Data Mining In Law Enforcement

jcatcw points out a blog entry by Scott McPherson, CIO for the Florida House of Representatives. McPherson condemns the state of data sharing and data mining in law enforcement, saying that the US causes itself a great deal of trouble by focusing more on "antiterror armor and nuke-sniffing devices" than a useful information distribution network. He discusses a few such projects, and how they could have directly affected the events of 9/11. Quoting: "One of those ingenious things that actually worked, Seisint founder Hank Asher's brilliant MATRIX system, remains mired in controversy and politics. Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced [hijacker Mohamed] Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers. It was simple data mining and algorithms, and none of the information was obtained illegally."

Hold on a minute here

[goldcd (587052)]

so he managed to write some software that analyzed the internet - and managed to produce photos of some of the people that erm had already erm been identified. Surely (and maybe I've misunderstood something here) a 'result' would be identifying people likely to commit terrorist attacks, allowing enforcement agencies to monitor them and prevent them from commiting future attacks. (and no - this doesn't mean off-shoring every muslin who downloaded the Jolly Roger Cookbook).

Re:Hold on a minute here

[k1e0x (1040314)]

Yeah, he wrote software that detects terrorists after they have committed a crime.. Its key component searches google news. heh.

But really. Lots of people *may* commit crimes. Computers may decide you are likely to rob a bank tomorrow, that does not mean you will. We need to make sure the law is always about what you do not what a computer projects your going to do. The day we jail people who *might* be about to commit a crime is the day we put people in jail for their thoughts.

Re:

[networkBoy (774728)]

Let me start by saying I agree with you 100%.

Now for the thought experiment.
Stipulation: The computer produces 0.00% false positive identifications.
The computer identifies a suspect as 100% likely to rob a bank (he's at the teller window, has demanded cash and is pointing a gun) is it OK to arrest him?
The computer identifies a suspect as 99.9% likely to rob a bank (he's next in line for a teller, has a gun and a demand note) is it OK to arrest him?
The computer identifies a suspect as 99% likely to rob a ba

Re:Hold on a minute here

[Alpha830RulZ (939527)]

If you assume for a minute that the author of TFA is smart enough to figure out if this was a google search or not, this is probably pretty interesting. I'm going to, perhaps naively, assume that the data mining approach was done as a reasonable experiment of a mining approach on some set of data, and arrived at a set of names that should be interesting to check up up. I'll further assume that he properly restricted his training set of data to only data that was available before 9/11.

If that is the case, this is a pretty impressive set of results. Being able to identify, say, 5 of the attackers, and to have a number of the other hits be known associates, when the training set likely consisted of at least 10's of thousands of names, is pretty fair accuracy. The false positive rate is pretty fair, as well, especially when you contrast it to the No Fly list, which has numerous false positives, and no known successes in identifying anyone of interest.

There is likely some sort of clustering algorithm behind this, and the math behind those is pretty solid. Before you dis this, or even get excited about privacy issues, I'd suggest you check out a reference such as this [amazon.com]

I'm not really concerned about data mining as a privacy issue, and I think it's a pretty legitimate approach for law enforcement. As a side note, I do data mining and predictive analytics for a living. It's objective, it's factual, and if the practitioner is knowledgable about it, it shouldn't be stigmatizing. Indeed, it would reduce scrutiny on the majority of the folks that would otherwise be tarred by having an arabic surname and swarthy skin.

It would have the potential to be vastly more effective, and vastly less expensive than the path we are on now. One reason that we might not be using could be that we -have- used it, and didn't find anything. That's the thing about objective data mining, if there is nothing there, it'll tell you that. I don't think, for our current administration, that it's a desireable outcome to find that there is nothing to worry about. If that happened, the populace would be less fearful, and less easy to control.

Take this one step further, and apply this bit of thought. It has been shown time and again that the TSA is incompetent, and that any motivated terrorist could get a weapon on board a plane. It is further obvious that our ports are porous, and that soft targets abound. We have seen no triumphant pictures of the authorities frog marching attempted terrorists away, no success stories of how these measures have saved our lives again. We have also seen no further attacks.

This strongly suggests to this practitioner that we have a near zero incidence rate of terrorists in the US; that when a terrorist attempts an attack, he succeeds, and that the lack of attacks suggests that the attack rate is close to zero.

Data mining would be a useful tool to calibrate this theory.

I call BS

[nitpickers (1250794)]

I do web data mining for a living and there is no way any algorithm or a combination of them can give you that kind of accuracy. You will have to be a few light years ahead of current published research to do that. Unless of course the system is drawing from published news about the suspected terrorist attacks in which case what they did was do-able (not as easy as one might naively think... the web is a pretty dirty medium but definitely do-able). I will believe that kind of a thing when I see it.

