Understanding risk at the disaster end of the spectrum

In conventional risk analysis, risk is often expressed as

risk = threat probability x potential loss

When the values of the terms on the right hand side are in the middle of their ranges, then our intuition seems to understand this equation quite well.

But when the values are near their extremes, our intuition goes out the window, as the world’s coronavirus experience shows. The pandemic is what Taleb calls a black swan, an event where the threat probability is extremely low, but the potential loss is extremely high. For example, if the potential loss is of the order of 10^9 (a billion) then a threat probability of 1 in a thousand still has a risk of magnitude a million.

I came across another disaster waiting to happen, with the same kind fo characteristics as the coronavirus pandemic — cyber attacks on water treatment facilities.

https://www.csoonline.com/article/3541837/attempted-cyberattack-highlights-vulnerability-of-global-water-infrastructure.html

In the U.S. water treatment facilities are small organizations that don’t have specialized IT staff who can protect their systems. But the consequences of cyber attacks on such facilities can cause mass casualties. While electricity grids, Internet infrastructure, and financial systems have received some protection attention, water treatment is the forgotten sibling. A classic example of a small (but growing) threat probability but a huge potential loss.

The threat isn’t even theoretical. Attacks have already been attempted.

What causes extremist violence?

This question has been the subject of active research for more than four decades. There have been many answers that don’t stand up to empirical scrutiny — because the number of those who participate in extremist violence is so small, and because researchers tend to interview them, but fail to interview all those identical to them who didn’t commit violence.

Here’s a list of the properties that we now know don’t lead to extremist violence:

• ideology or religion
• deprivation or unhappiness
• political/social alienation
• discrimination
• moral outrage
• activism or illegal non-violent political action
• attitudes/belief

How do we know this? Mostly because, if you take a population that exhibits any of these properties (typically many hundreds of thousand) you find that one or two have committed violence, but the others haven’t. So properties such as these have absolutely no predictive power.

On the other hand, there are a few properties that do lead to extremist violence:

• being the child of immigrants
• having access to a local charismatic figure
• travelling to a location where one’s internal narrative is reinforced
• participation in a small group echo chamber with those who have similar patterns of thought
• having a disconnected-disordered or hypercaring-compelled personality

These don’t form a diagnostic set, because there are still many people who have one or more of them, and do not commit violence. But they are a set of danger signals, and the more of them an individual has, the more attention should be paid to them (on the evidence of the past 15 years).

You can find a full discussion of these issues, and the evidence behind them, in ““Terrorists, Radicals, and Activists: Distinguishing Between Countering Violent Extremism and Preventing Extremist Violence, and Why It Matters” in Violent Extremism and Terrorism, Queen’s University Press, 2019.

 

Security theatre lives

Sydney tests its emergency notification system in the downtown core at the same time of day every time. So if a person wanted to cause an incident, guess what time they would choose?

It also seems to be done on Fridays, which is exactly the worst day to choose, since it’s the most common day for islamist incidents.

Security theatre = doing things that sound like they improve security without actually improving them (and sometimes making them worse).

Come back King Canute, all is forgiven

You will remember that King Canute held a demonstration in which he showed his courtiers that he did not have the power to hold back the tide.

Senior officials in Washington desperately need courtiers who will show them, with equal force, that encryption has the same sort of property. If it’s done right, encrypted material can’t be decrypted by fiat. And any backdoor to the encryption process can’t be made available only to the good guys.

The current story about Apple and the encrypted phone used by one of the San Bernadino terrorists is not helping to make this issue any clearer to government, largely because the media coverage is so muddled that nobody could be blamed for missing the point.

The basic facts seem to be these: the phone is encrypted, the FBI have been trying to get in to it for some time, and there’s no way for anyone, Apple included, to burn through the encryption without the password. This is all as it was designed to be.

The FBI is now asking Apple to alter the access control software so that, for example, the ten-try limit on password guesses is disabled. Apple is refusing on two grounds. First, this amounts to the government compelling them to construct something, a form of conscription that is illegal (presumably the FBI could contract with Apple to build the required software but presumably Apple has no appetite for this).

