homeland security 2014 safe and secure nation -...

Homeland Security 2014 Safe and Secure Nation Intelligence-led Policing

Intelligence-led policing Intelligence-led policing

ContentsExecutive summary1 6

What is intelligence?2 8

India’s law enforcement intelligence

3 10

Understanding the intelligence architecture

4 20

Way forward5 28

5 4 Intelligence-led policing Intelligence-led policing

Rahul RishiPartner, Advisory ServicesEY

ForewordThe world is witnessing growth in organised crime and terrorism. A large number of criminal incidences are found to have complex inter-state and international linkages. In order to meet the ever increasing demand of security, governments around the world have invested in developing intelligence analytics for security and policing. Given the advancement in technology, the future of homeland security lies in better use of analytics for pre-emptive policing.

Crime in India is increasing at an alarming rate. According to the National Crime Record Bureau a total of 66,40,378 cognizable crimes under IPC and SLL were registered in 2013 – a decadal increase of 20.8 per cent from 2003. In such a situation, there is enormous pressure on our law enforcement agencies to act swiftly, effectively and efficiently. Analytics is the technology that will help law enforcement agencies to better deal with crime. Analytics can be used for

crime prevention, investigation, prosecution, and research and analysis. Use of intelligence led policing thus will enable the government to provide a security umbrella, especially in urban areas which is more prone to get affected by crime and terrorism.

Till recently, the police forces were seen to be using traditional means to tackle crime. However, recently they have taken steps to better arm themselves with the advanced technologies available in the market. The FICCI E&Y report on Intelligence Led Policing explores the various nuances of what constitutes intelligence in policing. The report explores in depth India’s intelligence architecture. It analyses various components of analytics and intelligence in the police forces, and underlines initiatives that have brought our security forces in line with best security practices in the world. It further draws a structured path for future use of intelligence and analytics in solving important and complex security issues. I sincerely hope that this report will offer important and useful insights to all stakeholders.

FICCI’s initiative of Homeland Security has been well received by the public sector and industry for the past three years. EY’s collaboration with FICCI as its knowledge partner has already produced three successful seasons of Homeland Security. Extending the thought further, we are presenting the fourth publication in the series Intelligence-led Policing to highlight the need for analytics in homeland security.

The rising population, reducing jobs, increased cost of living and greater accessibility of information are among the many factors that have made citizens vulnerable to crime and terror activities. Furthermore, the tactics of criminals have evolved alongside the rapid progress in the field of science and technology, leading to an increased gamut of crimes carried out using advanced means and techniques. Law Enforcement Agencies, thus, need to develop ways and

means to prevent their incidence altogether. If an incident does occur, the turnaround time of LEAs to nab the culprit needs to be cut down to minimum.

The required level of advancement can be achieved through technology and capacity building. In India, Law Enforcement Agencies have adopted the basic level of automation. The next level of technology capability would be attained when they use relevant data to cull out useful information that helps them prevent any incident. Analytics is the key technology that needs to be incorporated for increasing the capabilities of LEAs in predicting and preventing incidents.

Analytics finds it ways in Commercial taxes, customs, police, intelligence agency, investigative agency, disaster management and many other sensitive areas. It highlights patterns that cannot be detected by manual interventions. This paper discusses analytics in detail in the perspective of homeland security.

We sincerely hope that this paper gives you insights into the world of analytics, the urgent need for our country to adopt analytics, and its use in law enforcement.

We would like to thank FICCI for giving us the opportunity to present our views on analytics in homeland security through this knowledge paper at the Homeland Security 2014 conference, to be held in New Delhi.

Dr. A. Didar SinghSecretary General FICCI


1. Multiple sources of data, leading to confusion in processing intelligence alerts by different authorities

2. Neglected open-source intelligence

3. Insufficient inter-agency coordination

4. Inadequate methods for processing and sharing intelligence between Central and shared agencies

Law Enforcement Agencies (LEAs) need to urgently deploy appropriate technology to be able to analyse the available data and counter challenges posed by limited resources. LEAs gather a huge amount of data from varied sources such as banks, telecoms, traffic information, social media, criminal records and airlines. All of this data has to be refined and analysed to cull out the critical information required for solving and preventing crime.

Analytics is the key technology that can help LEAs understand information and act accordingly. Analytics can be used for citizen safety and security at four stages, as shown below.

The globalisation of economies, improving living standards and rapid urbanisation have led to people demanding better public services. Their foremost need is a safe and secure environment. This puts pressure on the police force to respond swiftly, effectively and efficiently. In addition, with the advancement of technology, the focus has now shifted to being proactive and preventing crime, instead of waiting for it to happen and then coming up with a solution.

In India, crime is increasing at an alarming rate. An overwhelming 66,40,378 cognizable crimes were registered under IPC and SLL in 20131, up 20.8% from 2003. This indicates the urgent need to spruce up the police force. The sanctioned strength of the police force has been increased by 50.4% from 2002 to 2012; however, there were 24.82% vacancies until 1 January 20132.

Evidently, limited manpower and resources are the key challenges for the police force. Other concerns are:

Police availability data3S. No. Item Sanctioned Actual

1. Population per policeman

551 733

2. Area in sq. km. per policeman

1.43 1.91

3. Transport facility per 100 policemen

6.95 9.24

1 Prevention

2 Investigation

3 Prosecution

4 Review & Analysis

Before crim

eA

fter crime

Executive summary

1NCRB, Crime in India - 2013

2BPR&D, Data on Police Organizations in India, as on January 1, 2013


Prevention: Police and other agencies can harness the power of big data analytics on the data available in various forms and shapes. Preventive measures begin range from data mining to discovery of hidden patterns and relationships in a large amount of data. Information is evaluated over various periods of time on indicators such as crime patterns, motives, physical location, day, time, weather, political factors, economic factors, school calendars, pay periods and events. LEAs can use operational, tactical and predictive dashboards to create a map and identify the area that has the highest probability of crime occurring in a specified time window. They can then accordingly deploy resources and manpower to prevent crime and lower operating costs.

Investigation: Previously, police officers required days and weeks to sift through available information. For e.g., traditionally, the police force used to spend days to analyse call records of a suspected mobile number manually. Now, the same work can be done in a few hours through automated systems. Analytics reduces both time and effort spent in investigation. Various analytics tools such as link analytics, video analytics, audio analytics, computer forensics and social media analytics can be used during the investigation stage to identify criminals and establish their relation to the crime. These tools establish the relationship between the suspect and the crime based on facts and figures. In addition, collating the database of various agencies increases the value delivered by analytic tools.

Prosecution: In India, 93,28,085 cases were pending for trial (including cases from the previous year) in the Subordinate Courts in 2012, as compared to 89,39,161 in 2011, up 4.4%4. At the trial stage, the police needs to establish a link between the crime and the identified criminals. The case can be followed up through the case management system for better reporting. Increased forensic capabilities would also help scale up the prosecution process.

Review and analysis: After the closing of a case, it is important to understand the relationships, modus operandi, targets, intentions, etc., of the committed crime. Appropriate data needs to be uploaded in the official tracking system to build a strong database for reference. Such post case analysis is useful in preventing crimes of similar nature. Such information can include analytics pivoted on area, crime, criminal, victim, etc. Based on the stored data, preventive tools can help prevent the occurrence of crime.

The use of intelligence-led policing would help governments worldwide ensure a safe and secure environment for its citizens. Using such tools increases the overall efficiency and effectiveness of LEAs. However, it is imperative that use of advanced analytics techniques be preceded by a robust mechanism for data collection and validation to ensure its accuracy and usefulness, else the results of the process would not be useful. Forthcoming chapters discuss the importance of analytics, India’s perspective on analytics and various analytics options available to policing agencies.



In the purest sense, intelligence is the end product of an analytic process that evaluates information collected from diverse sources; it integrates the relevant information into a logical package and produces a conclusion, estimate or forecast about a criminal phenomenon by using the scientific approach to problem solving (that is, analysis). Intelligence, therefore, is a synergistic product intended to provide meaningful and trustworthy actionable knowledge to decision makers. In the past few decades, with the advent of technology, intelligence has gained importance in homeland security and policing. Terrorist attacks all over the world have created the need to make practical changes to law enforcement and have stressed the importance of intelligence for undertaking security operations, gathering information, and strategising and apprehending criminals. Intelligence has come to play a larger role in criminal offences, as well as economic offences.

The term “intelligence-led policing” originated in Great Britain. The Kent Constabulary developed the concept in response to a sharp increase in property-related offenses (e.g., burglary and automobile theft) at a time when police budgets were being cut. Officials believed that a relatively small number of people were responsible for a comparatively large percentage of crimes. They believed that the best strategy was to have police officers focus on the most prevalent offenses occurring in their jurisdiction.

The Kent Policing Model, as per the original name, de-emphasised responses to service calls by prioritising calls and referring less serious calls for general non-police services to other agencies. Thus, more police time was available to create intelligence units to focus, initially, on property-related offenses in each of the jurisdiction’s nine service areas. The result was a 24% drop in crime over 3 years.

What is Intelligence?