Or not

[geekoid (135745)]

"... obtained illegally"

As counter intuitive as it may seem at first, agencies have strict rules on this kind of behavior.

Re:

[mOdQuArK! (87332)]

Rules are pretty damn useless at modifying behavior if violators aren't caught & punished.

Re:

[Knara (9377)]

Sadly, punishment is no guarantee of behavior modification.

Re:

[JesseL (107722)]

Capital punishment is.

Re:Or not

[Antique Geekmeister (740220)]

Then you believe that suicide bombing will go away because the bombers know they will die?

Capital punishment has its uses, but as a deterrent it's pretty limited.

Re:

[mOdQuArK! (87332)]

On an individual-by-individual basis perhaps, but if rule-breakers are regularly, visibly & effectively punished, then statistically speaking, an organization will have fewer rule breakers.

Re:Or not

[shmlco (594907)]

Well, as in many things it would seem that there's a loophole or two involved. While there are many restrictions placed on government in terms of data collection and data mining, there are few placed on individual businesses who do the same thing (think credit agencies). As such, there's little stopping the government from simply contracting out its needs to private companies.

Hindsight is 20/20

[garcia (6573)]

Wow, really? You were able to identify after the fact? Great! Real useful -- that and the fact that it's much easier to find that information when you are looking for a specific result. If this guy had come out and said, "hey, I was able to find those people before the fact," then I'd be impressed.

Re:Hindsight is 20/20

[FredThompson (183335)]

Exactly. "Connecting the dots" is always easier when you know the connections. Discovering them is a lot harder.

This guy also doesn't seem to have much knowledge of intel gathering. The idea that forward projection isn't happening is...uh...wrong, and that's all I'll say on the matter (disclaimer: I'm ex-NSA)

He also doesn't seem to comprehend the concept of misdirection, as the term is used by performance magicians.

I'd guess he can't even pronounce the name, "Sun Tzu", let alone have read the writings.

Algorithms are easy

[Mr. Underbridge (666784)]

This guy also doesn't seem to have much knowledge of intel gathering. The idea that forward projection isn't happening is...uh...wrong, and that's all I'll say on the matter (disclaimer: I'm ex-NSA)

If you're ex-NSA, then you also know that the difficulty isn't in writing the algorithms, it's in getting somebody to stitch together all the goddamn databases that are strung out all over creation.

Shit, *I* can write the social networking algorithms, anomaly detection, etc. But it doesn't do any good if you don't have the data integrated, and despite what's happened the last 8 years we still don't have it.

I also don't get the false dichotomy the author uses to rag on sensor-based detection.

Re:

[rtb61 (674572)]

I think you have missed the ultimate frailty of data mining as well. It has much more to do with eliminating false data than jamming ever more of it into the mix. Once you have false data in there it contaminates are worth while intelligence, it creates false connections and obscures the truth.

The most likely sources of false data is not the people they are trying to catch but supposedly legitimate sources pushing their own barrow, intelligent consultants trying to rack up hundreds of thousands of dollars

Re:Hindsight is 20/20

[Chris Burke (6130)]

Yeah, I've got a mother-fucking perfect Suicide Bomber detector. It never fails. 100% specificity, 100% sensitivity. Here's how it works (it's patented, so my lucrative business is not in danger by sharing my methods):

I stand around a marketplace in Baghdad. When a guy runs up to a crowd, screams "Allah Akhbar", pulls a string on his coat, and fucking explodes all over the place, I point at the spot where he used to be, and say "That was a suicide bomber".

And before you try to horn in on my business, know that I've already sold the DoD enhancements to my algorithm that covers cases where the bomber doesn't scream "Allah Akhbar", or where the bomber is a she not a he, or where the explosives are in a car not a coat. Or combinations thereof.

But seriously, it says that "his query" produced Atta's photo (and 80 others only some of which apparently had anything to do with 9/11). What exactly was this query? "9/11 hijackers"? "terrorists named Atta"? "Arabs who've been pulled over"? So Atta's driving citations means it was theoretically possible for someone to pull his name up. The question is, why would they have done this? What would have motivated someone to perform that query, and how exactly does data mining driving citations lead to the important conclusion that Atta was a terrorist?

The article makes good points that data sharing between law enforcement agencies is a good thing, and helps with such rather mundane things as finding fugitives who skip out on parole, or people who don't show up for court dates. But that MATRIX nonsense is yet another attempt to cash in on post-9/11 anti-terror funding bonanzas. Which, now that I've gotten my slice of the pie, I'm against. :)

Re:

[grassy_knoll (412409)]

It's the "80 others" which caught my eye.