Second, Apple argues that the existence proof of such a construct would make it impossible for them to resist the same request from other governments, where the intent might be less benign. This is an interesting argument. On the one hand, if they can build it now, they can build it then, and nobody’s claiming that the required construct is impossible. On the other hand, there’s no question that being able to do something in the abstract is psychologically quite different from having done it.

But it does seem as if Apple is using its refusal as a marketing tool for its high-mindedness and pro-privacy stance. Public opinion might have an effect if only the public could work out what the issues are — but the media have such a tenuous grasp that every story I saw today guaranteed greater levels of confusion.

Islamist violent extremism and anarchist violent extremism

Roughly speaking, three explanations for islamist violent extremism have been put forward:

1. It’s motivated by a religious ideology (perhaps a perversion of true Islam, but sincerely held by its adherents);
2. It’s motivated by political or insurgent ends, and so the violence is instrumental;
3. It’s the result of psychological disturbance in its adherents.

In the months after the 9/11 World Trade Center attacks, Marc Sageman argued vigorously for the first explanation, pointing out that those involved in al Qaeda at the time were well-educated and at least middle class, were religious, and showed no signs of psychological disturbances. There was considerable push back to his arguments, mostly promoting Explanation 3 but, in the end, most Western governments came around to his view.

In the decade since, most Western countries have slipped into Explanation 2. I have argued that this is largely because these countries are post-Christian, and so most of those in the political establishment have post-modern ideas about religion as a facade for power. They project this world view onto the Middle Eastern world, and so cannot see that Explanation 1 is even possible — to be religious is to be naive at best and stupid at worst. This leads to perennial underestimation of islamist violent extremist goals and willingness to work towards them.

It’s widely agreed that the motivation for Daesh is a combination of Explanations 1 and 2, strategically Explanation 1, but tactically Explanation 2.

The new feature, however, is that Daesh’s high-volume propaganda is reaching many psychologically troubled individuals in Western countries who find its message to be an organising principle and a pseudo-community.

“Lone wolf” attacks can therefore be divided into two categories: those motivated by Explanation 1, and those motivated by Explanation 3, and the latter are on the rise. Marc Sageman has written about the extent to which foiled “plots” in the U.S. come very close to entrapment of vulnerable individuals who imagine that they would like to be terrorists, and take some tiny initial step, only to find an FBI agent alongside them, urging them to take it further. (M. Sageman, The Stagnation in Terrorism Research, Terrorism and Political Violence, Vol. 26, No. 4, 2014, 565-580)

Understanding these explanations is critical to efforts at de-radicalization. Despite extensive efforts, I have seen very little evidence that de-radicalization actually works. But it make a difference what you think you’re de-radicalizing from. Addressing Explanation 1 seems to be the most common strategy (“your view of Islam is wrong, see the views of respected mainstream Imams, jihad means personal struggle”).

Addressing Explanation 2 isn’t usually framed as de-radicalization but, if the violence is instrumental, then instrumental arguments would help (“it will never work, the consequences are too severe to be worth it”).

Addressing Explanation 3 is something we know how to do, but this explanation isn’t the popular one at present, and there are many pragmatic issues about getting psychological help to people who don’t acknowledge that they need it.

Reading the analysis of anarchist violence in the period from about 1880 to around 1920 has eerie similarities to the analysis of islamist violence in the past 15 years, both in the popular press, and in the more serious literature. It’s clear that there were some (but only a very few) who were in love with anarchist ideology (Explanation 1); many more who saw it as a way (the only way) to change society for the better (Explanation 2) — one of the popular explanations for the fading away of anarchist attacks is that other organisations supporting change developed; but there were also large numbers of troubled individuals who attached themselves to anarchist violence for psychological reasons. It’s largely forgotten how common anarchist attacks became during these few decades. Many were extremely successful — assassinations of a French president, an American president, an Austrian Empress, an Italian king — and, of course, the Great War was inadvertently triggered by an assassination of an Archduke.

Western societies had little more success stemming anarchist violence than we are having with islamist violence. The Great War probably had as much effect as anything, wiping out the demographic most associated with the problem. We will have to come up with a better solution.

(There’s a nice recap of anarchist violence and its connections to islamist violence here.)