Intelligence-led policing focuses on key criminal activities. Once crime problems are identified and quantified through intelligence assessments, key criminals can be targeted for investigation and prosecution. Because the groups and individuals targeted in Kent were those who were responsible for significant criminal activity, the ultimate reduction in crime was considerable. According to a constabulary note, “It has given the Kent Constabulary the ability to confront crime in an active, rational fashion and to build continually on each success.”

Intelligence-led policing in the US has benefited from the recent development of “fusion centres,” which serve multiagency policing needs. These fusion centres — derived from old watch centres — provide information to patrol officers, detectives, management, and other participating personnel and agencies on specific criminals, crime groups and criminal activities. For example, they lend support to anti-terrorism and other crime-specific objectives. The centres search numerous public and private databases to gather and analyse information. They also generate intelligence products that provide an overview of terrorist or other crime groups, analysis of trends, and other items of information for dissemination to participating agencies.

Currently, such fusion centres operate in at least 25 states, with more being developed or planned in other parts of the world. The Iowa Fusion Center is part of the state’s Law Enforcement Terrorism Prevention Program and a product of its State Homeland Security Strategy. The centre serves as a clearinghouse for all potentially relevant, domestically generated homeland security data and information to ensure proper interpretation, assessment and preventive actions.

Such centres have several objectives such as providing state-wide strategic intelligence, centralised information

management systems, regional operations support, and a 24-hour, 7-day-a-week watch centre. They support multiagency information exchange and assign an intelligence officer to each region. As such, a centre’s core mission can be limited to anti-terrorism, but it may include all significant crimes, or target different types of crime, such as identity theft, insurance fraud, money laundering, cigarette smuggling, armed robbery, and document fraud. The “all crimes” approach has recently been endorsed and recommended by many criminal intelligence advisory and policy groups.

If intelligence is analysed information, what is analysis?

Analysis requires thoughtful contemplation that results in conclusions and recommendations. Thus, computers may assist with analysis by compiling large amounts of data into an easily accessible format. However, this classifies as collated data and not analysed data or information, and it falls far short of intelligence. For information to be useful, it must be analysed by a trained intelligence professional. In other words, intelligence tells officials everything they need to know before they knowledgeably choose a course of action.

Intelligence is, thus, critical for decision making, planning, strategic targeting and crime prevention. Law enforcement officers and managers are beset by large quantities of information, but this could pose the risk of being incomplete, inaccurate or misdirected. The shift from information gathering to informed decision making depends on the intelligence/analytic process, and it results in the best estimate of what has happened or will happen.

There are essentially two broad purposes for an intelligence function at an LEA:

• Prevention: It includes gaining or developing information related to threats of terrorism or crime and using this information to apprehend offenders, harden targets, and come up with strategies that will eliminate or mitigate the threat. This is known as tactical intelligence.

• Planning and resource allocation: The intelligence function provides information to decision makers about the changing nature of threats, the characteristics and methodologies of threats, and emerging threat idiosyncrasies. This helps them come up with response strategies and reallocate resources, as necessary, to accomplish effective prevention. This is known as strategic intelligence.

Intelligence-led policing, while it is useful at many levels, does pose certain issues. First, it is important to understand intelligence and its management. Second, agencies need to prevent and respond to day-to-day crime, while focussing on preventing terrorism. Third, the realities of funding and personnel resources often pose as challenges. Therefore, LEAs have to be very mindful of these challenges while incorporating such an approach.


India’s law enforcement intelligence

Every LEA in India, regardless of agency function, must have the capacity to understand the implications of information collection, analysis and intelligence sharing. Each agency must have an organised mechanism to receive and manage intelligence, as well as a mechanism to report and share critical information with other LEAs. In addition, they must develop lines of communication and information-sharing protocols with the private sector, particularly with entities related to critical infrastructure, as well as with potential targets of terrorists and criminal enterprises.

The degree of national security measured in terms of the security of intellectual, social, technical, environmental, cultural, leisure and financial capital can be viewed from the twin dimensions of “crime rate” and the “risk of terror attacks”, both of which can be of internal or external origin. Internal security and LEAs in India, thus, face unprecedented challenges in terms of the need to tackle crime, address the increasing challenge of transnational criminal networks and the ongoing threat of international and domestic terrorism, cyber-crime, money laundering, narco-terrorism and human trafficking. In parallel, they need to meet increasing citizen expectations for more transparent community-oriented law enforcement, and greater public transparency and accountability.

The provision of accurate intelligence is an important part of the process of preventing surprises in the national security realm. As a result, when surprises such as the 11 September attacks occur, intelligence agencies bear the brunt of scrutiny. Al Qaeda conducted a devastating strike on 9/11 by using airliners as a weapon of mass destruction (WMD). In terms of scale, it incurred a relatively small cost to create billions of dollars’ worth of damage. Intelligence failure is the inability to detect the occurrence of such attacks. This happens when information

is not collected or integrated effectively. Policy failure can lead to the success of such surprise attacks if actions are not taken despite intelligence warnings. Even now, it remains unclear whether intelligence agencies or policymakers could have prevented the 2001 terrorist attacks. The bombings in London (2005) and Mumbai (2006) and the 26/11 bombings in Mumbai (2008) also highlight the fact that all attacks cannot be prevented. The challenge and key task, therefore, is to determine how to organise domestic intelligence efforts, how to facilitate information sharing, and how to protect against potential abuses.

India’s hostile neighbourhood, its linguistic and ethnic differences, economic disparities, political conflicts and turmoil, vast population beleaguered by poverty and ignorance and exploitation, etc., are sources of its internal vulnerability and propensity to higher incidences of crime.

The key threats to India’s internal security include:

The Maoist insurgency

The Maoist rebellion is the country’s gravest internal security threat. It has claimed thousands of lives of paramilitary forces and innocent civilians. These groups have engaged in multiple mass casualty attacks, including ambushes on law enforcement teams and sabotaging of passenger trains. Originally a modest pro-peasant movement, the insurgency has spread to more than two-thirds of Indian states and across more than a third of its total number of districts, with most of them being resource-rich central and eastern regions. As a result, a large number of developmental works have got stalled due to Maoist activities. This is making a huge dent in our country economically and is thwarting the Government’s efforts of inclusive growth for the

affected areas. The spread of extreme leftist forces reveals startling facts about the area of spread and the immense logistical support. In this situation, it is the foremost duty of the police and administration to restore the confidence of local people, who are at risk of getting caught in the cross-fire.

Such a situation makes it imperative for the police forces to act real fast and tough. They need to strengthen their intelligence gathering system, as well as adopt modern practises.

Cyber crime

Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multi-layered initiatives and responses. It has proved a challenge for the Indian Government because different domains are typically administered through siloed ministries and departments. In addition, the internet population has grown considerably over the last few years. Therefore, while the threats and vulnerabilities inherent to internet and cyberspace might have remained unchanged, the probability of disruption has grown apace with the rise in the number of users.

The success of internet has partly been attributed to its relative openness and low barriers (including minimal security features) to entry. However, while these attributes allow companies to flourish, they have also facilitated those with malicious intent to operate with relative ease. As we grow more dependent on internet for our daily activities, we also become more vulnerable to any disruptions caused in and through cyberspace.

Even though the Indian Government was a late convert to computerisation, there has been an increasing thrust on e-governance, which is seen as a cost-effective way of taking public services to the masses across the country. Critical sectors

such as defence, energy, finance, space, telecommunication, transport, land records, public essential services and utilities, and law enforcement and security increasingly depend on networks to relay data for communication purposes and for commercial transactions. The National e-governance Program (NeGP) is one of the most ambitious in the world and seeks to provide more than 1,200 governmental services online.

Considering telecommunication as a case in point, the critical information infrastructure in India comprises around 150 internet and telecom service providers that offer internet, mobile and wireless connectivity to nearly 800 million. The major portion of data communication is facilitated by submarine cables. India has landing points for major submarine cable systems, and these are minimally protected. A preview of what could happen by way of these cables being disabled took place in 2008, when a series of outages and cable cuts in undersea cables running through the Suez Canal, in the Persian Gulf and Malaysia caused massive communication disruptions to India and West Asia.

Other sectors that could be subject to serious threats include BFSI, which has largely transferred operations online. Stock exchanges in the US and Hong Kong have reportedly been subject to cyber-attacks. The electricity grid is also vulnerable to such attacks, given the inevitable move toward the smart grid as a result of economic and efficiency factors. The protection of critical infrastructure is a complex task requiring forethought, planning, strong laws, technologies, PPP and resources. As a result, it tops the priority list of the Government.

Cyber threats can be disaggregated, based on the perpetrators and their motives, into four categories: cyber espionage, cyber warfare, cyber terrorism, and cyber-crime. Cyber attackers

12 Intelligence-led policing

use numerous vulnerabilities in cyberspace to commit these acts. They exploit weaknesses in software and hardware design through the use of malware. DDoS attacks are used to overwhelm the targeted websites. Hacking is a common way of piercing the defences of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of such threats and vulnerabilities is multiplying rapidly.

