The Analysis Chasm

I’ve recently heard a couple of government people (in different countries) complain about the way in which intelligence analysis is conceptualized, and so how intelligence organizations are constructed. There are two big problems:

1.  “Intelligence analysts” don’t usually interact with datasets directly, but rather via “data analysts”, who aren’t considered “real” analysts. I’m told that, at least in Canada, you have to have a social science degree to be an intelligence analyst. Unsurprisingly (at least for now) people with this background don’t have much feel for big data and for what can be learned from it. Intelligence analysts tend to treat the aggregate of the datasets and the data analysts as a large black box, and use it as a form of Go Fish. In other words, intelligence analysts ask data analysts “Have we seen one of these?”; the data analysts search the datasets and the models built from them, and writes a report giving the answer. The data analyst doesn’t know why the question was asked and so cannot write a more helpful report that would be possible given some knowledge of the context. Neither side is getting as much benefit from the data as they could, and it’s mostly because of a separation of roles that developed historically, but makes little sense.

2. Intelligence analysts, and many data analysts, don’t understand inductive modelling from data. It’s not that they don’t have the technical knowledge (although they usually don’t) but they don’t have the conceptual mindset to understand that data can push models to analysts: “Here’s something that’s anomalous and may be important”; “Here’s something that only occurs a few times in a dataset where all behavior should be typical and so highly repetitive”; “Here’s something that has changed since yesterday in a way that nothing else has”. Data systems that do inductive modelling don’t have to wait for an analyst to think “Maybe this is happening”. The role of an analyst changes from being the person who has to think up hypotheses, to the person who has to judge hypotheses for plausibility. The first task is something humans aren’t especially good at, and it’s something that requires imagination, which tends to disappear in a crisis or under pressure. The second task is easier, although not something we’re necessarily perfect at.

There simply is no path for inductive models from data to get to intelligence analysts in most organizations today. It’s difficult enough to get data analysts to appreciate the possibilities; getting models across the chasm, unsolicited, to intelligence analysts is (to coin a phrase) a bridge too far.

Addressing both of these problems requires a fairly revolutionary redesign of the way intelligence analysis is done, and an equally large change in the kind of education that analysts receive. And it really is a different kind of education, not just a kind of training, because inductive modelling from data seems to require a mindset change, not the supply of some missing mental information. Until such changes are made, most intelligence organizations are fighting with one and a half arms tied behind their collective backs.

Spam Reporting Centre

The Canadian government has decided to create a spam reporting centre (aka ‘The Freezer’) to address issues arising from cybercrime and communications fraud and annoyances of various kinds.

The idea cannot possibly work on technical grounds. More worryingly, it displays a lack of awareness of the realities of cybersecurity that is astounding.

The first peculiarity is that the Centre is supposed to address four problems: email spam, unsolicited phone calls, fake communications a la Facebook, and malware. Although these have a certain superficial similarity — they all annoy individuals — they do not raise the same kinds of technical issues underneath, and no one person could be an expert in detecting, let along prosecuting all of them. It’s a bit like trying to amalgamate the Salvation Army and the police force because they both wear uniforms and help people!

The Centre will rely on reports from individuals: get a spam email and forward it to the Centre, for example. One of the troubles with this idea is that individuals don’t usually have enough information to report such things in a useful way, and they don’t make good starting points for an eventual prosecution. Canada already has a way to report unsolicited phone calls but it only works for people who almost keep the law by announcing who they are at the beginning. The annoying (and illegal) robocalls can’t be reported because the person who gets them doesn’t know where they are coming from and who’s making them. And where there are prosecutions, each person who reports such a call has to sign an affidavit that the purported call did actually happen to provide the legal basis for the incident.

The second, huge, problem with this idea is that, if individuals can report bad incidents, then spammers can also report fake bad incidents! And they can do it in such volume that investigators will have no way to distinguish the real from the fake. Creating fake spam emails and evading mechanisms such as captchas to prevent wholesale reporting  is very easy.

There is also the deeper problem that besets all cybersecurity — attribution. It is always hard to trace cyberexploits back to their origins, and these origins are overwhelmingly likely to be computers taken over by botnets anyway. Working back along such chains to find someone to prosecute is tedious and expert work that depends on starting from as much information as possible.

