Professional Documents
Culture Documents
behavior.
Today, there is a need to prevent the next attack. One of the leading
intelligence agencies in the world, the Central Intelligence Agency, encourages
the use of alternative analytical approaches in understanding complex
transnational issues such as terrorism. In traditional crime analysis, analysts have
struggled with “forecasting” crime patterns, often based on the use of historical
events. With homeland security, forecasting is not necessarily going to be
successful. Use of alternative analytical approaches reaches beyond use of
technology. New approaches such as use of calendars, tracing e-mails and Internet
protocols, and restructuring data sets will shed new light on topics. Analysts must
also be mindful of potential failures when conducting analysis and testing
hypotheses. Whether thinking “out of the box,” or pursuing the use of new
technology or tools, analysts are likely to be working with a deficit data. The
reason for this is the lack of specific variables with which to work, missing data,
as well as a worldwide theater. Techniques such as timelines, association
matrices, link analysis, and data sorting, are and will continue to be staples in the
analytical toolbox. These initiatives and forecasting events will continue to be
frequently used techniques. However, instead of just forecasting the next attack or
performing automated processes, an analyst or investigator should strive to look
for behavioral patterns. Anticipating behavior patterns can be done at the
individual and group level. People are predictable and creatures of habit; if you
are patient and skilled enough to locate the cues. There are a multitude of possible
places to look for the puzzle pieces, usually in a data set.
Since the days of organized crime and narcotics, arguably the biggest
change in law enforcement investigative techniques and tools has been the advent
of the personal computer and office networks. With this change, agencies have
had the opportunity to mine and further data capturing and extraction initiatives.
However, the instant gratification component and the decades that have passed
may have weakened the law enforcement strategic skill set, including inductive
and deductive reasoning skills.
Data in many analytical systems stems from CAD imports. The data is raw
and limited to the accuracy when reported and that of the data entry specialist.
Some agencies validate their data against geographical layers and addresses that
do not match and are, at times, removed from their data set. Addresses from
outside the jurisdiction, such as those visitors from out of the country, are
sometimes entered into the “comments” section. This translates into the data
dump that is requested now lacking these addresses because the extraction will
come from the primary data table, not the comments. Figure 4.2 shows a fairly
detailed data entry format and query screens that would be used by an analyst. In
this figure, which is comparatively typical in many law enforcement agencies,
there are some inherent problems. First, where and how would you enter a
hyphenated name, a name with a suffix such as Jr. or III, and a multipart Hispanic
or Arabic name? Second, where would you enter an address from outside the
home country, or for that matter, an address from Washington, D.C. that was like
2950 Constitution Avenue, NW, Suite 303? Third, there is no designated field for
a country code or formatting for a postal code, which is the sister to the United
States zip code. Fourth, in this world of political correctness there are no
identifying fields for religion or schooling. Fifth, where would you enter multiple
known addresses, and which one gets designated as the primary? Lastly, what
about post office boxes or military addresses?
The first item noted above deals with the mainstay of many law
enforcement endeavors: names. Many names throughout the world stem from
long-standing cultural origins. Some denote the region or city they are based in,
while others may provide a descriptor to the family’s line of work. It is likely to
be the cultural aspect of naming conventions that will pose the greatest obstacle
for law enforcement. While we like to categorize names as belonging to a country,
it is the culture that may disclose the information needed to successfully
understand the links. One group of names that has received little attention is
Arabic names. Outlined below are some of the issues that should be understood
when dealing with Arabic names.
• Names with KH, DH, GH in them denote that the name is composed of
Arabic characters without a Roman alphabet or phonic equivalent
These are just some of the daunting challenges with regard to names that
law enforcement must come to understand and deal with. In Figure 4.3 you should
note the use of a “Soundex” feature. This is used to aid with the numerous
spelling mishaps as well as the multiple ways a name can be spelled, especially
Arabic names. Just look at the variations that can be found for Sayyed Qutb.
Which one is correct?
