LAPD on Predictive Policing; #OpBART and Cyber Intel

Posted on 17 August 2011 by


With The New York Times running a high-profile story on police analytics and predictive policing, analysts can expect questions from command staff about what the heck that actually is. An early draft of a 2009 predictive policing overview for the LAPD has been published on

The draft report gives some very basic information about the ins and outs of how that agency uses analytics, statistics and IT to drive its policing strategies.

The document, credited to former LAPD chief and current consultant Bill Bratton, John Morgan of the National Institute of Justice, and Sean Malinowski of the LAPD, contains almost nothing surprising, but is a great overview for departments asking the question, “Hey, what’s all this intelligence-led policing/predictive policing/take-our-heads-from-our-butts policing we’re hearing so much about?”

It gives a brief history of the shift from the age of Robert Peel to the introduction of the handheld radio, through UCRs to COMPSTAT and to the multi-input, regularly aggregated data stacks of big-city policing.

And it recognizes the point we yammer on about regularly, too:

Large police departments maintain dozens of databases. It is unusual to see these computer systems linked together to enable effective analysis. It is even more unlikely that other information sources, such as gunshot detection systems or dispatch systems, are linked into police analytical or fusion centers. Finally, police departments do not link their operations and information systems to other parts of the justice system or social services system. Thus, poor information sharing prevents good analysis and investigation. Even more troubling, poor information sharing can undermine efforts to intervene with individuals or neighborhoods to stop the cycle of violence. The best way to see the future and act appropriately is to have a complete picture of the current situation. Police must integrate their information and activities to enable situational awareness.

Amen, brothers. This is the part of technology that drives us bananas – everyone is inventing the box that solves all problems, which becomes yet another piece of isolated, siloed information which Is not being aggregated, let alone correlated by machines, let alone analyzed by humans with an understanding of how this data must be leveraged by law enforcement officers to actually, you know, sack-up bad guys and solve and even prevent crime.

The report articulates this as well:

What is critical is that police agencies develop and use good information and cutting-edge analysis to inform forward-thinking crime prevention. Predictive policing connects technology, management practices, real-time data analysis, problem-solving and information-led policing to lead to results—crime reduction, efficient police agencies, and modern and innovative policing.

For these reasons, the report is noteworthy and is certainly good fodder for internal discussion, reference and policy purposes.

Cyber Intelligence: Setting the Landscape for an Emerging Discipline
We’ve done a lot of talking about cyber intelligence, particularly in search, and now we see two important developments in that world. First, we’ll broach the topic of police intelligence when it comes to public demonstrations, and this brings us clearly into the arena of Anonymous and other criminal hacking groups and their relationships with the police.

The London riots of last week saw some extraordinary developments in the area of cyber intelligence, with rioters and looters using social media to plan and organize and police using social media to monitor the former. We will come back with some opinion as to just how the coppers were using social media soon – and some thoughts about the Londoners’ feelings towards law enforcement may have changed during and after the riots, but let’s just recognize that the fuzz was not just monitoring passively but in fact making moves to control social media – particularly the BlackBerry BBM network, but also Twitter.

As we pondered the civil liberty consequences of a police agency monitoring private messages and considering the cut off social media during the riots, many here in the states – including me on Twitter – started shouting at the tops of our lungs about the sanctity of freedom of communication and whaddaya think this is, Syria? kinds of statements.

Then we here in the states had to put our outraged finger down and close our mouths when it came out that not only had the Bay Area Rapid Transit Police thought about it, they cut off mobile phone service pre-emptively to stop would-be protesters from communicating. The protest never actually happened, but the shut-down – which BART first blamed on the cell providers and then stated it was caused by BART (whose spokespeople later clarified that this was accomplished by shutting down cellular repeaters) – raised civil liberty concerns right here in the US.

It is noteworthy that among the responses from groups like the Electronic Freedom Frontier and the American Civil Liberties Union, the criminal hackers at Anonymous immediately launched Operation #OpBart which launched attacks against BART and a police department website (the former succeeded in some low-hanging fruit, screwing BART customers and belying Anonymous’ stated intentions of hurting BART and not the people – it only hurt innocent civilians who ride BART). You can read the transcript of righteously puffy and self-serving interview with some Anonymous folks at the DemocracyNow website.

Which brings us to the second report of the day, from The Intelligence and National Security Alliance’s (INSA) Cyber Council. In Cyber Intelligence: Setting the Landscape for an Emerging Discipline, the authors set out some fundamental statements about “the cyber threat dynamic, [the] economic costs of cyber attacks and security, as well as the current US approach to cyber intelligence.”

This too is an excellent starting point and the document raises points which we have discussed several times – and which Dave Aitel raises in the presentation we mentioned last week (you’ve read it now, right? Right?). From Cyber Intelligence:

Attackers derive an advantage in preparing and executing an attack from their familiarity with the hardware and software the victim uses. The attacker can experiment and perfect an attack on the same commodity infrastructure his victim is likely to have. Part of the cost of using a cookie cutter computing platform has been to give attackers the blueprints to our infrastructure. These blueprints, combined with the complexity of the infrastructure that gives them a place to hide, are all they need. The software architecture is both intricately complex and relatively inexpensive, resulting in economies of scale that complicate cost metrics.

This can, of course, cut both ways. Knowledge is power.