[Finally, a few words from Bob Arno.]
As we travel the world every year, we interact with organized crime figures, street criminals, and security personnel along the way, observing and absorbing the latest trends in criminal behavior and the latest techniques. Over the past twenty years, I have maintained dialogs and communications with some rather interesting criminal minds on four continents. But talking about security issues and criminal behavior, on the internet or to media in general, is always a dilemma. Yes, it’s useful to reveal the latest scoop about the rogue fringe of society, but by bringing revelations into the open we might tip our hand to the bad guys.
Striking up conversations with criminals usually means we first have to detect them, identify them, and somehow confirm that they really are thieves—unless we have direct cooperation from law enforcement agencies. We’ve developed unique skills in detecting criminal behavior and patterns that we recognize before the crimes take place. Modern crime prevention is often based on similar methods and techniques, and written into algorithms for computer analysis. Yes, they are obviously very different depending on the country where the criminals are active, the type of crimes anticipated, and other cultural factors. In security circles, a common word for this analytical activity is “redflagging.”
The kick-in-the-pants for this post came from an incident we became privy to in Atlanta last week, while there to address the ASIS annual conference—the world’s largest security convention. Kevin Mitnick, the famous (or infamous) former hacker—is there such a thing as former hacker?—was also there, as a presenter and panel host on Internet abuses. Kevin, always full of new anecdotes and intriguing …˜backend’ stories, is an old friend of ours. It was his exhaustive airport encounter earlier that day (with ICE, US customs, and the FBI) that got me thinking about redflagging, which is what entangled Kevin.
In the past few weeks, two books have been published which both indirectly focus on redflagging, how to isolate a certain behavior from the norm, and then to draw conclusions. This is not exactly science, but reasonable speculation. Behavior is an extension of human emotion; it’s difficult to completely suppress our emotions, and therefore our behavior.
The new books are The War Within: Secret White House, by Bob Woodward, and The Numerati, by Stephen Becker. Both books allude to new and secret formulas used by the U.S. government as well as the private sector, to fight terrorism and crime in general. Woodward’s book speculates about isolating terrorist leaders and taking them out with precise weapons. In his blog, Schneier on Security, Bruce Schneier wagers that Woodward is talking about “tagging.” The speculation centers around new technologies, but we can be quite certain that some algorithms on behavior are reasons for the new successes in the war on terrorism.
The other book, The Numerati, is not about politics or security developments. It’s about the latest trends in analyzing emerging patterns by drilling through data banks. A good review, “Drilling Through Data,” can be read in The Wall Street Journal, and there’s an interview with the author on NPR. The book discusses security software analytics. The last part of the book covers irregular pattern recognition and Jeff Jonas’ work in the casino industry. A good introduction to the world of Jeff Jonas and his contribution to the security industry is posted in O’Reilly’s Etech Conference pages from March 2008. Jeff Jonas works for IBM (and we assume for divisions of our National Security Agency, in some capacity or another). To get the gist of his talk on casino scams and how to detect crime in casinos using surveillance technology coupled with databases of known criminals, you have to drill further. This is very good reading for those with an interest in irregular pattern recognition.
Neither book sheds any precise information on what we want to know most: what are the security agencies concentrating on when they assemble their “trip wires” for redflagging? And that’s good; why should we let the other side know how they’re spotted?
In its most simplistic application, analytics are used in surveillance software in the retail and hospitality industries, and in public places. For example, the scanning of individuals hovering or loitering around an entrance or in a hotel lobby; the number of seconds a cash register’s drawer stays open in a store; how the hands of the employee at that cash register move; the angle of the hand holding the credit card (think portable skimmers).
All of which is just foreplay to the real issue: the behavior of terrorists. What speed or pace and how do they walk when approaching a target? How does a female terrorist behave differently from a male? How do they behave when stopped or challenged? And most important, what about their face reactions? Can a telephoto video scanner pick up micro-expressions and can the latest research by people like Dr. Paul Ekman and Mark Frank map these movements with accuracy?
For some interesting current examples of micro-expressions, watch again the recent Sarah Palin interview on ABC Evening News with Charles Gibson.Â Â The moments for interpretation come at three minutes and 59 seconds, when Charles Gibson asks her if she has ever met with foreign heads of states. More of the same expressions when Gibson asks whether Russia was provoked to go into Georgia, five minutes and 13 seconds into the interview. And finally, at eight minutes and 34 seconds, at the question about the Bush Doctrine. Whether the clenching, lip protrusion, closing of eyes, and swaying can be interpreted as precise proof of one thing or another is up to the students of Paul Ekman.
Redflagging as a form of profiling is controversial. My points above illustrate how complex and far-reaching the conclusions may be to our society. I have not even touched on the privacy angle, the national security aspects, and what the bad guys can do to counteract the revelations made by media on the latest security innovations. Ultimately it comes down to the old argument: what do we keep secret (for national security) and what do we allow the public to know in order to protect privacy and maintain open political dialogs?
My objective today is to draw attention to the constant need to fine-tune information analytics. It is the lack of qualified experts drawing useful conclusions, which has triggered all kinds of recent mishaps, near financial ruin, and security lapses. This article is not meant to start new political discussions on security secrecy or privacy protection. Others who specialize in advancing and protecting both viewpoints are far more qualified.