The right way to address this problem is to set up honeytraps — machines and phones that seem to be ordinary but are instrumented so that, when an exploit happens, as much information as possible is collected at the time. Now there is a foundation for deciding which incidents are worth pursuing and starting out in pursuit with the best possible information. And, who knows, the knowledge that such systems are out there might dampen some of the enthusiasm on the part of the bad guys.

Relentlessly re-explaining

I was at a workshop a few months ago where the people were almost evenly divided: one-third government, one-third industry; and one-third academia. It struck me, as it hadn’t before, how much better the academics were at explaining things. Of course, we all know academics whose presentations are dreadful: both dull and incomprehensible but, on average, the quality of the academic’s presentations was much, much better than that of the other two groups.

Thinking about this, I realized that it’s another facet of scholarship. One of the (mostly invisible) things that research-active academics do is to take ideas and results from the cutting edge of knowledge and digest, rework, and refactor them to extract the key aspects and get rid of the unavoidable autobiography that goes along with research results. This is mostly why an undergraduate education is better at a research-intensive university. And why undergraduate degrees don’t keep getting longer, although the quantity of stuff we know is growing rapidly.

But there’s another aspect to this which I, at least, had under-rated. That is the relentless, year after year presentation of “the same” ideas to a a new crop of students who don’t already understand them. Of course, the ideas themselves are not the same from year to year — I taught the same course for twenty years, but I was still improving it and seeing implications that had previously escaped me. But the work of presenting the ideas over and over again, by itself, forces me to rethink and say things in different (and better) ways each time. This output side of scholarship was something I had not really appreciated enough. And I think it’s the explanation for why academics are better at communicating to a mixed audience than those who only ever talk to people from the same backgrounds.

I had always felt that working in a research lab rather than a university would be a more sterile experience, and now I think that I understand why. So this post is really a big thank you to all of my students, undergraduates and graduates, for making it possible for me to explain to you. and in the process understand better myself. And to those who got the earlier versions, my apologies, but it simply isn’t possible to polish first and then teach.

Adversarial knowledge discovery is not just knowledge discovery with classified data

Someone made a comment to me this week implying that data mining/knowledge discovery in classified settings was a straightforward problem because the algorithms didn’t have to be classified, just the datasets.

This view isn’t accurate, for the following reason: mainstream/ordinary knowledge discovery builds models inductively from data by maximizing the fit between the model and the available data. In an adversarial setting, this creates problems: adversaries can make a good guess about what your model will look like, and so can do better at hiding their records (making them less obvious or detectable); and they can also tell exactly what kinds of data they should try and force you to use if/when you retrain your model.

A simple example. The two leading-edge predictors today are support vector machines and random forests and, in mainstream settings, there’s often little to choose between them in prediction performance. However, in an adversarial setting, the difference is huge: support vector machines are relatively easy to game, because even one record that’s in the wrong place or mislabelled can change the entire orientation of the decision surface. To make it even worse, the way in which the boundary changes is roughly predictable from the kind of manipulation made. (You can see how this works in: J. G. Dutrisac, David B. Skillicorn: Subverting prediction in adversarial settings. ISI 2008: 19-24.). Random forests, on the other hand, are much more robust predictors, partly because their ensemble characteristics makes it hard to force particular behaviour because of the inherent randomness ‘inside’ the algorithm.

The same thing happens with clustering algorithms. Algorithms such as Expectation-Maximization are easily misled by a few carefully chosen records; and no mainstream clustering technique does a good job of finding the kinds of ‘fringe’ clusters that occur when something unusual is present in the data, but adversaries have tried hard to make it as usual as possible.

In fact, adversarial knowledge discovery requires building the entire framework of knowledge discovery over again, taking into account the adversarial nature of the problem from the very beginning. Some parts of mainstream knowledge discovery can be used directly; others with some adaptation; and others can’t safely be used. There are also some areas where we don’t know very much about how to solve problems that aren’t interesting in the mainstream, but are critical in the adversarial domain.

Language in Presidential Elections — 2012 Season Opener

Readers of this blog will know that we spent a lot of time analyzing the speeches of the U.S. presidential candidates in the 2008 election. Our primary interest was in the use of the deception model, a linguistic/textual model of how freeform language changes when the speaker/writer is being deceptive.

In the political arena, factual deception, saying things that just ain’t so, plays very little role, perhaps because voters have very low expectations of politicians in this area. What we call persona deception, presenting oneself as a better,wiser,  more powerful, more able, more knowledgeable person than one really is is the heart of successful campaigning. It turns out that the deception model captures deception across the whole range from factual to persona deception, so it gives us a lens to look at candidates and campaigns. What’s more, because language generation is almost entirely subconscious, this lens is hard to fool.

