Identity and Biometrics Enabled Intelligence (BEI) Sharing for Transnational Threat Actors

Victor R. Morris

Global Terrorism Trend Summary

According to the 2015 Global Terrorism Index, excluding Turkey, Europe accounted for 21 percent of all foreign fighters in 2014. Half of the foreign fighters are from neighboring Middle-East and North Africa (MENA) countries and an additional four percent are from Turkey 1. Unfortunately, France has the distinction of being Europe’s leading exporter of jihadis, nearly 1,600 out of a continental total of over 5,000, according to government figures. Despite the government’s efforts after the Charlie Hebdo attacks in January to block and prevent citizens from leaving for the war zone, the pace of departures has remained essentially unchanged 2. Furthermore, Belgium has sent more young men and women per capita than anywhere in the West and another global terrorism trend asserts that private citizens are increasingly the targets of terrorist attacks. Deaths of private citizens increased by 172 percent between 2013 and 2014 compared to the total number of deaths which rose 80 percent 3. In light of recent events in Europe and the contemporary operating environment, terrorist activity and associated political violence will continue to have direct and indirect effects on European security.

This article outlines initiatives to enhance international identity operations and intelligence product sharing, which are the result of compliant biometric data capture, transmission and intelligence fusion among intergovernmental law enforcement and military organizations to identify threats. The proposed initiatives describe what is required within international biometric cycles and frameworks once an interoperable and compliant environment has been established. These initiatives support threat network pattern and predictive analysis, personality based engagement and identity dominance attempts in all of the operational environment’s domains and systems; specifically the human domain in population centric conflicts. The overall goal of these initiatives is in support of operations involving the identification of threat actors from the civilian population.

Intergovernmental Organizations: INTERPOL, Europol, NATO, OSCE and Frontex

First, it is necessary to outline the organizations mentioned above. This article focuses on the following organizations and the criticality of sharing identity intelligence: International Criminal Police Organization (INTERPOL), European Police Office (Europol), North Atlantic Treaty Organization (NATO), Organization for Security Co-operation in Europe (OSCE) and External Borders (Frontex). The United States Army European Command (EUCOM) and United States Army Intelligence and Security Command (INSCOM) are not discussed in detail, but are integral military and national organizations responsible for unified combatant command, scientific and technical intelligence (S&T) and general military intelligence. The National Ground Intelligence Center (NGIC), Defense Forensics and Biometrics Agency (DFBA) and FBI’s Next Generation Identification (NGI) system are also currently at the forefront of identity intelligence and interoperability programs and operations at the inter-agency and international levels. The NGI organization model of bringing relevant parties and databases together serves as an effective real-world example of international cooperation involving Identity Intelligence 4. Additionally, the Secure Identity and Biometrics Association (SIBA), International Organization for Migration (IOM) and United Nations are not discussed in detail, but play a vital role in identity management policy and practice. The UN Security Council facilitates peacekeeping operations which currently involve biometrics support to humanitarian operations involving asylum seekers 5.

First, INTERPOL was established as the International Criminal Police Commission (ICPC) in 1923 and is currently an intergovernmental organization facilitating international police cooperation headquartered in Lyon, France. As of 2015, it is composed of 190 countries and is the second largest political organization after the United Nations in terms of international representation. Some of INTERPOL’s work involves counter threat financing, money laundering and corruption. This international organization also functions as a network of criminal law enforcement agencies from different countries, facilitating administrative liaison among the law enforcement agencies of the member countries and providing communications and database assistance. A new program of activity in development within INTERPOL’s Chemical and Explosive Terrorism Prevention Unit is discussed later as an example of multi-agency information sharing and international activity.

Next, Europol is the law enforcement agency of the European Union. The agency’s origin stems from earlier intergovernmental networks created after several terrorist acts, notably the hostage taking and subsequent massacre during the 1972 Olympic Games in Munich. Currently, the organization is headquartered in The Hague and has a staff of 912 regular police officers and 185 liaison officers, as well as personnel seconded from national law enforcement organizations. EUROPOL’s capabilities and requirements are related to INTERPOL with regard to criminal intelligence, counterterrorism, counter organized crime operations, cyber-crime, security cooperation, and immigration services. The investigative processes are enabled by information exchange, intelligence analysis, expertise and training. Lastly, EUROPOL is currently adapting and evolving to counter the global terrorism threat. Building on existing activities, Europol launched the European Counter Terrorist Centre (ECTC) on 1 January 2016 as a platform by which Member States can increase information sharing and operational coordination, focusing on foreign terrorist fighters, the trafficking of illegal firearms and terrorist financing. Member States will provide counter-terrorism experts to the ECTC to form an enhanced cross-border investigation support unit, capable of providing quick and comprehensive support to the investigation of major terrorist incidents in the European Union 6. Additionally, Europol’s Scanning, Analysis and Notification (SCAN) Team provides EU national authorities with an additional strategic organized crime (OC) product which involves early warning notices of new organized crime threats.

