Automated profiling tech is crap, says Home Office
Um, does that include Project Semaphore, then?
Automated passenger profiling is rubbish, the Home Office has conceded in an amusing - and we presume inadvertent - blurt. "Attempts at automated profiling have been used in trial operations [at UK ports of entry] and has proved [sic] that the systems and technology available are of limited use," says home secretary Jacqui Smith in her response to Lord Carlile's latest terror legislation review.
Furthermore, when the security services stopped trying to let the machines figure out who was a threat and went back to traditional "inituitive" stops, they were more effective. "Intelligence improved during the trials when officers reverted to the traditional intuitive methods, albeit applied in the context of intelligence provided by the security service," says Smith. "It is likely that with more effective use of intelligence, and possibly some behavioural analysis training the quality of intelligence retrieved from persons of interest will improve and the number of people stopped will decrease."
The Home Office's belated discovery that human beings acting on sound intelligence make for better policing does however raise questions about the future operation of its E-Borders programme. This is intended to track people in and out of the country, and to operate in conjunction with Advanced Passenger Data (API) and Passenger Name Records (PNR) collected via Project Semaphore. As Home Office minister Joan Ryan told Parliament in March of last year, "In January 2007 23 successes were recorded by Project Semaphore as a result of automated profiling based on passenger data."
Ryan then gave the example of a passenger who'd booked the day before, paid with cash and was due to spend just one day in the UK before a further connection. Four kilos of cocaine were found in his bags when he was stopped at Heathrow.
A Border & Immigration Agency presentation on Semaphore delivered this year in Brussels says that PNR is "used by border agencies to identify patterns and trends of behaviour and for information which can be used to support intelligence work... PNR is checked against profiles of behavioural patterns which indicate risk activity. Profiles are run to identify behaviour, not to identify individuals, and are based on evidence and intelligence."
In fairness we should point out that the BIA claims to use automated systems to produce leads which are then reviewed by real human immigration officers, but Smith's statements nevertheless indicate that attempts to place too much faith in automation have been found wanting. Given the nature of the examples given by Ryan and used in the BIA presentation, it seems likely that the machine analysis simply throws up too many false positives for it to be more of a help than a hindrance.
Carlile's report, on the other hand, indicates that the noble lord has been drinking that partuclar Kool-aid: "From my discussions with counter-terrorism police officers I know that considerable attention is being focused by the police, especially by the National Co-Ordinator of Special Branch and the National Co-Ordinator of Ports Policing, on behavioural analysis and the better use of intelligence."
Carlile, essentially, is hopeful that improvements in intelligence and intelligence handling can be used to reduce the number of intuitive stops, while Smith and her people are responding that the failure of the technology means that more intuitive stops will be more effective. Smith possibly isn't answering precisely the points Carlile makes, but this is where we came in.
Carlile feels that advanced passenger information is of vital use, but notes elsewhere in his report that there are problems in sharing information between organisations and computer systems, for legal and interoperability reasons. "Ministers should consider whether greater legal statutory clarity is required, so that useful information can be shared quickly and seamlessly. This is extremely important", he says in one of the numerous instances where he switches from the role of independently reviewing terror legislation to advocating lots more of it.
In a similar vein, he raises the entirely hypothetical threat of hijacked private aircraft being used to produce a British 9/11. "It is possible to purchase, from reputable international companies, piloted flying hours in sophisticated executive jets capable of high speed travel from continent to continent. The risk of hijacking of such aircraft is a matter of potential concern.
"Another real anxiety is the potential use of light aircraft as vehicle bombs against places of public aggregation. This is not founded on any particular intelligence, or in any operation as such. However, I know that some knowledgeable police officers and officials have ongoing concerns about the relative simplicity of terrorism conducted in this way, given the very large number of private aircraft and small airfields."
So if we paraphrase, there's no known plot or threat, the matter's of no obvious relevance to the job of reviewing terror legislation, but the cops tell me it'd be easy to hijack a plane, pack it with explosives and crash it into the Houses of Parliament. The recommended solution would not however appear to be to arrange for all transiting light aircraft to be searched. "Government and the aviation industry have a high responsibility to ensure full passenger information and effective international policing of such aircraft." Ah yes, more data, more sharing it around the world. Yum.
Sponsored: Global DDoS threat landscape report