Can We Create an Intelligence Alert System?

Let me state from the outset that I’m out of my depth here. Other than being a dedicated and passionate observer and admirer of the intelligence community, I have no background in intelligence matters.  But, after reading countless articles, editorials, blogs and commentaries on the foiled Christmas day bombing incident I feel that I have to raise an issue that I think is worth considering.
 
Most of the media reports and new clips seem to center on the intelligence community’s failure to connect the dots and the need for better detection systems in the airports, which have always met with resistance from the privacy advocates.

While all of that is important and needs to be addressed, I’m going to leave that to other people. Instead, I’m thinking about whether technology can make a difference. Not through better detections systems but by applying Web 2.0 technologies and the principle of “crowdsourcing”  or “collective intelligence” to intelligence gathering and analysis.  In this case though, I’m not talking about the kind of crowdsourcing already being used by the intelligence community through Intellipedia  or A-Space  in which analysts share information and comments with one another to come up with an improved analysis. I’m talking about something more like a system that provides an “automated crowdsourcing” capability. What do I mean by that?

Well, let’s face facts. One of the problems with the intelligence systems in place to identify terrorists is that there’s just too much information.  For example, there’s been a lot made of the fact that Umar Abdulmattulab’s father warned the U.S. Embassy in Nigeria that he was seriously concerned because his son had turned to extremism and was somewhere in Yemen, and that somehow that warning never made it to the top of anyone’s watch list. Frankly, it shouldn’t be too surprising because there are tens of thousands of similarly characterized people on those lists. How is anyone to know which one is more important?

That said, there were plenty of other clues. For example, back in May the British government refused to renew Abdulmattulab’s visa and put him on their own watch list. The National Security Agency (NSA) intercepted a conversation of an al-Qaeda leader discussing a Yemen-based plot involving a Nigerian citizen.  Abdulmattulab paid for his plane ticket in cash. He had only a small carry-on bag. And so on.

But still the intelligence “system” spread among who knows how many agencies, using who knows how many databases, and relying on international cooperation, failed to “connect the dots.” Well there are simply too many dots to connect using the current approach. Maybe we need to develop a technical approach that can somehow connect the dots for the analysts.  Perhaps I’m naïve, but it doesn’t seem too hard to do, despite all the existing impediments to intelligence sharing.
 
Let me state here that I know that true analysis cannot be automated and requires the human “minds eye.”  What I’m suggesting is that perhaps we can do more to help that analyst by using technology to connect dots – where it can. What about this?

1. Develop the analytical components:  The first step would be to break down the analytical framework into components. What are those identifiable elements that an analyst uses to determine if someone might constitute a true threat or be related to a true threat? For example, Abdulmattulab’s father’s warning is one piece of the puzzle. But equally as important to this analysis was the NSA intercept. It is important to work out all the relational components. I know this won’t be easy – in fact this, along with step two, are probably the most difficult tasks. It will have to involve participation by analysts from multiple intelligence agencies and then be vetted by multiple agencies.  And it will probably take some time to accomplish, but I think it can be done. These are smart, dedicated people who know their business. If they devote the time, they can do it.
2. Develop a value for the components: The next step would be to attach weights to each of those components. In other words, tag each component with a value.   In addition to weighting individual components, develop weights that would serve as “tipping points” to alert the appropriate people that the individual in question needs to be looked at much more closely. For example, the father’s warning might receive one value and the NSA intercept another. Independently they might not point to Abdulmattulab as a threat – but taken together, they become more important.  Note that I said “tipping points” – plural. There is not going to be one tipping point, but multiple points that should generate an alert.  Again, this is not an easy task and is something that will have to involve multiple people and agencies, but I think it can be done. 
3. Develop and implement an intelligence alert system: Finally, once those elements are determined, develop and pilot a “link analysis” type of system that will reach across all of the existing databases – classified or open – to aggregate and analyze  the data that might be related to a specific person or specific piece of intelligence.  With the technology that exists today, this shouldn’t be difficult to do despite the fact this will need to be a highly secured system. The harder part will be to develop the policies and procedures among all the relevant agencies to allow the system to reach into each agency’s database. I would think that the fact that a lot of this is supposed to be brought together at the National Counterterrorism Center should make this easier, but having no real knowledge about that system, I can’t state that for certain. In addition to domestic systems, there will have to be agreements hammered out with our international partners to enable this kind of information to be shared.

There you have it – that’s my idea.  Not being part of the intelligence community, I don’t know how much merit there is to it. But I thought I’d throw it out there for smarter and more experienced people to talk about.