Open source intelligence – the Cinderella of the investigative family?

Blog post

Open source intelligence – the Cinderella of the investigative family?

Sir Mark Rowley QPM

OSINT (open source intelligence) can be a powerful intelligence and investigative tool but is too often overlooked. In many organisations there are significant barriers to the adoption of effective OSINT, as well as a failure to adapt fast enough to emerging technologies. A cultural shift is needed in order to elevate the status of OSINT and ensure that it is used to its full potential.

The case for OSINT

OSINT is, in my view, a critical component of modern intelligence and investigative tools. The volume of data available online is constantly growing, providing investigators with a rich information source to draw from. The insights that OSINT can offer are unlikely to be found in internal datasets, curated databases, or sanctions lists. Failure to make use of open source data can lead to both embarrassment and intelligence failure. There are many powerful examples where OSINT was instrumental in the solving of a case: Bellingcat’s insights on the downed flight MH17 in 2014 relied exclusively on OSINT.

OSINT should also be considered an essential element of counter-terrorism and counter-misinformation programmes. The mapping of terrorist networks on social media – especially the more grassroots right-wing extremist groups that are now popping up on platforms like Parler – is a highly effective means of identifying the individuals behind these crimes. Investigators have also had great success identifying networks that are spreading misinformation/ disinformation and the real-life identities behind them. In 2015, whilst leading the UK’s Counter Terrorism policing efforts, our teams convicted one of the early returners from Syria. Imran Khawaja received 12 years for preparing for acts of terrorism, attending a training camp and possessing firearms. OSINT provided much of the evidence.

It is hard to not to conclude that open source investigations are of growing strategic significance. Furthermore, they can save money as a rapid and economic way to understand an offender early in an investigation before deploying more expensive and intrusive tactics. Why then are so many organisations still failing to take advantage of OSINT?

What are the barriers to adoption?

Misconceptions

The reasons for lack of investment in OSINT are often based on a misunderstanding of what exactly it entails, and how valuable it is. ‘Open source intelligence’ can conjure a somewhat negative image, with connotations of hacker-like behaviour and invasions of privacy. However, the type of OSINT whose adoption I am arguing for can be better described as online open source investigation: making use of freely available online information in a targeted and non-invasive way.

Cultural and technological barriers

Culture and technology deficit are also factors in this attitude towards OSINT. Many wrestle with outdated technology architecture and spend most of their efforts focusing on how better to curate internal data. However, this is driven by the culturally outdated assumption that the greatest insights will always be found in the mountains of data that big organisations have spent decades accumulating. Increasingly, the insights OSINT provides into individuals and companies will be greater than those found internally.

Where organisations are realising the importance of open source data, they are often only using it in the form of curated datasets which don’t capture all of the rich, valuable information available on the internet. For example, a well-known curated dataset, LexisNexis, offers six petabytes of data. The entire internet is thought to have over 1200 petabytes (as of 2020). By relying solely on this database, investigators could be missing out on 99 per cent of available data, meaning that they will almost certainly miss valuable insights.

Lengthy and bureaucratic processes

Whilst there is clearly a need for thorough and fair procurement processes in every organisation, their complexity and length can also stifle innovation. This was evident in my own experiences: in 15 years as a Chief Police Officer, I was most able to deliver cutting-edge technological change at speed when there was an especially urgent requirement. In early 2012 I joined the Metropolitan Police as part of a new leadership team tasked with dealing with the aftermath of the 2011 riots, where rioters had organised themselves on social media. The forthcoming Olympics meant that there was an urgent requirement for capability to counter this sort of risk, meaning that I was able to set up the UK police’s first serious OSINT team in just a few months.

In this case, the bookends of the 2011 riots and 2012 Olympics created a unique forcing function that facilitated operational clarity and the circumvention of normal procurement rules. After this success I pushed continual investment, but the lack of obvious urgency around OSINT capability meant that progress continued to be slow. As I was retiring from policing, I found myself outside New Scotland Yard announcing to the world that Sergei and Julia Skripal had been subjected to a nerve agent attack in Salisbury. Subsequently, Bellingcat identified the two Russian agents responsible simply from advanced open source investigative techniques – again highlighting the vital importance of OSINT.

Increasing flexibility and the role of technology

To facilitate increased investment in OSINT, systemic, strategic and technological change is needed.

Firstly, organisations need to shift towards more flexible commercial and procurement methods that reflect the reality that many high-quality open-source tools are to be found in early-stage companies. These companies often find that they are accidentally designed out of the complex procurement processes in governments and other large institutions.

Secondly, there is a need for a new strategic approach to investigative processes. Organisations need to recognise the changing landscape and makes a conscious decision to allocate a proportion of technology investment and training budgets towards equipping investigators with cutting-edge open-source tools.

Thirdly, technologies that offer a sophisticated mix of functionality designed to professionalise the OSINT investigation should be supported and invested in. Technology plays a vital part in reducing operational difficulties in using OSINT by increasing:

  • Security: gathering online data risks revealing the investigator’s identity, undermining operations
  • Speed: data can overwhelm without technology that helps you quickly get to the relevant information
  • Insight: finding connections and presenting data from disparate sources.
  • Connectivity to other data: OSINT will always be one part of a wider strategy that combines various strands of data to help investigators to see the full picture. The ability to combine data from different sources, both structured and unstructured, is essential.

Today there is an exciting portfolio of companies I work with in this field. Blackdot solutions provide some of the best software to assist open-source investigators; Deloitte are helping big organisations, especially in the financial services sector, transform their investigations through use of social media; and Quest is a specialist security and investigations company which has set up a ‘threat matrix’ with Signify to tackle racist abuse of leading sportsmen and women – especially in football.

Conclusion

There are numerous advantages to including OSINT in an investigation strategy. Tools such as Blackdot’s Videris platform are available to help investigators use open source information quickly, securely and effectively. However, without a strategic drive to ensure the open source tools are part of a deliberate mix of capabilities in the investigator’s toolbox, many organisations will find that cultural, technical and commercial barriers leave this part of their armoury underpowered.

About Sir Mark Rowley QPM

Sir Mark Rowley is Board Advisor to Blackdot Solutions, the UK-based creator of the Videris investigations platform. Sir Mark was one of the most senior police figures in the UK with 31 years of service. He led UK Counter Terrorism Policing, 2014-2018 and previously, he held positions as Assistant Commissioner at the London Metropolitan Police and Chief Constable of Surrey Police.

Photo by Markus Spiske from Unsplash