STANDARDS AND INTEROPERABILITY        171



          database operated by a private vendor points up the problem. In January 2004,
          Associated Press reporter Brian Bergstein reported,


               Other states expressed worries about security. An open-records request in Georgia
               uncovered an Oct. 2 memo, for example, in which motor-vehicle department staffers
               noted that Seisint had promised “that every effort will be taken to make the database
               and the data transfer safe and secure. However, the potential for abuse still exists.”
                 The Florida files include an Oct. 7 letter in which Deputy Superintendent Mark
               Oxley of the Louisiana state police wrote that his agency would not participate
               because of “lingering concerns” about the security of the records that would be sent
               to the database. He also questioned the “ever-broadening scope extending far
               beyond the original counterterrorism mission.”
                 However, Oxley added that “most disappointing of all” was that Louisiana had to
               learn from news reports that Seisint’s founder, Hank Asher, had admitted piloting
               flights for cocaine smugglers in the 1980s. Asher has resigned from Seisint’s board.
                 Questions about Matrix still loom even in member states. New York has not
               shared any records because of questions about long-term funding and privacy laws,
               said Lynn Rasic, a spokeswoman for the governor’s office.


            If these databases are breached for malicious or fraudulent purposes, both
          public trust and data integrity might be lost. If an agency chooses to share data,
          it must be careful about both the integrity and intent of the requesting agency,
          and it must maintain ongoing audits of the use of the data by the requesting
          agency. If the host agency permits another agency to access its database, it might
          limit the time volume of access. For example, the host agency might not want
          to have its own transactions delayed due to foreign transactions in the system,
          so it might restrict foreign transactions to a time of day when the host transac-
          tions are low, or a day of the week when these foreign transactions are at a low
          point. There will need to be assurances that the foreign transactions, when they
          are allowed, follow the format of the host searches and do not take longer than
          the time for a host transaction. Ideally, the foreign transaction should flow
          through the system with the same characteristics as a native transaction; this
          would be another example of interoperability.



          8.4.2 TYPE OF SEARCH PERMITTED

          The agencies also have to agree on the types of searches to be run, whether
          they are civil searches or forensic searches. If they are forensic searches, options
          include tenprint to tenprint searches, latent to tenprint searches, tenprint to
          unsolved latent searches, or latent to unsolved latent searches. For tenprint
          searches, there may be limitations on the type of inquiry, i.e., the inquiry of