If you see something, say something — and we’ll ignore it

I arrived on a late evening flight at a Canadian airport that will remain nameless, and I was the second person into an otherwise deserted Customs Hall. On a chair was a cloth shoulder bag and a 10″ by 10″ by 4″ opaque plastic container. Being a good citizen, I went over to the distant Customs officers on duty and told them about it. They did absolutely nothing.

There are lessons here about predictive modelling in adversarial settings. The Customs officers were using, in their minds, a Bayesion predictor, which is the way that we, as humans, make many of our predictions. In this Bayesian predictor, the prior that the ownerless items contained explosives was very small, so the overall probability that they should act was also very small — and so they didn’t act.

Compare this to the predictive model used by firefighters. When a fire alarm goes off, they don’t consider a prior at all. That is, they don’t consider factors such as: a lot of new students just arrived in town, we just answered a hoax call to this location an hour ago, or anything else of the same kind. They respond regardless of whether they consider it a ‘real’ fire or not.

The challenge is how to train front-line defenders against acts of terror to use the firefighter predictive model rather than the Bayesian one. Clearly, there’s still some distance to go.

Radicalization — it’s just a phase he’s going through

All of the discussion of radicalization in the past few weeks seems to assume that it’s a one-way process.

But if it’s a process with a large personality component (and evidence suggests it is); and if it’s a phenomenon associated with adolescence and young adulthood (which are times of attitudinal change anyway); and if the data fits models of infection by disease (and they do), then it seems plausible that, for many people, radicalization is a phase they go through. Such people will not be obtrusive because they never act on their (temporary) beliefs, and eventually cease to hold them. If radicalization can be a temporary phenomenon, then there’s de-radicalization, but there’s also post-radicalization; the first extrinsic, but the second intrinsic.

What’s the practical relevance? If some people “get over” their radicalization, then it argues for more gentle responses during the infected period. Actions such as interviews by security services with radicalized individuals and their relatives (a practice of MI5, and soon to be possible in Canada via bill C-51), and pulling passports may indeed have negative consequences if they make infected individuals become more entrenched (and less likely to become cured).

Of course, there are risks to a more gentle intervention strategy (and government departments are allergic to risks). But, for countries with exit controls, perhaps it’s better to rely on these than to act more explicitly; and at least the discussions about strategy should keep the possibility of cure in mind.

Multiculturalism’s role in radicalization

The children of immigrants have, historically, had two choices:

1. Assimilate into the culture, retaining vestiges of their original culture (typically foods, celebrations, and perhaps a bias towards marrying cultural cognates);
2. Remain part of an enclave of their original culture.

Option 1 is by far the most common. Option 2 only works when the original culture is itself highly organized, and it carries high risks for the immigrants. This option has often been followed by the Jewish diaspora (with obvious downsides, including periodic expulsions from European countries, and worse), but there are other examples. Note the wisdom of the formal Amish mechanism of rumspringa, which provides a choice point for young people to commit to the culture, or not.

In historical immigrations, these choices are clearly differentiated and there is little midde ground.

The invention of the idea of multiculturalism created the opportunity to move to a new country, assimilate (apparently), and preserve the culture of origin (apparently). This sounds like a great idea (“best of both worlds”) apart from one simple fact: it doesn’t work.

The set of those who have been radicalized in Western countries and either carried out attacks there, or made their ways to the Middle East is almost entirely made up of the children of immigrants. Many of these individuals have been studied and interviewed, and there is one clear pattern: feeling like they didn’t belong in either their original culture (their parents often being glad to have escaped it at some level and so having moved away from it), nor in the “new” culture in which they have grown up. Not feeling like they fit into the culture in which they grow up is, of course, a common teenage pattern — but most teenagers don’t have such a ready-made explanation for why they feel as they do. Multiculturalism, because it creates the apparent space to avoid commitment to one culture or the other, must bear some of the responsibility for radicalization. (This may also be part of the explanation for why engineers are so over-represented in the ranks of the radicalized — a tolerance for ambiguity may help those growing up between two cultures to navigate the difficult years of adolescence and young adulthood. Most engineers I know are more comfortable with black and white settings than with ambiguity.)

