Data vs. Analysis in Counterterrorism

This article argues that Britain's counterterrorism problem isn't lack of data, it's lack of analysis.

Posted on June 14, 2017 at 1:00 PM • 20 Comments

Comments

DanielJune 14, 2017 2:32 PM

For a timely and alternative view from America there is this recent article that appeared in the latest edition of The Harvard Law Review:

https://harvardlawreview.org/2017/06/why-do-courts-defer-to-cops/

The essay argues that the American judiciary is a case study in what happens when a country relies too much on perceived analytical expertize. Courts perceive police as experts on crime due to selection bias: judges typically interact with the police when the police get it right (arrest the thief) and rarely interact with the police when the police get it wrong (mistaken identity). The result of this selection bias is that courts have an overinflated sense of the police's real expertise.

The same is likely true in the inverse with counterterrorism efforts. Since terrorism stories are so sensational there is a tendency to focus on all the times intelligence services get it wrong (false negatives) while ignoring all the times the intelligence services get it right (true negatives). This leads to an underestimation of the actual effectiveness of data analytics. So the question then becomes upon what basis is there to conclude that an increase in analysts will lead to a decrease in terrorism? None whatsoever. The far more likely outcome of an increase in analysts is an increase the rate of false positives (people who are judged to be terrorists but are not) simply due to the pressure of these new analysts to find something wrong to justify their positions.

WinterJune 14, 2017 2:36 PM

During the recent elections in the UK, May's message concentrated on removing rights from the population as the only option to security. This was obviously inspired to distract from the fact that she personally had considerably reduced the workforce responsible for security and response services.

In short, the message was to pay less people, but let them beat up more suspects.

This article just shows what we already know: This does not work. No security without competent people on the ground. And I might add, no security without help from the population.

This message is only very slowly sinking in, it seems.

RhysJune 14, 2017 2:48 PM

A material contribution, perhaps. Not the only, nor as material as others, I proffer.

This faith in persistent surveillance (omniscience?) is not shared between our two nations.

Nor is the understanding that security might not be an absolute condition, rather a quality of condition with some variability.

This article makes reference to the need to supply "context".

For most of us in both our nations, the context with which murder is a viable option is either objectified as "evil" or puzzled as some form of mental defect.

The Brits, as we, are accepting people with different cultures, different point-of-views, different logics, decade to millennia of physical violence as a part of daily life- contexts that are unfamiliar to our larger communities.

Further, more analysts only adds more complexity and, potentially, and diversity.

With all that we have available- we still have had everything from McVeigh & Nichols to 911 and San Bernadino. Should we have given up what we have paid for the Patriot Act, FISA courts, elimination of Posse Comitatus?

Its an effort in balance.

A final point to be considered. Marginal utility.

Every additional unit of data or information doesn't work toward actionable intelligence (knowledge?). Or intervention.

Instead, it militates against against those outcomes.

CommenterJune 14, 2017 9:52 PM

Across Europe, the military industrial complex and surveillance industries have taken advantage of recent incidents to boost sales of often useless, expensive equipment en masse, encouraging a type of fear politics reminiscent of the US post-911, in some case relying on the revolving door effect of close ties between officials and industry.

Constitutions are being hastily rewritten with radical legal reforms and the new laws put in place are often vague allowing for many loopholes. European leaders usually refuse to admit, but should, that many of these laws effectively curb human rights, and effectively further reduce accountability for intelligence and law enforcement agencies even when they are found to be overstepping their authority.

What seems to highlight this pretty well is the fact that many countries with even worse records than the West are using these hasty changes to justify new "antiterror" and "conspiracy" laws which further curb free speech and democracy, increase surveillance, etc. China most notably, and many well-known human rights abusing-countries in Asia, (even Japan) as well as many Middle Eastern and African countries are doing this.

The critical issue with the premise that more data analysis is a good solution is that it doesn't recognize the issue that most judges presiding over the new laws have insufficient security expertise and that they often do not realize how critical technical details they are unaware of can determine whether an agency is overstepping its authority or violating rights and that often due to time constraints they end up having to rely on experts that are potentially under some form of pressure (whether direct or not) from parties with close ties to the agency that has allegedly acted improperly. Equally, most experts that the legal system reach out to have links to the mainstream tech industry. This is an issue due to the nature of the typical industry "business model" which involves regarding data collection and analysis as purely harmless and a good thing. Sadly, few of those with expertise who are in the more "paranoid", less corporate or mainstream group of the security "community" are taken seriously.

