Data Mining In Law Enforcement

jcatcw points out a blog entry by Scott McPherson, CIO for the Florida House of Representatives. McPherson condemns the state of data sharing and data mining in law enforcement, saying that the US causes itself a great deal of trouble by focusing more on "antiterror armor and nuke-sniffing devices" than a useful information distribution network. He discusses a few such projects, and how they could have directly affected the events of 9/11. Quoting: "One of those ingenious things that actually worked, Seisint founder Hank Asher's brilliant MATRIX system, remains mired in controversy and politics. Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced [hijacker Mohamed] Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers. It was simple data mining and algorithms, and none of the information was obtained illegally."

Hold on a minute here

so he managed to write some software that analyzed the internet - and managed to produce photos of some of the people that erm had already erm been identified. Surely (and maybe I've misunderstood something here) a 'result' would be identifying people likely to commit terrorist attacks, allowing enforcement agencies to monitor them and prevent them from commiting future attacks. (and no - this doesn't mean off-shoring every muslin who downloaded the Jolly Roger Cookbook).

Re:Hold on a minute here

Yeah, he wrote software that detects terrorists after they have committed a crime.. Its key component searches google news. heh.

But really. Lots of people *may* commit crimes. Computers may decide you are likely to rob a bank tomorrow, that does not mean you will. We need to make sure the law is always about what you do not what a computer projects your going to do. The day we jail people who *might* be about to commit a crime is the day we put people in jail for their thoughts.

Re:Hold on a minute here

If you assume for a minute that the author of TFA is smart enough to figure out if this was a google search or not, this is probably pretty interesting. I'm going to, perhaps naively, assume that the data mining approach was done as a reasonable experiment of a mining approach on some set of data, and arrived at a set of names that should be interesting to check up up. I'll further assume that he properly restricted his training set of data to only data that was available before 9/11.

If that is the case, this is a pretty impressive set of results. Being able to identify, say, 5 of the attackers, and to have a number of the other hits be known associates, when the training set likely consisted of at least 10's of thousands of names, is pretty fair accuracy. The false positive rate is pretty fair, as well, especially when you contrast it to the No Fly list, which has numerous false positives, and no known successes in identifying anyone of interest.

There is likely some sort of clustering algorithm behind this, and the math behind those is pretty solid. Before you dis this, or even get excited about privacy issues, I'd suggest you check out a reference such as this [amazon.com]

I'm not really concerned about data mining as a privacy issue, and I think it's a pretty legitimate approach for law enforcement. As a side note, I do data mining and predictive analytics for a living. It's objective, it's factual, and if the practitioner is knowledgable about it, it shouldn't be stigmatizing. Indeed, it would reduce scrutiny on the majority of the folks that would otherwise be tarred by having an arabic surname and swarthy skin.

It would have the potential to be vastly more effective, and vastly less expensive than the path we are on now. One reason that we might not be using could be that we -have- used it, and didn't find anything. That's the thing about objective data mining, if there is nothing there, it'll tell you that. I don't think, for our current administration, that it's a desireable outcome to find that there is nothing to worry about. If that happened, the populace would be less fearful, and less easy to control.

Take this one step further, and apply this bit of thought. It has been shown time and again that the TSA is incompetent, and that any motivated terrorist could get a weapon on board a plane. It is further obvious that our ports are porous, and that soft targets abound. We have seen no triumphant pictures of the authorities frog marching attempted terrorists away, no success stories of how these measures have saved our lives again. We have also seen no further attacks.

This strongly suggests to this practitioner that we have a near zero incidence rate of terrorists in the US; that when a terrorist attempts an attack, he succeeds, and that the lack of attacks suggests that the attack rate is close to zero.

Data mining would be a useful tool to calibrate this theory.

Hindsight is 20/20

Wow, really? You were able to identify after the fact? Great! Real useful -- that and the fact that it's much easier to find that information when you are looking for a specific result. If this guy had come out and said, "hey, I was able to find those people before the fact," then I'd be impressed.

Re:Hindsight is 20/20

Exactly. "Connecting the dots" is always easier when you know the connections. Discovering them is a lot harder.

This guy also doesn't seem to have much knowledge of intel gathering. The idea that forward projection isn't happening is...uh...wrong, and that's all I'll say on the matter (disclaimer: I'm ex-NSA)

He also doesn't seem to comprehend the concept of misdirection, as the term is used by performance magicians.

I'd guess he can't even pronounce the name, "Sun Tzu", let alone have read the writings.

Algorithms are easy

This guy also doesn't seem to have much knowledge of intel gathering. The idea that forward projection isn't happening is...uh...wrong, and that's all I'll say on the matter (disclaimer: I'm ex-NSA)

If you're ex-NSA, then you also know that the difficulty isn't in writing the algorithms, it's in getting somebody to stitch together all the goddamn databases that are strung out all over creation.

