Homeland Security 2014 Safe and Secure Nation Intelligence-led Policing Contents

1 Executive summary 6

2 What is intelligence? 8

India’s law enforcement 3 10 intelligence

Understanding the intelligence 4 20 architecture

5 Way forward 28

Intelligence-led policing Intelligence-led policing Foreword

The world is witnessing growth in organised crime and . A large number of criminal FICCI’s initiative of Homeland Security has been well received by the public sector and industry incidences are found to have complex inter-state and international linkages. In order to meet the for the past three years. EY’s collaboration with FICCI as its knowledge partner has already ever increasing demand of security, governments around the world have invested in developing produced three successful seasons of Homeland Security. Extending the thought further, we are intelligence analytics for security and policing. Given the advancement in technology, the future presenting the fourth publication in the series Intelligence-led Policing to highlight the need for of homeland security lies in better use of analytics for pre-emptive policing. analytics in homeland security.

Crime in is increasing at an alarming rate. According to the National Crime Record Bureau The rising population, reducing jobs, increased cost of living and greater accessibility of a total of 66,40,378 cognizable crimes under IPC and SLL were registered in 2013 – a decadal information are among the many factors that have made citizens vulnerable to crime and terror increase of 20.8 per cent from 2003. In such a situation, there is enormous pressure on our activities. Furthermore, the tactics of criminals have evolved alongside the rapid progress in law enforcement agencies to act swiftly, effectively and efficiently. Analytics is the technology the field of science and technology, leading to an increased gamut of crimes carried out using that will help law enforcement agencies to better deal with crime. Analytics can be used for advanced means and techniques. Law Enforcement Agencies, thus, need to develop ways and crime prevention, investigation, prosecution, and research and analysis. Use of intelligence led policing thus will enable means to prevent their incidence altogether. If an incident does occur, the turnaround time of LEAs to nab the culprit needs to the government to provide a security umbrella, especially in urban areas which is more prone to get affected by crime and be cut down to minimum. terrorism. The required level of advancement can be achieved through technology and capacity building. In India, Law Enforcement Till recently, the police forces were seen to be using traditional means to tackle crime. However, recently they have taken Agencies have adopted the basic level of automation. The next level of technology capability would be attained when they use steps to better arm themselves with the advanced technologies available in the market. The FICCI E&Y report on Intelligence relevant data to cull out useful information that helps them prevent any incident. Analytics is the key technology that needs to Led Policing explores the various nuances of what constitutes intelligence in policing. The report explores in depth India’s be incorporated for increasing the capabilities of LEAs in predicting and preventing incidents. intelligence architecture. It analyses various components of analytics and intelligence in the police forces, and underlines initiatives that have brought our security forces in line with best security practices in the world. It further draws a structured Analytics finds it ways in Commercial taxes, customs, police, intelligence agency, investigative agency, disaster management path for future use of intelligence and analytics in solving important and complex security issues. I sincerely hope that this and many other sensitive areas. It highlights patterns that cannot be detected by manual interventions. This paper discusses report will offer important and useful insights to all stakeholders. analytics in detail in the perspective of homeland security.

We sincerely hope that this paper gives you insights into the world of analytics, the urgent need for our country to adopt analytics, and its use in law enforcement.

We would like to thank FICCI for giving us the opportunity to present our views on analytics in homeland security through this knowledge paper at the Homeland Security 2014 conference, to be held in New .

Dr. A. Didar Singh Rahul Rishi Secretary General Partner, Advisory Services FICCI EY

4 Intelligence-led policing Intelligence-led policing 5 Executive summary

The globalisation of economies, improving living standards and 1. Multiple sources of data, leading to confusion in processing Prevention: Police and other agencies can harness the power Prosecution: In India, 93,28,085 cases were pending for trial rapid urbanisation have led to people demanding better public intelligence alerts by different authorities of big data analytics on the data available in various forms (including cases from the previous year) in the Subordinate services. Their foremost need is a safe and secure environment. and shapes. Preventive measures begin range from data Courts in 2012, as compared to 89,39,161 in 2011, up 4.4%4. 2. Neglected open-source intelligence This puts pressure on the police force to respond swiftly, mining to discovery of hidden patterns and relationships At the trial stage, the police needs to establish a link between effectively and efficiently. In addition, with the advancement of 3. Insufficient inter-agency coordination in a large amount of data. Information is evaluated over the crime and the identified criminals. The case can be followed technology, the focus has now shifted to being proactive and various periods of time on indicators such as crime patterns, up through the case management system for better reporting. 4. Inadequate methods for processing and sharing intelligence preventing crime, instead of waiting for it to happen and then motives, physical location, day, time, weather, political Increased forensic capabilities would also help scale up the between Central and shared agencies coming up with a solution. factors, economic factors, school calendars, pay periods and prosecution process. Law Enforcement Agencies (LEAs) need to urgently events. LEAs can use operational, tactical and predictive In India, crime is increasing at an alarming rate. An Review and analysis: After the closing of a case, it is important deploy appropriate technology to be able to analyse the dashboards to create a map and identify the area that has overwhelming 66,40,378 cognizable crimes were registered to understand the relationships, modus operandi, targets, available data and counter challenges posed by limited the highest probability of crime occurring in a specified time under IPC and SLL in 20131, up 20.8% from 2003. This indicates intentions, etc., of the committed crime. Appropriate data resources. LEAs gather a huge amount of data from varied window. They can then accordingly deploy resources and the urgent need to spruce up the police force. The sanctioned needs to be uploaded in the official tracking system to build a sources such as banks, telecoms, traffic information, manpower to prevent crime and lower operating costs. strength of the police force has been increased by 50.4% from strong database for reference. Such post case analysis is useful social media, criminal records and airlines. All of this 2002 to 2012; however, there were 24.82% vacancies until 1 Investigation: Previously, police officers required days in preventing crimes of similar nature. Such information can data has to be refined and analysed to cull out the critical January 20132. and weeks to sift through available information. For e.g., include analytics pivoted on area, crime, criminal, victim, etc. information required for solving and preventing crime. traditionally, the police force used to spend days to analyse call Based on the stored data, preventive tools can help prevent the Evidently, limited manpower and resources are the key Analytics is the key technology that can help LEAs understand records of a suspected mobile number manually. Now, the same occurrence of crime. challenges for the police force. Other concerns are: information and act accordingly. Analytics can be used for work can be done in a few hours through automated systems. The use of intelligence-led policing would help governments citizen safety and security at four stages, as shown below. Analytics reduces both time and effort spent in investigation. worldwide ensure a safe and secure environment for its Various analytics tools such as link analytics, video analytics, Police availability data3 citizens. Using such tools increases the overall efficiency audio analytics, computer forensics and social media analytics S. No. Item Sanctioned Actual B and effectiveness of LEAs. However, it is imperative that use e can be used during the investigation stage to identify criminals

1 Prevention f

o of advanced analytics techniques be preceded by a robust

1. Population per 551 733 r and establish their relation to the crime. These tools establish e mechanism for data collection and validation to ensure its policeman c r i m the relationship between the suspect and the crime based on accuracy and usefulness, else the results of the process would 2. Area in sq. km. per 1.43 1.91 facts and figures. In addition, collating the database of various

2 Investigation e not be useful. Forthcoming chapters discuss the importance of policeman agencies increases the value delivered by analytic tools. analytics, India’s perspective on analytics and various analytics options available to policing agencies. 3. Transport facility 6.95 9.24 per 100 policemen 3 Prosecution A f t e r c r i m 1NCRB, - 2013

2 BPR&D, Data on Police Organizations in India, as on January 1, 2013 4 Review & Analysis e 3BPR&D, Data on Police Organizations in India, as on January 1, 2013 4BPR&D, Data on Police Organizations in India, as on January 1, 2013

