As the scope of digital information generated by subjects and devices of interest continues to grow, law enforcement agencies (LEAs) must evolve their techniques for transforming vast databases of raw information into evidence. Large sets of lawful intercept data must be combined with other data sources such as open-source intelligence (OSINT), vehicle registration data, bank records, and more. To draw timely insight from these large, complex, siloed datasets, investigators must leverage advanced data fusion and monitoring tools to reveal relationships between data points that would otherwise be difficult to detect.
While data-driven investigative techniques are part of every agency’s modern toolkit, they require specialized expertise. Training on both best practices and advanced use of the tools is an ongoing, potentially costly requirement, and these skills are inevitably more developed in some personnel than others, meaning there are two challenges to the broader LEA mission. First, tools and techniques must be straightforward and robust so investigators can rapidly adopt them for advanced investigative analysis and maximize value. Second, there must be a methodology for advanced users to easily share their expertise and analyses with others. Solutions that meet these requirements put an LEA in position to discover meaningful intelligence in a sea of unrelated data quickly and reliably
Identifying Data Sources in a Changing Landscape
The first step in evolving lawful intelligence gathering for today’s data-centric world is to identify what’s available. Subjects may use a wide range of mobile applications that change over time, and individual apps may change what data they use and how. The number of potential data sources far exceeds the most common communication channels and social media as well. For example, dating platforms often reveal the user’s location, providing a trove of information to help investigators determine where a subject has been and where they are going at a given time.
In this case, such information is offered as an intentional feature of the application, but it sometimes becomes available through an unintentional data breach. In either case, the rapid cadence of modern software development, updates, and patches can result in sudden increases or decreases in the scope of information accessible to LEAs. Some apps may also transmit valuable data even when not in use. Investigations must be responsive to the dynamic nature of modern data flows and be ready to take advantage of changes as they occur.
Identifying available location and other information from devices of interest must also be automated to ensure the accuracy and efficiency of the process. Active, custom query capabilities should be supplemented by systematic data monitoring processes that push new information to investigators rather than requiring them to seek it out. A common example of MetaHub’s ability to capitalize on the ebbs and flows of communications data is its ability to automatically scan multiple data sources. For example, MetaHub can scan for a source IP address and a specific port used by a mobile app and search the content URL for the character strings “LAT” and “LONG” – corresponding to latitude and longitude – to determine a user’s location and notify the analyst.
Sophisticated Querying to Gather Key Intelligence
To take full advantage of this shifting, multi-modal data, however, LEAs also require a platform with an intelligent query language supporting regular expressions as well as complicated joins between data and systems, enabling them to intentionally drill into data to follow patterns or anomalies. SS8’s MetaHub provides LEAs with these capabilities so they can build operations that track data streams from many different sources. Power users can even create queries and make them available to all investigators, who can then apply them to multiple subjects or devices of interest. Similarly, a power user can monitor all available queries from a single dashboard and select individual ones for further analysis. This approach helps extend the value of in-house expertise to enhance overall efficiency and effectiveness, optimizing the LEA’s investment.
Individual queries are instantiated in SS8’s Intellego XT lawful intelligence environment as reusable “cards” that can be arranged into monitoring dashboards within MetaHub’s simple interface. The dashboards present all the relevant data visually, so investigators don’t need to identify individual relationships manually, and can be created by the user that build the queries or by other team members. Each one tracks and visualizes the outputs from the included queries, which are automatically updated in real-time, offloading those tasks from investigators.
MetaHub monitoring dashboard showcasing the number of hits vs specific query criteria in a targeted data set.
MetaHub can ingest data from a range of sources, in various data structures such as comma separated values (CSV), JSON, XML, and others. The platform is easy to use, allowing the LEA to extend its value, but it is also backed by SS8’s more than two decades of lawful intelligence experience and customer support. It helps users easily identify “needle in a haystack” data points and drill down into their details, while also providing the flexibility to easily extend this approach to new data sources like AI virtual assistants and gaming devices. Using MetaHub, LEAs fuse conventional lawful interception sources with the full spectrum of data available in today’s digital world for a comprehensive analysis of all relevant data that builds insights and advances investigations rapidly.
About Simon Patten
Simon joined SS8 following a 30-year career with British Telecommunications Plc in the UK. For the majority of this time, Simon held senior sales and general management positions working with the defense, security and law enforcement agencies. He led teams selling and delivering a diverse range of solutions, including major national and international networks, computer network defense, and other security-based capabilities. Simon holds a BA in Business Studies and gained his MSC as a Sloan Fellow of the London Business School. You can view his LinkedIn profile here.
About SS8 Networks
SS8, a network intelligence company, provides solutions to help customers quickly identify, track, and investigate devices and subjects of interest. SS8 is trusted by six of the largest intelligence agencies, eight of the fourteen largest communications providers and five of the largest systems integrators.