Syed Qutb
Sayed Qutb
Sayyad Qutb
Sayad Qutb
Sayyid Qutb
Addressing and locations are perhaps the next challenge. Not everyone
follows a world atlas and observes geographical boundaries on a map. Many
cultures in the world are, and have been for centuries, nomadic, clannish, and
tribal in nature, often following religious values and traits. Just ask yourself,
where are Czechoslovakia and the U.S.S.R. on a map today?
Data tools
Data will come from many sources. Besides CAD, the most common data
are derived from documentation prepared by the first responder. One of the most
comprehensive documents prepared by law enforcement officials, and
underanalyzed, is the traffic accident report. Figure 4.3 is an example of the
information collected in many traffic accidents. These forms are scrutinized
largely due to the financial (insurance) implications and may not be entered in
detail into a database, outside of raw CAD data. From a law enforcement
perspective, these forms are cumbersome and require a fair amount of time to
complete. The forms are rarely analyzed for much more than identifying problem
intersections or as a base for studies such as racial profiling. However, from an
analytical point of view, especially when seeking out individuals trying to avoid
law enforcement encounters, these forms provide a tremendous amount of detail
on both parties as well as all the individuals involved directly or indirectly,
including witnesses. Names, addresses, identification, insurance carriers, relatives,
associates, photographs, and vehicles are just some of the details that can be
accessed.
Computers and numerous software packages (e.g., PenLink, I2, and
Watson) are all powerful and excellent analytical tools that aid in everyday
analysis as well as strategic intelligence. They can even assist in overcoming some
of the aforementioned obstacles. However, for some agencies these software
packages and suites are cost-prohibitive due to licensing, support, training, and
hardware issues. Other tools such as Microsoft Office Suite, primarily Access and
Excel, are readily available but like most software packages are not utilized to
their fullest potential. The aforementioned is generally due to the operator’s
comfort level with the product and overall knowledge of the tool’s capabilities, as
well as lack of training. Regardless of which software or hardware tools are used,
reliance on any of them to perform analysis should be carefully monitored. Any
analytical/intelligence tool is good, but one should not let them or one’s limited
knowledge of them drive the analytical process. Remember, someone
programmed them to perform a task or identify relational data. The primary
problem that exists is the lack of knowledge concerning the data table. Users get
too comfortable with the data entry interface and fail to see the true power of the
query capabilities. The most powerful query tool and computer is already built
into all analysts: the brain and common sense. Computers are great but they only
do what someone directs or programs into them. Prior to the age of computers,
strategic cases were successfully made, and when you started learning math,
calculators were not allowed. You first learned to do things the “hard way.” Many
analytical/ intelligence training courses and scenarios are heavily focused on
computers and software packages; thus we are forgetting to employ our own
computer as another tool. With homeland security and terrorism analysis, it is
important to use Soundex features and Boolean string and wild card queries.
These are invaluable tools, but few understand how to use these tools, largely due
to dependence on letting the software perform the link analysis.
This example is from a real case, and while teaching this approach I have
found that many law enforcement personnel immediately focus in on the
significance of the 299 cases and the $30,000, while others want details on the
four men. They immediately surmise that we are dealing with cigarette smuggling
or a financial crime. When queried about what information they want regarding
the four men, the response often “a complete workup.” Can someone please
define “complete workup” or even advise what systems or resources they would
check? This varies based on the person’s skill set, knowledge of data resources,
and available technology. In this scenario there is no mention of a crime
anywhere. And why focus on the four men? Is there enough to work with, and is
there any relevance? Are you striving for an arrest to close the case? There are
many other opportunities to glean information, if you know where to start.
Traditional law enforcement training has focused on the “subject,” and this
variable is often described as a male between the ages of 16 and 24. Additional
training has exploited the use of technology and use of computers. However,
personnel have leaped into the computer age and often forget to use the most
powerful computer available to them, their brain. Reliance on computers and
software can be detrimental if not seen as what they are, an analytical tool. There
is a need to understand the process just like when you first learn mathematics.
You don’t start learning with the use of a calculator.
Let’s break down the above scenario. One, we know that a deputy reported
something he thought was unusual or suspicious. We need to speak with this
deputy. We expect to understand the circumstances through the deputy’s eyes —
subjectivity is always involved. Two, we know the deputy is working off-duty.
