New post on CT blog:
The Intelligence and Security Committee (ISC) in the UK was established by Parliament as part of the 1994 Intelligence Services Act to examine the work of the intelligence and security agencies in the UK.
The ISC was asked to review information, which emerged following the CREVICE trial in April 2007 that Mohammed Siddique KHAN and Shazad TANWEER (two of the four 7/7 bombers) had come to the attention of MI5 during the CREVICE operation. The question bluntly asked was, “If MI5 had come across Mohammed Siddique KHAN and Shazad TANWEER before, why didn’t they prevent this outrage?”
The full report of the ISC findings can be found here.
At its heart the report re-states the previous answer to the central question posed – - lack of resources and legal restrictions prevent the kind of large-scale surveillance required to cover all terrorist leads. Individual readers of the report will have to judge whether that is a satisfactory response.
However, one of the most illustrative parts of the whole document is on page 9 where a diagram is published detailing the number of phone-calls assessed as relating to international terrorism, between unique parties, between January 1 and 1 April 2004 (period of the CREVICE investigation). Diagram shown below:
From this enormous bundle of data the report states 4,020 calls were linked to CREVICE – with the vast majority of those eventually assessed as being, “not related to the bomb plot itself, or even the wider facilitation network, and were in fact wholly innocent or irrelevant”. What is left is therefore, an interesting piece of contemporary artwork.
While clearly technology can provide an edge in certain circumstances its capabilities and limitations need to be clearly understood. This diagram solely relates to telephone calls, a diagram today would need to include, twitter, IM, VoIP, Email, Facebook email or even in-game chats. The data would form an enormous cloud behind, which plotters could operate.
There isn’t a clear solution to this and a number of industries are attempting to penetrate this burgeoning cloud of data to find meaning in the tweets and chirps. One potential important lesson to be drawn from this particular ISC report is that excess data can be used to hide a plot — this is contrary to the idea of terrorists passing torn paper notes to each other to avoid electronic detection. A ‘useless information’ bomb could create countless link analysis diagrams that ultimately lead nowhere, hiding the real intent. Information, unlike truth may not in fact set you free.
The data “cloud” demonstrates that these particular terrorist subjects operated within a “community of support” represented by communication links; the majority of this support network would not engage in terrorist acts.
The investigative objective is to identify which of the relationship nodes are communicating while planning or supporting an attack. One way would be to “filter” the data using data visualization technology to select co-relations of data events predictive of a terrorist attack, such as communications on anniversary dates of prior attacks.
The analyst(s) would use their experience, intuition, and archived patterns to manipulate presentations of real-time data-captures trying to reveal anomalies, trends (data trajectories), or a repeat of historical patterns. MJR
@ Michael R. Thanks for comment.
Is ordering a pizza “community of support”? The ICS report clearly states the overwhelming majority of the traffic was not related to international terrorism.
Nothing new about using past action as a predictor of future action. I almost want to say you could do that with a sharp pencil and a piece of paper without spending $M on the applications you refer to. However, there are some interesting bits and pieces out there on modeling real-world behaviour based on known historic virtual/real patterns. Link to basic idea here on pbs:
http://www.pbs.org/newshour/updates/science/jan-june09/celldata_05-15.html
While this stuff is potential gold for marketing how does it stack up against exceptional cases…Terrorists for example, who by definition in order to be successful have to re-invent the paradigm every time they play or else they get caught. So systems such as the one you outline based on assumptive models have some role as they catch some things but do they probably don’t stop the game changing events….because in those cases the assumptions are moved.
Finally, I think my point was more that an explosion of data provides a useful cover for real intent. The data explosion caused by the CREVICE operation provided information cover for the 7/7 attack. This could be manufactured and how do you distinguish or penetrate that cloud? That I think is the pressing question.
Thanks.
Roderick
I don’t think it is fair to say that CREVICE provided ‘cover’ for 7/7. The fact is that there was a communication link between the two operations but that because this was such a tenuous link (there is no evidence that the contact was anything other than social) it disappeared into the background noise.
This would have applied if they all used old fashioned telephony or a multitude of IP based comms.