The most important skill candidates and their campaigns have is the ability to reach out to potential voters to convince them that they are better than the other possibilities. The language that they use is an important channel, especially in settings where everyone is conservatively dressed, and standing behind a podium that conceals most of their body language, as the Republican presidential field was in Iowa yesterday.

Strong candidates understand, at least instinctively, that they are not making arguments to convince voters, but presenting themselves as more compelling human beings. Our analysis of the speeches of candidates in the 2008 U.S. presidential election showed that candidates use three different kinds of speeches: blue skies speeches that promise generically good things and could be delivered interchangeably by any candidate – they are aimed at a wide audience; track record speeches that use past achievements to imply special qualifications for future achievements – they are aimed at swing voters; and manifesto speeches that describe a candidate’s personal qualities directly – they are aimed at a candidate’s base and reinforce common identity. But in all three cases, it’s not the content of the speech that matters, but what it implies about the speaker.

Our analysis in the last election cycle showed that Obama was by far the best as presenting himself as a wonderful person, and many voters, and certainly many in the media, projected onto the persona  positive qualities that were perhaps not there. Interestingly, yesterday was the first time I have seen open Democratic buyers remorse about electing Obama, something I predicted would happen from the analysis we did.

The Republican candidates’ debate in Ames showed what a shaky grasp many of the candidates have on how to be a convincing candidate. Of course, this venue was a difficult one. Its overt purpose was for candidates to explain themselves to the local Republican base ahead of the Ames Straw Poll,which would have required largely manifesto content; but national television coverage made it an unmissable opportunity to reach out to a wider, but much more diverse audience, suggesting track record content. Blue skies content is always dangerous in the early stages of a campaign because grand but potentially unwise statements can come back to haunt a candidate.

Manifesto content was indeed popular – for example, we learned how many children almost every candidate has – typical content aimed at the base (“I’m a parent just like you”). Several candidates also tried for track record content, but got it quite wrong. The purpose of a track record speech is not for candidates to read their resumes to the audience; it’s to make the argument “I was able to do A, so you can trust me to be able to do similar-but-larger B” and this second part was notably absent.

Voters also want candidates to be sincere — recall the famous quotation “The secret of success is sincerity. Once you can fake that you’ve got it made” (Jean Girardoux). This is not just a cute quotation; this is what good politicians are able to do. In Iowa, this was another area where almost everyone stumbled. It was clear that most of the candidates had not only prepared talking point responses to probable questions, but has also rehearsed actual answers. Delivering from a prepared and memorized script and seeming sincere is a difficult business, and actors who can do it reliably command high rewards.  Most of the candidates failed at seeming sincere. Several managed the worst of both worlds by trying to combine their prepared scripts with some ad libbing and came across as quite incoherent. One of the reasons for Gingrich’s strong showing is that he stayed away from scripts and delivered his answers as if he had just thought of them. Huntsman and Romney, in contrast, were especially wooden.

When humans listen to humans, the content matters. But when character is the issue, other aspects of language matter more. Much language generation is subconscious, and therefore beyond a candidate’s control. This is good for voters because it means we can sometimes see through to the real person no matter how sophisticated their speech writers and spin doctors.

Persistent Malware Attacks

The revelation by McAfee last week has created some waves. Here are a few thoughts from an adversarial analysis perspective.

The thing that has gotten attention about this report is that it describes attacks by a single attacker and single vector that have lasted over a long period of time (more than 5 years) and have targeted governments, quasi-government organizations, and businesses in a sophisticated way. The attacks are being attributed to a particular state actor, for obvious reasons, but attribution is always murky in cyberspace so it’s (just) conceivable that someone else is responsible and covering themselves.

It was helpful to get this kind of information out into the public awareness. People on the inside (for several different values of inside) have known about these kinds of attacks, their frequency, and their huge impact for some time; but either haven’t wanted to or haven’t been allowed to reveal them.

The attacks themselves seem to have begun with a spear phishing attack on some mid-level person at each organization, so relatively unsophisticated but requiring substantial preliminary research. I’m not aware of any attempt to measure how easily spear phishing attacks work, but presumably with patience to try with enough spacing that nobody mentions it, not very much personalization is required. Once in, the attacks seem to have been quite sophisticated and long-lasting. Even after the report came out, several of the organizations were denying that they had been hacked. “Hacked and unaware” seems more likely than “not hacked” given that McAfee could see the IP logs.