We need to know how long he has been working there. We expect to understand
what is considered normal and the time frames involved. Three, we know that we
have a cigarette wholesaler. We need to obtain the corporate and business records,
and who hired the off-duty deputy. We expect to identify principal parties and
understand the volume of business being conducted. Four, we know that four
males entered and made a purchase. We need a description of the males, who of
the four made the purchase, how it was made, and method of transportation used
to get to the business. Five, we know that 299 cases were purchased. We need the
significance of 299. Is there a different reporting requirement for 300? We also
need to know the weight and how much is contained in the case. We expect to
identify a possible violation threshold as well as the possibility of a method of
transportation, if we are dealing with significant weight. Six, we know that the
entire transaction cost just under $30,000. We need to know the significance of
the dollar amount and how the transaction was completed: cash, check, or credit.
We expect to identify whether there is a reporting threshold and to identify
account ownership information. Seven, we know that we are dealing with a
business that deals in large monetary transactions. We need to know if there was a
surveillance or camera system and what types of recorded documents are kept. We
are expecting possible identifications.
There are many different ways in which to view and contrast data
variables. There is no one right way that will work for every occasion. Analysts
are encouraged to use multiple forms, usually three, in an attempt to validate their
hypothesis. Not all forms utilize or draw from the same data set, and various
software packages that perform the same base function can result in different
outcomes. Outlined below are some of the more common forms of analysis.
Calendars and dates have been used in crime analysis fairly consistently in
order to represent crime patterns or trends. Identifying which day has historically
had occurrences has been utilized in the development of operational and
deployment strategies. Use of calendars and dates has been parlayed into many
aspects of homeland security and terrorism analysis. One problem, there are
differences between the analyses. Calendars and dates, although used routinely in
analysis and intelligence, are ripe for potential misuse and misinformation. The
reason for this can be found in the 40-plus calendars currently in use as well as the
lack of understanding by many on this matter. Also contributive is the inherent
nature of a person to use what is known and subliminally adopt as a standard that
everyone uses. Many other differences can be found when using calendars such as
years, dates, eras, and religions. When working with calendars there are
essentially three rules to remember :
The title of this section can cause one to believe that there are only a
handful of possibilities. In fact, there are over 40 calendars in use throughout the
world. Outlined below is just a sampling of some of the dates associated with the
question posed in the section title — when is 9/11 not 9/11?
• Gregorian 9/11/01
• Julian 8/29/01
• Mayan 12.19.8.10.1
• ISO-8601 Week and Day, and Day of Year Day 2 of Week 37 of 2001
• Excel Serial Day Numbers 1900 Date System (PC) Excel serial day:
37145 1904 Date System (Macintosh) Excel serial day: 35683
A terrorist group would seek out these documents to learn details such as
what brought their actions to the attention of law enforcement, techniques used by
investigators to gather information, and locations and individuals used. They are
essentially looking for the same thing investigators are: skills, knowledge, and
resources. In an open society information is often too readily available, and there
is a hesitancy to seal documents.
Recruiting opportunities
Nosair was not the first and will certainly not be the last to communicate
from behind prison walls. Another example of terrorism continuing to operate
behind bars is the case of Sheikh Omar Abdel-Rahman, also known as the Blind
Sheikh. In October 1995 Sheikh Abdel-Rahman was convicted of engaging in a
seditious conspiracy to wage urban terrorism in the United States, which included
the 1993 World Trade Center bombing and plots to blow up landmarks (an FBI
building, and the Lincoln and Holland Tunnels). In January 1996, he was
sentenced to life plus 65 years in prison. Beginning in 1997, the United States
Bureau of Prisons imposed special administrative measures (SAMs) upon the
Sheikh, who was serving his sentence at the United States Penitentiary Federal
Medical Center in Rochester, Minnesota. These measures limited specific
privileges such as access to mail, media, telephone, and visitors, for the purpose
of protecting others (Figure 4.8). Despite this, he still found a pipeline by which to
communicate with members outside prison.