The National Crime Records Bureau (NCRB), in 2010, reported an increase of 50% in cyber-crime over the previous year. It is imperative to institute mechanisms for defence and a suite of managed services to help keep the country’s network up, reliable and secure through actionable cyber intelligence, proactive DDoS mitigation and enhanced DNS security. There is an urgent need for standard “threat feeds” to include in-depth country and regional intelligence reports, a real-time threat feed and access to expert advice.

Terrorism

Terrorism remains the biggest threat to India’s national security, businesses and way of life. The ongoing increase in and the spread of attacks in recent years point to the huge challenge that India’s security establishments face in countering the nefarious motives of such perpetrators. The strategic location of India makes it more vulnerable in an increasingly unstable South Asia. India has been facing threat of cross-border terrorism since independence. Its shared border with many nations makes the task of internal and external security more difficult.

The ethnic mix of population also adds fuel to fire, as the Government is unable to accommodate the aspirations of all of the religious groups. This is evident from the terrorist attacks in Punjab in 1980s, followed by the Assam and J&K problems in 1990s and, more recently, the Maoism threat in Chhattisgarh, Bihar and Andhra Pradesh, West Bengal and Orissa. India shares ethnic, religious and cultural affinities with its neighbours. During conflict, tension flows inward in the form of state-sponsored terrorism. Since these states have the ability to unleash terrorist activities in different capacity, they can choose to employ their own directly recruited and controlled terror squads or work through proxies and client movements across the border. The terrorist menace from across the border is supported financially and materially by the Government and other institutions of these countries.

Organised crime

This form of crime employs illegitimate methods including monopolisation, terrorism, extortion and tax evasion to drive out or control lawful ownership and leadership, and to extract illegal profits from the public. Organised crime corrupts public officials to avert governmental interference and is becoming increasingly sophisticated. This crime traditionally manifested itself in the form of extortion, protection money, contract killing, boot-legging, gambling, prostitution and smuggling. In addition, in modern times, its domain has extended to include drug trafficking, illicit arms trading, money laundering and transporting illegitimate activities, based essentially on the willingness to use brute force and violence. By corrupting public officials and engaging in monopolising or near monopolising, organised crime aims to secure greater power. The money and power so gained are used to infiltrate legitimate business and several other related activities.

Organised crime in India is emerging as a serious challenge. It has a huge destabilising effect on the country’s economy, trade and commerce. Existing laws and procedures are inadequate to support LEAs to act against organised criminal syndicates. The slow pace of trials and low conviction rates, lack of resources and training, lack of inter-agency coordination, criminal, and political and bureaucratic nexus are some of the other major factors responsible for the growth in organised crime in the country.

Domestic intelligence efforts to combat security threats

As a law enforcement strategy, criminal intelligence5 has been in existence for many years. Although it has only recently been formalised, many of the basic (and intuitive) approaches of the traditional investigator have remained unchanged. For instance, officers have always attempted to identify the common thread that links clues in a case or have kept a mental note of the habits of prominent criminals or have cultivated special relationships with people in the criminal underworld who provide inside information. This has always been considered good police work. Consequently, even in countries where the term “criminal intelligence” has not been formally adopted, there are traces of the key components of a criminal intelligence system, such as the gathering of information about criminals, including call data

5Criminal intelligence is the creation of an intelligence knowledge product that supports decision making in the areas of law enforcement, crime reduction, and crime prevention [Reference: Integrated Intelligence and Crime Analysis: Enhanced Information Management for Law Enforcement Leaders, Jerry H. Ratcliffe, Ph.D. Second Edition, Community Oriented Policing Services, U S Department of Justice]

records (CDRs), storage of fingerprints and/or DNA and the use of covert investigation techniques, including informants.

Intelligence is often erroneously viewed as pieces of information about people, places or events that can be used to provide insight about criminality or crime threats.

Demand for intelligence-led security is at its peak in the present scenario. A number of executive agencies and organisations conduct analytics and intelligence activities for national security, tax evasion, money laundering, terrorist financing, etc. Historically, these agencies had separate missions and lacked the capacity for coordination and collaboration. They are now being mandated to work together. Moreover, they are now required to work with other Central and state-level law enforcement and crime prevention agencies to penalise criminal enterprises that support terrorists.

Charlotte-Mecklenburg Police Department (CMPD) fights crime with predictive analysis

The Charlotte-Mecklenburg Police Department (CMPD) provides police services for Charlotte and the unincorporated areas of Mecklenburg County, North Carolina. The department, which has 1,716 officers and 530 civilian staff, serves a population of more than 700,000 citizens. CMPD is applying an information-based policy to predict the likelihood of crime and to improve measures designed to prevent potential future crimes. Command staff, crime analysts and patrol officers use operational, tactical and predictive dashboards to visualise areas on a map that have the highest probability of a crime occurring during any four-hour window. Interaction among past, present and forecast data is rigorously evaluated and weighed according to a variety of predictive models. Information is evaluated over various periods of time for indicators, such as crime patterns, motives, physical location, day, time, weather, political factors, economic factors, school calendars, pay periods and events. Every factor can have a substantial impact on each predictive model. The insight gained from the solution helps command staff to more knowledgeably deploy resources and allows officers to more effectively manage their areas of responsibility to deter crime.

Reference: http://www.informationbuilders.com/applications/cmpd

15 Intelligence-led policing

CenterState Governments

Agencies that conduct analytics & intelligence activities

Inte

lligen

ce B

urea

u (IB

)

Res

earc

h &

Anal

ysis

Win

g (R

AW)

NAT

GR

ID

Nat

iona

l Inv

estig

atio

n Ag

ency

(NIA

)

Cen

tral B

urea

u of

Inve

stig

atio

n (C

BI)

Anti

Terr

or S

quad

(ATS

)

Polic

e St

atio

ns (C

CTN

S)

ACB

CID

Fore

nsic

Lab

orat

orie

s

Crime detection & prevention InvestigationCrime detection & prevention Investigation

Nar

cotic

s C

ontro

l Bur

eau

(NC

B)

Fina

ncia

l Int

ellig

ence

Uni

t (FI

U)

Dire

ctor

ate

of R

even

ue In

tellig

ence

(DR

I)

Econ

omic

Inte

lligen

ce A

genc

y (E

IA)

Econ

omic

Offe

nces

Win

g (E

OW

)

Inco

me

Tax

Com

mer

cial

Tax

CER

T-In

Ministry of Home Affairs(MHA)

Ministry of Finance (MoF)

Ministry of Communications & IT

(MCIT)State Police Forces

The following figure presents an illustrative snapshot of law enforcement functions and some of the ley agencies at the center and state levels in India.

Pieces of information gathered from diverse sources, for example, wiretaps, informants, banking records or surveillance, are basically of raw nature with limited inherent meaning. Intelligence requires a wide array of raw information to be assessed for validity and reliability, reviewed for materiality to the issues at question, and interpreted through the application of inductive or deductive logic.

Undercover Surveillance

Wiretap Pen register

Informant information

Trap & trace

Forensic evidence CCTV videotapesCollectively, what

does it mean ?

Travel records

Banking transactions

Document evidence

Dumpster diving

Comparative illustration of differences between information and intelligence Information Intelligence

• Criminal history and driving records• Offence reporting record• Statements by informants, witnesses and suspects• Registration information for motor vehicles, watercraft and aircraft• Licensing details about vehicle operators and professional licenses

of all forms• Observations of behaviours and incidents by investigators,

surveillance teams, or citizens• Details about banking, investments, credit reports, and other

financial matters• Description of travel including, the traveller(s) names, itinerary,

methods of travel, date, time, locations

• A report by an analyst that draws conclusions about a person’s criminal liability based on an integrated analysis of diverse information collected by investigators and/or researchers

• An analysis of crime or terrorism trends with conclusions drawn about characteristics of offenders, probable future crime, and optional methods for preventing future crime/terrorism

• A forecast drawn about potential victimisation of crime or terrorism based on an assessment of limited information when an analyst uses past experience as context for the conclusion

• An estimate of a person’s income from a criminal enterprise based on a market and trafficking analysis of illegal commodities

.

Law enforcement intelligence, therefore, is the product of an analytic process that provides an integrated perspective to disparate information about crime, crime trends, crime and security threats, and conditions associated with criminality. The need for carefully analysed and reliable information is essential

because both policy and operational decisions are made using intelligence; therefore, a vigilant process must be in place to ensure that decisions are made on objective, informed criteria, rather than on presumed criteria.


A Major West Coast North American City

The city’s police department deployed a back-end database application to integrate all of its disparate databases, and it supplemented this with a secure feed to more than 600 million police records across several jurisdictions from a third-party provider. In addition, the force implemented a powerful set of crime analysis tools and a geospatial and temporal analysis engine to methodically view and analyse crime-related data. This gave officers a new ability to gain insight into crime patterns, and predict when and where crimes are likely to occur, enabling them to proactively plan and allocate policing resources.

The city’s bold step to build its competencies according to Smarter Public Safety principles generated value at many levels. Operational value was realised in reduced analysis time (a drop of more than 98%) and increased response effectiveness, and the ability to deploy resources dynamically. At the same time, the city gained brand value from building on its tradition of being an innovator by applying modern analytics and spatial mapping technology to enhance public safety. The societal value from the Smarter Public Safety approach was also realised in lower rates of both property crime (24% reduction) and violent crime (9% reduction). Finally, the force had the capability to address the root causes of crime and change the course of crimes in the city, for instance, by identifying and removing critical gang leaders, which created innovation value for the city.

