Due Tomorrow!!!
Social network analysis as a tool for criminal intelligence: understanding its potential from the perspectives of intelligence analysts
Morgan Burcher1 & Chad Whelan1
Published online: 24 May 2017 # Springer Science+Business Media New York 2017
Abstract Over the past two decades an increasing number of researchers have applied social network analysis (SNA) to various ‘dark’ networks. This research suggests that SNA is capable of revealing significant insights into the dynamics of dark networks, particularly the identification of critical nodes, which can then be targeted by law enforcement and security agencies for disruption. However, there has so far been very little research into whether and how law enforcement agencies can actually leverage SNA in an operational environment and in particular the challenges agencies face when attempting to apply various network analysis techniques to criminal networks. This paper goes some way towards addressing these issues by drawing on qualitative interviews with criminal intelligence analysts from two Australian state law enforcement agencies. The primary contribution of this paper is to call attention to the organisational characteristics of law enforcement agencies which, we argue, can influence the capacity of criminal intelligence analysts to successfully apply SNA as much as the often citied ‘characteristics of criminal networks’.
Keywords Social network analysis . Criminal networks . Criminal network characteristics . Dark networks . Law enforcement . Law enforcement organisational characteristics
Introduction
Malcom Sparrow (1991) introduced social network analysis (SNA) as a potential tool for criminal intelligence over 25 years ago. While observing that law enforcement
Trends Organ Crim (2018) 21:278–294 DOI 10.1007/s12117-017-9313-8
* Morgan Burcher [email protected]
1 School of Humanities and Social Sciences, Deakin University, Geelong, VIC, Australia
intelligence analysts are interested in a host of network questions, Sparrow expressed a certain disappointment that there had been very little engagement between the literatures of network analysis and law enforcement. Sparrow then went on to make a convincing case as to why there should be greater engagement between the two fields. In particular, Sparrow emphasised the potential of network analysis to assist in meeting the objectives of law enforcement while also highlighting significant challenges associated with applying network analysis to criminal networks, including the size of criminal databases, incomplete data, fuzzy boundaries and dynamic networks.
Some years later, Klerks (1999) invited academics and practitioners to have a closer conversation so as to better understand the usefulness of network theory for practical applications. However, it was possibly not until a decade after Sparrow’s initial paper that SNA started to become popular in criminal intelligence and related fields, follow- ing the work of Valdis Krebs (2002). Krebs applied SNA to the cell responsible for the 11 September 2001 terrorist attacks, highlighting the potential of SNA for better understanding and potentially disrupting the internal operations of crime and terror groups. Research in this area has grown exponentially over the last decade (Borgatti et al. 2009; Bouchard and Amirault 2013; Morselli 2014; Mullins 2012b; Schwartz and Rouselle 2009). Analysts have applied SNA to various forms of ‘dark networks’ (Bright et al. 2012; Décary-Hétu and Dupont 2012; Malm and Bichler 2013; Rodriguez 2005) and explored the potential of SNA to provide valuable intelligence concerning how such networks operate and behave and, more specifically, how they are structured. While most have acknowledged Sparrow’s original work on the challenges associated with applying SNA to criminal networks, analysts have called particular attention to issues such as incomplete data (Morris and Deckro 2013; Xu and Chen 2005) and fuzzy boundaries (Borgatti et al. 2006; Burcher and Whelan 2015; Laumann et al. 1992). Others have addressed network evolution – such as by employing cross- sectional and longitudinal analysis (Bright and Delaney 2013; Everton and Cunningham 2012; Framis and Regadera 2017; Helfstein and Wright 2011) – and simulated disruption techniques (Bright et al. 2014; Carley 2006; Duijn et al. 2014) to improve our knowledge of dynamic criminal networks. However, surprisingly there have so far been no attempts to revisit Sparrow’s original typology of the characteristics of criminal networks and the challenges they present for law enforcement.
There have also been very few studies into the actual application of SNA in an operational environment. In part, this is understandable as gaining access to law enforcement agencies and their data is often extremely difficult for researchers, pri- marily due to operational security concerns. Among the few that have, Johnson and Reitzal (2011) examine the use of SNA by the Richmond City Police for a targeted operation designed to understand the antecedents of a conflict between two rival criminal networks. Interestingly, their analysis suggests that six individuals who were vital to the operation of the criminal networks had so far completely evaded the attention of law enforcement agencies. A further study by Duijn and Klerks (2014) examined the use of SNA by Dutch law enforcement. Applying SNA to a cannabis cultivation network, they reveal several important findings, including the increasing use of SNA by police to identify suitable informants within criminal networks. Although not the primary focus of the study, Duijn and Klerks (2014) also highlight a number of challenges facing analysts attempting to use SNA such as the classic problem of ‘fuzzy’ boundaries, or the difficulty of determining which actors and ties to include/exclude
Trends Organ Crim (2018) 21:278–294 279
from an analysis. Duijn and Klerks (2014) conclude that the implementation of SNA in operational environments remains a considerable challenge. While these studies pro- vide important insight into the use of SNA within operational law enforcement environments, there is still a lot we do not know about these particular challenges. As highlighted by Mullins (2012a, p. 19), ‘if academics are to take SNA to the next level as an investigative tool, there is a clear need for improved understanding about how it is already being used.’ From the very few studies that have addressed this topic, we suggest there is a pressing need to better understand whether and how SNA is actually being used in practice and the challenges intelligence analysts face when attempting to apply it to criminal networks.
