Published on June 24th, 2021 | by Kevin Isacks & Jonathan Fong
The metadata that surrounds the data payloads for lawful intelligence intercepts has become as important as the payload data itself. Location data, for example, can place a subject of interest at specific places and times to reveal personal habits and relationships while also broadening investigations by identifying the devices involved. As mobile traffic moves to 5G networks, the primary content in human-to-human communications will be encrypted, placing it beyond the reach of law enforcement. Likewise, new traffic types such as augmented/virtual reality and IoT are contributing to a shift to the machine-oriented digital markers that are generated as metadata.
Using metadata in an investigation represents a shift from focusing on more traditional evidence such as text messages or call records, to finding relationships between captured data. Metadata analytics are designed to stitch together data points such as a series of events associated with a specific International Mobile Equipment Identity (IMEI), its interconnections with others, and location data associated with those events. The best practices captured here provide insight for LEAs on how to enable that transitional focus.
Best Practice #1: Focus on the Schema that Structures the Metadata
A primary requirement to derive intelligence from lawfully intercepted metadata is to apply automation to categorize and tag an incoming torrent of unstructured data so that it can be indexed and warehoused for future reference. Applying a robust schema to intercepted metadata is central to being able to query against it effectively. Adding structure to the dataset also makes relationships between data points explicit, which is essential to interpret it effectively. Generating metrics can be used to quantify, measure, and compare the data to discover patterns and trends.
In more tangible terms, the lawful intelligence platform ingests data from a disconnected set of sources and applies a consistent taxonomy to it. For example, indexing provided by the schema can associate a given IMEI ID with information such as other devices or other IMEI ID it finds frequent contact with, where the device is physically located when those contacts occur, and IP addresses it frequently uses. This information can be used to build out and enrich a subject of interest’s profile with a detailed pattern of life.
The SS8 lawful intelligence platform provides the tools to rapidly and accurately onboard data with a solid, consistently applied schema to streamline the discovery of relationships and insights within data. It also performs real-time analysis on that data to provide investigators with urgent actionable intelligence.
Best Practice #2: Establish Back-End Systems to Optimize Data Quality
Metadata must be validated and normalized at the point of ingress to ensure quality. This validation must include rudimentary checks to ensure that data types are correct and consistent across sources, and that the values collected meet all criteria of the relevant data-field definitions. For example, IMEI IDs must be exactly 15 numeric digits, longitude/latitude pairs must define actual locations, and IMEI and serial number pairs must identify the same device. The schema for how metadata is captured in specific fields must be consistently applied to provide good data structure that can support accurate and efficient queries.
Normalizing data as part of the scrubbing process is essential to indexing it properly so that analytics can be run on it. For example, if multiple data sources use inconsistent field names for various types of metadata, the logic controlling the schema must accommodate that disparity. This ensures that fields are not incorrectly combined or separated for consistency of format across records. The SS8 lawful intelligence platform provides automated capabilities that help ensure clean, reliable data to power metadata analytics.
Best Practice #3: Define Clear Goals for Metadata Collection and Use
The universe of metadata that an LEA could potentially intercept and use in lawful intelligence is massive and varied, making decisions about what data to collect and what to do with it is critical. Faced with a collection of data that was selected without adequate planning, analysts may struggle to create an efficient and effective investigative methodology. If the metadata collection is too broad, it can obscure a clear path forward, while if it is too narrow, vital information will be missing that can hamper meaningful analysis.
An iterative approach to refining the specific data fields to be intercepted—using analysis followed up by court action to seek additional data—often comes at the expense of wasted analyst hours and extended duration for investigations. Those effects can reduce the number of cases cleared by an LEA organization, and it can also delay the collection of timely intelligence needed to prevent criminal acts and loss of life or property.
SS8 works with LEAs to identify specific metadata for a given, well-defined purpose that can be used to reconstruct a narrative around people, devices, and places of interest. Along with determining what metadata is needed, this process also includes developing queries that help translate it into intelligence to advance the investigation. By running those queries periodically, analysts can build cases based on how the results change over time.
SS8 Intellego XT provides the foundation for data fusion that is essential for LEAs to make effective use of lawfully intercepted metadata. It gives agency analysts the benefit of leading-edge data science without requiring them to be data scientists. At the point of metadata ingress, the platform identifies connections within the torrent of unstructured data from multiple disconnected sources and applies structured schemas to it that streamline analyst queries. Intellego XT also validates and normalizes the metadata to make it more reliable and consistent for optimum queries of intercepted data. SS8 solution specialists work with LEAs directly to implement best practices around the collection, handling, and interpretation of metadata, to maximize its utility in the fulfillment of their missions.
To learn more about turning metadata into actionable intelligence, visit the SS8 website.
About Kevin Isacks
Kevin joined SS8 in April of 2020 and brings with him more than 20 years of global technology experience in the communications field. Much of that time has been dedicated toward architecting and delivering voice-over-IP (VoIP) products. Prior to joining SS8, Kevin was the Vice President Edge Products at Ribbon Communications. However, Kevin spent a majority of his career with Network Equipment Technologies (NET), which was acquired by Sonus in 2012. At NET he served as the Chief Development Officer and continued on at Sonus for five additional years, leading the development and testing of Sonus hardware and software products. Kevin holds a Bachelors of Science in Electrical and Electronics Engineering from the University of Natal, South Africa.
About Jonathan Fong
Jonathan Fong started his Product Management career in 2017 when he helped design and build Workday’s accounting platform to provide insightful analysis for Workday Financials customers. Prior to working in Software Product Management, Jonathan held a variety of finance and accounting roles in many industries ranging from CPA firms to solar project development. Jonathan holds a bachelors degree in Economics from UC Berkeley.
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies. Their technology incorporates the methodologies discussed in this blog and the Xcipio® and Intellego® product portfolios are used worldwide for the capture, analysis and delivery of data for the purposes of criminal investigations.