The phrase “law enforcement intelligence,” cannot be used synonymously with “criminal intelligence”. This is because, first, intelligence and law enforcement operate in different worlds – one gathers information and the other seeks to prosecute. Second, with the development of multiple agencies at the central and state levels that are focussed on intelligence, there has been a corresponding increase in bureaucratisation. This adds to the challenge of sharing information. Lastly and, perhaps most importantly, there are issues concerning the protection of civil liberties and effective oversight.

The challenge in developing a viable domestic intelligence capability for India centers on how to organise these capabilities optimally within the larger intelligence framework, how to ensure streamlined information sharing between foreign intelligence and the multitude of domestic law enforcement agencies, and how best to implement oversight mechanisms to

protect civil liberties and ensure accountability of intelligence operations. Organisational mechanisms, information sharing and oversight are critical components to institute effective domestic intelligence capability.

India’s intelligence agencies and organisational set-up

Law enforcement executives are increasingly recognising that gathering data and information about the criminal environment and criminal activity is not sufficient. The challenge is to corral this wealth of data into knowledge that can enhance decision making, improve strategies to combat crime, and increase crime prevention benefits. In other words, the aim is to convert data and information into actionable intelligence.

For most of the history of law enforcement, criminal intelligence — information that relates to the activities of criminal individuals or groups of offenders — has been retained by special units or by individual detectives. Even after the introduction of intelligence units, these analytical groups often keep their information within the narrow confines of their specific unit. The focus of intelligence units was traditionally on reactive, investigative support. This situation continues in most places. For example, narcotics intelligence units do not share intelligence beyond their units, and street gang intelligence units follow the same practise. In the new environment of intelligence-led policing, these information silos are valuable as strategic resources for the whole police department to squander on the needs of an individual investigator or unit. As we learn more about the abilities of organised crime groups to engage in a range of criminal enterprises such as street crime, narcotics, human smuggling, and money laundering, it has become necessary to restructure law enforcement analytical services to better reflect this criminal environment.

In addition, a key focus area for governments across the world is the prevention of terrorist incidents by generating data through SIGINT, COMINT and other databases, and then integrating and analysing the data for “actionable intelligence”. The National Intelligence Grid (NATGRID) is a major initiative that will help Indian intelligence agencies face terrorism challenges by gaining access to 21 categories of data sources and turning the information so available into actionable intelligence.

The net result of these endeavours was the endorsement of an integrated analysis model. By blending crime analysis with criminal intelligence, crime analysis can provide the “what is happening” picture of the criminal environment, and criminal intelligence can provide the “why it is happening” reasoning. These two components, used in combination, are essential to

gain a more complete understanding of criminality necessary to formulate effective crime reduction and prevention strategies. The integrated analysis model will allow executives to see the big picture of criminality and access a wider range of enforcement options. Furthermore, it would allow a more fluid response to crime, based on a realistic model of analysis that better mimics the criminal environment.

The diagram below illustrates at high level, the intelligence and law enforcement organisational set-up in India.

Political

Administrative

Intelligence

Enforcement

Ministry of Home Affairs (‘MHA’)

Prime Minister’s Office (‘PMO’)

Cabinet Secretariat (‘CS’)

Intelligence Bureau (‘IB’)

Research & Analysis Wing (‘RAW’)

Joint Intelligence Committee (‘JIC’)

National Technical Research Organization

(‘NTRO’)

Aviation Research Center (‘ARC’)

National Security Council (‘NSC’)

Cabinet Committee on Security (“CCS”)

National Security Council Secretariat

Central Paramilitary Forces (CPMFs)

DefenceIntelligence

Financial Intelligence

State Police

Home Guards

Civil Defence

NATGRID

MACs

Note:1. State Police: State Police Forces, State Police Forces2. Defence Intelligence: Army, Navy, Air - Force and Defence Intelligence Agency 3. Financial Intelligence: : Financial Intelligence Unit (FIU), Income Tax Directorate, Customs & Central Excise and Enforcement

Directorate

Intelligence Bureau (IB) is one of the oldest intelligence agencies operating in the country. Its roots can be traced back to the Imperial Intelligence Bureau, which served British interests in India. The IB falls under India’s Ministry of Home Affairs. The Director of the IB reports to the Prime Minister on intelligence issues.

Before the reorganisation of intelligence agencies in 1968, the IB was responsible for both internal and external intelligence. The need for an effective intelligence network in India did not emerge until the Indo-China border conflict of 1962. It is only since the birth of the Research and Analysis Wing (RAW) in 1968 that the IB was expected to collect intelligence within the country. It has since been identified as the premier agency for “domestic intelligence”. On the other hand, the primary

responsibility for collecting external intelligence, including on a potential adversary’s military deployment, is vested with the RAW. Both of the agencies play a major role in producing intelligence relating to counterterrorism.

Intelligence agencies must be clear about challenges to the

Reference: Frost & Sullivan, Beyond Borders – Tracing the Impacts of Smarter Public Safety Reference: http://www.pib.nic.in/newsite/erelease.aspx?relid=56395


security of the state. They will need to extend their scope to collecting intelligence on internal security, external security, military intelligence – both tactical and strategic, economic and commercial intelligence, as well as new data in science and technology related issues.

This necessitates the creation of a world-class intelligence set-up to meet these requirements. While the main role of intelligence collection will remain focussed on the collection of inputs (operations), compilation and assessment (analysis) would be equally important, but the kind of intelligence needed and the speed in obtaining it would be crucial.

There is also a great need to take cognizance of the many non-traditional areas of intelligence – financial transactions, technological transactions, large company manoeuvres, organised crime, etc. Connecting the dots in these specialised areas of intelligence collection would make the process of intelligence collection far more complicated.

Every major economic department may need an intelligence wing, and increased outsourcing from intelligence agencies to think tanks may become necessary. In practice, such cooperation is already happening in the day-to-day functioning of government departments, but there is a widespread need for this process to be formally institutionalised.

Many breaches of national security in India have occurred in the past. Such instances continue to plague our country, not for want of intelligence, but because of the faulty analysis of available intelligence and inadequate follow-up action thereon, and/or co-ordination of input. This issue is not adequately highlighted in most post mortems of perceived intelligence failures surfacing in the media.

The major challenges in the Indian intelligence scenario are:

• ►Inadequate methods by which intelligence is processed and shared between central and shared agencies

• ►Confusion in processing intelligence alerts by various authorities

• ►State governments widely neglecting the usefulness of open-source intelligence

• ►Insufficient inter-agency coordination

Initiatives for enhancing the existing Indian intelligence set-up

In days following the 26/11 attacks, a large-scale overhaul of the Indian intelligence set-up was planned through a number of initiatives, including:

1. The set-up of a National Investigation Agency (NIA): It is a federal agency established by the Indian Government to combat terror in India. It acts as the central counter-terrorism LEA. The agency is empowered to deal with terror-related crimes across states. The agency came into existence with the enactment of the National Investigation Agency Act 2008 by the Parliament of India on 31 December 2008. It aims to set standards of excellence in counter terrorism and other national security-related investigations at the national level by developing a highly trained, partnership-oriented workforce. It also aspires to create deterrence for existing and potential terrorist groups/individuals. It aims to position itself as a storehouse of all terrorist-related information.

Various Special Courts have been notified by the Central Government of India for the trial of cases registered at various police stations of NIA under Section 11 and 22 of the NIA Act 2008. Any question as to the jurisdiction of these courts is decided by the Central Government. These are presided over by a judge appointed by the Central Government on the recommendation of the Chief Justice of the High Court in that region. Trials by these courts are held on day-to-day basis on all working days and have precedence over the trial of any other case against the accused in any other court (not being a Special Court). These have to be concluded in preference to the trial of such other cases.

2. National Counter Terrorism Centre (NCTC): It is a proposed federal anti-terror agency to be created in India, modelled on the National Counterterrorism Centre of the US. The proposal came after the 2008 Mumbai attacks (26/11), where several intelligence and operational failures revealed the need for a federal agency with real-time intelligence input of actionable value specifically created to counter terrorist acts against India.

The NCTC will execute counter-terror operations and collect, collate and disseminate data on terrorism, besides maintaining a database on terrorists and their associates, including their families. The NCTC will be empowered to analyse intelligence shared by agencies such as the Intelligence Bureau and select suitable data. It will also be granted powers to conduct searches and arrests in any part of India and formulate responses to terror threats.

3. National Intelligence Grid (NATGRID): It aims to link several intelligence databases to help aggregate comprehensive patterns of intelligence that can be readily shared and accessed by the entire intelligence community. It is a counter terrorism measure that collects and collates a host of information, including tax and bank account details, credit card transactions, visa and immigration records, and itineraries of rail and air travel, from government databases. This combined data is made available to 11 central agencies, namely, Research and Analysis Wing, the Intelligence Bureau, Central Bureau of Investigation, Financial intelligence unit, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Enforcement Directorate, Narcotics Control Bureau, Central Board of Excise and Customs and the Directorate General of Central Excise Intelligence..

