Title: INTELLIGENCE, RISK ANALYSIS, DETECTION AND SURVEILLANCE FROM A FORENSIC PROFILING PERSPECTIVE

Intelligence, risk analysis, detection and surveillance from a forensic profiling perspective

The analysis of repetitive crime may find an extension in the strongly connected fields of intelligence, risk analysis, detection and surveillance. There are requirements at an European level to set up risk management systems at the level of the countries (see FRONTEX for instance) and initiatives, as well as recurrent recommendations to develop intelligence-led styles of policing . Within this modern framework, security and policing are based on a strong analytical capacity that is articulated around risk assessment or problem detection. For instance, certain intelligence-led systems have identified four area of interest : locations (for instance a hot-spot or other patterns), subjects (persons or groups), crimes (crime series) and high risk issues (for instance a forthcoming manifestation).

Thus, forensic profiling may even go beyond repetitive crime analysis. Actually, new types of policing strategies based on intelligence necessitate the development of monitoring processes that help detect various sorts of dangers for the security on the basis of crime data. This goes beyond this framework by exploiting open source or other data that allow signs of danger to be detected. Repetitive crime analysis is only one form of those processes, but they may be better considered in connection with risk analysis and surveillance. 

Main changes from this perspective come from the extensive use of ID systems in our societies. Data possessed by credit cards and mobile phone operators, use of automatic plate detection systems, automatic recording of passport and biometric data when controlling people (at the border or for access controls), as well as various other sorts of electronic data that potentially allow what might be considered as dangers to be detected. For instance:  

1. Surveillance systems (computerised or not) are often focused on the basis of definition of individual profiles, for instance people searched by an authority for any reasons;  

2. The profile of a criminal activity related to hot-spots area for targeting surveillance.  

Of importance is that most of this data, compared to crime data used for repetitive crime analysis, is initially mostly not dedicated to risk management or security (with the exception of explicit identity controls), but generally record traces resulting from a service that rests on an electronic infrastructure (for instance, e-commerce, e-banking, etc.). Generally, aggregation of data for monitoring purposes is not possible as they are possessed and secured by different companies that set up their own pattern analysis system for detecting suspicious activities. However, legislations may range from favouring some limited direct availability of this data to law enforcement agencies in order to open more possibilities: for instance reporting procedures for financial intermediaries to Financial Investigation Units (FIU) might be seen as a central feature for the application of anti-money laundering techniques.

Because data mostly results from a legal activity, most patterns that may be detected are uninteresting from a risk analysis perspective, unless data has previously been pre-processed or filtered on the basis of a well identified selective risk profile. Separation of relevant from irrelevant patterns is thus difficult and may lead to repetitive false alarms. Therefore, rather than the reliability of the technology, the central aspect is the possibilities to devise appropriate risk profiles. This may help detect deviations between what may be inferred as a historical usual activity of a population or of individuals, in comparison with the results of a suspect change of behaviour. For instance a change in the use of a bank account that cannot be explained through standard activities of the whole population may alert and incite to scrutinise in more depth the reasons for these changes. Profiles of criminal activities in GSM fraud may lead to the definition of filters that focus detection on some specific massive calls on specific numbers, in specific conditions. Another example is the detection of paedophilia images that may pass through a channel under surveillance: large amount of known images are collected in databases under the form of their digital “fingerprints” and are compared with the information traversing the channel. Of course, images may be slightly transformed and therefore will not be recognised by the surveillance system. Thus, new challenges consist of finding profiles and measures of similarities rather than detecting the exact image.  

Another determinant aspect concerns the integration of a learning process into these techniques: criminality and knowledge about criminality are evolving over time, sometimes rapidly. For instance, a new case integrated into a series of crime may dramatically change the knowledge about the offender (his profile). The detection of new forms of repetitions may lead to the construction of new profiles that, in turn, will influence the detection process, acquisition and classification of new events. For instance, the rise of metal rates has made these more attractive for criminals and has led to an increase for example of copper thefts. Given that specific groups of criminals have focused their activities toward this type of crime, it becomes important from an analytical point of view to devise a new classification dimension for all metal thefts.  

The utility of future computerised systems as an aid in an intelligence perspective will greatly depend on their capability to adapt and integrate these learning mechanisms. Moreover, they should not be considered exclusively from a technical perspective, but rather have to be suitably integrated into a complete methodology, at the workplace, taking into account a complex set of pragmatic constraints.  

Distribution of tasks

Whether this learning process may be computerised or strongly supervised by human operators is the subject of a subtle balance that depends on the specific problem at hand. This is one of the main difficulties and possibly causes of misunderstanding between the different communities dealing with data mining, crime investigation and intelligence. This is compounded by the fact that intelligence is not only the result of structured treatment of information, but also emerges from intensive tacit communication largely based on confidence. One critical aspect for reducing failures of intelligence resides in how human intelligence can complete signal intelligence. Augmenting the use of new technologies will add very few values if the framework does not integrate these considerations.  

Probably less “true” data mining systems are used in practice than is imagined, although promising separated components are providing new forms of aid for investigators, analysts, and deciders. The process of better understanding more adequate repartitions goes through intensive formalisation of the different concepts pervasive in the treatment of data and information within a law enforcement and security context. In particular, usually data is not recorded into databases in a suitable form and necessitates strong pre-processing.  

When tasks are distributed, communications between the contributors arise as a critical aspect. This is why visualisations of entities (individuals, objects, events) and their relations, chronologies, as well as spatio/temporal aspects play an important role when different human partners collaboratively solve a specific problem.  

In this perspective, possibilities to use algorithms for forensic profiling  have to be carefully studied. This assessment mostly belongs to the research area. A recent conference provides an overview of the adaptation of technologies to this field. Other authors have also made a global account of the potential of data mining technologies applied to particular sets of forensic case data . There is a clear trend to consider the whole information available, particularly electronic traces, in the framework of data mining technologies.