke, Sycuan Tribal Police Department. In addition, the TTF is comprised of three tribal members: Mr. Francis E. Bradley, Sr., Hualapai Nation Police Department; Mr. Carlos Echevarria, Tulalip Tribal Police Department; and Mr. Scott Desjadon, Yavapai Prescott Tribal Police Department. The task force also includes four state/local members: Mr. Edward Bonner, Sheriff of Placer County, California; Ms. Dawn Peck, Idaho State Police; Mr. Gene Thaxton, Oklahoma Department of Public Safety; and Mr. Brian Wallace, Marion County Sheriff’s Office, Oregon. In addition, the TTF includes federal representatives from the following agencies: Mr. Jason O’Neal of the Bureau of Indian Affairs (BIA), Office of Justice Services; Ms. Marcia Good of the Department of Justice (DOJ), Office of Tribal Justice (OTJ); Mr. Gregory D. Adams of the FBI’s Indian Country Crimes Unit; and Mr. Christopher A. Nicholas as the FBI CJIS Division’s Executive Tribal Liaison. In March 2015, a full time Tribal Liaison Team (TLT) was established within the CJIS Division’s PROU. Today, there are three dedicated staff members that liaise with tribal partners, represent the FBI CJIS Division at various Indian Country training events, coordinate FBI CJIS Division Tribal conferences, conduct on-site tribal visits, and collaborate with federal partners on various tribal programs. The following summary on the FBI CJIS Division’s Tribal Engagement Program is provided for your information. Task Force Meeting Summary The most recent TTF meeting was held on December 8, 2016, in Phoenix, Arizona. The agenda for the meeting consisted of the following topics: membership; Uniform Crime Reporting (UCR) transition to National Incident-Based Reporting System (NIBRS) and Use of Force data collection; dispositions; DOJ Tribal Access Program (TAP) update; 2016 conference highlights; Tribal contact lists; Arizona proposed National Sex Offender Registry (NSOR) message key for tribes; and an open discussion. All task force members were in attendance with the exception of Mr. Bonner, Mr. Echevarria, Ms. Good, and Mr. Adams. Ms. Good was represented by proxy Mr. Josh Ederheimer. Members discussed the importance of active participation on the task force and recommended that the membership be reviewed. As a result of a previous TTF recommendation, Mr. Scott Desjadon was added as the newest tribal member and Mr. Timothy Chung was the invited CJIS Systems Officer (CSO) from Arizona. Uniform Crime Reporting During the Fall 2015 APB meeting, the Board passed a motion that requires the FBI UCR Program to transition to a NIBRS only data collection by January 1, 2021, by all local, state, tribal, and federal agencies. In support of this recommendation, task force members discussed requirements on tribal jurisdictions to submit through the BIA and its transition to NIBRS. Currently, tribes are submitting crime statistics directly to the FBI, through a state, and/or through the BIA. Today the BIA accepts and submits data to the FBI in summary format and is currently in the process of reworking its data collection process to accomplish NIBRS N-DEx Issue #6, Page 2 APB Item #3, Page 18

submissions. The BIA continues its development and deployment of the necessary tools for compliance for its agencies under its service jurisdiction, to include tribal law enforcement agencies. During the December meeting, the TTF reviewed a roadmap explaining the reporting process and pathways and provided comments back to the FBI CJIS Division staff. The FBI CJIS Division will draft a unified message about information sharing that will accompany the Transition to NIBRS and Use of Force documents and will be distributed detailing the reporting process, available submission methods, and the importance of participation. The BIA and the FBI CJIS Division are collaborating on a method that will provide tribal agencies with a more robust and streamlined method to report to NIBRS by the transition deadline. It was also identified that the tribal jurisdictions may report directly via the FBI CJIS Division’s portal for use of force data collection. Dispositions As a result of the June TTF meeting, the FBI CJIS Division staff drafted correspondence/brochures on the arrest and disposition processes; created a mechanism to identify disposition rates in Indian Country; and included the Best Practice Guide to dispositions on the CJIS Tribal Outreach Special Interest Group (SIG). During the December meeting, the TTF reviewed and provided comments back to the FBI CJIS Division staff on the arrest and disposition documents. However, it was suggested by the FBI CJIS Division staff that they revise the provided documents into a more in-depth booklet for tribal agencies. The FBI CJIS Division is currently in the process of creating a bound booklet that will detail the importance of reporting arrests and dispositions, the impact of participation, case study representation, grant funding opportunities, and methods of submissions. The booklet will also be accompanied by a unified message on the importance of information sharing, tentatively scheduled for availability in spring 2017. In addition, after feedback from the task force members, the FBI CJIS Division will be revising draft disposition dashboards that will be available for all tribal criminal justice agencies. After an in-depth discussion regarding the importance of understanding the benefits of submitting dispositions, it was identified that education on the initial submission of the arrest fingerprint to the FBI must also be done. It was agreed that tribal jurisdictions may benefit from a visual pathway identifying the process flow from the initial arrest of the subject to the final disposition. Other Task Force Business Tribal Contact List During the December meeting, task force members provided suggestions to the FBI CJIS Division staff on the recommended methods for providing information to, or requesting

N-DEx Issue #6, Page 3 APB Item #3, Page 19

information from, tribal members and/or agencies. The FBI CJIS Division will work with the OTJ to identify various tribal organizations for future correspondence with tribal entities. DOJ TAP The DOJ has established the TAP to provide tribes access to national crime information databases for both civil and criminal purposes. The DOJ will serve as the CJIS Systems Agency for selected federally recognized tribes. The DOJ will provide a workstation with capabilities to process finger and palm prints, take mugshots, and submit records to national databases, as well as the ability to access the FBI CJIS Division systems for criminal and civil purposes through the DOJ. Since the last APB meeting, the DOJ deployed TAP workstations to four additional tribes to include one tribe from Washington State, the Tulalip Tribe (June 22, 2016), and three tribes from Arizona: the White Mountain Apache Tribe (July 14, 2016), the Pascua Yaqui Tribe (August 23, 2016), and the Gila River Tribe (August 4, 2016). For fiscal year (FY) 2016, a total of 9 TAP tribes received their workstations and training. For FY2017, the DOJ TAP selected 11 additional tribes to receive workstations that will allow access to FBI CJIS Division services, such as the National Crime Information Center (NCIC) and the Next Generation Identification (NGI). The DOJ conducted outreach to potential tribes and accepted expression of interest letters from tribes through December 2, 2016, at which time 54 tribes officially expressed interest in the TAP. The DOJ collaborated with the OTJ; Office of Community Oriented Policing Services; the Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking (SMART); and the FBI CJIS Division on the interested tribes. The notification of the selected tribes was on December 16, 2016. The DOJ provided education to the points of contact from the selected tribes regarding the onboarding and vetting process from December 19, 2016 through January 5, 2017. The deployment of TAP workstations is tentatively scheduled for May 9 through September 29, 2017. For additional information on the DOJ TAP, please contact . CJIS Tribal Outreach As a result of the first tribal and state collaboration event sponsored by the FBI CJIS Division in August 2015 in Tulsa, Oklahoma, the FBI will host multiple regional conferences in upcoming fiscal years. Once again, tribal, state, and federal partners will come together to educate each other on the needs in Indian Country, the benefits of using national information sharing systems, and the importance of establishing partnerships to promote officer and public safety. The PROU TLT held its first regional conference in Phoenix, Arizona, on November 29-30, 2016. The FBI CJIS Division invited representatives from approximately 111 federally recognized tribes, the DOJ CSO, and seven CSOs representing those tribes geographically located within Arizona, Utah, Colorado, New Mexico, Washington, Oregon, and Nevada. Program overviews were provided on all FBI CJIS Division services, as well as topic-specific workshops. The objective of the tribal conference was to educate attendees on the FBI CJIS N-DEx Issue #6, Page 4 APB Item #3, Page 20

Division services, to improve the understanding of tribal needs, and to identify specific issues regarding tribal participation in FBI CJIS Division systems and services. On December 1, 2016, the FBI CJIS Division staff completed an on-site visit at the Salt River Pima Maricopa Indian Community Police Department with Chief Karl Auerbach and department staff. The PROU TLT learned about their daily operations, technical capabilities, outreach, and training opportunities. The FBI CJIS Division staff was invited by Chief Bradley of the Hualapai Nation Police Department to address the Hualapai Council on December 3, 2016. The staff used this opportunity to highlight the public safety and officer safety importance of information sharing among all authorized tribal agencies. The FBI CJIS Division staff expressed appreciation for the collaboration that occurs between Chief Bradley and the FBI CJIS Division staff regarding tribal initiatives and information-sharing opportunities. Collaboration On November 17, 2016, the FBI CJIS Division hosted a meeting with the DOJ SMART Office personnel at the FBI CJIS Division main complex and the Biometric Technology Center. The SMART Director and four policy advisors met with FBI CJIS Division staff from NCIC, NGI, and the CJIS Audit Unit to discuss overlapping tribal initiatives. The teams discussed how they could partner and/or support each other’s efforts as both provide assistance and guidance to tribal partners. The following information summarizes the SMART Office’s Quality Assurance legislative mandate. The SMART Office is responsible for providing jurisdictions with guidance regarding the implementation of requirements mandated by Title I of the Adam Walsh Child Protection and Safety Act (Adam Walsh Act) of 2006, and providing technical assistance to states, territories, Indian tribes, local governments, as well as public and private organizations. As directed, the SMART Office is also responsible for administering the standards for the Sex Offender Registration and Notification Act (SORNA), to ensure jurisdictions have substantially implemented all requirements in order to receive grant funding. The SMART Office has been in contact with the FBI CJIS Division PROU, Criminal Justice Information Law Unit, and the NCIC Operations and Policy Unit, to discuss the SMART Office’s responsibility to ensure tribal agencies are substantially implementing SORNA requirements. In order to determine if approximately 160 tribal agencies have substantially implemented SORNA, the SMART Office is working with FBI CJIS Division staff to ensure tribal jurisdictions are entering sex offender registrants into the NCIC NSOR as indicated rather than accepting declarations of compliance at face value. The SORNA established the SMART Office as the federal agency responsible for implementing SORNA in state and tribal jurisdictions. As such, the SMART Office has the responsibility to “administer the standards for the sex offender registration and notification program set forth in N-DEx Issue #6, Page 5 APB Item #3, Page 21

[the] Act.” 42 U.S.C. § 16945 (c)(1). In order to meet this Congressional mandate, the SMART Office must be able to determine whether entries in the NCIC NSOR accurately correspond to entries in the National Sex Offender Public Website. To this end, and pursuant to the recommendation of the FBI Office of the General Counsel, the SMART Office will receive an extract of the NCIC NSOR. The TTF reports on the FBI CJIS Division services and issues specific to Indian Country and provides suggestions on improving tribal access and use of FBI CJIS Division services. The TTF reports to the Executive Committee of the APB. Recommendations of the TTF are vetted and forwarded to the CJIS APB through the Executive Committee. For additional information on the FBI CJIS Division Tribal Engagement Program, please contact or visit the CJIS Tribal Outreach SIG on the LEEP.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups. SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by all six subcommittees. (IS, NCIC, NICS, N-DEx, SA and UCR).

N-DEx Issue #6, Page 6 APB Item #3, Page 22

CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) ADVISORY POLICY BOARD (APB) JACKSONVILLE, FL JUNE 7-8, 2017 STAFF PAPER APB ITEM #4 Chairman's Report on the National Instant Criminal Background Check System (NICS) Subcommittee NICS ISSUE #1 NICS Update NICS ISSUE #2* Status Update on Federal Prohibition: Fugitives from Justice NICS ISSUE #3 Approach for the NICS to Query the National Data Exchange System as a Secondary Resource NICS ISSUE #4* Update on Fall 2016 NICS Subcommittee Action Items NICS ISSUE #5** Fiscal Year 2016 Audit Results Summary NICS ISSUE #6** Criminal History Update NICS ISSUE #7** CJIS Division’s NICS Enhancements Status NICS ISSUE #8 CJIS Division Tribal Engagement Program Update NICS ISSUE #9* Looking Ahead – NICS Fall 2017 APB Topics NICS ISSUE #10* CJIS Division National Crime Information Center Third Generation Update

*No staff paper ** Delivered with the information only staff papers

APB Item #4, Page 1

CJIS ADVISORY POLICY BOARD (APB) NATIONAL INSTANT CRIMINAL BACKGROUND CHECK SYSTEM (NICS) SUBCOMMITTEE CLARKSBURG, WV APRIL 25, 2017 STAFF PAPER NICS ISSUE #1 NICS Update PURPOSE The information outlined in this paper provides an update of the NICS. POINT OF CONTACT NICS Section; NICS Business Unit (NBU) Questions regarding this topic should be directed to . BACKGROUND The Brady Handgun Violence Prevention Act of 1993 (Brady Act) required the U.S. Attorney General to establish the NICS for Federal Firearms Licensees (FFL) to contact so information may be supplied immediately on whether the transfer of a firearm would violate state or federal law. The NICS began operations on November 30, 1998. When an FFL initiates a background check through the NICS, the prospective firearm transferee’s descriptive information is searched against the descriptive information available in the national databases comprising the NICS, namely, the Interstate Identification Index (III), the National Crime Information Center (NCIC), and the NICS Index. In addition, a query of the applicable databases of the Department of Homeland Security’s U.S. Immigration and Customs Enforcement (ICE) is conducted on all prospective firearm transferees who indicate a non-U.S. citizen status on the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) Form 4473. NICS TRANSACTIONS From November 30, 1998, through December 31, 2016, a total of 253,217,165 firearm and permit background checks have been processed through the NICS. Of these: •

141,429,266 background checks were processed by state agencies.

•

111,787,899 background checks (resulting in 1,393,729 denials) were processed by the FBI Criminal Justice Information Services (CJIS) Division’s NICS Section.

NICS Issue #1, Page 1 APB Item #4, Page 2

The level of background check submissions to the NICS for processing by the NICS Section and state agencies continues to grow. In calendar year (CY) 2016, the NICS Section experienced the highest volume of background checks than any previous year in the history of the NICS. Within the first quarter of 2016, a record-setting total of 7,682,141 background checks were processed by the NICS Section becoming the highest processing quarter since the inception of NICS. Even though many records were set in CY 2015 for background checks in the NICS, CY 2016 has proven to be another year of steady increase in the number of state and federal background checks. To view the Top 10 Highest Days and the Top 10 Highest Weeks for background checks processed by the NICS since November 30, 1998, please see pages 12 and 13 of this report. NEW NICS On August 9, 2016, New NICS was deployed. The New NICS modernized the legacy NICS by leveraging advances in technology achieving business and technological efficiencies, increasing scalability, flexibility, and functionality. •

Highlighted features of the New NICS: On November 1, 2016, the system became available 24 hours a day, 7 days a week with the exception of December 25, scheduled maintenance timeframes, and unforeseen downtimes;

•

Proceeded transactions (or transactions not set to a final status in the NICS) are retained for nearly 24 hours before being purged from the NICS;

•

Increase High Availability capabilities of the NICS by utilizing modernized hardware and software.

•

Simplified the process of deploying the NICS application updates/upgrades that minimize downtime.

•

Updated name search algorithm to provide the ability to increase accuracy in search results.

•

Updated interfaces with the NICS databases to enhance system reliability and reduce the possibility of a single point of failure.

•

Updated user interface for users of the NICS E-Check service;

•

Ability of the FBI to make changes to the system more efficiently and effectively and to better position the FBI to quickly react to legislative changes, mandates, etc; and

•

October 28, 2016, the NICS Section implemented the NICS Index immediate denial feature.

NICS Issue #1, Page 2 APB Item #4, Page 3

WORKLOAD MANAGEMENT AND BACKLOGS The NICS Section has requested additional staffing due to the increased volume in background checks. The NICS Section embarked upon unprecedented tactics to ensure FFLs were serviced and background checks were processed. To augment the NICS Legal Instruments Examiner staff, the NICS Section utilized staff from support personnel (e.g., the NICS Appeal Services Team [AST], the NICS Index Team, the NICS Explosives Team, Management and Program Analysts, Management and Program Assistants, NICS Liaison Specialists, Legal Administrative Specialists, and the NICS Writer) as well as other CJIS Division personnel with previous NICS experience. This assistance, with the exception of the CJIS Division staff not assigned to the NICS Section, continued to be utilized during CY 2016, as well as the implementation of zero leave and mandatory overtime, when necessary, to prevent the background checks from exceeding three business days. By redirecting NICS support personnel to assist with the background check process, other areas of the NICS Section experienced high levels of backlog. All support units within the NICS Section that assisted with the background checks experienced either a complete suspension or a delay of their normal work processing. Some notable areas affected by backlog were: •

The AST had a backlog of 8,119 as of December 31, 2016.

•

Explosive and permit transactions processed by the NICS Explosives Team experienced a backlog (3,855 explosives checks and 2,846 permit checks as of December 31, 2016).

•

The NICS Index Team has a backlog of nearly 69,357 to review as of December 31, 2016.

•

External customers (e.g., state partners, ATF, congressional inquiries) experienced a delay in responses.

NICS SECTION DENIALS Program to date, from the inception of the NICS on November 30, 1998, through December 31, 2016, a total of 1,393,729 background checks have been denied by the NICS Section. A breakdown of the federal-issued denials, by prohibiting category, is located on page 7 of this report. NICS E-CHECK The NICS E-Check provides FFLs and other approved entities with numerous efficiencies, such as the capability to initiate unassisted background checks through the NICS. The benefits to using the NICS E-Check are: •

Background check results can be retrieved by FFLs 24/7 without wait time or telephone calls to check status;

NICS Issue #1, Page 3 APB Item #4, Page 4

•

FFLs can enter the prospective firearm transferee’s name and descriptive information (which, in turn, could impact the system’s ability to effectively locate and return all potential record matches);

•

Instant electronic messages about the operational status of the NICS are sent to FFLs and/or users;

•

FFLs can log and print transaction information (e.g., for record-keeping purposes);

•

FFLs have the ability to print a listing of all transactions they have submitted to the NICS (including those submitted telephonically).

The use of the NICS E-Check continues to expand as FFLs realize the efficiency and ease of using this resource. Therefore, promotion efforts by the NICS Section continue. In addition to promoting the NICS E-Check, the following indicates how the NICS Section supported and serviced FFLs in 2016: •

Conducted on-site NICS E-Check registrations at 152 FFLs during the course of 15 separate NICS E-Check trips. As of December 31, 2016, these FFLs have submitted 39,494 background checks to the NICS via the NICS E-Check.

•

Worked diligently to help transition the remaining major FFL corporations to the NICS E-Check. Dunham’s Sports also transitioned to the NICS E-Check in two stores, with the intention of transitioning all stores to the NICS E-Check in the coming months. Mills Fleet Farm has completed the transition to the NICS E-Check and is now using the NICS E-Check in its stores.

•

Published an article in the summer issue of the National Pawnbrokers Association Magazine.

•

Continued to promote the NICS E-Check at FFL seminars attended by NICS Section personnel. Although the National Shooting Sports Foundation hosted less FFL seminars in CY 2016, the ATF hosted several. The NICS Section attended 10 FFL seminars during the CY 2016 to promote the use of the NICS E-Check.

NICS INDEX The NICS Index contains information about persons prohibited (per state and federal law) from receiving and possessing firearms pursuant to the Brady Act. The records contained in the NICS Index are contributed by local, state, tribal, and federal agencies. There are two main methods for making an entry into the NICS Index. The first method is through the NCIC portal and the second method is via batch data transfer through the Law Enforcement Enterprise Portal (LEEP) Internet-based connection using the NICS E-Check. As of December 31, 2016, a total of 15,810,039 prohibiting records were maintained in the NICS Index for availability to NICS users at a national level. A breakdown of the records maintained in the NICS Index, ranked by prohibiting category, is located on page 8 of this report. The NICS Issue #1, Page 4 APB Item #4, Page 5

number of records in the NICS Index has significantly increased since the passage of the NICS Improvement Amendments Act of 2007 (NIAA). THE NIAA The NIAA requires federal agencies to electronically provide to the NICS all information the agency has relevant to NICS purposes. The NIAA also focuses on the identification and electronic submission of state-held records by offering grant funding to states, tribes, and associated court systems. Although the efforts of the DOJ and the FBI have achieved notable success since the enactment of the NIAA, challenges remain. Prior to the passage of the NIAA, approximately 5.1 million records (state and federal) were maintained in the NICS Index. The total number of records maintained in the NICS Index had increased dramatically. To assist all agencies as they progress with the identification and electronic submission of relevant information to the NICS, the NICS Section continues to share information with state and federal agencies and promote the value of providing relevant information to the databases searched by the NICS. To assist the states with achieving the goals of the NIAA, direct awards and technical assistance to improve the quality, timeliness, and accessibility of criminal history records (and related information) is available to qualifying states through the National Criminal History Improvement Program (NCHIP). Also, the NIAA authorizes grant programs, via the NICS Act Record Improvement Program (NARIP), for local, state, and tribal executive and judicial agencies to establish and upgrade information automation and identification technologies which, in turn, will provide for the timely submission of final criminal history dispositions and other relevant information to the NICS. In 2016, there were 39 states and territories that received approximately $34 million in NCHIP funding and 19 states and one tribe were awarded nearly $15 million in NARIP funding. DISPOSITION OF FIREARMS (DOF) The DOF became effective on January 20, 2015. In summary, a DOF background check may be conducted when a law enforcement agency removes a firearm from an individual and takes the firearm into their control. A DOF background check may be conducted to determine an individual’s eligibility to possess or receive a firearm prior to returning it. In CY 2016, a total of 31,619 DOF background checks, consisting of 24,602 handguns, 6,226 long guns, and 791 categorized as “other” were processed by 36 states and 25 federal agencies. Approximately, 1,494 DOF background check denials were reported to the NICS Section in 2016. The following are charts, graphs, and tables to provide a pictorial illustration of the NICS Section for CY 2016.

NICS Issue #1, Page 5 APB Item #4, Page 6

NICS Issue #1, Page 6 APB Item #4, Page 7

NICS Issue #1, Page 7 APB Item #4, Page 8

NICS Issue #1, Page 8 APB Item #4, Page 9

NICS Issue #1, Page 9 APB Item #4, Page 10

NICS Issue #1, Page 10 APB Item #4, Page 11

NICS Issue #1, Page 11 APB Item #4, Page 12

NICS Issue #1, Page 12 APB Item #4, Page 13

NICS Issue #1, Page 13 APB Item #4, Page 14

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups. SPRING 2017 NICS SUBCOMMITTEE ACTION: This topic was accepted as information only.

NICS Issue #1, Page 14 APB Item #4, Page 15

CJIS ADVISORY POLICY BOARD (APB) NATIONAL INSTANT CRIMINAL BACKGROUND CHECK SYSTEM (NICS) SUBCOMMITTEE CLARKSBURG, WV APRIL 25, 2017 STAFF PAPER NICS ISSUE #3 Approach for the National Instant Criminal Background Check System (NICS) to Query the National Data Exchange (N-DEx) System as a Secondary Resource PURPOSE To request endorsement of the proposed additions to the N-DEx Policy and Operating Manual to account for the permanent expansion of the NICS to query the N-DEx System as a secondary resource. POINT OF CONTACT NICS Section, NICS Business Unit Law Enforcement Support Section, N-DEx Program Office Questions regarding this topic should be directed to REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide appropriate comments, suggestions, and recommendations regarding the proposed approach, specifically the proposed N-DEx Policy and Operating Manual language, for the permanent expansion of the NICS to query the N-DEx System. BACKGROUND The Brady Handgun Violence Prevention Act of 1993 (Brady Act) required the United States Attorney General to establish the NICS for Federal Firearms Licensees (FFL) to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: •

Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.”

NICS Issue #3, Page 1 APB Item #4, Page 16

•

Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.”

•

Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.”

A NICS background check is conducted based on the subject’s name and descriptive data to identify any matching records in the national databases comprising the NICS. Currently, the databases searched as a primary resource include the Interstate Identification Index (III), the National Crime Information Center (NCIC), and the NICS Index. During the NICS background check, if the NICS returns to the user a hit based on the data provided, the transaction is reviewed to determine if a valid match has occurred and if a prohibiting record exists. If the transaction has been reviewed and it is determined that a valid match exists based on the descriptive data, the NICS Section will review secondary resources such as the Disposition Document File (DDF), the Voluntary Appeal File Database, the ATF Relief of Disabilities Database, and state websites as necessary. This would be considered a secondary search after a potential prohibition has been determined. In addition, if the prospective buyer is a non-U.S. citizen, the FBI Criminal Justice Information Services (CJIS) Division’s NICS Section submits an Immigration Alien Query to the Department of Homeland Security’s U.S. Immigration and Customs Enforcement. When conducting research for a potentially disqualifying offense, the NICS Legal Instruments Examiner may need to contact external entities. The process of contacting the agency and receiving the response can be a lengthy process. If the information needed to make a final determination cannot be obtained within the three-business-day expiration, and the NICS Section is unable to provide a proceed or deny response, it is at the discretion of the FFL whether to transfer the firearm. This creates a potential threat to both public and officer safety. The N-DEx System is a national investigative information-sharing system which contains records that span the criminal justice lifecycle, and includes information related to incident/case reports, arrests, missing persons’ reports, service calls, booking and incarceration reports, pretrial, probation and parole reports, warrants, citations/tickets, and field contacts/interviews. The N-DEx System was developed and is managed by the FBI CJIS Division and is provided to local, state, tribal, and federal criminal justice agencies. The N-DEx System’s information promotes public safety from the initial contact to the supervision of an individual reintegrated into the community. In a collaborative effort between the NICS Section and the N-DEx Program Office (PO), along with support from the CJIS Division Advisory Policy Board (APB) Executive Committee members, a pilot project was facilitated to expand the background check for the NICS Section to include a query of the N-DEx System. The purpose of the pilot was to determine whether the information in the N-DEx System would lead to more timely or additional determinations as to

NICS Issue #3, Page 2 APB Item #4, Page 17

whether an individual was prohibited from purchasing a firearm, as well as those individuals eligible to possess and receive firearms. At the conclusion of the pilot, it was determined the data provided to the NICS Section from the N-DEx System was valuable in providing information prior to the third business day and would be beneficial to add as a permanent expansion to the NICS background check process as a secondary resource. These findings were supported by the APB’s decision at its Fall 2016 Meeting where it motioned “The N-DEx System will be a secondary search within the NICS background check process and the information will be treated as other secondary sources.” DISCUSSION AND ANALYSIS The NICS Section and the N-DEx PO have partnered to formulate and identify the key success factors to implement the ability for the NICS to query the N-DEx System as a secondary resource. A high-level synopsis of those required changes necessary for the permanent implementation are provided below: Technical Focus Area As a secondary resource, the NICS will only search the N-DEx System if a potential prohibition is found from one of the three national databases (NCIC, III, and NICS Index) searched by the NICS. The N-DEx System information will be provided to the NICS Section via the NICS. The state entities conducting a background check, in accordance with the permissible uses of the NICS, may be provided the information either via the NICS State Information Sharing Initiative (SISI) or via logging into the N-DEx System. With the secondary search, the states are not mandated to query the N-DEx System for the additional information. However, if a state elects to obtain the N-DEx System information via the NICS, they would need to opt in to the SISI. When the user submits a query of the NICS record with the extended search options, all data is returned via the existing NCIC message interface. The exception to this is the DDF image data, which is binary in nature and cannot be made available for download via a Web server hosted on the CJIS Division Wide Area Network. Instruction and guidelines for SISI will be provided on the Interface Control Document via the Law Enforcement Enterprise Portal (LEEP). If a user chooses to obtain the N-DEx System information via the SISI, the N-DEx System will perform two simultaneous searches after it receives a query, the Use Code “F”, and Search Reason from the NICS. The N-DEx System searches all of the person entities and records within the N-DEx System. A query of the N-DEx System via the NICS would return potential person entity matches and records, according to the user’s search criteria. The user would review the person entities and records to determine if they are matches to their initial query. Once a match is determined, the user would open the N-DEx System records to review the information. All searches to the N-DEx System would meet or exceed current NICS performance requirements. If a user wants to search the N-DEx System directly, they will need to log in via their identity provider and be granted Use Code “F” search privileges by the CJIS Systems Officer (CSO). NICS Issue #3, Page 3 APB Item #4, Page 18

This will require the CSO, in his or her role as N-DEx administrator, to access the N-DEx System and provide the user with Use Code “F” search privileges via the N-DEx user management tools. Once completed, the user will be able to log into the N-DEx System, select the NICS-related Checks Use Code “F,” insert their search reason, and then conduct their search request. Audit Focus Area The NICS Section and the N-DEx PO collaborated with the CJIS Audit Unit (CAU) and were provided preliminary guidance on the audit requirement for the permanent expansion of the NICS, to include the N-DEx System. All users who access the N-DEx System as a secondary resource (through the NICS or directly) will be subject to N-DEx System audits. However, due to the N-DEx System being accessed as a secondary resource, there will be no impact to the NICS audit. The N-DEx System audit is a policy-based audit, conducted via teleconference, which assesses agencies’ users, to include their system access and data usage, according to the CJIS Security Policy and the N-DEx Policy and Operating Manual. The N-DEx PO, through a partnership with the CAU, has developed tools, such as the N-DEx Audit Best Practices document and standardized questions) to support CSOs and agencies with their N-DEx System audit. Additionally, the N-DEx PO will provide the NICS Section with policy compliance information to incorporate into the NICS Section training. Training/Outreach Focus Area The NICS Section has provided training modules for all of the federal prohibitions and necessary criteria via the LEEP. Additionally, the NICS Section will provide training modules to the state entities on LEEP to include screen shots of the N-DEx System’s data as provided via the NICS. The NICS Section will modify their standard operating procedures to provide instructions and navigation steps to obtain the N-DEx System’s data via a query of the secondary databases. The NICS Section will conduct a teleconference with the ATF to provide awareness of the new search capability and the potential of an increase in their workload. In addition, the NICS Section will conduct a teleconference with the state NICS users. The N-DEx PO has developed and provided its user community with multiple resources to further their understanding of the N-DEx System and policies. These resources include, but are not limited to: computer-based training modules, video tutorials, quick reference cards, and policy and reference manuals. The resources will be made available to all NICS users and are currently available on the N-DEx System or by contacting the N-DEx PO. In addition to assisting with outreach to the NICS users, the N-DEx PO will contact all of the N-DEx System record-owning agencies to discuss with them, answer questions, and identify their sharing rules (i.e., Green or Red) for the permanent implementation of Use Code “F.”

NICS Issue #3, Page 4 APB Item #4, Page 19

Legal and Privacy Focus Area The NICS Section and the N-DEx PO have already begun taking the necessary steps to update their legal and privacy documentation to include the Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIA) and System of Records Notices (SORN). The FBI’s Office of the General Counsel (OGC) has opined that a change to the current NICS regulation will not be necessary for a query of the N-DEx System as a secondary resource. The NICS Section is preparing a PTA to provide information relating to the connectivity between the NICS and the N-DEx System. The NICS Section is updating the PIA to indicate the N-DEx System will be leveraged for NICS background checks as a secondary resource. The NICS Section is preparing the SORN to ensure all information is accurate to NICS practices. Similar to the NICS Section, the N-DEx PO’s PTA is being updated to document the required changes for the permanent implementation of the N-DEx System as a secondary resource for the NICS. The N-DEx PO, in collaboration with the OGC, is also updating its PIA and SORN to incorporate all of the necessary information regarding the utilization of the N-DEx System by the NICS as a secondary resource. Policy Focus Area The NICS Section and the N-DEx PO will continue to adhere to all the existing policies and procedures and meet the NICS purge requirements. However, following a review of the N-DEx Policy and Operating Manual, a need was identified to update the policy manual to account for the permanent expansion of the NICS to query the N-DEx System as a secondary resource. The N-DEx PO recommends the following additions to the N-DEx Policy and Operating Manual. Proposed additions to existing policy are indicated by underline (inserts). •

Revise Policy 1.2.7 to read as follows: “In accordance with the CJIS Security Policy and consistent with 28 C.F.R. Part 20, Subpart A, N-DEx System access is restricted to “criminal justice agencies” and agencies performing the “administration of criminal justice” or “NICS-related checks.”

•

Add the following policy language under Policy 1.3.4 Acceptable System Use: “National Instant Criminal Background Check System (NICS)-related checks, i.e., to obtain information when conducting a NICS-related background check.”

•

Add the following policy language under Policy 1.3.6 Use Code: “National Instant Criminal Background Check System (NICS)-related checks Use Code “F”: Must be used when the N-DEx System is utilized to conduct NICS-related background checks.” The NICS-related checks must be made in accordance with the Brady Handgun Violence Prevention Act of 1993 (Brady Act). In addition, the N-DEx System shall purge all Use Code “F” search criteria in adherence with the Consolidated Appropriations Bill, H.R. 2673, as is required by the NICS operating procedures and policies. NICS Issue #3, Page 5 APB Item #4, Page 20

The Brady Act required the U.S. Attorney General to establish the NICS for Federal Firearm Licensees to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: o Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.” o Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.” o Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.” Implementation Timeframe The NICS Section and the N-DEx PO are currently sponsoring multiple initiatives in the focus areas discussed earlier to fulfill the required changes necessary for the permanent implementation. The FBI CJIS Division estimates, based on the workload, the concept implementation should take approximately 12-24 months. OPTIONS The Subcommittee is requested to recommend one of the options for the proposed additions to the N-DEx Policy and Operating Manual. Proposed additions to existing policy are indicated by underline (inserts). Option 1—incorporate the following policies into the N-DEx Policy and Operating Manual: •

Revise Policy 1.2.7 to read as follows: “In accordance with the CJIS Security Policy and consistent with 28 C.F.R. Part 20, Subpart A, N-DEx System access is restricted to “criminal justice agencies” and agencies performing the “administration of criminal justice” or “NICS-related checks.”

•

Add the following policy language under Policy 1.3.4 Acceptable System Use: “National Instant Criminal Background Check System (NICS)-related checks, i.e., to obtain information when conducting a NICS-related background check.”

NICS Issue #3, Page 6 APB Item #4, Page 21

•

Add the following policy language under Policy 1.3.6 Use Code: “National Instant Criminal Background Check System (NICS)-related checks Use Code “F”: Must be used when the N-DEx System is utilized to conduct NICS-related background checks.” The NICS-related checks must be made in accordance with the Brady Handgun Violence Prevention Act of 1993 (Brady Act). In addition, the N-DEx System shall purge all Use Code “F” search criteria in adherence with the Consolidated Appropriations Bill, H.R. 2673, as is required by the NICS operating procedures and policies. The Brady Act required the U.S. Attorney General to establish the NICS for Federal Firearm Licensees to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: o Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.” o Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.” o Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.”

Option 2—No Change RECOMMENDATION The FBI recommends the proposed additions to the N-DEx Policy and Operating Manual to account for the permanent expansion of the NICS querying the N-DEx System as a secondary resource.

SPRING 2017 WORKING GROUP ACTIONS:

FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried.

NICS Issue #3, Page 7 APB Item #4, Page 22

NORTH CENTRAL WORKING GROUP ACTION: Motion 1: To accept Option 1 as outlined in the staff paper. Action: Motion carried. Motion 2: Action:

Identify the process for the ability to tie the original (primary) search to the reason for conducting the secondary search. Motion carried.

NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1 as outlined in the staff paper. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried.

SPRING 2017 SUBCOMMITTEE ACTIONS: SPRING 2017 N-DEx SUBCOMMITTEE ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. SPRING 2017 NICS SUBCOMMITTEE ACTION: Accepted as information only. SPRING 2017 SA SUBCOMMITTEE ACTION: Accepted as information only.