6 Intelligence-led policing Intelligence-led policing 7 What is Intelligence?

In the purest sense, intelligence is the end product of an Intelligence-led policing focuses on key criminal activities. management systems, regional operations support, and a 24- There are essentially two broad purposes for an intelligence analytic process that evaluates information collected from Once crime problems are identified and quantified through hour, 7-day-a-week watch centre. They support multiagency function at an LEA: diverse sources; it integrates the relevant information into a intelligence assessments, key criminals can be targeted information exchange and assign an intelligence officer to • Prevention: It includes gaining or developing information logical package and produces a conclusion, estimate or forecast for investigation and prosecution. Because the groups and each region. As such, a centre’s core mission can be limited related to threats of terrorism or crime and using this about a criminal phenomenon by using the scientific approach individuals targeted in Kent were those who were responsible for to anti-terrorism, but it may include all significant crimes, information to apprehend offenders, harden targets, and to problem solving (that is, analysis). Intelligence, therefore, significant criminal activity, the ultimate reduction in crime was or target different types of crime, such as identity theft, come up with strategies that will eliminate or mitigate the is a synergistic product intended to provide meaningful and considerable. According to a constabulary note, “It has given insurance fraud, , cigarette , threat. This is known as tactical intelligence. trustworthy actionable knowledge to decision makers. In the the Kent Constabulary the ability to confront crime in an active, armed , and document fraud. The “all crimes” past few decades, with the advent of technology, intelligence rational fashion and to build continually on each success.” approach has recently been endorsed and recommended • Planning and resource allocation: The intelligence function has gained importance in homeland security and policing. by many criminal intelligence advisory and policy groups. provides information to decision makers about the changing Intelligence-led policing in the US has benefited from the recent Terrorist attacks all over the world have created the need to nature of threats, the characteristics and methodologies of development of “fusion centres,” which serve multiagency make practical changes to law enforcement and have stressed threats, and emerging threat idiosyncrasies. This helps them policing needs. These fusion centres — derived from old watch the importance of intelligence for undertaking security If intelligence is analysed information, what is come up with response strategies and reallocate resources, centres — provide information to patrol officers, detectives, operations, gathering information, and strategising and analysis? as necessary, to accomplish effective prevention. This is management, and other participating personnel and agencies apprehending criminals. Intelligence has come to play a larger known as strategic intelligence. on specific criminals, crime groups and criminal activities. For Analysis requires thoughtful contemplation that results in role in criminal offences, as well as economic offences. example, they lend support to anti-terrorism and other crime- conclusions and recommendations. Thus, computers may assist Intelligence-led policing, while it is useful at many levels, The term “intelligence-led policing” originated in Great specific objectives. The centres search numerous public and with analysis by compiling large amounts of data into an easily does pose certain issues. First, it is important to understand Britain. The Kent Constabulary developed the concept in private databases to gather and analyse information. They accessible format. However, this classifies as collated data intelligence and its management. Second, agencies need to response to a sharp increase in property-related offenses also generate intelligence products that provide an overview of and not analysed data or information, and it falls far short of prevent and respond to day-to-day crime, while focussing (e.g., burglary and automobile theft) at a time when terrorist or other crime groups, analysis of trends, and other intelligence. For information to be useful, it must be analysed by on preventing terrorism. Third, the realities of funding and police budgets were being cut. Officials believed that a items of information for dissemination to participating agencies. a trained intelligence professional. In other words, intelligence personnel resources often pose as challenges. Therefore, LEAs relatively small number of people were responsible for a tells officials everything they need to know before they have to be very mindful of these challenges while incorporating Currently, such fusion centres operate in at least 25 states, comparatively large percentage of crimes. They believed knowledgeably choose a course of action. such an approach. with more being developed or planned in other parts of the that the best strategy was to have police officers focus on world. The Iowa Fusion Center is part of the state’s Law Intelligence is, thus, critical for decision making, planning, the most prevalent offenses occurring in their jurisdiction. Enforcement Terrorism Prevention Program and a product strategic targeting and crime prevention. Law enforcement The Kent Policing Model, as per the original name, de- of its State Homeland Security Strategy. The centre serves officers and managers are beset by large quantities of emphasised responses to service calls by prioritising calls and as a clearinghouse for all potentially relevant, domestically information, but this could pose the risk of being incomplete, referring less serious calls for general non-police services to generated homeland security data and information to ensure inaccurate or misdirected. The shift from information gathering other agencies. Thus, more police time was available to create proper interpretation, assessment and preventive actions. to informed decision making depends on the intelligence/ intelligence units to focus, initially, on property-related offenses analytic process, and it results in the best estimate of what has Such centres have several objectives such as providing in each of the jurisdiction’s nine service areas. The result was a happened or will happen. state-wide strategic intelligence, centralised information 24% drop in crime over 3 years.

8 Intelligence-led policing Intelligence-led policing 9 India’s law enforcement intelligence

Every LEA in India, regardless of agency function, must have is not collected or integrated effectively. Policy failure can affected areas. The spread of extreme leftist forces reveals such as defence, energy, finance, space, telecommunication, the capacity to understand the implications of information lead to the success of such surprise attacks if actions are not startling facts about the area of spread and the immense transport, land records, public essential services and utilities, collection, analysis and intelligence sharing. Each agency taken despite intelligence warnings. Even now, it remains logistical support. In this situation, it is the foremost duty of and law enforcement and security increasingly depend on must have an organised mechanism to receive and manage unclear whether intelligence agencies or policymakers could the police and administration to restore the confidence of local networks to relay data for communication purposes and for intelligence, as well as a mechanism to report and share critical have prevented the 2001 terrorist attacks. The bombings in people, who are at risk of getting caught in the cross-fire. commercial transactions. The National e-governance Program information with other LEAs. In addition, they must develop London (2005) and (2006) and the 26/11 bombings (NeGP) is one of the most ambitious in the world and seeks to Such a situation makes it imperative for the police forces to act lines of communication and information-sharing protocols with in Mumbai (2008) also highlight the fact that all attacks cannot provide more than 1,200 governmental services online. real fast and tough. They need to strengthen their intelligence the private sector, particularly with entities related to critical be prevented. The challenge and key task, therefore, is to gathering system, as well as adopt modern practises. Considering telecommunication as a case in point, the critical infrastructure, as well as with potential targets of terrorists and determine how to organise domestic intelligence efforts, how information infrastructure in India comprises around 150 criminal enterprises. to facilitate information sharing, and how to protect against Cyber crime internet and telecom service providers that offer internet, potential abuses. The degree of national security measured in terms of the Cyber security is a complex issue that cuts across multiple mobile and wireless connectivity to nearly 800 million. The security of intellectual, social, technical, environmental, cultural, India’s hostile neighbourhood, its linguistic and ethnic domains and calls for multi-dimensional, multi-layered major portion of data communication is facilitated by submarine leisure and financial capital can be viewed from the twin differences, economic disparities, political conflicts and turmoil, initiatives and responses. It has proved a challenge for the cables. India has landing points for major submarine cable dimensions of “crime rate” and the “risk of terror attacks”, both vast population beleaguered by poverty and ignorance and Indian Government because different domains are typically systems, and these are minimally protected. A preview of what of which can be of internal or external origin. Internal security exploitation, etc., are sources of its internal vulnerability and administered through siloed ministries and departments. could happen by way of these cables being disabled took place and LEAs in India, thus, face unprecedented challenges in terms propensity to higher incidences of crime. In addition, the internet population has grown considerably in 2008, when a series of outages and cable cuts in undersea of the need to tackle crime, address the increasing challenge over the last few years. Therefore, while the threats and cables running through the Suez Canal, in the Persian Gulf and of transnational criminal networks and the ongoing threat of vulnerabilities inherent to internet and cyberspace might have Malaysia caused massive communication disruptions to India international and domestic terrorism, cyber-crime, money The key threats to India’s internal security include: remained unchanged, the probability of disruption has grown and West Asia. laundering, narco-terrorism and . In parallel, apace with the rise in the number of users. The Maoist insurgency Other sectors that could be subject to serious threats include they need to meet increasing citizen expectations for more The success of internet has partly been attributed to its relative BFSI, which has largely transferred operations online. Stock transparent community-oriented law enforcement, and greater The Maoist rebellion is the country’s gravest internal security openness and low barriers (including minimal security features) exchanges in the US and Hong Kong have reportedly been public transparency and accountability. threat. It has claimed thousands of lives of paramilitary forces and innocent civilians. These groups have engaged in multiple to entry. However, while these attributes allow companies to subject to cyber-attacks. The electricity grid is also vulnerable The provision of accurate intelligence is an important part of the mass casualty attacks, including ambushes on law enforcement flourish, they have also facilitated those with malicious intent to such attacks, given the inevitable move toward the smart grid process of preventing surprises in the national security realm. teams and sabotaging of passenger trains. Originally a modest to operate with relative ease. As we grow more dependent on as a result of economic and efficiency factors. The protection of As a result, when surprises such as the 11 September attacks pro-peasant movement, the insurgency has spread to more internet for our daily activities, we also become more vulnerable critical infrastructure is a complex task requiring forethought, occur, intelligence agencies bear the brunt of scrutiny. Al than two-thirds of Indian states and across more than a third of to any disruptions caused in and through cyberspace. planning, strong laws, technologies, PPP and resources. As a Qaeda conducted a devastating strike on 9/11 by using airliners result, it tops the priority list of the Government. its total number of districts, with most of them being resource- Even though the Indian Government was a late convert to as a weapon of mass destruction (WMD). In terms of scale, rich central and eastern regions. As a result, a large number of computerisation, there has been an increasing thrust on Cyber threats can be disaggregated, based on the perpetrators it incurred a relatively small cost to create billions of dollars’ developmental works have got stalled due to Maoist activities. e-governance, which is seen as a cost-effective way of taking and their motives, into four categories: cyber espionage, cyber worth of damage. Intelligence failure is the inability to detect This is making a huge dent in our country economically and is public services to the masses across the country. Critical sectors warfare, cyber terrorism, and cyber-crime. Cyber attackers the occurrence of such attacks. This happens when information thwarting the Government’s efforts of inclusive growth for the