Shit, *I* can write the social networking algorithms, anomaly detection, etc. But it doesn't do any good if you don't have the data integrated, and despite what's happened the last 8 years we still don't have it.

I also don't get the false dichotomy the author uses to rag on sensor-based detection.

Re:Hindsight is 20/20

Yeah, I've got a mother-fucking perfect Suicide Bomber detector. It never fails. 100% specificity, 100% sensitivity. Here's how it works (it's patented, so my lucrative business is not in danger by sharing my methods):

I stand around a marketplace in Baghdad. When a guy runs up to a crowd, screams "Allah Akhbar", pulls a string on his coat, and fucking explodes all over the place, I point at the spot where he used to be, and say "That was a suicide bomber".

And before you try to horn in on my business, know that I've already sold the DoD enhancements to my algorithm that covers cases where the bomber doesn't scream "Allah Akhbar", or where the bomber is a she not a he, or where the explosives are in a car not a coat. Or combinations thereof.

But seriously, it says that "his query" produced Atta's photo (and 80 others only some of which apparently had anything to do with 9/11). What exactly was this query? "9/11 hijackers"? "terrorists named Atta"? "Arabs who've been pulled over"? So Atta's driving citations means it was theoretically possible for someone to pull his name up. The question is, why would they have done this? What would have motivated someone to perform that query, and how exactly does data mining driving citations lead to the important conclusion that Atta was a terrorist?

The article makes good points that data sharing between law enforcement agencies is a good thing, and helps with such rather mundane things as finding fugitives who skip out on parole, or people who don't show up for court dates. But that MATRIX nonsense is yet another attempt to cash in on post-9/11 anti-terror funding bonanzas. Which, now that I've gotten my slice of the pie, I'm against. :)

Wonder how long until this is all public domain

I keep watching the bar for spying on people get lower and lower.

First it was suspected enemy agentz.
Then it was suspected associates, even though separation may be 3-4 people away in a chain.
Now its anyone suspected of a crime.

How long until everyone is dumped in this database for not just intel or law enforcment, but potential employers, stalkers, and violent criminals data mining for easy marks?

Hmm

Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.

It was simple data mining and algorithms, and none of the information was obtained illegally.

1. He doesn't tell us what the "Asher's query" was, leaving us with the impression that anyone could magically ask the right question and stop crime.

2. I wonder what he means by "commercial data available in the public domain". Either it's commercial and you have to pay for it, or it's public domain. My long distance calling patterns are commercial data (and is sold by the phone company for marketing), but they're not "public domain" in the way that most of us would understand it.

Re:Hmm

"public domain" has different meanings in different contexts. In the context of copyright, which is the more common usage on /., "public domain" means "not under copyright", i.e. either there is no copyright or it has expired.

In the context of Intelligence Analysis, "public domain" [sra.com] means information that is available publicly, as opposed to classified or secret information. Whether something is copyright or not doesn't enter into it.

Maybe

I have a lot of issues with the various things in this article, but I'll keep it to one for now. Maybe Atta could have been arrested because of better coordination between local law enforcement. But his arrest almost certainly would NOT have prevented 9/11. Moussawi was supposed to be there that fateful day, and it still went down. One person arrested, even one of the many masterminds, would not have prevented it.

Also, no local law enforcement officer would have been able to piece together this plot from looking through one car BEFORE the event. Piloting multiple planes simultaneously into various landmarks was just too implausible to be believed before it happened. Even if John McClain himself figured it out, he wouldn't be able to convince anyone to help him stop 19 other people from boarding planes in multiple airports.

Sharing information sure beats what we're doing now, both in law enforcement and the intelligence community where I work, which is holding everything close so no one else can take credit. But let's not exaggerate the benefits here.

Worst. Clairvoyant. Ever.

Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced [hijacker Mohamed] Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.

A few short weeks after the Kentucky Derby, I devised a database system that predicted the winner. Impressive, no?

License plates

You often hear about the police pulling over some guy for whatever reason and finding out he had an outstanding warrant or something. I've always wondered why they don't equip police cars with a video camera and the ability to OCR every single plate that comes into view. License plates all use the same font, so they should be easy to OCR, and in theory they use a high-visibility color scheme (though that's not always the case.) [bravehost.com] The camera would scan, read the characters, and compare it to a big list of stolen vehicles, stolen license plates, vehicles that fled accident scenes or other crimes, vehicles that belong to people that have warrants, Amber alerts, etc., and any "interesting" plates would pop up on the laptop that's now in most police cars.