Of course, this can only be part of the explanation. One of the pitfalls for those who seek an explanation for radicalization is that, for every individual who becomes radicalized, there are 99 others who experienced apparently identical life trajectories (sometimes even siblings) without becoming radicalized, often without seeming to feel even the faintest pull towards radical ideologies.Personality must, therefore, play a huge part, and this is often underappreciated.

Religious does not equal stupid

A range of people, from David Brooks to Peter Bergen, have responded to the rhetoric associated with the Countering Violent Extremism Summit held in Washington this week. They point out that the motivation for Daish (aka ISIL [nobody knows why the U.S. White House, alone in the world, insists on this acronym] or ISIS) cannot be understood in terms of the American middle class and its aspirations: jobs, relationships, family, economic prosperity. Islam did not come boiling out of the deserts of Arabia in the 7th century because of the lack of economic opportunity in the sphere of camel raising.

But behind these misunderstanding lies a deeper one. Many of the elites in government and industry in Western countries think that people who have religious beliefs are either: stupid for believing something so self-evidently wrong; or devious and cunning in pretending to have religious beliefs as a tool for exerting power (in the best traditions of post-modernism). Now of course they don’t necessarily think this explicitly, but the language being used in much of the discussion of radicalization and its causes makes it fairly obvious that they do think this implicitly. In other words, one or other of these two views informs the way they frame the problem of islamist radicalism to themselves.

Why do sane young men (and women) give up a lifestyle in the West that, while often not perfect, is much better than third-world conditions and the prospect of death in Syria? Holding either of these misconceptions distorts the view of the problem, and of the West’s opponents, to the point of delusion. If you think your opponents must somehow be intellectually stunted to believe what they do, you are never going to understand why other people find these beliefs attractive, and so will never be able to craft a strategy to defend against islamist propaganda that has any chance of working. If you think your opponents are hypocritical and opportunistic (not believing their own message) then you will equally never be able to craft a working defence. The temptation is to think (again implicitly) that radicalization must somehow be a kind of mental illness; perhaps we’ll begin to see “solutions” with that flavour rather than the current socio-economic flavour, coming into vogue soon.

I don’t have a solution. But the evidence so far (and I’ve done some empirical work in this area) is that socio-economic explanations for radicalization do not go very far; and that de-radicalization programs (or early-stage counter-radicalization strategies) that start with this assumption are even less useful. A more nuanced, and more realistic, view of our opponents and their motivations is desperately needed.

[Added later: The weekend news programs, which were filled with post mortems on the Countering Violent Extremism meeting, were great examples of the misconceptions I suggested in this post. Farid Zakaria actually made the claim that ISIS were faking their apparent beliefs to gain power. For a IMHO more realistic view, this article from the Atlantic: What ISIS Really Wants.]

Empirical Assessment of Al Qaeda, Isis, and Taliban Propaganda

I’ve just been working on assessing the potential impact of the three major magazines: Inspire (AQAP), Azan (Taliban), and Dabiq (ISIS), competing for the market in lone wolf jihadists in the West.

I compare these magazines using models for the intensity of informative, imaginative, deceptive, jihadist, and gamification language, and build an empirical model for propaganda which combines these into a single scale.

Unsurprisingly, Dabiq ranks highest in propaganda intensity.

The details can be found in the full draft paper, posted to SSRN:

Skillicorn, David, Empirical Assessment of Al Qaeda, Isis, and Taliban Propaganda (January 7, 2015). Available at SSRN: http://ssrn.com/abstract=2546478.

Inspire and Azan paper is out

The paper Edna Reid and I wrote about the language patterns in Inspire and Azan magazines has now appeared (at least online) in Springer’s Security Informatics journal. Here’s the citation:

“Language Use in the Jihadist Magazines Inspire and Azan”
David B Skillicorn and Edna F Reid
Springer Security Informatics.2014, 3:9
Security Informatics

The paper examines the intensity of various kinds of language in these jihadist magazines. The main conclusions are:

• These magazines use language as academic models of propaganda would predict, something that has not been empirically verified at this scale AFAIK.
• The intellectual level of these magazines is comparable to other mass market magazines — they aren’t particularly simplistic, and they assume a reasonably well-educated readership.
• The change in editorship/authorship after the deaths of Al-Awlaki and Samir Khan are clearly visible in Inspire. The new authors have changed for each issue, but there is an overarching similarity. Azan has articles claiming many different authors, but the writing style is similar across all articles and issues; so it’s either written by a single person or by a tightly knit group.
• Jihadist language intensity has been steadily increasing over the past few issues of Inspire, after being much more stable during the Al-Awlaki years (this is worrying).
• Inspire is experimenting with using gamification strategies to increase motivation for lone-wolf attacks and/or to decrease the reality of causing deaths and casualties. It’s hard to judge whether this is being done deliberately, or by osmosis — the levels of gamification language waver from issue to issue.

