An Interview with Jerry Lucas
Traditional online and business intelligence conferences appeal to a broad cross section of the professional community. One can find consultants, young PhDs pitching their “breakthrough” methods, and large companies like IBM, Oracle, SAS, SAP, and many others. Each of these mainstream conferences can be guaranteed to deliver bland product reviews and health dollops of hair gel marketing.
Not surprisingly professionals engaged in governmental security, law enforcement, and other types of specialized work stay home. Several years ago, I learned about a conference which was focused on the needs of the professional intelligence officer. The approach was a 180 degree flip from the traditional business intelligence conference.
First, there were sessions which required special registration and verification that the attendee was a law enforcement of intelligence professional. Second, there were sessions which were heavy on case examples and the detail that makes up much of the professional investigator’s daily routine. Third, after completing certain sequences of lectures, the attendees received a certificate which made clear what content was covered and what the attendee attention imparted.
In short, the “pay for play”, sponsored breakfast, and death-by-PowerPoint approach was not encouraged. Even the exhibits focused on what products actually did in the field. The type of canned demonstrations of streaming video, never-fail content management systems, and the silly search demonstrations of “summits” and “international” events were absent.
I was able to interview Dr. Jerry Lucas, an expert in several telecommunications niches, about his unique approach to serving the needs of the “intelligence professional.” His conferences are held in the US, the Middle East, and elsewhere. Unlike the “gasping for air” events, his programs throb with activity. I spoke with him in early November 2011.
The full text of the interview appears below.
Since you started running Intelligence Support Systems or ISS World Conference and Exhibition Programs nine years ago, what has been the most dramatic shift in accessing electronic information from telecommunications networks (wire line, wireless and the Internet) for law enforcement and the government intelligence community?
In a word--volume. Nine years ago intelligence professionals and law enforcement organizations received intercepted voice calls from telecom operators circuit switched network at kilobit per second rates and E-mail messages from Internet Service Providers with kilobyte message sizes.
Today intercept and handoff needs to be done at 100’s of megabits per second rates. For example, that is a minimum of a five orders of magnitude increase in traffic volume. Add to this the multimedia, peer-to-peer messaging, and we are gigabit levels and beyond. Twitter did not exist nine years ago and today there are more than 200 million tweets per day.
Are there other factors contributing to the “big data” challenge?
Yes, the challenge is more than traffic volume. It’s also the volume of applications. Apple iPhone apps by end 2010 numbered 300,000 or so, and these bring new types of interaction to the table.
And it’s also the volume of identities a person may have. It takes 15 minutes or less to create a new cyber space identity. A bad guy can use a new identity for every communications event. And it’s also volume of communications service providers. Nine years ago you had a relatively few phone companies and ISPs in a given geographic market.
Today you have next-generation portals like Google, social networks like Facebook, virtual worlds like Second Life, peer-to-peer voice and video conferencing like Microsoft’s Skype, and voice broadband providers like Vonage). Bad guys have more options than ever before, and these individuals choose from thousands of communication provider options.
That’s a major shift from a few years ago.
What is your view of the challenges flows of digital information pose to government professionals working in law enforcement or the intelligence community?
In addition to volume challenge, let me highlight two others I find interesting.
First and foremost are the lack of updated laws creating new lawful interception mandates. In the US the last technical mandate law passed by Congress was the Communications Assistance for Law Enforcement Act. CALEA was passed in 1994 and enacted in 1995. The key players providing today’s communication services used by bad guys—specifically, Apple, Facebook, Google, Second Life, Skype, etc.--are not covered by CALEA mandates nor any other interception assistance laws. These companies have to respond to court orders but these companies don’t have to deploy any infrastructure features to assist law enforcement. I think this is a challenge which must be resolved.
A second big challenge law enforcement and intelligence professionals is the lack of educational and budget support by their senior management. As you know, today’s senior management developed professionally in their careers depending on voice calls and e-mail messaging as their prime electronic communications tools. Today many senior managers still make phone calls and send e-mails during working hours and likely watch TV during off hours. So here is my point. To understand what’s needed to police a community you have to live in that community.
