By Bryan Ware, Chief Technology Officer, Haystax Technology, McLean, Virginia
he Boston Marathon bombing, subsequent manhunt, and current investigation are unprecedented—due not only to the nature of the attack but because of how much information has been available to law enforcement, the public, and the suspects. Data came in at a staggering velocity within seconds of the twin explosions, yielding constant changes and misreporting, as well as the timely apprehension of the suspects.
For all its successes, “big data” can also expose many limitations in existing technologies, demonstrating the need for new capabilities and providing new collaborative opportunities for law enforcement and technology developers. Some of the technologies discussed already exist in some form but are not yet ideally suited to the needs of this kind of event.
Avid for Intelligence
The Boston investigation demonstrates the ability to request and receive video and photos from witnesses to the blast and from private security cameras in the vicinity.1 When receiving a large volume of these data, there needs to be an image and video management system that is able to stitch together the various images in both space and time, something akin to the Avid video editing and production suite used in the entertainment industry.2
Each image from a smartphone carries telemetry data that can be used to orient it in space and time. Add hundreds or even thousands of those images together, taken from different vantage points and different times, and an amazingly detailed mosaic of the environment comes in focus. Being able to play it back to particular time stamps is an enormous challenge and opportunity. Similar ideas can be seen in movies, but these have not yet made the trip from the big screen to the real world. As cities install more CCTV units, there will be increasing amounts of imagery and video available for investigations—and the technology to harness it needs to be available to law enforcement.
Complex Event Processing (CEP): It is difficult to imagine the barrage of information flying at the Boston law enforcement team on April 15, 2013: citizen tips, social media posts, 9-1-1 calls, and forensic evidence to name a few. Often in investigations, the primary information management system is email, and it would not take long in a rapidly evolving event for officers to be drowned in message traffic and for them to miss critical pieces of information. CEP is an idea typically found in machine automation, but automating alerts based on key events could ensure that the right message gets to the right people automatically.3 That might mean any small event in a key location (or a certain type of activity anywhere) generates an alert. In order for CEP to be effective for a rapidly evolving situation, it requires a configuration interface and integration into data streams and messaging systems. The CEP has to be consumer-friendly almost out of the box.
Link Analysis: Rapidly unfolding situations need first responders and law enforcement administrators to organize the information and tie it together in a way that allows a story to develop and a case to be built. As authorities try to figure out who the suspects are, little pieces of information come in continuously, answering critical questions like: How many suspects are there? Where do they live? Where do they work? How are they tied together? This link analysis is certainly the promise of software vendors like Palantir, IBM/i2, Visual Analytics, Centrifuge, and others. However, unless the department has developed the capability to use these tools rapidly, this level of sophistication may be missing at a critical time. The products, business models, and capabilities destined for use in crises must evolve in order to make the kind of headway needed during a fast-moving event.
Geographic Information Systems (GIS): Every law enforcement and homeland security agency has GIS tools. However, today’s GIS systems are built on old software architectures to support geographers. Now, they need to be rebuilt for the velocity of social media data, for easy and rapid data entry, for simple analysis, and for quick information sharing and reporting. The needs of law enforcement are to see the locations of events, suspect homes, and the crime scenes and then correlate that data with reporting from social media. There are tools in geo-enabled consumer apps such as Foursquare, Google Maps, Yelp, and Find My iPhone; however, these apps were not built for large-scale investigations. What are needed are the professional tools with greater capability.
Crowd Analytics: From the DARPA Challenge to the recent Intelligence Advanced Research Projects Activity developing a crowd forecasting program has been a pretty hot topic for research.4 Release of suspect photos to the community (crowd) can help identify suspects. The crowd presents a massive computational reasoning capability with the entire Internet at its disposal. In the Boston bombings, it was reported that the crowd was able to find the suspects’ Russian-language social network VKontakte (VK), Twitter, and other social media accounts faster than the government. Leveraging the crowd for search, translation, information dissemination, and such bears much promise and much peril. More will be written about the ill-fated Reddit community attempt to analyze crime scene imagery,5 but make no mistake—a well-organized crowd can be a powerful tool.
Identity resolution and identity management capabilities are used every day by law enforcement and intelligence agencies. But these capabilities struggle with low-quality data sources. It’s one thing to find an identity match with a name, date of birth, and social security number; it’s something else entirely when the name has multiple spellings and there’s no other useful information. It’s particularly hard to find that person’s social media identity—perhaps the first place you’ll see their extreme views or other information that may provide additional leads or explanations of motives. And, in many cases, fraudulent websites are created as quickly as the event unfolds, further confusing the search for suspect identities. High-quality but rapid social identity solutions are needed to understand a person’s identity when their official government identity is either unknown or insufficient. And these tools must not only be timely in order to have any value to law enforcement, they must also be accurate.
Social TTL: The concept of tagging, tracking, and locating (TTL) is well known in the intelligence and special operations communities. While all of the technology capabilities to identify the user and track the location of his mobile phone exist, the capability is not readily available to law enforcement in a timely manner.
Phone Neutralization and Intercept: A common technique for detonating explosive devices is by mobile calls or messages. Along with the Social TTL idea, there is a need to neutralize, intercept, or exploit the mobile phones of suspects. This need is essential with several assailants or a protracted standoff. While products exist that would allow law enforcement to disable a phone from communicating on the network, track it precisely, and even send it direct messages, they are not widely used.
Considering today’s high volume of Tweets, Facebook updates, Yelp check-ins, Instagram posts, and YouTube uploads, a methodology for identifying potential witnesses or suspects is to play back all of those time-stamped posts to determine who was in the vicinity and when. Similar to deploying police officers to canvass a neighborhood, a digital canvass allows investigators to review what was in the public social space that might yield clues and successfully close investigations. ♦
1“FBI Assists Boston Police Department Regarding Explosions along Marathon Route and Elsewhere,” press release, April 15, 2013, www.fbi.gov/boston/press-releases/2013/fbi-assists-boston-police-department-regarding-the-explosions-along-the-marathon-route-and-remains-on-scene (accessed May 9, 2013).
2“Media Composer Family,” Avid, www.avid.com/US/products/family/Media-Composer (accessed May 9, 2013).
3Wikipedia, s.v. “Complex Event Processing,” http://en.wikipedia.org/wiki/Complex_event_processing (accessed May 9, 2013).
4“Aggregative Contingent Estimation (ACE),” Intelligence Advanced Research Projects Activity, www.iarpa.gov/Programs/ia/ACE/ace.html (accessed May 9, 2013); “Creating and Preventing Strategic Surprise,” Defense Advanced Research Projects Agency (DARPA), www.darpa.mil (accessed May 9, 2013).
5Blog.reddit, “Reflections on the Recent Boston Crisis,” blog entry by Erik, April 22, 2013, blog.reddit.com/2013/04/reflections-on-recent-boston-crisis.html (accessed May 9, 2013); Jess Bidgood, “Body of Missing Student at Brown Is Discovered,” The New York Times, April 25, 2013, www.nytimes.com/2013/04/26/us/sunil-tripathi-student-at-brown-is-found-dead.html?_r=0 (accessed May 9, 2013).
Please cite as:
Bryan Ware, "Terrorism and the Technology Gap," The Police Chief 80 (June 2013): 1819.