ISIS is putting out its own magazine. Its name, “Islamic State News”, and the fact that it is entirely pictorial (comic or graphic novel depending on your point of view) says something about their view of the target audience.

Update on Inspire and Azan magazines

Issue 12 of Inspire and Issue 5 of Azan are now out, so I’m updating the analysis of the language patterns in these two sequences of magazines.

To recap, both of these magazines are glossy and picture-heavy and intended primarily to encourage lone-wolf attacks by diaspora jihadists. It’s unclear how much impact they have actually had — several attackers have had copies, but so have many other non-attackers in the same environments. We have written a full analysis that can be downloaded from SSRN (here).

Here is the variation among issues for Inspire, based on the 1000 most-frequent words:

You can see that the first 8 issues, edited by Samir Khan, are quite similar to one another, except for Issues 3 and 7, which are different in tone (and quite similar to one another, although that isn’t obvious in this figure). The new issues, by unknown editors don’t resemble one another very much, but they do have an underlying consistency (they form almost a straight line) which argues for some underlying organization.

The other interesting figures are based on a model of the intensity of jihadi language. The figure shows the variation among issues of both magazines, with jihadi intensity increasing from right to left:

Overall, the jihadist intensity of Azan is lower than that of Inspire; but the most recent four issues of Inspire represent a departure: their levels are much, much greater than previous issues of Inspire and all of the issues of Azan. This is a worrying trend.

Compelling evidence on Benghazi timeline

Kathleen Carley presented work on the social media data flow before, during, and after the Benghazi embassy attack in September 2012. She happened to be teaching a course on analysis of social media (tweets and mainstream media) over the early part of September and was able to quickly repurpose it.

Her results show that, in Libya, there was no social media discussion of the embassy attacks until several hours after they happened. Discussion of the infamous movie also only begins well after the attacks and then only as a result of speculation about whether it played any role.

In contrast, Egyptian social media feeds were abuzz with demonstration rhetoric well before the activity in Cairo.

This seems to provide a compelling argument against any “spontaneous demonstration” scenario to explain what happened in Benghazi (if anyone still thinks that). It’s also a nice demonstration of the coming of age of real-time social media analysis, although it also shows that getting real-time analysis requires having a team in place before hand.

The reference is: Near Real Time Assessment of Social Media Using Geo-Temporal Network Analytics, Kathleen M. Carley,  Juergen Pfeffera, Huan Liu, Fred Morstatter, Rebecca Goolsby, Proceedings of Advances in Social Network Analysis and Modelling (ASONAM) 2013, ACM & IEEE, 517-524.

More thwarted attacks in Canada

Some things in life happen because of a lot of little decisions over time — if you don’t brush your teeth you’re going to get cavities; others happen very quickly — you might see a TV program about a hobby only once and it becomes something that you do through your whole life. Radicalisation is more like the latter than the former.

As a rule of thumb, in Western countries about 1 in 10,000 Muslims becomes a violent extremist. So that means that 9,999 people in the same families, suburbs, schools, work environments, with the same access to government services, and with the same neighbours don’t become radicalised. Right away, that’s a pretty strong signal that the causes of radicalisation are not macro causes, but much smaller ones, related to individual personalities and life journeys. The problem isn’t with any government’s international policies, or with it’s domestic policies, or with its social support system; it’s about the accidental events. Which means that there isn’t a lot to be done about it via the heavy hammers of government programs.