I'm not saying it would put up a big "pull over and detain!" notice, but it could pop up the plate, the vehicle it should be on, the owner, and why it's of interest, then the officer would decide what to do. I.e., if a car pops up as belonging to a wanted 22-year-old male but it's obviously someone else in the car (too old, wrong gender, etc.) then they would ignore it.

Of course, like anything, there is the potential for abuse, but before you freak out about privacy, remember that driving, by definition, is a very public act. We're not talking about millimeter-wave radio or looking behind closed curtains with an infrared camera, we're talking about reading the required-by-law several-inch-high unique identifier on a hunk of steel with unobstructed windows on the public roads. If you're wanted and don't want to get caught, it's your responsibility to not go out in public with a visible unique identifier.

Re:License plates

Yeah, it's also not hard to get a screwdriver and steal someone else's plate. It's not wise for a criminal to do so because having fraudulent/stolen/non-matching plates gives the officer a whole lot of PC in case he pulls you over for something minor. Just a terrible idea all around.

I never understood why anyone involved in lucrative crime (drugs mainly) would ever commit even the most minor violation (I imagine the successful ones that you don't read about in the blotter do just this). If I were carrying anything even remotely illegal, I would make sure all my blinkers and lights work, that the plates insurance, registration and driver's license that I hand the officer are all spotless and in my name. I wouldn't speed, change lanes, honk, swerve or even imperceptibly roll a stop sign. The fact that criminals routinely cannot implement even this smallest amount of common sense boggles the mind. It's as if they just aren't thinking at all.

Islands of Automation

I've worked in the field of law enforcement data sharing. Fact is that most law enforcement agencies are either islands of automation or very loosely connected to other agencies. The stuff you see in TV and movies ("24") is a fantasy. Adjacent towns and cities rarely share information, and this lack of knowledge can put members of their police force in danger (for instance when making a traffic stop). A few years ago, the DOJ kicked off a sharing initiative with the Global Justice XML Data Model (GJXDM). This is an XML based specification for exchanging law enforcement data that was developed at Georgia Tech. I was involved in an initiative in Ohio to share police record management system information at a state level. The system was deployed and is operational today. GJXDM has been superseded by the National Information Exchange Model (NIEM [niem.gov]). It should be noted that the NIEM model is even more complex than it's predecessor and tends to break many XML tools. The data exchanged tends to be fairly rudimentary and fairly sparse - arrests, bookings, warrants. Nevertheless, most agencies, and most states have either not implemented data sharing or are in the earliest stages of doing so.

Re:

I, too, worked with law enforcement data sharing and, as a senior engineer for a (probably THE)leader in law enforcement software, wrote an interface for our Ohio customers to access the OLLEISN system (and about 10 other data sharing systems as well).

Pers

pff

"Data Mining In Law Enforcement"

I'll take "How do you round up the most possible innocent people and make false charges against them" for $500, Alex...

Bad news actually

The same techniques will likely be effective for identifying most effective protestors against current administration, or people that can be most effectively exploiting sexually, financially or politically. In fact, terrorists generally cover their tracks much better than innocent civilians.

Re:

The fact of the matter is that most "innocent" civilians aren't at all "innocent". We all break the law, on a daily basis. Be it five over the speed limit, downloading music, misreporting income, littering, whatever, we almost all break some part of the la

Algorithm training

Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.

Without additional information it's impossible to say if this is impressive, or just a stupid algorithm trick. With many mining algos, you can easily train them pull certain needles out of the haystack. The question is, will your training situation look anything like the future situations? Training the algo only with the 9/11 terrorists, would it pull out the trade center bombers, or Timothy McVeigh? Will future predictions be right or will it pull out groups of Arabic student pilots who had the misfortune of buying the same shampoo most preferred by 9 out of 10 terrorists. Especially with rare events, I think you mostly get into a hyper complicated version of correlation != causation.

Re:Or not

Well, as in many things it would seem that there's a loophole or two involved. While there are many restrictions placed on government in terms of data collection and data mining, there are few placed on individual businesses who do the same thing (think credit agencies). As such, there's little stopping the government from simply contracting out its needs to private companies.

Re:

Capital punishment is.

Re:Or not

Then you believe that suicide bombing will go away because the bombers know they will die?

Capital punishment has its uses, but as a deterrent it's pretty limited.

Re:

Plus in this adult version of the game people tend to ignore that the next top terrorist will not have a profile on www.myspace.com/insaneplancehijacker/, because he/she knows that data mining exists. Legislation and the public in most western countries te

Re:

Especially at airports I sometimes get so angry about all the silliness that I play some mind-game with the aim of blowing it all up.

Last time I was at an airport dropping my sister of, I was thinking the exact same thing. I saw her going through the security-checkpoint and she had to turn on her laptop so they knew it wasn't a bom. How silly is that: "could you please activate the po