Prisons and other correctional facilities and their potential for recruitment
were highlighted as a concern in an April 2004 U.S. Department of Justice report.
In this report, which reviewed the Federal Bureau of Investigation’s
counterterrorism program post 9/11, it was noted that correctional intelligence
was essential to Joint Terrorism Task Forces (JTTF). In Operation TRIPWIRE, an
initiative designed to identify sleeper cells, JTTF members are identifying existing
or former sources who are incarcerated and are involved in radical elements. The
report noted that between September 2001 and April 2004 the efforts of Operation
TRIPWIRE in gathering correctional intelligence led to the identification of
approximately 370 connections between inmates and various terrorism
investigations, as well as potential terrorism-related activity within the prisons.
However, in the era of trained and violent organizations one stands above
all: the MS 13.
MS 13 and SUR 13
In March 2005 federal agents together with local law enforcement effected
the arrests of over 100 members of MS 13 in seven cities throughout the United
States. The reaches and membership are largely unknown. Cliques of the MS 13
are prevalent in the United States, Canada, and Central America. The actual
membership numbers are not known, but it has been suggested by federal law
enforcement authorities that the numbers in the United States alone may be in the
neighborhood of 50,000. Law enforcement officials have expressed concern about
the emergence of MS 13 and its potential to partake in terrorist activity either
independently or as part of a larger organization such as al-Qaeda.
Street gangs are not the only means to recruit potential terrorists. Many
organizations claim to be student organizations or associations, often found near
or on the campuses of higher education. Much like gangs, they seek to exploit
their ideology and find individuals who may be weak minded or who seek a sense
of belonging.
Rap, hip hop, religious, and rock music are some music genres that can be
used to spread ideology, hate, and extremist points of view. Growing up, some
people have felt that the biggest difference between themselves and the prior
generation was the music. This is still true. During the explosion of rap artists
many young people thought it was chic to be or follow “Gangsta.” Now some are
following a jihad, terrorist, or extremist point of view and associating with some
questionable parties.
Dirty Kuffar is not the only song with a questionable existence. Many
other music groups, particularly in the hip hop genre, may be considered
extremist. A Puerto Rican group from Brooklyn, New York, The Mujahdeen
Team or The M-Team, has appeared at Islamic Circle of North America (ICNA)
and Muslim American Society events. Like Sheikh Terra and the Soul Salah
Crew, Mujahdeen Team refers triumphantly to the September 11 attacks. This
group exploits the world of electronic media and even has a site on myspace.com,
a favorite among thousands of youths. Electronic forums by these fringe elements
should be monitored. Besides chat rooms, Web sites, and instant messaging,
groups can exploit the use of hidden code within music disks to launch Web site
videos. Regardless of the means or purpose, there is much to be learned in this
formidable venue. Use of music is not without controversy, though.
There is some debate with regard to music in the Islamic religion and
Muslim culture. Perhaps the largest debate surrounding music in Islam is the issue
of whether it is allowed or forbidden. Some people believe that music is pure and
a beautiful creation of God Almighty, who set the tone for everything in the
universe. Therefore, if it is a creation of God it should be enjoyed. According to
the same segment of the population who believe the Quran is complete and
perfect, there is no prohibition of music or singing. Prohibition of music is
allegedly attributed to some scholars and clerics who interpret the Quran and
follow man-made laws and books of Hadith and Sunna.
One thing that cannot be debated is the use of music to sway society’s
youth, regardless of the country. Music is a powerful and inspiring tool. Every
group, from white supremacists to jihad extremists, uses music and song to
express its beliefs. The Palestinian government used music on a grand scale,
complete with an orchestra, to celebrate the life of their first female suicide
bomber, Wafa Idris. This event was broadcast on television on July 24, 2003. Idris
had detonated a 22-pound suicide bomb in Jerusalem in late January 2002 that
killed her and an 81-year-old Israeli man, and injured more than 100 others.
Chapter concepts
2. Data and data sets pose challenges in the way information is collected,
database field structure, data relationships, and data cleanliness.