Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What is I2 Final-Approved

768 views

Published on

  • Be the first to comment

What is I2 Final-Approved

  1. 1. What is Identity Intelligence? Duane Blackburn Charlottesville, VA August 2013 Approved for Public Release; Distribution Unlimited. 13-2977
  2. 2. Sponsor: Department of Defense MITRE Department: J66C Statement of fact, opinion, and/or analysis expressed in the paper are those of the author and do not reflect the official policy or position of the Department of Defense or any U.S. Government agency. The views, opinions and/or findings contained in this report are those of The MITRE Corporation and should not be construed as an official government position, policy, or decision, unless designated by other documentation. MITRE cleared for public release, case # 13-2977. © 2013 The MITRE Corporation. All rights reserved.
  3. 3. What is Identity Intelligence? Introduction A teenage girl is asked out on her first date. She is ecstatic. Her father is not, and immediately works to find the boy’s Facebook page. Hundreds of pictures and dozens of “Likes” on the boy’s profile paint a story of his character and the situations the girl may find herself in. The story is further clarified by studying profiles of the boy’s close friends. Google Earth provides satellite images of the boy’s neighborhood and house – “great, he’s got a hot tub and a sports car,” the father thinks. Google Street View shows that the house doesn’t have a lot of doors to escape from. Familial links on Facebook provided the names of the boy’s parents. A quick check of LinkedIn provides information on the parents’ jobs and how long they have been at the same employer. LinkedIn also lists three individuals that he and the boy’s father have in common, including one that he knows will provide him personal insight. Court records are clean, but the state’s sex offender registry includes someone that lives four houses down. He starts to search LexisNexis but thinks better of it when he has to pay to see the results – “I don’t want to be creepy,” he thinks. Armed with information in hand, the father consents to his daughter’s date but subjects her to a pre-date orientation where he discusses every possible situation that his research showed was possible. Possible actions for each are recommended, and consequences discussed. A post-date review is planned where permission for future dates will be determined. In this example, which surely occurs regularly, the father used multiple sources to identify the boy and his associates, and to paint a picture of the boy’s intentions and his available means. This information, in turn, enabled him to make an informed decision on what action he should take. Now consider an alternative example where the subjects are overseas terrorists instead of innocent teenagers, the concerned father are federal agents, the sports car and hot tub are replaced with weapons of mass destruction, and websites are replaced with intelligence assets. The final assessment is then changed to federal agents using multiple sources to identify terrorists and their associates, to paint a picture of their intentions and available means, and developing informed decisions on which actions they should take. This is the new field of identity intelligence. “Sasha and Malia are huge fans, but boys, don't get any ideas. Two words for you: predator drones. You will never see it coming." -- President Obama to the Jonas Brothers at the 2010 White House Correspondents Association Dinner
  4. 4. What is Identity Intelligence? Identity Intelligence (I2) is a critical enabler across a variety of U.S. Government missions, such as strategic and tactical intelligence, counterintelligence, law enforcement, and homeland security. Through the collection, analysis, exploitation, and management of identity information1 and associated attributes across multiple encounters, I2 provides an all-source capability to definitively establish and track identities and activities of foreign persons of interest, as well as to protect, manage, and safeguard our own forces’ true identities and aliases. Joint Publication 2-0, titled Joint Intelligence defines I2 as “The intelligence resulting from the processing of identity attributes concerning individuals, groups, networks, or populations of interest”. Additionally, Joint Publication 2-0 now identifies I2 as an intelligence production category” “I2 results from the fusion of identity attributes (biologic, biographic, behavioral, and reputational information related to individuals) and other information and intelligence associated with those attributes collected across all intelligence disciplines. I2 utilizes enabling intelligence activities, like biometrics-enabled intelligence (BEI), forensics enabled intelligence (FEI), and document and media exploitation (DOMEX), to discover the existence of unknown potential threat actors by connecting individuals to other persons, places, events, or materials, analyzing patterns of life, and characterizing their level of potential threats to US interests.” Operationally, I2 consists two fundamental components:  Identity discovery (or Identity resolution) – the actions taken to gain knowledge of an identity to enable recognition and determination of who or what he, she, or it is.  