Anyone know of a system with an effectively low false positive rate? When dealing with millions of "possibles", it seems even a 1% or 2% false positive rate generates far too many false positives for the system to be effective.

This system seems to generate a number of false positives even in hindsight.

I could find 19 terrorists in like 5 minutes!

[Itninja (937614)]

That sounds like an adult version of my 8-year-old saying "I wuz gonna say that" when we watch Jeopardy as a family. It's real easy to come in after the fact and impress someone with results that are already determined.

No

[goldcd (587052)]

It's like your 8-year old hearing the answer on TV - and then spieling off 78 random answers + the answer he's just been told.

Re:

[nbert (785663)]

Plus in this adult version of the game people tend to ignore that the next top terrorist will not have a profile on www.myspace.com/insaneplancehijacker/, because he/she knows that data mining exists. Legislation and the public in most western countries tends to ignore that any new countermeasures/laws will result in instant adaption on the other side.

Especially at airports I sometimes get so angry about all the silliness that I play some mind-game with the aim of blowing it all up. My current favorite is

Re:

[Klaus_1250 (987230)]

Especially at airports I sometimes get so angry about all the silliness that I play some mind-game with the aim of blowing it all up.

Last time I was at an airport dropping my sister of, I was thinking the exact same thing. I saw her going through the security-checkpoint and she had to turn on her laptop so they knew it wasn't a bom. How silly is that: "could you please activate the potential on-switch of a bomb, so we can be sure it isn't a bom?"

Not sure if it is the same everywhere, but the security-checkpoint was pretty crowded, at least 50 at the checkpoint and 100 in close vicinity. If your goal, as a terrorist, is to instill fear

Re:

[voice_of_all_reason (926702)]

The 9/11 variety attacks Wonders, but what about everywhere else?

Iraq, Israel, Southeast Asia... it's all about markets and churches and hotels for the high frag count. Like you said, a few attacks would completely shut down air travel in the United States for the foreseeable future. Like V for Vendetta, where they just gave up and abandoned the subway system.

Re:

[Klaus_1250 (987230)]

it's all about markets and churches and hotels for the high frag count.

But those are not likely to be the targets over here (Europe, North-America) and those are different kinds of terrorism. Take Iraq; some of the terrorism is a form of resistance (violence aimed at occupying forces and collaborators), some is sectarian/tribal and some is foreign/imported. Different goals, different organization, different funding, etc.

I'm not saying there aren't terrorists whose sole goal is to spread death, destruction, chaos and fear. But, apart from the occasional fruitcakes, is not so

Wonder how long until this is all public domain

[by Anonymous Coward]

I keep watching the bar for spying on people get lower and lower.

First it was suspected enemy agentz.
Then it was suspected associates, even though separation may be 3-4 people away in a chain.
Now its anyone suspected of a crime.

How long until everyone is dumped in this database for not just intel or law enforcment, but potential employers, stalkers, and violent criminals data mining for easy marks?

Re:

[by Anonymous Coward]

I keep watching the bar for spying on people get lower and lower.

First it was suspected enemy agentz.

Now its anyone suspected of a crime.

What the hell are you talking about? People suspected of crimes have always been subject to spying, e.g. wiretaps.

Hmm

[TubeSteak (669689)]

Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.

It was simple data mining and algorithms, and none of the information was obtained illegally.

1. He doesn't tell us what the "Asher's query" was, leaving us with the impression that anyone could magically ask the right question and stop crime.

2. I wonder what he means by "commercial data available in the public domain". Either it's commercial and you have to pay for it, or it's public domain. My long distance calling patterns are commercial data (and is sold by the phone company for marketing), but they're not "public domain" in the way that most of us would understand it.

Re:Hmm

[thisissilly (676875)]

"public domain" has different meanings in different contexts. In the context of copyright, which is the more common usage on /., "public domain" means "not under copyright", i.e. either there is no copyright or it has expired.

In the context of Intelligence Analysis, "public domain" [sra.com] means information that is available publicly, as opposed to classified or secret information. Whether something is copyright or not doesn't enter into it.

Maybe

[oodaloop (1229816)]

I have a lot of issues with the various things in this article, but I'll keep it to one for now. Maybe Atta could have been arrested because of better coordination between local law enforcement. But his arrest almost certainly would NOT have prevented 9/11. Moussawi was supposed to be there that fateful day, and it still went down. One person arrested, even one of the many masterminds, would not have prevented it.