NICS Issue #3, Page 8 APB Item #4, Page 23

CJIS ADVISORY POLICY BOARD (APB) NATIONAL INSTANT CRIMINAL BACKGROUND CHECK SYSTEM (NICS) SUBCOMMITTEE CLARKSBURG, WV APRIL 25, 2017 STAFF PAPER NICS ISSUE #8 FBI CJIS Division Tribal Engagement Program Update PURPOSE To summarize the recent activities and initiatives of the FBI CJIS Division’s Tribal Engagement Program. POINT OF CONTACT Law Enforcement Support Section (LESS), Partner Relations and Outreach Unit (PROU), Tribal Engagement Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEES The Subcommittees are requested to review the information provided in this paper and provide appropriate comments. BACKGROUND In December 2011, the FBI CJIS Division’s Assistant Director identified the LESS Chief as the FBI CJIS Division’s Executive Tribal Liaison. Quickly following this designation, the FBI CJIS Division identified a tribal point of contact for each program. The goal of the Internal CJIS Tribal Working Group was to maintain consistency and provide a liaison to Indian Country on connectivity issues, policy compliance, and program awareness. After the establishment of an FBI CJIS Division Executive Tribal Liaison and program points of contact for each FBI CJIS Division program, the Advisory Policy Board’s (APB) Executive Committee established a Tribal Task Force (TTF) in June 2012. The TTF was formed with the following mission: To enhance officer and public safety by improving local, state, tribal, territorial, and federal participation in the FBI CJIS Division systems. The Task Force will review all relevant issues that may prevent or discourage tribal law enforcement

NICS Issue #8, Page 1 APB Item #4, Page 24

agencies from entering records/data into FBI CJIS Division systems and make recommendations that will address those issues. The TTF is chaired by Mr. William J. Denke, Sycuan Tribal Police Department. In addition, the TTF is comprised of three tribal members: Mr. Francis E. Bradley, Sr., Hualapai Nation Police Department; Mr. Carlos Echevarria, Tulalip Tribal Police Department; and Mr. Scott Desjadon, Yavapai Prescott Tribal Police Department. The task force also includes four state/local members: Mr. Edward Bonner, Sheriff of Placer County, California; Ms. Dawn Peck, Idaho State Police; Mr. Gene Thaxton, Oklahoma Department of Public Safety; and Mr. Brian Wallace, Marion County Sheriff’s Office, Oregon. In addition, the TTF includes federal representatives from the following agencies: Mr. Jason O’Neal of the Bureau of Indian Affairs (BIA), Office of Justice Services; Ms. Marcia Good of the Department of Justice (DOJ), Office of Tribal Justice (OTJ); Mr. Gregory D. Adams of the FBI’s Indian Country Crimes Unit; and Mr. Christopher A. Nicholas as the FBI CJIS Division’s Executive Tribal Liaison. In March 2015, a full time Tribal Liaison Team (TLT) was established within the CJIS Division’s PROU. Today, there are three dedicated staff members that liaise with tribal partners, represent the FBI CJIS Division at various Indian Country training events, coordinate FBI CJIS Division Tribal conferences, conduct on-site tribal visits, and collaborate with federal partners on various tribal programs. The following summary on the FBI CJIS Division’s Tribal Engagement Program is provided for your information. Task Force Meeting Summary The most recent TTF meeting was held on December 8, 2016, in Phoenix, Arizona. The agenda for the meeting consisted of the following topics: membership; Uniform Crime Reporting (UCR) transition to National Incident-Based Reporting System (NIBRS) and Use of Force data collection; dispositions; DOJ Tribal Access Program (TAP) update; 2016 conference highlights; Tribal contact lists; Arizona proposed National Sex Offender Registry (NSOR) message key for tribes; and an open discussion. All task force members were in attendance with the exception of Mr. Bonner, Mr. Echevarria, Ms. Good, and Mr. Adams. Ms. Good was represented by proxy Mr. Josh Ederheimer. Members discussed the importance of active participation on the task force and recommended that the membership be reviewed. As a result of a previous TTF recommendation, Mr. Scott Desjadon was added as the newest tribal member and Mr. Timothy Chung was the invited CJIS Systems Officer (CSO) from Arizona. Uniform Crime Reporting During the Fall 2015 APB meeting, the Board passed a motion that requires the FBI UCR Program to transition to a NIBRS only data collection by January 1, 2021, by all local, state, tribal, and federal agencies. In support of this recommendation, task force members discussed

NICS Issue #8, Page 2 APB Item #4, Page 25

requirements on tribal jurisdictions to submit through the BIA and its transition to NIBRS. Currently, tribes are submitting crime statistics directly to the FBI, through a state, and/or through the BIA. Today the BIA accepts and submits data to the FBI in summary format and is currently in the process of reworking its data collection process to accomplish NIBRS submissions. The BIA continues its development and deployment of the necessary tools for compliance for its agencies under its service jurisdiction, to include tribal law enforcement agencies. During the December meeting, the TTF reviewed a roadmap explaining the reporting process and pathways and provided comments back to the FBI CJIS Division staff. The FBI CJIS Division will draft a unified message about information sharing that will accompany the Transition to NIBRS and Use of Force documents and will be distributed detailing the reporting process, available submission methods, and the importance of participation. The BIA and the FBI CJIS Division are collaborating on a method that will provide tribal agencies with a more robust and streamlined method to report to NIBRS by the transition deadline. It was also identified that the tribal jurisdictions may report directly via the FBI CJIS Division’s portal for use of force data collection. Dispositions As a result of the June TTF meeting, the FBI CJIS Division staff drafted correspondence/brochures on the arrest and disposition processes; created a mechanism to identify disposition rates in Indian Country; and included the Best Practice Guide to dispositions on the CJIS Tribal Outreach Special Interest Group (SIG). During the December meeting, the TTF reviewed and provided comments back to the FBI CJIS Division staff on the arrest and disposition documents. However, it was suggested by the FBI CJIS Division staff that they revise the provided documents into a more in-depth booklet for tribal agencies. The FBI CJIS Division is currently in the process of creating a bound booklet that will detail the importance of reporting arrests and dispositions, the impact of participation, case study representation, grant funding opportunities, and methods of submissions. The booklet will also be accompanied by a unified message on the importance of information sharing, tentatively scheduled for availability in spring 2017. In addition, after feedback from the task force members, the FBI CJIS Division will be revising draft disposition dashboards that will be available for all tribal criminal justice agencies. After an in-depth discussion regarding the importance of understanding the benefits of submitting dispositions, it was identified that education on the initial submission of the arrest fingerprint to the FBI must also be done. It was agreed that tribal jurisdictions may benefit from a visual pathway identifying the process flow from the initial arrest of the subject to the final disposition.

NICS Issue #8, Page 3 APB Item #4, Page 26

Other Task Force Business Tribal Contact List During the December meeting, task force members provided suggestions to the FBI CJIS Division staff on the recommended methods for providing information to, or requesting information from, tribal members and/or agencies. The FBI CJIS Division will work with the OTJ to identify various tribal organizations for future correspondence with tribal entities. DOJ TAP The DOJ has established the TAP to provide tribes access to national crime information databases for both civil and criminal purposes. The DOJ will serve as the CJIS Systems Agency for selected federally recognized tribes. The DOJ will provide a workstation with capabilities to process finger and palm prints, take mugshots, and submit records to national databases, as well as the ability to access the FBI CJIS Division systems for criminal and civil purposes through the DOJ. Since the last APB meeting, the DOJ deployed TAP workstations to four additional tribes to include one tribe from Washington State, the Tulalip Tribe (June 22, 2016), and three tribes from Arizona: the White Mountain Apache Tribe (July 14, 2016), the Pascua Yaqui Tribe (August 23, 2016), and the Gila River Tribe (August 4, 2016). For fiscal year (FY) 2016, a total of 9 TAP tribes received their workstations and training. For FY2017, the DOJ TAP selected 11 additional tribes to receive workstations that will allow access to FBI CJIS Division services, such as the National Crime Information Center (NCIC) and the Next Generation Identification (NGI). The DOJ conducted outreach to potential tribes and accepted expression of interest letters from tribes through December 2, 2016, at which time 54 tribes officially expressed interest in the TAP. The DOJ collaborated with the OTJ; Office of Community Oriented Policing Services; the Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking (SMART); and the FBI CJIS Division on the interested tribes. The notification of the selected tribes was on December 16, 2016. The DOJ provided education to the points of contact from the selected tribes regarding the onboarding and vetting process from December 19, 2016 through January 5, 2017. The deployment of TAP workstations is tentatively scheduled for May 9 through September 29, 2017. For additional information on the DOJ TAP, please contact . CJIS Tribal Outreach As a result of the first tribal and state collaboration event sponsored by the FBI CJIS Division in August 2015 in Tulsa, Oklahoma, the FBI will host multiple regional conferences in upcoming fiscal years. Once again, tribal, state, and federal partners will come together to educate each other on the needs in Indian Country, the benefits of using national information sharing systems, and the importance of establishing partnerships to promote officer and public safety.

NICS Issue #8, Page 4 APB Item #4, Page 27

The PROU TLT held its first regional conference in Phoenix, Arizona, on November 29-30, 2016. The FBI CJIS Division invited representatives from approximately 111 federally recognized tribes, the DOJ CSO, and seven CSOs representing those tribes geographically located within Arizona, Utah, Colorado, New Mexico, Washington, Oregon, and Nevada. Program overviews were provided on all FBI CJIS Division services, as well as topic-specific workshops. The objective of the tribal conference was to educate attendees on the FBI CJIS Division services, to improve the understanding of tribal needs, and to identify specific issues regarding tribal participation in FBI CJIS Division systems and services. On December 1, 2016, the FBI CJIS Division staff completed an on-site visit at the Salt River Pima Maricopa Indian Community Police Department with Chief Karl Auerbach and department staff. The PROU TLT learned about their daily operations, technical capabilities, outreach, and training opportunities. The FBI CJIS Division staff was invited by Chief Bradley of the Hualapai Nation Police Department to address the Hualapai Council on December 3, 2016. The staff used this opportunity to highlight the public safety and officer safety importance of information sharing among all authorized tribal agencies. The FBI CJIS Division staff expressed appreciation for the collaboration that occurs between Chief Bradley and the FBI CJIS Division staff regarding tribal initiatives and information-sharing opportunities. Collaboration On November 17, 2016, the FBI CJIS Division hosted a meeting with the DOJ SMART Office personnel at the FBI CJIS Division main complex and the Biometric Technology Center. The SMART Director and four policy advisors met with FBI CJIS Division staff from NCIC, NGI, and the CJIS Audit Unit to discuss overlapping tribal initiatives. The teams discussed how they could partner and/or support each other’s efforts as both provide assistance and guidance to tribal partners. The following information summarizes the SMART Office’s Quality Assurance legislative mandate. The SMART Office is responsible for providing jurisdictions with guidance regarding the implementation of requirements mandated by Title I of the Adam Walsh Child Protection and Safety Act (Adam Walsh Act) of 2006, and providing technical assistance to states, territories, Indian tribes, local governments, as well as public and private organizations. As directed, the SMART Office is also responsible for administering the standards for the Sex Offender Registration and Notification Act (SORNA), to ensure jurisdictions have substantially implemented all requirements in order to receive grant funding. The SMART Office has been in contact with the FBI CJIS Division PROU, Criminal Justice Information Law Unit, and the NCIC Operations and Policy Unit, to discuss the SMART Office’s responsibility to ensure tribal agencies are substantially implementing SORNA requirements. In order to determine if approximately 160 tribal agencies have substantially

NICS Issue #8, Page 5 APB Item #4, Page 28

implemented SORNA, the SMART Office is working with FBI CJIS Division staff to ensure tribal jurisdictions are entering sex offender registrants into the NCIC NSOR as indicated rather than accepting declarations of compliance at face value. The SORNA established the SMART Office as the federal agency responsible for implementing SORNA in state and tribal jurisdictions. As such, the SMART Office has the responsibility to “administer the standards for the sex offender registration and notification program set forth in [the] Act.” 42 U.S.C. § 16945 (c)(1). In order to meet this Congressional mandate, the SMART Office must be able to determine whether entries in the NCIC NSOR accurately correspond to entries in the National Sex Offender Public Website. To this end, and pursuant to the recommendation of the FBI Office of the General Counsel, the SMART Office will receive an extract of the NCIC NSOR. The TTF reports on the FBI CJIS Division services and issues specific to Indian Country and provides suggestions on improving tribal access and use of FBI CJIS Division services. The TTF reports to the Executive Committee of the APB. Recommendations of the TTF are vetted and forwarded to the CJIS APB through the Executive Committee. For additional information on the FBI CJIS Division Tribal Engagement Program, please contact or visit the CJIS Tribal Outreach SIG on the LEEP.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups.

SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by all six subcommittees. (IS, NCIC, NICS, N-DEx, SA and UCR).

NICS Issue #8, Page 6 APB Item #4, Page 29

CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) ADVISORY POLICY BOARD (APB) JACKSONVILLE, FL JUNE 7-8, 2017 STAFF PAPER APB ITEM #8 Chairman's Report on the National Crime Information Center (NCIC) Subcommittee

NCIC ISSUE #1 Private Entity Request for NCIC Property Data NCIC ISSUE #2 Proposal to Eliminate the NCIC Vehicle File Standard Record Retirement Schedule NCIC ISSUE #3** CJIS Division NCIC Status Update NCIC ISSUE #4 NCIC 3rd Generation (N3G) Project Concept 10 - Enhanced Multimedia Concept 3 - Access Data Repositories Concept 5 - Enhanced Data Search NCIC ISSUE #5* N3G Task Force Status Update NCIC ISSUE #6*** Fiscal Year 2016 Audit Results Summary NCIC ISSUE #7 CJIS Division Tribal Engagement Program Update NCIC ISSUE #8* Discussion on Process for Updating NCIC Codes

* No staff paper ** Issue 3 was delivered with Working Group Information Only Staff Papers as topic letter T. Please print color copy for Subcommittee meeting discussion. *** Issue 6 was delivered with Working Group Information Only Staff Papers as topic letter P. Please print copy for Subcommittee meeting discussion.

APB Item #8, Page 1

CJIS ADVISORY POLICY BOARD (APB) NATIONAL CRIME INFORMATION CENTER (NCIC) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER NCIC ISSUE #1 Private Entity Request for National Crime Information Center (NCIC) Property Data PURPOSE Proposal by Private Entities for access to the NCIC property file information. POINT OF CONTACT Law Enforcement Support Section, NCIC Operations and Policy Unit Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information provided in this paper and provide appropriate comments, suggestions or recommendations to the Advisory Policy Board. BACKGROUND In the past, dissemination of NCIC data to private entities has been addressed through the Criminal Justice Information Services (CJIS) Division Advisory Process. Previous requests vetted through the Advisory Process were denied based on the private entity not being a criminal justice agency. Later, CarFax requested data from the NCIC Vehicle File. The CarFax request was tabled in 2001 while other solutions were pursued. In 2008, the APB approved the sharing of the NCIC Article File data with Recipero, (formerly TRACE), and out of that recommendation, the criteria for sharing NCIC Article File data was established, (provided later in this paper). Currently, Recipero is the only private entity authorized to publically disseminate limited information stored in the NCIC Article File. To facilitate this, the Federal Bureau of Investigation (FBI) sends a daily extract of the Article File updates (cancels, entries, modifies) to the Texas Department of Public Safety which in turn forwards the extract to Recipero. The extract is comprised of 17 fields of data including: the NCIC Number, the Originating Agency Identifier, the Originating Agency Case Number, the Owner Applied Number, and several other descriptive data fields. In 2013, a request for stolen watch data from the NCIC Article File by WatchFacts was presented; however, a moratorium was placed on private entity requests while the CJIS Information Broker (CIB) was developed which would have managed the NCIC extract process. NCIC Issue #1, Page 1 APB Item #8, Page 2

During the moratorium, several requests for NCIC Article and Vehicle File data were received. As most functional requirements from the CIB project were migrated to the NCIC 3rd Generation Project, the moratorium was essentially lifted. Prior to bringing those new requests through the Advisory Process, a review is needed of the existing criteria for dissemination of NCIC data to private entities. The APB previously stipulated that any private entity requesting NCIC data must make an application to the NCIC Subcommittee to demonstrate how they will meet the requirements as listed below and other operational requirements for communications, entry, and updating of records and any controls as established by the NCIC Subcommittee. 1. No individual personal identifiers will be provided with the article information. The private company obtaining the data will only receive the necessary information to identify an object, the reporting agency, and case report number of the stolen article. 2. The ability to access the receiving entity's copy of the article data will always be free to the public and law enforcement through a simple Internet search. 3. The entity receiving the data may not sell or transfer data in a way inconsistent with this motion. Any transfer of bulk data from the receiving entity is prohibited without the written approval from the FBI or the contributing law enforcement agency. 4. The FBI will make available, to the contributing law enforcement agencies, information regarding the date of any article data transfer, the name of the entity receiving the data, and their intended use of the data. The receiving entity, or FBI, must create a simple mechanism to allow agencies to decline participation in that entity's program. 5. The NCIC Subcommittee shall oversee the use of the data and may revoke any entity’s right to use existing and future data for failing to comply with these terms. 6. The NCIC Subcommittee will monitor the pilot project for a period of up to 24 months from implementation and report their findings to the Working Groups for a recommendation as to whether the program should be modified, extended, terminated, or made permanent. 7. The receiving entities shall provide a silent notification to law enforcement agencies of “HITS” on their stolen article records. 8. The receiving agency, or the FBI, will create a mechanism to allow states and agencies to decline participation or, when available, agencies can decline entry of specific records into the program. DISCUSSION AND ANALYSIS As mentioned in the background, there have been requests for access to NCIC data by private companies in the past. The Advisory Process has been cautious in providing NCIC data to for-profit companies. The Recipero request set a new precedent by providing NCIC data to a NCIC Issue #1, Page 2 APB Item #8, Page 3

for-profit company. Approval of the request was justified, in part, because the use was found to be not only consistent with the authorized purposes of the NCIC, but also demonstrated a clear benefit to law enforcement. The number of private vendor requests for NCIC data is increasing which may become burdensome on the Advisory Process to review and approve each request, as is the current procedure. There is also a concern by the CJIS Division in the delivery mechanism to the private entities. Private entities are not authorized direct access to NCIC; therefore, the data must be obtained through a sponsoring law enforcement agency. In addition, distribution of NCIC information via e-mail or any other means may present security concerns. Based on past direction of the APB and guidance provided by the FBI’s Office of the General Counsel, there are a few pertinent aspects to consider regarding the private entity requests. Historically, it has been determined that information maintained in NCIC will not be used for profit. The information should be made equally accessible by all (private industry and the public) who are “similarly situated”. In addition, there must be a relationship to the administration of criminal justice, or a clear benefit to law enforcement supporting each request. This presented the question of whether the current criteria is sufficient or should be re-evaluated prior to considering any new requests. Another significant factor since the APB developed its criteria was the implementation of the OPT Field. In August 2012, the OPT Field was created in the NCIC Article and Vehicle Files to implement the APB’s recommendation to create a mechanism to not participate in sharing their agency’s NCIC records to the public. NCIC records are defaulted to a value of OPT/OUT unless the value is changed to OPT/IN by the record owning agency or the State CJIS Systems Agency (CSA). The CJIS Division continuously monitors the utilization of the OPT Field. Current OPT Field statistics are provided below. ARTICLE FILE As of October 2016: 37 states, the District of Columbia, and Puerto Rico have programmed for the OPT Field in the Article File; and 183,472 (14.8%) of the total 1,236,061 Article File records were flagged as OPT/IN for public dissemination. VEHICLE FILE As of October 2016: 28 states, the District of Columbia, and Puerto Rico have programmed for the OPT Field in the Vehicle File; and 37,470 (4.1%) of the total 923,857 records were flagged as OPT/IN for public dissemination. Based on the low percentages of state participation for OPT/IN on the above two files, the value of providing NCIC information to private entities comes into question. The very low availability NCIC Issue #1, Page 3 APB Item #8, Page 4

of OPT/IN records presents a risk that a negative (“no hit”) response to an inquiry on a private entity website could create a false sense of assurance since only a small percentage of records are available for public inquiry. To further demonstrate this point, a private entity requesting NCIC data may or may not want an entire NCIC File extract such as the WatchFacts request. WatchFacts is requesting a subset of the NCIC Article File to ensure watches sold online and/or repaired are not reported as stolen. The objective is to assist in the recovery of stolen goods, and also prevent potential watch buyers from purchasing watches that have been reported as stolen. The Article File contains approximately 1.3 million total records. Subsequently, watches account for just over 1% of the total number of records in the NCIC Article File just over 14,000. Of the total watches in the NCIC Article File, approximately 2,600 are available to the public via the OPT/IN. With the number of stolen watches with an OPT/IN being at a significantly lower rate, this highlights the limited value of such a request to the public and law enforcement. The previously mentioned requirements set forth by the APB in 2007 were based on the approval of providing NCIC Article File data to Recipero and only set requirements for dissemination of data from the NCIC Article File and not any other NCIC property file. With an increase in requests for NCIC property file data by for-profit entities, the following should be taken into consideration: 1) Is there a value in providing the data to the private entity considering the limited number of records with an OPT/IN? 2) If there is still a value, should the requesting entity obtain a law enforcement sponsor prior to submitting the request? 3) Should each private entity request be presented on a case by case basis? 4) Are the requirements still acceptable or do they need revisited to expand on all NCIC property files? Therefore, the Subcommittee is asked to discuss and review this proposal and select one of the following options: OPTIONS Option #1 Continue to allow private entities to submit requests for NCIC data through the Advisory Process for consideration if all pre-requisites or requirements are met. Option #1a If Option #1 is approved, please consider the current criteria and advise if it is sufficient, or if additional criteria is recommended such as, requiring the private entity receive sponsorship from a state, local, or tribal law enforcement agency with concurrence from the state CSA in order to obtain the NCIC data requested prior to submitting the request through the Advisory Process.

NCIC Issue #1, Page 4 APB Item #8, Page 5

Current Criteria: 1. No individual personal identifiers will be provided with the article information. The private company obtaining the data will only receive the necessary information to identify an object, the reporting agency, and case report number of the stolen article. 2. The ability to access the receiving entity's copy of the article data will always be free to the public and law enforcement through a simple Internet search. 3. The entity receiving the data may not sell or transfer data in a way inconsistent with this motion. Any transfer of bulk data from the receiving entity is prohibited without the written approval from the FBI or the contributing law enforcement agency. 4. The FBI will make available, to the contributing law enforcement agencies, information regarding the date of any article data transfer, the name of the entity receiving the data, and their intended use of the data. The receiving entity, or FBI, must create a simple mechanism to allow agencies to decline participation in that entity's program. 5. The NCIC Subcommittee shall oversee the use of the data and may revoke any entity’s right to use existing and future data for failing to comply with these terms. 6. The NCIC Subcommittee will monitor the pilot project for a period of up to 24 months from implementation and report their findings to the Working Groups for a recommendation as to whether the program should be modified, extended, terminated, or made permanent. 7. The receiving entities shall provide a silent notification to law enforcement agencies of “HITS” on their stolen article records 8. The receiving agency, or the FBI, will create a mechanism to allow states and agencies to decline participation or, when available, agencies can decline entry of specific records into the program. Option #2 Discontinue consideration of new requests for private entities’ access to NCIC property data. Option #2a If option #2 is approved, please consider discontinuing existing private entity access to NCIC property data. Recommendation The FBI recommends consideration of the value to law enforcement of providing NCIC property data to private entities based on the low participation of the OPT Field by the user community.

NCIC Issue #1, Page 5 APB Item #8, Page 6

The FBI's Office of the General Counsel has expressed no legal objection to this proposal. SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Options 2 and 2a. Option #2: Discontinue consideration of new requests for private entities’ access to NCIC property data. Option #2a: Discontinue existing private entity access to NCIC property data. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion 1: To accept Options 2 and 2a. Option 2: Discontinue consideration of new requests for private entities’ access to NCIC property data. Option 2a: Discontinue existing private entity access to NCIC property data. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 2: Discontinue consideration of new requests for private entities’ access to NCIC property data. Action: Motion carried. Motion: Action:

To accept Option 2a: Discontinue existing private entity access to NCIC property data. Motion carried.

SOUTHERN WORKING GROUP ACTION: Motion 1: To adopt Option 2: Discontinue consideration of new requests for private entities’ access to NCIC property data. Action: Motion carried. Motion 2: Action:

To adopt Option 2a: Discontinue existing private entity access to NCIC property data. Motion carried.

WESTERN WORKING GROUP ACTION: Motion: To accept Options 2 and 2a. Option #2: Discontinue consideration of new requests for private entities’ access to NCIC property data. Option #2a: Discontinue existing private entity access to NCIC property data. Action: Motion carried.

NCIC Issue #1, Page 6 APB Item #8, Page 7

SPRING 2017 NCIC SUBCOMMITTEE ACTION: Motion 1: To accept Option 2: Discontinue consideration of new requests for private entities’ access to NCIC property data. Action: Motion carried. Motion 2: Action:

To accept Option 2a: Discontinue existing private entity access to NCIC property data. Motion carried.

NCIC Issue #1, Page 7 APB Item #8, Page 8

CJIS ADVISORY POLICY BOARD (APB) NATIONAL CRIME INFORMATION CENTER (NCIC) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER NCIC ISSUE #2 Proposal to Eliminate the National Crime Information Center (NCIC) Vehicle File Standard Record Retirement Schedule PURPOSE The purpose of this paper is to propose extending the retention period for stolen vehicle records in the NCIC Vehicle File to indefinitely. POINT OF CONTACT Law Enforcement Support Section, NCIC Operations and Policy Unit Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide appropriate comments, suggestions, and recommendations to the Advisory Policy Board. BACKGROUND The current retention period for stolen vehicles in the NCIC Vehicle File is the balance of the year entered plus 4 years. Specifically, 1.4 RECORD RETENTION PERIOD FOR STOLEN VEHICLE, FELONY VEHICLE, OR STOLEN PART 1. If a stolen vehicle record remains on file for 90 days and it does not contain a Vehicle Identification Number (VIN) or Owner Applied Number (OAN), the record is retired. If a felony vehicle or vehicle subject to seizure record remains on file for 90 days, the record is retired. 2. Stolen vehicles which contain a VIN or OAN will remain on file for the balance of the year entered plus 4. Following this retention period, the records are retired. For example, a vehicle record entered in 1996 would be retired January 1, 2001. 3. Exceptions to the record retention periods will occur in the event a serious error is detected in the record on file. Additional information on serious errors can be found in the Introduction chapter of this manual. NCIC Issue #2, Page 1 APB Item #8, Page 9

A proposal to extend the retention period for vehicles in the NCIC Vehicle File to ten years was previously presented through the 2007 and then again during the 2008 Advisory Process resulting in a motion for "no change" by the APB. DISCUSSION AND ANALYSIS A request was submitted by Mr. Ted DeRosa, Colorado Bureau of Investigation, on behalf of the Auto Theft Intelligence Coordination Center to eliminate the standard record retirement for records maintained in the NCIC Vehicle File. The request indicates the act of purging and then re-entering stolen vehicles causes a new record to be created in state databases. Some agencies are incorrectly entering the date of the record’s re-entry as the theft date which causes a false record of an additional auto theft to be created. The justification provided by Mr. DeRosa for vehicles to remain in the NCIC Vehicle File for a longer period of time is two-fold. First, it is believed that stolen vehicles, when purged, may not get re-entered by the originating agency due to oversight or lack of training. In addition to the training related concerns, the second reason is to alleviate the time required to re-enter purged vehicles. Mr. DeRosa’s justification also stated that since 2013, there have been 2,218 stolen vehicles purged from the Colorado Criminal Information Center database and then re-entered. Eliminating the purge policy on stolen vehicles not recovered in the past five years will allow proper maintenance of the auto theft data and will relieve the re-entry burden on law enforcement agencies. In the past, a four year retention period on stolen vehicles may have been effective based on the speculation that most stolen vehicles would be recovered prior to the four year expiration. However, vehicles are now being manufactured to exist for a longer period of time. According to research conducted by the Criminal Justice Information Services (CJIS) Division staff, the number of vehicles over 25 years old still on the road is 14 million and those 16 to 24 years old is 44 million. This is a significant increase over the 26 million from a previous study in 2002. 1 The NCIC Vehicle File contained 936,562 records as of October 31, 2016. The NCIC Vehicle File averages 167,749 records per year removed due to the automatic retirement date. By taking this average over a ten year period with no automatic retirement, this would add approximately 1.6 million additional records (this amount may decrease if users routinely re-enter records that have expired due to the retention). 2 Similarly, the NCIC Gun File has no retention period, and as of October 31, 2016, this file contained over 3.3 million records. There are other factors to consider should the retention period be eliminated. Increasing the amount of time the records remain in the NCIC files creates the potential risk that information may not be up-to-date. Agencies may also see an increase in the number of NCIC messages, including hit responses that will be generated due to the increase in records in the NCIC Vehicle File. Since the NCIC System generates matches for a vehicle inquiry based on the last eight characters of a VIN, this could increase the number of false positives an agency may receive during an inquiry.

1

Information obtained from the Informed Handling Service/Markit survey April 2015.

2

Estimates based on the records currently in the NCIC Vehicle File and do not include the records due to retire in 90 days due to no VIN/OAN or felony vehicle records.

NCIC Issue #2, Page 2 APB Item #8, Page 10

Another option is to provide agencies the ability to set a custom retirement date. The date would default to the standard retirement date if no custom date is selected. This would require the addition of a new field to capture this date and require programming at the Federal Bureau of Investigation and state level. Another area of concern would be the validation of records. On a monthly basis, the NCIC System extracts active records on file for validation purposes. The NCIC records must be validated 60-90 days after entry, then annually thereafter no matter the age of the record as with the NCIC Gun File which has no retention period. The NCIC policy states that records in the Vehicle, Boat, Gun, Vehicle/Boat Part, License Plate, and Securities Files and qualifying records in the Article File must be validated only once when they are 60-90 days old and the CSAs can request to participate in the one-time only validation which means records in these files may never be validated again increasing the potential for inaccurate information to remain in those files. It should also be noted that the CJIS Division is preparing for the next major upgrade to NCIC known as NCIC 3rd Generation (N3G). The CJIS Division recently completed a nationwide requirements canvass and has collected thousands of comments and recommendations. Based on recommendations received, the current purge and retirement functionality will be explored in N3G. One of the recommendations identified in the canvass is the ability to re-activate records. Having the ability to re-activate records would ultimately save time, as re-entering records would not be necessary. The capability to re-activate records if approved through the N3G review process would be incorporated into the N3G requirements. OPTIONS The Subcommittee is asked to discuss and review this proposal and consider the following recommendations: Option 1

Eliminate the retention period for vehicles maintained in the NCIC Vehicle File.

Option 2

Create the ability for an agency to set a custom retirement date. The date would default to the standard retirement date if no custom date is selected.

Option 3

Revisit the NCIC record purge process as a part of the N3G initiative.

Option 4

No change.

The FBI's Office of the General Counsel has expressed no legal objection to this proposal. A technical analysis will be provided to subcommittee members at the meetings. If the proposal of this topic is approved, the system enhancements necessary to implement the proposal should be assigned the priority: (enter 0-5) and categorized as: ___(enter High, Medium, or Low).

NCIC Issue #2, Page 3 APB Item #8, Page 11

RECOMMENDATION The FBI recommends Option 3, to revisit the NCIC record purge process as part of the N3G initiative since there are options that may be available to the user prior to the automatic purge schedule of the records.

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1 with a priority of 3M. Option 1: Eliminate the retention period for vehicles maintained in the NCIC Vehicle File. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion: To accept Option 3: Revisit the NCIC record purge process as a part of the N3G initiative. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 3: Revisit the NCIC record purge process as a part of the N3G initiative. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 3: Revisit the NCIC record purge process as a part of the N3G initiative. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 3: Revisit the NCIC record purge process as a part of the N3G initiative. Action: Motion carried.

SPRING 2017 NCIC SUBCOMMITTEE ACTION: Motion: To accept Option 3: Revisit the NCIC record purge process as a part of the N3G initiative. Action: Motion carried.

NCIC Issue #2, Page 4 APB Item #8, Page 12

CJIS ADVISORY POLICY BOARD (APB) NATIONAL CRIME INFORMATION CENTER (NCIC) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER This paper was updated for the NCIC Subcommittee – see page 13 NCIC ISSUE #4 NCIC Third Generation (N3G) Project PURPOSE To request approval of the N3G requirements recommended by the N3G Task Force POINT OF CONTACT Law Enforcement Support Section, NCIC Operations and Policy Unit Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information provided in this paper and provide appropriate comments, suggestions, or recommendations to the APB. BACKGROUND The NCIC System became operational on January 27, 1967, with the goal of assisting law enforcement in apprehending fugitives and locating stolen property. This goal has since expanded to include locating missing persons and further protecting law enforcement personnel and the public. The last major upgrade to the NCIC System occurred in July 1999, with the implementation of NCIC 2000. As the lifecycle of the technology deployed in NCIC 2000 nears its end, the Federal Bureau of Investigation’s (FBI’s) CJIS Division is preparing for the next major upgrade to the NCIC System, known as the N3G Project. The first objective of the N3G Project was to partner with the NCIC System stakeholders to identify new technical and operational functionality that will improve, modernize, and expand upon the capabilities of the existing NCIC System. In preparation for the upgrade of services and capabilities for the new NCIC System, the CJIS Division conducted the largest user canvass in its history. Canvass site visits were completed in all 50 states and United States territories. In total, 124 state-level agencies, 341 local agencies, 26 federal agencies, and 9 tribal agencies participated in the canvass, resulting in more than 5,500 individual user requests. NCIC Issue #4, Page 1 APB Item #8, Page 13

The volumes of data collected evolved into the 14 high-level concepts that were approved for further exploration by the APB in June 2016. The 14 high-level concepts are listed below for reference: Concept 1: Concept 2: Concept 3: Concept 4: Concept 5: Concept 6: Concept 7: Concept 8: Concept 9: Concept 10: Concept 11: Concept 12: Concept 13: Concept 14:

Flexible Data Format Tailored Functionality Access Data Repositories Name Search Algorithm Enhanced Data Search System Search Enhanced Training Resources Enhanced Testing Environment Record Content Enhanced Multimedia Improved Data Management Alternative Outbound Communications Alternative Access Improved Outbound Communications

An N3G Task Force was established to assist with the development of the N3G Project. The purpose of the N3G Task Force is to offer continuous subject matter expertise and user experience to CJIS Division project personnel during the development of the N3G Project. The inaugural N3G Task Force meeting was held on August 18, 2015, and meetings have routinely been conducted both in person and telephonically since the initial meeting. As a result of the collaborative efforts of the N3G Project Team and the N3G Task Force, the functional requirements for each concept are currently being drafted. As functional requirements are drafted and vetted through the N3G Task Force, they will be subsequently forwarded through the CJIS Advisory Process for approval. Concept 1 – Flexible Data Format completed the approval process in December 2016. Throughout the system development process, several assumptions have been identified as necessities to the NCIC System stakeholders. These “guiding principles” will be taken into consideration as the user concepts are further analyzed and developed. One such principle is to ensure current system performance and response times are not degraded. Another is continued support of legacy functionality. Since CJIS Systems Agency (CSA) and many local agency systems will require upgrades and/or additional programming to take advantage of new capabilities, the CJIS Division is committed to support legacy NCIC System functions during a transition period, to be defined by the APB, to ensure vital services remain available to all users. The intent of the N3G Project is to be forward looking, but backward compatible. Additional guiding principles include the integration of national standards, when applicable, and scalability. The next generation of the NCIC System should provide scalable capacity for additional input, storage, processing, and output functionality. It is important to note that as these concepts and sub-topic functional requirements are approved, legal and technical reviews will be ongoing. The CJIS Advisory Process will continue to be apprised when any approved concepts require further refinement or elimination from the N3G Project development effort. NCIC Issue #4, Page 2 APB Item #8, Page 14

This paper addresses (3) concepts: Concept 10 – Enhanced Multimedia; Concept 3 - Access Data Repositories; and Concept 5 - Enhanced Data Search. Each concept has several sub-topics (referred to as Issues in this paper) with corresponding functional requirements. All of the issues and functional requirements provided have been reviewed and approved by the N3G Task Force. The Working Groups are requested to review and provide recommendations on the functional requirements for each issue independently. N3G Project – Concept #10 – Enhanced Multimedia Current Functionality During the N3G Project canvass, the importance of enhanced multimedia was echoed throughout the country. The current image functionality in the NCIC System was delivered in 1999 as one of the NCIC 2000 capabilities. As such, the process for entry is cumbersome and images are not high quality. Users can currently enter mugshots, signatures, and other identifying images as part of any NCIC System person record. In addition, a single identifying image can be associated with a vehicle, boat, part or article record. Requests for enhancing multimedia in the NCIC System were captured in three separate categories: Improved Image Quality, Administrative - Enhanced Entry of Images, and Enhanced Images in the Responses. Each category will be discussed as separate issues with correlating options for inclusion in the NCIC System. Issue #1: Improved Image Quality Currently, the NCIC System image specifications allow for 8-bit gray-scale JPEG image files at 256 x 256 pixels. The N3G Project canvass results concluded that image resolution is poor quality and including images is not always beneficial. It was also requested that a standard for image quality be established for size, resolution, and file format. Although a standard for the NCIC System images will not be determined until development, other criminal justice systems will be reviewed to determine if the NCIC System should adopt those specifications. Examples are the specifications used by the FBI’s Next Generation Identification (NGI) System. The NGI System currently follows the ANSI NIST ITL Subject Acquisition Profile, Level 30, which outlines the following specifications for best practices: background 18 percent gray, the lighting is three-point and the image size is, at a minimum, 480x800 pixels with an aspect ratio of 1:1.25. The International Justice and Public Safety Network (Nlets) supports image sharing using a standardized XML format. Images may be sent to Nlets in either a JPEG or Portable Document Format (PDF) and are returned to the user in the format that it was received. The maximum size for images sent in responses is 100 kilobytes. However, if the user’s system is configured to receive smaller images, Nlets will resize the image prior to sending to the recipient. Users may also choose to receive all available images or only a “primary” image. The N3G Task Force recommended the following functional requirements related to improved image quality for consideration: NCIC Issue #4, Page 3 APB Item #8, Page 15

The NCIC System shall provide the ability to: 1. Improve image quality. 2. Accept images of higher resolution. 3. Provide a standard for all photos. 4. Provide the ability to automatically crop and size images. Issue #2: Administrative – Enhanced Entry of Images Issue 2 requests that the manner in which images are entered into the NCIC System be enhanced. Currently, the entry of images into the NCIC System requires a two-step process. First, users must enter an NCIC System record in the specific file and obtain an NCIC Number (NIC). Users are then required to enter an image into the NCIC Image File, using the respective NIC as a correlating mechanism back to the specific file record. It is requested that an image be entered directly with the record at the time of entry. Although the specific method of entry will be determined through technical requirements, users did request commonly used methods, such as drag and drop. It was also requested that the NCIC System accept different types of images, some of which may not be allowed today. Many users determined that it would be beneficial to attach a PDF of a document for reference with a specific record. Specifically, users stated that it would be beneficial to attach warrants and protection orders to the NCIC System records. This would allow officers to determine the specific details and restrictions without having to further investigate. It could also potentially expedite the gun check process for firearm sales. The N3G Task Force recommended the following functional requirements related to enhanced entry of images for consideration: The NCIC System shall provide the ability to: 1. Improve the entry of images. 2. Enter images directly into record at the time of entry. 3. Accept document files (PDF, DOC, and TXT). 4. Accept additional graphic image file types. 5. Accept multiple image types for all record types. Issue #3: Enhanced images in the responses Users indicated that it is critical for images to be returned directly as part of the NCIC System response. Many users indicated that if the NCIC System could return all images as part of the initial response, they would deem the N3G Project initiative a success. Currently, correlating images are only returned directly with the record response if the Image Indicator is set to “Y” and the image returned is a “mugshot”. Otherwise, the Image Number (IMN) is returned as part of the record and a secondary inquiry using that specific IMN is required to obtain the image. Users indicated that they would like, at a minimum, a thumbnail image returned as part of the initial NCIC System hit. This could assist officers in identifying the suspect during a tactical encounter. It was also determined that many users would like all correlating images returned in that initial response, including all identifying images. Users would have the opportunity to NCIC Issue #4, Page 4 APB Item #8, Page 16

determine if they want images returned or not. This would prevent users from being inundated if several images are included with one record. The ability to return all images in a response could spawn other concerns. This functionality may be limited by bandwidth constraints for state and/or local users. An alternative that was discussed is the ability to return a link or Uniform Resource Locator (URL) in the response. Providing a link or URL in responses would allow users to obtain images outside the NCIC System, alleviating some of the size concerns. It could also assist in the ability of an image to be linked to multiple records in the NCIC System. Users indicated that they would like the ability to have multiple NCIC System records linked to the same image. The request to link a single image to multiple NCIC System records was approved through the CJIS Advisory Process in 2009. Potential issues were discussed during that time including ownership and record maintenance questions such as validation responsibility. To address those concerns, the approval included the transfer of ownership of an image to the next Originating Agency Identifier (ORI) that has interest in the image for record maintenance. Implementation of this capability was delayed pending the N3G Project. Finally, users have suggested that they would like the ability to export images into various formats. Users indicated that it would be beneficial to save the image in a format where they could subsequently email or text it to officers or investigators in the field. The N3G Task Force recommended the following functional requirements related to enhanced images in responses for consideration: The NCIC System shall provide the ability to: 1. Improve image capability in the response. 2. Return available images in the response. 3. Request the number of images returned in the hit response. 4. Return a thumbnail image with the response. 5. Return a link in the hit response to correlated images. 6. Provide a hyperlink (URL) to images. 7. Link multiple records to the same image. 8. Export images into various formats. Options for Concept 10: Issue #1 – Improved Image Quality Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements: Issue #2 – Administrative – Enhanced Entry of Images Option 1: Approve all functional requirements as recommended by the N3G Task Force. NCIC Issue #4, Page 5 APB Item #8, Page 17

Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements: Issue #3 – Enhanced Images in Responses Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

N3G Project – Concept #3 – Access Data Repositories Current Functionality The NCIC System does not currently provide users with information from any external databases with the limited exception of the Interstate Identification Index (III). III data can be obtained using the NCIC System telecommunication network. In addition, a “QWI” transaction will search both the NCIC System and the III. Positive hit responses contain any corresponding NCIC System persons file records and III QH results. During the N3G Project canvass, users requested more than 100 databases that could potentially be searched as part of an NCIC System interface. Upon the initial review by the N3G Task Force, the databases listed below were approved for further exploration. Multiple databases were excluded for further consideration by the N3G Task Force due to several factors, including: not being criminal justice oriented in nature, charging a user fee, and users currently having access via other systems (i.e., Nlets). The databases have been categorized into five (5) categories including: CJIS Division data repositories, federal data repositories, state data repositories, private data repositories, and Office of the General Counsel (OGC) preliminary legal judgment data repositories. Data owners will be contacted on willingness to share information upon approval by the Advisory Process. Issue #1: CJIS Division Data Repositories The data repositories listed below, in addition to the NCIC System, are all maintained by the CJIS Division. These databases house a wide variety of information including criminal history records, investigative records, fingerprints, and other biometric information. The N3G Task Force recommended the following CJIS Division data repositories for consideration:

NCIC Issue #4, Page 6 APB Item #8, Page 18

1) National Data Exchange (N-DEx) The N-DEx is a national investigative information sharing system. The N-DEx System provides criminal justice agencies with a system for sharing, searching, linking, and analyzing criminal justice information. Records include information related to cases, arrests, missing persons, service calls, bookings, holdings, incarcerations, pre-trial and pre-sentencing proceedings, warrants, supervised releases, citations/tickets, and field contacts/interviews. 2) Next Generation Identification (NGI) The NGI is the world’s largest electronic repository of biometric and criminal history information. The NGI System expanded and significantly enhanced the FBI’s biometric identification capabilities and replaced the Integrated Automated Fingerprint Identification System. The NGI System includes a mobile fingerprint search of the Repository for Individuals of Special Concern (RISC). The RISC rapid search offers additional officer safety and situational awareness by providing on-scene access to the NCIC System’s wanted persons, convicted sex offenders, and known or suspected terrorists.