Of course, since this is only one vector, it would be naive not to suppose that a number of other, broadly similar attacks are going on with other sources and vectors.

I did a fairly large number of media interviews about this report, and the obvious and common question that came up was: what did these organizations do wrong and what can be done to protect against these kinds of attacks? That’s a hard question to answer. Malware detection tools are in their infancy so, while running them is a good idea, they may not protect against sophisticated attacks very well. It doesn’t seem possible to protect completely against spear phishing, given the convenience of attachments. I received a number of emails from companies who claim that their approach/tools would have protected these organizations, but I didn’t see anything that looked like a substantial advance in the state of the art.

It may be that the time has come to do what the military and intelligence organizations do — to run separate networks that do not connect to the internet for anything that needs to be protected. This is, of course, relatively painful; and still not necessarily secure since data and software still need to be walked from one network to the other. But many organizations may need to take partial steps towards this kind of robust physical separation, since virtual separation is not working. In other words, firewalls don’t get the job done.

Google Ideas and Extremism

Google’s think/do tank (!!) is sponsoring a summit on extremism. See the post by Jared Cohen, its director, here.

The problem is that, like many such discussions, it’s based on the autobiographies of a number of people who became extremists — the idea is to look for commonalities in such biographies as hints about the process and/or drivers of extremism.

BUT it ignores the very large number of people from apparently identical backgrounds who didn’t join gangs, or the IRA, or jihadist groups! Such people are counterexamples to almost all explanations of what happens with radicalization, and yet they are often/usually ignored in the discussion.

So Google asks:

“Why does a 13-year old boy in a tough neighborhood in South Central LA join a gang? Why does a high school student in a quiet, Midwestern American town sign on neo-Nazis who preach white supremacy? Why does a young woman in the Middle East abandon her family and future and become a suicide bomber?”

But just as important are questions like: why did the 13-year old boy’s best friend and classmate NOT join a gang, etc.

This summit’s approach is called, in the research community, “sampling on the dependent variable”. Google should know better.

The power is in the edges

I’ve argued that it isn’t social media unless there are relational edges between individuals or individual objects. These edges are the drivers of power because the graph structure that emerges from them reveals a lot more than the individual nodes and edges do.

The number of LinkedIn contacts I have is now large enough that I can tell this story. I know someone from one of the more secretive US government organizations. His (or it might be her) public web presence, of course, has nothing at all to do with his day job, and we’ve never exchanged emails using his public email. Yet LinkedIn suggests him as someone I might possibly know.

The reason must be that we have enough mutual connections that the software LinkedIn uses sees that there “should” be some connection between us — it is doing edge prediction. This is exactly the kind of analysis that good intelligence tools can do on relational/graph data. The knowledge is in the links, collectively; in other words, noticing the potential link between us requires knowing both the presence of some links and the absence of others (because the system doesn’t recommend other people whose web presence is as dissimilar from mine as his is).

So, well done LinkedIn, but a cautionary tale for security folks generally, and especially those who believe in anonymization — it can’t be done!

European Intelligence and Security Informatics conference

The program is now available here and looks impressive (note also the associated Open Source Intelligence workshop in which one of my students has a paper about our work on interestingness).

What is social media?

I was at a meeting last week whose focus was on social media. It quickly became clear that there were two kinds of interests. One group wanted to build high-level systems that would revolutionize business and government (somehow) leveraging social media; another group were building or wanted to build tools that would provide some kind of meta-view of social media content and activity.

The topic that was missing from all of the discussion was what social media was, and why it is the way it is; and so I came away feeling like the entire discussion, and quite a lot of work, was dancing on clouds. There seem to be a number of things that “everybody knows” about social media, but for which there seems to be little or no evidence. The Arab Spring was driven by social media! Well, maybe, but (a) was it and how much, (b) which parts were important and which were irrelevant?

It seems helpful to divide social media into three categories:

1.  Media that is essentially public access publishing or public access (micro)blogging. Although sites that provide this kind of functionality are often considered “social” there is almost nothing social about them — yes, the audience for posts can be restricted to a particular group, but that’s always been true of any publication. There is an interesting question lurking here though: what are the reasons why individuals read such posts? What kind of bond does it imply between the reader and the author? (Cynically, why would I care what even my closest friend had for breakfast?)