10 Intelligence-led policing Intelligence-led policing 11 use numerous vulnerabilities in cyberspace to commit these Organised crime records (CDRs), storage of fingerprints and/or DNA and the use acts. They exploit weaknesses in software and hardware of covert investigation techniques, including informants. This form of crime employs illegitimate methods including design through the use of malware. DDoS attacks are used to monopolisation, terrorism, and tax evasion to drive Intelligence is often erroneously viewed as pieces of information overwhelm the targeted websites. Hacking is a common way out or control lawful ownership and leadership, and to extract about people, places or events that can be used to provide of piercing the defences of protected computer systems and illegal profits from the public. Organised crime corrupts public insight about criminality or crime threats. interfering with their functioning. Identity theft is also common. officials to avert governmental interference and is becoming The scope and nature of such threats and vulnerabilities is Demand for intelligence-led security is at its peak in the present increasingly sophisticated. This crime traditionally manifested multiplying rapidly. scenario. A number of executive agencies and organisations itself in the form of extortion, protection money, contract conduct analytics and intelligence activities for national The National Crime Records Bureau (NCRB), in 2010, reported killing, boot-legging, gambling, prostitution and smuggling. In security, tax evasion, money laundering, terrorist financing, an increase of 50% in cyber-crime over the previous year. It addition, in modern times, its domain has extended to include etc. Historically, these agencies had separate missions and is imperative to institute mechanisms for defence and a suite drug trafficking, illicit arms trading, money laundering and lacked the capacity for coordination and collaboration. They of managed services to help keep the country’s network up, transporting illegitimate activities, based essentially on the are now being mandated to work together. Moreover, they are reliable and secure through actionable cyber intelligence, willingness to use brute force and violence. By corrupting public now required to work with other Central and state-level law proactive DDoS mitigation and enhanced DNS security. There is officials and engaging in monopolising or near monopolising, enforcement and crime prevention agencies to penalise criminal an urgent need for standard “threat feeds” to include in-depth organised crime aims to secure greater power. The money and enterprises that support terrorists. country and regional intelligence reports, a real-time threat feed power so gained are used to infiltrate legitimate business and and access to expert advice. several other related activities. Terrorism is emerging as a serious challenge. It Charlotte-Mecklenburg Police Department (CMPD) fights crime with predictive analysis has a huge destabilising effect on the country’s economy, trade Terrorism remains the biggest threat to India’s national security, and commerce. Existing laws and procedures are inadequate to The Charlotte-Mecklenburg Police Department (CMPD) provides police services for Charlotte and the unincorporated businesses and way of life. The ongoing increase in and the support LEAs to act against organised criminal syndicates. The areas of Mecklenburg County, North Carolina. The department, which has 1,716 officers and 530 civilian staff, serves spread of attacks in recent years point to the huge challenge slow pace of trials and low conviction rates, lack of resources a population of more than 700,000 citizens. CMPD is applying an information-based policy to predict the likelihood of that India’s security establishments face in countering the and training, lack of inter-agency coordination, criminal, and crime and to improve measures designed to prevent potential future crimes. Command staff, crime analysts and patrol nefarious motives of such perpetrators. The strategic location of officers use operational, tactical and predictive dashboards to visualise areas on a map that have the highest probability political and bureaucratic nexus are some of the other major India makes it more vulnerable in an increasingly unstable South of a crime occurring during any four-hour window. Interaction among past, present and forecast data is rigorously factors responsible for the growth in organised crime in the Asia. India has been facing threat of cross-border terrorism evaluated and weighed according to a variety of predictive models. Information is evaluated over various periods of time country. since independence. Its shared border with many nations makes for indicators, such as crime patterns, motives, physical location, day, time, weather, political factors, economic factors, the task of internal and external security more difficult. school calendars, pay periods and events. Every factor can have a substantial impact on each predictive model. The insight gained from the solution helps command staff to more knowledgeably deploy resources and allows officers to The ethnic mix of population also adds fuel to fire, as the Domestic intelligence efforts to combat security more effectively manage their areas of responsibility to deter crime. Government is unable to accommodate the aspirations of threats Reference: http://www.informationbuilders.com/applications/cmpd all of the religious groups. This is evident from the terrorist As a law enforcement strategy, criminal intelligence5 has been attacks in Punjab in 1980s, followed by the and J&K in existence for many years. Although it has only recently been problems in 1990s and, more recently, the Maoism threat in formalised, many of the basic (and intuitive) approaches of the Chhattisgarh, Bihar and , West Bengal and traditional investigator have remained unchanged. For instance, Orissa. India shares ethnic, religious and cultural affinities with officers have always attempted to identify the common thread its neighbours. During conflict, tension flows inward in the form that links clues in a case or have kept a mental note of the habits of state-sponsored terrorism. Since these states have the ability of prominent criminals or have cultivated special relationships to unleash terrorist activities in different capacity, they can with people in the criminal underworld who provide inside choose to employ their own directly recruited and controlled information. This has always been considered good police work. terror squads or work through proxies and client movements Consequently, even in countries where the term “criminal across the border. The terrorist menace from across the border intelligence” has not been formally adopted, there are traces of is supported financially and materially by the Government and the key components of a criminal intelligence system, such as other institutions of these countries. the gathering of information about criminals, including call data

5Criminal intelligence is the creation of an intelligence knowledge product that supports decision making in the areas of law enforcement, crime reduction, and crime prevention [Reference: Integrated Intelligence and Crime Analysis: Enhanced Information Management for Law Enforcement Leaders, Jerry H. Ratcliffe, Ph.D. Second Edition, Community Oriented Policing Services, U S Department of Justice]

12 Intelligence-led policing The following figure presents an illustrative snapshot of law enforcement functions and some of the ley agencies at the center and state levels in India. Informant information

Agencies that conduct analytics & intelligence activities Undercover Surveillance

State Governments Center Document evidence Travel records Ministry of Ministry of Finance State Police Forces Communications & IT Ministry of Home Affairs (MoF) (MHA) (MCIT) Collectively, what Forensic evidence does it mean ? CCTV videotapes

Crime detection Investigation Crime detection & prevention Investigation & prevention Dumpster diving Banking transactions

Wiretap Pen register ) ) I ) ) D R I ) ) ) ( I A

W W E C B e N I A I U ) ( ( (

c O

F ) y ) n ) n ( N C B R A y E c ( o e ( S t c

(

i s I B n

t i Trap & trace g n N S g T ( u i g e x e

l a i l e n a A n r i a g u U n g i ( g e

x

t e t i a T r A t o

e A W

a d W s l e u

C T

I n

a c r e a T e I n - a r s n s ( i

n i u c v u B R I D e o o s l c e e s e n q B r u b t i c n o G I n y

g R T e C B l

e m i n a S a n o f l e t r T

C I D g a l A o e i r g t i e c o n m l L f n

c l v t i C E o t e f n c t a r u i Law enforcement intelligence, therefore, is the product of an because both policy and operational decisions are made using s N A m e r I n t e A O s I n a S e

R e C o

g e

&

l i n e v I n c l s

f C o

e i r l T analytic process that provides an integrated perspective to intelligence; therefore, a vigilant process must be in place to a e

c i h c c I n r u i o i

t i t i t e m c c l l o B r n o o n o

m t e

a disparate information about crime, crime trends, crime and ensure that decisions are made on objective, informed criteria, F I n l a c n a A o a n P r a e r o n n o i s t r

c security threats, and conditions associated with criminality. The rather than on presumed criteria. t i o t o F n N a c E c R e e E N a need for carefully analysed and reliable information is essential r C e D i

Pieces of information gathered from diverse sources, for example, wiretaps, informants, banking records or surveillance, are Comparative illustration of differences between information and intelligence basically of raw nature with limited inherent meaning. Intelligence requires a wide array of raw information to be assessed for Information Intelligence validity and reliability, reviewed for materiality to the issues at question, and interpreted through the application of inductive or deductive logic. • Criminal history and driving records • A report by an analyst that draws conclusions about a person’s • Offence reporting record criminal liability based on an integrated analysis of diverse information collected by investigators and/or researchers • Statements by informants, witnesses and suspects • An analysis of crime or terrorism trends with conclusions drawn • Registration information for motor vehicles, watercraft and aircraft about characteristics of offenders, probable future crime, and • Licensing details about vehicle operators and professional licenses optional methods for preventing future crime/terrorism of all forms • A forecast drawn about potential victimisation of crime or terrorism • Observations of behaviours and incidents by investigators, based on an assessment of limited information when an analyst surveillance teams, or citizens uses past experience as context for the conclusion • Details about banking, investments, credit reports, and other • An estimate of a person’s income from a criminal enterprise based financial matters on a market and trafficking analysis of illegal commodities • Description of travel including, the traveller(s) names, itinerary, methods of travel, date, time, locations .

