Can Tracking Phone Calls Ferret Out Terrorists?

[Matt Oristano]

Can Tracking Phone Calls Ferret Out Terrorists?
The problem is distinguishing a book club planning a meeting from
terrorists plotting an attack.
By Associated Press

BOSTON (AP) -- There's a lot we still don't know -- and may never
know -- about the National Security Agency's surveillance of
Americans' phone calls. But one striking tidbit has emerged: that the
agency is mining phone records for patterns of terrorist activity.

USA Today reported May 11 that the NSA was performing ''social
network analysis'' to detect patterns of terrorist activity in its
database of U.S. call records. In defending the program, Sen. Wayne
Allard, R-Colo., confirmed that the White House had told him the NSA
was probing calling patterns to ''detect and track suspected
terrorist activity.''

But is that really possible?

The ''tracking'' part makes sense. Assuming that intelligence had
sussed out suspected terrorists, certainly the vast database could be
used to track whom those people had called.

The ''detecting'' part, however, is another story. Can terrorists be
spotted simply by analyzing who calls whom and when -- without any
other leads? There's reason to be skeptical.

That's because diverse kinds of human organizations share certain
traits. If you and I and 17 other people are in a book club, we're
likely to call each other often. Sometimes almost all of us would
ring up just one person on the same day to ask, ''Can I bring dessert
to tonight's meeting?''

Viewed in silhouette, in the cold analysis of a computer, it might
indeed be apparent from our phone records that the 19 of us
frequently communicate to plan something. But further investigation
would be necessary to determine just what we were up to.

Can the government dig deeper into all of these groups? Fortunately
for the stability of society, but somewhat unfortunately for
intelligence analysts, there are vastly more groups of 19 people
organizing soccer games and bake sales than there are teams like the
19 hijackers of Sept. 11.

''Those patterns that we leave out there when we do things are going
to look the same no matter what we're doing, and 99 percent of the
time we're not going to be doing anything illegal,'' said Valdis
Krebs, who consults with companies on the organizational insights
they can glean from social network analysis. ''There probably isn't a
pattern that's different from doing something bad vs. doing something
good or something neutral.''

The Pentagon apparently isn't certain of that. It has funded research
into a field known as ''scalable social network analysis'' that aims
to identify whether terrorist plotting indeed leaves different
organizational patterns from planning a bake sale. But Krebs doubts
that enough terrorist cells have been mapped to provide a
statistically significant sample of what those patterns are.

The main point of social network analysis is to produce a map of how
people in an organization tend to interact.

By analyzing e-mail traffic or interviewing members of a group, for
example, network analysts can reveal the strength of ties between
people in an organization, and who the key hubs are. Sometimes that
can explain who really deserves a raise. Or companies can buy social
networking software that trolls through e-mail to determine who has
the best contacts for a particular customer call.

Of course, these kinds of analyses benefit tremendously from the fact
that organizational boundaries are openly available. Analysts know a
company exists. Its employees will fill out surveys to say whether
that guy in marketing is a quiet leader or a quiet malingerer.

''It helps you understand trends, but I don't know of companies that
are using social network analysis to discover bad guys without an
entry point, just looking at the network structure,'' said Jeff
Jonas, founder of Systems Research and Development, a company whose
software analyzed records to tip Las Vegas casinos when people barred
from gambling had associates working on staff. The company attracted
investment from the CIA's venture unit even before Sept. 11 and last
year was acquired by IBM Corp.

''If you're trying to root out a few bad apples using data-mining to
look for anomalies, it's not clear to me that this would be
productive without a starting point,'' said Jonas, who is now chief
scientist in IBM's ''entity analytics'' unit.

To put Jonas' point in other words: Merely mapping who Americans call
likely wouldn't uncloak a terrorist cell. The necessary ''entry
point'' would have to be if someone in the United States called or
received a call from a number already suspected of being affiliated
with U.S. enemies.

(Jonas cites a chilling example of the process in action. In the
'90s, reports emerged from Cali, Colombia, that a drug ring had
identified and executed informants by getting Cali's phone records,
then using a mainframe computer to compare the numbers dialed with
those held by narcotics agents. It wouldn't have worked without the
entry point of knowing which numbers belonged to the drug cops.)

Following this chain of reasoning, another entry point could come if
a group had been infiltrated somehow -- whether through a spy or by a
tap providing the content of phone calls or e-mails.

The New York Times reported in December that the NSA was indeed
eavesdropping, without warrants, on communications between suspected
al-Qaida members overseas and associates in the U.S. And a federal
lawsuit in San Francisco claims the NSA gained access to AT&T Inc.
communications traffic through a secret switching room.

But while Bush administration officials haven't discussed details of
the NSA database described by USA Today, they have insisted that
conversations themselves aren't being broadly monitored.

These somewhat sparse details leave questions as to the extent of
government data-mining efforts. They could include cross-referencing
the phone database with property, court and credit files sold by
private database vendors. Or they could be part of grander sweeps
like the one envisioned by the Pentagon's Total Information Awareness
program. It was technically shuttered in a privacy uproar but is
generally assumed to be continuing in various forms.

Such uncertainty makes George Washington University law professor
Daniel Solove disregard surveys such as the May 12 Washington Post-
ABC News poll that found 63 percent of Americans supporting the call
database as an anti-terrorism tactic.

''No one is asked in the polls, 'Would you approve of anything the
government can do with your information? Is it OK that the government
engages in various forms of snooping into your life that you would
not be told or informed about?''' said Solove, author of ''The
Digital Person.'' ''It's hard to really opine on something you don't
know all the details of.''

One reason that social network analysis has gained prominence in
recent years is that Krebs and other researchers applied the method
to publicly available information after the Sept. 11 attack to map
how the hijackers operated. Mohammed Atta, for example, was clearly a
hub of the network.

Krebs wonders whether those kinds of analyses raised expectations
that the method could be insightful even in advance of an attack --
that the right dots could be connected if investigators just could
gather enough dots.

''The intelligence community is dying to find the silver bullet that
will prevent the next terrorist attack. Unfortunately there's plenty
of vendors that will lead them on and claim that they have found
it,'' Krebs said. ''I think it's alchemy of the 21st century to be
able to predict the future, whether it's terrorism or the stock
market or anything.''

Weblog at: <http://weblog.warpspeed.com>

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]