Balkinization: Can Super Crunching Help Find Terrorists?

Can Super Crunching Help Find Terrorists?

Ian Ayres

An important part of the multipronged attack against the use of torture is the claim that torture does not produce useful information. We don’t even have to consider the barbaric costs to our integrity, if the practice doesn’t produce any benefits.

But it’s not clear that the same “no benefit” argument can be said about data mining the phone records of the “community of interest” surrounding investigative targets.

The NY Times reported yesterday that national security letters sometimes went beyond asking for information on the calls of targets by including the sentence:

“Additionally, please provide a community of interest for the telephone numbers in the attached list.”

The article explained that community of interest data “might include an analysis of which people the targets called most frequently, how long they generally talked and at what times of day, sudden fluctuations in activity, [and] geographic regions that were called.”

The Times’ spin is that this technique exponentially increased the breadth of the judicially unsupervised data collection.

But frankly, it’s still unclear what was being done. The article says that the community of interest analysis:

was limited to people and phone numbers “once removed” from the actual target of the national security letters.

So it is not clear whether the technique was limited to “an analysis of which people the target most frequently called” or whether it also analyzed the people that these “once removed” people called. Since the national security letters sometimes included groups of telephone numbers, they may have also asked if the “once removed” people of target A ever communicated with the “once removed” people of target B. It’s easy to think of reasons why there might be false positives with such connections (e.g., both people might have called the same dry cleaner). But these connections can also be valuable.

I know because I’ve used it myself.

A couple of years ago, my cell phone was stolen. I hopped on the Internet and downloaded the record of telephone calls that were made both to and from my phone. This is where "community of interest" analysis came into play. The thief made more than a hundred calls before the service was cut off. Yet most of the calls were to or from just a few phone numbers. The thief made more than thirty calls to just one phone number, and that phone number had called into the phone several times as well. When I called that number, a voice mailbox told me that I’d reached Jessica’s cell phone. The third most frequent number connected me with Jessica’s mother (who was rather distraught to learn that her daughter had been calling a stolen phone).
It became clear that the thief was Jessica's boyfriend.

Not all the numbers were helpful. The thief had called a local weather recording a bunch of times. By the fifth call, however, I found someone who said he’d help me get my phone back. And he did. A few hours later, he handed it back to me at a McDonald’s parking lot. Just knowing the telephone numbers that a bad guy calls can help you figure out who the bad guy is. In fact, cell phone records were used in just this way to finger the two men who killed Michael Jordan’s father.

Valdis Krebs used network analysis of public information to show that all nineteen of the 9/11 hijackers were within two email or phone call connections to two al-Qaeda members who the CIA already knew about before the attack. Of course, it’s a lot easier to see patterns after the fact, but just knowing a probable bad guy may be enough to put statistical investigators on the right track.

The 64,000 terabyte question is whether it’s possible to start with just a single suspect and credibly identify a prospective conspiracy based on an analysis of social network patterns.

None of this is to say that datamining should be conducted without much more judicial oversight. But it is to say that the potential benefits of Super Crunching -- even of people who are trying to cover their electronic tracks -- stand on a firmer footing than torture.

Posted 7:39 AM by Ian Ayres [link]

Comments:

Community of interest analysis has been the foundation of a series of programs meant to identify terrorist cells such as the Clinton era Able Danger program, which allegedly identified the Atta 9/11 cell, if not its mission.

Here is a sample of the kind of intelligence product produced by a community of interest analysis of the Able Danger team.

Given that Able Danger's technology is almost a decade old, used only a tiny fraction of current computer capacity, and limited itself to publicly available information, today's community of interest analysis using current capabilities and information gained by warrant or national security letters is probably an extremely powerful tool to identify terrorist cells.

If I am still alive when they declassify these programs, it will be very interesting to learn how effective they have been.

# posted by

Bart DePalma : 11:42 AM

Ian, I assume, but don't know, that the pattern is as follows: Person B ( a suspected bad guy) calls Person C (as to whom there's no evidence of good/bad behavior) who in turns calls Person D (one step removed from B, and also not someone evincing bad behavior).

So should D's communication behavior be subjected to this sort of surveillance or not?

What about D's communication with E,F,G, etc.? Under the principle of six degrees of separation, one can see that no many hops are needed to include all communications in the surveillance.

And why can't this topic be more clearly discussed by the various government authorities?

# posted by

Reed Hundt : 5:37 PM

Sadly, "Super Crunching" is trivial to defeat if only one has a tiny amount more brain than the thief of the cell phone who used it to call his girlfriend and her mother -- repeatedly.

Also, the value of this technology, other than as an ex post facto analysis method, is very limited due to the number of false positives it tends to generate. That renders it useless before there is some other indication of criminal intent, and then there is no real need for super crunching, as it takes little power to crunch the subset required (see Ian's story, for example) when you know at least some of those you are after -- and it also doesn't invade the privacy of the public wholesale.

# posted by

C2H50H : 11:36 PM

C2H50H said...

Sadly, "Super Crunching" is trivial to defeat if only one has a tiny amount more brain than the thief of the cell phone who used it to call his girlfriend and her mother -- repeatedly.

Community of interest analysis is far more involved than that. The government has developed and keeps refining terrorist profiles which detail how they interact with the world around them on several levels. This is how Able Danger was able to find a needle like Atta in the enormous stack of needles which is the US.

As with any analysis, there are false positives. However, the object is to minimize these false positives, not to exploit them for laughs and giggles so they can violate your privacy.

# posted by

Bart DePalma : 9:26 AM

"Bart" says:

Here is a sample of the kind of intelligence product produced by a community of interest analysis of the Able Danger team.

I recognise that type of diagram. It's display output of the PenLink database (or a very similar program) for keeping track of "baddies". I could probably whip one up showing the "network relations" of the proprietors and commenter here on Balkinization" in a half an hour. You can attach photos, notes, addresses, phone call logs (including content files), etc., into the diagram. Yes it's useful. But it's not anything beyond what police have been doing (by hand or by computer) for quite some time, in tracing criminal networks. Colour me unimpressed.

Cheers,

# posted by

Arne Langsetmo : 1:22 PM