Intelligence-led policing 15 The phrase “law enforcement intelligence,” cannot be used protect civil liberties and ensure accountability of intelligence gain a more complete understanding of criminality necessary to Before the reorganisation of intelligence agencies in 1968, the synonymously with “criminal intelligence”. This is because, operations. Organisational mechanisms, information sharing formulate effective crime reduction and prevention strategies. IB was responsible for both internal and external intelligence. first, intelligence and law enforcement operate in different and oversight are critical components to institute effective The integrated analysis model will allow executives to see The need for an effective intelligence network in India did not worlds – one gathers information and the other seeks to domestic intelligence capability. the big picture of criminality and access a wider range of emerge until the Indo-China border conflict of 1962. It is only prosecute. Second, with the development of multiple agencies enforcement options. Furthermore, it would allow a more fluid since the birth of the Research and Analysis Wing (RAW) in at the central and state levels that are focussed on intelligence, response to crime, based on a realistic model of analysis that 1968 that the IB was expected to collect intelligence within there has been a corresponding increase in bureaucratisation. India’s intelligence agencies and organisational better mimics the criminal environment. the country. It has since been identified as the premier agency This adds to the challenge of sharing information. Lastly and, set-up for “domestic intelligence”. On the other hand, the primary The diagram below illustrates at high level, the intelligence perhaps most importantly, there are issues concerning the Law enforcement executives are increasingly recognising that and law enforcement organisational set-up in India. protection of civil liberties and effective oversight. gathering data and information about the criminal environment and criminal activity is not sufficient. The challenge is to corral this wealth of data into knowledge that can enhance decision Political Cabinet Committee on Security (“CCS”) A Major West Coast North American City making, improve strategies to combat crime, and increase crime prevention benefits. In other words, the aim is to convert data Ministry of Home National Security Cabinet Secretariat Prime Minister’s The city’s police department deployed a back-end Administrative database application to integrate all of its disparate and information into actionable intelligence. Affairs (‘MHA’) Council (‘NSC’) (‘CS’) Office (‘PMO’) databases, and it supplemented this with a secure feed For most of the history of law enforcement, criminal intelligence to more than 600 million police records across several — information that relates to the activities of criminal individuals jurisdictions from a third-party provider. In addition, Intelligence Bureau Joint Intelligence Research & Analysis Defence or groups of offenders — has been retained by special units or by (‘IB’) Committee (‘JIC’) Wing (‘RAW’) Intelligence the force implemented a powerful set of crime analysis individual detectives. Even after the introduction of intelligence tools and a geospatial and temporal analysis engine to National Technical Financial units, these analytical groups often keep their information MACs methodically view and analyse crime-related data. This Research Organization Intelligence gave officers a new ability to gain insight into crime within the narrow confines of their specific unit. The focus of (‘NTRO’) Intelligence patterns, and predict when and where crimes are likely intelligence units was traditionally on reactive, investigative NATGRID to occur, enabling them to proactively plan and allocate support. This situation continues in most places. For example, Aviation Research policing resources. narcotics intelligence units do not share intelligence beyond Center (‘ARC’) The city’s bold step to build its competencies according their units, and street gang intelligence units follow the same National Security to Smarter Public Safety principles generated value practise. In the new environment of intelligence-led policing, Council Secretariat at many levels. Operational value was realised in these information silos are valuable as strategic resources reduced analysis time (a drop of more than 98%) and for the whole police department to squander on the needs of Central Paramilitary increased response effectiveness, and the ability to an individual investigator or unit. As we learn more about the Forces (CPMFs) deploy resources dynamically. At the same time, the abilities of organised crime groups to engage in a range of city gained brand value from building on its tradition criminal enterprises such as street crime, narcotics, human State Police of being an innovator by applying modern analytics Enforcement smuggling, and money laundering, it has become necessary to and spatial mapping technology to enhance public Home Guards safety. The societal value from the Smarter Public restructure law enforcement analytical services to better reflect Safety approach was also realised in lower rates of this criminal environment. Civil Defence both property crime (24% reduction) and violent crime In addition, a key focus area for governments across the world is (9% reduction). Finally, the force had the capability the prevention of terrorist incidents by generating data through to address the root causes of crime and change the Note: course of crimes in the city, for instance, by identifying SIGINT, COMINT and other databases, and then integrating and 1. State Police: State Police Forces, State Police Forces and removing critical gang leaders, which created analysing the data for “actionable intelligence”. The National 2. Defence Intelligence: Army, Navy, Air - Force and Defence Intelligence Agency innovation value for the city. Intelligence Grid (NATGRID) is a major initiative that will help 3. : : Financial Intelligence Unit (FIU), Income Tax Directorate, Customs & Central Excise and Enforcement Indian intelligence agencies face terrorism challenges by Directorate Reference: Frost & Sullivan, Beyond Borders – Tracing the Impacts of Smarter gaining access to 21 categories of data sources and turning the Public Safety Reference: http://www.pib.nic.in/newsite/erelease.aspx?relid=56395 information so available into actionable intelligence. Intelligence Bureau (IB) is one of the oldest intelligence responsibility for collecting external intelligence, including on The challenge in developing a viable domestic intelligence The net result of these endeavours was the endorsement of agencies operating in the country. Its roots can be traced a potential adversary’s military deployment, is vested with capability for India centers on how to organise these capabilities an integrated analysis model. By blending crime analysis with back to the Imperial Intelligence Bureau, which served British the RAW. Both of the agencies play a major role in producing optimally within the larger intelligence framework, how to criminal intelligence, crime analysis can provide the “what is interests in India. The IB falls under India’s Ministry of Home intelligence relating to counterterrorism. ensure streamlined information sharing between foreign happening” picture of the criminal environment, and criminal Affairs. The Director of the IB reports to the Prime Minister on intelligence and the multitude of domestic law enforcement intelligence can provide the “why it is happening” reasoning. Intelligence agencies must be clear about challenges to the intelligence issues. agencies, and how best to implement oversight mechanisms to These two components, used in combination, are essential to

16 Intelligence-led policing Intelligence-led policing 17 security of the state. They will need to extend their scope to Initiatives for enhancing the existing Indian 3. National Intelligence Grid (NATGRID): It aims to link several In addition, the CCTNS project aims at: collecting intelligence on internal security, external security, intelligence databases to help aggregate comprehensive intelligence set-up • ►Increasing operational efficiency by: military intelligence – both tactical and strategic, economic and patterns of intelligence that can be readily shared and commercial intelligence, as well as new data in science and In days following the 26/11 attacks, a large-scale overhaul of accessed by the entire intelligence community. It is a • Reducing the need to manually perform monotonous and technology related issues. the Indian intelligence set-up was planned through a number of counter terrorism measure that collects and collates a host repetitive tasks initiatives, including: of information, including tax and bank account details, This necessitates the creation of a world-class intelligence • Improving communication, e.g., police messaging, email credit card transactions, visa and immigration records, set-up to meet these requirements. While the main role of 1. The set-up of a National Investigation Agency (NIA): It systems and itineraries of rail and air travel, from government intelligence collection will remain focussed on the collection is a federal agency established by the Indian Government databases. This combined data is made available to 11 • Automating back-office functions to enable police staff to of inputs (operations), compilation and assessment (analysis) to combat terror in India. It acts as the central counter- central agencies, namely, Research and Analysis Wing, maintain greater focus on core police functions would be equally important, but the kind of intelligence needed terrorism LEA. The agency is empowered to deal with the Intelligence Bureau, Central Bureau of Investigation, and the speed in obtaining it would be crucial. terror-related crimes across states. The agency came into • ►Creating platforms at the state and central levels for sharing Financial intelligence unit, Central Board of Direct Taxes, existence with the enactment of the National Investigation crime and criminal information/databases across the country There is also a great need to take cognizance of the many Agency Act 2008 by the on 31 Directorate of Revenue Intelligence, Enforcement non-traditional areas of intelligence – financial transactions, December 2008. It aims to set standards of excellence Directorate, , Central Board of • ►Creating platforms for sharing intelligence across states, technological transactions, large company manoeuvres, in counter terrorism and other national security-related Excise and Customs and the Directorate General of Central across the country and across other state-level and GoI-level organised crime, etc. Connecting the dots in these specialised investigations at the national level by developing a highly Excise Intelligence.. agencies areas of intelligence collection would make the process of trained, partnership-oriented workforce. It also aspires Unlike the NCTC and the NIA, which are central organisations, • ►Improving service delivery to the public/citizens/stakeholders intelligence collection far more complicated. to create deterrence for existing and potential terrorist the NATGRID is essentially a tool that enables security agencies Every major economic department may need an intelligence groups/individuals. It aims to position itself as a storehouse to locate and obtain relevant information on terror suspects wing, and increased outsourcing from intelligence agencies of all terrorist-related information. from the pooled data of various organisations and services in to think tanks may become necessary. In practice, such Various Special Courts have been notified by the Central the country. It will help identify, capture and prosecute terrorists cooperation is already happening in the day-to-day functioning for the trial of cases registered at various and help pre-empt terrorist plots. of government departments, but there is a widespread need for police stations of NIA under Section 11 and 22 of the NIA 4. Crime and Criminal Tracking Network System (CCTNS): this process to be formally institutionalised. Act 2008. Any question as to the jurisdiction of these courts Realising the gross deficiency in connectivity, the Central Many breaches of national security in India have occurred in is decided by the Central Government. These are presided Government is implementing an ambitious scheme, the the past. Such instances continue to plague our country, not over by a judge appointed by the Central Government on the CCTNS. The project was started in 2009 to facilitate for want of intelligence, but because of the faulty analysis of recommendation of the Chief Justice of the High Court in that collection, storage, retrieval, analysis, transfer and available intelligence and inadequate follow-up action thereon, region. Trials by these courts are held on day-to-day basis on all sharing of data and information at the police station, and and/or co-ordination of input. This issue is not adequately working days and have precedence over the trial of any other between the police station and the state headquarters and highlighted in most post mortems of perceived intelligence case against the accused in any other court (not being a Special the central police organisations. CCTNS aims at creating failures surfacing in the media. Court). These have to be concluded in preference to the trial of a comprehensive and integrated system for enhancing such other cases. the efficiency and effectiveness of policing through the The major challenges in the Indian intelligence scenario are: 2. National Counter Terrorism Centre (NCTC): It is a adoption of e-Governance and the creation of a nationwide • ►Inadequate methods by which intelligence is processed and proposed federal anti-terror agency to be created in India, networking infrastructure. This would enable the evolution shared between central and shared agencies modelled on the National Counterterrorism Centre of the of an IT-enabled state-of-the-art tracking system for the investigation of crime and detection of criminals. • ►Confusion in processing intelligence alerts by various US. The proposal came after the authorities (26/11), where several intelligence and operational failures Under the CCTNS project, approx. 14,000 police stations revealed the need for a federal agency with real-time throughout the country have been proposed to be automated, • ►State governments widely neglecting the usefulness of open- intelligence input of actionable value specifically created to besides 6,000 higher offices in the police hierarchy, e.g., source intelligence counter terrorist acts against India. Circles, Sub-Divisions, Districts, Range, Zones, Police • ►Insufficient inter-agency coordination The NCTC will execute counter-terror operations and collect, Headquarters, SCRBs, including scientific and technical collate and disseminate data on terrorism, besides maintaining organisations having databases required for providing a database on terrorists and their associates, including their assistance and information for investigation and other purposes, families. The NCTC will be empowered to analyse intelligence e.g., Finger Print Bureaux, Forensic Labs etc. by 2012. shared by agencies such as the Intelligence Bureau and select suitable data. It will also be granted powers to conduct searches and arrests in any part of India and formulate responses to terror threats.

