In July 1999, the Federal Bureau of Investigation (FBI) placed in service the Integrated Automated Fingerprint Identification System (IAFIS). The inception of the IAFIS marked the beginning of the national automated processing of fingerprints in the United States, which today represents a data resource of over 43 million ten-print records. Since 1999, the use of the IAFIS has grown to the point where over 60 percent of IAFIS submissions, which number over 60,000 per day, are now received electronically. The guaranteed response time for an electronic fingerprint submission to the IAFIS is two hours, but roughly 80 percent of the responses are rendered in under 40 minutes. New technological advances have lead to increases in the IAFIS processing capacity and decreases in the IAFIS response time, and the FBI is dedicated to the continued improvement of the services provided to the IAFIS user community through an ongoing process of system evaluation and technical refreshment designed to keep pace with AFIS advances and the needs of the user.

In an effort to share the experiences of the INTERPOL AFIS Experts Group members with agencies and entities exploring the acquisition of an AFIS, the ideas brought forth in this paper represent a combination of concepts learned in the FBI's development and management of the IAFIS. It includes some insight into contract development, post delivery system enhancements, and future AFIS applications. These guidelines are not designed to be comprehensive, nor are they universally germane; however, they will have a useful application for the vast majority of AFISs developed for large scale or nationally distributed database purposes.

Lessons Learned

In any major Information Technology project, the customer gains new insight into areas previously unthought of. The studious customer makes note of these observations and applies them to subsequent, similar developmental efforts. We commonly refer to these revelations as "Lessons Learned". In the years that it took to progress the IAFIS from contract to delivery, many such lessons were learned. A short list of the primary Lessons Learned are detailed next.

Define Your Standards

The use of universally tested and recognized standards and specifications in any AFIS development plays a significant role in the system's ability to meet both the existing and future requirements for owner and user alike. By adopting a known standard, such as the Electronic Fingerprint Transmission Specification, or the American National Standards Institute-National Institute of Standards and Technology INTERPOL Implementation (ANSI-NIST INT-I) data format for the interchange of fingerprint, facial, and scars marks and tattoos, the AFIS customer can avoid being locked into a specific AFIS vendor's proprietary code, while facilitating the potential to expand access to other systems sharing the same specification. Also, as the specifications become more highly defined, the likelihood of user compliance errors lessens. Most major AFIS vendors are familiar with internationally recognized AFIS standards and will deliver a system so specified.

Limit the Number of Vendors

During the development of the IAFIS, the FBI employed a series of vendors to deliver specific components of the final system. This lead to situations where the understanding of one contractor did not match the understanding of another, resulting in component incompatibility and redesign efforts. A secondary impact of using multiple vendors was the difficulty involved in post-delivery system maintenance issues, where a single contractor might be responsible for providing maintenance and system upgrades for another contractor's component. Further, contracting efforts, in general, are much more complex when multiple vendors are used. This is not to say that a prime contractor should not be allowed to subcontract portions of a project where mutual benefit is derived; however, a thorough understanding of the relationship between the prime and subcontractor needs to be defined to the satisfaction of the customer prior to agreeing to such an arrangement. Experience has shown that the concerns detailed above can be minimized by using a single vendor when contracting for an AFIS.

Design a Non-Operational Environment

A Non-Operational Environment (NOE) is a scaled down mirror image of the primary environment, used to test programmatic changes, software upgrades, temporary and new user access, and telecommunications and external connectivity issues. Having the capability to test new services or users on a separate system minimizes the chances of system failure and service outage that can result from introducing change to the production environment. By developing an NOE that most closely resembles the production system in processing capabilities and size, a greater utility is achieved to determine the impact to the system when new programming and software releases are introduced.

Build Incrementally

An incremental build is one that achieves the desired system architecture in a series of phases, each self sustaining and individually measurable, but integrated into the previous contract deliverable. The incremental build affords the opportunity to recognize the many small successes that lead to a finished product, which is a tangible benefit that can be used to continue project funding or secure additional funding. In addition, the attainment of an intermediary goal permits the publicity of that achievement, securing governmental and public confidence in the system development. Finally, by segmenting the delivery of services in a structured way, system components can be tested independently and system functions can be evaluated as each phase is enabled.

Vendor Service Contracts

The after delivery maintenance aspects of any large AFIS requires the technical support provided through a vendor service contract. If structured properly, the service contract insures that system software updates and periodic programming malfunctions are promptly addressed. This promotes the optimum system "up-time", and ensures that minor or even major system aberrations are corrected to the system specifications. A vendor service contract also reduces the workload of the technical resources of the host agencies which are usually over-tasked and under-staffed.