Unlike the NCTC and the NIA, which are central organisations, the NATGRID is essentially a tool that enables security agencies to locate and obtain relevant information on terror suspects from the pooled data of various organisations and services in the country. It will help identify, capture and prosecute terrorists and help pre-empt terrorist plots.

4. Crime and Criminal Tracking Network System (CCTNS): Realising the gross deficiency in connectivity, the Central Government is implementing an ambitious scheme, the CCTNS. The project was started in 2009 to facilitate collection, storage, retrieval, analysis, transfer and sharing of data and information at the police station, and between the police station and the state headquarters and the central police organisations. CCTNS aims at creating a comprehensive and integrated system for enhancing the efficiency and effectiveness of policing through the adoption of e-Governance and the creation of a nationwide networking infrastructure. This would enable the evolution of an IT-enabled state-of-the-art tracking system for the investigation of crime and detection of criminals.

Under the CCTNS project, approx. 14,000 police stations throughout the country have been proposed to be automated, besides 6,000 higher offices in the police hierarchy, e.g., Circles, Sub-Divisions, Districts, Range, Zones, Police Headquarters, SCRBs, including scientific and technical organisations having databases required for providing assistance and information for investigation and other purposes, e.g., Finger Print Bureaux, Forensic Labs etc. by 2012.

In addition, the CCTNS project aims at:

• ►Increasing operational efficiency by:

• Reducing the need to manually perform monotonous and repetitive tasks

• Improving communication, e.g., police messaging, email systems

• Automating back-office functions to enable police staff to maintain greater focus on core police functions

• ►Creating platforms at the state and central levels for sharing crime and criminal information/databases across the country

• ►Creating platforms for sharing intelligence across states, across the country and across other state-level and GoI-level agencies

• ►Improving service delivery to the public/citizens/stakeholders


Understanding the intelligence architecture

Given the increasing number and sophistication of crimes in India, intelligence and investigation agencies such as RAW, IB, NIA and CBI, as well as state police departments, are being held to higher standards of performance and accountability. After collecting the right sort of data, it has to be integrated, correlated and transformed into real, actionable information to assist in crime prevention, as well as the effective crime investigation and prosecution of criminals. Furthermore, this intelligence needs to be disseminated to appropriate LEAs to make timely decisions.

Elements of Intelligence Management Framework

PlanningIdentifying and agreeing upon the mechanism for identifying, collecting, analyzing & disseminating intelligence

CollectionCollection of data from various sources, both pre-defined formal sources as well as ad-hoc informalsources

ProcessingHow can the data and information collected from various sources be standardized for analysis

AnalysisApplying advanced data analytics techniques on the information gathered to derive meaningful intelligence

DisseminationTimely dispatch of relevant information to various law enforcement agencies

Intelligence management frameworkAn effective intelligence management framework is required to ensure robust intelligence gathering, interpretation, analysis and dissemination to assist in crime prevention and investigation. The figure below represents the building blocks of the intelligence management framework for law enforcement.

These five steps have been described in subsequent sections.

Planning

To establish an effective and participative intelligence management framework, it is essential that a robust intelligence plan is created among the various stakeholders. The plan has to be supported by strong laws and bilateral/multilateral agreements between/among various agencies.

An effective plan for intelligence-led law enforcement requires the various stakeholders to:

• Understand the objectives and functions of the intelligence management framework, both for crime prevention and crime investigation

• Identify all of the stakeholders and partners involved in the process and their individual objectives, mandates and boundaries

• Identify laws and regulations governing intelligence gathering and sharing activities

• Institute a governing entity and a governance and oversight mechanism to support the framework

• Clearly outline the steps required in the intelligence management process, as well as the roles and responsibilities of each stakeholder

• Enter contractual agreements and institute laws supporting the intelligence management process

• Monitor and manage the process and upgrade it on an ongoing basis

Collection

Data collection is the process of gathering data on variables of interest in a systematic fashion to enable data-driven analysis and decision making. Collection aims to create a set of raw information from multiple sources. The information is then processed and analysed to arrive at patterns and inferences.

Crime detection and prevention require the collection of data from distinct sources including:

1. Law enforcement databases maintained by LEAs such as National Crime Records Bureau (NCRB) database, Crime and Criminal Tracking Network & Systems (CCTNS) and e-Courts

2. Government databases including tax databases, passport database, Immigrant, Visa, Foreigner, Immigration, and Visa and Foreigner’s Registration & Tracking (IVFRT) database

3. Intelligence agency databases maintained by agencies such as RAW and IB and national-level investigation agencies, such as CBI and NIA, for internal security

4. Surveillance feeds (government as well as private), including those from surveillance cameras installed for security or traffic management and from private surveillance cameras installed in shopping malls, ATMs, etc.

5. Utility and financial databases of utilities such as telecom, airlines, banking, hospitals and land records

6. Open/Public data available on social media websites, newspapers and media or open data available in the public domain

Reference: 18, http://www.pib.nic.in/newsite/erelease.aspx?relid=56395


Processing

Data collected for intelligence can be structured or unstructured. Extracting the right information can pose a challenge. Raw data sourced from different agencies can suffer from deficiencies such as inconsistency, duplicity and non-standardisation. Data processing is a necessary step before analysis can be conducted to draw meaningful information. In addition, it is necessary, in most cases, to aggregate and organise data into suitable categories/clusters for drawing better inferences. Data processing may involve various steps, including:

Validation – Data needs to be clean, correct and useful. It is crucial that data sourced from different agencies is validated for its correctness and authenticity. The simplest form of data validation implies ensuring that data elements are present in the format required. For example, telephone numbers are routinely expected to include digits and characters +, and -. A more sophisticated data validation routine would check to see if the user had entered a valid

U.S. Facial Recognition Data Collection Project

September 16, 2013: Department of Homeland Security Science and Technology Directorate (DHS S&T) Resilient Systems Division has funded Pacific Northwest National Laboratory (PNNL) to perform a facial video data collection.

S&T is conducting this Privacy Impact Assessment (PIA) to address privacy concerns raised by the collection and use of facial recognition data.

It is used to determine the accuracy of the facial recognition software. Protection mechanisms have been implemented to protect privacy of volunteers, as well as members of public that may present during the video data collection. The data collection and testing will help DHS determine the current capabilities and limitation of facial recognition software.

Source: DHS website

country code, i.e., the number of digits entered matched the convention for the country or area specified. Another validation could be range and constraint validation and validation against rules imposed by the user organisation.

Checking for data integrity – The integrity of data is an important factor in analysing crime and mapping the needs of an agency. Data integrity refers to the quality of the data, i.e., consistency and accuracy of data. An example of inconsistent data is a single address listed in many different ways, e.g., 100 E. Main Av, 100 Main Av, 100 E. Main or 100 E. Maine Ave. An example of inaccurate data is a report mistakenly coded as a theft when it was a robbery. Data consistency and accuracy, known together as data integrity or data quality, are crucial to conducting crime analysis. It is also necessary to weed out duplicates within datasets to ensure data consistency and integrity.

Sorting – It means arranging items in some sequence and/or in different sets. This exercise can considerably quicken the data analysis process as it is easy to draw inferences from structured data.

Summarising – This intends to reduce detailed data to its main points. This step, along with standardisation measures (used during data gathering), ensures that the given raw data is converted into standardised data sets that are ready for analysis and presentation.

Aggregating – This step entails combining multiple pieces of data into groups or subsets that can be analysed together. This can be useful in carrying out statistical analysis, for example, to statistically compare the number of women-related crimes through the years, it would be necessary to aggregate all forms of crimes with women under the same category.

Classifying – separates data into various categories. For example, data modelling can be undertaken based on city, region and zone level. Agencies can target a particular area where crime has more weightage and can manage resource allocation on deputing the officers on right time.

In the existing paradigm of electronic data collection and analysis, where most of the data is present electronically in data-marts and data-warehouse, it is crucial that the processed data is stored in appropriate structures within these databases. In computing, extract, transform, and load (ETL) refers to a process in database usage and, especially, in data warehousing that:

1. Extracts data from outside sources

2. Transforms it to fit operational needs, which can include quality levels

With such distinct sources of data, it is critical to have a well-defined data collection plan and methodology in place. Furthermore, LEAs require access to confidential data, which can raise concerns of privacy among citizens. It is, therefore, necessary to establish checks and balances to ensure that such access is authorised and is not misused by individuals or agencies

3. Loads it into the end target (database, more specifically, operational data store, data mart, or data warehouse)

By using ETL techniques, data mining and data modelling, data can be stored properly in particular storage for use in analytics application. ETL systems are used commonly to integrate heterogeneous data from multiple sources, including applications developed by different vendors or on varying underlying hardware/software base.

Analysis

This step covers various methods of automated data analysis to discover previously unknown intelligence through links, associations and patterns in the data. It involves establishing solutions for link analysis, predictive analysis, search analysis, predictive analysis, social network analysis, video/voice analytics, business intelligence, data mining solutions and workflow systems.

Analysis requires various business rules to identify patterns and link suspects based on parametric rules. Business intelligence solutions are used to perform both ad-hoc and scheduled analysis of data through slicing and dicing date across various dimensions, drill-down and drill up, what-if analysis, time-based patterns, etc.

