IF A Muslim chemistry graduate takes an ill-paid job at a farm-supplies store what does it signify? Is he just earning extra cash, or getting close to a supply of potassium nitrate (used in fertiliser, and explosives)? What if apparent strangers with Arabic names have wired him money? What if he has taken air flights with one of those men, with separate reservations and different seats, paid in cash? What if his credit-card records show purchases of gadgets such as timing devices?
If the authorities can and do collect such bits of data, piecing them together offers the tantalising prospect of foiling terrorist conspiracies. It also raises the spectre of criminalising or constraining innocent people’s eccentric but legal behaviour.
In November 2002 news reports revealed the existence of a big, secret Pentagon programme called Total Information Awareness. This aimed to identify suspicious patterns of behaviour by “data mining” (also known as “pattern recognition”): computer-driven searches of large quantities of electronic information. After a public outcry it was dubbed, perhaps more palatably, Terrorism Information Awareness. But protests continued, and in September 2003 Congress blocked its funding.
Civil-liberties defenders are trying hard to stop data-mining becoming a routine tool for the FBI to spy on ordinary Americans. They say that the administration is racing in its final months to formalise in law programmes that have run solely under authorisation from the White House that bypasses Congress. One pending change would authorise more intelligence sharing between federal and local officials. In a federal court filing made public on September 20th, America’s attorney-general, Michael Mukasey, sought legal immunity for telecoms firms which have provided details on international phone calls. What happens in practice, and what the law permits, is a hot and unresolved issue.
Last month, after a briefing by the Department of Justice about a secret data-mining plan for the FBI, a group of American lawmakers wrote to Mr Mukasey complaining that the plan would allow the FBI to spy on Americans “without any basis for suspicion”. The proposed project could be made public in coming weeks.
No similar pan-European data-mining programme is operating, at least to public knowledge. Yet under an agreement signed in July last year airlines flying from the European Union to America have had to provide the authorities there with reservations data, as well as information obtained by airport-security screeners. This can include passengers’ race, religion, occupation, relatives, hotel reservations and credit card details. Internet service providers and telecoms firms in the EU must now keep for up to two years, though not automatically hand over, data on websites visited and phone calls made and received (but not the content of conversations).
Fast company
FAST, a Norwegian company bought by Microsoft this year for $1.3 billion, collects data from more than 300 sources (including the web) for national data-mining programmes in a dozen countries in Asia, Europe and North America. In April British members of Parliament learned that almost a year earlier the home secretary, Jacqui Smith, had secretly authorised the transfer of licence-plate data recorded by roadside cameras to foreign intelligence agencies. In June the Swedish Parliament voted into law a data-mining programme strongly backed by the defence ministry. From January 1st it will provide sweeping powers to monitor international electronic messages and telephone traffic.
The staggering, and fast-growing, information-crunching capabilities of data-mining technology broaden the definition of what is considered suspicious. In June America’s Departments of Justice and Homeland Security and a grouping of American police chiefs released the “Suspicious Activity Report—Support and Implementation Project”. Inspired in part by the approach of the Los Angeles Police Department, it urges police to question people who, among other things, use binoculars, count footsteps, take notes, draw diagrams, change appearance, speak with security staff, and photograph objects “with no apparent aesthetic value”.
Companies, and especially credit-reporting firms, generally enjoy more latitude than government bodies do in making personal information available to third parties. They find intelligence agencies are eager clients. Chris Westphal, head of Visual Analytics, a firm in Poolesville, Maryland that operates data-mining software for security and intelligence agencies, says the data provided by such firms is “very significant”. Narayanan Kulathuramaiyer, an expert in data mining at UNIMAS, a Malaysian university, says companies are selling database access to intelligence and law-enforcement agencies “at a level you would not even imagine”.