The issue with more analysis is that it allows agencies to create even more opaque systems that potentially violate the human rights/privacy of citizens and reinforces this as an acceptable mechanism. Agencies ought to have a responsibility to technically prove to citizens that their systems don't and cannot violate their rights before going ahead with them. Citizens currently have to either rely on the (in this area) often highly faulty judgement of the legal system (sometimes courts don't even play a role) and otherwise just trust the words of the agency or government officials (who could be under pressure from said agency). There is no balance whatsoever. Governments' attitude on the risks of their policies usually effectively boils down to "trust us to do the right thing", but when it comes to trusting citizens enough to let them have real privacy and rights, the attitude is "we must surveil you to catch criminals", i.e. we won't trust you at all.

Due to little disclosure, a broad lack of expertise on critical technical aspects of these systems in governments and the judicial system, and citizens (whose understanding is not aided by the dumbing down of mainstream technology by silicon valley et al.), these systems end up becoming opaque, classified, insecure, expensive and leave loopholes that allow (almost guarantee) rights abuses and perverse outcomes to occur (and eventually get covered up).

Another major issue with the enormous amount of data being collected is the security of the systems being used to collect and store this data which often leaves much to be desired. When leaks and breaches occur, those responsible for pushing the data collection refuse to take responsibility for the perverse outcomes and are not held to account. Another issue that the legal system has yet to catch up with is where the data is actually stored. When citizens disclose highly sensitive and rights-critical information to governments or even corporations, are they also disclosing the information to undisclosed third parties, e.g. cloud providers?

Which (third party) servers data that a government collects (e.g. travel records, phone call, data and location records, license plate location records, etc) are actually stored on should be an issue and considered for disclosure. Even if said "cloud" providers don't use the data for their own business purposes, it can potentially mean that these global corporations can be legally forced to disclose data to hostile governments or that this data is more easily accessible to state-sponsored attackers. Merely that the "government cloud" business even exists is really worrying.

I wish more would consider Adi Shamir and Brian Snow's comments on the cloud at the 2010 RSA Conference Cryptographer's Panel.

Shamir: "...once most people move their IT operations into the cloud, it is going to be the wet dream of governments...".

Snow: "I'm not fond of the cloud either...you don't know what is cuddling up to [your systems] and going into your pockets...", "[Write] your contracts very carefully...otherwise you are at great risk..."

FallJune 14, 2017 10:07 PM

The more government and media focus on this the more fear they end up creating, and sadly the more such events will occur. These events are often the result of a very bad attempt at trying to be heard and will cause more and more of those inclined in this direction to fall into the trap. Hype, removing rights from citizens, surveillance and analytics will not solve the issue. In fact it will make things much worse, and have devastating effects on free society.

DroneJune 15, 2017 6:07 AM

Even if you do have enough human resources to analyze all the intel data, it makes absolutely no difference if you are being prevented from taking action because of political correctness.

EvanJune 15, 2017 6:08 AM

Of course the volume of data collection isn't effective counterterrorism. Mass surveillance isn't about preventing terrorism, or any crime. It is, and always was, about finding evidence and creating justification ex post facto. That's why, after an attack, as soon as the perpetrator is identified, we can immediately point out all the times they did something suspicious or associated with known extremists - it's not just that hindsight is 20/20, it's that the system is built for hindsight. It isn't meant to prevent terrorism, but to enable the government to indict and prosecute people the government chooses to target, whether they are terrorists or criminals or simply dissenters (the distinction is increasingly blurry).

WinterJune 15, 2017 6:21 AM

@Drone
"it makes absolutely no difference if you are being prevented from taking action because of political correctness."

What are you implying here? That the UK police does only arrest suspects who are Muslim? Or male? Or young?

MichaelJune 15, 2017 7:50 AM

Unfortunately politicians are less interested in delivering public safety than giving the appearance that everything is being done in the name of public safety.

Collecting data is relatively cheap. Analysing it is expensive. You still get the kudos if you just collect it because you can stand at the lectern and declare "We're gathering terabytes of data on the terrorists."