Dissemination

This step involves providing fast, time-sensitive, reliable, useful information and updates to relevant stakeholders.

One of the key aspects of dissemination involves bilateral/multilateral agreements between/among intelligence agencies and LEAs to disseminate relevant data in pre-defined formats and agreed frequencies (where applicable). The disseminated data should be relevant to the recipient and provide role-based information.

Another key aspect of intelligence dissemination is the representation of the results and inferences arrived through analytics in the form of executive dashboards and reports. Visual reporting and dashboarding makes the results of data analysis easily presentable to decision makers for quick decisions.

Reporting involves creating dashboards and reports in the form desired by the intended recipients. The process of reporting requires understanding the recipients’ intelligence requirements to create meta-data for reports and dashboards that can address their information needs. The dashboards should have easy navigability and present the big picture at a glance, while allowing the recipients to drill down deep into the data.

Analytics in crime prediction and crime predictionInvestigation agencies involved in crime investigation and prediction are increasingly turning to ICT-driven advanced analytics tools to analyse the large amount of data collected from various sources. This helps them draw inferences and deductions that are not apparent through the traditional methods of analysis. Analytic tools are finding their application in both investigation scenarios and prediction of the occurrence of crimes.

In the section below, an attempt has been made to understand the application of analytics solutions in crime investigation and prediction.

1. Crime prediction – LEAs are increasingly relying on predictive methods to determine the probabilities of events,

US Commercial Aviation partnership balances homeland security with travellers’ needs

11 September 2001: After the 9/11 terrorist attacks, airport security and passengers screening were enhanced dramatically, but the security measures came at a significant cost to the airline industry and to the convenience of the travelling public. While the need for increased security measures was undisputed, the civil aviation industry wanted to be certain that new security measures were being implemented appropriately, with maximum effectiveness and without causing undue disruption and expense.

To ensure that decisions on airline security and passenger screener services are made on an analytically sound basis, a group of government agencies (including the Department of Homeland Security and its Transportation Security Administration) and private sector associations and individual companies (including Boeing and AIRBUS) formed the US Commercial Aviation Partnership. Analytics and industrial engineering professionals from Boeing and the Transportation Security Administration (TSA) developed a suite of models, known Economic Tool. These models help define and predict the operational and economic impact of air travel security options on a system-wide basis.

The tool helps decision makers estimate the security efficiency, screener service performance, and economic/business performance impact of various policy, strategy, and operational choices. Cost and benefit values are calculated for the TSA, as well as for airlines, airports, hotels and related services.

Source: DHS website


based on past data and by deriving relationships between the various apparently unrelated events. According to a white paper published by RAND Corporation7, analytical methods for the prediction of criminal activities can be divided into four broad categories:

a. Methods for predicting crimes: focus on determining the probabilities of occurrence of certain crimes at certain places or time

b. Methods for predicting offenders: determine and identify potential offenders who are at high risk of committing criminal activities

c. Methods for predicting perpetrators’ identities: used to create profiles that accurately match likely offenders with specific past crimes

d. Methods for predicting victims of crimes: used to identify groups or, in some cases, individuals who are likely to become victims of crime

2. Crime investigation – Analytics have been used since long for carrying out crime investigation. It is relatively much less complex as compared to predictive analysis, as in most cases, rather than predicting the probabilities of future events, investigative analytics techniques focus on establishing linkages between the characteristics of the

current crimes with the already available database of crimes and criminals and further uncovering patterns, and linkages to identify culprits. An example scenario in the subsequent section describes the analytics used in crime investigation.

Different types of analytic techniques used for crime prediction and investigation Conventional methods of crime analysis are heuristically simpler and, therefore, cost lower and can work well on low-to-moderate data volumes and levels of complexity. In contrast, advanced crime analytics techniques require sophisticated analytics methods to work on large and complex data sets. In this context, a large data set is defined as one that is beyond the processing capabilities of a single analyst and which an analyst cannot recall and analyse without the help of some computer programs. Conventional approaches start with mapping locations and determining where the crimes are most likely to occur. The corresponding advanced analytics methods start, at the most basic level, with regression analyses and extend all the way to cutting-edge heuristic mathematical models that are the subjects of active research.

The table below illustrates the application of advanced analytics for predicting and investigating crimes. It also highlights

Law enforcement’s use of predictive technologiesProblem Conventional crime analysis (low to moderate

data demand and complexity)Advanced crime analytics (large data demand and high complexity)

Using a wide range and large variety of additional data

Basic regression models created in a spreadsheet program

Regression, classification, and clustering models

Accounting for increased risk from a recent crime

Assumption of increased risk in areas immediately surrounding a recent crime

Near-repeat modelling

Determine when areas will be most at risk of crime

Graphing/Mapping the frequency of crimes in a given area by time/date (or specific events)

Spatiotemporal analysis methods

Identify geographic features that increase the risk of crime

Finding locations with the greatest frequency of crime incidents and drawing inferences

Risk terrain analysis

Source: RAND Corporation

the increasing complexity of these methods compared to conventional crime analysis techniques.

There are two ways to use automated data analytics in crime prediction and investigation: by following subject-based queries or pattern-based queries.

1. Subject-based queries start with a specific and known subject and search for more information. The subject could be an identity – a suspect, an airline passenger, or a name on a watch list, or it could be something specific such as a place or a telephone number. A subject-based query will seek more information about and a more complete understanding of the subject, such as activities that a

7Predictive Policing: The Role of Crime Forecasting in Law Enforcement Operations, Safety and Justice Program, RAND Corporation

person has engaged in or links to other people, places and things.

2. Pattern-based queries involve identifying some predictive model or pattern of behaviour and searching for that pattern in data sets. These models can be discovered through data mining, or they can come from outside knowledge – intelligence or expertise about a subject. However, once the patterns are obtained, the process involves looking for the occurrence of these patterns of activity in data.

A few prominent analytics techniques that are commonly used across sectors and are increasingly finding use in crime prediction and investigation have been described below.

1. Link analytics

It can be used in crime investigations to arrive at conclusions that are not apparent when the data sets are viewed in isolation. Link analytics technique uses aggregated public records or other large collections of data to find links between a subject – a suspect, an address, or other piece of relevant information — and other people, places or things. This can provide additional clues for analysts and investigators.

2. Predictive analytics

It involves deriving predictions from patterns in “relational” data (in which the key facts are relationships between people, organisations, and activities — from a variety of different types and sources of data). The effective models of countering crimes must find predictive links among lower-level activities (such as illegal immigration, counterfeiting, etc.), people, organisations and events that can allow inferences and predictions about higher-level clandestine organisations and activities. Data on these lower-level activities exist in different places, and the relationships between them that are important.

Analysts might use these techniques to evaluate the significance of leads or suspicions, to generate those leads, to structure or order an investigation or to acquire additional information along the way. Using predictive analytics, LEAs can improve the analysis of relational data by combining low-level pattern instances to provide leads for predicting criminal plots.

3. GIS-based crime analytics

GIS analytics systems allow the integration of information sources such as incidents, offenses, arrests and calls for service on a single integrated geospatial platform. This unique combination empowers analysts to extract valuable intelligence, and analyse and correlate events to make timely and informed decisions in an environment that can have a direct impact on the

safety of officers and citizens. A few examples where LEAs can use the GIS-based crime analytics are:

a. Pin/Point maps such as geocoded point locations of crime incidents

b. Graduated symbol maps including proportion of male and female victims of crime

c. Choropleth maps such as crime rate per neighbourhood, proportion of juveniles involved in criminal activity, etc.

d. Flow line/network maps such as suspect movement

e. Isoline maps including outlines of crime target areas, crime density or crime hotspots

4. Social network analytics

These techniques view social relationships in terms of network theory and as consisting of nodes (representing individual actors within the network) and ties (in terms of relationships between individuals, such as friendship, kinship and organisational position ).

Visual representation and analytics of networks is a powerful method for conveying complex information, and is easy in interpreting node and graph properties from visual displays. It can, therefore, be used to derive relationships between criminals and criminal activities.

This type of analytics can be used for both investigative and preventive objectives, as social interactions within the cyber world closely mirror real interactions and can, therefore, be used to derive inferences and predictions, both post and pre criminal activities. The posts, tweets, likes, shares and recommendations can be analysed in real time by running ad-hoc queries. At the same time, algorithms can help break sentences into component parts, remove common words and provide visualisations of the most meaningful words and the frequency of their use over time. This can give a real-time assessment of the activities of a particular set of people and can, therefore, forewarn agencies of impeding threats by systematic analysis.

5. Video analytics

LEAs can use data from video surveillance systems to analyse video streams for the detection of persons/events of interest. Video analytics can alert on events of interest much more effectively than reliance on a human operator, which is a costly resource with limited alertness and attention. Analysing recorded video is a need that can rarely be answered effectively by human operators due to the lengthy process of manually going through and observing the recorded video and the associated manpower cost for this task.