This paper builds on the very small body of literature examining SNA in operational law enforcement environments. In particular, we seek to identify and analyse whether and how SNA is being used in law enforcement as well as the underlying challenges facing analysts while attempting to apply network analysis concepts and techniques to criminal networks. In order to achieve this aim, semi-structured interviews were conducted with intelligence analysts from two Australian state law enforcement agen- cies, Victoria Police and New South Wales Police Force. Victoria Police currently has a staff of approximately 17,000 and an annual budget of AUD$2.51 billion (USD $1.87 billion). New South Wales Police Force has approximately 20,500 staff and an annual budget of AUD$3.47 billion (USD $2.59 billion). It must be stated that it is the personal views of interviewees which are quoted in this paper and that these views do not necessarily represent the views of their respective agencies.
The remainder of this paper is divided into three sections. The first section outlines the method and design adopted for this study. Interviewees include criminal intelligence analysts of various levels of experience and different fields of specialisation, particu- larly those specialising in criminal gangs and organised crime. The second section presents the findings of this project. The findings are organised under four main categories: the first category examines analysts’ understanding of SNA; the second addresses whether and how criminal intelligence analysts use SNA; the third turns to Sparrow’s (1991) classic characteristics of criminal networks; and the final category focuses on what we call the ‘organisational characteristics of law enforcement’. The final section discusses the implications of the findings and outlines important areas requiring further research, particularly concerning the organisational characteristics of law enforcement agencies, as this study suggests that these have a significant effect on the capacity of criminal intelligence analysts to leverage SNA.
Method and design
This project involved semi-structured interviews with intelligence analysts from two Australian State law enforcement agencies, Victoria Police (17 participants) and New South Wales Police Force (10 participants). Victoria Police services a population of just under 6 million people and New South Wales Police Force just over 7.6 million. It is important to note that law enforcement in Australia is state based, meaning Victoria Police and New South Wales Police Force service not only large municipalities, but also small regional towns spread across 237,639 km2 and 800,642 km2 respectively. A research proposal was submitted to each of the agencies involved with their internal
280 Trends Organ Crim (2018) 21:278–294
research committees approving the project. Once approval for the research project was granted, an email was sent to analysts from each agency containing an overview of the study and guidelines for analysts who voluntarily wished to take part to contact the principal researcher to arrange an interview. From the small cohort of analysts who responded, snowball sampling was employed whereby some participants encouraged other analysts to contact the principal researcher to take part in the study. Interviews were completed over 2015–16.
Analysts were drawn from a variety of units, ranging from regional intelligence divisions to specialist organised crime intelligence units and taskforces. Experience levels of participants as intelligence analysts ranged from two to 25 years, although many had served within their agency in other positions, such as community policing, prior to becoming analysts. While all participants had completed at least one internal analyst training program, many analysts had also obtained tertiary qualifications, both outside their field and directly related to intelligence analysis (including some who had completed postgraduate studies applying SNA to criminal networks). The internal analyst training course run by Victoria Police includes basic training on tools like Analyst Notebook that have SNA functionality. New South Wales Police Force had recently added a new section to their internal training course which covered some of the basic concepts of SNA, but not all of the interviewees had completed this training as most were not new recruits. They also run several workshops on applying SNA. Victoria Police did not have such a training course at the time of this research. Participants were a mixture of both sworn (police officers) and unsworn (civilian) members.
Analysts were provided a brief overview of the aims of the study and the conditions of the research agreement with each agency prior to the commencement of interviews. Participants were interviewed using a semi-structured questionnaire. The questionnaire was constructed based on an extensive examination of the existing SNA literature and comprised of more general questions around the primary requirements of intelligence analysis (e.g., ‘what do you consider to be the key objectives and operational require- ments of intelligence analysis when investigating criminal organisations?’) and more specific questions around the use of SNA (e.g., ‘what, if anything, do you feel are the strengths of SNA?’). Interviews were generally between 30 and 60 min in length. While the questionnaire was used as a guide, following the semi-structured methodol- ogy, follow up questions were often asked and participants were allowed to focus on areas that they felt were important. This allows for greater flexibility in the questioning and can result in capturing richer data (Maxfield and Babbie 2011). Each interview was recorded and transcribed, and the record of interview was provided to participants for them to review and edit prior to final approval. This provided an opportunity for interviewees to redact any potentially operationally sensitive information that may have been inadvertently released in the interview as well as ensure the accuracy of the transcript. In accordance with the research agreements, participant’s names were redacted and random titles applied (such as Analyst No. 1).