2. Media that start as public access publishing, but where the conversation built on an initial post is more important or interesting than the initial post itself — in other words, there’s something emergent in the conversation that transcends what any of the participants would have said ab initio. This is a kind of social knowledge or opinion construction, and there are lots of interesting questions about who participates, what their roles are, and how the content and tone are affected by the interactions. This is, of course, not a new phenomenon but what’s new is the scope and the detail of what’s recorded, allowing answers to be worked out in ways that were impractical or too expensive before.

3. Media in which explicit relational links are created between one person and another. This is the real heart of social media. Relational links between a pair of people have, of course, always existed, but they could only be constructed in a small number of ways and were (almost always) limited by geography.

The emergent structure of these links is a really interesting artifact that deserves study and from which we will probably learn a lot about what it means to be human in a global society. What does it mean when one person “friends” another? This is one question for which simple answers tend to be assumed, but even a brief consideration of A’s Facebook friends and the rest of A’s relationships in the real world quickly shows that there’s a complex connection between the two sets (and it depends heavily on characteristics of A).

One thing that quickly becomes clear when these questions are addressed computationally is that we aren’t going to get far until relationship links are typed. It’s fairly easy to look at each relationship and give it a numerical weight that reflects (say) closeness — but it’s still true that different kinds of relationships behave differently, and need to be modelled differently to understand them. (Social media sites should also implement this typing — not every piece of data should flow down every link of A’s social network.)

The fundamental question in a world where one person can create a visible relationship, is what does this mean — for the person creating it, for the person at the other end of the relationship, and for the emergent graph structure that a collection of these individual relationships creates. Good, solid answers to this question would be a foundation on which much more useful applications could be built.

How do I demonstrate that I am me?

The question of identity, how the question in the title gets answered, is one with an interesting history; and one that is changing again at the moment.

For much of human history, identity was almost completely determined by the fact that a person was born and grew up in a community where everyone knew them, and never moved far from this community. This is still true in many parts of the world, but was surprisingly true in the developed world until quite recently.

Things changed when migration to cities started in a big way, in Western countries perhaps around the 16th century and accelerating since then. Someone who moved to a city could become anyone they wanted as long as they kept away from people from the same general area as they were, who might know them or know of them. This was harder than it seemed, mostly because of the tendency of people with the same origin to live contiguously when they arrived in a city (so if you were from X but didn’t live in the X area, you automatically attracted attention). This ability to assume new identities was grist to the mill of detective stories up to about 100 years ago (notably Austin Freeman).

In the last 100 years, governments have become the guarantors of identity because of the requirement to collect taxes, mostly income taxes; and, for an increasing number of people, because of the need to cross borders. So governments issue identity documents that are tied to a single person via some kind of link, perhaps a biometric or even an address. And, for most people, this is where things stand now.

But there are new forms of identity beginning to be created, and new ways to blur identities as well.

I have had a web page with my photo on it, and links to my papers, and so on, since the web began. Copies of this web page have been periodically archived, at moments that I can’t control, by the Wayback Engine and probably several other places as well. If I want to prove my identity, I can now do it without any government intervention by pointing to these copies of my web page which have information that links them unqiuely to me. For many people, their Facebook or LinkedIn profile pages would do the same thing if they were publicly archivable. So identity is once again moving away from something that is government mediated to something that is more decentralized and community based.

On the other side of the coin, governments and others are actively creating artificial personas, sometimes called sock puppets. These personas are controlled by a real person, but one person can control many of them, and the postings of each persona don’t need to be the ones that the controller would naturally make. In other words if, on the internet, nobody can tell you’re a dog, it follows that nobody can tell you’re not a construct either.

In order to make these sock puppets realistic, a back story has to be created for each one; increasingly, this means that they have to have a created trail in places where this might be looked for. Once upon a time, intelligence organizations would go into official records and create entries for non-existent people; this is inherently difficult, especially in records that are owned by other governments (remember, governments validated identities); so often identities of people who had died were used as starting points. I expect we’ll see that same thing happening in the online world.

But there’s an important difference: while governments can go back and change history embodied in records, neither they nor anyone else can change the history embedded in web sites that, at random times, take a snapshot of some part of the web. So creating realistic sock puppets is actually really difficult.