Issue #2: Federal Data Repositories The federal data repositories listed below are owned and maintained by various United States government agencies and provide a wide variety of data. The N3G Task Force recommended the following federal data repositories for consideration: 3) Department of Homeland Security (DHS) Homeland Security Information Network (HSIN) The HSIN is owned by the DHS and managed by the Homeland Security Operations Center. The HSIN is a secure internet-based system of integrated communication networks designed to facilitate information sharing between the DHS and other federal, state, county, local, tribal, private sector commercial, and other non-governmental organizations involved in identifying and preventing terrorism as well as in undertaking incident management activities. 4) DHS Automated Biometric Identification System (IDENT) The IDENT system is owned and managed by the DHS. IDENT serves as a centralized repository for storing and processing information for national security, law enforcement, immigration and border management, intelligence, federal background investigations, and other DHS associated administrative and management purposes. All IDENT users are federal, state, local, tribal, foreign, or international governmental agencies. IDENT stores and processes biometric data, linking the biometrics with biographic information to establish and verify identities. Currently, DHS and the FBI have established NCIC Issue #4, Page 7 APB Item #8, Page 19

interoperability between IDENT and the FBI’s NGI System. Interoperability has enabled the sharing of biometric and related biographic, criminal history and immigration information to meet different agency needs. 5) DHS United States Customs and Border Protection (CBP) TECS The TECS System is owned and managed by the DHS component CBP. TECS is an information-sharing platform, which allows users to access different databases that may be maintained on the platform or accessed through the platform, and the name of a system of records that includes temporary and permanent enforcement, inspection, and operation records relevant to the anti-terrorism and law enforcement mission of CBP and numerous other federal agencies that it supports. While considered the primary repository for enforcement related activities at United States borders, TECS is also an information-sharing platform that supports many federal, state, local, international, and foreign law enforcement agencies that have law enforcement, intelligence, and counterterrorism responsibilities. 6) DHS United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Database The US-VISIT database is owned and managed by the DHS. The US-VISIT leads the collection, storage, and sharing of biometric and biographic identity information on foreign visitors seeking entry into the United States, persons seeking United States immigration benefits, and United States citizens applying for access to certain government sites, programs, and critical infrastructure. US-VISIT is accessed by 30,000 users from federal, state, and local government agencies. Information found in US-VISIT includes: complete names; date(s) of birth; gender; country(ies) of citizenship; passport numbers and countries of issuance; countries of residence; travel document information (type, number, date and country of issuance); complete United States destination address; arrival and departure information; digital photographs; digital fingerprints and/or iris scans; and the subject’s FIN (Fingerprint Identification Number assigned by US-VISIT to each unique set of fingerprints stored in the IDENT database). 7) DHS Immigration and Customs Enforcement (ICE) Criminal and Administrative Records The Law Enforcement Support Center (LESC) is a national enforcement operations facility owned and managed by the DHS component ICE. The center is a single national point of contact that provides timely immigration status, identity information, and realtime assistance to federal, state and local law enforcement agencies on aliens suspected, arrested, or convicted of criminal activity. There are currently more than 301,600 ICE records in the NCIC System. 8) DHS ICE Immigration Alien Query (IAQ) The LESC is owned and managed by the DHS ICE. LESC supports various federal, state, and local agencies through the Nlets Immigration Alien Query (IAQ). An IAQ, at a NCIC Issue #4, Page 8 APB Item #8, Page 20

minimum, is a request for the immigration status of a subject encountered or investigated by law enforcement. The LESC response to an IAQ is an Immigration Alien Response (IAR). The primary sources of information for responding to an IAQ are the ICE owned and managed Alien Criminal Response Information Management System (ACRIMe) and the Enforcement Integrated Database (EID). ACRIMe provides a biometric-based means to identify criminal aliens for possible removal from the United States. The EID is an ICE case management system that captures information related to immigration and criminal investigations and operations conducted by all DHS components. 9) DHS Transportation Security Administration (TSA) Database The TSA employs a conglomerate of approximately 40 administrative and/or operational programs involving the electronic (digital) collection and storage of data. The two TSA programs offering the greatest information and intelligence sharing benefit to various federal, state, and local governmental agencies are the Transportation Security Enforcement Record System (TSERS) and the Transportation Security Threat Assessment System (T-STAS). The TSERS collects and maintains records related to passengers and property involved in the investigation or enforcement of a “security incident” occurring during passenger or property screening. The T-STAS documents and manages cases/incidents of threat assessments, employment investigations, and evaluations performed for security purposes on individuals identified for such processes by federal statutes and DHS/TSA regulations. 10) US Department of the Interior, Office of Justice Services (OJS), Bureau of Indian Affairs (BIA) Data Repositories The Incident Management, Analysis, and Reporting System (IMARS), maintained by the United States Department of Interior (DOI) Office of Law Enforcement Services, is used by law enforcement agencies/elements aligned under the various DOI bureaus (e.g., the Bureau of Indian Affairs, Bureau of Land Management, Fish and Wildlife Service, National Park Service, and the United States Park Police) that are responsible for protecting federal assets and DOI properties. IMARS is an incident management and reporting application used to prevent, detect, and investigate known and suspected criminal activity; protect natural and cultural resources; capture, integrate, and share law enforcement related information and observations from other sources; manage budgets; and measure performance of employees and law enforcement programs. 11) National Institute for Justice (NIJ) National Missing and Unidentified Persons Systems (NamUs) NamUs is a national centralized repository and resource center for missing persons and unidentified decedent records, owned by the NIJ and administered/managed by the University of North Texas - Health Science Center. The three NamUs databases (Missing Persons, Unidentified Persons, and Unclaimed Persons) are available online, for NCIC Issue #4, Page 9 APB Item #8, Page 21

free. Searches can be performed by anyone. In addition to providing three separate databases, NamUs also provides case management and investigative support services, which include: DNA analysis, case analysis, fingerprint examination, forensic odontology, and anthropological analysis. On October 1, 2009, Billy’s Law was introduced to Congress to allow direct two-way communication between NamUs and the NCIC System. On February 23, 2009, Billy’s Law was passed by the House; however, to date, the law has not been passed by the Senate. Currently, there is an alternative option in which to share NCIC Missing and Unidentified Person data with NamUs. Under this option, the CJIS Division creates an extract of the data and provides it to the record-owning agency. The agency, in turn, exchanges the data with NamUs. This approach, while interim in nature, was created as a way for state and local agencies to share Missing and Unidentified Person data with NamUs in anticipation of the passage of Billy’s Law. 12) Department of Justice (DOJ) Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) Electronic Tracing System (eTrace) The eTrace database is a 24/7 internet-based tracing and analysis tool for a firearm encountered, confiscated, or seized by law enforcement. Participating law enforcement agencies (domestic and foreign) can access eTrace. eTrace is the systematic tracking of the movement of a firearm from its creation by the manufacturer or its introduction into commerce by an importer, through the distribution chain, to the first retail purchase. eTrace users can also generate various statistical reports (e.g., number of traces within period of time, most frequently traced firearms, and average time-to-crime rates). Currently, when conducting an NCIC System gun inquiry, a message is returned to the user notifying them to check the ATF’s eTrace system for possible additional information. 13) DOJ Bureau of Prisons (BOP) Data Repositories The SENTRY Inmate Management System (SENTRY) is a BOP database operated by the DOJ Justice Management Division's - Computer Services. SENTRY is a real-time information system consisting of sensitive but unclassified inmate information. SENTRY information is collected from BOP inmates and persons in federal pre-trial custody; federal, state, local, foreign, and international law enforcement agencies; federal and state prosecutors, and courts and probation services; educational institutions; health care providers; relatives, friends, and other interested individuals or groups in the community; former or future employers; state, local and private corrections staff; and BOP staff, contractors and volunteers. A SENTRY file was created as part of the NCIC 2000 initiative, but was discontinued due to the inability to meet mandatory data entry requirements.

NCIC Issue #4, Page 10 APB Item #8, Page 22

14) DOJ Drug Enforcement Administration (DEA) El Paso Intelligence Center (EPIC) EPIC is a DEA managed and funded intelligence center which focuses on tactical intelligence gathering and dissemination pertaining to illegal drug and/or weapons operations, and other criminal activity. EPIC operates a 24/7 Watch Section that responds to requests for information from “EPIC registered” United States and foreign law enforcement agencies in support of their investigations. In response to requests EPIC performs simultaneous searches of five (5) internal databases and nine (9) externally owned databases. 15) FBI’s Violent Criminal Apprehension Program (ViCAP) Data Repository The ViCAP is the largest investigative repository of major violent crime cases in the United States. It is designed to track and correlate information about homicides, sexual assaults, missing persons, and other violent crimes involving unidentified human remains. Cases can be entered into the system by law enforcement officials and compared to other cases in an attempt to correlate and match possible connections. The ViCAP database is available to all law enforcement agencies through a secure internet link. This allows for real time access to the database and allows agencies to enter and update cases directly into the database. 16) Department of State (DOS) The DOS plays a major role in ensuring the safety and security of the United States. Two important aspects of that role, which are the responsibility of the DOS Bureau of Consular Affairs (CA), include the effective screening of United States passport and visa applicants, and managing United States passport and visa documents. The primary database associated with the CA is the Consular Consolidated Database (CCD). The CCD is a data warehouse that was created to provide CA a near real-time aggregate of the consular transaction activity collected domestically and at post databases. The CCD holds current and archived data from the CA. Authorized users utilize the CCD Portal to view the centralized data through a set of reports as well as to gain access to other applications. The CCD is interconnected to 26 DOS data sub-systems. The CCD stores information about United States persons (United States citizens and legal permanent residents) and foreign nationals (non-United States persons), through United States passport applications and immigrant/non-immigrant visa applications. This information includes names, addresses, birthdates, biometric data (fingerprints and facial images), race, identification numbers (e.g., social security numbers, alien registration numbers, and national identification numbers) and country of origin. The CCD can also contain Security Advisory Opinions (SAOs) and Advisory Opinions (AOs) for visa applicants. 17) DOS Passport Information Electronic Records System (PIERS) The PIERS is a United States government data system owned and managed by the DOS. The vast majority of PIERS files contain only application records for issued and expired passports; “not issued” passports; and destroyed, lost, and stolen passports. Because NCIC Issue #4, Page 11 APB Item #8, Page 23

PIERS is a suite of web and desktop applications, it also contains Consular Reports of Birth Abroad, Certificates of Witness to Marriage, Records of Death, the Diplomatic and Official Tracking System, and Panama Canal Zone data. Access to PIERS for non-DOS agencies is currently very limited. However, if authorized, external agency access is via secure transmission methods through the CCD. 18) DOS Visa Data Repositories A major responsibility of the DOS CA is to effectively screen United States visa applicants and manage visa documents. Information pertaining to visa applicants and the visa process are maintained in three sub-systems of the CCD. They are the Immigrant Visa (IV) database, the Non-Immigrant Visa database, and the SAO database. The IV database stores information pertaining to visa applications from individuals wishing to come to the United States with the intent to establish permanent residence. Currently the CCD and its sub-systems are only shared with a few federal law enforcement agencies. 19) U.S. District Court (USC) Probation and Pretrial Services Data Repositories Public Access to Court Electronic Records (PACER) is an electronic public access service maintained by the USC and is accessible by all United States appellate, district, and bankruptcy courts. In addition to courts, PACER is accessible by all United States Probation and Pretrial Services and Federal Public Defenders Office. PACER allows users to obtain case and docket information online from federal appellate, district, and bankruptcy courts, and the PACER Case Locator (PCL). The PCL is a national locator index for PACER systems in the United States appellate, district, and bankruptcy courts. Each night, subsets of data are collected from each court and transferred to the PCL. The PCL allows searches by party name or social security number in the bankruptcy index; party name or nature of suit in the civil index; defendant name in the criminal index; and party name in the appellate index. The search will return the party name, the court where the case is filed, the case number, date filed, and date closed. To see more detailed information regarding a case, users can access the court's Case Management/Electronic Case Files (CM/ECF) site. The CM/ECF system is the Federal Judiciary's comprehensive case management system for all bankruptcy, district, and appellate courts. The CM/ECF allows courts to accept filings and provides access to filed documents online. The CM/ECF gives access to case files by multiple parties, and offers expanded search and reporting capabilities. The system also offers the ability to immediately update dockets and download documents and print them directly from the court system.

NCIC Issue #4, Page 12 APB Item #8, Page 24

20) DOJ National Motor Vehicle Title Information System (NMVTIS) The National Motor Vehicle Title Information System (NMVTIS) is currently maintained and operated by DOJ. The NMVTIS operates as an electronic system designed to protect consumers from fraud and unsafe vehicles and to keep stolen vehicles from being resold. NMVTIS provides motor vehicle administrators, law enforcement officials, prospective purchasers, and insurance carriers with a means to verify title, salvage or junk status, and odometer data. NMVTIS is a tool that assists federal, state, and local law enforcement in investigating and preventing vehicle-related crimes. Issue #3: State Data Repositories The state data repositories listed below are broad categories that vary from state to state. There is not currently one particular database that encompasses all of the United States and its territories. Integration of this data into the NCIC System would require interfacing with each individual state data owner. In addition, each state would have to be willing, with no expectation, to share specific data in the NCIC System. The N3G Task Force recommended the following state data repositories for consideration: 21) Firearms Databases Users requested access to firearms databases specifically related to gathering information on firearms that were stolen or used in a commission of a crime. Research on firearms databases revealed that there is not a single source of firearms data other than those already described in this document, i.e., eTrace. As such, integration of this data into the NCIC System would require interfacing with each state’s system. Please note: State Sex Offender Deoxyribonucleic Acid (DNA) Databases were excluded by the N3G Task Force after the paper was disseminated to the working groups. 22) State Sex Offender Deoxyribonucleic Acid (DNA) Databases Users requested access to state sex offender DNA databases specifically related to gathering biometric and biographic information. Research on state sex offender DNA databases revealed that there is not a single source of data other than those already described in this document. As such, integration of this data into the NCIC System would require interfacing with each state’s system. Issue #4: Private Data Repositories The private data repositories listed below are owned and operated by private companies. While there is currently a working collaboration between the NCIC System and a few of these databases, full, unlimited access to these various databases would require further analysis. The N3G Task Force recommended the following private data repositories for consideration: NCIC Issue #4, Page 13 APB Item #8, Page 25

23) National Center for Missing and Exploited Children (NCMEC) The NCMEC is a not-for-profit organization primarily funded by the DOJ that acts as an information clearinghouse and resource center that assists law enforcement in investigating incidents of missing and/or exploited children and to raise public awareness about ways to prevent child abduction, child sexual abuse, and child pornography. NCMEC programs and initiatives available to law enforcement include: the Missing Child Database which houses data and images pertaining to missing/unidentified children and any known case-related abductors; the National Child Victim Identification Program – a central repository relating to child victims depicted in sexually exploitive images and videos that are reported by the public and Electronic Service Providers; the Sex Offender Tracking Team which links information about noncompliant sex offenders to unresolved cases of missing and sexually exploited children; the Child Sex Trafficking Team which helps link cases of possible child sex trafficking to known missing child cases; the Unaccompanied Minors Registry – a tool for reporting children displaced and separated from their parents or legal guardians during a disaster; and other biometric/forensic investigative and intelligence assistance. 24) National Insurance Crime Bureau (NICB) VINCheck NICB is a not-for-profit organization that convenes collective resources needed to prevent, detect, and deter crimes relating to theft and fraud. A key function of the NICB involves managing theft and fraud investigations for components of the vehicle/boat finance, insurance, leasing, and rental industries. The NICB also works with law enforcement agencies, technology experts, government officials, prosecutors, international crime-fighting organizations, and the public. An important investigative tool available through the NICB is the VINCheck system. VINCheck is a database of vehicles, boats, and trailers which were reported as stolen within the past five years and remain unrecovered or declared as salvage. The NCIC System and the NICB already have a working relationship, in an effort to mutually support the need for current records. The NCIC System sends Locate messages ($.L.) and Purge messages ($.P.) to the NICB. In turn, the NICB is allowed to “Locate” a vehicle or boat that has been recovered, but the NCIC System record remains active. VINCheck and the NCIC System are similar in that initial records are retained between four and five years. However, the NICB is different from the NCIC System in that it permanently retains the records in another file after they are located, purged, or retired by the NCIC System. These inactive records remain available to law enforcement.

Issue #5: OGC Preliminary Legal Judgment Data Repositories The OGC preliminary legal judgment data repositories listed below are owned and operated by various federal, state, and local governments, and private companies. Upon initial approval by the N3G Task Force for further exploration, OGC reviewed all approved databases and conducted a preliminary legal review. Upon review, OGC concluded that the databases listed below could have possible legal restraints that would prohibit the NCIC System from accessing NCIC Issue #4, Page 14 APB Item #8, Page 26

data repositories that include: not being criminal justice oriented in nature, accessing information which requires a high level security clearance, or having to provide specific training to access the databases. The N3G Task Force recommended the following OGC preliminary legal judgment data repositories for consideration: 25) Department of Health and Human Services (DHHS) Public Assistance Reporting Information System (PARIS) PARIS is a computer data matching and information exchange system owned by DHHS. PARIS is administered by the Administration for Children and Families (ACF) as a federal-state partnership intended to insure the integrity of public and medical assistance programs through detecting and deterring improper payments. PARIS works with all 50 states, the District of Columbia, and Puerto Rico. State participation in the PARIS Program is voluntary. OGC’s recommendation is based on DHHS PARIS not being criminal justice oriented in nature. 26) Centers for Disease Control and Prevention (CDC) data repositories The CDC website consists of many links to a variety of public education/information references and statistical reports. Among other options is the Ambulatory Care Drug Database System (ACDDS). The ACDDS provides the ability to search for drug identification via multiple search fields (e.g., drug code, drug name, and generic equivalent name). The ACDDS search response verifies the drug name and code; the equivalent name and code; the prescription, composition and DEA status; and the drug therapeutic class. OGC’s recommendation is based on CDC data repositories not being criminal justice oriented in nature. 27) FBI’s Terrorist Screening Center (TSC) Database The Terrorist Screening Database (TSDB) is the United States government’s consolidated database, maintained by the TSC, to facilitate DHS mission-related functions, such as counterterrorism, border security, inspection activities, and law enforcement. The TSDB is a sensitive, but unclassified database. OGC’s recommendation is based on the TSC database containing classified information which requires users to possess a high level security clearance in order to access any information.

NCIC Issue #4, Page 15 APB Item #8, Page 27

28) TSC Terrorist Identities Datamart Environment (TIDE) Database The TIDE database, managed by the National Counterterrorism Center, is the United States government’s central repository of information on international terrorist identities. In support of the overall United States intelligence community, TIDE includes intelligence information obtained through the activities of the Central Intelligence Agency, Defense Intelligence Agency, FBI, National Security Agency, etc. TIDE also supports the various government screening or watchlist systems (e.g., the TSDB, the DOS’s Consular Lookout and Support System (CLASS), and the TSA’s No-Fly List). Often implicating the most sensitive sources and methods of intelligence gathering, based on the underlying classification of its contents, the overall classification of TIDE, and the highest level to which its contents may be classified, is Top Secret//Secret Compartmented Information. OGC’s recommendation is based on the TSC TIDE database containing classified information which requires users to possess a high level security clearance in order to access any information. 29) National Instant Criminal Background Check System (NICS) The NICS is a national computerized system that is used in making a timely and accurate determination of a person’s eligibility to possess or receive firearms and explosives in accordance with federal and state law. The NICS is a cooperative effort of the FBI; the Bureau of Alcohol, Tobacco, Firearms and Explosives; the Department of Justice; and state and local law enforcement agencies. OGC’s recommendation is based upon the NCIC System conducting searches of the NICS System for purposes that have no correlation to firearms, the Gun Control Act, or the National Firearms Act; therefore, this access is not legally permissible. 30) United States Postal Service (USPS) Address Management System (AMS) and National Change of Address (NCOALink) Interface The USPS owns and maintains two postal address verification databases: AMS and NCOALink. The AMS is comprised of several subsystems that collectively standardize, validate, verify, and certify postal addresses. The NCOALink is a secure dataset of permanent change-of-address (COA) records. A COA record consists of the names and addresses of individuals, families, and businesses that have filed COA requests with the USPS. NCOA records are available for 48 months from the date of filing. NCOALink also stores records of foreign moves and people who have moved with no forwarding address. Neither the AMS nor NCOALink have the capability to search any address or name that is spelled differently than how the information is entered into the respective systems. OGC’s recommendation is based on USPS AMS and NCOALink not being criminal justice oriented in nature. NCIC Issue #4, Page 16 APB Item #8, Page 28

31) Federal Aviation Administration (FAA) Law Enforcement Assistance Program (LEAP) LEAP consists of field investigative and operational activities that support federal, state, and local agencies by denying anyone who would threaten national security access to the National Airspace System. The LEAP is run by FAA Headquarters Office of Investigations, Investigations Division, and special agents assigned to regional security divisions, centers and field offices. The FAA does not conduct criminal investigations, but does investigate airmen, employee, or contractor employee involvement in criminal activity as it applies to employment or certification. Criminal investigations are referred to the Department of Transportation, Office of Inspector General, or the FBI. OGC’s recommendation is based on LEAP not being criminal justice oriented in nature. 32) Medical Marijuana databases Users requested access to medical marijuana databases specifically related to dispositioning drug related stops. Research on medical marijuana databases revealed that there is not a single source of information. As such, integration of this data into the NCIC System would require interfacing with each state’s database (if a database is available). OGC’s recommendation is based on medical marijuana databases not being criminal justice oriented in nature. 33) Regional Information Sharing System (RISS) RISS offers secure information sharing and communications capabilities, critical analytical and investigative support services. RISS is currently utilized by almost 9,000 law enforcement and criminal justice agencies, in all 50 states, the District of Columbia, United States territories, Australia, Canada, England, and New Zealand. RISS supports efforts against organized and violent crime, gang activity, drug activity, terrorism, human trafficking, identity theft, and other regional priorities. RISS users can query intelligence databases, retrieve information from investigative systems, solicit assistance from research staff, utilize surveillance equipment, receive training, and use analytical staff to help prosecute criminals. OGC’s recommendation is based on RISS requiring Part 23 training as a prerequisite in order to access that database. Options for Concept 3: Issue #1: CJIS Division Data Repositories Option 1: Approve all CJIS Division data repositories as recommended by the N3G Task Force.

NCIC Issue #4, Page 17 APB Item #8, Page 29

Option 2: Do not approve any of the N3G Task Force recommended CJIS Division data repositories. Option 3: Approve only the following CJIS Division data repositories: Issue #2: Federal Data Repositories Option 1: Approve all federal data repositories as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended federal data repositories. Option 3: Approve only the following federal data repositories: Issue #3: State Data Repositories Option 1: Approve all state data repositories as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended state data repositories. Option 3: Approve only the following state data repositories: Issue #4: Private Data Repositories: Option 1: Approve all private data repositories as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended private data repositories. Option 3: Approve only the following private data repositories: Issue #5: OGC Preliminary Legal Judgment Data Repositories: Option 1: Approve all OGC preliminary legal Judgment data repositories as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended OGC preliminary legal Judgment data repositories. Option 3: Approve only the following OGC preliminary legal Judgment data repositories:

N3G Project – Concept #5 – Enhanced Data Search Current Functionality The NCIC System is currently comprised of structured and unstructured data in both the operational and off-line environments. Both structured and unstructured data fields in the operational environment are regulated by system edits that define what is allowable within each NCIC Issue #4, Page 18 APB Item #8, Page 30

respective field. Each field is restricted to alphabetic, numeric, and/or a limited list of special characters. There is also a maximum number of characters allowable for each field. A user attempting to perform an inquiry in the operational environment is required to enter a minimum amount of identifying information in order for the NCIC System to accept an inquiry transaction. Further, the NCIC System will attempt to retrieve records based on only the data fields that are appropriately populated. Regarding searches available in the off-line environment, inquiries may return active, as well as inactive records, in addition to transaction log data. Access to off-line search functionality is limited to the CJIS Division staff and CSAs only. Images contained within the NCIC System must be inquired upon through a direct query of the Image File. A user may request that either all images associated with a record, a specific image, or generic images are returned as a result of an Image File inquiry. All existing NCIC System inquiries, including those of images, search only data stored in the NCIC System environment; no other data sources are leveraged. Issue #1: Keyword Search The N3G Project user canvass participants identified that the NCIC System searches require them to enter too much information. Often times, the mandatory information is not available at the time an inquiry is attempted. Users desired the ability to have a more flexible search option that would allow them to use only the information that is available at the time of an inquiry, without system-edit limitations. In addition, unstructured, free text data fields (i.e., the Miscellaneous Field) are not searchable in the current operational environment. Users proposed that a keyword option for searching the NCIC System data be explored. This would allow users to search record content across all files, fields, and associated data. A keyword search inquiry would allow NCIC System users the ability to gain access to larger pools of candidates when needed. Law enforcement personnel operating in an investigative capacity would potentially have the ability to perform searches across all fields and files in the operational environment, and receive numerous responses that could act as “leads” during an investigation. A keyword search could also include the ability to utilize functions commonly associated with search engines, such as Boolean operators, wildcards, and searches on ranges of data. Boolean operators (i.e., and, or, not) are used to combine information in a search, resulting in more productive results. Wildcard searches allow a user to utilize a symbol in the place of characters that may be unknown, thus allowing them to perform searches using partial data. The ability to search on ranges of data would provide benefit for those performing investigative and administrative duties when searching for potential leads or statistical data for a certain timeframe. A keyword search in tactical situations may be beneficial when assumptions on suspect information must be made in order to perform an inquiry, such as an approximate age. These functions would assist in narrowing down or broadening keyword search results based on the function being performed. Potential concerns with implementing a keyword search function in the NCIC System are additional CJIS Wide Area Network (WAN) bandwidth utilization, and consequently, degraded response times. Although it is complex to perform this type of search, this functionality technically exists in the off-line environment of the current system. Allowing users the option to search across all fields and files using only a minimal amount of information would inevitably NCIC Issue #4, Page 19 APB Item #8, Page 31

return larger volumes of data. To remedy these concerns, a keyword search could be limited regarding the amount of data returned, or an option for performing these searches could be available only when it would be deemed beneficial by the user (i.e., during investigations), or at the discretion of the CSA. Traditional search methods would potentially remain accessible in tactical situations. The N3G Task Force recommended the following functional requirements for consideration: The NCIC System shall provide the ability to perform: 1. A keyword search across all files in the operational environment. 2. A keyword search across all files using Boolean operators in the operational environment. 3. A keyword search across all files using wildcards in the operational environment. 4. A keyword search across all files using ranges of data in the operational environment.

Issue #2: Mandatory Fields for Search Some NCIC System users provided that mandatory field requirements for the search function in the operational environment should no longer exist. System edits requiring a minimum amount of identifying information that may not be available, limits the ability for law enforcement to obtain valuable NCIC System data on a suspect. Many users simply stated that there should be no mandatory search requirements, while others identified specific fields that should be searchable without the accompaniment of any other identifying information. Many canvass participants, as well as the N3G Task Force, agreed that mandatory field requirements for inquiries should be revisited, but felt that searches resulting in the potential for such a broad magnitude of records should only be available in a limited capacity (i.e., for investigative purposes). Like the keyword search option, relaxing or eliminating mandatory field requirements for conducting searches in the operational environment brings about bandwidth and response time requirement concerns. The NCIC System users should remain aware of unintentional consequences for performing broad searches. Minimal inquiry information could result in receiving responses numbering in the millions, thus potentially overloading a system that law enforcement depends on every second of every day. Another potential issue with searching relates to optional fields for entry. A “no hit” response may provide a user with a false sense of assurance that a suspect does not have a record in the NCIC System when, in actuality, the field in question was simply not populated. The N3G Task Force recommended the following functional requirements for consideration: The NCIC System shall provide the ability to perform a search on: 1. Any field (includes relaxing or potentially eliminating mandatory field requirements for searching). *Note: If functional requirement #1 is approved, functional requirements 2-7 will also be approved by default. 2-7 are listed as they were fields specifically mentioned during the N3G Project user canvass. 2. Social Security Number (SOC) field only. NCIC Issue #4, Page 20 APB Item #8, Page 32

3. ORI and Originating Agency Case Number (OCA) fields only. 4. Serial Number (SER) field only in the Article File. 5. Estimated Date of Birth field (future functionality) only in the Unidentified Person File only. 6. Miscellaneous Number (MNU) and Operator’s License Number (OLN) fields only. 7. State Identification Number (SID) field only. Issue #3: Off-Line Data Searches The ability to search inactive records in the operational environment was a request heard throughout the user canvass. As mentioned, this capability currently exists at the CSA-level only. If approved, this functionality would potentially be expandable to local agency users. Because each state’s system infrastructure is different and must be able to support information received by the NCIC System, it is presumed that if this search capability is expanded to all the NCIC System users, CSAs will make the ultimate decision on which users will gain access to these searches. The N3G Task Force expressed that a search of off-line data should not be automatically conducted for all searches, but that it should be an option available for selection based on the needs of the user at the time of the inquiry (such as during investigations). This functionality also brings about more CJIS WAN bandwidth concerns. While gaining access to retired and/or removed records is appealing to many users, the officer on the street may see little benefit and would not have the luxury of waiting longer for responses, as would be necessary to return this information. The possibility of expanding off-line data to all the NCIC System users brings other concerns as well. Access to the off-line environment would allow access to record entries of any and all state data maintained within the system (active as well as retired). Currently, if a state desires to gain access to the record entries of another state, they must submit a formal request to the CJIS Division and the CJIS Advisory Process is informed. Agreements for the exchange of data are also required. For these reasons, limiting access to data entered by other states should be considered. Changes and enhancements to access and functionality of the off-line environment of the NCIC System will be further discussed in Concepts 2 (Tailored Functionality) and 6 (System Search). An approval for the functional requirement associated with Issue #3 will provide the CJIS Division with confirmation that there is continued interest in off-line data being made available for searching by all users where permission is granted, and that potential solutions to remedy concerns should be further explored. The N3G Task Force recommended the following functional requirement for consideration: 1. The NCIC System shall provide the ability to perform searches of active and/or inactive records in the operational environment. Issue #4: Customized Searches Numerous canvass requests encompassed the ability for users to customize searches utilizing information that is not captured in existing NCIC System fields. Other requests suggested new NCIC Issue #4, Page 21 APB Item #8, Page 33

functions for tailoring searches. One concern mentioned during Task Force deliberation, was that some situations require that certain inquiries are performed. For example, some states may require that certain Person Files are queried as part of an investigation. A Query Wanted (QW) would satisfy this requirement in the existing environment; however, if users are able to identify which Files are returned as part of an inquiry, the potential for not meeting the requirement exists. The N3G Task Force recommended the following functional requirements for consideration: The NCIC System shall provide the ability to: 1. Perform customized searches by allowing the user to indicate specifically which files to search. 2. Perform customized searches by allowing the user to indicate a range on the date of birth. 3. Perform customized searches by allowing the user to search on a specific geographic location. 4. Perform customized searches by allowing the user to search on an age range. 5. Include a priority level while performing searches in the off-line environment. 6. Narrow searches based on multiple tattoos and the location of the tattoos on the individual’s body in the operational environment. 7. Narrow searches in the Article File by adding searchable numeric identifiers in the operational environment. Issue #5: Secondary Searches Currently, the NCIC System performs a limited secondary search based on field input at the time of the inquiry. If the SOC, FBI/Universal Control Number (UCN), and/or the Vehicle Identification Number (VIN) are not entered as part of the original inquiry, a secondary search is automatically conducted if data in any of these fields are returned in the hit response. The results of these secondary searches are then sent to the inquiring agency. The NCIC System users requested that this functionality be expanded to include additional fields that would generate secondary searches based on hit responses. The N3G Task Force recommended the following functional requirement related to secondary searches for consideration: 1. The NCIC System shall provide the ability to automatically spawn additional searches based on returned results. Issue #6: Image to Image Searches Currently, the NCIC System does not support image to image search functionality in any file. Throughout the N3G Project user canvass, many participants supported the image to image search capability. Users felt that this search capability may be beneficial when attempting to identify stolen property; however, the maximum benefit may be realized when attempting to identify individuals. Searching scars, marks, tattoos, or facial images could potentially aid in the identification of wanted, missing persons, or known or suspected terrorists. Additionally, the ability to search images of body parts could assist in the identification of unidentified persons. NCIC Issue #4, Page 22 APB Item #8, Page 34

Furthermore, users suggested using text in conjunction with an image to conduct a search. The N3G Task Force discussed this request at length to determine if the intended functionality consisted of a text-to-text search or text-to-image search and how each scenario could potentially be implemented. The term “text” could potentially mean a description of an image, the location of an image (tattoo) on the body, or actual text that is the image or part of an image. Due to the vagueness of the request, the Task Force moved the requirement forward for further exploration due to the potential benefits. As with previously discussed types of potential search functions, the concerns with implementing an image to image search capability in the NCIC System are CJIS WAN bandwidth, and consequently, degraded response times. The N3G Task Force recommended the following functional requirements for image to image searches for consideration: The NCIC System shall provide the ability to perform: 1. Image to image searches. 2. Image to image searches on scars, marks and tattoos. 3. Image to image searches on tattoos. 4. Image to image searches for body parts. 5. Image to image searches in conjunction with a search of requested text. Options for Concept 5:

Issue #1 – Keyword Search Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

Issue #2 – Mandatory Fields for Search Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

Issue #3 – Off-line Data Searches Option 1: Approve all functional requirements as recommended by the N3G Task Force. NCIC Issue #4, Page 23 APB Item #8, Page 35

Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

Issue #4 – Customized Searches Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

Issue #5 – Secondary Searches Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

Issue #6 – Image to Image Searches Option 1: Approve all functional requirements as recommended by the N3G Task Force. Option 2: Do not approve any of the N3G Task Force recommended functional requirements. Option 3: Approve only the following functional requirements:

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: CONCEPT 10 Issue #1: Improved Image Quality Issue #2: Administrative – Enhanced Entry of Images Issue #3: Enhanced Images in Responses Motion: To accept Option 1 for Issues #1, #2 and #3. Option 1: Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried.

NCIC Issue #4, Page 24 APB Item #8, Page 36

NORTH CENTRAL WORKING GROUP ACTION: CONCEPT 10 Issue #1: Improved Image Quality Issue #2: Administrative – Enhanced Entry of Images Issue #3: Enhanced Images in Responses Motion: To accept Option 1 for Concept 10 Issues 1-3. Option 1: Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: CONCEPT 10 Issue #1: Improved Image Quality Issue #2: Administrative – Enhanced Entry of Images Issue #3: Enhanced Images in Responses Motion: To accept Option 1 for all three Issues. Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: CONCEPT 10 Issue #1: Improved Image Quality Motion 1: To adopt Option 1, as amended: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue #2: Administrative – Enhanced Entry of Images Motion 2: To adopt Option 1, as amended: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue #3: Enhanced Images in the Responses Motion 3: To adopt Option 1, as amended: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. WESTERN WORKING GROUP ACTION: CONCEPT 10 Issue #1 – Improved Image Quality Issue #2 – Administrative – Enhanced Entry of Images Issue #3 – Enhanced Images in Responses Motion: To accept Option 1 for all three Issues in Concept 10. Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried. SPRING 2017 NCIC SUBCOMMITTEE ACTION: Concept 10 Motion: To accept Option 1 for Issues 1-3: Approve all functional requirements as recommended by the N3G Task Force. Issue 1 – Improved Image Quality The NCIC System shall provide the ability to: NCIC Issue #4, Page 25 APB Item #8, Page 37

1. 2. 3. 4.

Improve image quality. Accept images of higher resolution. Provide a standard for all photos. Provide the ability to automatically crop and size images.