Thirdly, the North Atlantic Treaty Organizations (NATO) also called the North Atlantic Alliance is an intergovernmental military alliance based on the North Atlantic Treaty signed on 4 April 1949. NATO's main organizational headquarters is in Brussels, Belgium where NATO's secretary general also resides. NATO's operational headquarters is located in Mons, Belgium where NATO's Supreme Allied Commander of the nations also resides. Belgium is one of the 28 member states across North America and Europe. An additional 22 countries participate in NATO's Partnership for Peace program, with 15 other countries involved in institutionalized dialogue programs. Within NATO there are a myriad of concepts, organizations and departments which deal solely with counterterrorism. NATO’s military concept for defense against terrorism (MC 472) serves as the primary reference for this section and identifies four different roles for military operations for Defense Against Terrorism (DAT): anti-terrorism defensive measures, consequence management, counter terrorism offensive measures, and military cooperation 7. The military cooperation Concept states that NATO must harmonize its procedures and efforts with civil authorities within nations in order to maximize its effectiveness against terrorism. The four roles also support the Programme of Work for Defense Against Terrorism which involve: incident management, force protection/survivability, and network engagement related biometrics. Additionally, all of the aforementioned capabilities and requirements associated with INTERPOL and EUROPOL directly integrate and overlap with emerging network identification and engagement concepts involving: counter-terrorism/defense against terrorism, counter transnational criminal organizations, counter cyber threats, and counter piracy. These concepts addresses threat networks from a regional and transnational perspective and simultaneously support strategic activities that enable network engagement within a Joint Operational Area (JOA). Lastly, it is important to note, that informing processes like NATO Human Network Analysis and Support to Targeting (HNAT) and Attack the Networks (AtN) now called Network Engagement (NE) are integrated into existing planning processes (OPP, JOPP, MDMP, and TLPs) and support systems analysis and engagement of friendly, neutral, unknown and threat actors in complicated multi-dimensional operational environments.

Next, the Organization for Security and Co-operation in Europe (OSCE) is the world's largest security-oriented intergovernmental organization. The origins can be traced to the 1975 conference on Security and Co-operation in Europe (CSCE) held in Helsinki, Finland. The OSCE is concerned with early warning, conflict prevention, crisis management, post-conflict rehabilitation and border monitoring. The organization includes 57 participating states in Europe, northern and central Asia and North America. For the purposes of this article, the focal point for the OSCE involves the Politico-Military or first dimension. The OSCE takes a comprehensive approach to the politico-military dimension of security and seeks to enhance military security by promoting greater openness, transparency and co-operation. Key security aspects involve arms control, border management, combating terrorism, conflict prevention, military reform, policing and implementation 8. The OSCE also looks at human rights issues in relation to counter-terrorism which is an important point when it comes to ethical concerns and privacy by design initiatives regarding biometric capture, transmission, sharing and storage.

Lastly, Frontex from the French Frontières Extérieures or external borders is an agency of the European Union which was established in 2004 to manage the cooperation between national border guards securing its external borders. Frontex operations aim to detect and stop illegal immigration, human trafficking and terrorist infiltration which has significant implications for NATO’s interdependent purpose for biometrics operations involving threat identification. The agency is currently seated in Warsaw, Poland. The official missions and tasks include: promoting, coordinating and developing European border management in line with the EU fundamental rights charter, which the concept of Integrated Border Management. Activity areas are: joint operations, training, risk analysis, research, rapid response capability, information systems and information sharing, and cooperation with non-European Union countries 9. The most important functions with regard to this assessment include intelligence, associated pattern and predictive analysis, and sharing. Risk analysis is the starting point for all Frontex activities, from joint operations through training to research studies. The agency collates data from member states, EU bodies, and all-source intelligence within and beyond Europe’s borders. Furthermore, to analyze the data, Frontex has its own risk analysis model called the common integrated risk analysis model or CIRAM. CIRAM enables the assessment of the relative risks posed by different threats and was developed in close consultation with member states, and is applicable both at EU and national level. Lastly, Frontex has established a community called the Frontex Risk Analysis Network (FRAN) that links the intelligence networks of individual European countries with pan-European organization. This provides the framework for sharing knowledge and producing analytical and strategic reports on the current state of play at the external borders as well as for the production of the Semi-Annual and Annual Risk Analysis documents and other, tailored, risk-analysis products 10. Frontex is pioneering controlled personal data processing, interoperability, intelligence and information sharing involving patterns and trends in irregular migration and cross-border criminal activities at the external borders. In order to cope with the current security environment, this organization must continue to evolve and fuse identity and all-source intelligence at existing situation centers, while acting as the central point of contact for international organizations like INTERPOL and Europol.

