Get Well+Being delivered to your inbox every Monday Morning.

Data Mining Would Not Have Stopped the Aurora Shooting
“Wall Street Journal” columnist Holman Jenkins posited that Total Information Awareness would have helped stop James Holmes. Here’s why he’s wrong.
By Shane Harris
Comments () | Published July 26, 2012

“Would Total Information Awareness have stopped James Eagan Holmes?”

That’s the provocative question Wall Street Journal columnist Holman Jenkins Jr. asks about the alleged murderer of 12 people in a Colorado movie theatre. Total Information Awareness (TIA) was a Defense Department research program, started after the 9/11 attacks, that aimed to help predict acts of terrorism before they occurred. I have more than a general familiarity with the program. I wrote a book about it.

Jenkins poses an understandably alluring idea: What if, before the shootings, government investigators had a record of what Holmes bought, what websites he visited, and what communications he had with the people who knew him? Might they have been able to detect his plot and stop it?

“Aside from privacy considerations,” Jenkins asks, “is there anything in principle to stop government computers, assuming they have access to the data, from algorithmically detecting the patterns of a mass shooting in the planning stages?”

The answer is yes. Because this imagined algorithm doesn’t exist.

It is beyond the capacity of today’s technology to peer into an ocean of anonymous electronic information—phone calls, e-mails, credit card receipts—and then detect a pattern of activity that reliably leads to one specific person planning a crime. Even transactions that in hindsight appear to be meaningfully connected to an individual will look to a computer like a mash of data, and any pattern it finds will not be unique. It will show up connected to many other people.

Jenkins enumerates the various steps Holmes is believed to have taken in the days before his crime, all of which left an electronic trace, and wonders why computers couldn’t figure out what the alleged killer was up to.

“Holmes dropped out of school via e-mail,” Jenkins notes.

Well, I doubt he was the only student to drop out. And doing so over e-mail isn’t novel or especially alarming.

“He tried to join a shooting range with phone calls and e-mails going back and forth.”

Presumably, so have a lot of people. Aren’t those two standard ways to inquire about joining a shooting range, or any other club?

“He bought weapons and bomb-making equipment.”

Holmes purchased his firearms legally, like a lot of other people, so that doesn’t raise suspicion. As for the bomb-making equipment, this points to an issue that pattern analysts have struggled with for years. How do you know if someone buying, say, large quantities of fertilizer is trying to build a bomb or start a gardening business?

“He placed orders at various websites for a large quantity of ammunition.”

I haven’t purchased rounds over the Web, but I understand it’s quite easy and, I have to presume, rather common.

None of these events, on their own or collectively, could have led investigators to preempt the killings in Aurora. They’re not specific enough, and absent an initial connection to a suspect, they’re practically useless. Buying guns and chemicals that could be used to make a bomb, as scary as that sounds, is not proof of terrorism or mass murder. Put Holmes’s data points together and you’d also have a plausible picture of a man who dropped out of school and decided to take up sport shooting, or a guy buying chemicals to start a cleaning service.

Even if the government were crunching away on guns and ammo sales and cross-referencing them to school enrollment reports, such an algorithm would generate hundreds if not thousands of potential “suspects” that investigators wouldn’t have the time or the people to track down. That’s what happened after the 9/11 attacks, when the FBI was flooded with names, phone numbers, and e-mails that the intelligence community believed might have some connection to Al Qaeda. Those leads led to dead ends.

A computer cannot distinguish between innocuous behavior and sinister plotting just by looking at a list of receipts. And, Jenkins might be surprised to know, that is not what Total Information Awareness proposed to do, either.

Jenkins is correct that TIA was going to sift through “vast streams of data looking for red flags,” but he is oversimplifying this process and leaving out a crucial step. TIA was going to sift through data looking for transactions based on previously designed templates of behaviors one might see leading up to an act of terrorism.

The TIA researchers convened a panel of terrorism and security experts to devise various plots. In one—flying a plane into a nuclear reactor—they listed all the steps a terrorist cell would have to take that might leave an electronic record, including traveling to the reactor site to conduct reconnaissance, researching the facility, transferring money for the plot, finding housing for the attackers, communicating with their handlers, and so on.

Now, if these terrorist plotters were to leave a clear, predictable signature of electronic transactions—and that’s a big if, one TIA never fully tested in the real world—that would only be the first step in preventing their attack. After the initial detection, human analysts would enter the picture, and they’d have to look for connections to other known or suspected terrorists. And in that laborious work, they’d have a greater chance of success than an investigator trying to find the next movie theater gunman. That’s because the terrorists would probably have come into the United States from a foreign country, which would mean their names would already be in the federal government’s immigration databases. At that point, intelligence analysts across the government would have access to their names, and they could try to connect the suspects to a terrorist group. As far as we know, Holmes never appeared on any government list, other than for a reported traffic incident.

This kind of person-to-person analysis, determining whether someone is a threat based on his social network, is how counterterrorism actually works. There has to be a starting point, connected to a person. And even when the government has very useful intelligence about a terrorist suspect, as it did in the case of the so-called Underwear Bomber, it can’t always connect the dots.

As for those “privacy considerations” Jenkins apparently thinks are the only thing standing in the way of men like Holmes and law enforcement agents, I’m sad to report that they aren’t really obstacles. I’ll save this for a future post, but suffice to say that if the information is out there, the government can get it, one way or another.

The problem is that access and understanding are two very different things. As much as we would like to believe “total information awareness” would have led us to Holmes’s doorstep before that awful night, it’s just not so. We look at Holmes now, with that wild orange hair and those bulging eyes, and think: He would have stood out among the crowd. He would have seemed like the kind of person capable of a killing spree. But that’s just our imagination.


Media National Security News & Gossip
Subscribe to Washingtonian

Discuss this story

Feel free to leave a comment or ask a question. The Washingtonian reserves the right to remove or edit content once posted.
  • I'd like to know why the THEATRE didn't catch on ... how did he get ALL that bulletproof gear, a cannister of toxic spray AND a gun with ample ammunition, into the theater without being even caught, let alone stopped.
    One time in Toronto, I got stopped from going in to COOL RUNNINGS because I had a small bag of snacks from home for my children.
    Varied news broadcasts keep mentioning law suits against the film and/or the studio?
    How did he even get all that into the theatre, is what I want to know.

  • darius404

    I'm not entirely sure on this, but I believe he used the emergency exit to get in the building.

blog comments powered by Disqus

Posted at 11:55 AM/ET, 07/26/2012 RSS | Print | Permalink | Comments () | Blogs