Identity protection – the actions taken to protect identity information and the systems on which they reside Why is I2 important? While conventional (nation vs. nation) warfare was the major focus for the United States’ defense and intelligence activities in the 20th century, their focus has understandably changed in the 21st century as asymmetric threats have become much more likely. The root cause of this transition is twofold: nation-states that want to harm the U.S. but realize success in a conventional war would not be feasible, and the rise of non-state actors such as Al Q’aeda. This change means that our most likely and severe threats (as well as our trusted allies) are no longer found in groups that wear the same color uniform and have a nationalistic chain of command, but in small pockets of individuals that work mostly autonomously and are difficult for us to identify because they blend into their local populace. This changing threat also coincides with a shrinking world, as nations are no longer protected by vast oceans and rigid land borders. 1 Identity information typically includes a combination of biometric, biographic and contextual data. It is not always linked to a specific individual. For example, a phone number that a terrorist repeatedly calls may not be linked to an individual, but is still a valuable piece of identity intelligence.
  5. 5. Within a day’s time, an unknown terrorist can leave his Mid-East safe haven and be onsite at his target in the United States. Threats within the cyber domain operate even faster, as harm can be inflicted within milliseconds from anywhere in the world. Our nation’s screening and protection systems rely upon I2 to guide their activities and to provide them information and targets to look for. Without this I2 information, these systems would only be able to screen against prior threats. I2 issues Although I2 is already critically relied upon throughout many different domains, it remains a nascent concept with many issues that need to be addressed. Privacy is one such example, even though our national security and intelligence communities work overseas and therefore focus on non-U.S. citizens. But what happens when American citizens, such as Anwar al-Aulaqi or John Walker Lindh, are overseas and helping terrorists, and I2 information about them is gathered? What privacy protections must they be legally granted, and what steps must our intelligence personnel take so that this valuable information can legally be used to keep the rest of the country safe? Other countries also have privacy rights for their citizens that they will want the U.S. to follow until adjudicated – how will the intelligence community keep all of these variances straight when dealing with real-time threat information? Another I2 issue is one that many other fields face: data overload. The sheer volume of who this community needs to identify and “know” in today’s global environment is greater than the community can handle via traditional methods. This data is itself a subset of the data available on the worldwide population, which the community must comb through to find the bad guys while simultaneously ignoring the data on the good guys. This is the proverbial “needle in a haystack” problem – except the needle is incredibly important information to find while the hay cannot be used or disturbed. The development and utilization of assistive technical tools shows extreme promise in this regard, but will take significant effort to be optimally integrated into intelligence processes. A third I2 issue is the interactions across today’s identity systems, which creates seemingly contrasting concerns. On one hand, most identity systems do not exist in a vacuum, as they rely upon other identity systems for their information and to support decision making. In this regard, inaccurate information (no matter if it is miskeyed by a well-meaning analyst or surreptitiously planted by an adversary) can promulgate across multiple identity activities. An intelligence analyst may view the same incorrect information in multiple locations and assume that it is true. On the other hand, there is no master identity database for the worldwide population. This not only leads to conflicting information, but also various approaches of referring to information. For example, consider that there is no universally accepted standard for transliterating Arabic names into English. One database may list an individual as “Usama bin Laden” while another lists him as “Osama bin Mohammed bin Awad bin Laden”. Similarly, while it is common in the U.S. to list a name as Given and then Family (Duane Blackburn), many other cultures refer to individuals’ name as Family and then Given (Blackburn Duane).
  6. 6. Variances such as these create confusion in I2 databases and applications, which can take considerable effort to address. Conclusion Identity intelligence will soon become one of the most critical tools within the national security infrastructure, even though it is still a very nascent concept. A limited capability relying on the I2 subset of latent fingerprints, which was the major factor in bringing the IED threat in Iraq under control, foreshadows its broader utility. The I2 community will need to rapidly mature, in collections, technology, policy, and oversight, in order to handle tomorrow’s national security requirements.

×