Out of the Ordinary

PealkiriOut of the ordinary : finding hidden threats by analyzing unusual behavior / John Hollywood, Diane Snyder, Kenneth McKay, John Boon
IlmunudSanta Monica (Calif.) : RAND, 2004
ViideHollywood, John and Diane Synder, Kenneth McKay, John Boon 2004. Out of the ordinary: finding hidden threats by analyzing unusual behavior. Santa Monica: RAND.

This monograph presents a unique approach to "connecting the dots" in intelligence - selecting and assembling disparate pieces of information to produce a general understanding of a threat. Modeled after key thought processes used by successful and proactive problems solvers to identify potential threats, the schema described in this document identifies out-of-the-ordinary, atypical behavior that is potentially related to terror activity; seeks to understand the behavior by putting it into context; generates and tests hypotheses about what the atypical behavior might mean; and prioritizes the results, focusing analysts'attention on the most significant atypical findings. In addition to discussing the schema, this document describes a supporting conceptual architecture that dynamically tailors the analysis in response to discoveries about the observed behavior and presents specific techniques for identifying and analyzing out-of-the-ordinary information.
This is the first paragraph in the book, or rather in the preface of the book. I was drawn to it because connecting the dots in intelligence sounds like a semiotic process, even more that it concerns behaviour, albeit atypical and (possibly) related to terror activity (the RAND corporation who sponsored this book seems to be an offshoot of the 9/11 fear all Americans seem to possess, so it is ideologically directed towards the terrorism discourse). This is not of course the only reason to be at least slightly skeptical. This paragraph alone seems to be aimed at officials who want all the answers with as little fuzz as possible. "What behavior means" is a notoriously tough nut to crack and due to the lenght of this book I am quite sure it will not dwell on the philosophy of action this question would prohibit in other discourses. One should also be skeptical because of the notoriously ambiguous buzzwords used here, such as conceptual architecture and dynamically tailored analysis - that is the talk of a novice computer engineer.
Peer review is an integral part of all RAND research projects. Prior to publication, this document, as with all documents in the RAND monograph series, was subjected to a quality assurance process to ensure that the research meets several standards, including the following: The problem is well formulated; the research approach is well designed and well executed; the data and assumptions are sound; the findings are useful and advance knowledge; the implications and recommendations follow logically from the findings and are explained thorougly; the documentation is accurate, understandable, cogent, and temperate in tone; the research demonstrates understanding of related previous studies; and the research is relevant, objective, independent, and balanced. Peer review is conducted by research professionals who were not members of the project team.
This is The RAND Corporation Quality Assurance Process page. These standards seem important enough to merit thinking through later on in my own research. I marked in bold the standards I consider my own current research to fulfill.
When analyzing undertain and messy (i.e., real-world) data, time and situational pressures often force the analyst into making conclusions, despite great uncertainty as to whether the conclusions are true. (Hollywood et al 2004: xv)
This seems to hint at an abductive process, e.g. guessing, because under messy real-life conditions, the data itself is either disparate or ambiguous, warranting conclusions that rest on perhaps nothing more than gut feeling.
Generally, the solver does not examine every observation carefully but instead scans for out-of-the-ordinary or atypical signals that significantly deviate from the expected status quo. These signals range from defined precursors of a well-understood change in the environment to an entirely novel phenomenon whose meaning is unknown -except that it is in some way relevant to the task at hand. (Hollywood et al 2004: xvi)
This sounds fairly familiar: "it is the most infrequent words, phrases, gestures, and other signs which arrest our attention" (Cherry 1977: 15).
In the ASAP [Atypical Signal Analysis and Processing] schema, analysts have primary responsibility for actions to be taken in response to unusual phenomena that are brought to their attention because they have insights (knowledge of human behavior, for instance) that automated systems do not have. (Hollywood et al 2004: xx)
This simple remark is quite important, as any kind of TACS, unless it is omnicient in some technological sense, must rely on human knowledge on human behavior. A computer (automated) system can record (store data) and triangulate-calculate with ease, but it cannot point out that which merits human experience. In short, an automated system may be able to describe, but only tentatively explain.
We have emphasized the importance of detecting out-of-the-ordinary phenomena. A major requirement is understanding what constitutes "ordinary" and what types of behaviors are significant deviations from the ordinary. To make that judgment, one must first establish a baseline of ordinary patterns and behavior - canonical forms, as it were. (Hollywood et al 2004: 19)
This is the word that their first term status quo called to mind: baseline is a common notion in behavioural studies (establishing a baseline is sometimes marked as the first stage in nonverbal analysis). Although the focal behaviour of interest here are travel plans and financial transfers, there have been some marginal nonverbal behaviours described also: e.g. "signals potentially related to attack preparations such as target casing, training, clandestine communication ... videotaping security checkpoints and support beams of major attractions", although at the same conjuction "generic disorderly conduct" is dismissed (pp. xviii-xiv, footnotes).
We have identified seven major types of data entities as having meaning for threat assessment:
  • People. Everyone who might be involved in any attack, from terrorist group leaders to assistants to those directly involved in carrying out an attack.
  • Money. All accounts and funding streams that could enable an attack.
  • Material. All weapons, explosives, and other equipment that might be used to prepare or execute an attack.
  • Transportation. All vehicles that could be used to move people and material and all vehicles used directly in an attack.
  • Accommodation. All lodgings (apartments, hotels, etc.) used by people who might be involved in attack.
  • Sustenance. All consumption supplies, notably food and medicine, used by people who might be involved in an attack.
  • Communications. All channels used by people involved in an attack to exchange information. We include in the definition of channels both the people who are communicating with each other and what modes they are using (phone, email, personal meetings.
(Hollywood et al 2004: 27-28)
Board reports would be an especially important source of behavioral information. In a number of places in future chapters, we reference particular tpes of observed behavior as being important indicators of asymmetrical threats. As exmaples, we note how repeated videotaping of buildings at a level of detail virtually never done by tourists may indicate that people are casing those buildings. Similarly, we describe how people carrying around large numbers of cell hpones and pagers outisde of the buildings (so they can use each phone or pages only once, then discard it) may be members of terror groups planning an attack against the buildings. Such observations would enter ASAP through board posts from alert police and security guards; ASAP would not analyze hundreds of millions of cel-phone purchase records. (Hollywood et al 2004: 30)
These examples are vivid. And this also explains what is meant by casing behaviour.


Post a Comment