Legal challenges to governments’ use of personal information held by companies have reached high courts in many countries, including America’s Supreme Court. Rulings, however, have for the most part frustrated privacy advocates. Suzanne Spaulding, a former legal adviser to the Senate and House intelligence committees, says improvements in data-mining technology have enabled intelligence agencies to milk favourable court rulings in ways that exceed judicial intent. For example, such cases typically concern permission to use data from a single source, such as a phone company’s billing records. When different databases are mined simultaneously, the value of information increases exponentially.
Spies are increasingly snooping on private internet use. Katharina von Knop, a data-mining expert at the University of German Federal Armed Forces in Munich, says many systems remotely analyse the content of web pages people visit. A man who has travelled to, say, Peshawar, a stronghold of Islamist extremism in Pakistan, is considered more dangerous if he also reads the blog of an extremist Muslim cleric. If the cleric lives in Peshawar, the man’s suspicion score rises further. Data-mining software develops profiles by taking into account all web pages visited by a computer user; if a suspect visits a stamp-collecting website, the suspicion score is lowered.
Such profiling increasingly relies on “sentiment analysis”. Hsinchun Chen, head of the Artificial Intelligence Lab at the University of Arizona says this technique, which he performs for American and international intelligence agencies, is an emerging and booming field. The goal is to identify changes in the behaviour and language of internet users that could indicate that angry young men are becoming potential suicide-bombers. For example, a person who exhibits curiosity by visiting many Islamist websites and asking numerous questions in online forums might be flagged by sentiment-analysis software if he shows signs of resentment and eventually turns to “radicalising” others by, say, justifying violence and providing links to militant videos. Mr Chen says intelligence agencies in the United States, Canada, China, Germany, Israel, Singapore and Taiwan are customers for this technique.
Does it work?
Donald Tighe, vice-president for public affairs at In-Q-Tel, a non-profit investment outfit that helps the CIA stay abreast of advances in computing, says that data mining is now so powerful it has become “essential to our national security”. But campaigners for privacy have many worries. One fear, prevalent in Britain after incidents in which officials lost huge quantities of confidential personal information, is that the state may be even more careless with data than private firms are. Another is that innocents are flagged for further investigation or added to “watch-lists” that may impede air travel, banking and gaining jobs in places where radioactive materials are used, such as hospitals. The American Civil Liberties Union (ACLU), a lobby, says the list maintained by the Terrorist Screening Centre at the FBI now has more than 900,000 names, with 20,000 more every month. Being removed is tricky.
Data-mining may be bad for national security as well as for civil liberties. The software is often modelled on the fraud-detection applications used by financial institutions. But terrorism is much rarer. So spotting conditions that may precede attacks is harder. Mike German, a former FBI agent who now advises the ACLU, says intelligence agencies too readily believe in the “snake oil” of total information awareness, which drains effort from more useful activities such as using informers and infiltrators.
Abdul Bakier, a former official in Jordan’s General Intelligence Department, says that tips to foil data-mining systems are discussed at length on some extremist online forums. Tricks such as calling phone-sex hotlines can help make a profile less suspicious. “The new generation of al-Qaeda is practising all that,” he says.
Last year two pattern-detection programmes, ADVISE and TALON, run respectively by America’s Department of Homeland Security and the Pentagon, were shut down following privacy concerns and irregularities. Privacy advocates, however, say that other programmes continue—and many are operated, with minimal oversight, by the National Security Agency. The NSA insists that it does keep Congress informed. It also vigorously defends data mining, saying that if today’s systems were in place before the terrorist attacks of September 11th 2001, some of the hijackers would have been identified.
In July, after fierce debate, Congress imposed new limitations on government wiretapping when it renewed the expiring Foreign Intelligence Surveillance Act (FISA) sought by President George Bush after September 11th. The main law governing data mining, this has provided the administration with broad and unprecedented electronic-spying powers. But civil-liberties lobbies such as Amnesty International and Human Rights Watch say the renewed, restricted law leaves largely untouched far-reaching secret “black” programmes, run by the NSA, which crunch data on great numbers of people, including millions of Americans. Much of that is personal financial information collected by the Treasury.