Clive RobinsonJune 15, 2017 8:59 AM

@ Bruce, All,

You may not be aware, but there was a very serious fire in a 1970's built residential tower block in West London a little over 24hours ago.

https://www.theguardian.com/uk-news/live/2017/jun/15/london-fire-17-confirmed-dead-as-police-expect-more-fatalities-after-tower-block-blaze-latest

It would appear that the cause was "Corporate Manslaughter" according to some, because money was not spent on what were known to be dangerous conditions that the Tenant Managment Organisation (TMO) did not spend money on resolving despite numerous complaints by many residents.

Why is this relevant to catching terrorists, well it's the "What resources is a life worth" question. Not just the usual time/materials/labour cost but the political cost.

The UK's current political encumbrants and their predecessors had an attitude of "the market knows best" and as a result both outsourced work and reduced spending. This was across all the emetgacy services (PM May on Police Services, Johnson on Fire Services and Hunt on the Ambulance Services) . PM May was also involved when Home Office Minister on rearanging and reducing resources to the domestic inteligence services (MI5 / SOCA now NCIA / Met Police and others).

Which brings us back to the "cost of a life" question. Atleast 17 people are known to have died in the fire and this is expected to rise considerably. Certainly beyond the numbers killed in the three recent terrorist attacks. The tower block was designed for an occupancy of over 500 people and currently nobody actually knows how many were living their and how many are still alive.

The simple fact is the TMO in line with the wishes of the current political encumberants were "doing their dirty work at arms length". But worse were maximising profit at the expense of safety. The known list of their safety failings is so long it would be inapropriate to list it. But the money they should have spent on real safety would be less than 1millionGBP --aprox the same in dollars-- would be good for a quater of a century and protect more than 500 people. So say an anual cost per head of 80GBP.

Now lets look at the cost in terms of spending on anti-terrorism? I wish I could give you a figure but it's kind of secret. But you are looking at maybe 10,000 people all told at around 100,000GBP average cost per person per year or 1billionGBP.

The number of people killed and injured per terrorist attack is on average less than happen on the roads in the same day.

Thus the answer to the resources question is without doubt a political one, and for all the puvlic rhetoric from the current political encumbrants in the UK destined to fall significantly as soon as terrorism is of the MSM front page. To give you an idea PM May was personally responsible for axing 20,000 front line police officers who realy were the "eyes and ears" of the security services, not the general public.

And this is realy the big hidden detail in the "how much data" and "how many analysts" question.

The general public are generally very bad eyes and ears for the intel agencies, the cost of checking a "public lead" is not just way to high it's also very difficult to analyze. Police reports however are far more reliable. Most community police officers "know" not just the people making reports, but the people being reported. They see their daily activities and by and large they are fairly good analysts.

Importantly community police officers see non elrctronic communications, they see who knods at whom, when peoples habits and behaviours change and a whole lot more.

PM May's Snoopers Charter is realy a method of moving money around, from frontline staff to "the geeks and their computer toys". Computers don't know people nor do the algorithms, and they can not see or work on what is not in electronic form.

Even home grown terrorists have heard PM May's relentless droning about electronic communications and no place in the cyber world where the authorities can not go. Whilst they are possibly not the brightest individuals around, it appears that UK terrorists have solved the problem by not using mobile phones or other electronic communications. That is they have out evolved Mrs May's thinking ability from just listening to her droning on...

Thus spending any further resources on these "back room cyber analysts" frankly will not produce anywhere near the gains of spending the same money on front line staff both community and emergancy.

But then that would not put money in the pockets of those that give party political donations and nice cozy 10,000GBP/Hour jobs to MPs and their senior civil servant advisors.

vas pupJune 15, 2017 9:23 AM

Those two articles related to subject of this post:
'US rethinks Chinese investment in AI start-ups':
http://www.bbc.com/news/technology-40277987
How BAE sold cyber-surveillance tools to Arab states:
http://www.bbc.com/news/world-middle-east-40276568
"Once you've sold the equipment to someone they can probably do what they want with it," says Ross Anderson, professor of Security Engineering at Cambridge University.
"An Arab country wants to buy cryptanalysis equipment supposedly for its own law enforcement. They have embassies in London, Washington, Paris and Berlin. What's to stop them putting bulk surveillance equipment in our cities and then using the cryptanalysis equipment to decipher all the mobile phone calls they hear?"
Despite British objections, the Danish authorities approved the Evident export.

Clive RobinsonJune 15, 2017 9:26 AM

@ Drone, Winter,

With regards "political correctness" it is actually a serious problem, because amongst many other things it helps the recruiting process.