I call this Policing 101. But Today’s senior managers usually don’t live in the Facebook, Twitter, Skype, Second Life and other cyber space environments as part of their every day activities.
What’s the take away?
My observations tell me when it comes to new cyber space product or education budgeting, the priorities are not as nearly as high as they should be.
You have seen many products demonstrated at ISS World Programs, what are the key benefits of the current set of product releases which can be used to intercept and analyze intercept traffic?
There have been many new ISS products developed over the last nine years. Here are some intercept challenges and product examples.
First, there’s been quite a bit of activity in dealing with traffic volume. It’s not feasible to intercept all content contained in message traffic even if it were permitted legally. But there are demonstrated at ISS products which can be used to create metadata on traffic.
Can you give me an example?
Sure, software processes traffic and indexes each message by address with whom, when, what was the type of the communications. The metatagging tags the content by voice or data service.
What’s the second area of activity?
Second, there can be hundreds of applications traversing a communications link but law enforcement or intelligence professionals may only be looking for Web 2.0 mail. One interesting area is what is called “Deep Packet Inspection” or (DPI) products. These can sort through the clutter.
Third, law enforcement and intelligence professionals must be able to “connect the dots” from disparate data collected from the telecoms, financial services and many other sources. Visual analytic products are available to do this.
Fourth, almost every IP enabled device can encrypt almost any of the messaging option’s traffic. Commercially available encryption codes are for all practical purposes almost impossible to crack. But as law enforcement (or at least TVs Columbo) concludes, at every crime scene there is a piece of evidence left behind. Regarding encryption, the bad guys make mistakes or let their guard down. At our ISS World Shows, information technology intrusion vendors demonstrate how to embed spyware into bad guy devices in order to cope with encryption.
Finally, regarding the fact there are over 6,000 different languages spoken on our planet, speaker identification can be used to identify a person regardless of language he or she is speaking at a given time once a single voice print in any spoken language of the target is captured.
You have a unique vantage point on some quite interesting technologies. If you were to advise a developer at a large firm specializing in digital information analysis, what would be the three most important features the company should include in their next product release?
I know you are aware of the phenomenal requirements regarding data privacy or who can access data in a law enforcement agency. Privacy policies and safeguards for open source search in an enterprise can be very lax with regard to a law enforcement agency. Data gathered on a bad guy from a communications service provides under a court order is not fair game for searching over time by law enforcement professional. Those data may have to be erased over time and more. So compliance is an essential characteristic of many products and service.
Second, product feature to consider is interoperability with legacy lawful intercept and intelligence gathering products. Interoperability is very important. So called “fork lifts” are rare events in this space and no one in this space wants to see an additional screen introduced in the central monitoring center.
I want to emphasize that the user interface must be simple and shouldn’t require the user to be highly computer literate.
Your ISS World Programs now reaches professionals worldwide. In your opinion are the challenges in coping with flows of digital information the same worldwide, or are their some clear differences between regions?
Our present schedule of five ISS World Programs per year in North America, Latin America, Middle East Africa, Europe and Asia Pacific are supported by most of our ISS vendors in each of these markets. The ISS technology platforms do not have to be re-engineered for different markets. Of course, there are regional and agency requirements. So who deploys the ISS-type products and for what crime or terrorist fighting mission does vary from world region to region.
What are some of the differences you have observed?
That’s a tough question. Let me come at it this way.
First, you must consider the privacy laws and privacy culture of a region to understand how ISS products are deployed. In particular the relationship between telecom operators and government. In the US and Western Europe, there are domestic intercept laws calling for telecom to be the ones deploying ISS products in their networks to do the interception and subsequently handing off intercepted traffic to the law enforcement control points for analysis. In some Middle Eastern and Asian countries, government operations are collocated in telecom facilities and they have hands on access to ISS Products. Under these arrangements the intercept and analysis capabilities are orders of magnitude more powerful and efficient with collocation versus non-collocation.