It also means that finding people who have become violent extremists is difficult. There is an advantage to a global brand like al Qaeda: it encourages wannabees to get in touch with it, providing an opportunity for intelligence and law enforcement to notice. Canada’s record at finding Islamist violent extremists before they carry out attacks has been good, much better than its record at finding those who’ve been blowing up hydro towers and banks precisely because these other violent extremists don’t need to communicate outside of whatever their small group is.

We’ll wait to see if Nuttall and Korody really did ‘self-radicalise’ without any contact with someone who was already radicalised, and whether the security services got onto them without a tipoff from someone who knew them — if either of these, that will be a first for Canada.

You may also be interested in ‘fertilizer’ or ‘last minute flights’

or ‘7 amazing ways to remove explosive residue’.

As I mentioned in my last post, the online-advertising businesses are spending as much time building models of us all as the NSA is spending building models of violent extremists, and have access to more data.

So how are they doing? If we looked at the ads being served to people like the Tsernaev brothers, would we find that these businesses have (unwittingly) built usable models of lone-wolf violent extremists — and so the pattern of ads served to such people is actually a signal of their potential for violence? There seems at least a decent chance that they have and maybe this should be followed up.

Government signals intelligence versus multinationals

In all of the discussion about the extent to which the U.S. NSA is collecting and analyzing data, the role of the private sector in similar analysis has been strangely neglected.

Observe, first, that all of the organizations that were asked to provide data to the NSA did not have to do anything special to do so. Verizon, the proximate example, was required to provide, for every phone call, the originating and destination numbers, the time, the duration, and the cell tower(s) involved for mobile calls — and all of this information was already collected. Why would they collect it, if not to have it available for their own analysis? It isn’t for billing — part of the push to envelope pricing plans was to save the costs of producing detailed bills, for which the cost was often greater than the cost of completing the call itself.

Second, government signals intelligence is constrained in the kind of data they are permitted to collect: traffic analysis (metadata) for everyone, but content only for foreign nationals and those specifically permitted by warrants for cause. Multinationals, on the other hand, can collect content for everyone. If you have a gmail account (I don’t), then Google not only sees all of your email traffic, but also sees and analyzes the content of every email you send and receive. If you send an email to someone with a gmail account, the content of that email is also analyzed. Of course, Google is only one of the players; many other companies have access to emails, other online communications (IM, Skype), and search histories, including which link(s) in the search results you actually follow.

A common response to these differences is something like “Well,  I trust large multinationals, but I don’t trust my government”. I don’t really understand this argument; multinationals are driven primarily (?only) by the need for profits. Even when they say that they will behave well, they are unable to carry out this promise. A public company cannot refrain from taking actions that will produce greater profits, since its interests are the interests of its shareholders. And, however well meaning, when a company is headed for bankruptcy and one of its valuable assets is data and models about millions of people, it’s naive to believe that the value of that asset won’t be realized.

Another popular response is “Well, governments have the power of arrest, while the effect of multinational is limited to the commercial sphere”. That’s true, but in Western democracies at least it’s hard for governments to exert their power without inviting scrutiny from the judicial system. At least there are checks and balances. If a multinational decides to exert its power, there is much less transparency and almost no mechanism for redress. For example, a search engine company can downweight my web site in results (this has already been done) and drive me out of business; an email company can lose all of my emails or pass their content to my competitors. I don’t lose my life or my freedom, but I could lose my livelihood.

A third popular response is “Well, multinationals are building models of me so that they can sell me things that are better aligned with my interests”. This is, at best, a half-truth. The reason they want a model of you is so that they can try and sell you things you might be persuaded to buy, not things that that you should or want to buy. In other words, the purpose of targeted advertising is at least to get you to buy more than you otherwise would, and to buy the highest profit margin version of things you might actually want to buy. Your interests and the interests of advertisers are only partially aligned, even when they have built a completely accurate model of you.

Sophisticated modelling from data has its risks, and we’re still struggling to understand the tradeoffs between power and consequences and between cost and effectiveness. But, at this moment, the risks seem to me to be greatest from multinational data analysis than from government data analysis.

Terrorist incidents come in only a few flavors

Terrorist attacks are different in many ways: they take place in different countries, with different motivations behind them, using different mechanisms, and with varying degrees of success. But are there any commonalities that could be used, for example, to categorize them and so to defend against them in more focused ways? The answer is yes, there are large-scale similarities.