Somebody I know who has a political office and is from one of the moderate Muslim communities pointed out one or two sailent facts to me one evening when we were having a chat about other thinks and "PC" came up. He said that "Political Correctness is the biggest stick ISIS have to beat you with". Which was a comment I could not let pass. He pointed out that under their view of the Quaran lying was not a sin but was to be actively encoraged in "recruiting the faithfull". So it did not matter what we did good or bad it would be told in the worst possible way as though it was God's own truth. Further it gives a no responsibility mentality, every thing they do must be right and every thing we do that is not active support for them must be not just bad but the work of Satan. Thus you can not win by moral or honourable behaviour with them, only with those who are not like them.

To by far the majority it is a totaly alien view point, worse when added to a willingness not just to kill but die whilst killing it gives an almost insoluble problem.

Which is what we have to contend with.

Whilst I do not like saying it, the implication is we can not stop the killing, intel will always fail sufficiently that we will have terrorist incidents of the current form. It is literally a "suicide by cop" senario, thus all you can do is try to minimise the effect by very rapid first line response and physical security mechanisms that stop the ability of vehicles and the like being driven into crowds etc.

Even training more members of the public in first aid would probably be more helpfull than spending more on analysts to reduce the actuall impact on society in the UK. As well as helping reduce other deaths due to road accidents and heart attacks/stroke.

hermanJune 15, 2017 10:02 AM

@Clive Robinson: My first thought was that the developer bought cheap tiles from Dubai, which after several high profile fires, must have a huge oversupply of it.

hermanJune 15, 2017 10:07 AM

@Clive Robinson: One of my Muslim collegues commented that nobody ever told him to go and kill someone - and that there is always trouble with radicals and they always get defeated in the end.

albertJune 15, 2017 10:24 AM

@Clive,

You pointed out a problem that's inherent in -all- areas of safety and security, and that is the refusal to make the necessary investments in equipment and personal.

Furthermore, it's a world-wide phenomenon. In your case, there were regulations in place, but not followed, is that not so? When safety issues are systemic, regulation is needed. Where were the regulators in this case? They must be held accountable. That building went up like a tinderbox. There must have been building code violations as well. There must have been fire detection equipment installed at the time on construction. I suffer from lack of data. Was this building a 'public assistance' type of facility?

In these situations, I would like to see jail time for the guilty parties, like the management company. That would reduce the number and severity of these situations. How about firing irresponsible administrators? Is it possible to get these sorts of laws passed?

...

In terrorist situations, the lack of human analysis is clearly a problem. In almost every case I recall in Europe (and even in the US), the LE/IC had dossiers on the perps. If ran those outfits, I'd be loath to allow that I had that sort of information. It would make us look like idiots. To that end, I offer:

https://www.youtube.com/watch?v=x8FNVsbnwWE

Could this be a metaphor for the 'security state'?

. .. . .. --- ....

DroneJune 16, 2017 1:41 AM

@Winter,

You said, "What are you implying here? That the UK police does only arrest suspects who are Muslim? Or male? Or young?"

I neither said nor implied anything at all about the UK Police. But since you brought it up...

Look at the example of the recent London attackers - they were well known to both the UK Police and the Media as angry radicalized young men who openly threatened society. Yet nothing at all was done about it, without question due to political correctness. There can be no other explanation in my opinion.

And no, don't try to pull the "free speech is not a crime" card here. It is an illegal act to threaten people or society. Even if there is a free speech card to play, fine, let them play it. But keep them on ice in the mean time while the courts sort it out, not on the street where they eventually will hurt people.

WinterJune 16, 2017 6:08 AM

@Drone
"Look at the example of the recent London attackers - they were well known to both the UK Police and the Media as angry radicalized young men who openly threatened society. Yet nothing at all was done about it, without question due to political correctness. There can be no other explanation in my opinion."

Free society and freedom of speech? Also, there are not enough prison cells in the UK to host all angry young men threatening society.

de La BoetieJune 20, 2017 5:46 PM

I'm much less worried about false negatives (I don't believe in absolute protection), as I am about false positives.

The empire-building mass-surveillance merchants don't have skin in the game, the same way that the bankers did not take the risks, only the bonuses, when it comes to false positives. I can have my job taken, my ability to travel curtailed, false-evidence planted, all on the basis of false positives, and possibly with zero human involvement. And no standing, secret laws and no redress. Not happy.

The reality is that the MIC empire builders data miners don't care about information overload or false positives because they don't bear the cost.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.