Mr Bush says that FISA helps protect citizens’ liberties “while maintaining the vital flow of intelligence”. Several hours after the president signed the bill into law, the ACLU filed a federal lawsuit, on the grounds that the executive branch’s expanded wiretapping powers violated the constitution.
In 2001 American-led forces routed the Taliban in Afghanistan, destroying al-Qaeda training camps there. Berndt Thamm, who advises Germany’s armed forces on terrorism, says that in retreat the Islamists left valuable clues about their online communications and electronic plotting. It is in following up these leads that data mining and pattern analysis can, and should, be used. Such techniques, says Mr Thamm, are “the only answer” to jihadist extremists. That is the argument which the strenuous objections of civil libertarians need to overcome.
Codenamed Reynard it aims to recognise "normal" behaviour in online worlds and home in on anomalous activity.
It is likely to develop tools and techniques for intelligence officers who are hunting terrorists and terror groups on the net or in virtual worlds.
The project was welcomed by experts tracking terror groups using the net to organise or carry out attacks.
Growing threat
Brief details about Reynard came to light in a report sent to the US Congress by the Office of the Director of National Intelligence (ODNI) - which co-ordinates the work of US intelligence agencies.
 |
Using publicly available data Reynard researchers will carry out observational studies to establish "baseline normative behaviors".
Once these are identified, Reynard will "then apply the lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world".
"It's a positive step," said Andrew Cochran, founder and co-chairman of the Counterterrorism Foundation. "For a number of years we were behind in chasing jihadists' presence on the net and detecting it."
"That's a very sensible step at the moment," said Roderick Jones, a vice president of Concentric Solutions and a former special branch officer. "Just to feel their way around them and work out what new intelligence collection methods might be required to deal with this threat, because you won't be able to use traditional law enforcement methods."
New worlds
A senior intelligence officer at the ODNI said Reynard was in its very early stages and it was too soon to say which online worlds it would be studying. He added that any work on it would be purely for research rather than "operational" purposes.
|
|
"Terrorist use of the internet at the moment relies on password protected forums," he added.
Said Mr Cochran: "All of the major terrorist treatises have been distributed through the internet so taking it to a virtual world with multi-player role games is really an easy step."
It was inevitable that terror groups would make greater use of the internet and the possibilities that virtual spaces offered them, said Mr Jones.
"There's more a chance of things like Jihad worlds coming online in the next five years I think," he said.
The visual richness of virtual worlds made them good places to educate recruits about techniques, said Mr Jones.
Attack pattern
"We can see groups emerging in cyber spaces and virtual communities that would be wholly virtual," he said. "They would organise and radicalise in virtual worlds and attack using cyber methods without becoming a real world presence in any real way."
Many groups were likely to use the expertise and skills they learn in virtual worlds to target key net systems.
Ken Silva, chief technology officer for Verisign which oversees some of the net's core address books, said such an attack could be "devastating".
"We see a continuing growth in the amount of horsepower in the attacks that are directed at infrastructure servers," said Mr Silva.
|
|
Some of the basic systems of the net, such as the Border Gateway Protocol (BGP) which helps data reach its intended destination, were open to attack.
An accidental misconfiguration of BGP in some routers in Pakistan caused the recent problems with YouTube which left many people unable to reach the video site.
"BGP is essentially a relatively unprotected protocol and is seriously vulnerable to disruption," he said. "Should that happen, it could take a very long time to correct that situation."
"This has to be fought at every level," he said.
Under the technique, software sent in an email enables the authorities to spy on a suspect's computer hard drive.
The Federal Constitutional Court in Karlsruhe said cyber spying violated individuals' right to privacy and could be used only in exceptional cases.
Civil liberties activists have warned of an unacceptable invasion of privacy.
National precedent
The case - which began last year - was brought after the western state of North Rhine-Westphalia allowed officials to begin using the technique.
|
Court President Hans-Juergen Papier said that using such software contravened rights enshrined in Germany's constitution, adding that the decision would serve as a precedent across the country.