To do this analysis, I started from the Global Terrorism Database developed by START, the National Consortium for the Study of Terrorism and Responses to Terrorism. The database contains details of all incidents that meet their coding standards since the beginning of 1970, and I used the version released at the end of 2012. There was one major discontinuity where new fields were added but overall the coding has been consistent over the entire 40+ year period.

The image below shows the clustering of all attacks over that time period:

The large structure looks like a hinge with clusters A and B at the top, clusters C and D forming the hinge itself, and clusters E, F, G, and H at the bottom. There’s also a distinction between the clusters at the front (B, D, F, and H) and those at the back (A,C,E, and G). (You’ll have to expand the figure to see the labels clearly.)

The first thing to notice is that there are only 8 clusters and, with the exception of H which is quite diffuse, they clusters are fairly well defined. In other words, there are 8 distinctive kinds of terrorist attack (and only 8, over a very long time period).

Let’s dig into these clusters and see what they represent. The distinction between the front and the back is almost entirely related to issues of attribution: whether the attack was claimed, how clear that claim is (for example, are there multiple claim of responsibility for the same incident), and whether the incident should be properly claimed as terrorism or something else (quasi-military, for example).

The structure of the hinge differentiates between incidents involving capturing people (hijackings or kidnappings in A and B) and incidents that are better characterized as attacks (C, D, E, F, G, H).  The extremal ends of A and B (to the right) are incidents that lasted longer and/or the ransom was larger.

The differences between C/D, E/F, and G/H arise from the number of targets (which seems to be highly correlated with the number of different nationalities involved). So C and D are attacks on a single target, E and F are attacks on two targets, and G and H are attacks on three targets. Part of the diffuse structure of H happens because claims are always murkier for more complex attacks and part because there is a small group of incidents involving 4 targets that appears, as you’d expect, even further down and to the right.

Here are some interesting figures which overlay the intensity of a property on the clustering, so that you can see how it’s associated with the clusters:

This figure shows whether the incident was claimed or not. The color coding runs from dark red to bright yellow; I’m not specifying the direction, because it’s complicated, but the contrast shows differences. In each case, the available color spectrum is mapped to the range of values.

This figure shows the differences between incidents where there were some hostages or kidnapped and those where there weren’t.

This figure shows that the country in which the incident took place is mostly unrelated to other properties of the incident; in other words, attacks are similar no matter where they take place.

This analysis shows that, despite human variability, those designing terrorist incidents choose from a fairly small repertoire of possibilities. That’s not to say that there couldn’t be attacks in which some people are also taken hostage; rather that those doing the planning don’t seem to conceptualize incidents that way, so when it happens it’s  more or less by accident. Perhaps some kind of Occam’s razor plays a role: planning an incident is already difficult so there isn’t a lot of brainpower to try for extra cleverness, and there’s probably also a perception that complexity increases risk.

Facial recognition

Most of the drama shows on television build on some kind of facial recognition, a set of faces flickering rapidly in the background, getting a match just as the main characters rendezvous in front of the screen.

I looked into the performance of facial recognition for my book “Knowledge Discovery for Counterterrorism and Law Enforcement (Taylor and Francis, available from all good booksellers) but it’s been a while so I thought I would go back and look at the current state-of-the-art.

First, it probably doesn’t have to be said, but real systems don’t display all of the faces as they process them — if they did it would slow them up by a factor of more than a thousand.

Second, what is their performance? There are many variables: camera angle, lighting, amount of space (and so detail) available for image storage.

There are also different versions of the problem. One important one is deciding if this specific stored image matches this just-captured image or not. This is what is used with biometric data stored in passports; there’s a digitized version of the photo you submitted in the chip in your passport; when you cross a border, a photo is taken of you (again, under quite controlled conditions) and that new photo is matched to the old. Even for such a 1-to-1 match the error rate is not trivial — I’ve seen 25% quoted which seems high, but agrees with my own experience.

The more common problem (in tv shows) is that an image has been captured from, say, CCTV and the goal is to determine if the person with that image is in a large database of identified images. In the jargon, the database images are called enrolled, and the newly collected one is called a probe.