Issue 2 – Administrative – Enhanced Entry of Images The NCIC System shall provide the ability to: 1. Improve the entry of images. 2. Enter images directly into record at the time of entry. 3. Accept document files (PDF, DOC, and TXT). 4. Accept additional graphic image file types. 5. Accept multiple image types for all record types.

Action:

Issue 3 – Enhanced Images in the Responses The NCIC System shall provide the ability to: 1. Improve image capability in the response. 2. Return available images in the response. 3. Request the number of images returned in the hit response. 4. Return a thumbnail image with the response. 5. Return a link in the hit response to correlated images. 6. Provide a hyperlink (URL) to images. 7. Link multiple records to the same image. 8. Export images into various formats. Motion carried.

Please note: State Sex Offender Deoxyribonucleic Acid (DNA) Databases were excluded by the N3G Task Force after the paper was disseminated to the working groups for Concept 3 Issue #3 - State Data Repositories FEDERAL WORKING GROUP ACTION: CONCEPT 3 Issue #1: CJIS Division Data Repositories Motion: To approve an amended version of Option 1 as shown below. Option 1 with modifications: Approve the exploration of all CJIS Division data repositories as recommended by the N3G Task Force. Action: Motion passed. Issue #2: Federal Data Repositories Motion: To accept Option 2 with additional instructions for the N3G Task Force to contact each agency data owner on the list to determine the availability and applicability of the system for use. Option 2: Do not approve any of the N3G Task Force recommended federal data repositories. Request to contact data owners to determine the availability and applicability of the systems. Action: Motion carried. NCIC Issue #4, Page 26 APB Item #8, Page 38

Issue #3: State Data Repositories Motion: To accept Option 1 as discussed at the meeting (without #22 State Sex Offender DNA Databases being considered). Option 1: Approve all state data repositories as recommended by the N3G Task Force. 21) Firearms Databases Action: Motion carried. Issue #4: Private Date Repositories Motion: To accept Option 1: Approve all private data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #5: OGC Preliminary Legal Judgment Data Repositories Motion: To accept Option 2: Do not approve any of the N3G Task Force recommended OGC preliminary legal judgment data repositories. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: CONCEPT 3 Issue #1: CJIS Division Data Repositories Motion 1: Concept 3 Issue #1 to accept Option 1: Approve all CJIS Division data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #2: Federal Data Repositories Motion 2: Concept 3 Issue #2 to accept Option 1: Approve all federal data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #3: State Data Repositories Motion 3: Concept 3 Issue #3 to accept Option 1: Approve all state data repositories as recommended by the N3G Task Force. 21) Firearms Databases Action: Motion carried. Issue #4: Private Date Repositories Motion 4: Concept 3 Issue 4 to accept Option 1: Approve all private data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #5: OGC Preliminary Legal Judgment Data Repositories Motion 5: Concept 3 Issue 5 to accept Option 1: Approve all OGC preliminary legal judgment data repositories as recommended by the N3G Task Force. Action: Motion carried.

NCIC Issue #4, Page 27 APB Item #8, Page 39

NORTHEASTERN WORKING GROUP ACTION: CONCEPT 3 Issue #1: CJIS Division Data Repositories Motion 1: To accept Option 1: Approve all CJIS Division data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #2: Federal Data Repositories Motion 2: To accept Option 1: Approve all federal data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #3: State Data Repositories Motion 3: To accept Option 1: Approve all state data repositories as recommended by the N3G Task Force. 21) Firearms Databases Action: Motion carried. Issue #4: Private Date Repositories Motion 4: To accept Option 1: Approve all private data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #5: OGC Preliminary Legal Judgment Data Repositories Motion 5: To accept Option 1: Approve all OGC preliminary legal judgment data repositories as recommended by the N3G Task Force. Action: Motion carried with 3 opposed.

SOUTHERN WORKING GROUP ACTION: CONCEPT 3 Issue #1: CJIS Division Data Repositories Motion 1: To adopt Option 1: Approve all CJIS Division data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #2 Federal Data Repositories Motion 2: To adopt Option 1: Approve all federal data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #3 State Data Repositories Motion 3: To adopt Option 1: Approve all state data repositories as recommended by the N3G Task Force. 21) Firearms Databases Action: Motion carried. Issue #4 Private Data Repositories Motion 4: To adopt Option 1: Approve all private data repositories as recommended by the N3G Task Force. Action: Motion carried. NCIC Issue #4, Page 28 APB Item #8, Page 40

Issue #5 OGC Preliminary Legal Judgment Data Repositories Motion 5: To adopt Option 1: Approve all OGC preliminary legal judgment data repositories as recommended by the N3G Task Force. Action: Motion carried. One against, one abstained. WESTERN WORKING GROUP ACTION: CONCEPT 3 Issue #1 – CJIS Division Data Repositories: Motion: To accept Option 1. Approve all CJIS Division data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #2 – Federal Data Repositories: Motion: To accept Option 1. Approve all federal data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #3 – State Data Repositories: Motion: To accept Option 3. Approve only the following state data repositories: The Firearms Databases only. Action: Motion carried. Issue #4 – Private Data Repositories: Motion: To accept Option 1. Approve all private data repositories as recommended by the N3G Task Force. Action: Motion carried. Issue #5 – OGC Preliminary Legal Judgment Data Repositories: Motion: To accept Option 1: Approve all OGC preliminary legal judgment data repositories as recommended by the N3G Task Force. Action: Motion carried. SPRING 2017 NCIC SUBCOMMITTEE ACTIONS: Concept 3 Issue #1 – CJIS Division Data Repositories: Motion: To accept Option 1 for Issue 1: Approve all CJIS Division data repositories as recommended by the N3G Task Force. 1. National Data Exchange (N-DEx) 2. Next Generation Identification (NGI) Action: Motion carried. Issue #2 – Federal Data Repositories: Motion: To accept Option 1 for Issue 2: Approve all federal data repositories as recommended by the N3G Task Force. 3. Department of Homeland Security (DHS) Homeland Security Information Network (HSIN) 4. DHS Automated Biometric Identification System (IDENT) 5. DHS United States Customs and Border Protection (CBP) TECS NCIC Issue #4, Page 29 APB Item #8, Page 41

6.

Action:

DHS United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Database 7. DHS Immigration and Customs Enforcement (ICE) Criminal and Administrative Records 8. DHS ICE Immigration Alien Query (IAQ) 9. DHS Transportation Security Administration (TSA) Database 10. US Department of the Interior, Office of Justice Services (OJS), Bureau of Indian Affairs (BIA) Data Repositories 11. National Institute for Justice (NIJ) National Missing and Unidentified Persons Systems (NamUs) 12. Department of Justice (DOJ) Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) Electronic Tracing System (eTrace) 13. DOJ Bureau of Prisons (BOP) Data Repositories 14. DOJ Drug Enforcement Administration (DEA) El Paso Intelligence Center (EPIC) 15. FBI’s Violent Criminal Apprehension Program (ViCAP) Data Repository 16. Department of State (DOS) 17. DOS Passport Information Electronic Records System (PIERS) 18. DOS Visa Data Repositories 19. U.S. District Court (USC) Probation and Pretrial Services Data Repositories 20. DOJ National Motor Vehicle Title Information System (NMVTIS) Motion carried. One opposed.

Issue #3 – State Data Repositories: Motion: To accept Option 1 for Issue 3: Approve all state data repositories as recommended by the N3G Task Force. 21. Firearms Database 22. State Sex Offender Deoxyribonucleic Acid (DNA) Database (previously excluded by the N3G Task Force) Action: Motion carried. Issue #4 – Private Data Repositories: Motion: To accept Option 1 for Issue 4: Approve all private data repositories as recommended by the N3G Task Force. 23. National Center for Missing and Exploited Children (NCMEC) 24. National Insurance Crime Bureau (NICB) VINCheck Action: Motion carried. Issue #5 – OGC Preliminary Legal Judgment Data Repositories: Motion: To accept Option 1 for Issue 5: Approve all OGC preliminary legal judgment data repositories as recommended by the N3G Task Force. 25. Department of Health and Human Services (DHHS) Public Assistance Reporting Information System (PARIS) 26. Centers for Disease Control and Prevention (CDC) Data Repositories 27. FBI’s Terrorist Screening Center (TSC) Database 28. TSC Terrorist Identities Datamart Environment (TIDE) Database NCIC Issue #4, Page 30 APB Item #8, Page 42

National Instant Criminal Background Check System (NICS) United States Postal Service (USPS) Address Management System (AMS) and National Change of Address (NCOALink) Interface 31. Federal Aviation Administration (FAA) Law Enforcement Assistance Program (LEAP) 32. Medical Marijuana Databases 33. Regional Information Sharing System (RISS) Motion carried.

29. 30.

Action:

FEDERAL WORKING GROUP ACTION: CONCEPT 5 Issue #1: Keyword Search Issue #2: Mandatory Fields for Search Issue #3: Off-line Data Searches Issue #4: Customized Searches Issue #5: Secondary Searches Issue #6: Image to Image Searches Motion: To accept Option 1 for Issues 1-6. Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: CONCEPT 5 Issue #1: Keyword Search Issue #2: Mandatory Fields for Search Issue #3: Off-line Data Searches Issue #4: Customized Searches Issue #5: Secondary Searches Issue #6: Image to Image Searches Motion: Concept 5 Issues 1-6 to accept Option 1: Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: CONCEPT 5 Issue #1: Keyword Search Issue #2: Mandatory Fields for Search Issue #3: Off-line Data Searches Issue #4: Customized Searches Issue #5: Secondary Searches Issue #6: Image to Image Searches Motion: To accept Option 1 for all six Issues. Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried.

NCIC Issue #4, Page 31 APB Item #8, Page 43

SOUTHERN WORKING GROUP ACTION: CONCEPT 5 Issue #1 Keyword Search Motion 1: To adopt Option 1, as modified: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue #2 Mandatory Fields for Search Motion 2: To adopt Option 1, as modified: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue #3 Off-Line Data Searches Motion 3: Captain Kyle Gibbs moved to adopt Option 1, as modified: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue #4 Customized Searches Motion 4: To adopt Option 1, as modified: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue #5 Secondary Searches Motion 5: To adopt Option 1, as modified: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. Issue # 6 Image to Image Searches Motion 6: To adopt Option 1, as modified: Approve the exploration of all functional requirements as recommended by the N3G Task Force. Action: Motion carried. WESTERN WORKING GROUP ACTION: CONCEPT 5 Issue #1 – Keyword Search Issue #2 – Mandatory Fields for Search Issue #3 – Off-line Data Searches Issue #4 – Customized Searches Issue #5 – Secondary Searches Issue #6 – Image to Image Searches Motion: To accept Option 1 for all of the Issues in Concept 5. Approve all functional requirements as recommended by the N3G Task Force. Action: Motion carried.

NCIC Issue #4, Page 32 APB Item #8, Page 44

SPRING 2017 NCIC SUBCOMMITTEE ACTION: Concept 5 Motion: To accept Option 1 for Issues 1-6: Approve all functional requirements as recommended by the N3G Task Force. Issue 1 – Keyword Search The NCIC System shall provide the ability to perform: 1. A keyword search across all files in the operational environment. 2. A keyword search across all files using Boolean operators in the operational environment. 3. A keyword search across all files using wildcards in the operational environment. 4. A keyword search across all files using ranges of data in the operational environment. Issue 2 – Mandatory Fields for Search The NCIC System shall provide the ability to perform a search on: 1. Any field (includes relaxing or potentially eliminating mandatory field requirements for searching). 2. Social Security Number (SOC) field only. 3. ORI and Originating Agency Case Number (OCA) fields only. 4. Serial Number (SER) field only in the Article File. 5. Estimated Date of Birth field (future functionality) only in the Unidentified Person File only. 6. Miscellaneous Number (MNU) and Operator’s License Number (OLN) fields only. 7. State Identification Number (SID) field only. Issue 3 – Off-line Data Searches 1. The NCIC System shall provide the ability to perform searches of active and/or inactive records in the operational environment. Issue 4 – Customized Searches The NCIC System shall provide the ability to: 1. Perform customized searches by allowing the user to indicate specifically which files to search. 2. Perform customized searches by allowing the user to indicate a range on the date of birth. 3. Perform customized searches by allowing the user to search on specific geographic location. 4. Perform customized searches by allowing the user to search on an age range. 5. Include a priority level while performing searches in the off-line environment. 6. Narrow searches based on multiple tattoos and the location of the tattoos on the individual’s body in the operational environment.

NCIC Issue #4, Page 33 APB Item #8, Page 45

7.

Narrow searches in the Article File by adding searchable numeric identifiers in the operational environment.

Issue 5 – Secondary Searches 1. The NCIC System shall provide the ability to automatically spawn additional searches based on returned results.

Action:

Issue 6 – Image to Image Searches The NCIC System shall provide the ability to perform: 1. Image to image searches. 2. Image to image searches on scars, marks, and tattoos. 3. Image to image searches on tattoos. 4. Image to image searches for body parts. 5. Image to image searches in conjunction with a search of requested text. Motion carried.

NCIC Issue #4, Page 34 APB Item #8, Page 46

CJIS ADVISORY POLICY BOARD (APB) NATIONAL CRIME INFORMATION CENTER (NCIC) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER NCIC ISSUE #7 FBI CJIS Division Tribal Engagement Program Update PURPOSE To summarize the recent activities and initiatives of the FBI CJIS Division’s Tribal Engagement Program. POINT OF CONTACT Law Enforcement Support Section (LESS), Partner Relations and Outreach Unit (PROU), Tribal Engagement Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEES The Subcommittees are requested to review the information provided in this paper and provide appropriate comments. BACKGROUND In December 2011, the FBI CJIS Division’s Assistant Director identified the LESS Chief as the FBI CJIS Division’s Executive Tribal Liaison. Quickly following this designation, the FBI CJIS Division identified a tribal point of contact for each program. The goal of the Internal CJIS Tribal Working Group was to maintain consistency and provide a liaison to Indian Country on connectivity issues, policy compliance, and program awareness. After the establishment of an FBI CJIS Division Executive Tribal Liaison and program points of contact for each FBI CJIS Division program, the Advisory Policy Board’s (APB) Executive Committee established a Tribal Task Force (TTF) in June 2012. The TTF was formed with the following mission: To enhance officer and public safety by improving local, state, tribal, territorial, and federal participation in the FBI CJIS Division systems. The Task Force will review all relevant issues that may prevent or discourage tribal law enforcement agencies from entering records/data into FBI CJIS Division systems and make recommendations that will address those issues. NCIC Issue #7, Page 1 APB Item #8, Page 47

The TTF is chaired by Mr. William J. Denke, Sycuan Tribal Police Department. In addition, the TTF is comprised of three tribal members: Mr. Francis E. Bradley, Sr., Hualapai Nation Police Department; Mr. Carlos Echevarria, Tulalip Tribal Police Department; and Mr. Scott Desjadon, Yavapai Prescott Tribal Police Department. The task force also includes four state/local members: Mr. Edward Bonner, Sheriff of Placer County, California; Ms. Dawn Peck, Idaho State Police; Mr. Gene Thaxton, Oklahoma Department of Public Safety; and Mr. Brian Wallace, Marion County Sheriff’s Office, Oregon. In addition, the TTF includes federal representatives from the following agencies: Mr. Jason O’Neal of the Bureau of Indian Affairs (BIA), Office of Justice Services; Ms. Marcia Good of the Department of Justice (DOJ), Office of Tribal Justice (OTJ); Mr. Gregory D. Adams of the FBI’s Indian Country Crimes Unit; and Mr. Christopher A. Nicholas as the FBI CJIS Division’s Executive Tribal Liaison. In March 2015, a full time Tribal Liaison Team (TLT) was established within the CJIS Division’s PROU. Today, there are three dedicated staff members that liaise with tribal partners, represent the FBI CJIS Division at various Indian Country training events, coordinate FBI CJIS Division Tribal conferences, conduct on-site tribal visits, and collaborate with federal partners on various tribal programs. The following summary on the FBI CJIS Division’s Tribal Engagement Program is provided for your information. Task Force Meeting Summary The most recent TTF meeting was held on December 8, 2016, in Phoenix, Arizona. The agenda for the meeting consisted of the following topics: membership; Uniform Crime Reporting (UCR) transition to National Incident-Based Reporting System (NIBRS) and Use of Force data collection; dispositions; DOJ Tribal Access Program (TAP) update; 2016 conference highlights; Tribal contact lists; Arizona proposed National Sex Offender Registry (NSOR) message key for tribes; and an open discussion. All task force members were in attendance with the exception of Mr. Bonner, Mr. Echevarria, Ms. Good, and Mr. Adams. Ms. Good was represented by proxy Mr. Josh Ederheimer. Members discussed the importance of active participation on the task force and recommended that the membership be reviewed. As a result of a previous TTF recommendation, Mr. Scott Desjadon was added as the newest tribal member and Mr. Timothy Chung was the invited CJIS Systems Officer (CSO) from Arizona. Uniform Crime Reporting During the Fall 2015 APB meeting, the Board passed a motion that requires the FBI UCR Program to transition to a NIBRS only data collection by January 1, 2021, by all local, state, tribal, and federal agencies. In support of this recommendation, task force members discussed requirements on tribal jurisdictions to submit through the BIA and its transition to NIBRS. Currently, tribes are submitting crime statistics directly to the FBI, through a state, and/or through the BIA. Today the BIA accepts and submits data to the FBI in summary format and is currently in the process of reworking its data collection process to accomplish NIBRS NCIC Issue #7, Page 2 APB Item #8, Page 48

submissions. The BIA continues its development and deployment of the necessary tools for compliance for its agencies under its service jurisdiction, to include tribal law enforcement agencies. During the December meeting, the TTF reviewed a roadmap explaining the reporting process and pathways and provided comments back to the FBI CJIS Division staff. The FBI CJIS Division will draft a unified message about information sharing that will accompany the Transition to NIBRS and Use of Force documents and will be distributed detailing the reporting process, available submission methods, and the importance of participation. The BIA and the FBI CJIS Division are collaborating on a method that will provide tribal agencies with a more robust and streamlined method to report to NIBRS by the transition deadline. It was also identified that the tribal jurisdictions may report directly via the FBI CJIS Division’s portal for use of force data collection. Dispositions As a result of the June TTF meeting, the FBI CJIS Division staff drafted correspondence/brochures on the arrest and disposition processes; created a mechanism to identify disposition rates in Indian Country; and included the Best Practice Guide to dispositions on the CJIS Tribal Outreach Special Interest Group (SIG). During the December meeting, the TTF reviewed and provided comments back to the FBI CJIS Division staff on the arrest and disposition documents. However, it was suggested by the FBI CJIS Division staff that they revise the provided documents into a more in-depth booklet for tribal agencies. The FBI CJIS Division is currently in the process of creating a bound booklet that will detail the importance of reporting arrests and dispositions, the impact of participation, case study representation, grant funding opportunities, and methods of submissions. The booklet will also be accompanied by a unified message on the importance of information sharing, tentatively scheduled for availability in spring 2017. In addition, after feedback from the task force members, the FBI CJIS Division will be revising draft disposition dashboards that will be available for all tribal criminal justice agencies. After an in-depth discussion regarding the importance of understanding the benefits of submitting dispositions, it was identified that education on the initial submission of the arrest fingerprint to the FBI must also be done. It was agreed that tribal jurisdictions may benefit from a visual pathway identifying the process flow from the initial arrest of the subject to the final disposition. Other Task Force Business Tribal Contact List During the December meeting, task force members provided suggestions to the FBI CJIS Division staff on the recommended methods for providing information to, or requesting

NCIC Issue #7, Page 3 APB Item #8, Page 49

information from, tribal members and/or agencies. The FBI CJIS Division will work with the OTJ to identify various tribal organizations for future correspondence with tribal entities. DOJ TAP The DOJ has established the TAP to provide tribes access to national crime information databases for both civil and criminal purposes. The DOJ will serve as the CJIS Systems Agency for selected federally recognized tribes. The DOJ will provide a workstation with capabilities to process finger and palm prints, take mugshots, and submit records to national databases, as well as the ability to access the FBI CJIS Division systems for criminal and civil purposes through the DOJ. Since the last APB meeting, the DOJ deployed TAP workstations to four additional tribes to include one tribe from Washington State, the Tulalip Tribe (June 22, 2016), and three tribes from Arizona: the White Mountain Apache Tribe (July 14, 2016), the Pascua Yaqui Tribe (August 23, 2016), and the Gila River Tribe (August 4, 2016). For fiscal year (FY) 2016, a total of 9 TAP tribes received their workstations and training. For FY2017, the DOJ TAP selected 11 additional tribes to receive workstations that will allow access to FBI CJIS Division services, such as the National Crime Information Center (NCIC) and the Next Generation Identification (NGI). The DOJ conducted outreach to potential tribes and accepted expression of interest letters from tribes through December 2, 2016, at which time 54 tribes officially expressed interest in the TAP. The DOJ collaborated with the OTJ; Office of Community Oriented Policing Services; the Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking (SMART); and the FBI CJIS Division on the interested tribes. The notification of the selected tribes was on December 16, 2016. The DOJ provided education to the points of contact from the selected tribes regarding the onboarding and vetting process from December 19, 2016 through January 5, 2017. The deployment of TAP workstations is tentatively scheduled for May 9 through September 29, 2017. For additional information on the DOJ TAP, please contact . CJIS Tribal Outreach As a result of the first tribal and state collaboration event sponsored by the FBI CJIS Division in August 2015 in Tulsa, Oklahoma, the FBI will host multiple regional conferences in upcoming fiscal years. Once again, tribal, state, and federal partners will come together to educate each other on the needs in Indian Country, the benefits of using national information sharing systems, and the importance of establishing partnerships to promote officer and public safety. The PROU TLT held its first regional conference in Phoenix, Arizona, on November 29-30, 2016. The FBI CJIS Division invited representatives from approximately 111 federally recognized tribes, the DOJ CSO, and seven CSOs representing those tribes geographically located within Arizona, Utah, Colorado, New Mexico, Washington, Oregon, and Nevada. Program overviews were provided on all FBI CJIS Division services, as well as topic-specific workshops. The objective of the tribal conference was to educate attendees on the FBI CJIS NCIC Issue #7, Page 4 APB Item #8, Page 50

Division services, to improve the understanding of tribal needs, and to identify specific issues regarding tribal participation in FBI CJIS Division systems and services. On December 1, 2016, the FBI CJIS Division staff completed an on-site visit at the Salt River Pima Maricopa Indian Community Police Department with Chief Karl Auerbach and department staff. The PROU TLT learned about their daily operations, technical capabilities, outreach, and training opportunities. The FBI CJIS Division staff was invited by Chief Bradley of the Hualapai Nation Police Department to address the Hualapai Council on December 3, 2016. The staff used this opportunity to highlight the public safety and officer safety importance of information sharing among all authorized tribal agencies. The FBI CJIS Division staff expressed appreciation for the collaboration that occurs between Chief Bradley and the FBI CJIS Division staff regarding tribal initiatives and information-sharing opportunities. Collaboration On November 17, 2016, the FBI CJIS Division hosted a meeting with the DOJ SMART Office personnel at the FBI CJIS Division main complex and the Biometric Technology Center. The SMART Director and four policy advisors met with FBI CJIS Division staff from NCIC, NGI, and the CJIS Audit Unit to discuss overlapping tribal initiatives. The teams discussed how they could partner and/or support each other’s efforts as both provide assistance and guidance to tribal partners. The following information summarizes the SMART Office’s Quality Assurance legislative mandate. The SMART Office is responsible for providing jurisdictions with guidance regarding the implementation of requirements mandated by Title I of the Adam Walsh Child Protection and Safety Act (Adam Walsh Act) of 2006, and providing technical assistance to states, territories, Indian tribes, local governments, as well as public and private organizations. As directed, the SMART Office is also responsible for administering the standards for the Sex Offender Registration and Notification Act (SORNA), to ensure jurisdictions have substantially implemented all requirements in order to receive grant funding. The SMART Office has been in contact with the FBI CJIS Division PROU, Criminal Justice Information Law Unit, and the NCIC Operations and Policy Unit, to discuss the SMART Office’s responsibility to ensure tribal agencies are substantially implementing SORNA requirements. In order to determine if approximately 160 tribal agencies have substantially implemented SORNA, the SMART Office is working with FBI CJIS Division staff to ensure tribal jurisdictions are entering sex offender registrants into the NCIC NSOR as indicated rather than accepting declarations of compliance at face value. The SORNA established the SMART Office as the federal agency responsible for implementing SORNA in state and tribal jurisdictions. As such, the SMART Office has the responsibility to “administer the standards for the sex offender registration and notification program set forth in NCIC Issue #7, Page 5 APB Item #8, Page 51

[the] Act.” 42 U.S.C. § 16945 (c)(1). In order to meet this Congressional mandate, the SMART Office must be able to determine whether entries in the NCIC NSOR accurately correspond to entries in the National Sex Offender Public Website. To this end, and pursuant to the recommendation of the FBI Office of the General Counsel, the SMART Office will receive an extract of the NCIC NSOR. The TTF reports on the FBI CJIS Division services and issues specific to Indian Country and provides suggestions on improving tribal access and use of FBI CJIS Division services. The TTF reports to the Executive Committee of the APB. Recommendations of the TTF are vetted and forwarded to the CJIS APB through the Executive Committee. For additional information on the FBI CJIS Division Tribal Engagement Program, please contact or visit the CJIS Tribal Outreach SIG on the LEEP.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups. SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by all six subcommittees. (IS, NCIC, NICS, N-DEx, SA and UCR).

NCIC Issue #7, Page 6 APB Item #8, Page 52

CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) ADVISORY POLICY BOARD (APB) JACKSONVILLE, FL JUNE 7-8, 2017 STAFF PAPER APB ITEM #9 Chairman's Report on the Identification Services (IS) Subcommittee IS ISSUE #1* Miscellaneous Action Items Update IS ISSUE #2 Review of All Open Biometric Services Section (BSS) Pre-Next Generation Identification (NGI) APB Recommendations IS ISSUE #3 Sex Field/Categories within the NGI System IS ISSUE #4 NGI Transaction Response Times Related to High Priority Transactions IS ISSUE #5 Addition of Manual Reject Codes in the NGI System for Poor Fingerprint Image Submissions IS ISSUE #6 CJIS Division Tribal Engagement Program Update IS ISSUE #7 Cancelled Automation of Federal Arrestee Deoxyribonucleic Acid (DNA) Collection Submission* Federal DNA Indicator Update** IS ISSUE #8** Rapid DNA Update IS ISSUE #9 Reminder that States can Request to Change their Date of Arrest Cut Off in the Interstate Identification Index IS ISSUE #10** Disposition and Criminal History Update

*No staff paper **Delivered with the information only staff papers APB Item #9, Page 1

IS ISSUE #11** Rap Back Services Status Update IS ISSUE #12** The Retention of Legacy Biographic Descriptors on a Civil-Only Identity after an Expungement of Criminal History IS ISSUE #13* BSS Cold Case Briefing IS ISSUE #14* Altered Biometrics Identification Program IS ISSUE #15 ‘Seven of Ten Solution’ NGI System Enhancement IS ISSUE #16* Video Analytics for Investigating Crime and Terrorism IS ISSUE #17** Biometric Interoperability Update IS ISSUE #18* International Association for Identification Update IS ISSUE #19* Identification Services Coordination Group Update

*No staff paper **Delivered with the information only staff papers

APB Item #9, Page 2

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #2 Review of all Open Biometric Services Section (BSS) Pre-Next Generation Identification (NGI) APB Recommendations PURPOSE To present an overview of all open BSS Pre-NGI APB recommendations to provide a status on, request clarification, or request further direction, when needed. POINT OF CONTACT Biometric Services Section, Customer Support Unit Questions regarding this topic should be directed to REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide a recommendation on areas requesting further direction. Other recommendations documented in this paper are provided merely as a status update. BACKGROUND Due to resources devoted to the NGI System requirements, development, and implementation, previous APB recommendations were put on hold until such time the CJIS Division could devote resources to revisiting the previously approved requests. Since the NGI Increment 4 deployment in September 2014, CJIS Division staff reviewed the open recommendations assigned to the BSS in order to provide a current status or to request clarification. The APB recommendations listed below remain open and under the assignment of the BSS. DISCUSSION AND ANALYSIS The previous APB recommendations are listed by reference number, the APB approved date, and a current disposition for the recommendation. Recommendations included are only those currently open and assigned to the BSS. Also, Appendix B entitled NGI System Enhancements is included in this paper for your reference. This Appendix is also included in the Information Only Topic Paper titled NGI Status Report.

IS Issue #2, Page 1 APB Item #9, Page 3

The recommendations are grouped in two categories: Category One – The CJIS Division requests the APB Working Groups review the status and provide comments, if necessary. Category Two – The CJIS Division requests the APB Working Groups review the previous recommendation with the noted status to provide approval of the current path for concept/research/development, or approve closure of the previous recommendation as overcome by events (OBE), or no longer of interest to the user community. CATEGORY ONE – Status Update: APB Ref# 247 (approved December 2005) Issue: Reintroduce Interstate Identification Index (III) Sealing Program Original APB Motion: Proposal to reintroduce the III Sealing Program 2A—Endorse broadening the sealing program procedures to include single cycle sealing, and 2B—Endorse single cycle sealing via fingerprint submission. Update: The FBI CJIS Division provided an APB topic paper in the spring of 2016 requesting guidance and clarification to begin requirements of this APB recommendation. At that time, the APB approved to discontinue development of the single cycle sealing capability via fingerprint processing, and recommended the use of the Seal Record Cycle (SRC) III message key (MKE) for sealing individual arrest cycles. Therefore, the CJIS Division began moving forward with requirements and development for the SRC message key implementation. In 2009, Technical and Operational Update (TOU) 08-5, advising contributors the SRC III MKE would be developed to seal individual arrest cycles, was disseminated. Since TOU 08-5 was prepared in 2009 (pre-NGI), it will be necessary to prepare a new TOU with current NGI requirements, as the requirements outlined in the previous TOU were written for the Integrated Automated Fingerprint Identification System (IAFIS) instead of the NGI System. Currently, the CJIS BSS business line and the CJIS Technical Staff are discussing the new requirements. If additional clarification is needed during this process, the CJIS Division business line will submit a future APB topic paper for discussion. ********************************* APB Ref# 471 (approved December 2006) Issue: Proposal to create two new III maintenance messages that would allow agencies to process an expungement or make modifications to an arrest cycle. This would update criminal history records real-time without contributors mailing or faxing record changes to the FBI. Original APB Motion: To propose III system changes to enable III participants the electronic capability to perform single cycle expungements and make modifications to arrest cycle information contained within a state-maintained criminal history record. Update: The BSS and the Information Technology Management Section (ITMS) are discussing the technical changes required to fulfill this recommendation. The analysis will be brought back to the APB for discussion before moving forward with this recommendation. *********************************

IS Issue #2, Page 2 APB Item #9, Page 4

APB Ref# 780 (approved December 2007) Issue: After a fingerprint-based identification is provided for a deceased subject, the NGI system flags the record as deceased (AUD N) and Criminal History Record Information (CHRI) is no longer provided on subsequent submissions identing to the record. During any III query, the response notes the individual is deceased and does not return CHRI. Although it is not expected that a current submission would ident to a deceased subject, there are cases where an agency requires CHRI of the deceased subject for a current investigation. There is also a need to obtain a deceased subject’s CHRI to close out cases. Original APB Motion: Moved to make III system changes to release CHRI that has been flagged as deceased, based on fingerprint identification, for both online III queries and fingerprint processing. Update: This APB recommendation was noted as low priority due to resources devoted to system fixes and enhancements after the deployment of the NGI system. Recently, this APB recommendation was raised to a high priority as the original higher priority system issues have been addressed. BSS and ITMS are discussing the technical changes required to fulfill this recommendation. The analysis will be brought back to the APB for discussion before moving forward with this recommendation. This concept will also be included in a comprehensive evaluation of future III enhancements. An update will be provided to the APB after review and evaluation. This APB recommendation will also include addressing the requirements for Identities with the Date of Death (DOD), which are AUD Blank, not AUD N, in the NGI System. ********************************* APB Ref# 1076 (approved June 2009) Issue: This recommendation was approved during a request for the CJIS Division to accept Type-14 Identification Flat fingerprint submissions (ID Flats) for certain criminal justice purposes that may benefit the criminal justice system and its users. Several APB members were concerned about supporting this proposal as it may dilute the master file. The APB passed the motion to support the concept as it was presented, but requested a study on the impact of using ID flats. Original APB Motion: The APB passed a motion to support the concept, as presented, with further study on the impact of using flat fingerprints, for criminal justice purposes be performed by NGI with close coordination with the Identification Services Subcommittee. Update: Several studies have taken place concerning this topic since June 2009. This topic will be placed on the Identification Services Subcommittee Agenda for the spring 2017 meeting to discuss the results of those studies. ********************************* APB Ref# 1819 (approved June 2001) Issue: The discussion of reviewing the feasibility of retaining non-serious offenses (NSOs) in the FBI’s criminal database was discussed by a previous task force called the IAFIS Interface Evaluation Task Force (IIETF). That task force is now restructured and named the Identification

IS Issue #2, Page 3 APB Item #9, Page 5

Services Coordination Group (ISCG). The original discussion was that including all offenses in the system would allow the FBI to maintain a more complete criminal history database. Original APB Motion: The FBI examine the feasibility of changing the Code of Federal Regulations (CFR) to allow the FBI to retain non-serious offenses. Update: Originally, it was determined the CFR would not be changed to retain NSOs, therefore this topic was provided to the fall 2016 round of the Advisory Process. Recently, the Department of Justice advised they will consider the publishing of a Notice of Proposed Rule Making to allow for the storage of NSOs within the NGI when the federal or state contributor requests the retention of the fingerprint and arrest data. The 28 CFR 20.32 requires the FBI to vet and remove the submitted information if the arrest is an NSO (regardless of the contributor’s retention request). Although a perception exists that NSO retention may negatively impact reentry into society after imprisonment, the removal of NSOs would also negatively affect identification in the intelligence, criminal, latent, and cold case processing. Analysis is being performed to determine the impact of the change. ************************************** APB Ref# 2149 (approved December 2009) Issue: This recommendation came from the IIETF. The discussion involved the extensible markup language (XML) 4.1 specifications. With the implementation of the Interstate Criminal History Transmission Specification, XML Version 4.1, the Joint Task Force (JTF) for Rap Sheet Standardization incorporated many of the recommendations suggested for the rap sheet enhancements; however some were modified slightly or omitted upon agreement by the JTF. Original APB Motion: The only images optionally attached to a rap sheet should be face, scar/mark/tattoo, a single identification fingerprint, and signature. Update: Due to the existing activities within the XML, the FBI Designated Federal Officer placed this recommendation on hold until late March 2017. This recommendation will be revisited at that time. ************************************** APB Ref# 2295 (approved June 2011) Issue: Unsolved Latent File (ULF) maintenance Original APB Motion: The entire ULF is searched against the NGI repository(ies) to simplify programming, but results are reviewed/returned to owning agencies only upon the latent record owner’s request. Each latent search submission returns a Search Results-Latent Type of Transaction (TOT), potentially containing multiple candidates, for comparison purposes, to the submitting agency. Incorporate a to-be-determined threshold score to return the most likely candidates, and to incorporate a preliminary review at the CJIS Division, potentially utilizing tenprint examiners or contracted Latent Print Examiners. Also, task the IIETF to collaborate with the CJIS Division to provide input on appropriate implementation of these recommendations. Update: Latent staff have been coordinating this effort with the ISCG. There is a separate paper (Information Only) being provided by the BSS/Latent and Forensic Support Unit (LFSU) during

IS Issue #2, Page 4 APB Item #9, Page 6

the spring of 2017 round of the Advisory Process with detailed updates on this recommendation. See Information Only Topic Paper J entitled “ULF Project Update”. ************************************* APB Ref# 2492 (approved December 2004) Issue: Some local agencies noted a problem when matching an ident response with the original civil submission when the response name and the submission name were not an exact match. Since the transaction control number (TCN) is populated in the submission at the state level, the local agency did not have the ability to match the response with the TCN field. The original proposal to add the submission name and submission Date of Birth (DOB) would allow local agencies a way to marry the submission with the response. Original APB Motion: Include Name and DOB fields and include the words “as submitted in original transaction” to the SRE, ERRT, and rap sheet responses. Update: This recommendation was presented through the APB Fall 2016 round of the Advisory Policy Board to determine if there was still a need from the user community. The APB approved to continue making the technical changes in the NGI System to fulfill this original recommendation. The 2.2007 (SD0B) and 2.2008 (SNAM) fields are currently provided in the SRE responses for both criminal and civil submissions. Only those contributors who are Electronic Biometric Transmission Specification (EBTS) 10.0 compliant benefit from this system change. BSS business line is currently preparing the final documentation for the 2.2007 (SDOB) and 2.2008 (SNAM) fields to be included in the ERRT. Notification will be made to agencies before system implementation of this change. This change is expected for late 2017 or early 2018 depending upon the Technical and Operational Update (TOU) dissemination date and the agency readiness for this system change. ************************************ APB Ref#2493 (approved December 2005) Issue: The CJIS Division currently provides a manual name check service for civil tenprint submissions that have been rejected twice during system processing due to poor fingerprint image quality. The name checks are limited to state, federal, and regulatory agencies that have the legal authority to submit fingerprints for non-criminal justice purposes. The quality error message codes are L0008, L0116, L0117, and L0118. Due to the time involved in the manual name check process, an enhancement was suggested to allow the name check program to become more effective and efficient through automation. Original APB Motion: Automation of Manual Name Checks in the IAFIS Update: This recommendation began with requirements in the IAFIS, but due to other high priority issues, the FBI CJIS Division was unable to complete requirements and development before the baseline freeze for development and implementation of the NGI System. Therefore, due to the different functionalities within the NGI System, new requirements are necessary to complete this recommendation. The name check business line would like to review six to eight months of statistical data from the “Seven of Ten Solution” system enhancement to determine the reduction of L0008 rejections. Also, a topic paper is being presented for the spring 2017

IS Issue #2, Page 5 APB Item #9, Page 7

round of the APB to discuss the L0118 rejects (see Topic #4 entitled Addition of Manual Reject Codes in the NGI System for Poor Fingerprint Image Submissions). The name check business line will determine the priority of this APB recommendation after review of the recent system enhancement and the outcome of the spring 2017 topic paper. ************************************ APB Ref#2538 (approved June 2014) Issue: Since photographs in the unsolved photo file (UPF) must meet privacy and civil liberty standards, it was determined that a validation process was needed to ensure photos meet specific standards. There was also consideration for the size limitations of the UPF. Since missing persons did not meet the criteria for storing photos in the UPF, a recommendation was made to explore the utilization of other Special Population Cognizant (SPC) files. Original APB Motion: The CJIS Division explore the utilization of the SPC file for non-typical photo storage and searching such as missing persons, and Known or Appropriately Suspected Terrorists (KSTs). Update: The Facial, Analysis, Comparison and Evaluation (FACE) Services Unit continues to coordinate efforts with the FBI Laboratory Division. A workflow for the proposed process is being drafted. A separate topic paper is being prepared by the BSS/FACE Services Unit for the fall 2017 round of the Advisory Process with full details for the update on this recommendation. ************************************ APB Ref# 2542 (approved June 2014) Issue: Some states expressed a desire to receive similar $.A notices for the civil retain fingerprint submissions and to perform certain Rap Back transactions via III messaging. The states believed it would be more efficient to use the III messaging rather than having to perform all Rap Back transactions, including non-biometric transactions, through EBTS formatted messages. Original APB Motion: Moved to recommend the CJIS Division perform the necessary research to determine the feasibility of transforming the following types of Rap Back EBTS transactions and their accompanying responses to III messaging format, if possible, for use by submitters in lieu of EBTS transactions. (1) Rap Back Subsequent Subscription Request – Civil; (2) Rap Back Subsequent Subscription Request – Criminal; (3) Rap Back Maintenance Submission; and (4) Rap Back Identity History Summary (IdHS) Request. If there is appropriate means of transforming Rap Back EBTS messages to III messaging, the CJIS Division should proceed with that development. If there is not an appropriate means, the CJIS Division should report back to the Working Groups the specific results of the research. Update: Currently, the CJIS BSS business line and the CJIS technical staff are discussing the technical analysis for this request. If additional clarification is needed during this process, the CJIS Division business line will submit a future APB topic paper for discussion. *************************************

IS Issue #2, Page 6 APB Item #9, Page 8

APB Ref# 2543 (approved June 2014) Issue: Due to the design of the NGI System, the State Identification Number (SID) is not stored for civil retain submissions. It was determined there may be a need to modify the NGI System to accept and store the SID for civil retain submissions in such a way that prevented any unwanted processing, and also provide the benefits associated with the SID being retained. Those benefits would be realized if, in combination with retaining the SID, the NGI System created SID processing logic for the retained civil fingerprint submissions that would result in $.A messages similar to the current functioning messages with the criminal justice retain submissions. The states would have to develop software to receive the newly created $.A messages and take appropriate actions within their own files. Original APB Motion: The CJIS Division perform the required analysis to determine if the NGI could be modified to store the SID related to civil retain Tenprint Fingerprint Identification Submissions, affording similar SID processing benefits for civil retain submissions, currently delivered for criminal retained submissions. Update: Currently, the CJIS BSS business line and the CJIS Technical Staff are discussing the requirements. If additional clarification is needed during this process, the CJIS Division business line will submit a future APB topic paper for discussion. ************************************** APB Ref# 2544 (approved June 2014) Issue: A number of states requested that $.A messages be created that would provide the Hit/NoHit results of the civil retain fingerprint search in a manner similar to how the $.A.NPR and $.A.PIR messages notify the results of the criminal retain submissions. Original APB Motion: The CJIS Division perform the required analysis to determine if the NGI could be modified to develop $.A message that would provide the Hit/No Hit responses to civil retained fingerprint submissions. Update: Currently, the CJIS BSS business line and the CJIS Technical Staff are discussing the requirements. If additional clarification is needed during this process, the CJIS Division business line will submit a future APB topic paper for discussion.