All-source Intelligence Critical Components: Identity and Biometric Enabled Intelligence (BEI)

Based on the above discussion, it is apparent there is a significant amount of commonality, interoperability, and privacy consideration with regard to de-compartmentalizing similar counter-terrorism campaigns. What is not apparent involves the importance of the intelligence process and sharing of Identity Intelligence as a result of privacy enhancing technological frameworks throughout the aforementioned organizations. In order understand the associated capability gaps, a concise understanding of biometrics, intelligence products and identity intelligence is required. First, biometrics is the process of recognizing an individual based on measurable anatomical, physiological, and behavioral characteristics. A biometric is a measureable physical characteristic or personal behavioral trait used to recognize the identity or verify the claimed identity of an individual 11. Furthermore, Identity Intelligence is one of the eight categories of intelligence products and a vital component of all-source intelligence analysis and fusion. The categories overlap and the same intelligence and information can be used in each of the categories. From a joint doctrinal perspective, Identity Intelligence or “I2” can be defined as: results from the fusion of identity attributes (biologic, biographic, behavioral, and reputational information) and other information and intelligence associated with those attributes collected across all intelligence disciplines. I2 utilizes enabling intelligence activities, like biometrics-enabled intelligence (BEI), forensics enabled intelligence (FEI), cyber enabled intelligence (CEI) and document and media exploitation (DOMEX), to discover the existence of unknown potential threat actors by connecting individuals to other persons, places, events, or materials, analyzing patterns of life, and characterizing their level of potential threats to US interests 12 . BEI is a core complimentary intelligence capability and is the information associated with and/or derived from biometric signatures and the associated contextual information. A key result of BEI involves the positive identification of a specific person and/or matching of an unknown identity to a place, activity, device, component or weapon. A broader definition of identity intelligence highlights it as a component of NATO’s overall security intelligence 13. This definition accurately describes 21st century warfare executed through espionage, sabotage, subversion and terrorism, as well as against loss or unauthorized disclosure. Though doctrinally sound, the definitions alone do not capture the enrollment, identification or verification functions that begins with tactical level “raw” biometric capture, transmission, identification, all-source intelligence fusion, and identity intelligence product development. Intelligence sharing drives key leader’s decision-making which facilitates international deliberate and dynamic targeting and prosecution efforts.

Identity Intelligence Interoperability Assessment, Implications and Way Ahead

The NATO Standardization Agreement 4715: Biometrics Data, Interchange, Watchlisting and Reporting was initiated in 2009 and published in 2013, and currently accounts for policy and technical gaps involving European Organizations with regard to biometric interoperability and encryption. Biometric Encryption (BE) is a vital requirement of interoperability programs and involves the employment and sharing of “untraceable biometrics” technologies that seek to translate the biometric data provided by the user. In this case, a unique biometric template is not created or contained. NATO’s Communication and Information (NCI) Agency and associated coordination groups are pioneering automated biometric identification systems and authoritative sources with “game-changing" privacy by design concepts involving an encrypted biometric "ping 'n ring" positively pave the way for regulated biometrics data transmission and sharing. In summary, the "ping 'n ring" concept involves anonymous biometric data queries which when matched in certain databases yield a reference number and point of contact for follow-on bilateral action (user centric based on privacy by design principles). With that being said, the greater gap involves the deliberate fusion of biometric enabled intelligence, all-source intelligence and sharing resulting in an “I know all about you and your associations” situation. Another beneficial aspect of this sharing is the mutual trust and relationships that are developed, which leads to more proactive dissemination of biometric enabled intelligence products and updates on a regular and routine basis (proactive not reactive). Homegrown terrorism involving “known and unknown wolves” and/or “Lone Mujahid” and “Lone Jihad Legion”14 are the main perpetrators of terrorist activity in the West. Seventy per cent of all deaths from terrorism in the West since 2006 were by lone wolf terrorists with the rest being unknown or group attacks by more than three attackers 15. Although, Islamic fundamentalism was not the main cause of terrorism in the West during the last nine years, the current situation involving DAESH 16 will likely shift the statistics for the foreseeable future and become the main cause. Another indirect effect of DAESH’s paramilitary extremist state operations and terror campaigns involves emboldening human-trafficking and smuggling networks oriented towards refugees fleeing Syria and Iraq which are a direct effect of DAESH and an authoritarian regimes. The migrant and refugee situation also pose security related concerns for Europe for a variety of reasons. The point of this article is not to discuss the migrant crisis, but to highlight the importance of tactical multi-modal biometric capture, identification, verification and sharing to accurately identify potential threats and violent extremist network affiliations through Identity Intelligence. The pre-emptive identification of individual cell members may demonstrate non-linear change involving local, connected, associated cells and materiel. This involves the disproportional inputs of interdicting one cell member which results in exponential (non-linear) outputs involving the exploitation of personnel and materiel for intelligence value, tactical and operational gain.