18 Intelligence-led policing Intelligence-led policing 19 Understanding the intelligence architecture

Given the increasing number and sophistication of crimes in Intelligence management framework Planning Collection India, intelligence and investigation agencies such as RAW, To establish an effective and participative intelligence Data collection is the process of gathering data on variables of IB, NIA and CBI, as well as state police departments, are being An effective intelligence management framework is required management framework, it is essential that a robust intelligence interest in a systematic fashion to enable data-driven analysis held to higher standards of performance and accountability. to ensure robust intelligence gathering, interpretation, plan is created among the various stakeholders. The plan and decision making. Collection aims to create a set of raw After collecting the right sort of data, it has to be integrated, analysis and dissemination to assist in crime prevention and has to be supported by strong laws and bilateral/multilateral information from multiple sources. The information is then correlated and transformed into real, actionable information investigation. The figure below represents the building blocks of agreements between/among various agencies. processed and analysed to arrive at patterns and inferences. to assist in crime prevention, as well as the effective crime the intelligence management framework for law enforcement. investigation and prosecution of criminals. Furthermore, this These five steps have been described in subsequent sections. An effective plan for intelligence-led law enforcement requires Crime detection and prevention require the collection of data intelligence needs to be disseminated to appropriate LEAs to the various stakeholders to: from distinct sources including: make timely decisions. • Understand the objectives and functions of the intelligence 1. Law enforcement databases maintained by LEAs such as management framework, both for crime prevention and National Crime Records Bureau (NCRB) database, Crime crime investigation and Criminal Tracking Network & Systems (CCTNS) and e-Courts Elements of Intelligence Management Framework • Identify all of the stakeholders and partners involved in the process and their individual objectives, mandates and 2. Government databases including tax databases, passport boundaries database, Immigrant, Visa, Foreigner, Immigration, and Planning Visa and Foreigner’s Registration & Tracking (IVFRT) • Identify laws and regulations governing intelligence gathering Identifying and agreeing upon the mechanism for identifying, collecting, analyzing & disseminating intelligence database and sharing activities 3. Intelligence agency databases maintained by agencies such Collection • Institute a governing entity and a governance and oversight as RAW and IB and national-level investigation agencies, Collection of data from various sources, both pre-defined formal sources as well as ad-hoc informal mechanism to support the framework sources such as CBI and NIA, for internal security • Clearly outline the steps required in the intelligence 4. Surveillance feeds (government as well as private), management process, as well as the roles and responsibilities Processing including those from surveillance cameras installed How can the data and information collected from various sources be standardized for analysis of each stakeholder for security or traffic management and from private • Enter contractual agreements and institute laws supporting surveillance cameras installed in shopping malls, ATMs, etc. Analysis the intelligence management process Applying advanced data analytics techniques on the information gathered to derive meaningful intelligence 5. Utility and financial databases of utilities such as telecom, • Monitor and manage the process and upgrade it on an airlines, banking, hospitals and land records ongoing basis Dissemination 6. Open/Public data available on social media websites, Timely dispatch of relevant information to various law enforcement agencies newspapers and media or open data available in the public domain

Reference: 18, http://www.pib.nic.in/newsite/erelease.aspx?relid=56395

20 Intelligence-led policing Intelligence-led policing 21 With such distinct sources of data, it is critical to have country code, i.e., the number of digits entered matched 3. Loads it into the end target (database, more specifically, a well-defined data collection plan and methodology in the convention for the country or area specified. Another operational data store, data mart, or data warehouse) US Commercial Aviation partnership balances place. Furthermore, LEAs require access to confidential validation could be range and constraint validation and homeland security with travellers’ needs By using ETL techniques, data mining and data modelling, data, which can raise concerns of privacy among validation against rules imposed by the user organisation. data can be stored properly in particular storage for use in 11 September 2001: After the 9/11 terrorist attacks, citizens. It is, therefore, necessary to establish checks airport security and passengers screening were Checking for data integrity – The integrity of data is an important analytics application. ETL systems are used commonly to and balances to ensure that such access is authorised enhanced dramatically, but the security measures came factor in analysing crime and mapping the needs of an agency. integrate heterogeneous data from multiple sources, including and is not misused by individuals or agencies at a significant cost to the airline industry and to the Data integrity refers to the quality of the data, i.e., consistency applications developed by different vendors or on varying convenience of the travelling public. While the need for and accuracy of data. An example of inconsistent data is a single underlying hardware/software base. increased security measures was undisputed, the civil address listed in many different ways, e.g., 100 E. Main Av, aviation industry wanted to be certain that new security Analysis U.S. Facial Recognition Data Collection Project 100 Main Av, 100 E. Main or 100 E. Maine Ave. An example of measures were being implemented appropriately, with inaccurate data is a report mistakenly coded as a theft when it This step covers various methods of automated data analysis maximum effectiveness and without causing undue September 16, 2013: Department of Homeland disruption and expense. Security Science and Technology Directorate (DHS S&T) was a robbery. Data consistency and accuracy, known together to discover previously unknown intelligence through links, Resilient Systems Division has funded Pacific Northwest as data integrity or data quality, are crucial to conducting associations and patterns in the data. It involves establishing To ensure that decisions on airline security and National Laboratory (PNNL) to perform a facial video crime analysis. It is also necessary to weed out duplicates solutions for link analysis, predictive analysis, search analysis, passenger screener services are made on an data collection. within datasets to ensure data consistency and integrity. predictive analysis, social network analysis, video/voice analytically sound basis, a group of government analytics, business intelligence, data mining solutions and agencies (including the Department of Homeland S&T is conducting this Privacy Impact Assessment (PIA) Sorting – It means arranging items in some workflow systems. Security and its Transportation Security Administration) to address privacy concerns raised by the collection and sequence and/or in different sets. This exercise can and private sector associations and individual use of facial recognition data. considerably quicken the data analysis process as it Analysis requires various business rules to identify patterns and companies (including Boeing and AIRBUS) formed It is used to determine the accuracy of the facial is easy to draw inferences from structured data. link suspects based on parametric rules. Business intelligence the US Commercial Aviation Partnership. Analytics recognition software. Protection mechanisms have solutions are used to perform both ad-hoc and scheduled and industrial engineering professionals from Boeing Summarising – This intends to reduce detailed data to been implemented to protect privacy of volunteers, as analysis of data through slicing and dicing date across various and the Transportation Security Administration (TSA) its main points. This step, along with standardisation well as members of public that may present during the dimensions, drill-down and drill up, what-if analysis, time-based developed a suite of models, known Economic Tool. measures (used during data gathering), ensures that These models help define and predict the operational video data collection. The data collection and testing patterns, etc. will help DHS determine the current capabilities and the given raw data is converted into standardised data and economic impact of air travel security options on a limitation of facial recognition software. sets that are ready for analysis and presentation. Dissemination system-wide basis. Aggregating – This step entails combining multiple pieces of This step involves providing fast, time-sensitive, reliable, useful The tool helps decision makers estimate the security Source: DHS website data into groups or subsets that can be analysed together. This information and updates to relevant stakeholders. efficiency, screener service performance, and economic/business performance impact of various can be useful in carrying out statistical analysis, for example, One of the key aspects of dissemination involves bilateral/ policy, strategy, and operational choices. Cost and Processing to statistically compare the number of women-related crimes multilateral agreements between/among intelligence agencies benefit values are calculated for the TSA, as well as for through the years, it would be necessary to aggregate all Data collected for intelligence can be structured or and LEAs to disseminate relevant data in pre-defined formats airlines, airports, hotels and related services. forms of crimes with women under the same category. unstructured. Extracting the right information can pose and agreed frequencies (where applicable). The disseminated a challenge. Raw data sourced from different agencies Classifying – separates data into various categories. For data should be relevant to the recipient and provide role-based Source: DHS website can suffer from deficiencies such as inconsistency, example, data modelling can be undertaken based on city, information. duplicity and non-standardisation. Data processing is a region and zone level. Agencies can target a particular Analytics in crime prediction and crime prediction Another key aspect of intelligence dissemination is the necessary step before analysis can be conducted to draw area where crime has more weightage and can manage representation of the results and inferences arrived through Investigation agencies involved in crime investigation meaningful information. In addition, it is necessary, in resource allocation on deputing the officers on right time. analytics in the form of executive dashboards and reports. and prediction are increasingly turning to ICT-driven most cases, to aggregate and organise data into suitable In the existing paradigm of electronic data collection Visual reporting and dashboarding makes the results of advanced analytics tools to analyse the large amount categories/clusters for drawing better inferences. Data and analysis, where most of the data is present data analysis easily presentable to decision makers for quick of data collected from various sources. This helps them processing may involve various steps, including: electronically in data-marts and data-warehouse, it is decisions. draw inferences and deductions that are not apparent Validation – Data needs to be clean, correct and useful. crucial that the processed data is stored in appropriate through the traditional methods of analysis. Analytic Reporting involves creating dashboards and reports in the form It is crucial that data sourced from different agencies is structures within these databases. In computing, extract, tools are finding their application in both investigation desired by the intended recipients. The process of reporting validated for its correctness and authenticity. The simplest transform, and load (ETL) refers to a process in database scenarios and prediction of the occurrence of crimes. requires understanding the recipients’ intelligence requirements form of data validation implies ensuring that data elements usage and, especially, in data warehousing that: to create meta-data for reports and dashboards that can In the section below, an attempt has been made to are present in the format required. For example, telephone 1. Extracts data from outside sources address their information needs. The dashboards should have understand the application of analytics solutions numbers are routinely expected to include digits and easy navigability and present the big picture at a glance, while in crime investigation and prediction. characters +, and -. A more sophisticated data validation 2. Transforms it to fit operational needs, which can include allowing the recipients to drill down deep into the data. routine would check to see if the user had entered a valid quality levels 1. Crime prediction – LEAs are increasingly relying on predictive methods to determine the probabilities of events,