**************************************** CATEGORY TWO – Requires discussion and recommendation: APB Ref# 250 (approved December 2005) Issue: The previous IAFIS (and current NGI System) accepts up to 40 charges associated with a particular arrest incident. Arrest cycles are electronically submitted via an EBTS criminal answer required (CAR) transaction and posted to the III. There was a suggestion to increase the number of submissions permitted in the machine readable data (MRD) process. Original APB Motion: The MRD process be modified to allow electronic processing of up to 40 dispositions per arrest cycle and for the CJIS Division to speed up improving the electronic disposition reporting process in order to make criminal history records more complete. Update: This previous recommendation requires discussion and guidance for moving forward.

IS Issue #2, Page 7 APB Item #9, Page 9

DISCUSSION AND ANALYSIS The December 2005 topic paper was presented to request the original motion mentioned above. Prior to NGI Increment 4 deployment, documentation was prepared and submitted to FBI technical staff to track this request. The capability to increase MRD processing up to 40 Court Offense Literal (COL)/Other Court Sentence Provision Literal (CPL) was not delivered in the NGI System; however, other disposition methods were delivered such as the Disposition File Maintenance Submission Request (DSPE) and the Electronic Fingerprint Disposition Submission (FDSP), both which do allow up to 40 dispositions per transaction. In addition, the III MKE Disposition (DSP) was implemented as a Quick Win prior to NGI deployment which has increased the speed and improved electronic disposition reporting to make criminal history records more complete. A few months post Increment 4 deployment, an additional document was created by the CJIS Division staff to request that all disposition submission methods be consistent to allow up to three digit numbers. However, upon review by Information Technology (IT) Specialists, the business line was advised that due to the fixed length format of MRD transactions, the increase to allow up to three digit numbers would likely result in extremely large message capacity requirements between systems that would rarely be utilized. The IT Specialists further elaborated indicating that an increase of just one additional disposition for MRD processing would require programming changes by the CJIS Division MRD contributors and thus indicated that users may instead choose to move to a more flexible data format for posting dispositions. OPTIONS 1. Close original APB recommendation without making any changes to the current MRD process. 2. Move forward with the extremely large message capacity requirements to allow 40 dispositions per arrest cycle in the MRD processing, understanding MRD contributors will require programming changes to their systems. If Recommendation #2 is approved, please provide an assigned priority, as no priority was provided with the original recommendation in December 2005: (enter 0-5) and categorized as: ___(enter High, Medium, or Low). RECOMMENDATION The FBI recommends option #1 due to the extremely large message capacity requirements and additional programming requirements by the agencies.

****************************************

IS Issue #2, Page 8 APB Item #9, Page 10

APB Ref# 252 (approved December 2005) Issue: Agencies were unable to determine the origin (ORI/CRI) of an alias (AKA) or additional DOB on an IdHS due to the biographics being added to the record from non-disseminable submissions. Each state processes civil/applicant and criminal non-retain submissions differently, and many do not retain the fingerprint cards at all. The proposed enhancement would provide documentation regarding the source of the information. Original APB Motion: Amend the record to reflect the Originating Agency Identifier (ORI)/Contributing Agency Identifier (CRI) of the submission, but not the complete civil or criminal cycle from the non-disseminable submission. (Example: Smith, John – XX000000Z, 03/12/1958 – XX000000Z) Update: This previous recommendation requires discussion and guidance for moving forward. DISCUSSION AND ANALYSIS Currently in the NGI System, a data source code (not the ORI/CRI) is represented and displayed for internal CJIS use to determine the source of the identifier. This began at the deployment of NGI Increment 4. For example, an E data source code is displayed internally for an element added to the record for an event; an L data source code is displayed internally for an element added to the record from Legacy; an I data source code is displayed internally for an element added to the record from an electronic message; and a D data source code is displayed internally for an element added to the record from a CJIS staff record modification. This data source code is how the NGI System would determine the ORI/CRI for the purpose of this requested change. These are visible for the following elements: AKA, Social Security Number (SOC), Miscellaneous Number (MNU), Scar, Mark, and Tattoo (SMT), Citizenship (CTZ) and additional DOB. Based upon the original topic paper and recommendation, it is understood the NGI expectation is to only list the ORI/CRI of the first instance of an AKA or DOB on the IdHS. If the event that substantiated the AKA or additional DOB is expunged or deleted, and no other active events present in the Identity record support the associated AKA or additional DOB, then the AKA or additional DOB would be deleted. If another event supports the associated AKA or additional DOB, the data from the other event will shift forward and become the new value in the above mentioned ‘source’ field, therefore displaying a different ORI/CRI in the IdHS. Also, based on the data source code information in the above paragraph, an internal NGI ORI would be displayed in the IdHS for all elements from “Legacy” [pre-NGI Increment 4 (9/7/2014)] and instances when CJIS staff makes a modification to an element, based on a request from the contributor. For example, if state XX0003344 submits a criminal event to the NGI System that adds an AKA to the IdHS and two weeks later that agency submits a record modification to CJIS Division via the record modification form, the ORI/CRI added to the IdHS would now change to the internal NGI ORI. The BSS and ITMS held technical interchange meetings to discuss this recommendation for determination of requirements and development. When fulfilling this recommendation, there is no way to go back and add this origin (ORI/CRI) to the record’s existing additional biographical

IS Issue #2, Page 9 APB Item #9, Page 11

data, therefore the internal NGI ORI would display on the IdHS. This change would only be possible for day one forward. Also, adding the ORI/CRI to the IdHS would change the field length and appearance of the IdHS to account for the 9 characters present in an ORI/CRI and include 2 space characters on either side. This would be included for each element; therefore, if numerous AKAs, DOBs, etc. are listed on a record, the IdHS data for the biographic section would be expanded. This could cause data to be moved across the line or even shifted to the next line within the IdHS. This could potentially impact external contributors and/or other areas, such as rapsheet standardization, Morpho Biometric Search Services (MBSS), The International Justice and Public Safety Network (Nlets), and the National Crime Information Center (NCIC). Additional review will be needed in order to analyze impact to all of these entities. All states will need to be aware of this change, as this may require formatting changes within the state’s 2.075 (ERS) field. If this change would be developed and implemented, CJIS technical staff asked two points be addressed: 1) For consistency and clarity, add the ORI/CRI to each AKA and additional DOB present on an IdHS response, not just to the non-disseminable data. 2) Review the other potential elements that contributors may want to be updated to the IdHS such as SOC, MNU, SMT, and CTZ. In addition, there would need to be a determination of which field to be included in the IdHS, the ORI or the CRI. The level of effort is considered complex and requires 6 to 9 months to test and implement the source ORI/CRI of a non-disseminable submission that updated an additional AKA or additional DOB and display it within a response to the contributor for a fingerprint submission or an III inquiry. This timeframe is based on the resources available for this assignment and requirements determined during the APB discussion. Additional time will be needed to analyze the impact to other entities mentioned earlier.

OPTIONS 1. Close original APB recommendation without making any changes to the current information provided in the IdHS concerning ORI/CRI data for non-disseminable submissions. 2. CJIS Division to move forward with the necessary research to determine the impact to rapsheet standardization, MBSS, Nlets, and NCIC, as well as other areas, and bring those results to the APB for discussion. RECOMMENDATION The FBI recommends option #1.

IS Issue #2, Page 10 APB Item #9, Page 12

SPRING 2017 WORKING GROUP ACTIONS:

FEDERAL WORKING GROUP ACTION: APB Ref #250 Motion: To accept Option 1: Close original APB recommendation without making any changes to the current MRD process. Action: Motion carried. APB Ref #252 Motion: To accept Option 1: Close original APB recommendation without making any changes to the current information provided in the IdHS concerning ORI/CRI data for non-disseminable submissions. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: APB Ref #250 Motion 1: To accept Option 1: Close original APB recommendation without making any changes to the current MRD process. Action: Motion carried. APB Ref #252 Motion 2: To accept Option 1: Close original APB recommendation without making any changes to the current information provided in the idHS concerning ORI/CRI data for non-disseminable submissions. Action: Motion carried with 21 Yay/1 Nay NORTHEASTERN WORKING GROUP ACTION: APB Ref #250 Motion: To accept Option 1: Close original APB recommendation without making any changes to the current MRD process. Action: Motion carried. APB Ref #252 Motion: To accept Option 1: Close original APB recommendation without making any changes to the current information provided in the IdHS concerning ORI/CRI data for non-disseminable submissions. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: APB Ref #250 Motion: To adopt Option 1: Close original APB recommendation without making any changes to the current MRD process. Action: Motion carried.

IS Issue #2, Page 11 APB Item #9, Page 13

APB Ref #252 Motion: To adopt Option 1: Close original APB recommendation without making any changes to the current information provided in the IdHS concerning ORI/CRI data for non-disseminable submissions. Action: Motion carried. WESTERN WORKING GROUP ACTION: APB Ref #250: Motion: To accept Option 1. Close original APB recommendation without making any changes to the current MRD process. Action: Motion carried with 1 opposed APB Ref #252: Motion: To accept Option 2: CJIS Division to move forward with the necessary research to determine the impact to rapsheet standardization, MBSS, Nlets, and NCIC, as well as other areas, and bring those results to the APB for discussion. 1) Do you want the ORI/CRI displayed? Only CRI 2) AKA and DOB only or other elements? SOC added to the AKA and DOB elements 3) Only non-disseminable or all submissions? All submissions Action: Motion carried.

SPRING 2017 IS SUBCOMMITTEE ACTIONS: APB Ref #250: Motion: Option One: Close original APB recommendation without making any changes to the current MRD process. Action: Motion carried. APB Ref #252: Motion: Option One: Close original APB recommendation without making any changes to the current information provided in the IdHS concerning ORI/CRI data for nondisseminable submissions. Action: Motion carried.

IS Issue #2, Page 12 APB Item #9, Page 14

Appendix B: NGI System Enhancements The BSS now maintains the NGI System Enhancement list. All further APB motions that result in an NGI system change request will be tracked in the NGI System Enhancements appendix. As several NGI system enhancements have been requested, BSS management ranked the below APB enhancement requests by “High” or “Low” priority. The priority assigned by BSS management was determined based on the APB’s priority level and by the current operational needs. The pending enhancements are in the order of date approved by the APB, with a priority level listed when assigned by the APB. The members are requested to: 1. Review the attached table regarding the pending NGI enhancements. 2. If a member believes a priority level should be changed or an enhancement should be removed from the list, please forward comment to the APB.

PENDING NGI ENHANCEMENTS Old No.

Ref No.

26

2492

ENHANCEMENT

Include Name and Date of Birth (DOB) fields and include the words "as submitted in the original transaction" to the Submission Results Electronic (SRE), Tenprint Transaction Error (ERRT), and rap sheet responses.

PRIORITY LEVEL

APPROVED BY APB

PRIORITY BY BSS (High or Low)

3H

12/04

High

Fall 2016, APB approved not to include words “as submitted in the original transaction” to SRE, ERRT, and Identity History Summary.

Unclassified

Attachment – IS Issue #2, Page 1 APB Item #9, Page 15

STATUS Requirements written for ERRT; SRE part of enhancement implemented

PENDING NGI ENHANCEMENTS Old No.

Ref No.

ENHANCEMENT

27

247

Allow for single cycle sealing via fingerprint submissions Phase II - Single Cycle Sealing & Phase III-Sealing via Fingerprint Submissions

PRIORITY LEVEL

APPROVED BY APB

PRIORITY BY BSS (High or Low)

3M

12/05

High

Business Line and Technical Staff discussing requirements. New Technical and Operation Update (TOU) will be drafted.

3M

12/05

High

Under review after system enhancements implemented

Fall 2016, APB approved use of Seal Record Cycle (SRC) only. 30

*253 2493

Automation of Manual Name Checks

STATUS

250

Machine Readable Data (MRD) process be modified to allow electronic processing of up to 40 dispositions per arrest cycle and for CJIS Division to speed up improving the electronic disposition reporting process in order to make criminal history records more complete

None Assigned

12/05

Low

Under Review

252

Amend the record to reflect the Originating Agency Identifier (ORI)/Contributing Agency Identifier of the submission, but not the complete civil or criminal cycle from the nondisseminable submission

None Assigned

12/05

TBD

Under Review; see Spring 2017 Working Group Topic #2 for discussion

Unclassified

Attachment – IS Issue #2, Page 2 APB Item #9, Page 16

PENDING NGI ENHANCEMENTS Old No.

Ref No.

35

471

42

780

50

987

2641

ENHANCEMENT

Establishment of the Interstate Identification Index (III) Delete Record Cycle (DRC) and Modify Record Cycle (MRC) file maintenance messages Modification to III to release deceased Criminal History Record Information (CHRI)

Expanded III Response to Point-of-Contact (POC) and Partial POC states Create a new field and use the National Crime Information Center (NCIC) codes/crime types for enrollment of photos in the Unsolved Photo File (UPF)

PRIORITY BY BSS (High or Low)

PRIORITY LEVEL

APPROVED BY APB

3M

12/06

High

Business Line and Technical Staff discussing requirements

None Assigned

12/07

High

None Assigned

12/08

Low

3M

12/15

High

Business Line and Technical Staff reviewing Legal and Technical requirements Low priority NICS reviewing this request Documentation provided to FBI CJIS Technical Staff for system enhancement

*denotes previous Ref. No

Unclassified

Attachment – IS Issue #2, Page 3 APB Item #9, Page 17

STATUS

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #3 Sex Field/Categories within the Next Generation Identification (NGI) System PURPOSE This paper is to provide information regarding the Sex field category codes available within the NGI System. POINT OF CONTACT Biometric Services Section, Customer Support Unit Questions regarding this topic should be directed to . BACKGROUND In 2011, the Institute of Medicine provided that sex refers to the genetic, hormonal, anatomical, and physiological characteristics on whose basis one is labeled at birth as either male or female; whereas gender refers to the cultural meanings of patterns of behavior, experience, and personality that are labeled masculine or feminine. 1 The CJIS Division has received several inquiries and/or comments regarding the value of the sex category codes available for classification of a subject when submitting a search of the NGI database. Additionally, there are concerns the values of these categories may need changed. During the Electronic Biometric Transmission Specification (EBTS) Identification Services Coordination Group meeting held June 10, 2016, it was determined a staff paper was needed to outline how the NGI System uses the assigned codes of these categories in performing the biographic search. This paper will specifically outline the category codes available for the sex field and the weight the score has in the name search algorithm. The EBTS Version 10.0 states the sex field is used to report the gender of the subject as provided in the table below.

1 Federal Agency Working Group on Improving Measurement of Sexual Orientation and Gender Identity in Federal Surveys, Evaluations of Sexual Orientation and Gender Identity Survey Measures: What Have We Learned? September 23, 2016

IS Issue #3, Page 1 APB Item #9, Page 18

Sex Values Table If Following Condition Exists Subject’s gender reported a female Occupation or charge indicated ‘Male Impersonator’ Subject’s gender reported as male Occupation or charge indicated ‘Female Impersonator’ Male name, no gender given Female name, no gender given Unknown gender

Enter Code F G M N Y Z X

The Sex or Gender score, ranging from -8.20 to 1.31, is based on a combination of the First Name and Sex of the source provided in the search request. Certain names are considered gender-specific and will result in a zero or negative score if the opposite gender has been provided. For instance, Douglas and Martin are considered male names so providing the source category code is male; the score will be determined by the NGI Sex or Gender Scoring Table. If the source sex category code provided was female, the score would be zero. Any search for which the First Name is not considered gender-specific with an opposite sex value also results in a negative impact to the score as shown in the table below.

Sex Code M N Y F G Z X

M 0.31 0.31 0.31 -8.20 0 -8.20 0

NGI Sex or Gender Scoring Table Sex Code of Candidate N F G X 0.31 -7.54 0 0 0.31 0 0 0 0.31 -7.54 0 0 0 1.31 1.31 0 0 1.31 1.31 0 0 1.31 1.31 0 0 0 0 0

Y 0 0 0 0 0 0 0

Z 0 0 0 0 0 0 0

The NGI System uses the assigned score for the Sex field in conjunction with the scores of the other personal identifiers to calculate the final Biographic Name score. This score is then compared to the biographic search threshold to determine which candidates will be returned in the results.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups.

SPRING 2017 IS SUBCOMMITTEE ACTION: This topic was accepted as information only.

IS Issue #3, Page 2 APB Item #9, Page 19

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #4 Next Generation Identification (NGI) Transaction Response Times Related to High Priority Transactions PURPOSE To advise the Subcommittee the functionality related to “high priority transactions, per transaction type, per day” was not enabled in the NGI system. POINT OF CONTACT Biometric Services Section, Customer Support Unit Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide guidance on whether or not the functionality should be enabled. BACKGROUND The implementation of the NGI system improved electronic response times. Since tenprint search transactions are prioritized by Type of Transaction (TOT), the TOT establishes the response time goal. The Criminal Justice Information Services (CJIS) Division regularly achieves or improves the established response time goals, which fall into four priority levels:    

HIGH (1): Criminal, 10 minutes; Civil, 15 minutes; Latent, 1 hour ROUTINE (5): Criminal, 30 minutes; Civil, 2 hours; Latent, 4 hours LOW (7): Criminal, Civil, and Latent, 24 hours NON-URGENT (9): Criminal and Civil, 15 days

With the deployment of the NGI system, the Electronic Biometric Transmission Specification (EBTS) Field 1.006, Transaction Priority (PRY), was created as an optional field. The acceptable values range from 1 to 9, with “1” denoting the highest priority. If no value is indicated or the user decides not to program for the PRY field, the default will be based on the routine response time for that TOT, as defined in the EBTS.

IS Issue #4, Page 1 APB Item #9, Page 20

A topic paper was presented during the spring 2011 round of the Advisory Process to explain the NGI response times and the ability for contributors to rank the priority of their submissions. The CJIS Division considered the option of always using the priority level the contributor supplies in the EBTS message. However, it was determined this option is not feasible due to the impact on system workload and performance. Therefore, the CJIS Division provided two recommendations: (1) Implement a 24-hour limit per State/Interface Agency by establishing allocation percentages for the high priority submissions; or (2) Implement a 24-hour time limit establishing a set number of high priority submissions to be shared between all contributors. The APB moved to implement a 24-hour time limit per CJIS Systems Agency (CSA) by establishing allocation percentages for high priority submissions. This option provided CSAs the opportunity to monitor submissions within the state, while restricting the ability to prioritize all submissions as “high priority.” The 24-hour time limit required that “high priority” be defined and statistical information and research be performed to determine the allocation percentages per CSA, similar to the way latent allocations are established. This approach requires frequent reviews to determine if allocations require modification. Furthermore, it was requested for the NGI system to send an unsolicited notification to the CSA when the last allocated high priority transaction is submitted, and to process any additional high priority transactions at the routine level. As a result of the APB recommendation, the requirements and functionality were incorporated within the NGI system and the recommendation was closed by the NGI Program Office in September 2014. In addition, the following statement was added to Appendix A of the EBTS: Each agency will be allocated a maximum number of high priority transactions per transaction type per day. Once this limit is reached, high priority transactions will continue to be processed, but their priority level will be adjusted to ‘routine.’ DISCUSSION AND ANALYSIS Post-NGI research determined this concept was made available in the NGI system, but was never tested and “switched on” in the operational environment. As background, in the Integrated Automated Fingerprint Identification System (IAFIS), response times were based on TOT and a transaction’s total time in the system. However, the NGI system strictly utilizes the TOT to determine priority and the overall response time. Currently, for any EBTS 10.0 compliant agency submitting transactions marked “high priority,” the NGI system is overlooking this field and processing based on the TOT priority for a response time. The NGI requirements dictate the contributor priority be taken into account when determining transaction priority and associated transaction processing. For example, if an agency has 2,000 civil transactions in a day, they can mark a percentage of them as high priority for the NGI system to process before those submitted as routine priority. To ensure contributors are receiving responses in a timely manner, the CJIS Division’s Information Technology Management Section (ITMS) created an automated script. The script IS Issue #4, Page 2 APB Item #9, Page 21

runs multiple times a day to monitor transactions which require the ITMS to raise the priority to guarantee their completion, similar to how the IAFIS worked. Since the deployment of the new search algorithm on September 28, 2016, the CJIS Division raised the priority for transactions identified by the script on a few occasions (instances where there was low or limited staff in the manual fingerprint functions). Additionally, criminal and civil responses are being returned within the response time goals as shown by the overall averages below:

October 2016 November 2016 December 2016

Average Response Time CRIMINAL* 4m 33s 7m 13s 16m 8s

CIVIL 16m 37s 20m 48s 1h 9m 1s

October 2016 November 2016 December 2016

Response Time Goal Percentages CRIMINAL* 99.67% 99.13% 99.14%

CIVIL 99.91% 99.83% 99.65%

*The criminal metrics are for Criminal Answer Required (CAR) transactions only.

Based on these figures for the last quarter of calendar year 2016, the average response time for criminal transactions was 9m 18s and the average response time for civil transactions was 35m 29s. Furthermore, criminal transaction response times were met 99.31% of the time and civil transaction response times were met 99.79% of the time. OPTIONS Option 1: No change. The CJIS Division will continue to run the daily scripts and push transactions through the system as necessary to meet response times. Option 2: The CJIS Division will verify allocation percentages, test and enable the functionality on the operational environment to allow contributors to mark transactions as a high priority. RECOMMENDATION The FBI recommends option #1.

IS Issue #4, Page 3 APB Item #9, Page 22

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 2: The CJIS Division will verify allocation percentages, test and enable the functionality on the operational environment to allow contributors to mark transactions as a high priority. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion: To accept Option 1: No change. The CJIS Division will continue to run the daily scripts and push transactions through the system as necessary to meet response times. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1. No change. The CJIS Division will continue to run the daily scripts and push transactions through the system as necessary to meet response times. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1: No change. The CJIS Division will continue to run the daily scripts and push transactions through the system as necessary to meet response times. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1. No change. The CJIS Division will continue to run the daily scripts and push transactions through the system as necessary to meet response times. Action: Motion carried.

SPRING 2017 IS SUBCOMMITTEE ACTION: Motion: Option One: No change. The CJIS Division will continue to run the daily scripts and push transactions through the system as necessary to meet response times. Action: Motion carried.

IS Issue #4, Page 4 APB Item #9, Page 23

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #5 Addition of Manual Reject Codes in the Next Generation Identification (NGI) System for Poor Fingerprint Image Submissions PURPOSE To request the Subcommittee consider whether additional reject codes should be added to the NGI System to help agencies determine the reason for rejected fingerprint submissions. POINT OF CONTACT Biometric Services Section, Latent Forensic Support Unit Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the alternatives presented in this paper and recommend one alternative for the FBI staff to pursue. BACKGROUND This topic paper is in response to a request made by the National Crime Prevention and Privacy Compact (Compact) Council's (Council) National Fingerprint File Qualification Requirements Focus Group, to address recommendations for possible NGI system and Electronic Biometric Transmission Specification (EBTS) modifications aimed at reducing fingerprint image quality rejects. DISCUSSION AND ANALYSIS Currently, when an FBI Fingerprint Examiner rejects a transaction for poor fingerprint images, he or she selects a literal descriptor of the reason for the reject. The NGI System converts that descriptor in a numeric error code (L0116, L0117, L0118). While the L0116 and L0117 error codes each correspond with a single literal descriptor, there are eight distinct literal descriptors that correspond with the L0118 error code. The L0118 error code has eight possible descriptors related to it:

IS Issue #5, Page 1 APB Item #9, Page 24

       

Erroneous or incomplete fingerprint(s) or images: fingers or hands out of sequence; printed twice; missing and no reason given. Rolled fingerprint block contains multiple images. See finger(s) Fingerprint image(s) printed multiple times and/or not printed in the rolled impression block(s). See finger(s) Fingerprint image(s) printed in the plain impression block but not the rolled fingerprint block. See finger(s) Fingerprint images not visible/printed in the plain impression block(s). Unable to determine correct sequence. See finger(s) Fingerprint image missing in the rolled and plain impressions blocks with no contributor notation. See finger(s) Same thumb printed twice in plain impression blocks. Rolled and/or plain fingerprint image appears to be from multiple subjects. See finger(s)

Consequently, the FBI Fingerprint Examiners provide a detailed description with any reject reason. However, some states parse the data, making it difficult for the originating agency to determine exactly why the fingerprint was rejected. For example, if the reject reason was, “images are not discernible,” an examiner would then list the related fingerprint blocks that are unable to be discerned. The Council has made the request to develop new error codes which would correspond with the above mentioned literal descriptors. The first literal descriptor in the above list would be inherited by the current code of L0118. The remaining descriptors would then obtain the newly established codes. In turn, these new codes would assist the originating agency in determining the cause of the reject images. This information could then be applied to agency training at all levels, for improved image capturing and greater initial retention. When criminal fingerprints reject for image quality, there may not be an opportunity to fingerprint the individual again, meaning the arrest may never be added to the national record. Fewer rejects will thus lead to more complete criminal history records, and, by extension, improve safety for law enforcement as well as vulnerable populations. If these additional error codes are applied, agencies may need to reprogram in order to receive the new error codes. If the decision is made to implement additional error codes, the expected time frame would be 16 to 24 weeks for testing and implementation. This time frame does not include the EBTS considerations of the possible one year notification to the contributor. OPTIONS Option 1: Develop and implement new error codes to be assigned specifically to their literal descriptor. Option 2: No Change.

IS Issue #5, Page 2 APB Item #9, Page 25

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1: Develop and implement new error codes to be assigned specifically to their literal descriptor. Action: Motion carried. Motion: Action:

Priority 3M for Option 1. Motion carried.

NORTH CENTRAL WORKING GROUP ACTION: Motion 1: To accept Option 1: Develop and implement new error codes to be assigned specifically to their literal descriptor. Action: Motion carried. Motion 2: Action:

To assign a Priority 3M Motion carried.

NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1: Develop and implement new error codes to be assigned specifically to their literal descriptor. Action: Motion carried. Priority level 3M. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1: Develop and implement new error codes to be assigned specifically to their literal descriptor. Action: Motion carried. Priority level 3M. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1: Develop and Implement new error codes to be assigned specifically to their literal descriptor. Action: Motion carried. Priority level 3M.

SPRING 2017 IS SUBCOMMITTEE ACTION: Motion: Option One: Develop and implement new error codes to be assigned specifically to their literal descriptor with a caveat it would be from day one forward. Priority 2M. Action: Motion carried.

IS Issue #5, Page 3 APB Item #9, Page 26

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #6 FBI CJIS Division Tribal Engagement Program Update PURPOSE To summarize the recent activities and initiatives of the FBI CJIS Division’s Tribal Engagement Program. POINT OF CONTACT Law Enforcement Support Section (LESS), Partner Relations and Outreach Unit (PROU), Tribal Engagement Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEES The Subcommittees are requested to review the information provided in this paper and provide appropriate comments. BACKGROUND In December 2011, the FBI CJIS Division’s Assistant Director identified the LESS Chief as the FBI CJIS Division’s Executive Tribal Liaison. Quickly following this designation, the FBI CJIS Division identified a tribal point of contact for each program. The goal of the Internal CJIS Tribal Working Group was to maintain consistency and provide a liaison to Indian Country on connectivity issues, policy compliance, and program awareness. After the establishment of an FBI CJIS Division Executive Tribal Liaison and program points of contact for each FBI CJIS Division program, the Advisory Policy Board’s (APB) Executive Committee established a Tribal Task Force (TTF) in June 2012. The TTF was formed with the following mission: To enhance officer and public safety by improving local, state, tribal, territorial, and federal participation in the FBI CJIS Division systems. The Task Force will review all relevant issues that may prevent or discourage tribal law enforcement agencies from entering records/data into FBI CJIS Division systems and make recommendations that will address those issues. IS Issue #6, Page 1 APB Item #9, Page 27

The TTF is chaired by Mr. William J. Denke, Sycuan Tribal Police Department. In addition, the TTF is comprised of three tribal members: Mr. Francis E. Bradley, Sr., Hualapai Nation Police Department; Mr. Carlos Echevarria, Tulalip Tribal Police Department; and Mr. Scott Desjadon, Yavapai Prescott Tribal Police Department. The task force also includes four state/local members: Mr. Edward Bonner, Sheriff of Placer County, California; Ms. Dawn Peck, Idaho State Police; Mr. Gene Thaxton, Oklahoma Department of Public Safety; and Mr. Brian Wallace, Marion County Sheriff’s Office, Oregon. In addition, the TTF includes federal representatives from the following agencies: Mr. Jason O’Neal of the Bureau of Indian Affairs (BIA), Office of Justice Services; Ms. Marcia Good of the Department of Justice (DOJ), Office of Tribal Justice (OTJ); Mr. Gregory D. Adams of the FBI’s Indian Country Crimes Unit; and Mr. Christopher A. Nicholas as the FBI CJIS Division’s Executive Tribal Liaison. In March 2015, a full time Tribal Liaison Team (TLT) was established within the CJIS Division’s PROU. Today, there are three dedicated staff members that liaise with tribal partners, represent the FBI CJIS Division at various Indian Country training events, coordinate FBI CJIS Division Tribal conferences, conduct on-site tribal visits, and collaborate with federal partners on various tribal programs. The following summary on the FBI CJIS Division’s Tribal Engagement Program is provided for your information. Task Force Meeting Summary The most recent TTF meeting was held on December 8, 2016, in Phoenix, Arizona. The agenda for the meeting consisted of the following topics: membership; Uniform Crime Reporting (UCR) transition to National Incident-Based Reporting System (NIBRS) and Use of Force data collection; dispositions; DOJ Tribal Access Program (TAP) update; 2016 conference highlights; Tribal contact lists; Arizona proposed National Sex Offender Registry (NSOR) message key for tribes; and an open discussion. All task force members were in attendance with the exception of Mr. Bonner, Mr. Echevarria, Ms. Good, and Mr. Adams. Ms. Good was represented by proxy Mr. Josh Ederheimer. Members discussed the importance of active participation on the task force and recommended that the membership be reviewed. As a result of a previous TTF recommendation, Mr. Scott Desjadon was added as the newest tribal member and Mr. Timothy Chung was the invited CJIS Systems Officer (CSO) from Arizona. Uniform Crime Reporting During the Fall 2015 APB meeting, the Board passed a motion that requires the FBI UCR Program to transition to a NIBRS only data collection by January 1, 2021, by all local, state, tribal, and federal agencies. In support of this recommendation, task force members discussed requirements on tribal jurisdictions to submit through the BIA and its transition to NIBRS. Currently, tribes are submitting crime statistics directly to the FBI, through a state, and/or through the BIA. Today the BIA accepts and submits data to the FBI in summary format and is currently in the process of reworking its data collection process to accomplish NIBRS IS Issue #6, Page 2 APB Item #9, Page 28

submissions. The BIA continues its development and deployment of the necessary tools for compliance for its agencies under its service jurisdiction, to include tribal law enforcement agencies. During the December meeting, the TTF reviewed a roadmap explaining the reporting process and pathways and provided comments back to the FBI CJIS Division staff. The FBI CJIS Division will draft a unified message about information sharing that will accompany the Transition to NIBRS and Use of Force documents and will be distributed detailing the reporting process, available submission methods, and the importance of participation. The BIA and the FBI CJIS Division are collaborating on a method that will provide tribal agencies with a more robust and streamlined method to report to NIBRS by the transition deadline. It was also identified that the tribal jurisdictions may report directly via the FBI CJIS Division’s portal for use of force data collection. Dispositions As a result of the June TTF meeting, the FBI CJIS Division staff drafted correspondence/brochures on the arrest and disposition processes; created a mechanism to identify disposition rates in Indian Country; and included the Best Practice Guide to dispositions on the CJIS Tribal Outreach Special Interest Group (SIG). During the December meeting, the TTF reviewed and provided comments back to the FBI CJIS Division staff on the arrest and disposition documents. However, it was suggested by the FBI CJIS Division staff that they revise the provided documents into a more in-depth booklet for tribal agencies. The FBI CJIS Division is currently in the process of creating a bound booklet that will detail the importance of reporting arrests and dispositions, the impact of participation, case study representation, grant funding opportunities, and methods of submissions. The booklet will also be accompanied by a unified message on the importance of information sharing, tentatively scheduled for availability in spring 2017. In addition, after feedback from the task force members, the FBI CJIS Division will be revising draft disposition dashboards that will be available for all tribal criminal justice agencies. After an in-depth discussion regarding the importance of understanding the benefits of submitting dispositions, it was identified that education on the initial submission of the arrest fingerprint to the FBI must also be done. It was agreed that tribal jurisdictions may benefit from a visual pathway identifying the process flow from the initial arrest of the subject to the final disposition. Other Task Force Business Tribal Contact List During the December meeting, task force members provided suggestions to the FBI CJIS Division staff on the recommended methods for providing information to, or requesting

IS Issue #6, Page 3 APB Item #9, Page 29

information from, tribal members and/or agencies. The FBI CJIS Division will work with the OTJ to identify various tribal organizations for future correspondence with tribal entities. DOJ TAP The DOJ has established the TAP to provide tribes access to national crime information databases for both civil and criminal purposes. The DOJ will serve as the CJIS Systems Agency for selected federally recognized tribes. The DOJ will provide a workstation with capabilities to process finger and palm prints, take mugshots, and submit records to national databases, as well as the ability to access the FBI CJIS Division systems for criminal and civil purposes through the DOJ. Since the last APB meeting, the DOJ deployed TAP workstations to four additional tribes to include one tribe from Washington State, the Tulalip Tribe (June 22, 2016), and three tribes from Arizona: the White Mountain Apache Tribe (July 14, 2016), the Pascua Yaqui Tribe (August 23, 2016), and the Gila River Tribe (August 4, 2016). For fiscal year (FY) 2016, a total of 9 TAP tribes received their workstations and training. For FY2017, the DOJ TAP selected 11 additional tribes to receive workstations that will allow access to FBI CJIS Division services, such as the National Crime Information Center (NCIC) and the Next Generation Identification (NGI). The DOJ conducted outreach to potential tribes and accepted expression of interest letters from tribes through December 2, 2016, at which time 54 tribes officially expressed interest in the TAP. The DOJ collaborated with the OTJ; Office of Community Oriented Policing Services; the Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking (SMART); and the FBI CJIS Division on the interested tribes. The notification of the selected tribes was on December 16, 2016. The DOJ provided education to the points of contact from the selected tribes regarding the onboarding and vetting process from December 19, 2016 through January 5, 2017. The deployment of TAP workstations is tentatively scheduled for May 9 through September 29, 2017. For additional information on the DOJ TAP, please contact . CJIS Tribal Outreach As a result of the first tribal and state collaboration event sponsored by the FBI CJIS Division in August 2015 in Tulsa, Oklahoma, the FBI will host multiple regional conferences in upcoming fiscal years. Once again, tribal, state, and federal partners will come together to educate each other on the needs in Indian Country, the benefits of using national information sharing systems, and the importance of establishing partnerships to promote officer and public safety. The PROU TLT held its first regional conference in Phoenix, Arizona, on November 29-30, 2016. The FBI CJIS Division invited representatives from approximately 111 federally recognized tribes, the DOJ CSO, and seven CSOs representing those tribes geographically located within Arizona, Utah, Colorado, New Mexico, Washington, Oregon, and Nevada. Program overviews were provided on all FBI CJIS Division services, as well as topic-specific workshops. The objective of the tribal conference was to educate attendees on the FBI CJIS IS Issue #6, Page 4 APB Item #9, Page 30

Division services, to improve the understanding of tribal needs, and to identify specific issues regarding tribal participation in FBI CJIS Division systems and services. On December 1, 2016, the FBI CJIS Division staff completed an on-site visit at the Salt River Pima Maricopa Indian Community Police Department with Chief Karl Auerbach and department staff. The PROU TLT learned about their daily operations, technical capabilities, outreach, and training opportunities. The FBI CJIS Division staff was invited by Chief Bradley of the Hualapai Nation Police Department to address the Hualapai Council on December 3, 2016. The staff used this opportunity to highlight the public safety and officer safety importance of information sharing among all authorized tribal agencies. The FBI CJIS Division staff expressed appreciation for the collaboration that occurs between Chief Bradley and the FBI CJIS Division staff regarding tribal initiatives and information-sharing opportunities. Collaboration On November 17, 2016, the FBI CJIS Division hosted a meeting with the DOJ SMART Office personnel at the FBI CJIS Division main complex and the Biometric Technology Center. The SMART Director and four policy advisors met with FBI CJIS Division staff from NCIC, NGI, and the CJIS Audit Unit to discuss overlapping tribal initiatives. The teams discussed how they could partner and/or support each other’s efforts as both provide assistance and guidance to tribal partners. The following information summarizes the SMART Office’s Quality Assurance legislative mandate. The SMART Office is responsible for providing jurisdictions with guidance regarding the implementation of requirements mandated by Title I of the Adam Walsh Child Protection and Safety Act (Adam Walsh Act) of 2006, and providing technical assistance to states, territories, Indian tribes, local governments, as well as public and private organizations. As directed, the SMART Office is also responsible for administering the standards for the Sex Offender Registration and Notification Act (SORNA), to ensure jurisdictions have substantially implemented all requirements in order to receive grant funding. The SMART Office has been in contact with the FBI CJIS Division PROU, Criminal Justice Information Law Unit, and the NCIC Operations and Policy Unit, to discuss the SMART Office’s responsibility to ensure tribal agencies are substantially implementing SORNA requirements. In order to determine if approximately 160 tribal agencies have substantially implemented SORNA, the SMART Office is working with FBI CJIS Division staff to ensure tribal jurisdictions are entering sex offender registrants into the NCIC NSOR as indicated rather than accepting declarations of compliance at face value. The SORNA established the SMART Office as the federal agency responsible for implementing SORNA in state and tribal jurisdictions. As such, the SMART Office has the responsibility to “administer the standards for the sex offender registration and notification program set forth in IS Issue #6, Page 5 APB Item #9, Page 31

[the] Act.” 42 U.S.C. § 16945 (c)(1). In order to meet this Congressional mandate, the SMART Office must be able to determine whether entries in the NCIC NSOR accurately correspond to entries in the National Sex Offender Public Website. To this end, and pursuant to the recommendation of the FBI Office of the General Counsel, the SMART Office will receive an extract of the NCIC NSOR. The TTF reports on the FBI CJIS Division services and issues specific to Indian Country and provides suggestions on improving tribal access and use of FBI CJIS Division services. The TTF reports to the Executive Committee of the APB. Recommendations of the TTF are vetted and forwarded to the CJIS APB through the Executive Committee. For additional information on the FBI CJIS Division Tribal Engagement Program, please contact or visit the CJIS Tribal Outreach SIG on the LEEP. SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups.

SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by all six subcommittees. (IS, NCIC, NICS, N-DEx, SA and UCR).

IS Issue #6, Page 6 APB Item #9, Page 32

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #9 Reminder that States can Request to Change their Date of Arrest (DOA) Cut-off in the Interstate Identification Index (III) PURPOSE This information topic paper is to remind states that the FBI Criminal Justice Information Services (CJIS) Division will modify the DOA cut-off based on requests from the state. POINT OF CONTACT Biometric Services Section (BSS), Criminal History Information and Policy Unit (CHIPU) Questions regarding this topic should be directed to . BACKGROUND The DOA cutoff is a date established by the state and used to determine how the Next Generation Identification (NGI) System processes transactions. The DOA cutoff determines when unsolicited messages are sent in response to III transactions. This functionality assisted states in transitioning to the III and National Fingerprint File (NFF) Programs by limiting the number of unsolicited messages (consolidation $.A.CON, non-matching state identification number (SID) ignored $.A.NMS, deceased $.A.DEC, etc.) they would receive. The DOA cutoff provided states a means to limit the scope of the unsolicited messages to the record set they would support. The DOA cutoff is contained within a table in the NGI System. Currently, each III participating state has a DOA cutoff. Historically, three approaches were used to establish the DOA cutoff: •

Day one forward - Under this approach, a III state’s SID will be entered into all records (for which the DOAs are on or after the state’s DOA cutoff).

•

State control of records established in the III since the state became a sole-source contributor - Under this approach, in addition to taking responsibility for records established on or subsequent to its III participation start date, the state will assume responsibility for all of its records which were established subsequent to it becoming a sole-source contributor. The state may choose to set its DOA cutoff as January 1 of the year it became a sole-source contributor. IS Issue #9, Page 1 APB Item #9, Page 33

•

State control of records established in the III prior to the state’s sole-source contributor date (no DOA cutoff) - By choosing this approach, a state assumes dissemination responsibility for all its records established in the III prior to the date it became a sole-source contributor.

Impact of DOA cutoff on the SID In May of 2015, a CJIS APB Disposition Task Force (DTF) member from Delaware requested the FBI CJIS Division partner with this state to examine the disparity between disposition statistics. The disposition dashboards created by the FBI CJIS Division and the biannual statistics reported by the National Consortium for Justice Information and Statistics reflect very different dispositions rates. Using the Delaware Justice Information System (DELJIS), Delaware researched the records in the state system to identify the root causes of the missing dispositions in the NGI System. In many cases, the disposition was available in DELJIS, but the SID was not indexed in the NGI System. This prevented the NGI System from conducting state outreach which would have included the Delaware dispositions on the criminal history record. Delaware examined the criminal arrest submissions used to create these records. Although many of them had been recently submitted to the NGI System with SIDs, they contained older DOAs. Further analysis revealed the NGI System was not indexing the SIDs from these records in the pointer field because they were prior to Delaware’s DOA cutoff date of January 1, 1986. The APB DTF requested the FBI CJIS Division evaluate the impact of the DOA cutoff on disposition availability, specifically disregarding the DOA cutoff for III unsolicited messages. The DOA cutoff assisted states in their transition to the III program, but is having an adverse effect on setting the state pointers in the records. For example, if a state submits a criminal arrest print to the NGI System with a SID on the print, but the DOA is prior to the DOA cutoff, the NGI System will ignore the SID and create a pseudo-pointer record. The record will appear on the III Audit Synchronization medium as a pseudo-pointer record 1. States would need to submit a modify record SID (MRS) transaction to set the pointer to the SID in the III 2. These states would not receive unsolicited messages for transactions with DOAs prior to the DOA cutoff, regardless of when the transaction occurred. As a result of the Delaware study, the FBI CJIS Division’s Biometric Requirements and Test group provided a technical impact analysis for eliminating the DOA cutoff from III processing. States who elect to change their DOA cutoff will see an increase in unsolicited messaging from the III for records which contain a SID 3. The increase will be dependent on the volume of older records submitted. The following list contains each state’s DOA cutoff for discussion purposes.

1

Only pseudo-pointer records created on or after April 20, 1983, will appear on the medium. The submission of a fingerprint with a SID, regardless of DOA cutoff, will not convert an already established pseudo-pointer to a state active pointer (SID). In these instances, the state must submit the MRS transaction. 3 Unsolicited messages will not be sent for pseudo-pointer records maintained by the FBI CJIS Division. 2

IS Issue #9, Page 2 APB Item #9, Page 34

State Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware D.C. Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania

III Participation Date

III DOA Cutoff

3/3/1996 8/4/1991 12/7/1997 3/5/1995 1/1/1983 1/1/1983 10/29/1986 7/11/1986 4/6/2008 1/1/1983 1/1/1983 2/1/2004 10/15/1984 8/8/1993 8/25/1997 1/5/1997 11/3/2002 2/1/2004 9/4/2005 7/13/2008 3/22/1998 6/17/2001 1/1/1983 1/1/1983 5/17/1998 5/29/1986 12/16/1990 12/6/1998 12/12/1993 3/5/2000 1/1/1983 12/7/1997 1/1/1983 1/1/1983 5/1/1994 6/4/1984 6/5/1994 8/13/1984 1/1/1983 IS Issue #9, Page 3 APB Item #9, Page 35

12/1/1995 4/1/1991 12/7/1997 1/1/1984 1/1/1973 1/1/1983 1/1/1976 1/1/1986 4/6/2008 1/1/1983 1/1/1983 2/1/2004 1/1/1984 7/1/1993 5/1/1997 no date 10/15/2002 1/15/2004 9/4/2005 8/31/1998 2/1/1998 1/1/1993 1/1/1983 1/1/1978 5/1/1998 1/1/1986 1/1/1983 11/29/1998 7/1/1992 1/15/2000 1/1/1983 8/1/1997 1/1/1971 no date 4/1/1994 1/1/1984 1/1/1993 1/1/1983 1/1/1983

NFF Participation Date

3/7/2004

4/21/1991 8/5/2007 9/3/2009 9/3/2006

6/2/2013 1/8/2006

6/6/2010

10/9/2011 2/10/2013 9/1/2002

9/17/1995 3/31/2016 2/14/1993 1/11/2015 11/2/2003 5/1/1994

State Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington West Virginia Wisconsin Wyoming

III Participation Date

III DOA Cutoff

5/13/2001 1/1/1983 6/5/1994 2/23/2003 1/1/1983 8/2/1992 10/5/2008 1/1/1983 2/28/1993 5/17/1998 12/19/1999 1/1/1983

NFF Participation Date

5/13/2001 3/1/1977 4/15/1994 no date 1/1/1983 6/15/1992 1/1/2008 1/1/1983 1/1/1993 5/1/1998 11/1/1999 1/1/1983

States that wish to modify their DOA cutoff should request that their CJIS Systems Officer contact the BSS CHIPU at .

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups.

SPRING 2017 IS SUBCOMMITTEE ACTION: This topic was accepted as information only.

IS Issue #9, Page 4 APB Item #9, Page 36

4/6/2008

9/16/2012 3/2/2008

CJIS ADVISORY POLICY BOARD (APB) IDENTIFICATION SERVICES (IS) SUBCOMMITTEE CLARKSBURG, WV APRIL 26, 2017 STAFF PAPER IS ISSUE #15 “Seven of Ten Solution” Next Generation Identification (NGI) System Enhancement PURPOSE To advise the Subcommittee of the request to evaluate retaining criminal and civil fingerprints that score below the current NGI system quality threshold. POINT OF CONTACT Biometric Services Section, Customer Support Unit Questions regarding this topic should be directed to [email protected] BACKGROUND For years, the National Crime Prevention and Privacy Compact Council (Council) and the Advisory Policy Board (APB) have requested the CJIS Division review ways to reduce the NGI system fingerprint quality rejects. In the May 2015 Council meeting, the CJIS Division staff advised that CJIS was not ready to make any system enhancements to allow “retention of below threshold civil submissions.” The Council requested this topic be the Division’s main priority. The APB was briefed at the spring 2015 round of the Advisory Process with an Information Only Topic Paper. Additionally, in the April 2015 Identification Services Subcommittee (ISS) meeting, members were briefed on the Council topic and discussion. In April 2016, CJIS Executive Management determined changes would be made to implement a proposed solution. After reviewing requirements and development, it was determined the enhancement would be implemented for all types of transactions (TOTs). The “Seven of Ten Solution” enhancement allows the NGI system to make modifications to the fingerprint image(s) in order for them to pass image quality standards, without degrading fingerprints retained in the system database. This NGI system enhancement raises the image quality score (IQS) by removing the lowest quality score fingerprint(s). The NGI system calculates the overall IQS based on the scores of ten rolled/flat fingerprint images when a civil or criminal tenprint submission falls below the quality threshold. If the total of the scores fails to meet the threshold, the NGI system will apply an Automated Quality-Unable to Print (AQ-UP) stamp on the lowest image score, then recalculate the total IQS for nine images. The NGI

IS Issue #15, Page 1

APB Item #9, Page 37

system will continue this recalculation, up to three times, until the transaction meets or exceeds the thresholds for rolled images or flat images. The process for removal and recalculation of up to three times is based on a current procedure which allows FBI Fingerprint Examiners (FPEs) to place “UP” stamps on a maximum of three fingerprint images in order to increase the quality score to a value which exceeds the thresholds. For Type 4 submissions which are comprised of rolled and flat fingerprint images, the NGI system will use rolled image scores only. For Type 14 submissions which contain only flat images, the NGI system will use flat image scores. In an instance where two or more fingers have the same IQS, the NGI system will stamp in the following order: right little, left little, right ring, left ring, right middle, left middle, etc. If the IQS is below the thresholds after the third calculation, the submission will be flagged as a search but do not add (SBDA) and continue through the three system searches (biometric search, biographic search, and quoted number search). If a viable candidate is not returned in any of these searches, or if the viable candidate is not a match, the submission will be rejected for quality (L0008 reject). The advantage of this method is that the quality score will be raised by excluding fingers from the calculation, thus reducing quality rejections. The NGI system will only perform an image quality scoring check on submissions with at least seven images. If the contributing agency submits a transaction with three fingers stamped “UP,” the NGI system will not follow the system enhancement outlined in this topic paper. The “Seven of Ten Solution” system enhancement was implemented on November 10, 2016. Transactions submitted during the first month were reviewed to determine how many of the submissions employed the enhancement process. During the first month of implementation, a total of 45,038 transactions utilized the new system enhancement, due to the IQS. That statistical data 1 is as follows: 17,793 Number of transactions Stamped UP on 1 finger 15,224 Number of transactions Stamped UP on 2 fingers 12,021 Number of transactions Stamped UP on 3 fingers In addition, the statistical data was reviewed to determine the percentage of time a specific finger required the UP stamp and removal of fingerprint image to meet the threshold. That statistical data is as follows: 60.13% Right little finger stamped UP’ed 50.82% Left little finger stamped UP’ed 19.18% Right ring finger stamped UP’ed

1

Upon review of the statistical data, the query contained a variable of less than one percent of transactions which may have contained 2 or 3 stamps.

IS Issue #15, Page 2

APB Item #9, Page 38

21.70% Left ring finger stamped UP’ed 7.03% Right middle finger stamped UP’ed 8.48% Left middle finger stamped UP’ed 6.94% Right index finger stamped UP’ed 8.52% Left index finger stamped UP’ed 1.60% Right thumb finger stamped UP’ed 2.12% Left thumb finger stamped UP’ed Additionally, 20.06 % of stamped transactions were criminal submissions and 79.94 % of stamped transactions were civil submissions. At the October 2016 ISS meeting, the possibility of pulling an image from the submitted palm print to replace the low quality fingerprint image was discussed. This would eliminate the need for the “UP” stamp and prevent a loss of image in the tenprint submission. The possibility of this enhancement will be analyzed after the “Seven of Ten Solution” system enhancement has been in place for six months in order to have sufficient data for review.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups.

SPRING 2017 IS SUBCOMMITTEE ACTION: This topic was accepted as information only.

IS Issue #15, Page 3

APB Item #9, Page 39

CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) ADVISORY POLICY BOARD (APB) JACKSONVILLE, FL JUNE 7-8, 2017 STAFF PAPER APB ITEM #12 Chairman's Report on the Uniform Crime Reporting (UCR) Subcommittee UCR ISSUE #1 Modification of Cleared by Exceptional Means Use When Victim Refuses to Cooperate UCR ISSUE #2 Proposal to Revise the FBI UCR Program’s Definition of a Law Enforcement Officer to Include Tribal Officers UCR ISSUE #3* Summary of Recently Conducted UCR Quality Assurance Reviews (QARs) UCR ISSUE #4** QAR Update UCR ISSUE #5 Crime Data Modernization Overview Update—New UCR and Crime Data Explorer Update—Data Collection of Use of Force Statistics on All Nonfatal/Fatal Police OfficerInvolved Incidents by Law Enforcement in the Line-of-Duty Update—Transition of the FBI UCR Program Summary Reporting System to the National Incident-Based Reporting System UCR ISSUE #6 CJIS Division Tribal Engagement Program Update UCR ISSUE #7*** UCR Status Report

* UCR members only staff paper **No staff paper *** Delivered with the information only staff papers APB Item #12, Page 1

CJIS ADVISORY POLICY BOARD (APB) UNIFORM CRIME REPORTING (UCR) SUBCOMMITTEE CLARKSBURG, WEST VIRGINIA APRIL 27, 2017 STAFF PAPER UCR ISSUE #1 Modification of Cleared by Exceptional Means Use When Victim Refuses to Cooperate PURPOSE Allow for the use of cleared by exceptional means in instances where the victim refuses to cooperate and all avenues of investigation have been exhausted without the victim’s cooperation. POINT OF CONTACT Law Enforcement Support Section, Crime Statistics Management Unit Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE Review the information provided in this paper and provide guidance and feedback to the Federal Bureau of Investigation (FBI) UCR Program. BACKGROUND Offenses can be cleared by arrest or exceptional means. An offense is cleared by arrest when at least one person is (1) arrested, (2) charged with the commission of the offense, and (3) turned over to the court for prosecution (whether following arrest, court summons, or police notice). When law enforcement agencies make no physical arrest, an agency can claim an offense is cleared by arrest when the offender is a person under 18 years of age and is cited to appear in juvenile court or before other juvenile authorities.1 Offenses are cleared by exceptional means when all four of the following criteria are met: 2 1. The law enforcement agency’s investigation must have clearly and definitely established the identity of at least one offender. 2. The law enforcement agency must have sufficient probable cause to support arresting, charging, and prosecuting the offender. 3. The law enforcement agency must know the exact location of the offender so they could make an arrest if circumstances did not prevent it. 1.

2.

FBI. Summary Reporting System User Manual version 1.0. p. 112. FBI. National Incident-Based Reporting System User Manual version 1.0. p. 69, 70.

UCR Issue #1, Page 1 APB Item #12, Page 2

4. There must be a reason outside the control of the law enforcement agency preventing the arrest. A = Death of Offender B = Prosecution Declined (by the prosecutor for other than lack of probable cause) C = In Custody of Other Jurisdiction (includes extradition denied) D = Victim Refused to Cooperate (in the prosecution) E = Juvenile/No Custody (the handling of a juvenile without taking him/her into custody, but rather by oral or written notice given to the parents or legal guardian in a case involving a minor offense, such as petty larceny) In all clearance criteria, the identity of at least one offender has to be known. DISCUSSION AND ANALYSIS The request: in circumstances where the victim knows the suspect/offender but will not provide law enforcement with the individual’s information, law enforcement agencies cannot meet the first criterion that “The law enforcement agency’s investigation must have clearly and definitely established the identity of at least one offender.” Law enforcement agencies are inaccurately clearing the incident by exceptional means, Victim Refused to Cooperate, which does not meet the established FBI exceptional clearance criteria cited in 1 and 3. The requester cites law enforcement agencies are currently using “victim refused to cooperate” in circumstances where the victim will not identify an offender. This is an issue that law enforcement agencies encounter frequently, and they cannot investigate and/or solve crimes when investigative leads are unable to determine an offender without the victim’s assistance. This change would allow for a more adequate depiction of what is actually occurring and being investigated by law enforcement. The requester believes by relaxing the cleared by exceptional means criteria, law enforcement would be able to clear these incidents with “Victim Refused to Cooperate” even though these may or may not be solvable crimes. It is the belief that allowing this change would provide a more accurate depiction of the crimes being investigated and the final outcome of such incidents. Law enforcement would continue to investigate the crime(s) until all leads have been exhausted. Incidents that fall into these circumstances would not be considered unfounded unless it was determined during the investigation that a crime did not, in fact, occur. In the event of a juvenile victim, this newly proposed use of cleared by exceptional means would apply when the parents or/guardians of the child speaks for them, and the prosecutor will not pursue charges. The subject of cleared by exceptional means has been brought to the FBI Criminal Justice Information Services (CJIS) APB process several times. Fall 1996 – Expand cleared by exceptional means by adding “Warrant Issued/Case Filed.” Result: no change to current criteria. Fall 2004 – Address cleared by exceptional means guidelines, i.e. “victim refuses to cooperate in prosecution.” Concern of the confusion that guidelines are contradictory as they relate to victim

UCR Issue #1, Page 2 APB Item #12, Page 3

cooperation during prosecution and need clarification. Result: UCR Program was to review the issues and focus on arrests and return to the Subcommittee. Spring 2005 – Cleared by exceptional means guidelines – revisited from fall 2004. During the previous (fall 2004) Subcommittee Meeting, a topic was presented regarding cleared by exceptional means guidelines for the UCR Program. During the presentation, the Subcommittee asked for additional information on a specific course of action that would be taken regarding the presented examples and how the actions would be applied when deciding to clear a crime by exceptional means. During the previous meeting it was noted that an example regarding a victim refusing to cooperate in a prosecution was inconsistent with the principle that UCR data is reported based on what the police department knows and the adjudication process is irrelevant for UCR Program purposes. The concern was that prosecution takes place after the investigation phase has been completed and an arrest is made. This caused confusion and difficulty in conducting audits. Result: Staff is going to include victim refusal to cooperate in investigations as part of the example for victims refusing to cooperate in prosecutions. Staff will work with agencies to try to understand what their process is. When using cleared by exceptional means, if they have cleared during the investigation phase due to non-cooperation during the investigation process, as long as supporting documentation can show there has been a lack of cooperation, that will be accepted as a reason for using cleared by exceptional means for the reporting. (Subcommittee voiced some concern about agencies improperly clearing crimes and not having the proper awareness of how to use cleared by exceptional means procedure.) This topic did not progress to the full CJIS APB; therefore, no recommendation was forwarded to the FBI Director and policy/criteria were not changed. Spring 2013: Relaxing two of the four cleared by exceptional means criteria (the first and third criteria) in cases where credit card or other electronic frauds occur and the location and identity of the offender are unknown. Result: no change to the cleared by exceptional means criteria. Fall 2013: Relaxing the cleared by exceptional means criteria in cases where credit card or other electronic frauds occur and the location and identity of the offender are unknown was brought again. Result: no change to the cleared by exceptional means criteria. There are concerns that if the clearance criteria are relaxed the action would ultimately change the definition of a clearance and the FBI UCR Program would lose the true picture of crimes being cleared. OPTIONS Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means.

UCR Issue #1, Page 3 APB Item #12, Page 4

Option 2: Relax the cleared by exceptional means criteria to allow for clearance in which the victim refuses to cooperate. The impact on state system users would be minimal; however, records management systems may require programming to allow an unknown offender with the use of exceptional clearance. RECOMMENDATION The FBI UCR Program recommends option 1 of this staff paper.

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion: To accept Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means. Action: Motion carried. with 20 Yay/2 Nay NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means. Action: Motion carried with 1 opposed. SPRING 2017 UCR SUBCOMMITTEE ACTION: Motion: Moved for Option 1: The FBI UCR Program will maintain the current criteria for cleared by exceptional means. Action: Motion passed.

UCR Issue #1, Page 4 APB Item #12, Page 5

CJIS ADVISORY POLICY BOARD (APB) UNIFORM CRIME REPORTING (UCR) SUBCOMMITTEE CLARKSBURG, WEST VIRGINIA APRIL 27, 2017 STAFF PAPER UCR ISSUE #2 Proposal to Revise the Federal Bureau of Investigation (FBI) UCR Program’s Definition of a Law Enforcement Officer to Include Tribal Officers PURPOSE To propose a change to the UCR Program’s definition of a law enforcement officer, to include tribal officers REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to decide whether the UCR Program’s definition of a law enforcement officer should be revised to include tribal officers. POINT OF CONTACT Law Enforcement Support Section, Crime Statistics Management Unit Questions regarding this topic should be directed to [email protected]. BACKGROUND The UCR definition of a law enforcement officer is as follows: Law Enforcement Officer - All local, county, state, and federal law enforcement officers (such as municipal, county police officers, constables, state police, highway patrol, sheriffs, their deputies, federal law enforcement officers, marshals, special agents, etc.) who are sworn by their respective governmental authorities to uphold the law and to safeguard the rights, lives, and property of American citizens. They must have full arrest powers and be members of a public governmental law enforcement agency, paid from government funds set aside specifically for payment to sworn police law enforcement organized for the purposes of keeping order and for preventing and detecting crimes, and apprehending those responsible. For additional clarification, the definition of a public governmental law enforcement agency is as follows: Public governmental law enforcement agency – Any agency, organized and governmental authorized to enforce criminal law, arrest violators, and keep public order of the United States, any State of the United States, the District of Columbia, the Commonwealth of UCR Issue #2, Page 1 APB Item #12, Page 6

Puerto Rico, the Virgin Islands of the Unites States, Guam, American Samoa, the Trust Territories of the Pacific Islands, the Commonwealth of the Northern Mariana Islands, and any territory or possession of the United States, or any unit of local investigation government, department, agency, or instrumentality of any of the foregoing. In addition, the Law Enforcement Officers Killed and Assaulted (LEOKA) Program has established criteria that explains which law enforcement officers are included and excluded from the data collection. Within this criteria document, it specifically states, “The publishable data pertaining to felonious deaths, accidental deaths, and assaults of duly sworn city, university and college, county, state, tribal, and federal law enforcement officers who, at the time of the incident, met the following criteria.” Based upon the UCR definitions and the LEOKA criteria, tribal law enforcement officers have always been included and are reported under their type of agency. The LEOKA Program’s data collection forms include “City,” “County,” “State,” “Federal,” “Tribal (non-federal only),” and “Other” as options for the “Type of agency.” DISCUSSION AND ANALYSIS Mr. Scott Desjadon, who is the tribal representative for the Western Working Group, submitted this topic for discussion. Although tribal law enforcement officers are collected under the types of agencies listed above and are currently included in the UCR Program, Mr. Desjadon recommends the word “tribal” be added to the definition of a law enforcement officer to provide clarity to the inclusion of these officers. The FBI UCR and LEOKA Programs support this recommendation. If approved, the new definition would read as follows: Law Enforcement Officer - All local, county, state, tribal, and federal law enforcement officers (such as municipal, county police officers, constables, state police, highway patrol, sheriffs, their deputies, federal law enforcement officers, marshals, special agents, etc.) who are sworn by their respective governmental authorities to uphold the law and to safeguard the rights, lives, and property of American citizens. They must have full arrest powers and be members of a public governmental law enforcement agency, paid from government funds set aside specifically for payment to sworn police law enforcement organized for the purposes of keeping order and for preventing and detecting crimes, and apprehending those responsible. OPTIONS Revise the Federal Bureau of Investigation (FBI) UCR Program’s definition of a law enforcement officer to include the word “tribal” for clarification purposes. Option 1 – Add the word “tribal” to the definition of a law enforcement officer. Option 2 – No change. RECOMMENDATION The FBI UCR and LEOKA Programs recommend that the word “tribal” be added to the definition of a law enforcement officer. UCR Issue #2, Page 2 APB Item #12, Page 7

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1: Add the word “tribal” to the definition of a law enforcement officer. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion: To accept Option 1: Add the word “tribal” to the definition of a law enforcement officer. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1: Add the word “tribal” to the definition of a law enforcement officer. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1: Add the word “tribal” to the definition of law enforcement officer. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1: Add the word “tribal” to the definition of a law enforcement officer. Action: Motion carried. SPRING 2017 UCR SUBCOMMITTEE ACTION: Motion: Moved for Option 1: Add the word “tribal” to the definition of a law enforcement officer. Action: Motion passed.

UCR Issue #2, Page 3 APB Item #12, Page 8

CJIS ADVISORY POLICY BOARD (APB) UNIFORM CRIME REPORTING (UCR) SUBCOMMITTEE CLARKSBURG, WEST VIRGINIA APRIL 27, 2017 STAFF PAPER UCR ISSUE #5 Crime Data Modernization (CDM) Overview PURPOSE To provide a progress update on the Director’s Priority Initiative (DPI) regarding CDM. POINT OF CONTACT Law Enforcement Support Section, Crime Data Modernization Team Questions regarding this topic should be directed to [email protected] REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information below for informational purposes. BACKGROUND The Federal Bureau of Investigation (FBI) CJIS Division was tasked with a DPI from FBI Director James B. Comey to improve the nation’s UCR crime statistics for reliability, accuracy, accessibility, and timeliness. The CDM Initiative is one of only seven DPIs being managed by Director Comey, who has publicly announced his support for an enhanced data collection. The mission of this initiative is to improve the nation’s UCR crime statistics reporting standard for local, state, tribal, and federal law enforcement agencies (LEAs) and to provide richer data to inform, educate, and strengthen communities. This effort will be achieved through the completion of a five prong approach. Prong One is to transition local, state, and tribal LEAs from the Summary Reporting System (SRS) to the National Incident-Based Reporting System (NIBRS). Prong Two is to collect use-of-force statistics on all non-fatal/fatal police officerinvolved incidents at the local, state, tribal, and federal levels. Prong Three and Prong Four both revolve around federal LEA compliance with the Uniform Federal Crime Reporting Act (UFCRA) of 1988, which mandates all federal agencies report their crime statistics. Prong Three specifically addresses FBI participation in the UCR Program. Prong Four facilitates participation from the remaining Department of Justice (DOJ) entities, as well as all other federal agencies. Prong Five relates to technical efforts to create the Crime Data Explorer (CDE), which is designed to ensure crime data is timely and accessible.

UCR Issue #5, Page 1 APB Item #12, Page 9

DISCUSSION AND ANALYSIS NIBRS Transition (Prong 1) The FBI currently employs two crime data collection systems known as the SRS and the NIBRS. The SRS only requires aggregate crime totals, whereas the NIBRS requires detail-specific data elements regarding each crime, thus providing richer and more accurate data; however, only 30% of LEAs are currently covered by the NIBRS. Director Comey stated, “I believe that the National Incident-Based Reporting System (NIBRS) is the pathway to better data, to richer data, that we can all use to have informed conversations about the most important issues we face. So, I’m going to make it my personal mission to continue to push to get us better data so we can have better conversations.” Subsequently, the Director has made the push for transparent and complete crime data. The transition of local, state, and tribal LEAs from the SRS to the NIBRS is gaining momentum throughout the nation. The FBI received a public resolution from the major law enforcement organizations supporting the five-year retirement of the SRS and transitioning to the NIBRSonly. Additionally, on December 2, 2015, the CJIS APB approved the recommendation to sunset the SRS and replace it with the NIBRS as the national standard for crime reporting by January 1, 2021. Director Comey signed this recommendation on February 9, 2016. The FBI began a NIBRS Modernization Study, in which current business practices and policies employed by local, state, tribal, and federal LEAs will be assessed, as well as how they compare with the requirements to transition these LEAs from the SRS to the NIBRS for purposes of collecting crime statistics. Additionally, the NIBRS will be assessed to determine if it meets current policing needs in its present state or requires modernization. Policing policies and strategies have evolved over the last 30 years. The FBI feels strongly that the NIBRS is the pathway to more accurate crime data; however, we must ensure the policy evolves to guarantee the best data. In efforts to initiate the NIBRS transition, the FBI has partnered with the Bureau of Justice Statistics (BJS) to implement the National Crime Statistics Exchange (NCS-X), in which the goal is to transition state programs and 400 local law enforcement agencies from the SRS to the NIBRS. The NCS-X initiative is a strategic expansion of the number of law enforcement agencies that contribute data to the NIBRS in order to produce nationally-representative estimates of crime using the NIBRS dataset. Currently, there are too few law enforcement agencies reporting to the NIBRS to make inferences about crime that is occurring at the national level. A valid statistical sample of 400 agencies was selected as part of the NCS-X initiative. When NIBRS data from these sampled agencies is added to data from participating NIBRS agencies, national estimates of crime can accurately be produced. One of the largest barriers to the NIBRS transition is the financial burden LEAs will experience regarding both the planning and implementation to replace the SRS. The FBI will be financially assisting with the transition of the 400 agencies and state programs that are not fully NIBRS compliant, through cooperative agreements that the BJS is administering. Fiscal Year (FY) 2016 funds were distributed and approved for seven states: Hawaii, Illinois, Kansas, Minnesota, New Jersey, Oklahoma, and Utah. FY16 funds were also approved for 17 UCR Issue #5, Page 2 APB Item #12, Page 10

large agencies: Arizona (City of Phoenix and Mesa Police Department), California (City of Long Beach, Los Angeles County, Los Angeles Police Department, San Diego County, and San Diego Police Department), Maryland (Prince George Police Department), Massachusetts (Boston Police Department), Nebraska (City of Omaha), Nevada (Las Vegas Metropolitan Police Department), New Mexico (Albuquerque Police Department), New York (State Police: Albany County), North Carolina (Charlotte-Mecklenburg Police Department), Oregon (City of Portland), Pennsylvania (City of Philadelphia), and Texas (San Antonio Police Department). Finally, three supplemental disbursements were given to Alabama, Wisconsin, and Nebraska. Furthermore, the following state programs have provided respective transition dates: • North Carolina - 2018 • Indiana - 2018 (full state solution) • Georgia - 2019 (full state solution) • Texas - 2019 (full state transition) • Minnesota - 2021 (full state transition) The addition of these states and their law enforcement agencies will greatly increase the percent of population covered by the NIBRS. The FBI crafted a communications strategy for the NIBRS transition to share the benefits and value of incident-based reporting. This effort involved developing unified messages for various audiences and stakeholder groups to allow them to both listen, as well as communicate, the benefits of the NIBRS to their agencies. Additionally, the FBI is identifying venues for engaging stakeholder groups, internal and external audiences, varied communities of interest, and the general public to educate groups on the value of the NIBRS. The FBI’s plan is to educate audiences via clear and concise messages in order to raise awareness and educate individuals on more accurate and comprehensive views of crime in the United States, as well as more transparency and uniformity through detailed reporting. This effort involves creating a means to routinely inform stakeholders, via a website, of the status of the NIBRS transition, as well as provide data and resources for audiences to use within their respective communities. The website also includes Frequently Asked Questions (FAQs), “Ask an Expert”, basic information and lessons learned, and access to other resources for support and information. This NIBRS website is available to the general public at: . The NIBRS video may be viewed from this website. Finally, the FBI CJIS Division will host five regional NIBRS Training Sessions in 2017. These training sessions are designed to help state agencies and agencies participating in the BJS NCS-X initiative gain a better understanding of the NIBRS to assist them in a successful implementation by 2021. NIBRS subject matter experts from across the FBI, as well as representatives from the BJS NCS-X initiative, will be in attendance. These experts will address “Why the NIBRS, Why Now?” as well as guidelines for implementation planning that includes a Concept of Operations regarding development and cost estimation to assist transitioning agencies. The training sessions are scheduled as follows: • •

February 14-16, 2017 (Orlando, Florida) April 4-6, 2017 (Tulsa, Oklahoma) UCR Issue #5, Page 3 APB Item #12, Page 11

• • •

June 27-29, 2017 (Baltimore, Maryland) August 1-3, 2017 (Phoenix, Arizona) September 19-21, 2017 (St. Louis, Missouri)

National Use-of-Force Data Collection (Prong 2) The FBI has a long-standing tradition of providing crime statistics on Law Enforcement Officers Killed and Assaulted (LEOKA) and justifiable homicides which enable transparency and accountability. To improve the data currently available, the FBI will collect use-of-force data. The use-of-force collection features data regarding nonfatal/fatal, police officer-involved incidents. The CJIS APB approved the recommendation to develop this collection in their December 3, 2015 meeting, and Director Comey signed this recommendation on February 9, 2016. The definition of the collection of use of force is: “The collection and reporting of use of force by a law enforcement officer {as defined by Law Enforcement Officers Killed and Assaulted (LEOKA)} to the FBI. The collection and reporting would include use of force that results in the death or serious bodily injury of a person, as well as when a law enforcement officer discharges a firearm at or in the direction of a person.” The definition of serious bodily injury is based in part upon 18 United States Code Section 2246 (4): “Bodily injury that involves a substantial risk of death, unconsciousness, protracted and obvious disfigurement, or protracted loss or impairment of the function of a bodily member, organ, or mental faculty.” The CJIS APB approved a minimum set of data elements that would be used for a high-level national collection on law enforcement use of force. The data elements include information relating to the incident, the subjects of the use of force, and any officers involved. Additionally, the FBI assembled a Use-of-Force Task Force in January 2016, whose mission is to further define the scope of data elements to be collected, initiate a marketing campaign for participation, and define the publication process. This Task Force met on January 27, 2016; March 17, 2016; May 4-5, 2016; and August 3, 2016. The following data elements have been identified for inclusion and measurement in the National Use-of-Force Data Collection by the Use-of-Force Task Force: Incident Information • • • • • •

Date and time of the incident Total number of officers who applied actual force during time of incident Number of officers from your agency who applied actual force during time of incident Location of the incident Location type of the incident Did the officer(s) approach the subject(s)? UCR Issue #5, Page 4 APB Item #12, Page 12

• • • •

Was a supervisor or a senior officer acting in a supervisory capacity present or consulted at any point during the incident? Was this an ambush incident? Reason for initial contact between subject and officer If incident involved multiple law enforcement agencies, case numbers for the local “useof-force reports” at the other agencies

Subject Information • • • • • • • •

Age, sex, race, ethnicity, height, and weight of the subject(s) Injury/Death of subject(s) Type(s) of force used connected to serious bodily injury or death Whether the subject(s) resisted Was the threat by the subject(s) perceived to be directed to the officer or to another party? Type(s) of subject resistance/weapon involvement Apparent or known impairment/physical conditions of subject? At any time during the incident, was the subject(s) armed or believed to be armed with a weapon (other than hands, fist, or feet)?

