News & Politics

Data Mining Would Not Have Stopped the Aurora Shooting

“Wall Street Journal” columnist Holman Jenkins posited that Total Information Awareness would have helped stop James Holmes. Here’s why he’s wrong.

“Would Total Information Awareness have stopped James Eagan Holmes?”

That’s the provocative question
Wall Street Journal columnist
Holman Jenkins Jr. asks
about the alleged murderer of 12 people in a Colorado movie
theatre. Total Information
Awareness (TIA) was a Defense Department research program,
started after the 9/11
attacks, that aimed to help predict acts of terrorism before
they occurred. I have
more than a general familiarity with the program. I wrote a
about it.

Jenkins poses an understandably alluring idea: What if, before the shootings, government
investigators had a record of what Holmes bought, what websites he visited, and what
communications he had with the people who knew him? Might they have been able to detect
his plot and stop it?

“Aside from privacy considerations,” Jenkins asks, “is there anything in principle
to stop government computers, assuming they have access to the data, from algorithmically
detecting the patterns of a mass shooting in the planning stages?”

The answer is yes. Because this imagined algorithm doesn’t exist.

It is beyond the capacity of today’s technology to peer into an ocean of anonymous
electronic information—phone calls, e-mails, credit card receipts—and then detect
a pattern of activity that reliably leads to one specific person planning a crime.
Even transactions that in hindsight appear to be meaningfully connected to an individual
will look to a computer like a mash of data, and any pattern it finds will not be
unique. It will show up connected to many other people.

Jenkins enumerates the various steps Holmes is believed to have taken in the days
before his crime, all of which left an electronic trace, and wonders why computers
couldn’t figure out what the alleged killer was up to.

“Holmes dropped out of school via e-mail,” Jenkins notes.

Well, I doubt he was the only student to drop out. And doing so over e-mail isn’t
novel or especially alarming.

“He tried to join a shooting range with phone calls and e-mails going back and forth.”

Presumably, so have a lot of people. Aren’t those two standard ways to inquire about
joining a shooting range, or any other club?

“He bought weapons and bomb-making equipment.”

Holmes purchased his firearms legally, like a lot of other people, so that doesn’t
raise suspicion. As for the bomb-making equipment, this points to an issue that pattern
analysts have struggled with for years. How do you know if someone buying, say, large
quantities of fertilizer is trying to build a bomb or start a gardening business?

“He placed orders at various websites for a large quantity of ammunition.”

I haven’t purchased rounds over the Web, but I understand it’s quite easy and, I have
to presume, rather common.

None of these events, on their own or collectively, could have led investigators to
preempt the killings in Aurora. They’re not specific enough, and absent an initial
connection to a suspect, they’re practically useless. Buying guns and chemicals that
could be used to make a bomb, as scary as that sounds, is not proof of terrorism or
mass murder. Put Holmes’s data points together and you’d also have a plausible picture
of a man who dropped out of school and decided to take up sport shooting, or a guy
buying chemicals to start a cleaning service.

Even if the government were crunching away on guns and ammo sales and cross-referencing
them to school enrollment reports, such an algorithm would generate hundreds if not
thousands of potential “suspects” that investigators wouldn’t have the time or the
people to track down. That’s what happened after the 9/11 attacks, when the FBI was
flooded with names, phone numbers, and e-mails that the intelligence community believed
might have some connection to Al Qaeda.
Those leads led to dead ends.

A computer cannot distinguish between innocuous behavior and sinister plotting just
by looking at a list of receipts. And, Jenkins might be surprised to know, that is
not what Total Information Awareness proposed to do, either.

Jenkins is correct that TIA was going to sift through “vast streams of data looking
for red flags,” but he is oversimplifying this process and leaving out a crucial step.
TIA was going to sift through data looking for transactions based on previously designed
templates of behaviors one might see leading up to an act of terrorism.

The TIA researchers convened a panel of terrorism and security experts to devise various
plots. In one—flying a plane into a nuclear reactor—they listed all the steps a terrorist
cell would have to take that might leave an electronic record, including traveling
to the reactor site to conduct reconnaissance, researching the facility, transferring
money for the plot, finding housing for the attackers, communicating with their handlers,
and so on.

Now, if these terrorist plotters were to leave a clear, predictable signature of electronic
transactions—and that’s a big if, one TIA never fully tested in the real world—that
would only be the first step in preventing their attack. After the initial detection,
human analysts would enter the picture, and they’d have to look for connections to
other known or suspected terrorists. And in that laborious work, they’d have a greater
chance of success than an investigator trying to find the next movie theater gunman.
That’s because the terrorists would probably have come into the United States from
a foreign country, which would mean their names would already be in the federal government’s
immigration databases. At that point, intelligence analysts across the government
would have access to their names, and they could try to connect the suspects to a
terrorist group. As far as we know, Holmes never appeared on any government list,
other than for a reported traffic incident.

This kind of person-to-person analysis, determining whether someone is a threat based
on his social network, is how counterterrorism actually works. There has to be a starting
point, connected to a person. And even when the government has very useful intelligence
about a terrorist suspect, as it did in the case of the so-called Underwear Bomber,
it can’t always connect the dots.

As for those “privacy considerations” Jenkins apparently thinks are the only thing
standing in the way of men like Holmes and law enforcement agents, I’m sad to report
that they aren’t really obstacles. I’ll save this for a future post, but suffice to
say that if the information is out there, the government can get it, one way or another.

The problem is that access and understanding are two very different things. As much
as we would like to believe “total information awareness” would have led us to Holmes’s
doorstep before that awful night, it’s just not so. We look at Holmes now, with that
wild orange hair and those bulging eyes, and think: He would have stood out among
the crowd. He would have seemed like the kind of person capable of a killing spree.
But that’s just our imagination.