Also, no local law enforcement officer would have been able to piece together this plot from looking through one car BEFORE the event. Piloting multiple planes simultaneously into various landmarks was just too implausible to be believed before it happened. Even if John McClain himself figured it out, he wouldn't be able to convince anyone to help him stop 19 other people from boarding planes in multiple airports.

Sharing information sure beats what we're doing now, both in law enforcement and the intelligence community where I work, which is holding everything close so no one else can take credit. But let's not exaggerate the benefits here.

Re:

[Fluffeh (1273756)]

Living without a gun in the house increases your chances of being utterly defenseless by 100%.

Having a gun in the house gives someone breaking into your home access to a firearm 100% of the time.

Re:

[UncleTogie (1004853)]

Having a gun in the house gives someone breaking into your home access to a firearm 100% of the time.

Not when either my fiancee or I are at the other end of it... which is darn near 100% of the time.

Re:

[Antique Geekmeister (740220)]

Sure, now you and your girlfriend have a gun to call on in a family spat. You do realize how much more common domestic violence is than home invasions with someone present?

Worst. Clairvoyant. Ever.

[Zigurd (3528)]

Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced [hijacker Mohamed] Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.

A few short weeks after the Kentucky Derby, I devised a database system that predicted the winner. Impressive, no?

Re:

[v1 (525388)]

Just because you identified a pattern after the fact, doesn't necessarily mean it's not a useful pattern to consult in the future.

Though implementing it to actually make some predictions of events that have not yet occurred, that are then validated, certainly lends it credibility.

I predict tomorrow we will have daytime.

what 70% of the population missed

[v1 (525388)]

"It was simple data mining and algorithms, and none of the information was obtained illegally"

It's a shame more of the public doesn't realize that it's not necessary to either break the law or pass laws to legalize violations of one's rights, to provide reasonable protection for the public good.

License plates

[sootman (158191)]

You often hear about the police pulling over some guy for whatever reason and finding out he had an outstanding warrant or something. I've always wondered why they don't equip police cars with a video camera and the ability to OCR every single plate that comes into view. License plates all use the same font, so they should be easy to OCR, and in theory they use a high-visibility color scheme (though that's not always the case.) [bravehost.com] The camera would scan, read the characters, and compare it to a big list of stolen vehicles, stolen license plates, vehicles that fled accident scenes or other crimes, vehicles that belong to people that have warrants, Amber alerts, etc., and any "interesting" plates would pop up on the laptop that's now in most police cars.

I'm not saying it would put up a big "pull over and detain!" notice, but it could pop up the plate, the vehicle it should be on, the owner, and why it's of interest, then the officer would decide what to do. I.e., if a car pops up as belonging to a wanted 22-year-old male but it's obviously someone else in the car (too old, wrong gender, etc.) then they would ignore it.

Of course, like anything, there is the potential for abuse, but before you freak out about privacy, remember that driving, by definition, is a very public act. We're not talking about millimeter-wave radio or looking behind closed curtains with an infrared camera, we're talking about reading the required-by-law several-inch-high unique identifier on a hunk of steel with unobstructed windows on the public roads. If you're wanted and don't want to get caught, it's your responsibility to not go out in public with a visible unique identifier.

Re:

[by Anonymous Coward]

I've always wondered why they don't equip police cars with a video camera and the ability to OCR every single plate that comes into view

There are already systems like this deployed. I don't know specifically where, but I receive a Law Enforcement monthly magazine and I've seen many ads for exactly this type of product.

A quick search for 'automated license plate [google.com]' on google brings up a bunch of relevant results if you're interested in finding out more.

Re:

[fredklein (532096)]

it's not that hard to print (in color even) a fake plate and stick it over your real one. It would not fool a cop, but if it can fool the camera, the cop'll never see it.

Re:License plates

[Wrath0fb0b (302444)]

Yeah, it's also not hard to get a screwdriver and steal someone else's plate. It's not wise for a criminal to do so because having fraudulent/stolen/non-matching plates gives the officer a whole lot of PC in case he pulls you over for something minor. Just a terrible idea all around.

I never understood why anyone involved in lucrative crime (drugs mainly) would ever commit even the most minor violation (I imagine the successful ones that you don't read about in the blotter do just this). If I were carrying anything even remotely illegal, I would make sure all my blinkers and lights work, that the plates insurance, registration and driver's license that I hand the officer are all spotless and in my name. I wouldn't speed, change lanes, honk, swerve or even imperceptibly roll a stop sign. The fact that criminals routinely cannot implement even this smallest amount of common sense boggles the mind. It's as if they just aren't thinking at all.