Video analytics can help agencies assess recorded videos for suspicious activities in:

a. Abandoned object detection: Video analytics can alert that an object such as a briefcase appearing in the video could be an abandoned object.

b. Intruder detection: A video feed with video analytics can provide investigating agencies with invaluable visual cues to find suspects.

c. Human tracking: Analytics in the video can be set to categorise specific moving objects and will generate an alarm on those that are pre-defined as positive.

d. License plate recognition: Investigating agencies can use it for Automated Number Plate Recognition (ANPR) enforcement, where the solution can detect and analyse license plates for the detection of vehicles that have been black-listed.

6. Behavioural analytics of violent crime

Data mining tools can model and analyse violent criminal behaviours. Given the tools available in the market and the understanding of criminal psychology, it is possible to model even extremely violent behaviour to analyse, anticipate and predict violent acts.

With data mining, relationships that might not be obvious are revealed. For example, using data mining, a relationship between property crimes and stranger rape can be discovered.

Therefore, through advanced analytics over data from different sources, it is possible to identify patterns and linkages between otherwise unrelated events.

Crime prediction sample scenario

Immediately after the major combat operations in Iraq in April 2003, the US forces had to deal with insurgents placing IEDs along the routes frequented by US troops. This had become a serious menace as the location and timing of the placement of these IEDs was difficult to predict. At the time, RAND Corporation developed the concept of Actionable Hotspots (AHS) to use the recent data about the location and time of IED related activities to detect patterns and therefore predict possible threats and activities in the immediate area.

The software typically looked for two or more IED events in a small user specified areas (typically 100 m radius) over several weeks. Mathematical models were then applied to give rankings to the clusters, displaying the results on maps. This was then validated by evaluating the results against the occurrence (non-

occurrence) of future IED events within a specified future time frame (typically 24-48 hours).

In addition to tests against historical data, analysts also used experimental AHS code to provide AHS nominations to several brigade size units on daily basis. The nominations were sent to test units for tactical planning. The feedback from these units was positive: Most actions taken (sniper, overwatch) as a result of planning informed by AHS nominations led to positive results. Feedback was used to further refine the code for operational efficiency.

The results of the test period were encouraging. Although units did not always take action on the nominated hot spots but when they did choose to take action in response to a nominated AHS, it was usually because the hot spot had been corroborated by other intelligence, and these actions were almost always

Terrorist plots are rare and difficult to predict reliably, but preparatory and planning activities in which terrorists engage can be identified. Using predictive analysis, LEAs can improve their analysis of relational data by combining low-level pattern instances to provide leads for detecting rare high-level patterns. Detecting combinations of these low-level activities such as illegal immigration, operating front businesses, money transfers, use of drop boxes and hotel addresses for commercial activities and having multiple identities could help IAs in predicting terrorist plots.

Past data on IED incidents(e.g. detonated, foundand cleared, interrupted during emplacement)

AHS Software(mathematical

models)

Map predictive threat rankings on GIS map

Mathematical model strengthened with feedback

successful. During the AHS test period, the units studied achieved an average success rate of 30 percent, with a range between 50 percent and 11 percent. Success meant that in the 24 or 48 hours following a nomination (the period varied by unit), at least one IED incident (explosion or found and cleared) occurred in the nominated area.

Incident descriptionINCIDENT: bomb blastA bomb blast on the streets of an indian city leaves 2 dead and 4 injured. The bomb was kept on a bicycle in front of a shop in the main market. A modified cell phone attached to the IED device was used to detonate the bomb

1 Occurence of an accident

Data collection-investigation initiated by state police department

CCTNS DB

Lodge FIR, create case diaries, charge sheet , list of accused, suspects/absconder address, photos, fingerprints etc. CCTV Footage Ballistics report

Forensic report

Update CCTNS DB based on state police investigation

2

Analytics on data sources3

IDENTIFY AND PROSECUTE CRIMINALS4Based on the above analysis, criminals can be identified for prosecution.

Telecom DB

CDR received from the telecom agencies are analyzed using analytics

Financial transaction DB

Analyze financial footprints for suspected bank accounts using analytics

Case management DB

Based on similar cases in the past, identify list of suspects, their terror links, funding sources, operational geographies etc. using analytics

Based on the list of suspects in previous incidents, search ecourtDB to identify if, any court case has been initiated against the suspect, source other details as available to the court etc.

Investigating team

Ecourts DB

Prison management DB

Based on the list of suspects in previous incidents, search prison DB to identify arrests or conviction of suspects or their accomplices.

Extract FIR, charge sheet, forensics report etc. from the CCTNS DB

Crime investigation sample scenario This section presents a hypothetical example of investigating crime through advanced analytics technique. The hypothetical case is about a bomb blast in a certain city in India. The details here trace the sequence of the event that could be followed a thorough investigative analysis of the case using advanced analytics.


Way forward

The paper has discussed, in detail, the importance of analytics, as well as various kinds of analytics tools that can be used by LEAs for enforcing law and order in the country. To realise the power of analytics, a well-charted plan of various initiatives needs to be prepared and implemented. Key initiatives are detailed below.

1. Data analytics

Data input from various data sources will be accessed through data layer. Data collected, on request from various sources, will be stored in databases. Data structures will be created and maintained for the purpose of intelligence analysis, dissemination and investigation. Some of the information items considered for this are:

• ►Criminals/Terrorists details

• Terrorist organisation details

• Intelligence agencies’/LEAs’ details

• ►CDR/SDR details

• Financial transaction details

• Airlines and flights details

• International organisation details

• Law enforcement case details

• Police case records

• Analysis rules repository

• Alert and case details

• Dictionaries and references

Various capabilities of data analytics should be enhanced for better utilisation of analytics capabilities, as follows:

• Data warehouse: it involves a single, multi-dimensional and consistent store of data obtained from a variety of different sources to be made available to end users to enable them to understand what they can use and interpret in a business context.

• Extract, Transform and Load (ETL): It involves gathering data, cleansing it to eliminate redundant and other unusable data, and standardising it to make searches more accurate. When done well, this process has a significantly positive impact on the quality of the data-mining or data-analysis product, as it reduces data errors such as false positives and false negatives.

• Entity resolution: This capability will discover an individual’s identity and the relationships of individuals to other individuals or entities by analysing disparate sets of data. It is capable of determining relationships with individuals.

• Manpower capability: To perform the analytics, well-trained and well-informed manpower is required.

2. National standards for data exchange

Multiple specialised agencies are required for intelligence and investigation of crimes such as financial crimes, cybercrimes, economic crimes and terrorism-related activities. Information shared among these agencies drives national security and law enforcement. There is a need to understand the value of collaboration among all agencies for maintaining security and strengthening ties at all levels, spanning local to international. Through enhanced understanding of diverse needs of these agencies, a national standard for data exchange should

Data Collection Data Processing

Col

lect

ion

port

al

E -mail

CD Paper

Fax

Scanner

Airlines FIU NCRB

CDR CCTNS

Data from Various sources

ETL Process

Data transformation

Data Extraction

Entity Resolution

Matching & Linking

Data Standardization

Str

uctu

red

Dat

aU

nstr

uctu

red

Dat

aData WarehouseComputer Forensics data

be created. The standardisation of data would ease data acquisition, collation, comparison and dissemination.

The various data sources include NCRB, CCTNS, IVFRT, surveillance feeds, utility and financial databases, tax databases and e-Courts.

Common meta-data fields should be developed for data received from these various sources. It would enhance search and retrieval capability of the analytics system.

Apart from standards for data sharing, policies related to data privacy should be developed. The policy should govern the collection, use, maintenance and dissemination of information concerning citizens. It should restrict what LEAs can do with personally identifiable information in the absence of consent of the individual to whom the information pertains and imposes rules on agencies to be transparent about what information they collect and why.


3. State fusion centers

To further analytics advancements, fusion centers should be set up in India for receiving, analysing and disseminating information to reduce threat to the nation.

FBI expenditures in support of fusion centers in Fiscal Year 2011 were approximately $917,0008. This showcases the importance of fusion centers in the US.

State fusion centers will serve as focal points within the state for the receipt, analysis, gathering and sharing of threat related information between the Central Government and state governments. Located in states and major urban areas throughout the country, fusion centers will empower law enforcement, public safety, fire service, emergency response, public health, critical infrastructure protection and private sector security personnel to understand local implications of national intelligence, thus enabling local officials to better protect their areas. Fusion centers should be able to enable seamless information flow among various LEAs.

Fusion centers should have robust governance mechanism in place, since they would be required to interact with multiple agencies and maintain consolidated databases. They need to have strict access regulations in place, based on roles/level in the organisation.

4. Governance set-up

Analytics aims at sharing timely, relevant and actionable intelligence information with LEAs to combat terror, crime and emergency situations. This needs collaboration within an organisation, as well as with others. Hence, there is a need for a central agency that overlooks the smooth flow of information among LEAs. In line with this, an executive committee for information sharing can be created to prepare polices, seek compliance and provide approval for information sharing. The executive committee would be assisted by various groups, including technical committee, policy group, information officer, advisory board and program management group.

Overall governance needs to be strong and should promote a culture of information sharing among LEAs. The governance set-up should be given special privileges in emergency situations, so that the command of the situation lies with a single agency.