There’s also the issue of language: one controller runnning multiple sock puppets cannot avoid using detectably similar language patterns for all of them; and eventually this will make it possible to detect artificial personas.

Privacy and social media

I was at a meeting last week at which one the speakers said this (roughly paraphrased):  15 years ago, the amount of data visible on a typical Facebook user’s profile page would have required a warrant to collect (and the warrant would have been difficult to get). 100 years ago this amount of data probably couldn’t have been collected, at least not at reasonable cost.

I think he’s probably right. Empirical data, rather than academic theorizing, has consistently shown that people are willing to go public with an amazing amount of data about themselves. This decision may be pragmatic: being visible brings benefits that outweigh the risks; it may be ignorance of what those risks are; it may be the inability to understand, in a visceral way, just how public something posted on the internet is and how long it will last. As far as I know, there’s been little concrete research on this issue.

This massive release of personal data is changing the discussion of what privacy is and what its role in society should be. This is especially true in places like the U.S. where the relevant law is expressed in terms of what the social expectation of privacy is — so that the boundary between public and private moves “automatically” as society changes.

But it’s worth reminding ourselves that little more than a 100 years ago, nobody had any privacy in the sense that everyone in your village or town knew everything about you, including everything about your whole life history and that of your parents and grandparents and so on. Until about 100 years ago, almost nobody was ever alone, either inside or outside. The whole idea of privacy is an invention of urbanisation where, for the first time in history, someone other than a hermit could act anonymously. It’s also an invention of secularization since, in most religious traditions, God is conceived of as omniscient so that no human could act anonymously or invisibly in a deep sense.

Metaphors and counterterrorism

The Intelligence Advanced Research ProjectsActivity (IARPA) has a call out for proposals to develop a system that will extract metaphors from text. The assumption is that the metaphors that are used in a document, or a community, reflect a way of viewing and organizing the world that can provide a higher-level way to understand other (sub)cultures. This seems like a very difficult challenge, which is exactly what these funding agencies derived from DARPA are supposed to do.

I remember reading a paper that Charles Williams presented to the Inklings (the Oxford society that included C.S. Lewis, Tolkien, and other high fliers) in which he talked about just how difficult it is to understand what a metaphor does (I haven’t been able to find either paper or reference). Similes are (by comparison) straightforward; when we say “A is like B” we draw attention to or highlight some aspect of B that is similar to that of A, and therefore emphasize some aspect of A, perhaps one that isn’t obvious.

A metaphor is a much more difficult object. When we say “A is B” we could take the view that this is just a more obscure kind of simile, in which the reader/hearer is invited to conceive of the possible similarity without a hint from the writer/speaker. But Williams argues, and I agree, that more is going on here. For a start, metaphors are not symmetric: if I say “A is B” it’s often nonsense to say “B is A” whereas similes usually are symmetric. Often there is no obvious and straightforward way to reduce a metaphor to a simile, that is there is no small set of properties common to A and B. And yet metaphors can be powerful.

There is a little relevant work in psychology, most of it associated with Judy DeLoache and what’s called the Dual Representation Hypothesis. Roughly speaking, the idea is that brains are well-equipped to represent symbols and the things they denote and to map computations on the symbols to computations on the denoted things in usable ways (apologies to psychologists for this mangled and computational perspective).  This goes some way to explain abstract reasoning, with some very nice experiments with young children showing when various levels of sophistication kick in; but it might also provide some explanatory power for metaphors. Unfortunately, there is some evidence that the more black-box the symbol, the more usable it is, which is evidence against this being a useful explanation for metaphors.

I won’t be applying for funding to work on this — but I’ll be watching the results with interest.

And Williams’ conclusion — that metaphors are something like a legal fiction; which I didn’t find very convincing at the time I read the article and still don’t.

Could it be a diversion?

One of the reasons why it has been assumed that the Stuxnet worm was created by a government is that it burned four zero-day vulnerabilities at once (whereas a criminal group is presumed to husband vulnerabilities more carefully). For the same reason it made little sense to claim that the Yemen-originating parcel bombs were a kind of “dry run”. It’s already clear that processes and screening will change in a way that will make it much harder to repeat this kind of attack, even from  another country of origin. In other words, this particular vulnerability has been burned.

Even if this attack had succeeded, the worst possible outcome seems quite small compared to the cost and the amounf of effort involved.