Intergovernmental Identity Intelligence Lessons Learned, Best Practices and Solutions

In order to capture biometric data, get results from a database(s) (identify-threat, verify-friendly or store), and accelerate rule of law proceedings, greater effort needs to be placed on BEI fusion and sharing between military and law enforcement organizations. Due to the global nature of the threat, law enforcement agencies cannot go at this alone and require support from military organizations to track and identify threats and vice versa. The aforementioned assessment is evident from Operations Iraqi and Enduring Freedom’s evidence based operations, warrant based targeting and rule of law lines of operations and effective governance lines of effort. Both operations utilized biometric and forensic enabled intelligence and a robust library of biometric signatures to non-lethally remove insurgents from the battlefield through prosecution in host nation court. These efforts involved inter-agency cooperation and non-lethal engagement of unknown, friendly, neutral and threat networks in a dynamic operational environment. The same concepts and implications should be applied to on-going operations like Ukraine’s Anti-terrorist Operation (ATO) and French led Operation Barkhane in the five-state Sahel region (G5 Sahel) for the same mid to long term effects involving current targeting, exploitation for prosecution and interdiction of foreign fighters. Currently, Program TEAL, whose name is the result of combining blue law enforcement and green military, is a new program of activity in development and is associated with INTERPOL’s Chemical and Explosive Terrorism Prevention Unit 17. In summary, the activities involve multi-agency and cross-jurisdictional CIED teams, coordination of information sharing, and sub-projects targeting people and devices. Project Watchmaker is one of the sub-projects and involves identifying, locating and prosecuting terrorists involved in the manufacture and use of IEDs and other explosives. INTERPOL is also intensifying efforts to support and encourage national, regional and international efforts to monitor and prevent Foreign Terrorist Fighters (FTFs).

In order to be successful a new project needs to be developed which captures key components of intelligence fusion and sharing from all organizations and integrates them into one concept or integrated concepts. The concept which is included in all operational phases needs to involve the following components: Interagency European Biometrics Center of Excellence (CoE), EU Border Assistance Mission support, border management and technical intelligence (TECHINT) systems integration into ping and ring architecture, dedicated BEI analytical cells in existing civil-military fusion centers, access, training and production of Identity Intelligence products (immediate, current and strategic), and recurrent vetting. BEI products and resources include, but are not limited to: Biometric Match Reports (BMR), Biometric Enabled Watch Lists (BEWL), Biometric Intelligence Analytic Report (BIAR), Biometric Named Areas of Interest (BX NAI), Single Source Biometric Reports (SSBR), tracking intelligence and prosecution support packages. Core tasks associated with this concept involve: identifying, locating, and prosecuting terrorists affiliated with collective violent extremist organizational (VEO) activities across a trans-regional spectrum. The decisive point here involves accurately identifying returning foreign fighters at points of entry (coming in) and during criminal or miscellaneous encounters with law enforcement (already in) through biometric identification and other sources of intelligence.

Conclusion

In conclusion, real world solutions involving intergovernmental production and sharing of biometric enabled intelligence as a means to accurately identify dynamic and adaptive known or suspected terrorists living amongst the population are imperative to collective European security. BEI and I2 are the capabilities and means required to strip anonymity from the enemy and must be developed and better shared throughout our international military and law enforcement organizations. A more integrated intergovernmental framework is required in order to facilitate a holistic and visibly controlled approach to Identity and biometric enabled intelligence. “The deadliest attackers have a background in jihadi warfare.” 18

References and End Notes