VOLUME MIGHT SAVE US after all. Or kill us, depending on your point of view.
This was the gist of a speech given by Tom Black, the chief executive of Detica Group to July's Homeland and Border Security conference. Every day three billion emails, eight billion text messages; every month six billion Internet searches. In 2007: 281 exabytes of data. By 2011: 1.8 zettabytes. What's an anti-terrorism squad to do?
To date, the government's approach has been to amass more and more data. But, as Black said and David Porter, Detica's head of security and risk, concurs, that's no help if the body of data can't be analysed. Porter tells fun stories about data mining gone wrong: the US army experimental neural network that perfectly sorted photographs with and without tanks – because it saw differences in the weather.
Porter got interested in fraud because in his first assignment as a student in artificial intelligence he interviewed a fraud detective from Barclaycard. He joined Detica, "because they were doing so many very interesting things." The important thing, he adds, is that "we're agnostic about technologies. If a network or a rule-based system works, use that. Or if you just need to tighten up procedures do that. A common theme has been using technology to stop bad things from happening."
The company began in 1971 as Smith Associates, and spent the 1970s and 1980s working on various Cold War projects.
"The core of our service to clients then – governments and national security – was cracking tough problems, usually involving large amounts of data," says Porter. Now, the company's clientelle is half government, half commercial, but the line of work is generally the same.
In addition, says Porter, Detica is retained by banks and other organisations to spot good customers and detectcredit card fraud, money laundering, transport ticket fraud, and so on. "Anywhere that you're looking through a stream of transaction data to spot something 'interesting', where 'interesting' depends on your point of view." Terrorism is, of course, also on that list.
The nature of fraud has changed noticeably over time. "Five to ten years ago, fraud was perpetrated by one person and was monolithic in execution, whereas the sort of fraud we're seeing these days is decentralised, fragmented fraud, so they'll work as an organised, collaborative gang that exists for a time, perpetrates the fraud, and then dissolves." Each piece of the fraud is done by a different person, and each of those may slip past detection systems.
"So the first cool thing we've done is a bit like standing back and looking at a starry sky and not worrying about one particular star but seeing links that form an interesting constellation," he says, calling it "using a network to catch a network".
Today's more complex fraud, he says, "may signal a need to reinvest and approach from a different direction," especially since the returns from, " taking a large amount of data and tossing in a data-mining tool," are rapidly diminishing.
To take credit card fraud as an example, "Most people who build credit card fraud detection systems, if you take that fraud as a needle in a haystack, they try to build the most perfect needle-spotting algorithm. Needles are what it's all about. But they'd be better advised to build a hay-detection algorithm. If you understand what hay looks like you can remove large chunks to leave yourself with a more needle-rich picture. In discarding large chunks you may miss a few needles, but that's the price you have to pay in a high-volume world. So I think too many banks get hung up on describing what fraud is instead of what it isn't."
Similarly with terrorism, "We need more human expertise and hypothesis generation to complement what the technology does, and say to the computer, these are the areas of the large data bucket you should be looking for." µ
Sign up for INQbot – a weekly roundup of the best from the INQ