22 Intelligence-led policing Intelligence-led policing 23 based on past data and by deriving relationships between current crimes with the already available database of crimes person has engaged in or links to other people, places safety of officers and citizens. A few examples where LEAs can the various apparently unrelated events. According to a and criminals and further uncovering patterns, and linkages and things. use the GIS-based crime analytics are: white paper published by RAND Corporation7, analytical to identify culprits. An example scenario in the subsequent 2. Pattern-based queries involve identifying some predictive a. Pin/Point maps such as geocoded point locations of methods for the prediction of criminal activities can be section describes the analytics used in crime investigation. model or pattern of behaviour and searching for that crime incidents divided into four broad categories: pattern in data sets. These models can be discovered b. Graduated symbol maps including proportion of male and a. Methods for predicting crimes: focus on determining through data mining, or they can come from outside Different types of analytic techniques used for female victims of crime the probabilities of occurrence of certain crimes at crime prediction and investigation knowledge – intelligence or expertise about a subject. certain places or time However, once the patterns are obtained, the process c. Choropleth maps such as crime rate per neighbourhood, Conventional methods of crime analysis are heuristically simpler involves looking for the occurrence of these patterns of proportion of juveniles involved in criminal activity, etc. b. Methods for predicting offenders: determine and and, therefore, cost lower and can work well on low-to-moderate activity in data. identify potential offenders who are at high risk of data volumes and levels of complexity. In contrast, advanced d. Flow line/network maps such as suspect movement committing criminal activities A few prominent analytics techniques that are commonly crime analytics techniques require sophisticated analytics e. Isoline maps including outlines of crime target areas, crime used across sectors and are increasingly finding use in crime c. Methods for predicting perpetrators’ identities: used to methods to work on large and complex data sets. In this context, density or crime hotspots prediction and investigation have been described below. create profiles that accurately match likely offenders a large data set is defined as one that is beyond the processing 4. Social network analytics with specific past crimes capabilities of a single analyst and which an analyst cannot 1. Link analytics recall and analyse without the help of some computer programs. These techniques view social relationships in terms of network d. Methods for predicting victims of crimes: used to It can be used in crime investigations to arrive at conclusions Conventional approaches start with mapping locations and theory and as consisting of nodes (representing individual actors identify groups or, in some cases, individuals who are that are not apparent when the data sets are viewed in isolation. determining where the crimes are most likely to occur. The within the network) and ties (in terms of relationships between likely to become victims of crime Link analytics technique uses aggregated public records or corresponding advanced analytics methods start, at the most individuals, such as friendship, kinship and organisational other large collections of data to find links between a subject – a 2. Crime investigation – Analytics have been used since basic level, with regression analyses and extend all the way position ). suspect, an address, or other piece of relevant information — long for carrying out crime investigation. It is relatively to cutting-edge heuristic mathematical models that are the and other people, places or things. This can provide additional Visual representation and analytics of networks is a powerful much less complex as compared to predictive analysis, as subjects of active research. clues for analysts and investigators. method for conveying complex information, and is easy in in most cases, rather than predicting the probabilities of The table below illustrates the application of advanced analytics interpreting node and graph properties from visual displays. future events, investigative analytics techniques focus on 2. Predictive analytics for predicting and investigating crimes. It also highlights It can, therefore, be used to derive relationships between establishing linkages between the characteristics of the It involves deriving predictions from patterns in “relational” criminals and criminal activities. data (in which the key facts are relationships between people, This type of analytics can be used for both investigative and organisations, and activities — from a variety of different types preventive objectives, as social interactions within the cyber Law enforcement’s use of predictive technologies and sources of data). The effective models of countering crimes world closely mirror real interactions and can, therefore, Problem Conventional crime analysis (low to moderate Advanced crime analytics (large data demand must find predictive links among lower-level activities (such as be used to derive inferences and predictions, both post and data demand and complexity) and high complexity) illegal immigration, counterfeiting, etc.), people, organisations pre criminal activities. The posts, tweets, likes, shares and Using a wide range and large variety of Basic regression models created in a Regression, classification, and clustering and events that can allow inferences and predictions about recommendations can be analysed in real time by running additional data spreadsheet program models higher-level clandestine organisations and activities. Data on ad-hoc queries. At the same time, algorithms can help break Accounting for increased risk from a recent Assumption of increased risk in areas Near-repeat modelling these lower-level activities exist in different places, and the sentences into component parts, remove common words and crime immediately surrounding a recent crime relationships between them that are important. provide visualisations of the most meaningful words and the Determine when areas will be most at risk of Graphing/Mapping the frequency of crimes in a Spatiotemporal analysis methods crime given area by time/date (or specific events) Analysts might use these techniques to evaluate the significance frequency of their use over time. This can give a real-time of leads or suspicions, to generate those leads, to structure assessment of the activities of a particular set of people and Identify geographic features that increase the Finding locations with the greatest frequency of Risk terrain analysis risk of crime crime incidents and drawing inferences or order an investigation or to acquire additional information can, therefore, forewarn agencies of impeding threats by along the way. Using predictive analytics, LEAs can improve systematic analysis. Source: RAND Corporation the analysis of relational data by combining low-level pattern 5. Video analytics 1. Subject-based queries start with a specific and known instances to provide leads for predicting criminal plots. the increasing complexity of these methods compared to LEAs can use data from video surveillance systems to analyse subject and search for more information. The subject could 3. GIS-based crime analytics conventional crime analysis techniques. be an identity – a suspect, an airline passenger, or a name video streams for the detection of persons/events of interest. GIS analytics systems allow the integration of information Video analytics can alert on events of interest much more There are two ways to use automated data analytics in crime on a watch list, or it could be something specific such as sources such as incidents, offenses, arrests and calls for effectively than reliance on a human operator, which is a prediction and investigation: by following subject-based queries a place or a telephone number. A subject-based query service on a single integrated geospatial platform. This unique costly resource with limited alertness and attention. Analysing or pattern-based queries. will seek more information about and a more complete understanding of the subject, such as activities that a combination empowers analysts to extract valuable intelligence, recorded video is a need that can rarely be answered effectively and analyse and correlate events to make timely and informed by human operators due to the lengthy process of manually decisions in an environment that can have a direct impact on the going through and observing the recorded video and the 7Predictive Policing: The Role of Crime Forecasting in Law Enforcement Operations, Safety and Justice Program, RAND Corporation associated manpower cost for this task. 24 Intelligence-led policing Intelligence-led policing 25 Video analytics can help agencies assess recorded videos for occurrence) of future IED events within a specified future time successful. During the AHS test period, the units studied Crime investigation sample scenario suspicious activities in: frame (typically 24-48 hours). achieved an average success rate of 30 percent, with a range between 50 percent and 11 percent. Success meant that in the This section presents a hypothetical example of a. Abandoned object detection: Video analytics can alert that In addition to tests against historical data, analysts also 24 or 48 hours following a nomination (the period varied by investigating crime through advanced analytics technique. an object such as a briefcase appearing in the video could used experimental AHS code to provide AHS nominations unit), at least one IED incident (explosion or found and cleared) The hypothetical case is about a bomb blast in a certain be an abandoned object. to several brigade size units on daily basis. The nominations occurred in the nominated area. city in India. The details here trace the sequence of the were sent to test units for tactical planning. The feedback b. Intruder detection: A video feed with video analytics can event that could be followed a thorough investigative from these units was positive: Most actions taken (sniper, provide investigating agencies with invaluable visual cues to analysis of the case using advanced analytics. overwatch) as a result of planning informed by AHS find suspects. nominations led to positive results. Feedback was used 1 Occurence of an accident c. Human tracking: Analytics in the video can be set to to further refine the code for operational efficiency. categorise specific moving objects and will generate an Incident description The results of the test period were encouraging. Although units INCIDENT: bomb blast alarm on those that are pre-defined as positive. did not always take action on the nominated hot spots but when A bomb blast on the streets of ani ndian city leaves 2 dead and 4 injured. The bomb was kept on a bicycle in d. License plate recognition: Investigating agencies can they did choose to take action in response to a nominated AHS, front of a shop in the main market. A modified cell phone attached to the IED device was used to detonate the bomb use it for Automated Number Plate Recognition (ANPR) it was usually because the hot spot had been corroborated enforcement, where the solution can detect and analyse by other intelligence, and these actions were almost always 2 Data collection-investigation initiated by state police department license plates for the detection of vehicles that have been black-listed. Terrorist plots are rare and difficult to predict reliably, 6. Behavioural analytics of violent crime but preparatory and planning activities in which terrorists engage can be identified. Using predictive Forensic report Data mining tools can model and analyse violent criminal Lodge FIR, create case analysis, LEAs can improve their analysis of relational diaries, charge sheet , behaviours. Given the tools available in the market and the data by combining low-level pattern instances to list of accused, understanding of criminal psychology, it is possible to model provide leads for detecting rare suspects/absconder even extremely violent behaviour to analyse, anticipate and high-level patterns. Detecting combinations of these address, photos, fingerprints etc. CCTNS DB predict violent acts. low-level activities such as illegal immigration, CCTV Footage Ballistics report operating front businesses, money transfers, use Update CCTNS DB based on state police investigation With data mining, relationships that might not be obvious of drop boxes and hotel addresses for commercial are revealed. For example, using data mining, a relationship activities and having multiple identities could help IAs Analytics on data sources between property crimes and stranger rape can be discovered. in predicting terrorist plots. 3 Extract FIR, charge sheet, Therefore, through advanced analytics over data from different forensics report etc. from the CCTNS DB sources, it is possible to identify patterns and linkages between Based on the list of suspects in otherwise unrelated events. previous incidents, search Map predictive ecourtDB to identify if, any threat rankings on GIS map court case has been initiated against the suspect, source Crime prediction sample scenario Telecom DB Ecourts DB other details as available to the court etc. Immediately after the major combat operations in Iraq in April CDR received from the telecom agencies are 2003, the US forces had to deal with insurgents placing IEDs analyzed using analytics Based on the list of suspects along the routes frequented by US troops. This had become Investigating team in previous incidents, search a serious menace as the location and timing of the placement prison DB to identify arrests of these IEDs was difficult to predict. At the time, RAND or conviction of suspects or their accomplices. Corporation developed the concept of Actionable Hotspots Past data on IED incidents Prison management DB (AHS) to use the recent data about the location and time of (e.g. detonated, found AHS Software Based on similar IED related activities to detect patterns and therefore predict and cleared, interrupted (mathematical during emplacement) cases in the past, identify list of possible threats and activities in the immediate area. models) Financial Analyze financial footprints for suspects, their terror links, transaction suspected bank accounts using funding sources, operational analytics The software typically looked for two or more IED events in a DB geographies etc. using analytics small user specified areas (typically 100 m radius) over several Case management DB weeks. Mathematical models were then applied to give rankings to the clusters, displaying the results on maps. This was then 4 IDENTIFY AND PROSECUTE CRIMINALS validated by evaluating the results against the occurrence (non- Mathematical model strengthened with feedback Based on the above analysis, criminals can be identified for prosecution.

