You are here: Resources > FIDIS Deliverables > Forensic Implications > D6.7c: Forensic Profiling > 
Executive Summary  Title:



This report, on forensic profiling, provides a bridge between the forensic pre-occupations of FIDIS WP6 and the profiling concerns of WP7. This deliverable is based on earlier workshops on forensic profiling in Amsterdam in 2005 (D7.6a) and in The Hague in 2007 (D7.6b). 

The aim of forensic research is to support investigatory and judicial processes by finding traces in otherwise apparently unpromising raw material from which it is possible to build a picture of events and activities. Locard’s Principle is at the foundation of what forensic scientists do: “Every contact leaves a trace”.  

More specifically, the aims of digital forensic research are: 

  1. To identify potential sources of digital evidence These are chiefly unintended artefacts from ICT – not the obvious substantive documents and transaction records but such features as configuration files, temporary files, date-and-time stamps, and deleted but recoverable data 

  2. To examine and analyse them 

  3. To derive, by the use of reverse engineering and testing, rules which describe their behaviour 

  4. To produce convenient tools which enable these findings to be used during investigations 

The products of forensic science activity can be aggregated with each other and also with other products of an investigation in order to assist a court in reaching conclusions. 

Practitioners in Digital Forensics do not necessarily set out to breach privacy – their aim is to aid law enforcement.  

But the effect of their work may be to weaken privacy rights because what can happen is that personal data lawfully acquired may then be subjected to a forensic enquiry which reveals more than was originally anticipated.  

Looking specifically and simply at Identity Management Systems: in addition to their obvious role as a means to verify identity and then accord appropriate privileges they create audit trails of activity which can then be used to track the movement of an individual based on when and where an identity was presented for checking.  The longer the period over which such audit trails are kept, and the greater the level of detail within them, the greater the potential breach of privacy.

Data matching is the traditional retrospective way of offender profiling, linking individuals with personal identifying data. But there is also the proactive practice of ‘data mining’ or ‘risk profiling’, that is, finding patterns and correlations in large databases, inferring a certain profile from these patterns and correlations and subsequently identifying people who fit these computer-generated profiles.  People identified in this way may find themselves subject to exclusion, for example, from flying.  Moreover whereas in traditional offender profiling an accused has an opportunity to know and test the evidence against him/her, when the techniques are used pro-actively, perhaps against an agenda of public safety, the excluded individual has little opportunity to challenge the profiling. Indeed it may be difficult for anyone to test the profiling algorithms and the quality of the data behind them.


The issue is data collected for one purpose but then used for another – and without there appearing to be any controls on the further use. Data Protection regimes appear to be silent on the topic. The regimes protect personal data, not generalised data which may then be applied as part of a profile to disadvantage an individual. And any tests that may exist in the legislation are also subject to poorly-defined exclusions based on public safety and the needs of criminal intelligence.  Within Europe, the issue is further complicated by the difficulties of interpreting the various rules for the exchange of data, including intelligence data, between nation state members.

This deliverable provides some discussion to move these issues forward. 

Olivier Ribaux examines the various definitions that are associated with the word “profiling” and then looks at the meanings attributed to “forensic profiling”. In order to do so he takes us through the various types of analysis that are used in the investigative and judicial processes. One type consists of reconstruction of events; but another uses statistical information to build a “profile” of a possible perpetrator.  

He concludes that new identity systems have their own strengths to detect what was impossible previously. But their weakness is that they can also provide false positives. He goes on to say that while electronic traces are information among others that are valuable in the context of the criminal justice system and forensic science, the technology itself must be understood within its context of use. Forensic profiling follows various objectives that are related to the interpretation process, to the investigation or for intelligence purposes. The use of these possibilities necessitates structured processes that may provide tools that go beyond technologies in order to discuss opportunities and risks. The significance of a profile is very different depending on the aim of processes being carried out: for instance, a physical description of the offender that corresponds to the profile of a certain proportion of the population may have different relevance from an investigative or court perspective. 

Having provided a framework of definitions and possible theory, the Report then provides a series of practical instances from emerging technologies. Thomas Gloe and Matthias Kirchner provide an update on digital image forensics. Gerda Edelman describes work carried out by NFI into techniques of co-ordinating and aggregating pictures from multiple different CCTV sources using 3D modelling.  Gert Jacobussen describes the work at the Netherlands Forensic Institute to set up a centre of expertise on intelligent data analysis which is deploying a variety of network and data analysis tools.  Olivier Ribaux and Sylvain Iose describe an intelligence management system which profiles drug seizures developing patterns based, among other things, on chemical composition and communications patterns between those in narcotics gangs.

Katja de Vries and Fanny Coudert then examine the legal implications of forensic profiling.  They investigate the distinctions between “due process” and “due processing”. Due process is a fundamental drawn from Article 6 of ECHR. Due processing relates to Data Protection. In relation to forensic profiling is the fact that it does not limit itself to uniquely individual information (e.g. the fingerprint of one particular individual) but that it makes use of statistical information derived from huge databases (e.g. the profile of the average terrorist inferred from a certain pattern of correlations). A second peculiarity of forensic risk profiling, they say, is the fact that it can be used in a pro-active and hypothetical way. Instead of looking for an individual matching the traces left at a place of crime, forensic data mining can be used to prevent a crime. This pro-active or hypothetical character of forensic risk profiling dissociates it from the investigative process directed at a potential trial. The profile used to detect high risk air-plane passengers is not meant to be used as evidence in a criminal trial, but is meant to prevent the high-risk passenger from entering the plane without further screening. The passenger who is told that he cannot enter the plane will often even be unaware of the fact that he was subjected to forensic profiling and simply assume that he apparently looked suspicious.

They then take us through the arguments surrounding the proposed Data Protection Framework Decision for data processed in the framework of police and judicial co-operation in criminal matters. They show that the difficulty of regulating forensic risk profiling in a way which is in accordance with the requirements of a constitutional democracy, is that it is a technique which is almost intrinsically opaque for the data subject who is subjected to it. This makes it hard for the data subject to contest the rightfulness of the processing of his data in court.  

They focus particular attention on the attempts to provide regulation of the use of police data. For example, how far is data on criminal convictions “personal”? How do data protection principles interact with Directives designed to reduce crime by promoting cross-border co-operation?  What is the position of data collected for one purpose and then re-used for another? What is the position of data collected by private companies and which they are required to retain under some European directive or national law?

They conclude the different norms approved at European level remain insufficient. They do not deal with the impact of the widespread use of criminal intelligence, the increased monitoring of the average citizen or the increased linkage of police databases. Significant issues such as how to ensure the transparency and accountability of law enforcement activities, the quality of the data processed, e.g. the differentiation between categories of data subjects, or a strict application of the purpose specification principle remain unanswered. The multitude of initiatives creates a complex framework prone to legal loopholes and difficult to comprehend. 



Executive Summary  fidis-wp6-del6.7c.Forensic_Profiling.sxw  Definitions
3 / 27