Officer Information • • • • • • • •

Age, sex, race, ethnicity, height, and weight of the officer(s) Officer’s years of service as a law enforcement officer (total tenure) Full-time? Was the officer readily identifiable by clothing or insignia at the time of the incident? Was the officer on duty at the time of the incident? Did the officer discharge a firearm? Officer(s) injured Officer injury type

The FBI is working with the Office of Management and Budget to complete requirements to establish and publish the National Use-of-Force Data Collection. A 60-day public notice was published on October 5, 2016, requesting comments or questions from the general public, as well as civil rights groups and advocacy groups concerning the collection. This public notice closed on December 5, 2016. A 30-day public notice was published on December 30, 2016. This notice contains details obtained through cognitive testing of law enforcement and UCR state program managers, affirming the proper interpretation and definitions of data elements were applied uniformly. Furthermore, the CJIS APB made a recommendation regarding the collection mechanism to be used: “The APB recommends the creation of a separate collection mechanism under the FBI CJIS for the reporting of use of force data. The new data collection will be maintained separately by the national UCR Program and apart from the criminal incident and offense information. CJIS Systems Officers, in consultation with UCR Program Managers, will UCR Issue #5, Page 5 APB Item #12, Page 13

determine if agencies within their jurisdiction may submit directly to the FBI. UCR Programs will have timely and on-going access to all data submitted directly to the FBI.” The FBI is leveraging the Law Enforcement Enterprise Portal (LEEP) for this collection. A data collection tool is being developed and will be accessible from the LEEP. The Initial Operating Capability for Use-of-Force development will be complete in early 2017, in which a pilot will begin with the largest law enforcement agencies consisting of a workforce of 750 or more sworn officers, two to five volunteer states, four DOJ LEAs, and any other agency that voluntarily approaches the FBI. Teleconferences were hosted by the FBI with the North Central, Northeastern, Southern, Western, and Federal CJIS Systems Officers and state UCR program managers to provide an overview of the development of the National Use-of-Force Data Collection and address any comments, questions, and concerns on November 21-22, 2016. To market the National Use-of-Force Data Collection, the FBI developed the following webpage that LEAs and the general public can use to obtain answers to FAQs and access resources and support information: . Additionally, a Use-of-Force video has been produced to assist in marketing the data collection and was debuted at the Fall CJIS APB meeting in December 2016. FBI Reporting (Prong 3) The UFCRA of 1988 mandates that all federal agencies which routinely investigate complaints of criminal activity, report crime data. Director Comey has stated that the FBI will lead the way to develop a solution to this reporting issue. In September 2016, the FBI published arrests for seven offense categories within Crime in the United States (CIUS): Federal Crime Data 2015. The seven offense categories were Bank Robbery, Child Exploitation, Criminal Cyber Intrusion, Hate Crime, Health Care Fraud, Human Trafficking, and Securities Fraud. The FBI will publish all applicable categories in the CIUS: Federal Crime Data 2016 publication during September 2017. Mapping of U.S. statutes to UCR offenses is currently underway to ensure all applicable NIBRS offenses can be reported. Additionally, the FBI has developed a reporting strategy to capture incident-level data and is working toward implementation. DOJ and Other Federal Agency Reporting (Prong 4) The FBI is encouraging the DOJ entities, as well as other federal agencies, to begin reporting their federal crime data as mandated by the UFCRA. The FBI has identified federal agencies that should be reporting to the UCR Program and is actively seeking commitments for participation from the identified DOJ and other federal agencies. Once commitments are received from these agencies, readiness assessments are conducted to determine reporting capabilities and timeliness. The Department of Defense completed its NIBRS certification in August 2016 and is the first federal agency to certify to the NIBRS. Additionally, the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) submitted arrest counts on all arson and explosive investigations that occurred during 2015 to be provided for the first time in CIUS: Federal Crime Data 2015. Currently, the following federal agencies are working toward compliance of the UFCRA of 1988: the Drug Enforcement Agency, the Department of Homeland Security, the Department of Interior (DOI), the Department of State, the Federal

UCR Issue #5, Page 6 APB Item #12, Page 14

Protective Service (FPS), the United States Marshals Service, the United States Department of Veteran’s Administration (VA), and the United States Postal Service. Furthermore, the ATF, DOI, FPS, and VA are actively working toward incident-based reporting. The FBI is willing to assist these agencies with planning and implementation, where necessary, to bridge existing technical gaps. The FBI conducted preliminary assessments of a few agencies to determine how their offense categories are categorized. Based on a tentative mapping and review of the existing UCR Offense Codes to U.S. Code provisions, it was determined that the federal statutes are not fully being captured in the existing UCR Offense Codes. This limited mapping is a result of the NIBRS being a local and state-centric crime reporting platform. Therefore, the current UCR Offense Codes do not encapsulate all federal statutes. For instance, the UCR Offense Codes are not granular enough to achieve full transparency for reporting. For example, Bombing of Places of Public Use and Use of Weapons of Mass Destruction are mapped to the UCR Offense of Weapon Law Violations. This mapping does not adequately represent the severity of these crimes. Additionally, offenses such as Civil Rights, Perjury, and Racketeering currently do not exist in the UCR Offense Codes and would need to be available in order to more accurately depict federal reporting. Furthermore, the U.S. Codes for Concealing a Person from Arrest, Concealing Escaped Prisoner, and Flight to Avoid Prosecution or giving Testimony are all currently mapped to All Other Offenses, which is a non-specific Group B Offense Code used to designate less serious crimes. Other offense code mapping issues will likely be discovered as the CDM Team assists other federal agencies pursue compliance with the UFCRA of 1988. Without expanding the current UCR Offense Codes to include categories that encapsulate applicable federal statutes, the reporting of the offenses cannot be fully realized and true reporting transparency will not be achievable. In essence, the granular detail that the NIBRS is intended to provide is lost without more suitable offense categories that clearly represent and reflect the types of crimes that federal agencies investigate. Technical Efforts (Prong 5) The FBI CJIS Division Crime Statistics Management Unit has partnered with the General Services Administration Technology Transformation Service 18F Group to develop a CDE. The CDE is a part of the New UCR Project that is designed to provide timely access to crime data reported to the National Program. The CDE will be developed and implemented within the cloud environment through alignment with the FBI Support Services Transformation Office. The CDE provides direct access to UCR data to a variety of customers via a web-based application. This project is the implementation of Director Comey’s vision to provide timely and accurate crime data to the American public. This will be achieved through the completion of three phases. Phase One of CDE development will allow the FBI to provide the American public on-line access to UCR data in a search/view solution. This initial delivery will include the NIBRS and the SRS. A six-month timeline is expected for search and view capabilities to be complete. Development began September 8, 2016, and will be completed during March 2017.

UCR Issue #5, Page 7 APB Item #12, Page 15

Phase Two will encompass the full concept of the CDE and will examine current and future technologies, as well as a thorough examination of customer needs and preferences. Phase Three is the full CDE development set to begin on or after October 1, 2017.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups.

SPRING 2017 UCR SUBCOMMITTEE ACTION: Update – Data Collection of Use of Force Statistics on All Nonfatal/Fatal Police OfficerInvolved Incidents by Law Enforcement in the Line-of-Duty Motion:

Action:

The Chair of the APB, as a representative of local, state, tribal, and federal law enforcement, will submit a letter to OMB and the Attorney General requesting approval for the implementation of the National Use-of-Force Data Collection. Motion passed.

UCR Issue #5, Page 8 APB Item #12, Page 16

CJIS ADVISORY POLICY BOARD (APB) UNIFORM CRIME REPORTING (UCR) SUBCOMMITTEE CLARKSBURG, WEST VIRGINIA APRIL 27, 2017 STAFF PAPER UCR ISSUE #6 FBI CJIS Division Tribal Engagement Program Update PURPOSE To summarize the recent activities and initiatives of the FBI CJIS Division’s Tribal Engagement Program. POINT OF CONTACT Law Enforcement Support Section (LESS), Partner Relations and Outreach Unit (PROU), Tribal Engagement Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEES The Subcommittees are requested to review the information provided in this paper and provide appropriate comments. BACKGROUND In December 2011, the FBI CJIS Division’s Assistant Director identified the LESS Chief as the FBI CJIS Division’s Executive Tribal Liaison. Quickly following this designation, the FBI CJIS Division identified a tribal point of contact for each program. The goal of the Internal CJIS Tribal Working Group was to maintain consistency and provide a liaison to Indian Country on connectivity issues, policy compliance, and program awareness. After the establishment of an FBI CJIS Division Executive Tribal Liaison and program points of contact for each FBI CJIS Division program, the Advisory Policy Board’s (APB) Executive Committee established a Tribal Task Force (TTF) in June 2012. The TTF was formed with the following mission: To enhance officer and public safety by improving local, state, tribal, territorial, and federal participation in the FBI CJIS Division systems. The Task Force will review all relevant issues that may prevent or discourage tribal law enforcement agencies from entering records/data into FBI CJIS Division systems and make recommendations that will address those issues. UCR Issue #6, Page 1 APB Item #12, Page 17

The TTF is chaired by Mr. William J. Denke, Sycuan Tribal Police Department. In addition, the TTF is comprised of three tribal members: Mr. Francis E. Bradley, Sr., Hualapai Nation Police Department; Mr. Carlos Echevarria, Tulalip Tribal Police Department; and Mr. Scott Desjadon, Yavapai Prescott Tribal Police Department. The task force also includes four state/local members: Mr. Edward Bonner, Sheriff of Placer County, California; Ms. Dawn Peck, Idaho State Police; Mr. Gene Thaxton, Oklahoma Department of Public Safety; and Mr. Brian Wallace, Marion County Sheriff’s Office, Oregon. In addition, the TTF includes federal representatives from the following agencies: Mr. Jason O’Neal of the Bureau of Indian Affairs (BIA), Office of Justice Services; Ms. Marcia Good of the Department of Justice (DOJ), Office of Tribal Justice (OTJ); Mr. Gregory D. Adams of the FBI’s Indian Country Crimes Unit; and Mr. Christopher A. Nicholas as the FBI CJIS Division’s Executive Tribal Liaison. In March 2015, a full time Tribal Liaison Team (TLT) was established within the CJIS Division’s PROU. Today, there are three dedicated staff members that liaise with tribal partners, represent the FBI CJIS Division at various Indian Country training events, coordinate FBI CJIS Division Tribal conferences, conduct on-site tribal visits, and collaborate with federal partners on various tribal programs. The following summary on the FBI CJIS Division’s Tribal Engagement Program is provided for your information. Task Force Meeting Summary The most recent TTF meeting was held on December 8, 2016, in Phoenix, Arizona. The agenda for the meeting consisted of the following topics: membership; Uniform Crime Reporting (UCR) transition to National Incident-Based Reporting System (NIBRS) and Use of Force data collection; dispositions; DOJ Tribal Access Program (TAP) update; 2016 conference highlights; Tribal contact lists; Arizona proposed National Sex Offender Registry (NSOR) message key for tribes; and an open discussion. All task force members were in attendance with the exception of Mr. Bonner, Mr. Echevarria, Ms. Good, and Mr. Adams. Ms. Good was represented by proxy Mr. Josh Ederheimer. Members discussed the importance of active participation on the task force and recommended that the membership be reviewed. As a result of a previous TTF recommendation, Mr. Scott Desjadon was added as the newest tribal member and Mr. Timothy Chung was the invited CJIS Systems Officer (CSO) from Arizona. Uniform Crime Reporting During the Fall 2015 APB meeting, the Board passed a motion that requires the FBI UCR Program to transition to a NIBRS only data collection by January 1, 2021, by all local, state, tribal, and federal agencies. In support of this recommendation, task force members discussed requirements on tribal jurisdictions to submit through the BIA and its transition to NIBRS. Currently, tribes are submitting crime statistics directly to the FBI, through a state, and/or through the BIA. Today the BIA accepts and submits data to the FBI in summary format and is currently in the process of reworking its data collection process to accomplish NIBRS UCR Issue #6, Page 2 APB Item #12, Page 18

submissions. The BIA continues its development and deployment of the necessary tools for compliance for its agencies under its service jurisdiction, to include tribal law enforcement agencies. During the December meeting, the TTF reviewed a roadmap explaining the reporting process and pathways and provided comments back to the FBI CJIS Division staff. The FBI CJIS Division will draft a unified message about information sharing that will accompany the Transition to NIBRS and Use of Force documents and will be distributed detailing the reporting process, available submission methods, and the importance of participation. The BIA and the FBI CJIS Division are collaborating on a method that will provide tribal agencies with a more robust and streamlined method to report to NIBRS by the transition deadline. It was also identified that the tribal jurisdictions may report directly via the FBI CJIS Division’s portal for use of force data collection. Dispositions As a result of the June TTF meeting, the FBI CJIS Division staff drafted correspondence/brochures on the arrest and disposition processes; created a mechanism to identify disposition rates in Indian Country; and included the Best Practice Guide to dispositions on the CJIS Tribal Outreach Special Interest Group (SIG). During the December meeting, the TTF reviewed and provided comments back to the FBI CJIS Division staff on the arrest and disposition documents. However, it was suggested by the FBI CJIS Division staff that they revise the provided documents into a more in-depth booklet for tribal agencies. The FBI CJIS Division is currently in the process of creating a bound booklet that will detail the importance of reporting arrests and dispositions, the impact of participation, case study representation, grant funding opportunities, and methods of submissions. The booklet will also be accompanied by a unified message on the importance of information sharing, tentatively scheduled for availability in spring 2017. In addition, after feedback from the task force members, the FBI CJIS Division will be revising draft disposition dashboards that will be available for all tribal criminal justice agencies. After an in-depth discussion regarding the importance of understanding the benefits of submitting dispositions, it was identified that education on the initial submission of the arrest fingerprint to the FBI must also be done. It was agreed that tribal jurisdictions may benefit from a visual pathway identifying the process flow from the initial arrest of the subject to the final disposition. Other Task Force Business Tribal Contact List During the December meeting, task force members provided suggestions to the FBI CJIS Division staff on the recommended methods for providing information to, or requesting

UCR Issue #6, Page 3 APB Item #12, Page 19

information from, tribal members and/or agencies. The FBI CJIS Division will work with the OTJ to identify various tribal organizations for future correspondence with tribal entities. DOJ TAP The DOJ has established the TAP to provide tribes access to national crime information databases for both civil and criminal purposes. The DOJ will serve as the CJIS Systems Agency for selected federally recognized tribes. The DOJ will provide a workstation with capabilities to process finger and palm prints, take mugshots, and submit records to national databases, as well as the ability to access the FBI CJIS Division systems for criminal and civil purposes through the DOJ. Since the last APB meeting, the DOJ deployed TAP workstations to four additional tribes to include one tribe from Washington State, the Tulalip Tribe (June 22, 2016), and three tribes from Arizona: the White Mountain Apache Tribe (July 14, 2016), the Pascua Yaqui Tribe (August 23, 2016), and the Gila River Tribe (August 4, 2016). For fiscal year (FY) 2016, a total of 9 TAP tribes received their workstations and training. For FY2017, the DOJ TAP selected 11 additional tribes to receive workstations that will allow access to FBI CJIS Division services, such as the National Crime Information Center (NCIC) and the Next Generation Identification (NGI). The DOJ conducted outreach to potential tribes and accepted expression of interest letters from tribes through December 2, 2016, at which time 54 tribes officially expressed interest in the TAP. The DOJ collaborated with the OTJ; Office of Community Oriented Policing Services; the Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking (SMART); and the FBI CJIS Division on the interested tribes. The notification of the selected tribes was on December 16, 2016. The DOJ provided education to the points of contact from the selected tribes regarding the onboarding and vetting process from December 19, 2016 through January 5, 2017. The deployment of TAP workstations is tentatively scheduled for May 9 through September 29, 2017. For additional information on the DOJ TAP, please contact . CJIS Tribal Outreach As a result of the first tribal and state collaboration event sponsored by the FBI CJIS Division in August 2015 in Tulsa, Oklahoma, the FBI will host multiple regional conferences in upcoming fiscal years. Once again, tribal, state, and federal partners will come together to educate each other on the needs in Indian Country, the benefits of using national information sharing systems, and the importance of establishing partnerships to promote officer and public safety. The PROU TLT held its first regional conference in Phoenix, Arizona, on November 29-30, 2016. The FBI CJIS Division invited representatives from approximately 111 federally recognized tribes, the DOJ CSO, and seven CSOs representing those tribes geographically located within Arizona, Utah, Colorado, New Mexico, Washington, Oregon, and Nevada. Program overviews were provided on all FBI CJIS Division services, as well as topic-specific workshops. The objective of the tribal conference was to educate attendees on the FBI CJIS UCR Issue #6, Page 4 APB Item #12, Page 20

Division services, to improve the understanding of tribal needs, and to identify specific issues regarding tribal participation in FBI CJIS Division systems and services. On December 1, 2016, the FBI CJIS Division staff completed an on-site visit at the Salt River Pima Maricopa Indian Community Police Department with Chief Karl Auerbach and department staff. The PROU TLT learned about their daily operations, technical capabilities, outreach, and training opportunities. The FBI CJIS Division staff was invited by Chief Bradley of the Hualapai Nation Police Department to address the Hualapai Council on December 3, 2016. The staff used this opportunity to highlight the public safety and officer safety importance of information sharing among all authorized tribal agencies. The FBI CJIS Division staff expressed appreciation for the collaboration that occurs between Chief Bradley and the FBI CJIS Division staff regarding tribal initiatives and information-sharing opportunities. Collaboration On November 17, 2016, the FBI CJIS Division hosted a meeting with the DOJ SMART Office personnel at the FBI CJIS Division main complex and the Biometric Technology Center. The SMART Director and four policy advisors met with FBI CJIS Division staff from NCIC, NGI, and the CJIS Audit Unit to discuss overlapping tribal initiatives. The teams discussed how they could partner and/or support each other’s efforts as both provide assistance and guidance to tribal partners. The following information summarizes the SMART Office’s Quality Assurance legislative mandate. The SMART Office is responsible for providing jurisdictions with guidance regarding the implementation of requirements mandated by Title I of the Adam Walsh Child Protection and Safety Act (Adam Walsh Act) of 2006, and providing technical assistance to states, territories, Indian tribes, local governments, as well as public and private organizations. As directed, the SMART Office is also responsible for administering the standards for the Sex Offender Registration and Notification Act (SORNA), to ensure jurisdictions have substantially implemented all requirements in order to receive grant funding. The SMART Office has been in contact with the FBI CJIS Division PROU, Criminal Justice Information Law Unit, and the NCIC Operations and Policy Unit, to discuss the SMART Office’s responsibility to ensure tribal agencies are substantially implementing SORNA requirements. In order to determine if approximately 160 tribal agencies have substantially implemented SORNA, the SMART Office is working with FBI CJIS Division staff to ensure tribal jurisdictions are entering sex offender registrants into the NCIC NSOR as indicated rather than accepting declarations of compliance at face value. The SORNA established the SMART Office as the federal agency responsible for implementing SORNA in state and tribal jurisdictions. As such, the SMART Office has the responsibility to “administer the standards for the sex offender registration and notification program set forth in UCR Issue #6, Page 5 APB Item #12, Page 21

[the] Act.” 42 U.S.C. § 16945 (c)(1). In order to meet this Congressional mandate, the SMART Office must be able to determine whether entries in the NCIC NSOR accurately correspond to entries in the National Sex Offender Public Website. To this end, and pursuant to the recommendation of the FBI Office of the General Counsel, the SMART Office will receive an extract of the NCIC NSOR. The TTF reports on the FBI CJIS Division services and issues specific to Indian Country and provides suggestions on improving tribal access and use of FBI CJIS Division services. The TTF reports to the Executive Committee of the APB. Recommendations of the TTF are vetted and forwarded to the CJIS APB through the Executive Committee. For additional information on the FBI CJIS Division Tribal Engagement Program, please contact or visit the CJIS Tribal Outreach SIG on the LEEP.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups. SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by all six subcommittees. (IS, NCIC, NICS, N-DEx, SA and UCR). .

UCR Issue #6, Page 6 APB Item #12, Page 22

CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) ADVISORY POLICY BOARD (APB) JACKSONVILLE, FL JUNE 7-8, 2017 STAFF PAPER APB ITEM #16 Chairman's Report on the Security and Access (SA) Subcommittee SA ISSUE #1* Emergency Communications Centers & Management Control Agreements SA ISSUE #2** Information Security Officer Program Update SA ISSUE #3** Fiscal Year 2016 Audit Results Summary SA ISSUE #4 (For S&A Information Only) CJIS Division Tribal Engagement Program Update SA ISSUE #5 (For S&A Information Only) Approach for the National Instant Criminal Background Check System to Query the National Data Exchange System as a Secondary Resource SA ISSUE #6* Task Force Updates SA ISSUE #7 CJIS Systems Officer Delegation Authorization of Personnel Screening Requirement for Contractors and Vendors SA ISSUE #8 (For S&A Information Only) CJIS Security Policy Requirements Companion Document – Agency Responsibility by Cloud Model SA ISSUE #9 Security of Criminal Justice Information Stored in Offshore Cloud Computing Facilities SA ISSUE #10 Collection and Use of Metadata by Cloud Service Providers *No staff paper ** Delivered with the information only staff papers

APB Item #16, Page 1

SA ISSUE #11* NCIC 3rd Generation Project Overview SA ISSUE #12* Courts Task Force

Ad Hoc ISSUEs* 1. MDM and Compensating Controls 2. Background Check Process for Non-US Citizens 3. CJIS Security Policy, Section 5.12

*No staff paper

APB Item #16, Page 2

CJIS ADVISORY POLICY BOARD (APB) SECURITY AND ACCESS (SA) SUBCOMMITTEE CLARKSBURG, WV APRIL 27, 2017 STAFF PAPER SA ISSUE #4 FBI CJIS Division Tribal Engagement Program Update PURPOSE To summarize the recent activities and initiatives of the FBI CJIS Division’s Tribal Engagement Program. POINT OF CONTACT Law Enforcement Support Section (LESS), Partner Relations and Outreach Unit (PROU), Tribal Engagement Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEES The Subcommittees are requested to review the information provided in this paper and provide appropriate comments. BACKGROUND In December 2011, the FBI CJIS Division’s Assistant Director identified the LESS Chief as the FBI CJIS Division’s Executive Tribal Liaison. Quickly following this designation, the FBI CJIS Division identified a tribal point of contact for each program. The goal of the Internal CJIS Tribal Working Group was to maintain consistency and provide a liaison to Indian Country on connectivity issues, policy compliance, and program awareness. After the establishment of an FBI CJIS Division Executive Tribal Liaison and program points of contact for each FBI CJIS Division program, the Advisory Policy Board’s (APB) Executive Committee established a Tribal Task Force (TTF) in June 2012. The TTF was formed with the following mission: To enhance officer and public safety by improving local, state, tribal, territorial, and federal participation in the FBI CJIS Division systems. The Task Force will review all relevant issues that may prevent or discourage tribal law enforcement agencies from entering records/data into FBI CJIS Division systems and make recommendations that will address those issues. SA Issue #4, Page 1 APB Item #16, Page 3

The TTF is chaired by Mr. William J. Denke, Sycuan Tribal Police Department. In addition, the TTF is comprised of three tribal members: Mr. Francis E. Bradley, Sr., Hualapai Nation Police Department; Mr. Carlos Echevarria, Tulalip Tribal Police Department; and Mr. Scott Desjadon, Yavapai Prescott Tribal Police Department. The task force also includes four state/local members: Mr. Edward Bonner, Sheriff of Placer County, California; Ms. Dawn Peck, Idaho State Police; Mr. Gene Thaxton, Oklahoma Department of Public Safety; and Mr. Brian Wallace, Marion County Sheriff’s Office, Oregon. In addition, the TTF includes federal representatives from the following agencies: Mr. Jason O’Neal of the Bureau of Indian Affairs (BIA), Office of Justice Services; Ms. Marcia Good of the Department of Justice (DOJ), Office of Tribal Justice (OTJ); Mr. Gregory D. Adams of the FBI’s Indian Country Crimes Unit; and Mr. Christopher A. Nicholas as the FBI CJIS Division’s Executive Tribal Liaison. In March 2015, a full time Tribal Liaison Team (TLT) was established within the CJIS Division’s PROU. Today, there are three dedicated staff members that liaise with tribal partners, represent the FBI CJIS Division at various Indian Country training events, coordinate FBI CJIS Division Tribal conferences, conduct on-site tribal visits, and collaborate with federal partners on various tribal programs. The following summary on the FBI CJIS Division’s Tribal Engagement Program is provided for your information. Task Force Meeting Summary The most recent TTF meeting was held on December 8, 2016, in Phoenix, Arizona. The agenda for the meeting consisted of the following topics: membership; Uniform Crime Reporting (UCR) transition to National Incident-Based Reporting System (NIBRS) and Use of Force data collection; dispositions; DOJ Tribal Access Program (TAP) update; 2016 conference highlights; Tribal contact lists; Arizona proposed National Sex Offender Registry (NSOR) message key for tribes; and an open discussion. All task force members were in attendance with the exception of Mr. Bonner, Mr. Echevarria, Ms. Good, and Mr. Adams. Ms. Good was represented by proxy Mr. Josh Ederheimer. Members discussed the importance of active participation on the task force and recommended that the membership be reviewed. As a result of a previous TTF recommendation, Mr. Scott Desjadon was added as the newest tribal member and Mr. Timothy Chung was the invited CJIS Systems Officer (CSO) from Arizona. Uniform Crime Reporting During the Fall 2015 APB meeting, the Board passed a motion that requires the FBI UCR Program to transition to a NIBRS only data collection by January 1, 2021, by all local, state, tribal, and federal agencies. In support of this recommendation, task force members discussed requirements on tribal jurisdictions to submit through the BIA and its transition to NIBRS. Currently, tribes are submitting crime statistics directly to the FBI, through a state, and/or through the BIA. Today the BIA accepts and submits data to the FBI in summary format and is currently in the process of reworking its data collection process to accomplish NIBRS SA Issue #4, Page 2 APB Item #16, Page 4

submissions. The BIA continues its development and deployment of the necessary tools for compliance for its agencies under its service jurisdiction, to include tribal law enforcement agencies. During the December meeting, the TTF reviewed a roadmap explaining the reporting process and pathways and provided comments back to the FBI CJIS Division staff. The FBI CJIS Division will draft a unified message about information sharing that will accompany the Transition to NIBRS and Use of Force documents and will be distributed detailing the reporting process, available submission methods, and the importance of participation. The BIA and the FBI CJIS Division are collaborating on a method that will provide tribal agencies with a more robust and streamlined method to report to NIBRS by the transition deadline. It was also identified that the tribal jurisdictions may report directly via the FBI CJIS Division’s portal for use of force data collection. Dispositions As a result of the June TTF meeting, the FBI CJIS Division staff drafted correspondence/brochures on the arrest and disposition processes; created a mechanism to identify disposition rates in Indian Country; and included the Best Practice Guide to dispositions on the CJIS Tribal Outreach Special Interest Group (SIG). During the December meeting, the TTF reviewed and provided comments back to the FBI CJIS Division staff on the arrest and disposition documents. However, it was suggested by the FBI CJIS Division staff that they revise the provided documents into a more in-depth booklet for tribal agencies. The FBI CJIS Division is currently in the process of creating a bound booklet that will detail the importance of reporting arrests and dispositions, the impact of participation, case study representation, grant funding opportunities, and methods of submissions. The booklet will also be accompanied by a unified message on the importance of information sharing, tentatively scheduled for availability in spring 2017. In addition, after feedback from the task force members, the FBI CJIS Division will be revising draft disposition dashboards that will be available for all tribal criminal justice agencies. After an in-depth discussion regarding the importance of understanding the benefits of submitting dispositions, it was identified that education on the initial submission of the arrest fingerprint to the FBI must also be done. It was agreed that tribal jurisdictions may benefit from a visual pathway identifying the process flow from the initial arrest of the subject to the final disposition. Other Task Force Business Tribal Contact List During the December meeting, task force members provided suggestions to the FBI CJIS Division staff on the recommended methods for providing information to, or requesting

SA Issue #4, Page 3 APB Item #16, Page 5

information from, tribal members and/or agencies. The FBI CJIS Division will work with the OTJ to identify various tribal organizations for future correspondence with tribal entities. DOJ TAP The DOJ has established the TAP to provide tribes access to national crime information databases for both civil and criminal purposes. The DOJ will serve as the CJIS Systems Agency for selected federally recognized tribes. The DOJ will provide a workstation with capabilities to process finger and palm prints, take mugshots, and submit records to national databases, as well as the ability to access the FBI CJIS Division systems for criminal and civil purposes through the DOJ. Since the last APB meeting, the DOJ deployed TAP workstations to four additional tribes to include one tribe from Washington State, the Tulalip Tribe (June 22, 2016), and three tribes from Arizona: the White Mountain Apache Tribe (July 14, 2016), the Pascua Yaqui Tribe (August 23, 2016), and the Gila River Tribe (August 4, 2016). For fiscal year (FY) 2016, a total of 9 TAP tribes received their workstations and training. For FY2017, the DOJ TAP selected 11 additional tribes to receive workstations that will allow access to FBI CJIS Division services, such as the National Crime Information Center (NCIC) and the Next Generation Identification (NGI). The DOJ conducted outreach to potential tribes and accepted expression of interest letters from tribes through December 2, 2016, at which time 54 tribes officially expressed interest in the TAP. The DOJ collaborated with the OTJ; Office of Community Oriented Policing Services; the Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking (SMART); and the FBI CJIS Division on the interested tribes. The notification of the selected tribes was on December 16, 2016. The DOJ provided education to the points of contact from the selected tribes regarding the onboarding and vetting process from December 19, 2016 through January 5, 2017. The deployment of TAP workstations is tentatively scheduled for May 9 through September 29, 2017. For additional information on the DOJ TAP, please contact . CJIS Tribal Outreach As a result of the first tribal and state collaboration event sponsored by the FBI CJIS Division in August 2015 in Tulsa, Oklahoma, the FBI will host multiple regional conferences in upcoming fiscal years. Once again, tribal, state, and federal partners will come together to educate each other on the needs in Indian Country, the benefits of using national information sharing systems, and the importance of establishing partnerships to promote officer and public safety. The PROU TLT held its first regional conference in Phoenix, Arizona, on November 29-30, 2016. The FBI CJIS Division invited representatives from approximately 111 federally recognized tribes, the DOJ CSO, and seven CSOs representing those tribes geographically located within Arizona, Utah, Colorado, New Mexico, Washington, Oregon, and Nevada. Program overviews were provided on all FBI CJIS Division services, as well as topic-specific workshops. The objective of the tribal conference was to educate attendees on the FBI CJIS SA Issue #4, Page 4 APB Item #16, Page 6

Division services, to improve the understanding of tribal needs, and to identify specific issues regarding tribal participation in FBI CJIS Division systems and services. On December 1, 2016, the FBI CJIS Division staff completed an on-site visit at the Salt River Pima Maricopa Indian Community Police Department with Chief Karl Auerbach and department staff. The PROU TLT learned about their daily operations, technical capabilities, outreach, and training opportunities. The FBI CJIS Division staff was invited by Chief Bradley of the Hualapai Nation Police Department to address the Hualapai Council on December 3, 2016. The staff used this opportunity to highlight the public safety and officer safety importance of information sharing among all authorized tribal agencies. The FBI CJIS Division staff expressed appreciation for the collaboration that occurs between Chief Bradley and the FBI CJIS Division staff regarding tribal initiatives and information-sharing opportunities. Collaboration On November 17, 2016, the FBI CJIS Division hosted a meeting with the DOJ SMART Office personnel at the FBI CJIS Division main complex and the Biometric Technology Center. The SMART Director and four policy advisors met with FBI CJIS Division staff from NCIC, NGI, and the CJIS Audit Unit to discuss overlapping tribal initiatives. The teams discussed how they could partner and/or support each other’s efforts as both provide assistance and guidance to tribal partners. The following information summarizes the SMART Office’s Quality Assurance legislative mandate. The SMART Office is responsible for providing jurisdictions with guidance regarding the implementation of requirements mandated by Title I of the Adam Walsh Child Protection and Safety Act (Adam Walsh Act) of 2006, and providing technical assistance to states, territories, Indian tribes, local governments, as well as public and private organizations. As directed, the SMART Office is also responsible for administering the standards for the Sex Offender Registration and Notification Act (SORNA), to ensure jurisdictions have substantially implemented all requirements in order to receive grant funding. The SMART Office has been in contact with the FBI CJIS Division PROU, Criminal Justice Information Law Unit, and the NCIC Operations and Policy Unit, to discuss the SMART Office’s responsibility to ensure tribal agencies are substantially implementing SORNA requirements. In order to determine if approximately 160 tribal agencies have substantially implemented SORNA, the SMART Office is working with FBI CJIS Division staff to ensure tribal jurisdictions are entering sex offender registrants into the NCIC NSOR as indicated rather than accepting declarations of compliance at face value. The SORNA established the SMART Office as the federal agency responsible for implementing SORNA in state and tribal jurisdictions. As such, the SMART Office has the responsibility to “administer the standards for the sex offender registration and notification program set forth in SA Issue #4, Page 5 APB Item #16, Page 7

[the] Act.” 42 U.S.C. § 16945 (c)(1). In order to meet this Congressional mandate, the SMART Office must be able to determine whether entries in the NCIC NSOR accurately correspond to entries in the National Sex Offender Public Website. To this end, and pursuant to the recommendation of the FBI Office of the General Counsel, the SMART Office will receive an extract of the NCIC NSOR. The TTF reports on the FBI CJIS Division services and issues specific to Indian Country and provides suggestions on improving tribal access and use of FBI CJIS Division services. The TTF reports to the Executive Committee of the APB. Recommendations of the TTF are vetted and forwarded to the CJIS APB through the Executive Committee. For additional information on the FBI CJIS Division Tribal Engagement Program, please contact or visit the CJIS Tribal Outreach SIG on the LEEP.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups. SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by the SA, NCIC, UCR and Subcommittees. SPRING 2017 SUBCOMMITTEE ACTIONS: This topic was accepted as information only by all six subcommittees. (IS, NCIC, NICS, N-DEx, SA and UCR).

SA Issue #4, Page 6 APB Item #16, Page 8

CJIS ADVISORY POLICY BOARD (APB) SECURITY AND ACCESS (SA) SUBCOMMITTEE CLARKSBURG, WV APRIL 27, 2017 STAFF PAPER

SA ISSUE #5 Approach for the National Instant Criminal Background Check System (NICS) to Query the National Data Exchange (N-DEx) System as a Secondary Resource PURPOSE To request the endorsement of the proposed additions to the N-DEx Policy and Operating Manual to account for the permanent expansion of the NICS to query the N-DEx System as a secondary resource. POINT OF CONTACT NICS Section, NICS Business Unit Law Enforcement Support Section, N-DEx Program Office Questions regarding this topic should be directed to REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information included in this paper and provide appropriate comments, suggestions, and recommendations regarding the proposed approach, specifically the proposed N-DEx Policy and Operating Manual language, for the permanent expansion of the NICS to query the N-DEx System. BACKGROUND The Brady Handgun Violence Prevention Act of 1993 (Brady Act) required the United States Attorney General to establish the NICS for Federal Firearms Licensees (FFL) to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: 

Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.”

SA Issue #5, Page 1 APB Item #16, Page 9



Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.”



Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.”

A NICS background check is conducted based on the subject’s name and descriptive data to identify any matching records in the national databases comprising the NICS. Currently, the databases searched as a primary resource include the Interstate Identification Index (III), the National Crime Information Center (NCIC), and the NICS Index. During the NICS background check, if the NICS returns to the user a hit based on the data provided, the transaction is reviewed to determine if a valid match has occurred and if a prohibiting record exists. If the transaction has been reviewed and it is determined that a valid match exists based on the descriptive data, the NICS Section will review secondary resources such as the Disposition Document File (DDF), the Voluntary Appeal File Database, the ATF Relief of Disabilities Database, and state websites as necessary. This would be considered a secondary search after a potential prohibition has been determined. In addition, if the prospective buyer is a non-U.S. citizen, the FBI Criminal Justice Information Services (CJIS) Division’s NICS Section submits an Immigration Alien Query to the Department of Homeland Security’s U.S. Immigration and Customs Enforcement. When conducting research for a potentially disqualifying offense, the NICS Legal Instruments Examiner may need to contact external entities. The process of contacting the agency and receiving the response can be a lengthy process. If the information needed to make a final determination cannot be obtained within the three-business-day expiration, and the NICS Section is unable to provide a proceed or deny response, it is at the discretion of the FFL whether to transfer the firearm. This creates a potential threat to both public and officer safety. The N-DEx System is a national investigative information-sharing system which contains records that span the criminal justice lifecycle, and includes information related to incident/case reports, arrests, missing persons’ reports, service calls, booking and incarceration reports, pretrial, probation and parole reports, warrants, citations/tickets, and field contacts/interviews. The N-DEx System was developed and is managed by the FBI CJIS Division and is provided to local, state, tribal, and federal criminal justice agencies. The N-DEx System’s information promotes public safety from the initial contact to the supervision of an individual reintegrated into the community. In a collaborative effort between the NICS Section and the N-DEx Program Office (PO), along with support from the CJIS Division Advisory Policy Board (APB) Executive Committee members, a pilot project was facilitated to expand the background check for the NICS Section to include a query of the N-DEx System. The purpose of the pilot was to determine whether the information in the N-DEx System would lead to more timely or additional determinations as to

SA Issue #5, Page 2 APB Item #16, Page 10

whether an individual was prohibited from purchasing a firearm, as well as those individuals eligible to possess and receive firearms. At the conclusion of the pilot, it was determined the data provided to the NICS Section from the N-DEx System was valuable in providing information prior to the third business day and would be beneficial to add as a permanent expansion to the NICS background check process as a secondary resource. These findings were supported by the APB’s decision at its Fall 2016 Meeting where it motioned “The N-DEx System will be a secondary search within the NICS background check process and the information will be treated as other secondary sources.” DISCUSSION AND ANALYSIS The NICS Section and the N-DEx PO have partnered to formulate and identify the key success factors to implement the ability for the NICS to query the N-DEx System as a secondary resource. A high-level synopsis of those required changes necessary for the permanent implementation are provided below: Technical Focus Area As a secondary resource, the NICS will only search the N-DEx System if a potential prohibition is found from one of the three national databases (NCIC, III, and NICS Index) searched by the NICS. The N-DEx System information will be provided to the NICS Section via the NICS. The state entities conducting a background check, in accordance with the permissible uses of the NICS, may be provided the information either via the NICS State Information Sharing Initiative (SISI) or via logging into the N-DEx System. With the secondary search, the states are not mandated to query the N-DEx System for the additional information. However, if a state elects to obtain the N-DEx System information via the NICS, they would need to opt in to the SISI. When the user submits a query of the NICS record with the extended search options, all data is returned via the existing NCIC message interface. The exception to this is the DDF image data, which is binary in nature and cannot be made available for download via a Web server hosted on the CJIS Division Wide Area Network. Instruction and guidelines for SISI will be provided on the Interface Control Document via the Law Enforcement Enterprise Portal (LEEP). If a user chooses to obtain the N-DEx System information via the SISI, the N-DEx System will perform two simultaneous searches after it receives a query, the Use Code “F”, and Search Reason from the NICS. The N-DEx System searches all of the person entities and records within the N-DEx System. A query of the N-DEx System via the NICS would return potential person entity matches and records, according to the user’s search criteria. The user would review the person entities and records to determine if they are matches to their initial query. Once a match is determined, the user would open the N-DEx System records to review the information. All searches to the N-DEx System would meet or exceed current NICS performance requirements. If a user wants to search the N-DEx System directly, they will need to log in via their identity provider and be granted Use Code “F” search privileges by the CJIS Systems Officer (CSO). SA Issue #5, Page 3 APB Item #16, Page 11

This will require the CSO, in his or her role as N-DEx administrator, to access the N-DEx System and provide the user with Use Code “F” search privileges via the N-DEx user management tools. Once completed, the user will be able to log into the N-DEx System, select the NICS-related Checks Use Code “F,” insert their search reason, and then conduct their search request. Audit Focus Area The NICS Section and the N-DEx PO collaborated with the CJIS Audit Unit (CAU) and were provided preliminary guidance on the audit requirement for the permanent expansion of the NICS, to include the N-DEx System. All users who access the N-DEx System as a secondary resource (through the NICS or directly) will be subject to N-DEx System audits. However, due to the N-DEx System being accessed as a secondary resource, there will be no impact to the NICS audit. The N-DEx System audit is a policy-based audit, conducted via teleconference, which assesses agencies’ users, to include their system access and data usage, according to the CJIS Security Policy and the N-DEx Policy and Operating Manual. The N-DEx PO, through a partnership with the CAU, has developed tools, such as the N-DEx Audit Best Practices document and standardized questions) to support CSOs and agencies with their N-DEx System audit. Additionally, the N-DEx PO will provide the NICS Section with policy compliance information to incorporate into the NICS Section training. Training/Outreach Focus Area The NICS Section has provided training modules for all of the federal prohibitions and necessary criteria via the LEEP. Additionally, the NICS Section will provide training modules to the state entities on LEEP to include screen shots of the N-DEx System’s data as provided via the NICS. The NICS Section will modify their standard operating procedures to provide instructions and navigation steps to obtain the N-DEx System’s data via a query of the secondary databases. The NICS Section will conduct a teleconference with the ATF to provide awareness of the new search capability and the potential of an increase in their workload. In addition, the NICS Section will conduct a teleconference with the state NICS users. The N-DEx PO has developed and provided its user community with multiple resources to further their understanding of the N-DEx System and policies. These resources include, but are not limited to: computer-based training modules, video tutorials, quick reference cards, and policy and reference manuals. The resources will be made available to all NICS users and are currently available on the N-DEx System or by contacting the N-DEx PO. In addition to assisting with outreach to the NICS users, the N-DEx PO will contact all of the N-DEx System record-owning agencies to discuss with them, answer questions, and identify their sharing rules (i.e., Green or Red) for the permanent implementation of Use Code “F.”