5. Capacity building

The use of analytics tools mandates the employment of skilled and trained individuals who understand the applications and can draw useful implications. Currently, a limited number of courses or colleges offer such training. There are two types of audience for courses in analytics, as follows:

• Experienced professionals working in the intelligence/ investigation domain – Short-term courses and specialised training should be developed for this section by leading Institutes in the country. Refresher courses should also be encouraged, since technology evolves over a short duration.

• Young student – Colleges can team up with LEAs for offering courses in Analytics, as well as providing guidance and real-time experience to students. Better education and training in analytics will prepare a workforce that can handle emergency situations effectively using technology.

Apart from building capacity in the domain, there is a need for organisational restructuring as well. Most of the LEAs lack internal IT capability and depend on external service providers for the same. Introduction of IT division with qualified personnel to manage IT systems would enable LEAs to increase usage of IT in their functioning.

In conclusion, operations of Law Enforcement Agencies can be strengthened not only by increasing number of people but also through increased usage of analytics in their operations. Enhancing use of analytics in policing and intelligence operations would reduce the crime rate in long run.

8FBI Information Sharing Report 2011


Abbreviations

ACB Anti-Corruption Bureau

ANPR Automated Number Plate Reader

ARC Aviation Research Centre

ATM Automated Teller Machine

ATS Anti-Terrorist Squad

BPR&D Bureau of Police Research and Development

CBI Central Bureau of Investigation

CCTNS Crime and Criminal Tracking Network System

CCTV Closed Circuit Television

CDR Call Data Records

CFSL Central Forensics

CID Crime Investigation Department

CMPD Charlotte-Mecklenburg Police Department

COMINT Communication Intelligence

CPF Central Paramilitary Force

CS Cabinet Secretariat

DDoS Distributed Denial of Service

DHS Department of Homeland Security

DNA Deoxyribonucleic acid

DNS Domain Name System

DRI Directorate of Revenue Intelligence

EIA Economic Intelligence Agency

EOW Economic Offence Wing

ETL Extract Transform Load

EY Ernst & Young

FBI Federal Bureau of Investigation

FICCI Federation of Indian Chambers of Commerce and Industry

FIR First Information Report

FIU Financial Intelligence Unit

GIS Geographic Information System

IB Intelligence Bureau

ICT Information and Communication Technology

IED Improvised Explosive Device

IPC Indian Penal Code

IVFRT Immigration, Visa and Foreigner's Registration & Tracking

JIC Joint Intelligence Committee

LEA Law Enforcement Agency

MAC Media Access Control

MCIT Ministry of Communication and Information Technology

MHA Ministry of Home Affairs

MoF Ministry of Finance

NATGRID National Intelligence Grid

NCB Narcotics Control Bureau

NCRB National Crime Records Bureau

NCTC National Counter Terrorism Centre

NeGP National e-Governance Program

NIA National Investigation Agency

NSC National Security Council

NTRO National Technical Research Organization

PMO Prime Minister’s Office

RAW Research and Analysis Wing

SCRB State Crime Record Bureau

SIGINT Signals Intelligence

SLL Special and Local Laws

USA United States of America

WMD Weapon of Mass Destruction


Contact us

FICCI contacts:

Sumeet Gupta

Director Head - Publishing / Homeland Security / Private Security / GIS FICCI Industry’s Voice for Policy Change Federation House, Tansen Marg, New Delhi 110 001 E: [email protected] T: +91-11- 23487515 (D) , +91-11-2373 8760-70 (Extn. 515) F: +91-11-23765333

EY contacts:

Rahul Rishi

Partner, Advisory services Ernst and Young LLP 6th floor, HT House, KG Marg, New Delhi-110001 E: [email protected] T: +91-124-464-3183 F: +91-124-464-4050

Rashmi Sarita

Deputy Director FICCI Industry’s Voice for Policy Change Federation House, Tansen Marg, New Delhi 110 001 E: [email protected] T: +91-11-23736306 (D) , +91-11-2373 8760-70 (Extn. 212) F: +91-11-23765333

Akshya Singhal

Senior Manager, Advisory services Ernst and Young LLP 6th floor, HT House, KG Marg, New Delhi-110001 E: [email protected] T: +91-124-464-3277 F: +91-124-464-4050

Our offices

Ahmedabad2nd floor, Shivalik Ishaan Near C.N. VidhyalayaAmbawadiAhmedabad - 380 015Tel: + 91 79 6608 3800Fax: + 91 79 6608 3900

Bengaluru12th & 13th floor“UB City”, Canberra BlockNo.24 Vittal Mallya RoadBengaluru - 560 001Tel: + 91 80 4027 5000 + 91 80 6727 5000 Fax: + 91 80 2210 6000 (12th floor)Fax: + 91 80 2224 0695 (13th floor)

1st Floor, Prestige Emerald No. 4, Madras Bank RoadLavelle Road JunctionBengaluru - 560 001Tel: + 91 80 6727 5000 Fax: + 91 80 2222 4112

Chandigarh1st Floor, SCO: 166-167Sector 9-C, Madhya MargChandigarh - 160 009 Tel: + 91 172 671 7800Fax: + 91 172 671 7888

ChennaiTidel Park, 6th & 7th Floor A Block (Module 601,701-702)No.4, Rajiv Gandhi Salai, Taramani Chennai - 600113Tel: + 91 44 6654 8100 Fax: + 91 44 2254 0120

HyderabadOval Office, 18, iLabs CentreHitech City, MadhapurHyderabad - 500081Tel: + 91 40 6736 2000Fax: + 91 40 6736 2200

Kochi9th Floor, ABAD NucleusNH-49, Maradu POKochi - 682304Tel: + 91 484 304 4000 Fax: + 91 484 270 5393

Kolkata22 Camac Street3rd floor, Block ‘C’Kolkata - 700 016Tel: + 91 33 6615 3400Fax: + 91 33 2281 7750

Mumbai14th Floor, The Ruby29 Senapati Bapat MargDadar (W), Mumbai - 400028Tel: + 91 022 6192 0000Fax: + 91 022 6192 1000

5th Floor, Block B-2Nirlon Knowledge ParkOff. Western Express HighwayGoregaon (E)Mumbai - 400 063Tel: + 91 22 6192 0000Fax: + 91 22 6192 3000

NCRGolf View Corporate Tower BNear DLF Golf CourseSector 42Gurgaon - 122002Tel: + 91 124 464 4000Fax: + 91 124 464 4050

6th floor, HT House18-20 Kasturba Gandhi Marg New Delhi - 110 001Tel: + 91 11 4363 3000 Fax: + 91 11 4363 3200

4th & 5th Floor, Plot No 2B, Tower 2, Sector 126, NOIDA 201 304 Gautam Budh Nagar, U.P. IndiaTel: + 91 120 671 7000 Fax: + 91 120 671 7171

PuneC-401, 4th floor Panchshil Tech ParkYerwada (Near Don Bosco School)Pune - 411 006Tel: + 91 20 6603 6000Fax: + 91 20 6601 5900

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

Ernst & Young LLP is one of the Indian client serving member firms of EYGM Limited. For more information about our organization, please visit www.ey.com/in.

Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited Liability Partnership Act, 2008 in India, having its registered office at 22 Camac Street, 3rd Floor, Block C, Kolkata - 700016

© 2014 Ernst & Young LLP. Published in India. All Rights Reserved.

EYIN1407-085 ED 06/01/2015

This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither Ernst & Young LLP nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.

VS

About FICCI

Established in 1927, FICCI is the largest and oldest apex business organisation in India. Its history is closely interwoven with India’s struggle for independence, its industrialization, and its emergence as one of the most rapidly growing global economies. FICCI has contributed to this historical process by encouraging debate, articulating the private sector’s views and influencing policy.

A non-government, not-for-profit organisation, FICCI is the voice of India’s business and industry.

FICCI draws its membership from the corporate sector, both private and public, including SMEs and MNCs; FICCI enjoys an indirect membership of over 2,50,000 companies from various regional chambers of commerce.

FICCI provides a platform for sector specific consensus building and networking and as the first port of call for Indian industry and the international business community.

Our Vision

To be the thought leader for industry, its voice for policy change and its guardian for effective implementation.

Our Mission

To carry forward our initiatives in support of rapid, inclusive and sustainable growth that encompass health, education, livelihood, governance and skill development.

To enhance efficiency and global competitiveness of Indian industry and to expand business opportunities both in domestic and foreign markets through a range of specialised services and global linkages.

The content provided in the report is primarily based on secondary data collected from a variety of sources. Though utmost care has been taken to present accurate information, FICCI makes no representation towards the completeness or correctness of the information contained herein.

This document is for information purpose only. This publication is not intended to be a substitute for professional, legal or technical advice. FICCI does not accept any liability whatsoever for any direct or consequential loss arising from any use of this document or its contents. Under no circumstances shall FICCI be liable for any direct, indirect, incidental, special, punitive or consequential damages arising in any way from your use of or inability to use the report.

EY refers to the global organization, and/or one or more of the independent member firms of Ernst & Young Global Limited

Ernst & Young LLP

EY | Assurance | Tax | Transactions | Advisory

homeland security 2014 safe and secure nation -...

Documents