The New Realities of Critical Incident Response

Part Four of a Four-part Series: Recommendations to the FBI and Law Enforcement

Over the course of the first three parts to this series I have documented several of the most prominent changes (connectivity, new forms of social capital and crowdsourcing) to responding to critical events over the past decade. This posting is dedicated to providing solutions to solving some of the problems discussed or harnessing the power of these new changes. I would recommend reading the first three parts first if you have not already done so and they are available here:

Recommendations for the FBI and Law Enforcement When Responding to the Next Terrorist Attack:

We had to address information technology in the ways we had not before and give the agents the tools that they need to do their job more efficiently and more expeditiously. –Robert Mueller, Director, FBI on responding to the Boston bombings

The new level of cellular and WiFi connectivity, the new concept of social capital, and the ever increasing level of citizen involvement in the investigation and response to a critical event has rendered the previous standard and method of responding to critical events obsolete and perhaps counterproductive. The idea of only throwing people and equipment at a problem is no longer an acceptable template.

All three of the above mentioned factors not only present problems but also possibilities if planned for, harnessed, and managed effectively.

Exploit connectivity with those in the crisis zone:

In previous critical incidents or natural disasters, the time lag between the event happening and information about the situation on the ground being collected was often hours or days. At present, information can begin coming in while the event is still taking place. Disaster preparedness and relief agencies are starting to harness the upsides to this immediate feedback. FEMA Director Craig Fugate testified that even while the infrastructure in Haiti was decimated after the 2010 earthquake, the cellular towers bounced back almost immediately and this allowed relief organizations to collect first hand knowledge from victims and direct the resources to where they were needed most urgently.

In each field office, the FBI should have the necessary technology and procedures in place to immediately identify active mobile devices in the immediate area around a critical event. This technology is already being used by a myriad of advertising agencies to effectively target consumers apt to visit stores or purchase services in their area of travel. By developing a standardized form to distribute to mobile devices through both cellular towers and WiFi systems, if available, in the area of a known or suspected attack, critical information to understand the type and scale of the attack can be collected at the earliest possible time.

Effective Use of Twitter:

The FBI should learn use the both aspects of Twitter: Information sent directly to the FBI via tweets and real time monitoring of tweets emanating from a crisis site. As the investigation in Boston proved, witnesses will use a variety of social media sites to provide information to support investigative efforts. However, Twitter provides the best platform for real-time monitoring since the time required to create and send a tweet is only seconds and, more importantly due to the number of people trying to use mobile devices at the time of a crisis, a tweet only requires a small amount of bandwidth to send out the 140 character or less message. More graphic intensive applications, such as Facebook, Youtube or Instagram, are useful for posting images or videos but these applications that require higher bandwidth will likely not be available during or immediately following a crisis event. This was evidenced immediately following the 2011 minor earthquake around Washington, D.C. that overloaded one of the most robust cellular networks in the U.S. and left any communication other that text messaging nearly impossible.

Additionally, Twitter is completely available to the public. Anyone can freely use the real-time analytics provided directly from Twitter that allows you to search for tweets by geographic area or key words. Upon initial notification of an attack, the FBI should respond both locally and at the headquarters-level by immediately monitoring all tweets sent to the FBI’s Twitter account along with real-time monitoring of all tweets emanating from the area surrounding the suspected attack site. Again, because Twitter has always made information from tweets public this change of policy would not require a Privacy Impact Assessment as is required for federal agencies collecting personally identifiable information. (PII).

To respond and plan for a response as the events on the ground begin to take shape, the CIRG should, again, create the needed infrastructure to steal a trick from disaster relief agencies and use algorithms and filtering techniques developed for relief efforts to determine Twitter accounts that are known to be on the ground of a crisis. Due to rampant re-tweeting and fabricating of information, it is very tough to determine which tweets being sent with keywords are actually on scene and able to provide credible information. Sorting through the noise to get to the signal is a tough task but one that researchers have worked diligently to master. Using application programming interfaces (API) developed by social scientists, the FBI would be able to determine which provider is giving useful authentic information and which are not. This is a critical task the FBI must master since research has shown that less than a quarter of percent of all tweets claiming to be from a crisis site are actually from the scene.