When this patttern — an attack whose cost seems out of proportion to what it might achieve — occurs, one of the important questions to ask is: Is this attack a diversion from something worse? I never heard this possibility even mentioned in all of Friday’s coverage (but I hope that those within the intelligence community were thinking about it). A diversion is the logical resolution of apparently too high a cost-benefit for the bad guys.

I recently had a chance to review the Cyber Shockwave exercise, a simulated cyber attack on the U.S., in which a number of experienced people played the role of a cabinet reacting to the unfolding events. Although it is widely understood that a cyber attack is the natural precursor to or distraction from a more physical attack (as in Georgia), and even though the cyber attack was, for a long time, more of a nuisance than anything, the possibility that it might be a distraction was never, ever surfaced.

Open Source Intelligence

There’s a report (here) about a National Press Club presentation of OSINT in the U.S. context. Two main points were made: the lack of correspondents making reports from local situations has an impact on the quality of available data (correspondents can go where professional intelligence gatherers cannot); and the amount of data on the Internet poses a challenge for analysis. In summary, there’s more data but less knowledge; and the knowledge is less well labelled in ways that traditionally made its extraction easy.

This is in some ways a U.S.-centric view. It’s ironic that one news organisation is adding foreign correspondents and other heavy-weight news gathering capacity at a significant rate — al Jazeera. The Washington Post may be getting lighter, but what’s happening in the U.S. is not entirely what’s happening in the rest of the world.

It’s also interesting that saying “organizing and prioritizing the material to be analyzed” is a challenge reveals the presupposition that organizing and priotitizing is somehow not part of analysis. Of course, readers here will know that it’s my view that “prioritizing” or ranking is at the heart of all intelligence analysis. The quotation shows a two-step attitude: first, find the good information in the vast wells of the Internet and then analyse it. It’s better not to think of these steps as separate; there’s only one task: getting knowledge from data, and dividing the task arbitrarily isn’t helpful.

Thoughts on “American Jihad”

Hoffman wrote an interesting article on the state of play in terrorism in the U.S. context here. He makes a couple of interesting points that merit further discussion.

First, he calls into question statements by the U.S. government about the status of the fight against al Qaeda (e.g. “we are winning the fight”) primarily because, I think, he means a different thing than the statements mean. There seems to be general agreement that it’s helpful to think about AQ as existing in several forms: the “central’ group around bin Laden (what remains of it); various franchises that have taken on the name and at least some of the ideology (e.g. AQAP); and “homegrown” terrorist groups (and perhaps loners) who want to expand the significance of what they do by associating themselves with AQ, but whose actual connection, let alone direction, by the central group is questionable or difficult to know. When the U.S. government makes statements about al Qaeda, they seem to mean the central group; Hoffman is concerned with the entire spectrum of AQ groups.

He includes some quotations by intel folks about the Christmas bomber, including this one: “It’s not a technology issue, but an untrained people issue”. I don’t doubt that there are problems with the level of training, perhaps particularly at the point where data is collected, entered into computer systems, and assessed for significance. But I doubt that this is all, or even most, of the problem. As I’ve argued here extensively, everyone lacks data analysis systems that can induce the significance of new pieces of data and automatically bring them to the attention of analysts (although we know how — partially, anyway — to do this).

He also makes the point that “we seem able to focus on only on enemy in one place at one time”. This is exactly the point I made in an earlier post about the DoD — the bureaucracy seems to be set up to route too many crucial decisions through a few top people, so that attention is limited to what half a dozen minds can focus on.

He also calculates that the rate of jihadi plots within the U.S. (homegrown or home-based) is running at about one per month. This seems about right — another series of arrests were announced just today. On the one hand, this is sort of good news; some of the recent attacks have been mounted very quickly, that is, the people involved apparently radicalized to the point of planning and carrying out an attack in a matter of a few months. If the number of attacks is only one per month then there can’t be, as it were, a very deep pipeline.

But Hoffman’s thesis is that these low-level, amateurish, small-scale attacks may be guided by AQ Central as a way of distracting the intelligence system and tiring law enforcement and emergency responders; so that a more serious attack has a better chance of succeeding. It’s not clear how to test this thesis; many of the recent attacks have had some connection to e.g. Pakistan’s tribal areas but whether the support from there has been sincere, opportunistic, or motivated more strategically seems hard to judge.

