What is Identity Intelligence?
A teenage girl is asked out on her first date. She is ecstatic. Her father is not, and immediately
works to find the boy’s Facebook page. Hundreds of pictures and dozens of “Likes” on the
boy’s profile paint a story of his character and the situations the girl may find herself in. The
story is further clarified by studying profiles of the boy’s close friends. Google Earth provides
satellite images of the boy’s neighborhood and house – “great, he’s got a hot tub and a sports
car,” the father thinks. Google Street View shows that the house doesn’t have a lot of doors to
Familial links on Facebook provided the names of the boy’s parents. A quick check of LinkedIn
provides information on the parents’ jobs and how long they have been at the same employer.
LinkedIn also lists three individuals that he and the boy’s father have in common, including one
that he knows will provide him personal insight. Court records are clean, but the state’s sex
offender registry includes someone that lives four
houses down. He starts to search LexisNexis but
thinks better of it when he has to pay to see the results
– “I don’t want to be creepy,” he thinks.
Armed with information in hand, the father consents to
his daughter’s date but subjects her to a pre-date
orientation where he discusses every possible situation
that his research showed was possible. Possible
actions for each are recommended, and consequences
discussed. A post-date review is planned where
permission for future dates will be determined.
In this example, which surely occurs regularly, the
father used multiple sources to identify the boy and his associates, and to paint a picture of the
boy’s intentions and his available means. This information, in turn, enabled him to make an
informed decision on what action he should take.
Now consider an alternative example where the subjects are overseas terrorists instead of
innocent teenagers, the concerned father are federal agents, the sports car and hot tub are
replaced with weapons of mass destruction, and websites are replaced with intelligence assets.
The final assessment is then changed to federal agents using multiple sources to identify
terrorists and their associates, to paint a picture of their intentions and available means, and
developing informed decisions on which actions they should take. This is the new field of
“Sasha and Malia are huge fans,
but boys, don't get any ideas.
Two words for you: predator
drones. You will never see it
-- President Obama to the Jonas
Brothers at the 2010 White House
Correspondents Association Dinner
What is Identity Intelligence?
Identity Intelligence (I2) is a critical enabler across a variety of U.S. Government missions, such
as strategic and tactical intelligence, counterintelligence, law enforcement, and homeland
security. Through the collection, analysis, exploitation, and management of identity information1
and associated attributes across multiple encounters, I2 provides an all-source capability to
definitively establish and track identities and activities of foreign persons of interest, as well as
to protect, manage, and safeguard our own forces’ true identities and aliases.
Joint Publication 2-0, titled Joint Intelligence defines I2 as “The intelligence resulting from the
processing of identity attributes concerning individuals, groups, networks, or populations of
interest”. Additionally, Joint Publication 2-0 now identifies I2 as an intelligence production
“I2 results from the fusion of identity attributes (biologic, biographic, behavioral, and reputational
information related to individuals) and other information and intelligence associated with those
attributes collected across all intelligence disciplines. I2 utilizes enabling intelligence activities, like
biometrics-enabled intelligence (BEI), forensics enabled intelligence (FEI), and document and media
exploitation (DOMEX), to discover the existence of unknown potential threat actors by connecting
individuals to other persons, places, events, or materials, analyzing patterns of life, and
characterizing their level of potential threats to US interests.”
Operationally, I2 consists two fundamental components:
Identity discovery (or Identity resolution) – the actions taken to gain knowledge of an
identity to enable recognition and determination of who or what he, she, or it is.
Identity protection – the actions taken to protect identity information and the systems on
which they reside
Why is I2 important?
While conventional (nation vs. nation) warfare was the major focus for the United States’
defense and intelligence activities in the 20th
century, their focus has understandably changed in
century as asymmetric threats have become much more likely. The root cause of this
transition is twofold: nation-states that want to harm the U.S. but realize success in a
conventional war would not be feasible, and the rise of non-state actors such as Al Q’aeda.
This change means that our most likely and severe threats (as well as our trusted allies) are no
longer found in groups that wear the same color uniform and have a nationalistic chain of
command, but in small pockets of individuals that work mostly autonomously and are difficult for
us to identify because they blend into their local populace. This changing threat also coincides
with a shrinking world, as nations are no longer protected by vast oceans and rigid land borders.
Identity information typically includes a combination of biometric, biographic and contextual data. It is not
always linked to a specific individual. For example, a phone number that a terrorist repeatedly calls may not be
linked to an individual, but is still a valuable piece of identity intelligence.
Within a day’s time, an unknown terrorist can leave his Mid-East safe haven and be onsite at his
target in the United States. Threats within the cyber domain operate even faster, as harm can
be inflicted within milliseconds from anywhere in the world. Our nation’s screening and
protection systems rely upon I2 to guide their activities and to provide them information and
targets to look for. Without this I2 information, these systems would only be able to screen
against prior threats.
Although I2 is already critically relied upon throughout many different domains, it remains a
nascent concept with many issues that need to be addressed. Privacy is one such example,
even though our national security and intelligence communities work overseas and therefore
focus on non-U.S. citizens. But what happens when American citizens, such as Anwar al-Aulaqi
or John Walker Lindh, are overseas and helping terrorists, and I2 information about them is
gathered? What privacy protections must they be legally granted, and what steps must our
intelligence personnel take so that this valuable information can legally be used to keep the rest
of the country safe? Other countries also have privacy rights for their citizens that they will want
the U.S. to follow until adjudicated – how will the intelligence community keep all of these
variances straight when dealing with real-time threat information?
Another I2 issue is one that many other fields face: data overload. The sheer volume of who
this community needs to identify and “know” in today’s global environment is greater than the
community can handle via traditional methods. This data is itself a subset of the data available
on the worldwide population, which the community must comb through to find the bad guys
while simultaneously ignoring the data on the good guys. This is the proverbial “needle in a
haystack” problem – except the needle is incredibly important information to find while the hay
cannot be used or disturbed. The development and utilization of assistive technical tools shows
extreme promise in this regard, but will take significant effort to be optimally integrated into
A third I2 issue is the interactions across today’s identity systems, which creates seemingly
contrasting concerns. On one hand, most identity systems do not exist in a vacuum, as they
rely upon other identity systems for their information and to support decision making. In this
regard, inaccurate information (no matter if it is miskeyed by a well-meaning analyst or
surreptitiously planted by an adversary) can promulgate across multiple identity activities. An
intelligence analyst may view the same incorrect information in multiple locations and assume
that it is true. On the other hand, there is no master identity database for the worldwide
population. This not only leads to conflicting information, but also various approaches of
referring to information. For example, consider that there is no universally accepted standard
for transliterating Arabic names into English. One database may list an individual as “Usama
bin Laden” while another lists him as “Osama bin Mohammed bin Awad bin Laden”. Similarly,
while it is common in the U.S. to list a name as Given and then Family (Duane Blackburn),
many other cultures refer to individuals’ name as Family and then Given (Blackburn Duane).
Variances such as these create confusion in I2 databases and applications, which can take
considerable effort to address.
Identity intelligence will soon become one of the most critical tools within the national security
infrastructure, even though it is still a very nascent concept. A limited capability relying on the I2
subset of latent fingerprints, which was the major factor in bringing the IED threat in Iraq under
control, foreshadows its broader utility. The I2 community will need to rapidly mature, in
collections, technology, policy, and oversight, in order to handle tomorrow’s national security