Big Data Helping to Pinpoint Terrorist Activities, Attacks (UPDATED)
When Mark Taylor, a New Zealander who left his country to fight for the Islamic State, tweeted some musings in the fall of 2014, he did not realize he was giving away his exact location in Syria. Once realizing his error, he deleted 45 geotagged tweets, but not before intelligence groups had seen them.
Governments and groups across the globe are using these slip-ups, and other pieces of information gleaned from the internet, to gain a better understanding of what terror organizations, such as the Islamic State, may be planning.
The data collected ranges from phone metadata — which the National Security Agency gathers — to nuggets of information pulled from social media platforms such as Twitter and Facebook. Big data platforms can then analyze and render easily digestible information. This could include trends or even singling out suspicious individuals who may be plotting attacks.
Using big data for counterterrorism efforts will only become more prevalent as time goes on, said Josh New, a policy analyst at the Information Technology and Innovation Foundation’s Center for Data Innovation. CDI is a Washington, D.C.-based think tank that focuses on the intersection of data, technology and public policy.
From collecting pieces of data such as flight or financial records, officials can connect the dots and identify threats or suspicious people, he said.
And as the technology evolves, more pieces of data can be imported into the systems. For example, social media platforms such as Twitter and Facebook are both relatively new sources of data that are ripe with information for the picking, New said.
Counterterrorism officials tracking the Islamic State — also known as ISIL or ISIS — have found that the group gives away a great deal of information, he said. The Taylor case is only one example of terrorists sending out location information.
“Social media is a very useful tool for intelligence,” he said. There are “opportunities to gain actionable insight.”
In a report titled, “The ISIS Twitter Consensus,” by the Brookings Institute, a Washington, D.C.-based think tank, authors J.M. Berger and Jonathon Morgan found that at least 46,000 Twitter accounts were used by ISIL-supporters between September and December 2014. Hundreds of these users sent tweets that included location metadata.
Some experts estimate that ISIL members and supporters post to social media up to 90,000 times a day.
One of the highest profile uses of data collection for counterterrorism efforts includes the NSA’s bulk phone metadata collection program. The program was brought to light after Edward Snowden, a former contractor for the agency, leaked classified information showing that NSA was collecting enormous amounts of information from U.S. citizens’ phone records in 2013. Civil rights activists around the world harshly rebuked the agency, though leadership contended it was operating within the law.
Navy Adm. Mike Rogers, director of the NSA and commander of U.S. Cyber Command, said in a February speech that privacy concerns related to the NSA’s collection of bulk phone metadata are valid, and the onus is on the agency to prove that it is being responsible with it. He insisted, however, that the program is legal under authorities granted to the agency under the Patriot Act.
“The metadata collection generates value for the nation. I honestly believe that,” he said during a discussion hosted by the New America Foundation. “Is it a silver bullet that in and of itself guarantees that there will never be another 9/11 or there won’t be a successful terrorist attack? My comment would be ‘No.’ … It is one component of a broader strategy designed to help enhance our security.”
The bulk phone collection authority expires in June unless Congress renews it, he said. Losing access to that data would make the NSA’s job much more difficult in finding and apprehending potential terrorists, Rogers said.
“Do I think that if we lose it, it makes our job harder? Yes. On the other hand, we respond to the legal framework that is created for us,” he said.
Dfuze has records on attacks from Irish Republican Army bombings to more contemporary incidents, he said.
Users — which include counterterrorism officials around the world — can upload a variety of content into the database, including what type of accelerant was used in an attack, Fretwell said. Users can then sort through previous events and see if that accelerant was used before, potentially finding a trend.
It is also particularly useful for transmitting crime scene photography back to a command center rapidly, he said.
In the United States, the Bureau of Alcohol, Tobacco, Firearms and Explosives uses the system extensively, Fretwell said.
The technology, which grew out of Scotland Yard’s U.K. Police National Bomb Data Centre, can help officials better analyze a terrorist attack, he said. The company began development of the system about 15 years ago. Paper records were still in use and counterterrorism officials needed a more efficient way to sort through information, he said.
“Obviously in the U.K., unfortunately, we had a long history of Irish terrorism, so there were massive amounts of data which were not only useful to the U.K. but was useful to other countries around the world in terms of terrorist methodologies,” he said.
Dfuze also allows for easier information sharing, Fretwell said. When he worked in Scotland Yard, different floors or offices had their own databases and it was extremely difficult to share information, particularly if it was encrypted.
“I couldn’t exchange data with the office next door because they used a different system,” he said. Now with Dfuze, officials can easily share that data with others if they wish.
The system is currently being employed in 40 different countries, including Australia, Singapore, Canada, the Netherlands and Hungary, he said.
“Each country has its own database containing its own data, but you have the ability to exchange data, encrypted data,” he said.
During the July 2005 attack on the London Underground — which killed 52 people and injured more than 770 — Scotland Yard was able to quickly send partner nations information regarding the attack using the system.
“We were able to send encrypted files to, at that time, probably 25 countries around the world which they could just upload into their system, and they would have all the crime scene photography, the scientific reports, the reports of the make up of the devices, without having to manually feed that into their system,” Fretwell said.
Leidos is another company that develops big data products to gather intelligence from multiple sources in real time for counterterrorism efforts, particularly in the cyber realm, said Tom Lash, program development director at the company.
“Big data technologies become critically important in combating cyber terrorism because cyber defense systems generate a tremendous amount of data that can be analyzed over long periods of time to identify vulnerabilities,” he said.
Social media has provided companies who work with information technology new data points to collect, he said. This gives analysts “perspective that was historically not available,” he said.
Leidos works with all of members of the intelligence community and military services, he said in an email interview. Lash said the company’s use of big data has “saved a significant number of American and coalition lives.”
Big data products will continue to grow more sophisticated as time goes on, he said. “Data continues to get bigger, faster and more accessible, and we are seeing some aspects of big data maturing,” he said. Real-time analyzing of data is becoming increasingly critical.
However, big data as it applies to counterterrorism is still in the beginning stages, Lash said.
“I think we are still in the early innings of applying big data technologies to counterterrorism missions. The cyber domain has an equalizing effect for asymmetric threats, requiring relatively little investment for terrorist groups spanning international boundaries,” he said.
While big data can help in predicting or analyzing terrorist attacks, government agencies and companies employing the technology must be mindful of privacy concerns, said Bhavani Thuraisingham, a distinguished professor of computer science and the executive director of the Cyber Security Research Institute at the University of Texas at Dallas.
Thuraisingham — who has been studying big data for decades and has focused her research on how it can be applied to counterterrorism — said the technology can help, but there are still false positives and negatives.
A balanced approach is needed, she said. For example, if a person with no ties to Turkey suddenly begins making frequent trips to Istanbul, that should be a red flag, she said. However, there may be a legitimate purpose. Tabs must be kept on that person until it is known they are not a risk, she said in an interview with National Defense.
There also needs to be more accountability, she said. There have to be audits and a framework for how long data can be kept.
In a January opinion column in The New York Times, Thuraisingham argued that big data systems alone cannot keep the world completely safe.
“I believe in individual privacy, but in order to prevent terrorist attacks like the one in France, it is essential that technologists work with privacy advocates and lawyers to create a system for collecting meaningful data about people who are suspected of being radicalized,” she said, referencing the January terrorist attacks in Paris where 17 people were killed over three days.
“We need policies and laws that outline rules for analyzing data about people to extract meaningful, predictive information, because without it, we cannot use technology to keep us safer.”
Clarification: The Center for Data Innovation is affiliated with the Information Technology and Innovation Foundation.
Topics: C4ISR, Intelligence, Cyber, Infotech