“Superimposing our metadata trails onto the trails of everyone within our social group and those of everyone within our contacts’ social groups, paints a picture that can be startlingly detailed.”According to IBM the Analyst’s Notebook software can “import a wide range of data types, including telephone call records, financial transactions, computer IP logs and mobile forensics data.” Promotional literature emphasizes compatibility with products from Cellebrite, an Israeli firm specializing in assisting military and law enforcement customers in extracting data from seized cell phones. (DPD’s policy on the use of Cellebrite devices to collect cellular data, obtained by Unicorn Riot via an open records request, can be read in full here.) Intelligence gathered through Analyst’s Notebook is also used in a more active way to guide decision making, including with deliberate targeting of “networks” which could include loose groupings of friends and associates, as well as more explicit social organizations such as gangs, businesses, and potentially political organizations or protest groups. The social mapping done with Analyst’s Notebook is used to select leads, targets or points of intervention for future actions by the user. According to IBM, the i2 software allows the analyst to “use integrated social network analysis capabilities to help identify key individuals and relationships within networks” and “aid the decision-making process and optimize resource utilization for operational activities in network disruption, surveillance or influencing.” Product literature also boasts that Analyst’s Notebook “includes Social Network Analysis capabilities that are designed to deliver increased comprehension of social relationships and structures within networks of interest.” Analyst’s Notebook is also used to conduct “call chaining” (show who is talking to who) and analyze telephone metadata. A software extension called Pattern Tracer can be used for “quickly identifying potential targets”. In the same vein, the Esri Edition of Analyst’s Notebook integrates powerful geo-spatial mapping, and allows the analyst to conduct “Pattern-of-Life Analysis” against a target. A training video for Analyst’s Notebook Esri Edition demonstrates the deployment of Pattern of Life Analysis in a military setting against an example target who appears appears to be a stereotyped generic Muslim terrorism suspect: IBM sales rep Matthew Haggard mentions the main purpose for which DPD uses Analyst’s Notebook, however this portion of the emails we received via CORA request was redacted. The Denver Police Department has been using Analyst’s Notebook since at least July 2003, when the city bought it using funds from a Federal Block Grant. The original purchase order lists as a contact Lt. John Pettinger, who today appears to still be with the Denver Police Department with the same rank. John Pettinger is also the current secretary/treasurer of the Rocky Mountain Chapter of the FBI National Academy Associates. At the date of the purchase in 2003, the department was not yet very far away from the “Denver Spy Files” scandal, in which it was revealed that the Denver Police intelligence bureau was keeping detailed records on many political activists and organizations, many of which had never been accused of any connection to criminal activity. We sent a Colorado Open Records Act request to Denver’s Department of Safety for any documents demonstrating policies regarding what information is and is not allowed to be entered into DPD’s Analyst’s Notebook software. In response to this request we were told that “There are no policies specifically governing the use of i2 Analyst’s Notebook.” We also specifically asked about whether or not “open source intelligence” taken from social media sites like Facebook and Twitter was entered into Analyst’s Notebook and did not receive a clear answer from the Department of Safety. We also sent a request for comment to the Denver Police Department’s Public Information Officer and as of this writing have received no response. When asked about Analyst’s Notebook possibly being used in conjunction with social media monitoring, Christopher Soghoian, Principal Technologist with the American Civil Liberties Union (ACLU), told us “Certainly these kinds of tools can pull in open source data sets, including social media.” “The limits in terms of what data you can use are really just limits within the legalities of the user,” Steve Dalzell, Principal Offering Manager for IBM i2 Intelligence Analysis Portfolio said in an interview last year. In addition to demonstrating potential law enforcement uses of the software, Dalzell gave the example of a corporation using Analyst’s Notebook to aid efforts to identify the source of a data leak. Analyst’s Notebook is described by its peddlers as primarily a tool for surveillance and associational mapping- “Analyst’s Notebook allows users to parse distributed conversations on social media platforms like Twitter, and can even show when people in a network switch burner cellphones.” Analyst’s Notebook also interfaces with several other sources which may be used to gather police surveillance data, such as the Cellebrite devices mentioned earlier. Some of the emails about Analyst’s Notebook we received via CORA request mention concern about the “connection to CopLink.” The mention of CopLink (another i2 IBM police intelligence product) in the emails between Denver Police and the city Purchasing Department was redacted, however, we were able to unredact this portion:
Reveal the truth about surveillance tech: Use your cursor or touchscreento scratch off the censored software package on the link below!
According to i2 promotional materials, CopLink is a “tactical lead generation and information sharing platform used by 80 percent of the major police departments in the U.S.” The “Base Module” of the CopLink software allows a law enforcement analyst “the ability to identify associations among different persons, organizations, locations, vehicles, firearms, property, security, phones, events, documents and pawn records across multiple jurisdictions.” CopLink is known to have been used by other law enforcement = agencies in the Denver Metro Area, such as the Jefferson County Sheriff’s Office, since at least 2005. In 2008, the Colorado Information Sharing Consortium (CISC) announced the rolling-out of the COPLINK Solution Suite across the state, to facilitate a desired increase in information sharing between Colorado law enforcement agencies. It would seem that the function of the “connection to CopLink” discussed in the DPD emails with IBM is to allow officers or analysts to pull up additional information about persons of interest. When we spoke with him by phone, Christopher Soghoian, Principal Technologist with the ACLU, explained how tools like Analyst’s Notebook create pressure on law enforcement to conduct more surveillance and store data for longer periods of time:
These tools are not very useful if you only have one person’s telephone records. So, they’re going to be the most useful to those agencies that either have access to large amounts of data by themselves, or can get it through sharing data with other agencies. These kinds of tools in many ways incentivize law enforcement agencies to want to hang onto stuff longer than they need, to search it in other cases, and then to share it with other agencies. And the more data you have the more likely that you are to stumble across something later…many agencies feel that once they have data, regardless of how they got it, they can use it and search it as many times as they want in the future.(Our full interview with Christopher Soghoian about Analyst’s Notebook can be read here) While local law enforcement agencies may also use this software for their own purposes, tools like Analyst’s Notebook and CopLink feedinto an “information sharing” environment connected to the national network of controversial intelligence analysis hubs or “Fusion Centers” created around the country during the early years of the so-called “War on Terror”. While the exact uses of this software and the intelligence fed into it for analysis is unclear, the national network of Fusion Centers (like the FBI and local police departments such as Denver’s) have a detailed track record of surveilling, disrupting, and repressing protest activity, as has been recently demonstrated in regards to the Occupy and Black Lives Matter movements. Our investigation into Analyst’s Notebook is part of a larger big-picture look at how the Denver Police Department surveils, monitors, and represses protesters and social movements. Analyst’s Notebook is just one component of the department’s surveillance apparatus, and police in Denver are known to collect information about protesters both in person on the street during demonstrations, as well as from monitoring social media and other communication tools. We will be focusing more on these other aspects of police protest surveillance in our upcoming reports. Source documents obtained via CORA request for this article:
- Denver Police & Denver Purchasing Dept emails about Analyst’s Notebook
- Analyst’s Notebook Purchase Order
- CopLink Purchase Order
- Colorado Information Sharing Consortium 1/11/2016 Invoice