Listen, analyze, act
Using open source intelligence to crack down on crime
By Pete Snelling, Principal Technical Consultant, SAS
Public security agencies increasingly view open source intelligence as a precious asset in their battle against crime and terrorism. And they invariably see social media intelligence as the jewel in this open source crown.
Today, in line with this, public security agencies are increasingly tuning into social media. They want to keep in touch with developing scenarios that offer the potential for criminality and take action as and when required. But when the volume of information is so vast, they need to be selective in what they try to hear. That requires them to define subjects of interest derived from their own intelligence management systems; pre-set search parameters around the results and define focus areas accordingly.
The situation becomes more challenging when agencies have to deal with ‘unknown unknowns’ - topics that trend on social media that agencies had little knowledge of or did not realize were subjects of interest. In the case of the 2013 murder of Lee Rigby in London, discussion topics were trending on social media before police realized the scale of the problem. In this kind of scenario, agencies need to be monitoring intelligence databases and deploying text analytics to work out what should be of interest and how relevant specific conversations are.
We are now reaching the point where information is surfacing on social media before being picked up by law enforcement - and agencies need to be in a position to proactively tackle threats before they develop into intractable problems.
From a public security perspective, listening will only take agencies so far. Ultimately, the primary reason agencies listen in to social media is to catch criminals and prevent crime. So, the ability to listen is measured by the ability to act quickly on what they hear.
Social media spreads information faster than traditional methods – and that has to be a major concern for police and national security. However, in moving from listening to acting, they face two significant challenges:
- The anonymity of social media. The twitter handle of social media users, for example, may not bear any resemblance to their real name and criminals can use this anonymity to ‘cloak’ their activities.
- The volume of information. Searching through tweets or Facebook postings to find that crucial nugget of incriminating information can be a thankless and time-consuming task – especially as much of it will be unstructured text.
Building a solution
Open source analytics solutions offer a potential solution. Text analytics allows investigators to hone in on key topics and pinpoint names, locations or events that are regularly discussed, thereby reducing the material that needs analyzing and saving time. Social network analytics, allows agencies to build a picture of key conversations and connections on Facebook, or Twitter. This in turn allows them to gain insight into how various groups are involved in criminality.
Once agencies have gathered intelligence, they need to decide how to act on it.
That’s why social network analytics needs to be part of a broader approach. Officers should make use of case management systems to provide a rationale behind the investigative process together with an audit trail which explains what has been recorded and retained. Also, in building a social network diagram around a suspect, connections may be established with other individuals about whom data is already being kept within the organization’s main intelligence management system.
Looking to the future
The integrated approach outlined above drives efficiency, which is critical to the success of open source intelligence in the context of public security. Going forward, agencies will need to focus on how they can use open source analytics tools to get information to frontline officers in time to be useful. As volumes today are so large, social media and open source intelligence tends to be used reactively. The goal is to start using these techniques to turn reactive into proactive, developing alerts that then push information out to officers at the point of need.
This shift needs to happen soon because agencies need to be more efficient and more effective. We are now reaching the point where information is surfacing on social media before being picked up by law enforcement - and agencies need to be in a position to proactively tackle threats before they develop into intractable problems.