Patterns in terrorism with different motivation

Brent Smith at the University of Arkansas (home page) has looked extensively at the patterns of preparation and attack of different kinds of terrorists: Islamist, left-wing, right-wing, environmental, and so on. What he has discovered is that there are systematic patterns to their preparations (timing, locations, types of ancillary activities) and attacks that differ depending on the flavor of group. Presumably this is subcultural, but also relates to typical sizes, and maybe complexity of attacks.

This work is helpful to investigators because it suggests when and where to look for attackers before an attack, and when and where to look for traces and forensic evidence after an attack. For example, attackers tend to live more or less exactly north, south, east, or west of where they carry out their attack (in the U.S.). Presumably this reflects the presence of the interstate highway system.

Ecoterrorism still with us

The story of a thwarted terrorist attack on an IBM nano facility in Switzerland didn’t get much media coverage — the most substantial story I could find was the UK Daily Mail here. Members of an anarchist/environmental group were stopped it appears by accident on their way to the target with bombs ready to go.

It’s a reminder, when the focus is on Islamist terrorism, that environmental terrorism is still significant.

Note also the firebombing of an Ottawa Bank, claimed to be by anarchists, which also received almost no media coverage.

I don’t quite know what to make of media lack of interest; maybe some implicit presumption that environmental or anarchist terrorism is less of a global problem?

Visiting Singapore

Should you, dear reader, be in Singapore or vicinity, you might be interested to know that I’m visiting May 25th-28th and giving three talks:

SMU, Tuesday 25th: Practical Applications of Spectral Techniques for Graphs

NTU, Computing, Wednesday 26th: Extracting Mental State in Adversarial Knowledge Discovery

NTU, International Centre for Political Violence and Terrorism Research, Thursday 27th: The Role of Knowledge Discovery in Counterterrorism

Details of times and locations from the obvious web sites.

Review of Burton’s “Ghost: Confessions of a Counterterrorism Agent”

Ghost: Confessions of a Counterterrorism Agent, Random House, 2008.

This book describes Burton’s experiences working in counterterrorism within the U.S. State Department in pre-9/11 days (which is presumably why he is free to talk about it). His working career covered roughly from the Achille Lauro to the first World Trade Center bombing and aftermath. He tells a good story and there are lots of bits of interesting background that I don’t recall making it into the public gaze at the time.

The main thing that struck me is that the U.S. national security apparatus seems too thin at the top; that is, there is somehow an inability to focus on more than a few issues at a time. In the context of this book, it seems as if, given the Soviet threat, there wasn’t enough attention to go around to also focus on the threat from terrorism. As a result, terrorist groups and their state sponsors seemed to have been able to get away with more than they should have. In other words, it doesn’t sound like the problem dealing vigorously with terrorism during the 80s was resources, or even willpower, but simply attention. One gets the same feeling today when the U.S. government seems unable to pay enough attention to Afghanistan, Iran, North Korea, al Qaeda; rather it seems to oscillate between them.

This may just be an illusion looking in from the outside. But I can’t help but think that there’s a bottleneck because of the limited attention of the President, National Security Advisor, and maybe Secretaries of Defence and State. Not enough delegation of enough power to get things done — understandable when blowback can escalate issues quickly, and perhaps still the aftermath of Iran-Contra.

The other striking thing is that terrorist movements of the time seemed to have substantial numbers of the psychiatrically troubled among their ranks. This is in sharp contrast to the argument made by Marc Sageman about al Qaeda (and perhaps more broadly). Sageman argues that, for this group at least, members were psychologically stable. The difference is important in the discussion about radicalization. If Islamist groups tend to recruit stable members then the threat will tend to be of one kind; if they tend to recruit less stable members, other kinds of threats may be more important. I haven’t seen more recent research examining this issue; nor have I seen it addressed explicitly in the radicalization literature.

Followup: I just finished “By His Own Rules”, the biography of Rumsfeld, and it supports my contention. It doesn’t sound like anything of importance happening in the DoD without Rumsfeld somehow being in the loop, even if it was only hearing about it. What a bottleneck, and what a waste of a leader’s time! It sounds as if Gates is a little better, but I don’t think the system allows real delegation of actual power.

I wasn’t impressed by the biography. Rumsfeld is obviously a puzzle: toweringly competent in some ways, but flawed in others. This book doesn’t begin to explain the contradictions, and spends far too much time documenting the Iraq invasion, rather than Rumsfeld.