26 Intelligence-led policing Intelligence-led policing 27 Way forward

The paper has discussed, in detail, the importance of analytics, Various capabilities of data analytics should be enhanced for as well as various kinds of analytics tools that can be used by better utilisation of analytics capabilities, as follows: Data Collection Data Processing a t

LEAs for enforcing law and order in the country. To realise the l • Data warehouse: it involves a single, multi-dimensional and a D power of analytics, a well-charted plan of various initiatives Airlines FIU NCRB t a

consistent store of data obtained from a variety of different r d needs to be prepared and implemented. Key initiatives are o ETL Process e p r sources to be made available to end users to enable them u detailed below. CDR CCTNS n t to understand what they can use and interpret in a business o Data Extraction c t i u

1. Data analytics context. c r Data from Various sources e t l l Data input from various data sources will be accessed through • Extract, Transform and Load (ETL): It involves gathering S Data transformation data layer. Data collected, on request from various sources, data, cleansing it to eliminate redundant and other unusable C o will be stored in databases. Data structures will be created data, and standardising it to make searches more accurate. Data Standardization a and maintained for the purpose of intelligence analysis, When done well, this process has a significantly positive t a E -mail Scanner D dissemination and investigation. Some of the information items impact on the quality of the data-mining or data-analysis d

considered for this are: product, as it reduces data errors such as false positives and e r Entity Resolution false negatives. u • ►Criminals/Terrorists details t c CD Paper u

• Entity resolution: This capability will discover an individual’s r

• Terrorist organisation details t Matching & Linking

identity and the relationships of individuals to other s n

• Intelligence agencies’/LEAs’ details individuals or entities by analysing disparate sets of data. It is U capable of determining relationships with individuals. • ►CDR/SDR details Fax • Manpower capability: To perform the analytics, well-trained • Financial transaction details and well-informed manpower is required. Computer Forensics data Data Warehouse • Airlines and flights details 2. National standards for data exchange • International organisation details Multiple specialised agencies are required for intelligence and be created. The standardisation of data would ease data Apart from standards for data sharing, policies related to data • Law enforcement case details investigation of crimes such as financial crimes, cybercrimes, acquisition, collation, comparison and dissemination. privacy should be developed. The policy should govern the collection, use, maintenance and dissemination of information economic crimes and terrorism-related activities. Information The various data sources include NCRB, CCTNS, IVFRT, • Police case records concerning citizens. It should restrict what LEAs can do with shared among these agencies drives national security and surveillance feeds, utility and financial databases, tax databases personally identifiable information in the absence of consent of • Analysis rules repository law enforcement. There is a need to understand the value of and e-Courts. collaboration among all agencies for maintaining security and the individual to whom the information pertains and imposes • Alert and case details strengthening ties at all levels, spanning local to international. Common meta-data fields should be developed for data received rules on agencies to be transparent about what information they • Dictionaries and references Through enhanced understanding of diverse needs of these from these various sources. It would enhance search and collect and why. agencies, a national standard for data exchange should retrieval capability of the analytics system.

28 Intelligence-led policing Intelligence-led policing 29 3. State fusion centers Overall governance needs to be strong and should promote a culture of information sharing among LEAs. The governance set- To further analytics advancements, fusion centers should up should be given special privileges in emergency situations, so be set up in India for receiving, analysing and disseminating that the command of the situation lies with a single agency. information to reduce threat to the nation. 5. Capacity building FBI expenditures in support of fusion centers in Fiscal Year 2011 were approximately $917,0008. This showcases the The use of analytics tools mandates the employment of skilled importance of fusion centers in the US. and trained individuals who understand the applications and can draw useful implications. Currently, a limited number of courses State fusion centers will serve as focal points within the state or colleges offer such training. There are two types of audience for the receipt, analysis, gathering and sharing of threat for courses in analytics, as follows: related information between the Central Government and state governments. Located in states and major urban areas • Experienced professionals working in the intelligence/ throughout the country, fusion centers will empower law investigation domain – Short-term courses and specialised enforcement, public safety, fire service, emergency response, training should be developed for this section by leading public health, critical infrastructure protection and private Institutes in the country. Refresher courses should also be sector security personnel to understand local implications encouraged, since technology evolves over a short duration. of national intelligence, thus enabling local officials to better • Young student – Colleges can team up with LEAs for offering protect their areas. Fusion centers should be able to enable courses in Analytics, as well as providing guidance and real- seamless information flow among various LEAs. time experience to students. Better education and training in Fusion centers should have robust governance mechanism in analytics will prepare a workforce that can handle emergency place, since they would be required to interact with multiple situations effectively using technology. agencies and maintain consolidated databases. They need to Apart from building capacity in the domain, there is a need have strict access regulations in place, based on roles/level in for organisational restructuring as well. Most of the LEAs lack the organisation. internal IT capability and depend on external service providers 4. Governance set-up for the same. Introduction of IT division with qualified personnel to manage IT systems would enable LEAs to increase usage of IT Analytics aims at sharing timely, relevant and actionable in their functioning. intelligence information with LEAs to combat terror, crime and emergency situations. This needs collaboration within an In conclusion, operations of Law Enforcement Agencies can organisation, as well as with others. Hence, there is a need for be strengthened not only by increasing number of people but a central agency that overlooks the smooth flow of information also through increased usage of analytics in their operations. among LEAs. In line with this, an executive committee for Enhancing use of analytics in policing and intelligence operations information sharing can be created to prepare polices, seek would reduce the crime rate in long run. compliance and provide approval for information sharing. The executive committee would be assisted by various groups, including technical committee, policy group, information officer, advisory board and program management group.

