Threats to society are evolving at an unprecedented rate. Globally, ideological extremism and geopolitical instability are driving increased threats of violent political crime and terrorism. At the same time, investigations are complicated by growing digital complexity. Over-the-top (OTT) channels such as WhatsApp and other messaging platforms continue to proliferate—with many designed explicitly for anonymity—and message content is almost universally encrypted.
In addition to the technological challenges facing law enforcement and intelligence communities, it is often difficult to justify warrants for lawful interception and other restricted information before a terrorist act is actually committed. Preventing terrorism and mass casualties in the absence of full data visibility requires novel investigative methods. The focus must increasingly be on identifying and combining digital breadcrumbs that reveal clues and generate evidence.
Revealing Hidden Communications
Terrorists and other criminals often adapt legitimate technologies to obscure their communications and identities, whether obfuscating them with VPNs and proxies or using the chat, voice, and video channels in online gaming networks to escape notice. Such approaches must be matched by evolving law-enforcement techniques.
Encrypted messages generated by OTT communication platforms may be hidden within larger communication data streams and escape notice by investigators. The SS8 lawful intelligence platform can perform deep packet inspection on these flows to identify IP addresses as well as protocols and other characteristics that differentiate OTT communications from other types of traffic, drawing investigators’ attention to the most important information and helping advance cases that might otherwise stall.
Terrorists and bad actors have devised other methods of hiding their communications that go beyond the scope of traffic analysis. For example, one party may log into a web email account and leave a message in the Drafts folder. Others can then log in and read the message, without it ever actually being sent. With all browser traffic to the mail server encrypted, this communication would not be detectable using deep packet inspection or related means.
One mechanism to address that scenario, and others, is internet connection records (ICRs), which capture connection details between clients and services. Investigators can use ICRs to detect anomalies such as access to a webmail account from multiple distant locations, which raises suspicion. They can combine that insight with other clues to advance investigations, including subpoenaing further information from the service provider. Regulatory activity such as the UK Investigatory Powers Act, which requires communication service providers to retain ICRs for up to 12 months, helps advance such insights, although further legislation is needed globally.
Investigative Readiness with Passive Location Intelligence
Authorities in many countries are implementing passive location technologies to better aid investigators. Mobile network operators (MNOs) constantly measure the signal strength from base stations to handsets to optimize user experience by connecting them to the best cell tower. MNOs store those measurements in radio access network (RAN) logs to manage the balance between infrastructure investment and quality of subscriber experience.
The SS8 platform can, with proper warrants or other authorization, examine RAN logs to identify who was in a given place at the time of a critical event such as a terrorist attack. Building on that information with additional location intelligence and other insights can narrow the field of suspects. This bulk passive location intelligence collected in this manner is protected in most jurisdictions, requiring probable cause before investigators can access it and preserving the privacy of the general public while also protecting society.
Passive location technology can also help prevent terrorist acts before they occur, reducing the potential for mass casualties or damage to critical infrastructure. Passive measures help build the evidence pool that supports the authorization of active, real-time location tracking of a target, which in turn reveals specific patterns of life that help law enforcement understand subjects’ activities and associations.
Another use of passive location is geofencing, which enables the monitoring and protection of geographic areas of interest such as power facilities or seats of government. Investigators can be alerted to activity within the geofence in real-time using a tripwire effect or review stored data after an event of interest to see who entered or exited the area at a particular time. This capability is widely used for border security use cases, such as detecting large gatherings near a border at unexpected locations or times. SS8 location intelligence provides the basis for such monitoring and analysis within the broader investigative platform.
Increased visibility into the digital evidence of potential terrorist activity will grow in importance as technology progresses. The coming years will bring fleets of drones and self-driving cars that could be used for crimes such as delivering explosives to crowded events. Other, unidentified threats are sure to emerge. Lawful and location intelligence must advance in parallel with these developments to provide the countermeasures needed to protect society.
About Dr. Cemal Dikmen
As SS8’s CTO, Cemal plays an integral role in the company’s strategic direction, development, and future growth. A renowned expert and thought leader in the legal compliance and communications analysis domain, he has been a frequent speaker at various industry conferences over the past 10 years. Cemal holds BS, MS, and PhD degrees in Electrical Engineering. You can learn more about Cemal on his LinkedIn profile by clicking here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.
