Valdis Krebs is pretty sure he knows why the super-secret National Security Agency is rooting around in the nation’s phone-calling records. It’s the same sort of electronic sleuthing he did following Sept. 11 to uncloak some of al-Qaida’s secrets.
Krebs isn’t a Fort Meade spook; he’s a Cleveland-based management consultant and self-confessed “techno-geek” whose specialty is the esoteric field of network analysis. That’s a computer-aided method for tracing where and how information moves within an organization, and who’s connected to whom.
Usually Krebs works with Fortune 500 companies. But terrorists operate in networks like businesses do. Both groups have obscure but important communications channels and alliances among their members that network analysis might reveal. Maybe Krebs could learn something about how the 19 hijackers pulled off the attacks.
Shortly after the Sept. 11, 2001, attacks, Krebs started plugging information gleaned from news accounts about the terrorists into his computer and sifting it with InFlow, the network analysis software he developed.
By mid-October 2001, linkages began to appear on his screen like the wispy strands of a spider’s web – a pattern called the “emergent organization.”
Mohamed Atta, one of those who commandeered American Airlines Flight 11, the first jet to hit the World Trade Center, was clearly a ringleader. Atta’s “node” – geek speak for an individual’s position within the network – had the most and the closest connections to the other terrorists. It looked like the map of an airline hub, with dozens of routes passing through a central city. That marked Atta as an information broker and a key to the Sept. 11 operation.
Many of the tighter relationships were among the men trained to fly the four hijacked planes. That was risky, because if investigators had discovered one of the pilots beforehand, the ties could have led to the other three and possibly disrupted the entire plan of attack.
A common technique
Long a staple in the academic and business world, network analysis has begun popping up in new and unusual places. Its best known new application is enabling the adolescent hook-ups on social Web sites such as Friendster and MySpace. Public health officials have used the approach to examine how infectious diseases spread.
Law enforcement has gotten into the game, too. Cops, who used to plot mob connections with string and tacks on a bulletin board, now tap network analysis software to plumb the structure of criminal outfits and narrow the search for fugitives.
USA Today recently disclosed that the NSA had obtained several years’ worth of computerized domestic call lists – no names, just numbers and talk times – from BellSouth, AT&T and Verizon, and is using network analysis to process the data. BellSouth and Verizon subsequently have denied providing bulk information to the NSA, even as customers filed a $200 billion federal lawsuit against all three phone companies alleging privacy violations.
“There is an insatiable desire in the intelligence community to compile data on Americans,” said Jonathan Turley, a George Washington University law professor whose specialty is national security and constitutional issues.
“People don’t realize how much of their lives, tastes, prejudices can be assembled through these types of records. We are fast becoming a fish bowl society. Most citizens don’t recognize what a truly transformative point we’re at.”
Privacy concerns aside, network analysis experts disagree about how helpful one massive database like those billions of calling records would be in the hunt for terrorists. Some worry that the inevitable false hits from sifting so much information would waylay investigators and tarnish innocent people.
Questions about the value of a single database may be moot, however. To refine its pattern-spotting, the NSA likely is pairing phone records with information from other federal agencies, not to mention commercially available databases like the ones direct-mailers use to identify potential customers – a more expansive data-mining effort than has previously been revealed.
“They must be,” former NSA director Bobby Ray Inman said, although he emphasized he has no knowledge of the agency’s current activities.
“All you’re looking for here is what you turn around and use to actually target,” said Inman, who ran the spy agency from 1977 to 1981. “The idea that they’ve got all this information the phone companies have provided – NSA couldn’t begin to deal with it. It’s just a huge volume. You’re swamped in data that has no value.”
Records of credit card usage, for example, could shed some light on what’s behind a sudden flurry of phone calls within a suspicious group. Maybe investigators would want to know if anyone’s using a credit card to rent large trucks or buy one-way airline tickets. They could set the appropriate triggers on the software, let it loose to prowl through the databases, and see whether any alarms go off.
Credit-card records?
Has the NSA tried to acquire credit-card databases like it did with phone records? “That’s not something we can comment on,” said Julie Davis, a spokeswoman for credit card giant Bank of America.
It’s possible the spy agency also is analyzing large amounts of Internet traffic. Newsweek and several other news organizations reported this week that a veteran AT&T technician, Mark Klein, discovered specially constructed and equipped rooms at several AT&T offices on the West Coast that allowed the NSA to tap into e-mail and other Web data flow. Klein has provided testimony that the Electronic Frontier Foundation is using in a privacy lawsuit against AT&T.
Network analysis not only judges how tightly or loosely people are connected – which says something about the efficiency of information flow – but also identifies “brokers” who hear from lots of people and decide what to pass on; “boundary spanners,” the innovators who reach out to new and potentially helpful people outside the immediate group; and “peripheral players” who sit at the margins without much contact.
How does any of this apply to anti-terrorism efforts? Obviously al-Qaida members aren’t going to willingly give up anything about their organization the way Krebs’ business clients do.
But with a starting point – a suspect or two and some record of whom they communicate with over time – network analysis can begin to flesh out something about who’s in the organization and what their roles might be.
Krebs and others prefer this bottom-up approach of starting small with a known target and working outward, building up contact information in a “snowball sample,” rather than fishing in a giant and confusing ocean like the database of the entire country’s phone-calling records.
Others think even a database as vast as the nation’s phone records could yield something useful.
Very big databases
“The tools are getting better. The ability to handle big databases is getting better,” said Stanley Wasserman, professor of sociology, psychology and statistics at Indiana University and chief scientist at Visible Path, a network analysis software firm. “The NSA has network analysts working for them. I know some of them. Anyone who says the NSA can’t learn anything from phone records is naive.”
A sophisticated analysis might even suggest some strategies for disrupting a terrorist cell. Someone who shows up on the network analysis map as the nexus for lots of chatter from across the organization would at the very least merit deeper surveillance.
Tapping into that active “node” would have bigger potential payoff than eavesdropping on someone at the margins.
If intelligence showed an attack was imminent, taking out the terrorists that network analysis targeted as the central planners or key information conduits could topple the plot.
There’s a danger, though, in extrapolating too much from what you see on a computer screen, of thinking that people – terrorists – react as predictably as the digital knights and bishops in a game of online chess.
“We’re so enamored of technology,” Krebs said. “I’m a techno-geek but I know that technology by itself is often useless. It’s more an aid in thinking. You have to have a good mix of technology and sociology to track terrorists or understand an organization.”
John Mangels is a reporter for The Plain Dealer of Cleveland. He can be contacted at jmangels@plaind.com.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.