8FBI Information Sharing Report 2011

30 Intelligence-led policing Intelligence-led policing 31 Abbreviations

ACB Anti-Corruption Bureau FICCI Federation of Indian Chambers of Commerce and Industry

ANPR Automated Number Plate Reader FIR First Information Report

ARC Aviation Research Centre FIU Financial Intelligence Unit GIS Geographic Information System ATM Automated Teller Machine IB Intelligence Bureau ATS Anti-Terrorist Squad ICT Information and Communication Technology BPR&D Bureau of Police Research and Development IED Improvised Explosive Device CBI Central Bureau of Investigation IPC Indian Penal Code CCTNS Crime and Criminal Tracking Network System IVFRT Immigration, Visa and Foreigner's Registration & Tracking CCTV Closed Circuit Television JIC Joint Intelligence Committee

CDR Call Data Records LEA Law Enforcement Agency MAC Media Access Control CFSL Central Forensics MCIT Ministry of Communication and Information Technology CID Crime Investigation Department MHA Ministry of Home Affairs CMPD Charlotte-Mecklenburg Police Department MoF Ministry of Finance COMINT Communication Intelligence NATGRID National Intelligence Grid CPF Central Paramilitary Force NCB Narcotics Control Bureau CS Cabinet Secretariat NCRB National Crime Records Bureau DDoS Distributed Denial of Service NCTC National Counter Terrorism Centre

DHS Department of Homeland Security NeGP National e-Governance Program NIA National Investigation Agency DNA Deoxyribonucleic acid NSC National Security Council DNS Domain Name System NTRO National Technical Research Organization DRI Directorate of Revenue Intelligence PMO Prime Minister’s Office EIA Economic Intelligence Agency RAW Research and Analysis Wing EOW Economic Offence Wing SCRB State Crime Record Bureau ETL Extract Transform Load SIGINT EY Ernst & Young SLL Special and Local Laws USA United States of America FBI Federal Bureau of Investigation WMD Weapon of Mass Destruction

32 Intelligence-led policing Intelligence-led policing 33 Contact us Our offices

FICCI contacts: Ahmedabad Hyderabad NCR nd Sumeet Gupta Rashmi Sarita 2 floor, Shivalik Ishaan Oval Office, 18, iLabs Centre Golf View Corporate Tower B Near C.N. Vidhyalaya Hitech City, Madhapur Near DLF Golf Course Director Deputy Director Ambawadi Hyderabad - 500081 Sector 42 Head - Publishing / Homeland Security / Private Security / GIS FICCI Ahmedabad - 380 015 Tel: + 91 40 6736 2000 Gurgaon - 122002 FICCI Industry’s Voice for Policy Change Tel: + 91 79 6608 3800 Fax: + 91 40 6736 2200 Tel: + 91 124 464 4000 Industry’s Voice for Policy Change Federation House, Tansen Marg, 110 001 Fax: + 91 79 6608 3900 Fax: + 91 124 464 4050 Federation House, Tansen Marg, New Delhi 110 001 E: [email protected] Kochi E: [email protected] T: +91-11-23736306 (D) , +91-11-2373 8760-70 (Extn. 212) Bengaluru 9th Floor, ABAD Nucleus 6th floor, HT House T: +91-11- 23487515 (D) , +91-11-2373 8760-70 (Extn. 515) F: +91-11-23765333 12th & 13th floor NH-49, Maradu PO 18-20 Kasturba Gandhi Marg F: +91-11-23765333 “UB City”, Canberra Block Kochi - 682304 New Delhi - 110 001 No.24 Vittal Mallya Road Tel: + 91 484 304 4000 Tel: + 91 11 4363 3000 Bengaluru - 560 001 Fax: + 91 484 270 5393 Fax: + 91 11 4363 3200 Tel: + 91 80 4027 5000 + 91 80 6727 5000 Kolkata 4th & 5th Floor, Plot No 2B, th EY contacts: Fax: + 91 80 2210 6000 (12 floor) 22 Camac Street Tower 2, Sector 126, Fax: + 91 80 2224 0695 (13th floor) 3rd floor, Block ‘C’ NOIDA 201 304 Rahul Rishi Akshya Singhal Kolkata - 700 016 Gautam Budh Nagar, U.P. India 1st Floor, Prestige Emerald Tel: + 91 33 6615 3400 Tel: + 91 120 671 7000 Partner, Advisory services Senior Manager, Advisory services No. 4, Madras Bank Road Fax: + 91 33 2281 7750 Fax: + 91 120 671 7171 Ernst and Young LLP Ernst and Young LLP Lavelle Road Junction 6th floor, HT House, KG Marg, 6th floor, HT House, KG Marg, Bengaluru - 560 001 Mumbai Pune New Delhi-110001 New Delhi-110001 Tel: + 91 80 6727 5000 14th Floor, The Ruby C-401, 4th floor E: [email protected] E: [email protected] Fax: + 91 80 2222 4112 29 Senapati Bapat Marg Panchshil Tech Park T: +91-124-464-3183 T: +91-124-464-3277 Dadar (W), Mumbai - 400028 Yerwada F: +91-124-464-4050 F: +91-124-464-4050 Chandigarh Tel: + 91 022 6192 0000 (Near Bosco School) 1st Floor, SCO: 166-167 Fax: + 91 022 6192 1000 Pune - 411 006 Sector 9-C, Madhya Marg Tel: + 91 20 6603 6000 Chandigarh - 160 009 5th Floor, Block B-2 Fax: + 91 20 6601 5900 Tel: + 91 172 671 7800 Nirlon Knowledge Park Fax: + 91 172 671 7888 Off. Express Highway Goregaon (E) Chennai Mumbai - 400 063 Tidel Park, 6th & 7th Floor Tel: + 91 22 6192 0000 A Block (Module 601,701-702) Fax: + 91 22 6192 3000 No.4, Rajiv Gandhi Salai, Taramani Chennai - 600113 Tel: + 91 44 6654 8100 Fax: + 91 44 2254 0120

34 Intelligence-led policing Intelligence-led policing 35 Ernst & Young LLP About FICCI EY | Assurance | Tax | Transactions | Advisory Established in 1927, FICCI is the largest and oldest apex business organisation in India. Its history is closely About EY interwoven with India’s struggle for independence, EY is a global leader in assurance, tax, transaction and its industrialization, and its emergence as one of the advisory services. The insights and quality services we most rapidly growing global economies. FICCI has deliver help build trust and confidence in the capital contributed to this historical process by encouraging markets and in economies the world over. We develop debate, articulating the private sector’s views and outstanding leaders who team to deliver on our influencing policy. promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our A non-government, not-for-profit organisation, FICCI is people, for our clients and for our communities. the voice of India’s business and industry.

EY refers to the global organization, and may refer to FICCI draws its membership from the corporate one or more, of the member firms of Ernst & Young sector, both private and public, including SMEs and Global Limited, each of which is a separate legal entity. MNCs; FICCI enjoys an indirect membership of over Ernst & Young Global Limited, a UK company limited 2,50,000 companies from various regional chambers by guarantee, does not provide services to clients. For of commerce. more information about our organization, please visit ey.com. FICCI provides a platform for sector specific consensus

Ernst & Young LLP is one of the Indian client serving member firms building and networking and as the first port of call of EYGM Limited. For more information about our organization, for Indian industry and the international business please visit www.ey.com/in. community. Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited Liability Partnership Act, 2008 in India, having its registered office Our Vision at 22 Camac Street, 3rd Floor, Block C, Kolkata - 700016 To be the thought leader for industry, its voice © 2014 Ernst & Young LLP. Published in India. for policy change and its guardian for effective All Rights Reserved. implementation.

EYIN1407-085 Our Mission ED 06/01/2015

This publication contains information in summary form and is therefore To carry forward our initiatives in support of rapid, intended for general guidance only. It is not intended to be a substitute inclusive and sustainable growth that encompass for detailed research or the exercise of professional judgment. Neither Ernst & Young LLP nor any other member of the global Ernst & Young health, education, livelihood, governance and skill organization can accept any responsibility for loss occasioned to any development. person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the To enhance efficiency and global competitiveness of appropriate advisor. Indian industry and to expand business opportunities VS both in domestic and foreign markets through a range of specialised services and global linkages.

The content provided in the report is primarily based on secondary data collected from a variety of sources. Though utmost care has been taken to present accurate information, FICCI makes no representation towards the completeness or correctness of the information contained herein.

This document is for information purpose only. This publication is not intended to be a substitute for professional, legal or technical advice. FICCI does not accept any liability whatsoever for any direct or consequential loss arising from any use of this document or its contents. Under no circumstances shall FICCI be liable for any direct, indirect, incidental, special, punitive or consequential damages arising in any way from your use of or inability to use the report.

EY refers to the global organization, and/or one or more of the independent member firms of Ernst & Young Global Limited