Multi-modal Filtering of Information Provided via Social Media[8]:

In the first hour after releasing the high-quality photos of the suspected bombers, the FBI received approximately 300,000 tips per minute through online submissions such as Facebook, Twitter, text and email. Even with an effective plan to harness all the local law enforcement resources in the affected region and tap into available FBI resources nationwide, there is no way this number of potential leads can be efficiently processed in a singular manner. The aforementioned real-time analytics provided by Twitter will allow for the sorting of tweets based on number of times a common word is used (i.e. if you have a 1000 tweets claiming to identify the subject, the program can determine if 50 tweets all identify the same person). This grouping of the most frequent subjects can help point resources towards the most useful information and also reduce redundant labor by keeping all 50 leads from being worked singularly. This process can easily be run within each field office but a more robust national-level system should be based in at CJIS and be leveraged during times of large-scale events.

The more advanced model that the FBI should pursue and make a national-level asset is a multi-modal social media filtering system. Returning to our 1000 tweet example, it is significant that 50 tweets identified one individual. However, as discussed earlier, re-tweeting and fabrication of information on Twitter is a common problem. To counter this issue, a multi-modal system should be created that can immediately cross-reference information provided to the FBI through all electronic means (Facebook, FBI.gov, email accounts, text messages). Based on this cross-referencing of all platforms, a lead of 50 tweets all saying the exact same message would be ranked lower in importance that a lead supported by 10 tweets, 3 emails, and 20 text messages.

While there are similar multi-modal systems devoted to intelligence collection and production,there is currently no system available that can assimilate and cross reference all electronic platforms on which law enforcement agencies currently work. This is a key area that the FBI should research and explore for development. The federal government is the only law enforcement level with the funding and expertise to develop and field a system of this size and scope. Additionally, this FBI system would be available to every police department through the local FBI office or CIRG response assets during a terrorist event.

Create FBI crowdsourcing:

As described in the Boston bombing study, the investigation quickly became a race with the private citizen online community. Hundreds if not thousands of online investigators were trying to break the case open. The response by the FBI through CIRG has traditionally been to send personnel to the field office affected by the crisis and this is where the majority of the investigative “horsepower” was derived. However, in Boston as in the Beltway shootings, tip lines were established and calls were answered both locally and at the West Virginia-based CJIS. This concept needs to be greatly expanded.

At the inception of the investigation when the request for any photos or video relevant to the attack went out, an immediate technological choke point was created. Photos and videos were nearly overwhelming the FBI.gov website and the boston@ic.fbi.gov email account. To counter this problem, processing power was moved from other FBI resources and even public universities to augment the effort. This effectively moved the choke point from the technology side to the personnel side.

As discussed earlier, prior to 1994, the response to every response revolved around the city in which the event to place. The new standard procedure should call for resources to be built out nationally. The FBI should spread load their human intelligence task response to crisis events. In 2002, the sniper case riveted the nation but the work of the FBI continued unchanged in most other offices outside the DC metro area. That was likely due to the inability of the 54 other un-affected field offices to significantly contribute to the investigative effort. That is no longer the case. There is no reason an FBI Agent in Los Angeles or Anchorage can’t look through hundreds of photos or videos taken around a crisis site in New York or Miami. Cloud-based computing makes it possible for a central authority to command the efforts of hundreds of agents and analysts around the country to bring about a desired outcome.

The FBI will be judged on their ability to quickly investigate and swiftly apprehend the perpreators of a future terrorist attack. To ensure the FBI is up to the task, it should devote as many resources as possible toward human intelligence tasks and capitalize on the power of crowdsourcing within the FBI.