A new social media surveillance solution provides real-time monitoring of on-line communities. It works by employing text analytics to correlate threatening language to surveillance subjects, this providing investigators with warning signs of credible threats.
After a hate crime has been committed, police officers often learn that warning signs had been posted on social media sites. Often, the same is true with other crimes, such as gang activity, child abductions, drug buys and the like. The challenge is that these warning signs are found among millions of Web pages. Manually going through these sites is impossible. While automated threat analysis tools help, they require linguistics expertise and other tools traditionally available only to elite agencies to identify actual threats. ECM Universe’s Rapid Content Analytics (RCA) for Law Enforcement is changing that by moving emerging technology used only by these elite agencies to the forefront of everyday law enforcement. The solution was officially launched by ECM Universe this year at GovSec – the Government Security Conference & Expo. Founded in 2000, ECM Universe implements enterprise content management systems for government and commercial organizations and specializes in content analytics, eDiscovery and document management solutions on the IBM FileNet platform.
Certification for RCA for Law Enforcement as an antiterrorist solution by the Department of Homeland Security, Office of SAFETY Act Implementation is expected by the end of this year. ECM is working to implement the solution with federal, community and campus police agencies, but, due to the sensitive nature of the solution, organization names are not released.
RCA for Law Enforcement delivers two primary capabilities: social media surveillance and digital forensic data mining. The tool is used in criminal cases and protective service. Monitoring may be done to look for credible threats, fraud, bullying, employee behavior and suicidal tendencies.
In real time, the solution monitors Twitter, Facebook, Blogger, craigslist, Backpage, RSS, Google groups and other communities in which users express themselves freely. (A plan to monitor YouTube is underway.)
“I think everyone of us has scratched our head and wondered why people feel the need to tell us what they had for breakfast or that they’re blow-drying their hair,” said Scott Raimist, Solution Architect, of ECM. “The fact that they are communicating publicly worldwide slips away from them to the point where volatile situations subtly transform from harmless expression to dangerous intimidation or worse.”
They may threaten others or themselves, or they may talk about criminal behavior, or make statements which can be used as evidence in an investigation.
Social Media Surveillance
RCA for Law Enforcement looks for these things along with surveillance subjects which can be people or places or anything which can be described in words. Natural language “surveillance packs” automatically analyze these words, so there’s natural language processing and analytics.
Natural language rules determine “threat alerts.” Using IBM’s Natural Language Processing Engine, RCA for Law Enforcement looks at threat verbs, adjectives and nouns, and overall sentence structure to determine the likelihood of an actual threat. As an example, the solution can tell the difference between “I am going to bomb the DMV” and “After I get my license from the DMV, I’m going to get bombed.” Most tools would only look for “bomb” and “DMV,” but would not look at the sentence structure and relationship of the words. Raimist noted other companies commonly offer social media monitoring, but not surveillance which differentiates relationships like these. RCA for Law Enforcement understands the first example sentence is threatening, while the second is not.
RCA also provides the ability to define “severe trigger phrases.” Sentence structure is not factored in when severe trigger phrases like “dance on your grave” are combined with a surveillance subject in a message. Severe trigger phrases, which can be easily changed as jargon changes, also trigger alerts.
Alerts are sent out by E-mail, text message and Intranet dashboard with a link to display the message.
“This is an application that an organization will own and be able to tune to their specific jurisdiction,” Raimist added.
Jurisdictional specific information (street names, ZIP codes, phone numbers, building names, etc.) is easily configurable.
If a police department has a list of facilities it’s watching and public officials (prosecutors, judges, police/probation officers) it is protecting, for example, the list can be uploaded and configured as a category within minutes. Suspects and persons of interest can also be configured and monitored within minutes.
The analytic capabilities of data mining can be applied to social media surveillance and internal data sources, such as databases, file systems, old police records, cold case files, phone records and tip line reports.
RCA for Law Enforcement can do data mining on any textual data source; for example, storage media obtained from mobile phones, iPad®s, notebooks and other storage devices.
Various analytic views allow investigators to rapidly identify patterns and relationships, and perform investigative discovery on large amounts of data rapidly.
An analytical view called “Connections” shows color coded correlations. High relevancy correlations between surveillance subjects and threatening words or phrases, for example, will appear in red and may narrow the number of documents an investigator needs to look at from 1,500 to 47.
Application for Smaller Departments
For smaller departments, the power of RCA for Law Enforcement can seem overwhelming. To smaller departments, he says, “Think of it just as a street surveillance camera gathering evidence in the event that it’s needed.”