The ruling emphasised that cyber spying by the authorities would have to receive the permission of a judge.
The German government has described cyber spying as a vital tool in fighting terrorism.
Interior Minister Wolfgang Schauble welcomed the possibility of using the strategy and said it would be considered as part of plans to change the law.
"The court's decision must be carefully analysed and will be accounted for as the legislation is modified," he said.
Terror plots
Judicial approval is already required in Germany for a suspect's telephone to be tapped, and the interior ministry had been expecting the court to make a similar requirement for spying on computers.
During the case, Germany's independent privacy commissioner Peter Schaar argued that the measure would be a "further alarming step towards ever more sweeping surveillance".
Germany has uncovered a number of alleged terrorist plots in recent years.
In September 2007, the authorities arrested three men whom they claimed were planning bomb attacks around the country and belonged to militant Islamist group al-Qaeda.
Speaking after a meeting in Iraq's capital Baghdad, Ahmet Davutoglu said they would continue "until terrorist bases are eliminated".
But Iraqi Foreign Minister Hoshyar Zebari said the action was unacceptable and violated Iraq's sovereignty.
The US says it wants the offensive to end as soon as possible.
US Defence Secretary Robert Gates is visiting Ankara and says he has already raised concerns at the highest levels.
Casualty figures
But Mr Davutoglu, chief foreign policy adviser of Turkish Prime Minister Recep Tayyip Erdogan, told reporters: "Our objective is clear. Our mission is clear and there is no timetable... until the terrorist bases are eliminated."
|
|
Mr Zebari, speaking at the news conference with Mr Davutoglu after the talks, said Iraq wanted an immediate withdrawal.
"We condemn the terrorists and the PKK, but we also condemn the violations of the sovereignty of Iraq at the same time and we have to be very clear on that," he said.
Mr Zebari, himself a Kurd, added that the Kurdish regional government had expressed willingness to work with Turkey "to eliminate the threat from the PKK".
|
|
The Turkish military has been attacking bases of PKK rebels, who want a homeland in south-east Turkey.
Following the latest clashes, the military said 77 rebels and five of its soldiers had been killed. It says 230 rebels and 24 soldiers have been killed since the offensive was launched on Thursday.
The PKK rebels say they have killed at least 81 Turkish soldiers. Neither report can be independently verified.
Intelligence help
Speaking to the BBC in Delhi before leaving for Turkey, Mr Gates said the Turkish military operation against PKK bases should be very short and very precisely targeted.
Then, he added, the Turks should withdraw back across the border.
"They cannot solve the PKK terrorist problem which is a very real one from the Turks' standpoint," he said.
"A lot of innocent Turks have been killed by these terrorists. But they can't solve that problem entirely by military means and they need to begin thinking about what they're going to do in the non-military arena."
|
|
He said the US had provided additional intelligence and reconnaissance help to Turkey, but would also be ready to offer non-military solutions to the problem.
More than 30,000 people have been killed since the PKK began their campaign in 1984.
Ankara says as many as 3,000 PKK members use northern Iraq as a safe haven.
The US, the EU and Turkey consider the PKK to be a terrorist organisation.
Speaking at a security conference in Bahrain, Mr Narayanan said new al-Qaeda training schools had been established close to the Afghan-Pakistan border.
He said Indian intelligence reports had also identified the recruits as being from 14 different countries.
He said their targets also included high profile politicians.
Economic infrastructure in the Gulf region, such as oil pipelines and storage depots, electricity pylons and ocean going tankers are also at risk, said Mr Narayanan.
International brigade
The training of recruits, he said, had become extremely rigorous and the Gulf Arab states were highly vulnerable to such threats.
Referring to what he called "asymmetric war techniques" - the practice of attacking a more powerful enemy's weak spots - India's security adviser said the region faced a new paradigm of al-Qaeda-inspired terrorism through its extensive network of planning, funding, training and arms supply.
The training schools, he said, were turning out a new international brigade of terrorists.