A second difference concerns how people including bad guys communicate. Even though nine years may not seem like a long time, in many regions of the world, Middle East, Africa and Asia Pacific land based and cellular phone penetration was very low compared to North America and Western Europe. Internet penetration in these regions was relatively low as well. When the rapid deployment of wireless and broadband services occurred in these regions over the last nine years, users including bad guys leapfrogged right over older generation of communications messaging to the new world of communications. What you see the US in particular still a modest use of e-mail and most services are post paid; for example, a call record associated with an authenticated subscriber is created. Now here’s the key point. In the Middle East, Africa and Asia social network messaging and pre-paid cellular service dominates. As a consequence, certain investigative activities are much more challenging regarding intelligence gathering and criminal investigation.
A final difference concerns crimes law enforcement target and intelligence analysts focus on. Relative to the North American and Western Europe, the focus is not so much preventing terrorist attacks but investigating government corruption and catching money laundering folks. These are different use cases but employ the same ISS platforms just with a different application focus.
There is a general perception that the US is in the forefront of lawful interception and intelligence gathering. What’s your view?
My answer is, “Yes and no.” Here is why. You have to separate international intercept versus. domestic intercept and intelligence gathering. The US is in the lead A hands down when you refer to international intercept and intelligence gathering. I am leaving out quite a few caveats here, but court orders under the Foreign Intelligence Surveillance Act can be obtained for almost any intercept request. Some collocation in international telecom wire centers is done and a big chunk of the Civilian Intelligence Budget ($56 billion in 2011) is focused on international issues.
Regarding domestic intercept, the answer is, “No.” Privacy trumps security relative to policies in other countries. I think I referenced the fact that law enforcement doesn’t collocate equipment in telecom operator facilities for domestic intercept. The lack of co-location greatly reduces efficiency, but, on the other hand, the lack of co-location increases citizen privacy. Also consider that there are no telecom traffic data retention laws in the US as in other countries. The same applies to the data mining of call records in telecom data bases. For example, one can pretty much defeat anonymous calling from disposable cell phones if you can mine cell phone records in order to match an anonymous call record with other records.
I want to mention that U.S. laws and courts restrict what ISS products can be deployed domestically. For example, speaker identification using voice biometrics is not generally used in domestic law enforcement. The reason is that use of speaker identification technology is not permitted as evidence in the US. In other countries, speaker identification using voice biometrics is permitted.
Funding for advanced research is under severe pressure in the US and Europe. How will these funding constraints impact innovation?
I have to respond from the ISS World Product perspective. Our ISS vendor supporters develop “off the shelf” products that generally can be sold anywhere in the world. The products and services are used to conduct lawful interception, support criminal investigations and to collect intelligence domestically.
The development and support of these products can be done and is done largely without government funding. In fact, US government funding has been a “kiss of death” for many small US ISS vendors who want to pursue international opportunities. The vendors are prevented from selling internationally in many cases because of US government restrictions. This is one reason there are very few US ISS vendors relatively speaking at our international shows.
On the other hand, the defense intelligence product development requires massive US government funding as well as private investment.
So a shorter answer to your question, “off the shelf” ISS type product companies don’t need or want US government funding. But, many countries do fund their domestic ISS companies. I would include Israel and China in this group.
In the last few years, automated monitoring systems have become more popular. How has the uptake of these systems effected staffing in government entities?
There are many opportunities for automated monitoring systems in the ISS World space, and deployment of these systems would be highly likely to increase job opportunities for government professionals. Again our view of data gathering and analysis is that of data coming from telecommunications networks including the Internet into monitoring centers.
The basic premise for my seeing an opportunity is that the more an organization automates data requests from the telecoms, ISPs, portals and social network operators, the more demand the organization will have for data.
Unfortunately there is no return on investment for automation here by communications providers. These companies would only see more requests by law enforcement for intercept data. Note many law enforcement agencies still fax their requests to the telecoms for lawful interception.
And other areas in need of automated monitoring is Open Source Intelligence (OSINT). Most of OSINT collection is done manually today in the ISS space. In my opinion, there are few tools are on the market today that are appropriate for law enforcement agencies and intelligence community analysts in smaller countries.
How have the solutions presented at ISS World been evolving to keep pace with how criminals and terrorists have been evolving in how they communicate?