Performance is usually characterized by giving a False Match Rate (FMR), the rate of matching a probe to an enrolled image when they aren’t actually the same person. So, for an access control system, this is the rate at which the system would let an intruder in. At present, values of around 0.001 (1 in a thousand) are typical. For this value, then, the dependent variable is the False Non Match Rate (FNMR) which is the rate at which someone who does match gets missed. So, for an access control system, this means that a legitimate entrant gets locked out.  These are typically in the range 0.03 to about twice that (3 in a hundred).

You can see that these results are much, much weaker than those portrayed on tv. If the database contains a million images, then it’s not a case of exclaiming “We found a match” but “we found a thousand matches (and now we have to go through them and see if we think any of them is actually a match)”. Not finding a match would be much more surprising. Some systems seem to be much worse; you don’t have to look far to find stories of facial recognition systems that have never matched anyone, even when their images are known to have been captured as probes — part of the problem being that one person in a hoodie looks pretty much like any other person in a hoodie.

From an access control point of view, these rates mean that there’s a 1 in a thousand chance of an intruder getting is (which is probably acceptable for many situations), but 3% or more of the time, legitimate users will have to try again. I haven’t seen any data, but presumably the false non matches are not uniformly distributed, so that some people have to try again much more often than others (i.e. not all faces are equally recognisable).

Of course, these performance numbers are, if not in ideal conditions, then in reasonable conditions, whereas real images tend to be much more variable (weather, dust on the camera lens, shake on the mounting,…). And, of course, in real systems you can’t zoom in and miraculously produce more pixels as they seem to be able to do on tv. So there’s quite a long way to go. I think it’s fair to say that progress is being made — but facial recognition is a long way from production use.

Radicalisation as infection

I’ve argued in previous posts that the process of radicalisation is one that depends largely on properties of the individual, rather than on grand social or moral drivers — personality rather than society — and that it depends on the presence of an actual person (already radicalised) who makes the potential ideas real.

There is an alternative. Woo, Son, and Chen (J. Woo, J. Son, and H. Chen. An SIR model for violent topic diffusion in social media. In Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics, ISI 2011, July 2011) show that radicalisation behaves a little bit like an infection (at least in the domain of ideas which they measure from forum postings). They show that the SIR (Susceptible-Infected-Recovered) model of disease transmission fits the data fairly well. In this model, members of a population begin in the susceptible state; they become infected with some probability A, and then recover with some probability B. After they’ve recovered they are no longer susceptible.

For the data they looked at, A was of the magnitude of 10^-4, so about 1 in 10,000 becomes infected. Once infected, B varied depending on the intensity of the topic from around 0.65 to 0.96. In other words, the probability of a ‘cure’ is well above a half, sometimes virtually certain.

This model suggests some interesting probabilities. First, it suggest that radicalisation is a state that can cure itself; in other words, we shouldn’t necessarily assume that once radicalised means always radicalised. Second, there may be a greater pool of people who pass through the stage of being radicalised but do not get it together to actually act on it before the fever breaks — perhaps because they don’t get the right training or the right opportunity at the time when they would exploit it if they could.

The numbers work out about right. There are around a million Muslims in the U.S. but the number who have (attempted to) carry out attacks is in the small number of dozens.

Questions are data too

In the followup investigation of the Boston Marathon bombings, we see again the problem that data analytics has with questions.

Databases are built to store data. But, as Jeff Jones has most vocally pointed out, simply keeping the data is not enough in adversarial settings. You also need to keep the questions, and treat them as part of the ongoing data. The reason is obvious once you think about it — intelligence analysts need not only to know the known facts; they also need to know that someone else has asked the same question they just asked. Questions are part of the mental model of analysts, part of their situational awareness, but current systems don’t capture this part and preserve it so that others can build on it. In other words, we don’t just need to connect the dots; we need to connect the edges!

Another part of this is that, once questions are kept, they can be re-asked automatically. This is immensely powerful. At present, an analyst can pose a question (“has X ever communicated with Y?”), get a negative answer, only for information about such a communication to arrive a microsecond later and not be noticed. In fast changing environments, this can happen frequently, but it’s implausible to expect analysts to remember and re-pose their questions at intervals, just in case.

We still have some way to go with the tools and techniques available for intelligence analysis.