⚖ CJIS Security Posture — Blackwell CaseTrace

Generated 2026-05-01 02:27 UTC · Python 3.14.4
← Back to CaseTrace
1 · Data Flow — What Leaves This Machine Verified
┌────────────────────────────────────────────────────────────────┐ │ AGENCY LOCAL SYSTEM (this machine) │ │ │ │ Case files ──► Blackwell CaseTrace (localhost:5050) │ │ (input/, working/, output/) │ │ │ │ All storage: local disk only. No cloud database. │ │ No remote sync. No telemetry. │ └──────────────────────────┬─────────────────────────────────────┘ OUTBOUND (API calls only) ┌──────────────────▼──────────────────┐ │ Anthropic API (TLS 1.3) │ │ What is sent: │ │ · Case text extracted from files │ │ · Audio transcripts │ │ · Image data (vision analysis) │ │ · Chat queries │ │ │ │ What is NOT sent: │ │ · Raw uploaded files │ │ · Officer PII beyond warrant form │ │ · Database contents │ └──────────────────────────────────────┘ ┌──────────────────────────────────────┐ │ Groq API (TLS 1.3) │ │ What is sent: │ │ · Audio file content (if used) │ │ for Whisper transcription │ └──────────────────────────────────────┘ WHAT IS NEVER SENT: Warrant drafts · Confirmed entities · Audit logs · Case IDs · Officer credentials · Raw evidence files

All API calls originate from the local Flask process. There are no background services, no scheduled uploads, and no embedded analytics SDKs. The web UI is served exclusively on 127.0.0.1:5050 — not accessible from the network.

2 · Encryption Standards TLS 1.3
ChannelProtocolStatus
Anthropic API calls HTTPS / TLS 1.3
Enforced by Python httpx / requests		 Active
Groq API calls (audio) HTTPS / TLS 1.3 Not configured
Local web UI (browser↔app) HTTP / localhost only
127.0.0.1 — not reachable from LAN		 Local only
Case files at rest OS filesystem
Encrypt via FileVault/BitLocker at OS level		 Agency responsibility
Audit log integrity Append-only JSONL, fcntl exclusive locking Active

OpenSSL: OpenSSL 3.5.5 27 Jan 2026

4 · Zero Data Retention Status
Case data never persisted by Anthropic Anthropic's API policy: inputs and outputs are not used for model training without opt-in consent. API data is subject to a short-term abuse-monitoring retention window (typically 30 days), then deleted.
Enterprise Zero Data Retention (0-day) — Not verified True zero-day retention (no abuse monitoring window) requires an Anthropic Enterprise agreement with ZDR addendum. Contact your Anthropic account representative to confirm. Until confirmed, assume standard 30-day abuse-monitoring retention applies.
No persistent storage of warrant drafts by AI provider All warrant drafts are generated in a single stateless API call and saved exclusively to local disk. The AI provider holds the content only for the duration of the HTTP request.
Every AI call is audit-logged locally Action types: chat_query, image_analyzed, video_frames_analyzed, warrant_drafted. See audit log below.
5 · CJIS Background Check & Access Policy Agency responsibility

Fingerprint-Based Background Check Requirement

Per the FBI CJIS Security Policy (CSP) v5.9.4, Section 5.12, all personnel who are granted unescorted physical or logical access to CJIS systems — including local workstations running CaseTrace — must have undergone a state and national fingerprint-based background check prior to access. This requirement applies to all sworn officers, civilian employees, and contractors with access to case data. Compliant background checks must be processed through the appropriate State Identification Bureau (SIB).

Security Awareness Training

All users of this system must complete CJIS Security Awareness Training within six months of hire and biennially thereafter, as required by CSP Section 5.2. Training must be documented by the agency's Terminal Agency Coordinator (TAC).

AI Tool Usage Policy — Responsibility Statement

CaseTrace uses AI processing (Anthropic Claude) for warrant drafting, image analysis, audio transcription (Groq Whisper), and investigative chat. Use of AI-generated content is subject to the following agency obligations: (1) All AI-generated warrant affidavits must be reviewed and certified by a supervising officer and prosecutor before submission to a magistrate. (2) AI analysis does not constitute sworn testimony. (3) Officers must verify all AI-generated facts against primary source documents before relying on them. (4) The agency's TAC must maintain a current list of personnel authorized to use AI-assisted investigative tools.

Incident Reporting

Any suspected unauthorized access to CaseTrace or case data must be reported to the agency's Information Security Officer and the appropriate State CJIS Systems Agency (CSA) within 24 hours, per CSP Section 5.3.2.

3 · Audit Log Viewer Loading…
Timestamp Case Action Operator Result Detail
Loading audit log…
Blackwell CaseTrace · CJIS Security Posture · 2026-05-01 02:27 UTC · Case data stored at: /home/ubuntu/.openclaw/workspace-blackwell