How criminals and terrorists communicate today is generally understood at least by ISS product developers. The challenge for the ISS vendors and their law enforcement and intelligence community customers is keeping up with the social network and portal companies. Encrypted communications are becoming more common. Many portal and web mail companies make frequent changes to their their proprietary communications application protocols. There is no notice given to ISS vendors, to law enforcement or to the intelligence community about these changes. These changes impose expensive product update responses by vendors and their customers.
If you were advising a young government professional on a career path in network intercept and intelligence gathering, what advise would you give that person?
In a few words – Do your homework. First, security clearances. Not all are equal nor recognized by other government departments. Remember, if you leave government and have a security clearance, you will have a job offer in private industry almost immediately. A security clearance in private industry gives you an automatic pay increase of 30 percent whether you work as a receptionist/security guard or a high-technology super star.
But ask yourself, “Do I have any skeletons in my closet ( unflattering photos on your or someone else’s Facebook page) that may axe my chances of getting a security clearance in the first place?”
Second, network or seek out employees currently working in the this space. I believe there are 16 US Federal government departments which can conduct criminal investigations and/or intelligence gathering. These vary widely with regard to what level of technologies each entity works with. Ask a Drug Enforcement Agency intelligence analyst what he or she thinks of their peers in other agencies for example. Then ask professionals working in other agencies.
I want to reiterate. Do your homework on the Federal budget of that department regarding investigations and/or intelligence gathering. In other words, “follow the money”.
This has been very interesting. May I ask you to put on your wizard hat? What are the major trends your building for the 2012-2013 period in lawful interception and intelligence gathering?
That’s another tough question.
I would start off by saying that in North America and Western Europe, buying “off the shelf” products versus. building your own using big government contractors is a preferred way to acquire products and services. The U.S. government spent $56 billion in 2011 or so on non defense intelligence gathering and analysis. James Claper, the Director of National Intelligence, said at the GEOINT 2011 in October 2011 that the use of intelligence outsourcing will dramatically decrease in the upcoming years. And, he pointed out that the government intelligence community will rely more on Federal civilian employees. That is how intelligence gathering is staffed in smaller nation governments and that’s where “off the shelf” ISS products are largely sold today.
The second trend is that big intelligence company acquisitions of the “off the shelf” ISS companies seem to be increasing. The writing has been on the wall for the past year. The big intelligence companies need to offer “off the shelf” ISS products to remain competitive. These are some acquisitions of small ISS vendors by the big players in just this past 12 months. IBM acquired i2, Netscout acquired FOX Replay, SAS acquired Memex, Boeing acquired NARUS, SAIC acquired CloudShield and BAE Systems acquired ETI to name a few. This trend of small ISS company acquisitions will likely continue for the next few years.
One final trend I am watching is that governments around the world--including the US-- will have to face up to total lack of lawful intercept and intelligence gathering mandates on social networks like Facebook, portal companies like Google and smartphone vendors hosting applications like Apple, among others.
The social network companies, portals and smartphone vendors know criminal and terrorists love their services because they don’t go out of their way to support law enforcement and the intelligence community.
Mandate laws like CALEA cover the telecoms, but not the above mentioned. Telecoms have no idea of how their customers are using their access services. Telecoms have become “bit pipe” providers. But like Social Security reform, politicians know there is a serious long-term funding problem but it’s politically incorrect to do anything about it.
The same problems exists with regard to social network and portal intercept mandates., The politicians have been told this is a problem by law enforcement agencies and the intelligence community, but the issue is a politically incorrect one.
So let me use “Washington Speak” here on this prediction. “Washington Speak” is when you don’t say what and when in the same sentence. So here is “the what “ but not “the when”.
Social network, portals and smartphone vendors will have to deploy infrastructure to support law enforcement agencies and the intelligence community. I can’t say when but it’s going to happen but support is in the future. So here’s “the when” but not “the what”. Social network, portals and, smartphone vendors will see regulation in the next year or two coming out of Congress. I just can’t say exactly what will be mandated.
How does a reader get more information about ISS World Conferences and training programs?
The best way to get information is to visit www.ISSWorldTraining.com.
Those interested in law enforcement and intelligence community practices and technology will want to learn more about the ISS events. Highly recommended.
Stephen E. Arnold, November 14, 2009