SA Issue #5, Page 4 APB Item #16, Page 12

Legal and Privacy Focus Area The NICS Section and the N-DEx PO have already begun taking the necessary steps to update their legal and privacy documentation to include the Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIA) and System of Records Notices (SORN). The FBI’s Office of the General Counsel (OGC) has opined that a change to the current NICS regulation will not be necessary for a query of the N-DEx System as a secondary resource. The NICS Section is preparing a PTA to provide information relating to the connectivity between the NICS and the N-DEx System. The NICS Section is updating the PIA to indicate the N-DEx System will be leveraged for NICS background checks as a secondary resource. The NICS Section is preparing the SORN to ensure all information is accurate to NICS practices. Similar to the NICS Section, the N-DEx PO’s PTA is being updated to document the required changes for the permanent implementation of the N-DEx System as a secondary resource for the NICS. The N-DEx PO, in collaboration with the OGC, is also updating its PIA and SORN to incorporate all of the necessary information regarding the utilization of the N-DEx System by the NICS as a secondary resource. Policy Focus Area The NICS Section and the N-DEx PO will continue to adhere to all the existing policies and procedures and meet the NICS purge requirements. However, following a review of the N-DEx Policy and Operating Manual, a need was identified to update the policy manual to account for the permanent expansion of the NICS to query the N-DEx System as a secondary resource. The N-DEx PO recommends the following additions to the N-DEx Policy and Operating Manual. Proposed additions to existing policy are indicated by underline (inserts). 

Revise Policy 1.2.7 to read as follows: “In accordance with the CJIS Security Policy and consistent with 28 C.F.R. Part 20, Subpart A, N-DEx System access is restricted to “criminal justice agencies” and agencies performing the “administration of criminal justice” or “NICS-related checks.”



Add the following policy language under Policy 1.3.4 Acceptable System Use: “National Instant Criminal Background Check System (NICS)-related checks, i.e., to obtain information when conducting a NICS-related background check.”



Add the following policy language under Policy 1.3.6 Use Code: “National Instant Criminal Background Check System (NICS)-related checks Use Code “F”: Must be used when the N-DEx System is utilized to conduct NICS-related background checks.” The NICS-related checks must be made in accordance with the Brady Handgun Violence Prevention Act of 1993 (Brady Act). In addition, the N-DEx System shall purge all Use Code “F” search criteria in adherence with the Consolidated Appropriations Bill, H.R. 2673, as is required by the NICS operating procedures and policies. SA Issue #5, Page 5 APB Item #16, Page 13

The Brady Act required the U.S. Attorney General to establish the NICS for Federal Firearm Licensees to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: o Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.” o Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.” o Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.” Implementation Timeframe The NICS Section and the N-DEx PO are currently sponsoring multiple initiatives in the focus areas discussed earlier to fulfill the required changes necessary for the permanent implementation. The FBI CJIS Division estimates, based on the workload, the concept implementation should take approximately 12-24 months. OPTIONS The Subcommittee is requested to recommend one of the options for the proposed additions to the N-DEx Policy and Operating Manual. Proposed additions to existing policy are indicated by underline (inserts). Option 1—Incorporate the following policies into the N-DEx Policy and Operating Manual: 

Revise Policy 1.2.7 to read as follows: “In accordance with the CJIS Security Policy and consistent with 28 C.F.R. Part 20, Subpart A, N-DEx System access is restricted to “criminal justice agencies” and agencies performing the “administration of criminal justice” or “NICS-related checks.”



Add the following policy language under Policy 1.3.4 Acceptable System Use: “National Instant Criminal Background Check System (NICS)-related checks, i.e., to obtain information when conducting a NICS-related background check.”

SA Issue #5, Page 6 APB Item #16, Page 14



Add the following policy language under Policy 1.3.6 Use Code: “National Instant Criminal Background Check System (NICS)-related checks Use Code “F”: Must be used when the N-DEx System is utilized to conduct NICS-related background checks.” The NICS-related checks must be made in accordance with the Brady Handgun Violence Prevention Act of 1993 (Brady Act). In addition, the N-DEx System shall purge all Use Code “F” search criteria in adherence with the Consolidated Appropriations Bill, H.R. 2673, as is required by the NICS operating procedures and policies. The Brady Act required the U.S. Attorney General to establish the NICS for Federal Firearm Licensees to contact for information to be supplied immediately as to whether the transfer of a firearm to an unlicensed person would violate Section 922 (g) or (n) of Title 18, United States Code, or state law. In addition, NICS background checks may be conducted for the following purposes: o Pursuant to Title 28, Code of Federal Regulations (C.F.R.), Section 25.6 (j)(1), “the NICS may provide information to Federal, state, tribal, or local criminal justice agencies in connection with the issuance of a firearm-related or explosives-related permit or license.” o Title 28 C.F.R. §25.6 (j)(2) “permits the NICS to respond to inquiries by the Bureau of Alcohol, Tobacco, Firearms and Explosives [ATF] in connection with a civil or criminal law enforcement activity relating to the Gun Control Act [of 1968] or the National Firearms Act.” o Title 28 C.F.R. §25.6 (j)(3) “for the disposing of firearms in the possession of Federal, state, tribal, or local criminal justice agencies.”

Option 2—No Change RECOMMENDATION The FBI recommends the proposed additions to the N-DEx Policy and Operating Manual to account for the permanent expansion of the NICS querying the N-DEx System as a secondary resource.

SPRING 2017 WORKING GROUP ACTIONS:

FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried.

SA Issue #5, Page 7 APB Item #16, Page 15

NORTH CENTRAL WORKING GROUP ACTION: Motion 1: To accept Option 1 as outlined in the staff paper. Action: Motion carried. Motion 2: Action:

Identify the process for the ability to tie the original (primary) search to the reason for conducting the secondary search. Motion carried.

NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1 as outlined in the staff paper. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried.

SPRING 2017 SUBCOMMITTEE ACTIONS: SA SUBCOMMITTEE ACTION: Accepted as information only. N-DEx SUBCOMMITTEE ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. NICS SUBCOMMITTEE ACTION: Accepted as information only.

SA Issue #5, Page 8 APB Item #16, Page 16

CJIS ADVISORY POLICY BOARD (APB) SECURITY AND ACCESS (SA) SUBCOMMITTEE CLARKSBURG, WV APRIL 27, 2017 STAFF PAPER SA ISSUE #7 CJIS Systems Officer (CSO) Delegation Authorization of Personnel Screening Requirement for Contractors and Vendors PURPOSE Present recommendation to amend CJIS Security Policy Section 5.12.1.2 to specifically permit the CSO to delegate the authority for reviews conducted on contractors and vendors for access to criminal justice information (CJI). POINT OF CONTACT Information Technology Management Section/CJIS Information Assurance Unit/Information Security Officer Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE Approve one of the options outlined in this topic paper. BACKGROUND The FBI CJIS APB Designated Federal Officer (DFO) received a topic paper submission (attached) from the North Central Working Group requesting a language change in CJIS Security Policy Section 5.12.1.2 Personnel Screening for Contractors and Vendors. The submission requests the Policy be modified to explicitly allow the CSO the ability to delegate their authority for reviews conducted on contractor and vendor applicants with misdemeanor offense(s) requiring access to CJI. DISCUSSION AND ANALYSIS The CSO is responsible for the administration of the CJIS network for the CJIS Systems Agency (CSA) and serves as the focal point and liaison for all CJIS-related matters within the jurisdiction of the CSA. The CSO assumes ultimate responsibility for managing the security of CJIS systems within their state and/or agency, which includes the approval of access to CJI. In some situations, the CJIS Security Policy allows the CSO to delegate certain responsibilities to subordinate agencies or a designee.

SA Issue #7, Page 1 APB Item #16, Page 17

For contractors and vendors requiring access to CJI, felony convictions are automatic disqualifiers; however, the Contracting Government Agency (CGA) can request a suitability review by the CSO for misdemeanor offenses. The CJIS Security Policy currently states the CSO must be the one to make the determination in those cases. The final paragraph in Section 5.12.1.2 states: “Applicants with a record of misdemeanor offense(s) may be granted access if the CSO determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination.” As currently written, the CSO must review the nature of the misdemeanor offenses(s) and determine if access to CJI should be granted. The topic requestor believes the CSO should be authorized to exercise delegation authority in situations where contractors/vendors have misdemeanor offenses and when the CGA requests a review. Felony convictions will remain automatic disqualifiers and a review is not an option. A change allowing the CSO to delegate this particular duty would be in-line with the previous section of the Policy concerning agency employee screenings involving non-felony convictions. In those instances of non-felony convictions, the CSO has the ability to delegate review of findings and access suitability decisions. This includes both initial access and reinvestigations for continued access. OPTIONS Approve one of the following options: 1. Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5.12.1.2 Personnel Screening for Contractors and Vendors Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination. 2. Make no changes to the CJIS Security Policy. RECOMMENDATION The CJIS ISO Program Office recommends option 1. Attachment: 1. FBI CJIS Advisory Process Request for Topic, Walt Neverman, Wisconsin CSO SA Issue #7, Page 2 APB Item #16, Page 18

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1. 1. Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5.12.1.2 Personnel Screening for Contractors and Vendors Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion: To accept Option 1. 1. Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5:12.1.2 Personnel Screening for Contractors and Vendors Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 1. 1. Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5.12.1.2 Personnel Screening for Contractors and Vendors Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1. 1. Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5.12.1.2 Personnel Screening for Contractors and Vendors Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The GSA may request the CSO to review a denial of access determination. Action: Motion carried.

SA Issue #7, Page 3 APB Item #16, Page 19

WESTERN WORKING GROUP ACTION: Motion: To accept Option 1. 1. Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5.12.1.2 Personnel Screening for Contractors and Vendors Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination. Action: Motion carried.

SPRING 2017 SUBCOMMITTEE ACTION: Motion:

To accept Option 1: Modify the CJIS Security Policy as indicated (additions in red italics, deletions in bold strikethrough): 5.12.1.2 Personnel Screening for Contractors and Vendors

Action:

Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination. Motion carried.

SA Issue #7, Page 4 APB Item #16, Page 20

Attachment 1: FBI CJIS Advisory Process Request for Topic CJIS ADVISORY PROCESS REQUEST FOR TOPIC Please provide the following information when submitting a request for a topic paper. 1. Clear statement of request: Amend the section 5.12.1.2 of the CJIS Security Policy to allow the CSO to delegate authority for access reviews of applicants with a record of misdemeanor offense(s) for contractors and vendors. 2.

How this is handled now (or description of problem being solved): Section 5.12.1.2 (last paragraph) currently limits the determination for access to the CSO for contractors and vendor applicants with a record of misdemeanor offense(s). With the exception of felony convictions or subsequent felony arrests, the CSO is authorized to delegate this role under 5.12.1.1.

3.

Suggested solution: Amend to the last paragraph of section 5.12.1.2 as shown here. “Applicants with a record of misdemeanor offense(s) may be granted access if the CSO or his/her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The CGA may request the CSO to review a denial of access determination.”

4.

Scenario/example: As authorized in 5.12.1.1 the CSO will be able to exercise their designation authority for personnel screening of contractors and vendors.

5.

Benefit(s) to the criminal justice community: Allow CSO’s to exercise their delegation authority as with other sections of the policy for misdemeanor offenses.

6.

Impact on state system users, if known. (Time and resources): None

7.

Importance/criticality: The current policy requires the CSO review when this could be delegated at the discretion of the CSO.

8.

Contact person: Walt Neverman – Wisconsin CSO SA Issue #7, Page 5 APB Item #16, Page 21

CJIS ADVISORY POLICY BOARD (APB) SECURITY AND ACCESS (SA) SUBCOMMITTEE CLARKSBURG, WV APRIL 27, 2017 STAFF PAPER

SA ISSUE #8 CJIS Security Policy Requirements Companion Document – Agency Responsibility by Cloud Model PURPOSE Present information on the SA Subcommittee-approved administrative changes to CJIS Security Policy Requirements and Tiering Document POINT OF CONTACT Information Technology Management Section/CJIS Information Assurance Unit/Information Security Officer (ISO) Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE The Subcommittee is requested to review the information provided in this paper and provide appropriate comments. BACKGROUND During spring 2016, the Security and Access (SA) Subcommittee created the Cloud Task Force to serve the function of reviewing, analyzing, and making recommendations to the SA Subcommittee on all cloud-related topics. The Cloud Task Force consists of members who have technical backgrounds and serve as state and federal CJIS Systems Officers (CSOs), Information Security Officers (ISOs), and local law enforcement agency representatives. This composition has allowed detailed discussions regarding Policy requirements, the impact of those requirements at the federal/state/local level, the applicability of cloud-related requirements, and to identify any potential issues that may hinder a well-intentioned transition to a cloud-based service. The Task Force has since held many meetings to discuss a wide variety of cloud-related topics. One such topic that originated within the Task Force was the concept of creating a “matrix” which would provide a correlation of the requirements within the CJIS Security Policy and the agency who would have the direct responsibility to perform and ensure the

SA Issue #8, Page 1 APB Item #16, Page 22

Policy requirement is met. Please note however, it is understood the agency will always be ultimately accountable for ensuring Policy compliance. After the creation of this “matrix” the CJIS ISO Program presented this topic as an adhoc agenda item at the Fall 2016 Security and Access (SA) Subcommittee Meeting for review, discussion, and to provide a recommendation on actions to have this added to the CJIS Security Policy Requirements and Tiering Document. Leveraging their discretion to approve this addition administratively, as there is no change to the CJIS Security Policy requirements, the SA Subcommittee unanimously approved a motion to include this “matrix” in the CJIS Security Policy Requirements and Tiering Document and to subsequently rename and supersede the CJIS Security Policy Requirements and Tiering Document with the CJIS Security Policy Requirements Companion Document. One internal request made of the Cloud Task Force, by the local law enforcement agency members, was to identify “oversight only” requirements should an agency make the move to one of the cloud service models while keeping in mind the agency is ultimately responsible for compliance. The Task Force was made aware that many of the smaller agencies have difficulty in understanding which Policy requirements they may lose control over and, although the Cloud Computing Appendix (G.3) was very helpful, many non-technical personnel have had a hard time correlating the information directly with the requirements as defined in the Requirements and Tiering Document. Over the course of a number of virtual meetings the Task Force developed a “matrix” providing the requested correlation between the Policy requirements an agency would have direct capability to perform and those which a cloud service provider would have the responsibility/capability of performing. To accomplish this, the Task Force first recommended renaming the existing CJIS Security Policy Requirements and Tiering Document to the CJIS Security Policy Requirements Companion Document. This was considered essential so the name would provide a less-specific and more encompassing title to allow for these changes and any future changes. Then, a new column section was added and named: “Agency Responsibility by Cloud Model.” Within this column section, there are three sub columns each labeled as a cloud service model: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Listed within these columns is the responsible party (i.e., CJIS/CSO, Agency, Service Provider, or Both – agency and service provider) to ensure the Policy requirements are met. Please note, however, the agency implementing cloud technology is ultimately accountable to ensure Policy compliance and will be audited by the CSA and possibly by the CJIS Audit Unit. Finally, the Cloud Task Force briefed their efforts to the Fall 2016 SA Subcommittee, who unanimously approved a motion to add this to version 5.6 of the requirements document. Attachment 1: Sample of CJIS Security Policy Requirements Companion Document

SA Issue #8, Page 2 APB Item #16, Page 23

Attachment 1

Sample of CJIS Security Policy Requirements Companion Document CSP Location

Topic

Responsibility

Requirement Priority Tier

Agency Responsibility by Cloud Model IaaS

9 4

9 5 5.1.1.4

9 6

9 7 5.1.1.5

9 8

PaaS

CJIS Security Policy Area 1 - Information Exchange Agreements A NCJA (government) Inter-Agency and designated to Management perform criminal 1 Agency Agency Control justice functions for a CJA shall be Agreements eligible for access to the CJI. Access shall be permitted when such designation is authorized " 1 pursuant to Agency Agency Executive Order, statute, regulation, or inter-agency agreement. The NCJA shall sign and execute a management control agreement (MCA) with the CJA, which " 1 Agency Agency stipulates management control of the criminal justice function remains solely with the CJA. Private contractors who perform criminal justice functions shall Private meet the same Contractor User training and 1 Agreements and Both Both certification criteria CJIS Security required by Addendum governmental agencies performing a similar function, and… ...and shall be subject to the same " 1 extent of audit Both Both review as are local user agencies.

SA Issue #8, Page 3 APB Item #16, Page 24

SaaS

Agency

Agency

Agency

Both

Both

9 9

"

1 0 0

"

1 0 1

"

1 0 2

"

1 0 3

"

1 0 4

"

All private contractors who perform criminal justice functions shall acknowledge, via signing of the Security Addendum Certification page, and abide by all aspects of the CJIS Security Addendum. Modifications to the CJIS Security Addendum shall be enacted only by the FBI. 1. Private contractors designated to perform criminal justice functions for a CJA shall be eligible for access to CJI. Access shall be permitted pursuant to an agreement which specifically identifies the agency’s purpose and scope of providing services for the administration of criminal justice. The agreement between the CJA and the private contractor shall incorporate the CJIS Security Addendum approved by the Director of the FBI, acting for the U.S. Attorney General, as referenced in Title 28 CFR 20.33 (a)(7). 2. Private contractors designated to perform criminal justice functions on behalf of a NCJA (government) shall be eligible for

1

Both

Both

Both

1

CJIS/CSO

CJIS/CSO

CJIS/CSO

1

Agency

Agency

Agency

1

Agency

Agency

Agency

1

Agency

Agency

Agency

1

Agency

Agency

Agency

SA Issue #8, Page 4 APB Item #16, Page 25

access to CJI.

1 0 5

"

1 0 6

"

1 9 7

5.4

1 9 8

Access shall be permitted pursuant to an agreement which specifically identifies the agency’s purpose and scope of providing services for the administration of criminal justice. The agreement between the NCJA and the private contractor shall incorporate the CJIS Security Addendum approved by the Director of the FBI, acting for the U.S. Attorney General, as referenced in Title 28 CFR 20.33 (a)(7).

1

Agency

Agency

Agency

1

Agency

Agency

Agency

Both

Service Provider

Service Provider

Service Provider

CJIS Security Policy Area 4 - Auditing and Accountability Agencies shall implement audit and accountability Policy Area controls to increase 1 4:Auditing and the probability of Both Accountability authorized users conforming to a prescribed pattern of behavior. Agencies shall carefully assess the inventory of components that compose their information " 1 Both systems to determine which security controls are applicable to the various components.

SPRING 2017 WORKING GROUP ACTIONS: This topic was accepted as information only by all five working groups. SPRING 2017 SA SUBCOMMITTEE ACTION: This topic was accepted as information only. SA Issue #8, Page 5 APB Item #16, Page 26

CJIS ADVISORY POLICY BOARD (APB) SECURITY AND ACCESS (SA) SUBCOMMITTEE CLARKSBURG, WV APRIL 27, 2017 STAFF PAPER SA ISSUE #9 Security of Criminal Justice Information (CJI) Stored in Offshore Cloud Computing Facilities PURPOSE Propose language changes to CJIS Security Policy Section 5.10.1.5 to prevent CJI from being stored in cloud computing facilities located outside the United States (U.S.) and U.S. territories POINT OF CONTACT Information Technology Management Section/CJIS Information Assurance Unit/Information Security Officer (ISO) Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE Approve one of the options presented in this topic paper BACKGROUND The FBI CJIS APB Designated Federal Officer (DFO) received an external topic paper submission (attachment #1) requesting the examination of potential security risks to CJIS data stored in “off-shore” cloud computing facilities and exploration of the possibility of restricting off-shore cloud CJIS data storage in the CJIS Security Policy. The CJIS ISO Program intended to present this topic as an ad-hoc agenda item at the Spring 2016 SA Subcommittee for discussion. Prior to this presentation, however, the SA Subcommittee motioned to establish the Cloud Task Force. It was agreed upon by the Subcommittee that all cloud-related topics, both current and future, would be deliberated by the task force prior to moving forward through the APB process. Blaine Koops, SA member and topic paper submitter, agreed to have the topic sent to the Cloud Task Force where it would undergo a due diligence process. The Cloud Task Force agreed to create and provide a recommendation to the Fall 2016 SA Subcommittee.

SA Issue #9, Page 1 APB Item #16, Page 27

The Task Force discussed this topic in great length and collectively developed a recommendation which was presented to the 2016 Fall SA Subcommittee as an ad-hoc topic. The SA Subcommittee unanimously endorsed the recommendation and requested the CJIS ISO Program to take a topic paper through the 2017 Spring APB process. DISCUSSION AND ANALYSIS The essential premise of the CJIS Security Policy is to provide the minimum controls to protect CJI, from creation through dissemination. The Policy is also designed to be somewhat malleable to enable the use of new and emerging technologies, such as cloud computing. As the concept and acceptance of cloud computing grows within the law enforcement community, however, concern has been raised about protecting CJI stored within environments which are outside the direct control of the agency. This concern sparked the submission of a topic paper request (attached) asking for a risk assessment and possible restriction of permitting CJI storage within data centers outside of the U.S. and U.S. territories. The SA Subcommittee, upon creation of the Cloud Task Force, asked the group to review and discuss this topic. During these discussions, one primary concern revolved around the difficulty in restricting access to unencrypted CJI to foreign nationals on foreign soil where international laws differ from those in the U.S. Encryption is the most common method used to provide data confidentiality. Encryption can also provide a means of access control to data via key management. For example, a person with access to the encryption/decryption key has access to unencrypted data. However, the CJIS Security Policy does not require encryption when CJI is stored within physically secure locations. There is also no restriction on storing CJI in foreign-based areas that would be established as physically secure locations, such as cloud service provider’s data centers. Additionally, many cloud products or services may be severely restricted if the cloud service provider cannot have access to the data in an unencrypted form. The Cloud Task Force discussed the challenges with the lack of ability to prevent access to unauthorized foreign nationals when CJI data is stored within a data center of another country. This concern exists even when CJI is encrypted. Because the data can be replicated, unauthorized personnel would have unlimited time to perform off-line attacks on the encryption with the expectation of defeating the algorithm. The Cloud Task Force stressed they cannot blindly trust a foreign nation’s privacy laws and cannot expect a small law enforcement agency to have the knowledge or ability to know how to fight an international legal battle should the need arise. After much discussion, the Cloud Task Force collectively developed a recommendation to modify the Policy language in Section 5.10.1.5 to effectively prohibit the storage of CJI, regardless of encryption status, in any cloud environment (e.g., datacenter, etc.) which resides outside the U.S. and U.S. territories.

SA Issue #9, Page 2 APB Item #16, Page 28

OPTIONS Approve one of the below options: 1. Accept the following recommended changes to CJIS Security Policy Section 5.10.1.5 as shown below (additions in red italics, deletions in bold strikethrough). The storage of CJI, regardless of encryption status, shall not be permitted in any cloud environment (e.g. datacenter, etc.) residing outside of the United States (U.S.) and U.S. territories. 2. Make no changes to the CJIS Security Policy

If option 1 is approved, the requirement(s) should be assigned a priority tier of: ______ (enter 1 or 2) The storage of CJI, regardless of encryption status, shall not be permitted in any cloud environment (e.g. datacenter, etc.) residing outside of the United States (U.S.) and U.S. territories. RECOMMENDATION The CJIS ISO Program draws attention that option 1 of this paper was created and endorsed by the Security and Access Subcommittee’s Cloud Task Force. The FBI CJIS ISO and CJIS Audit Unit are aware of agencies currently utilizing cloud services based in Canada. Approving option 1 will create compliance issues for those agencies. The CJIS ISO Program recommends option 2 until a motion is developed that includes Canada and takes into consideration other international law enforcement partners.

Attachments: 1 – Topic Request Form, Sheriff Blaine Koops, Allegan County, Michigan

SPRING 2017 WORKING GROUP ACTIONS:

FEDERAL WORKING GROUP ACTION: Motion: To accept Option 2: Make no changes to the CJIS Security Policy Action: Motion carried.

SA Issue #9, Page 3 APB Item #16, Page 29

NORTH CENTRAL WORKING GROUP ACTION: Motion: Send this back to the SA Subcommittee to craft a new motion that modifies Option 1 taking into consideration existing treaties and exchange agreements already in place and any future information sharing amongst international partners, then send it back through the working group process. Action: Motion carried. NORTHEASTERN WORKING GROUP ACTION: Motion: To accept Option 2. Make no changes to the CJIS Security Policy. Action: Motion carried. SOUTHERN WORKING GROUP ACTION: Motion: To adopt a new motion to send back to the SA Subcommittee to reconsider language that takes into account current agreements and treaties with the intent to come back to the working groups in the fall. Action: Motion carried. WESTERN WORKING GROUP ACTION: Motion: To accept Option 2: Make no changes to the CJIS Security Policy. With the understanding they will go back and look at this again. Action: Motion carried with 1 opposed SPRING 2017 SA SUBCOMMITTEE ACTION: Motion: To send the issue back to the Cloud Task Force to craft new language before submitting back to the Working Groups. Action: Motion carried.

SA Issue #9, Page 4 APB Item #16, Page 30

Attachment #1

FBI CJIS ADVISORY PROCESS REQUEST FOR TOPIC Please provide the following information when submitting a request for a topic paper. 1. Clear statement of request: Examine the security risk to CJIS data stored in “off-shore” cloud facilities and develop draft policy, if necessary, for working group and subcommittee consideration. 2. How this is handled now (or description of problem being solved): Currently, the topic is considered a business decision by each CJIS entity, rather than a system-wide policy issue. 3.

Suggested solution: Explore the possibility of restricting off-shore cloud CJIS data storage through the CJIS Security Policy.

4. Scenario/example: A state CJIS agency procures the services of a cloud computing and data storage vendor. Unknown to the state CJIS agency, the cloud data is stored in an unsecured facility in a foreign country. 5.

Benefits to the criminal justice community: Greater security for individual FBI CJIS partners and overall greater security for the entire national CJIS system.

6.

Impact on state system users, if known. (Time and resources): Unknown

7.

Importance/criticality: High Importance

8.

Suggested Topic Name: Security of CJIS data stored in off-shore cloud computing facilities and the ramifications to CJIS security.

9.

Contact person: Sheriff Blaine Koops, Allegan County, MI and/or Ms. Dawn Brinningstaull, CSO, Michigan

Please provide any additional information that may be helpful to understand the topic. Co-Requestors: Mr. Michael Lesko, CSO, Texas CJIS Mr. Joseph Dominic, CSO, California CJIS Mr. Bradley Truitt, CSO, Tennessee CJIS Mr. Charles Schaeffer, CSO, Florida CJIS SA Issue #9, Page 5 APB Item #16, Page 31

CJIS ADVISORY POLICY BOARD (APB) SECURITY AND ACCESS (SA) SUBCOMMITTEE CLARKSBURG, WV APRIL 27, 2017 STAFF PAPER SA ISSUE #10 Collection and Use of Metadata by Cloud Service Providers PURPOSE Present recommendation to modify CJIS Security Policy Section 5.10.1.15 to require agencies to establish acceptable restrictions for the collection and use of metadata by cloud service providers. POINT OF CONTACT Information Technology Management Section/CJIS Information Assurance Unit/Information Security Officer (ISO) Program Questions regarding this topic should be directed to . REQUEST OF THE SUBCOMMITTEE Approve one of the recommendations presented in this topic paper BACKGROUND CJIS Security Policy version 5.2 (released on August 9, 2013) introduced cloud computing language via the addition of Section 5.10.1.5 Cloud Computing and Appendix G.3 Cloud Computing White Paper. Section 5.10.1.5 created some specific requirements while appendix G.3 sought to educate readers on the definition of cloud computing, the service models used, and provide some best security practices applicable to cloud services. Since the release of version 5.2, the CJIS ISO Program has fielded a significant number of questions and concerns raised by both agencies and cloud service providers alike related to the metadata collection restrictions found in Section 5.10.1.5. Specifically, the service providers’ concerns are technical in nature and point to metadata collection restrictions as a technical hindrance to most cloud service offerings. Agencies, on the other hand, are concerned with whether they are even in a position to control and/or audit a service provider’s metadata collection capability. The CJIS ISO Program has reviewed and discussed the validity of the concerns raised via ad-hoc topic discussions with the SA Subcommittee and served as a catalyst for the SA Subcommittee’s creation of the Cloud Task Force during the spring 2016 subcommittee meeting. SA Issue #10, Page 1 APB Item #16, Page 32

The Cloud Task Force was formed to review, analyze, and make recommendations to the SA Subcommittee on all future cloud-related topics. The Task Force has discussed the collection and use of metadata by cloud providers and collectively developed a recommendation which was presented to the 2016 Fall SA Subcommittee as an ad-hoc topic. The SA Subcommittee unanimously endorsed the recommendation and requested the CJIS ISO Program proceed with a topic paper through the 2017 Spring APB process. DISCUSSION AND ANALYSIS Section 5.10.1.5 of the CJIS Security Policy accomplishes two goals: (1) It points readers to several documents agencies should make use of to help determine what would be involved in a transition to cloud computing while ensuring CJIS Security Policy compliance, and (2) It adds two requirements [“shall (not) statements”] to the Policy restricting the collection and use of metadata by cloud service providers as shown below: “The metadata derived from CJI shall not be used by any cloud service provider for any purposes. The cloud service provider shall be prohibited from scanning any email or data files for the purpose of building analytics, data mining, advertising, or improving the services provided.” Metadata is commonly referred to as data about data, information about information, or information describing the characteristics of data. A more descriptive definition is structured information that describes, explains, locates or otherwise makes it easier to retrieve, use or manage an information resource. The metadata usage restriction requirements were designed to ensure the cloud service providers are not permitted to utilize metadata collected from criminal justice information (CJI) for any commercial purpose, to include targeted advertising. These metadata restrictions were added in a motion made by the SA Subcommittee during the topic presentation at the Fall 2012 SA Subcommittee meeting which was subsequently approved by the APB and included in CJIS Security Policy v5.2. In the last few years the various cloud service offerings have evolved and matured in ways that permit cloud service providers the ability to offer more data services to customers, such as spam and spyware filtering, data loss prevention, spillage reporting, transaction logs (events and content – similar to Section 5.4), data usage/indexing metrics, and diagnostic/syslog data. Many agencies and cloud vendors alike have expressed a strong desire to have some of the aforementioned services made available via their cloud services. These types of services, however, typically require some access to metadata in order to fully provide the offered service. The Cloud Task Force has discussed in great length, over the course of a number of virtual meetings, the various utilizations of metadata by cloud providers. The Cloud Task Force collectively developed a recommendation to define metadata and modify the Policy language in Section 5.10.1.5 to provide a means for agencies to review and determine SA Issue #10, Page 2 APB Item #16, Page 33

what (limited) collection and use of metadata would be acceptable while still restricting metadata collection for commercial use. OPTIONS Approve one of the below options: 1. Accept the following recommended changes to CJIS Security Policy Section 5.10.1.5 as shown below (additions in red italics, deletions in bold strikethrough). a) Proposed Additions to CJIS Security Policy Appendix A: Terms and Definitions: Metadata – Structured information that describes, explains, locates or otherwise makes it easier to retrieve, use or manage an information resource. Metadata is commonly referred to as data about data, information about information, or information describing the characteristics of data. b) Proposed CJIS Security Policy Section 5.10.1.5 Language Changes: 5.10.1.5 Cloud Computing The metadata derived from CJI shall not be used by any cloud service provider for any purposes. The cloud service provider shall be prohibited from scanning any email or data files for the purpose of building analytics, data mining, advertising, or improving the services provided. Metadata derived from unencrypted CJI shall be protected in the same manner as CJI and shall not be used for any advertising or other commercial purposes by any cloud service provider or other associated entity. The agency may permit limited use of metadata derived from unencrypted CJI when specifically approved by the agency and its “intended use” is detailed within the service agreement. Such authorized uses of metadata may include, but are not limited to the following: spam and spyware filtering, data loss prevention, spillage reporting, transaction logs (events and content – similar to Section 5.4), data usage/indexing metrics, and diagnostic/syslog data. 2. Make no changes to the CJIS Security Policy If option 1 is approved, the requirements should be assigned a priority tier of: ______ (enter 1 or 2) Metadata derived from unencrypted CJI shall be protected in the same manner as CJI ______ (enter 1 or 2) and shall not be used for any advertising or other commercial purposes by any cloud service provider or other associated entity.

SA Issue #10, Page 3 APB Item #16, Page 34

RECOMMENDATION The CJIS ISO Program Office recommends option 1 and a priority tier assignment of 1 for both requirements.

SPRING 2017 WORKING GROUP ACTIONS: FEDERAL WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper with the requirements assigned priority of tier 1. Action: Motion carried. NORTH CENTRAL WORKING GROUP ACTION: Motion 1: To accept Option 1 as outlined in the staff paper. Action: Motion carried. Motion 2: Action:

To accept Tier 1 for both requirements. Motion carried.

NORTHEASTERN WORKING GROUP ACTION: Motion 1: To accept Option 1 as outlined in the staff paper. Action: Motion carried. Motion 2: Action:

To give a priority of Tier 1 to both requirements. Motion carried.

SOUTHERN WORKING GROUP ACTION: Motion: To adopt Option 1 as outlined in the staff paper. Action: Motion carried. Priority tier 1 assigned to both requirements, a and b. WESTERN WORKING GROUP ACTION: Motion: To accept Option 1 as outlined in the staff paper. Action: Motion carried. Both requirements were given a priority tier of 1. SPRING 2017 SA SUBCOMMITTEE ACTION: Motion: To accept Option 1, Tier 1 for both of the requirements as outlined in the topic paper Motion carried. Action:

Attachment: 1 – Topic Request Form, Jeff Campbell, FBI CJIS Assistant ISO

SA Issue #10, Page 4 APB Item #16, Page 35

Attachment #1

FBI CJIS ADVISORY PROCESS REQUEST FOR TOPIC Please provide the following information when submitting a request for a topic paper. 1. Clear statement of request Based on input from outside CJIS, the ISO program has been requested to evaluate the risk and thus the possibility of relaxing the restrictions imposed by the CJIS Security Policy on cloud service providers concerning the collection and use of metadata. How this is handled now (or description of problem being solved) 2. The CJIS Security Policy currently prohibits cloud service providers from scanning any email or data files for the purpose of building analytics, data mining, advertising or providing levels of service. Further, any metadata derived from criminal justice information (CJI) is prohibited from being used by a cloud service provider for any purpose. These restrictions prevent agencies from leveraging services offered by cloud providers based on metadata collected by the provider of agency data. 3. Suggested solution Create a topic paper to presenting possible policy language changes to allow cloud service providers the ability to collect and use metadata in certain instances. Scenario/example 4. If a law enforcement agency uses a cloud service provider for storing back-up data that has been encrypted (where the cloud provider does not have the encryption keys) the metadata associated with that data would not contain unencrypted CJI. The agency, or the provider, could then use the metadata for service analytics or other purposes. Benefit to the criminal justice community 5. Many cloud service providers base availability of services on metrics collected on the data traversing their networks. By allowing a provider the ability to utilize the metadata collected on a law enforcement agency’s data, greater service availability could be realized and possibly at reduced costs. Additionally, agencies could leverage the metadata collected by the provider. 6. Impact on state system users, if known. (Time and resources) System users could potentially have access to critical information that may only be available in metadata, depending on contracted services and the type of information being placed in a providers cloud. Conversely, as metadata is gleaned from inspecting all network traffic, provider access to metadata could lead to data compromise or negatively impact officer safety. 7.

Importance/criticality

8. Contact Person Jeff Campbell, FBI CJIS Asst. ISO, 304-625-4961 Please provide any additional information that may be helpful to understand the topic.

SA Issue #10, Page 5 APB Item #16, Page 36