Documentation

The documentation received with the delivery of any new IT system needs to be complete, to include the source code used in the programming, a complete list of all hardware and software components and any modification made to those components, and a system administration manual. In evaluating a contractor, it is of benefit to request samples of the documentation that the contractor has provided to previous clients. This will afford the opportunity to determine the thoroughness of the system documentation that might be provided with the new system.

In spite of best efforts to insure that the contractor/vendor from which an AFIS is acquired is stable and dependable, companies do go out of business, and business relationships can deteriorate to the point of needing to search for a new support partner. The key to a successful transition in support contractors is to have a thorough system documentation package that the new contractor can learn from and use as a guide.

System Enhancements

Even before taking delivery of the IAFIS, it became readily apparent that an ongoing process of System Enhancements was going to be required to keep up with advances in technology and the requirements of the user community. To address this need, the FBI has developed a five year Technology Refreshment Plan that targets the IAFIS architecture structure. Using a combination of trend analysis to determine future use, keeping abreast of newly legislated applications, and listening to the needs communicated to the FBI by the IAFIS users, the FBI plans to apply the latest technology to improve the services provided by the IAFIS.

In addition to the Technology Refreshment Plan, the FBI also maintains current upgrades and patches to the software programs running on the IAFIS. These upgrades are tested in the NOE and generally work in a two year cycle that includes a period of assessment, a period of use, and a period of planning for the next release. As with any software program, your system is only as good as your last patch.

Future Development

The acquisition and maintenance of a sophisticated AFIS can become all-consuming; however, due consideration must be given to future development in order to stay ahead of the new criminal and civil applications that are posed. As is true in most IT uses, as time passes, the cost for technology decreases. By taking advantage of this cost benefit to increase the AFIS processing power, existing resources can be devoted to the more time- intensive search algorithms while still maintaining the base level services. One example of this performance leverage is the increase in the ability to process latent searches as a result of increasing the processing power. The reference to latent performance is becoming more pertinent as improved algorithms permit the increased use of this valuable AFIS service.

A separate reality in the life cycle of an AFIS is the expectation that system use and demand will only increase over time. These increases are anticipated to expand the current IAFIS workload by 100% (50-60,000 fingerprint cards per day) within the next year. Recent legislation pertaining to National Security, along with the ever-increasing civil uses, mandate system improvements just to maintain current service levels.

An area of opportunity to improve fingerprint records and subsequent AFIS processing is present in the form of image enhancement technology. From fingerprint capture methods to gray-scale enhancing software such advances will improve the database population and also the reliability of AFIS automated responses. Increases in the automated segments of the AFIS allow for an overall increase in system use and an improvement in system performance.

The future of AFIS development will not only be seen in improvement in the AFIS processing capability. The advent of portable livescan fingerprint devices and satellite communications makes it possible to bring fingerprint-based identification to remote site and field related applications. The potential for forensic advances as a result of this automated remote capability is enormous, particularly when considered as a latent print identification tool.

While not always a Future Application, having a disaster recovery plan is a prudent approach to any law enforcement data system. Most agencies find it hard enough to fund the initial cost to develop the primary AFIS and a NOE. A disaster recovery plan which involves a duplication of the primary system may be deemed as too expensive relative to the risk of total failure or system destruction. Such an approach can prove short sighted when viewed from the perspective of the number of internal and external threats that are posed to an AFIS that is connected to outside clients. Whether the threat is from hackers or an attack on the physical plant structure that supports the AFIS, the failure to take even modest steps to create some form of system redundancy or potential reconstructed back-up will place the AFIS law enforcement user community at a severe disadvantage in the fight against crime and for National Security.

Traditionally, an AFIS contained ten-print fingerprint records and biographical information. More and more, digital images, palm prints and auxiliary biometrics are being included with the traditional fingerprint images to enhance the identification capabilities being provided. The biometric industry, in response to private and public needs, has begun the development and distribution of devices capable of capturing and comparing more than one form of biometric to facilitate the identification of persons of interest. These multi-modal devices seek to compensate for the inherent deficiencies of single biometric identification methods. The integration of such platforms into the existing AFIS environment is certain to gain traction in the coming years.

The most common telecommunications method employed for AFIS transactions is some form of leased dedicated circuit. Increasingly, Internet, Virtual Private Network, and satellite technology are being used to leverage the available bandwidth and increase telecommunication speeds. This connectivity transition is important for domestic AFIS purposes, but even more so for international and remote fingerprint transmissions where a single ten-print fingerprint record can take as long as seven minutes to transmit between developed countries using land based lines.

As noted at the outset, this paper is not intended to be a comprehensive treatment of the subject of AFIS acquisition and development. It is intended to provide some level of guidance to the agency seeking to acquire an AFIS or to a new AFIS owner looking for suggestions on what to plan for in the future. More information on AFIS acquisition, development, and use can be found at various web sites including www.fbi.gov and www.INTERPOL.int.