Re:

[hab136 (30884)]

I'm not saying it would put up a big "pull over and detain!" notice, but it could pop up the plate, the vehicle it should be on, the owner, and why it's of interest, then the officer would decide what to do. I.e., if a car pops up as belonging to a wanted 22-year-old male but it's obviously someone else in the car (too old, wrong gender, etc.) then they would ignore it.

The car belongs to a 22 year old male, a 50 year old woman is driving it, obviously stolen. Pull over and handcuff the driver with my gun d

TV and Phone Psychics?

[rts008 (812749)]

This article reminded me of all of those 'psychic hotline' adverts on TV.
I never paid much attention to them because I figured that if they were really a 'psychic', then they would already KNOW to call me instead. Had to be some kind of phone charges scam I concluded.
Hmmm, maybe I'M psychic! (nah, I'm probably just psycho)

Islands of Automation

[rlp (11898)]

I've worked in the field of law enforcement data sharing. Fact is that most law enforcement agencies are either islands of automation or very loosely connected to other agencies. The stuff you see in TV and movies ("24") is a fantasy. Adjacent towns and cities rarely share information, and this lack of knowledge can put members of their police force in danger (for instance when making a traffic stop). A few years ago, the DOJ kicked off a sharing initiative with the Global Justice XML Data Model (GJXDM). This is an XML based specification for exchanging law enforcement data that was developed at Georgia Tech. I was involved in an initiative in Ohio to share police record management system information at a state level. The system was deployed and is operational today. GJXDM has been superseded by the National Information Exchange Model (NIEM [niem.gov]). It should be noted that the NIEM model is even more complex than it's predecessor and tends to break many XML tools. The data exchanged tends to be fairly rudimentary and fairly sparse - arrests, bookings, warrants. Nevertheless, most agencies, and most states have either not implemented data sharing or are in the earliest stages of doing so.

Re:

[Tablizer (95088)]

I've also worked on similar systems, and part of the problem is that different agencies encode stuff differently. It's almost like translating one verbal language to another: you can't just copy stuff over one-for-one. The context and assumed categories/taxonomies are different.

For example, system A may separate "asian" and "pacific islander" for the race code, while system B lumps "pacific islander" into "asian" and has no pacific islander category. This is especially true in towns that may have very few o

Re:

[Ronin Developer (67677)]

I, too, worked with law enforcement data sharing and, as a senior engineer for a (probably THE)leader in law enforcement software, wrote an interface for our Ohio customers to access the OLLEISN system (and about 10 other data sharing systems as well).

Personally, the company I worked for had a system that kicked the butts of the larger initiatives. It replicated in near real time, worked with incremental data, optimized network resources and bandwidth, fault tolerant, highly scalable (from local to nationa

pff

[Kingrames (858416)]

"Data Mining In Law Enforcement"

I'll take "How do you round up the most possible innocent people and make false charges against them" for $500, Alex...

Bad news actually

[iamacat (583406)]

The same techniques will likely be effective for identifying most effective protestors against current administration, or people that can be most effectively exploiting sexually, financially or politically. In fact, terrorists generally cover their tracks much better than innocent civilians.

Re:

[ruin20 (1242396)]

The fact of the matter is that most "innocent" civilians aren't at all "innocent". We all break the law, on a daily basis. Be it five over the speed limit, downloading music, misreporting income, littering, whatever, we almost all break some part of the law.

It's left up to the officer's discretion to enforce or not enforce. And giving him more information with which to make that decision isn't a bad thing. You can't say we can't have more efficient tools because they can be abused more efficiently. You ob

It's called GOOGLE dumbass!

[rossz (67331)]

nuff said.

Algorithm training

[aero6dof (415422)]

Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.

Without additional information it's impossible to say if this is impressive, or just a stupid algorithm trick. With many mining algos, you can easily train them pull certain needles out of the haystack. The question is, will your training situation look anything like the future situations? Training the algo only with the 9/11 terrorists, would it pull out the trade center bombers, or Timothy McVeigh? Will future predictions be right or will it pull out groups of Arabic student pilots who had the misfortune of buying the same shampoo most preferred by 9 out of 10 terrorists. Especially with rare events, I think you mostly get into a hyper complicated version of correlation != causation.

Re:

[Tackhead (54550)]

> TIA standing for total information awareness.
>It was shut down over privacy profiling and other concerns, surely you remember, it wasn't that long ago.
> This story seems to lament this but geeze, make up your mind, if it's not an outcry about the lack of datamining it's someone saying datamining is one foot in Orwell's 1984.
>If this ever grows logs it'll become a political hot potato again and get dropped.

"shut down", v.t., to change the name of something, preferably in a way that doesn't e