When law enforcement sets out to solve a new case—from missing persons to property crimes—they often begin with virtually nothing to go on. There may be no witnesses, no known motive, and even no physical crime scene; it can feel like playing chess in the dark, and “where should we even start?” is a common sentiment. Lawful intelligence is the framework of methods, tools, and techniques that answers that question and guides investigators toward resolution. It combines lawful interception with location intelligence and other sources, using digital forensics and techniques drawn from the intelligence community to collect, assemble, and analyze data.
The digital footprints left by both suspects and victims drive modern investigations: purchases on a card, surveillance footage, license plate readers, geographic position, and much more. Far from a lack of evidence, the opposite is often true, where analysts struggle to make sense of massive disparate data from large numbers of sources. Adding another layer of complexity, nearly all electronic communications are now protected by end-to-end encryption, which service providers may be unable to decrypt, even when they are served with a search warrant. Lawful intelligence tools level the playing field, so investigators can lean into these realities with digital investigations.
New Investigative Norms, Driven by Forensics
Conventional types of information gathering such as examining crime scenes, interviewing witnesses, and locating CCTV feeds are now just a subset of the investigation path. Dozens or hundreds of inputs may now be part of the evidence trail, even for relatively simple cases. Investigators can’t succeed by manually searching for and sifting through massive amounts of structured and unstructured data. Automation makes it feasible at scale to connect to many sources at once, collect and analyze large amounts of data, and monitor those data sources on an ongoing basis.
The Modern Digital Crime Scene
Developments in AI and machine learning are advancing automated analytics to make these processes even more effective. In addition to finding patterns and insights in data beyond human scale, technology-driven tools read machine-oriented signals such as metadata as their native language, where humans would struggle. Unifying all those sources with data fusion and converging them into a data lake to be analyzed as a single whole, without siloes, maximizes investigative value by finding connections between every available data point.
Modernized approaches to investigation make extended use of location intelligence, drawing on and combining network measurements and tower dumps, intercept-related information and call data records, and other location sources such as license-plate readers and mobile advertising IDs. In addition to pinpointing a person of interest at a specific time and place, positioning data can corroborate other evidence and help establish timelines before, during, and after a crime. Concrete, time-stamped movements provide a framework to reconstruct intent, opportunity, and behavior, including to detect meetings between subjects of interest and to reveal patterns of life.
Structured Approaches to Data-Driven Intelligence
Beyond technology-driven solutions, investigators benefit from conceptual-operational frameworks to guide the collection, use, and control of digital intelligence. The complexity of the intelligence patterns used in digital investigations makes operational structures from the intelligence community useful. For example, distinctions between tactical, operational, and strategic intelligence illuminate the ability of casework to shape and contribute to the agency’s overall mission.
Tactical intelligence, which may be in real time, guides the immediate steps and ongoing motion of an investigation, to uncover clues and paths of inquiry, direct crisis response, justify search warrants, and support arrests. Operational intelligence connects the dots across multiple investigations, providing context such as background on criminal organizations, individuals, and their modus operandi. Strategic intelligence is an agency-level umbrella view that draws directly on casefiles to offer insight into national or regional crime trends, assist in threat forecasting, and allocate resources where they do the most good.
That three-part structure shows the multi-dimensional potential of investigative information, facilitated by well-designed lawful intelligence platforms. Various types of intelligence contribute to this holistic view:
- Open Source Intelligence (OSINT) is gathered from public sources such as news and social media
- Geospatial/location intelligence (GEOINT) is based on position data, often gathered from mobile networks
- Human intelligence (HUMINT) is collected from people, including interviews, interrogations, and depositions
- Signals Intelligence (SIGINT) is collected from communications and other signaling, including lawful interception
- Imagery intelligence (IMINT) is from analysis of visual sources such as surveillance cameras and satellite images
Vast data from many sources, including much that is encrypted or unreliable, makes data fusion and digital forensics primary tools of the criminal investigator. The SS8 platform brings those forces to bear with lawful intelligence that maximizes the value of data points individually and collectively, with tools and workflows built through more than 25 years of collaboration with service providers, law enforcement, and the intelligence community.
This blog is part one of a four-part series, “End-to-Intelligence Gathering,” which illustrates investigative challenges and technological solutions throughout the lawful intelligence lifecycle. This first installment, “Sources & Methods,” introduces conceptual and operational practices for sourcing and identifying value in relevant data. Part 2, “Ingest & Analysis,” discusses transformation of that data into actionable intelligence. Part 3, “Dissemination & Impact,” addresses methods for using intelligence in investigations effectively and securely. Part 4, “Use Cases & Illustrations,” relates examples of how analysts apply end-to-end intelligence in real-world scenarios.
About Kevin McTiernan
Kevin McTiernan is a seasoned professional with over 20 years of experience in the security industry. His extensive expertise spans big data, cybersecurity, network security analysis, and regulatory compliance. As Vice President of Government Solutions at SS8, Kevin specializes in the implementation of advanced intelligence solutions for the U.S. Government, law enforcement, and the Five Eyes alliance. He is an accomplished public speaker and an adamant supporter and volunteer for the National Child Protection Task Force. You can learn more about Kevin on his LinkedIn profile.
About Stuart Walsh
Stuart Walsh is a consultative technical sales leader with over 30 years of experience helping customers deliver solutions for success. As a technical leader in the Location division of SS8 Networks, Stuart is passionate about introducing next generation solutions and services to network operators and enterprises and driving business growth. Stuart also has a depth of experience in voice and data applications for both Enterprise and Service Provider customers. You can learn more about Stuart on his LinkedIn profile here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 is committed to making societies safer. Our mission is to extract, analyze, and visualize critical intelligence, providing real-time insights that help save lives. With 25 years of expertise, SS8 is a trusted partner of the world’s largest government agencies and communication providers, consistently remaining at the forefront of innovation.
Discovery is the latest solution from SS8. Provided as a subscription, it is an investigative force multiplier for local and state police to fuse, filter, and analyze massive volumes of investigative data – in real time.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@SS8.com.
