Big data mining and predictive analytics are gaining acceptance in criminal investigations and public safety. The predictability of violent crime is the foundation for the behavioral analysis of violent crime. In many ways, terrorism is violence with a larger agenda. Terrorism and efforts to support it also encompass other crimes including fraud, smuggling, money laundering, identity theft, and murder, which have been investigated successfully with the use of data mining and predictive analytics. Like many others, we have been exploring the use of data mining and predictive analytics in crime and intelligence analysis with some very promising preliminary successes.
Far from being reserved exclusively for academic think tanks or large marketing firms, these tools are readily accessible and available in the PC environment. Advanced training in statistics or artificial intelligence is not required. Rather, “domain expertise” is the essential prerequisite. Operationally defined, domain expertise means that you have a working knowledge of your adversary, something that most military planners and strategists already possess. Domain expertise allows you to review the analytical products for reliability, accuracy and value. For example, identifying a reliable association between suicide bombers and religious extremism would add little value to our ability to combat terrorism.
On the other hand, the ability to accurately characterize, detect, anticipate, and ultimately prevent subsequent attacks based on a thorough analysis of past behavior, planning and surveillance would have tremendous value in the fight against terrorism and the protection of national security. Recent innovations in technology have allowed for the deployment of analytical products, or “scoring” algorithms to operational personnel with no formal training in statistics. These models can be used in the field for a variety of functions including risk assessment, as well as the prediction of future events or behaviors. Similar to criminals, terrorists do not respect, in fact they frequently exploit, jurisdictional and national boundaries. In many states and countries, information integration across levels of government is limited at best. This so-called stove-piping has been criticized extensively, because it significantly compromises efforts by duplicating resources and efforts, while limiting access to information resources across domains.
Sophisticated big data and text mining software is available in the desktop environment, available for analysis and for wide and rapid deployment to the areas where it is needed most, especially the theater of operations. Secure networking and information deployment associated with will allow analysts to share information and identify larger patterns and trends, including those that transcend their operational peer-review.
In many respects, it is not enough to connect the dots; we need to be able to anticipate the next move. Human behavior, even extremely violent or unusual behavior, frequently follows predictable patterns or trends. This behavior can then be characterized, modeled, classified, and even predicted in some cases. In fact, the entire discipline of criminal-investigative analysis, or “profiling”, is based on this finding. While behavioral analysis might not be able to identify a specific individual or suspect, it frequently can provide investigators additional knowledge or insight regarding what type of person might be associated with a particular crime or series of crimes. Perhaps more importantly, this type of analysis also can provide some insight regarding what type of behavior might predict violence.
In many cases and scenarios data mining and predictive analytics can identify likely motives, offender characteristics, and victim-risk factors in violent crime, if relevant data is available for analysis. In many ways, terrorism can be described as violence with a larger agenda. While the mechanism might be different, the intended outcome is the same, that is, to achieve behavioral control through intimidation, violence or threats of violence. The ability to characterize and predict this behavior could afford tremendous tactical as well as strategic value to those fighting global threat of terrorism.
The ability to accurately and reliably predict risk also can be a tremendous asset in deployment decisions. Using data mining and predictive analytics to analyze historical data has yielded models that predict when and where incidents are likely to occur. By identifying the times and locations associated with an increased likelihood of risk for an incident, one can proactively place assets when and where they are needed, thereby more efficiently utilizing our resources, and increasing the likelihood of rapid identification and apprehension, or even deterrence through enhanced presence. Telephone records, on the other hand, represent an invaluable source of information, providing additional linking and timeline information regarding specific individuals and groups. Analysis of telephone data can be extremely tedious; however, it is one area where data mining and predictive analytics can make a meaningful difference in analytical capacity.
Also, big application of analytics is in spotting identity theft, which has been with us in various forms for a very long time. Many unsuspecting consumers have had their financial lives ruined by thieves who assumed their identities in an effort to commit fraud. After 9/11, it became painfully obvious that the highjacks had easily obtained the false credentials necessary to move throughout the many systems that require identification.
Unfortunately, detection of identity theft generally occurs after something bad has happened, either fraud or something far more sinister. Manual searches of these datasets in an effort to proactively identify cases of identity theft or misuse, however, would be extremely difficult and inefficient given the extremely large amount of information involved. Alternatively, automated searches of existing information with data-mining technology could flag invalid, suspicious, or duplicate social security numbers, detecting possible identify theft before serious consequences occur. Additional information including the use of multiple birth dates or addresses, aliases, and fraudulent addresses also could be identified with data-mining tools.
While this approach would not catch everyone, it might detect enough illegal use of credentials to make this type of identity theft more difficult and deter criminal use of valid credentials in the future. It also would limit terrorists’ ability to move throughout the various systems in our country that require a social security number or other identification and force them further underground without compromising the privacy of honest, law-abiding citizens.