That’s the basic usage Raimist would like to see proliferated on the community level. “One of the things that wasn’t clear to us when we developed this solution was the need for ongoing evidence collection,” he said. “What we have learned is the system can be utilized very much like surveillance cameras posted throughout a city. They aren’t necessarily preventative. They don’t necessarily stop crime, but you often see images from them on the news. It turns out that this system has the same utility as those street corner cameras. When a threat report comes into the police department, they often don’t have a tracking mechanism. This helps fill that void. Just like with a street surveillance camera, there’s no guarantee you’ll get every message. There’s no guarantee that the crime will be committed in view of the camera, but if you have the camera strategically placed, you increase your odds of having evidence after the fact.”
ECM demonstrated this to a campus police chief and showed him that RCA for Law Enforcement could tell him in real time what was going on in the dorms. “We put monitors on dorms and we can see kids saying come on over, here’s what we’re going to do,” Raimist said. “It’s pretty incredible.”
Using reverse surveillance, agencies can monitor their own Facebook page and Web site, for threatening words and phrases.
Federal agencies and large corporations especially could find this useful. Raimist demonstrated to Police and Security News that terrorists go straight to the DHS Facebook page and taunt DHS. The data, in this sample case, took about four minutes to collect, two minutes to analyze and five minutes to look over.
Often, Raimist is asked about geolocation capabilities. “If you’re doing surveillance, you want to configure your system to have as much geographic and uniquely identifiable information within your jurisdiction as possible,” he said.
Again, using a local DMV office as an example, he said DMV offices can be included as data analysis pattern identification categories so that they automatically index out of hundreds of thousands of messages.
ECM’s experience has been about 20 to 30 percent of social media users enable geolocation.
While demonstrating RCA for Law Enforcement, Raimist said a sample alert told an agency he was sitting in their office. That’s because he had geolocation turned on in Twitter. “It followed me into their office and knew I was there because I plugged into an IP port in their office,” he explained. “What I tell agencies is that geolocation is great; however, it is dependent on the social media provider and the individual. When I Tweet, I can change my location to anything I want.”
To commanding officers who hope to dispatch officers immediately to the precise real-time street level location where a threat is coming from, he tells, “It’s not quite that advanced – yet. If people start posting their geolocation as much as they do pictures of their breakfast, that’s really going to empower this software.”
Until then, he said geolocation remains a relatively unreliable area in social media surveillance.
Raimist also is asked very high-tech questions, such as would the system be able to identify a threat if someone said, “I’m going to pull a Lofner.” (Jared Loughner is the man charged with the shooting in Tucson, Arizona, on January 8, 2011, which killed six people and left 14 others injured, including U.S. Representative Gabrielle Giffords.)
The answer to that question technically is “yes,” he said, however, the system is limited by the search capabilities of the social media providers. If the person who sent the threat did not spell Loughner correctly, RCA for Law Enforcement’s advanced linguistic capabilities could pick that up. That’s not necessarily the case when Facebook or Twitter searches are being done. These searches are very simplistic and would require an investigator to set up “Loughner” with both spellings of the name as a surveillance subject.
The limitations of RCA for Law Enforcement are the same as with any linguistic analysis system, Raimist said. Those being heuristics, solving a problem with an infinite number of answers.
He goes back to the street surveillance camera comparison. “You can’t just turn it on and have it catch everything which passes in front of it. You have to tell it something about what you want to ‘watch’ – building names, street locations or people, for example.”
Fortunately, he said it’s not difficult to enter search criteria and the investigative analysis is really intelligent.
Future capabilities of RCA for Law Enforcement will include more self-service from a surveillance perspective. “Imagine putting in the name of a city and the surveillance subjects are automatically configured based on the top tourist attractions, government buildings and public officials,” he said. Today, investigators need to be more specific than just a city name.
ECM also plans to prebuild criminal psychological profiles into the surveillance packs so that customers can do monitoring based on criminal psychological profiles.
About the Author: Rebecca Kanable is a freelance writer specializing in law enforcement topics. She can be reached at [email protected]
This article is a contribution from Police & Security News. P&SN is bi-monthly law enforcement magazine that is packed with training articles and gear reviews for the patrol officer. P&SN is a valued supporter of BlueSheepdog and the Blue Crew. You can obtain a free subscription to the Police & Security News magazine by joining the Blue Crew.