The era of the fingerprint has given way to the digital footprint.
Counterterrorism investigators still rely heavily on tools such as surveillance cameras, license plate readers and facial recognition software to track potential terror plots in the physical realm. But they now delve with as much vigor into the social media activity of suspects.
Investigators plot digital networks. They do what is called “sentiment analysis” to determine how a suspect feels. They swim in the sea of data freely provided by the burgeoning use of social media around the world.
That is the upshot of a forum Tuesday by the German software giant SAP that brought together officials from the CIA, FBI, law enforcement and private security companies under the title “Wave of Change.”
“We learn more from the digital footprint of most of the individuals we investigate than from their physical fingerprint,” said Rebecca Weiner, assistant commissioner of intelligence analysis for the New York City Police Department’s intelligence bureau.
Data analysis of social media “is revolutionizing crime fighting as well as counterterrorism,” she said, even as agencies struggle to stay abreast of the “dizzying array of data services and platforms” that allow them to monitor social media.
“Are we going to find every pledge of allegiance to (Islamic State leader) Abu Bakr al Baghdadi on 1.7 billion Facebook accounts? Are we going to see that on 500 million tweets at NYPD? . . . Absolutely not. But we are able to find stuff we would have never found before,” Weiner said. “So we can find an individual who is an ISIL sympathizer in Staten Island or the administrator of an extremist forum in Manhattan.”
Social media accounts can give federal investigators an immediate look at a suspect’s network of friends and associates, said Philip Mudd, a former CIA counterterrorism analyst who also held a top post in the FBI’s National Security branch before retiring in 2010.
“I need context. Do they quote verses from the Quran? Do they talk about acquiring nails from Amazon because they are going to build a backpack bomb?” Mudd asked.
Mudd said physical surveillance tools also remained critical in an unfolding terrorism eventsuch as the two bombings that shook Seaside Park, New Jersey, and a street in the Chelsea district of Manhattan on Sept. 17.
Investigators can gather cellphone data and emails from the suspect, he said, but they must fuse it with other sources of data, requiring massive digital capabilities.
“I want to know, are there license plate readers showing this person coming through the Holland Tunnel? Are there commercial cameras in the neighborhood – ATM cameras, stores, banks – that might show who was in a two-block radius over the past 48 hours? I want to fuse that with the phone and email” information, Mudd said.
The need for law enforcement to crunch data, crosscheck it and fuse it is huge and growing, he said.
Experts refer to the challenges of such massive data sifting as the four Vs – volume, variety, veracity and velocity – and say the key is in finding useful data amid the chaff.
“We can take a look at some 10 individuals sitting over there in Syria,” said Michael Steinbach, executive assistant director of the FBI’s National Security branch. “You try to find out who their associates are. There may be 1,000 individuals who are friends or associates or followers. You multiply that out by 10 and you have 10,000.”
Suspected terrorists, just like everyone else, post to social media for the world to see, and even as they turn to encryption, they still have public profiles, experts said.
“We do freely make available information about ourselves episodically that we may think isn’t terribly revealing but aggregated, it reveals a whole lot,” said Weiner, who is a Harvard-trained lawyer.
“There’s a lot out there with social media and it’s up to us and, you know, our partnership with technology companies to figure out how we can exploit that which is available in the open source,” Steinbach said.
In some cases, FBI experts turn to the somewhat creepy sounding sentiment analysis, monitoring the social media accounts of a suspect to extract mood changes or emotional reaction.
If a suspect espouses violence or takes steps to mobilize, Steinbach said, the FBI can act.
“I’m not talking about tracking the sentiments of all the legitimate people out on social media. But once we’ve identified an individual, and predicated an investigation, that person, we can track his behavior and his steps toward mobilization,” Steinbach said.
After only a day of investigation, skilled analysts can create massive profiles of suspects, gathering video, recordings, social media extracts and other data for the FBI brass, Mudd said.
Mudd said they could then go to the FBI director and say: “Let me give you a picture, of petabytes of data, from sources we didn’t anticipate a year ago, and let me tell you how we’re on to these people so another innocent won’t die.”
As the quantity of digital information doubles every two years, handling big data is vital, particularly as foreign nations probe U.S. cyber defenses, said retired Army Gen. Keith Alexander, former head of the National Security Agency and the U.S. Cyber Command.
“We are going to be attacked,” he said. “Our nation needs a solution, and I don’t buy this issue of ‘We can’t do it because it’s too much data.’ The reality is that we can and we must.”