ONLINE INTELLIGENCE: THE USUAL SUSPECTS VERSUS EVOLVING E-RESEARCH PRACTICE

ONLINE INTELLIGENCE: THE USUAL SUSPECTS VERSUS EVOLVING E-RESEARCH PRACTICES – by Martin Hurst – It’s a basic principle: The more society integrates the Internet into their daily lives, the more society leaves behind an increasing array of digital footprints. These digital footprints identify behaviour, habits, and personal preferences and the more one integrates with the Internet, the more relevant matters of privacy and information protection become.

For those of you who utilize the Internet as an investigative research tool, you may well fall into a particular investigative “category”. Each of these categories have known weaknesses and raise common, but often undisclosed, issues in online investigations and Open Source Intelligence (OSINT) gathering operations.

A case of the “Usual Suspects”:

Suspect 1 – A very passionate investigator with limited competitive intelligence experience; attempts to acquire information on an investigative target and becomes mentally exhausted with the undertaking of the task.

Suspect 2 – A seasoned investigator with a “been there, done that” attitude and outdated or limited open source research proficiency; prematurely concludes their investigation because “there is nothing of relevance on the Internet to begin with”.

Suspect 3 – A new analyst, raised in an “online influenced” generation but with minimal enforcement or competitive intelligence experience; becomes disgruntled when repeatedly informed he/she is improperly conducting their investigations.

Suspect 4 – A researcher handicapped by their agency/firm’s lack of current policy for using online tools for investigative, intelligence, or research purposes.

If you fall into one of these categories, you’re not alone.

Within your workplace, regardless of whether it’s government or private sector, there will be variations of the “Usual Suspects” with a common thread that resonates throughout – that online investigations are being conducted under an umbrella of outdated policy and antiquated procedures versus evolving research practices.

How do you counteract this phenomenon?

Addressing this challenge, you must assess the mandate of your agency or business, and determine:

1. Are your methods of collection consistent with Departmental, Agency, or Private Firm Policy?
2. If your collection methods are not consistent, is it because of outdated policy or outdated collection methods… or both?
3. Given the dynamic evolution of internet based information, and its equally evolving privacy concerns, does your organization routinely review its policy and its investigators’ collection methods to ensure proper practice?

And in addition to the above mentioned points, consider the following three issues pertaining to research, intelligence gathering, and the sensitivity of combined information:

“Unprotected” Archived Data

In the article “What the Internet Knows About You and How to Protect Yourself: A Chat with Sarah Downey”, Jason Oberholtzer provides a number of quotes that reveal a startling yet widespread reality about Internet influenced research:

“With increased visibility and accessibility of records should be increased consumer control over how and where these records appear”

“…Data Mining and Background checks present a static, unbalanced, and often inaccurate picture of (an individual)”;

“The problem…with public records classification, is that it’s from a bygone time before the Internet. If you wanted to get a background check on someone back even 20 years ago, you would have to go to…the (government office) in person… It was a (physical) hassle, but that hassle protected people’s privacy”.

Privacy is not what it used to be and society will never go back to the way it once was. All of us, online investigators and internet users alike, must take the time to come to an understanding of what privacy is in the Information Age and make at the very least, reasonably informed decisions about what we are, and are not, willing to give up with a view towards an ever changing and arguably uncertain, digital future.

Threats to (and from) Online Communities

In the article “LinkedIn is a hacker’s dream tool”, author Stacy Cowely describes how security tester and self described “hacker for hire” Ryan O’Horo created a fake Linkedin account and then used that account, carefully seeded with detailed information about the company he was targeting, to infiltrate that companies various online, confidential discussions. Within hours he was privy to sensitive information about the target company and it was days before suspicions were raised, and his account blacklisted. O’Horo proved an important point around the ease of acquiring information via deception and what is essentially “e-espionage”.

Clear guidelines must be in place to ensure that online investigators and researchers do not break the law and/or cross established ethical boundaries when conducting online their online activities. Conversely, security protocols must be established and continually monitored and maintained in order to resist e-espionage operations.

Information Silos

There is no such thing as an accessible omnipotent online database that can reveal everything about anyone and there will likely never be one supreme Social Network. But by exploring a wide variety of freely accessible online resources, or “Information Silos”, skilled researchers and investigators can weave together data to enhance overall intelligence profiles.

Social networking site administrators from the leading Social Media Platforms do not hold teleconferences about limiting the digital footprint a mutual client leaves behind, and freely accessible Government databases would never be invited if these teleconferences actually existed. By understanding what an Information Silo is, an online researcher can find information by asking the right questions, coupled with using the appropriate research tools, to arrive at some meaningful answers.

The fundamental realization, is best stated by Adam Levin, CEO Criterion Capital Partners (and owner of social networking site Bebo), “…the more digital our society becomes, the less people value their privacy”.

Social Media is a communication tool that is an extension of the person or the organization that uses it. The glaring difference between traditional communication and Social Media is the potential lack of “face to face” interaction. Likely for many people, the challenge is the constant risk assessment to determine if who connects with you on a Social Media Platform is a trusted source, or a threat to you or your firm.

So how does one tackle the constantly evolving Internet while being handicapped by the “Usual Suspects”? Training – It’s that simple.

How do individuals maintain the perishable skill called “awareness” when E-Sleuthing? Government and Private Investigators, Policy Advisors, Employers and Executive Teams require timely relevant training in order to be truly effective and to best protect their overall interests.

Seek out necessary training. As the Internet evolves, so should your responsibility toward it.