Each transcript was entered into QSR Nvivo 11 for analysis. An initial examination of each transcript resulted in the identification of a number of broad themes/categories, such as ‘capabilities of social network analysis’, ‘limitations of social network analy- sis’, ‘training’, and ‘software/information technology’ (see Guest et al. 2014). Addi- tional sub-categories were generated on the basis of emergent themes arising from
Trends Organ Crim (2018) 21:278–294 281
interviewee data, particularly responses to questions concerning the uses, benefits and challenges of SNA. For example, ‘limitations of social network analysis’ encompassed sub-categories such as ‘data challenges’, ‘boundary specification’ and ‘resource con- straints’. This allowed for the key findings of the interviews to become apparent and for cross-referencing of data across interviewees.
Findings
Analysts’ understanding of social network analysis
One of the initial questions put to participants was: What is your understanding of network analysis in a criminal intelligence context? Interviewee responses to this question can essentially be divided into two of the three generations of network analysis development described by Klerks (1999). The first generation consists of basic hand drawn link charts and ‘maps with coloured pins’ (Klerks 1999, p. 60). The second is essentially the partial automation of the first generation using various analytical tools, including Analyst Notebook, UCINET, Pajek and ORA (Organization Risk Analyzer). The third generation involves the use of various mathematical computations to calcu- late the overall structure of a network and the individuals within it, which are increasing in number and sophistication (Borgatti et al. 2013).1
A third of those interviewed described network analysis in line with what would be considered the second generation of network analysis, or often more commonly referred to simply as ‘link analysis’. As explained by one analyst, ‘so it’s more of a pictorial view or presentation rather than a list or report or a story; it’s more of a pictorial presentation of activity’. The remaining analysts described network analysis more in line with SNA:
So, for network analysis we are basically looking at people who form points or nodes in the network and they have identifiable links between one person and another, […] you click on Social Network Analysis, what do you want, do you want Eigenvector, Degree and Betweeness and Closeness, and I think K-Core is a new one […] and you tick them all and you get these scores.
It may show who is central to the network which is the degree centrality and other measures such as closeness centrality and betweeness centrality.
There are several possible explanations for the inconsistencies in analysts’ descrip- tions of network analysis. One concerns inconsistencies in, and the availability of, training – an issue explored in more detail in subsequent sections. Another explanation is that this is in part a by-product of the myriad of different analysis terms in circulation, including crime pattern analysis, criminal network analysis, link analysis, visual link analysis, statistical link analysis, dynamic network analysis and social network analysis
1 Some analytical tools like Analyst Notebook have over time been updated to include third generation mathematical computations making the distinction between second and third generation tools ‘somewhat fuzzy’ (Wiil 2013, p. 8).
282 Trends Organ Crim (2018) 21:278–294
(Carley 2006; Duval et al. 2010; Hutchins and Benham-Hutchins 2010; Karthika and Bose 2011; van der Hulst 2009). While at times these approaches are all viewed as independent, at other times they are used interchangeably and simply come under what has become an umbrella term, ‘network analysis’ (Klerks 1999). The lack of a common language is clearly problematic for understanding and applying network analysis in any context, perhaps especially within law enforcement where agencies are required to increasingly work together.
Analysts’ experience of social network analysis
One of the ways in which analysts were using SNA, unsurprisingly based on their definition of network analysis in the previous section, is to simply create a visual representation of the criminal network they are targeting. For example, one analyst believes that SNA allows you to create ‘an overall picture or overall view, it can present a vast amount of data in one group or one presentation, whereas to do that in the conventional method would take ages and ages; it’s not possible to present that look.’ Furthermore, it has been well established that SNA is capable, or at least potentially capable, of identifying structural vulnerabilities in a network (Bright et al. 2015a; Cockbain et al. 2011; Malm and Bichler 2011; Morselli 2010). Again, it is perhaps not surprising, then, that this is exactly how SNA is being used by several of the analysts interviewed:
What I’m usually drawn to, is to go, who’s the bridging person between this group of offenders and that group of offenders, because in network analysis that’s a weak point, if we can cut that, any common benefits between these two groups will, in theory, be snipped, gone.
It just helps to make it clearer who are the more powerful players that might not be obvious. You might have a whole bunch of people, you know little bits of information about them, it’s a whole web and nothing stands out in particular. […] social network analysis and the different centralities might help you understand who might be more senior, where you might want to position certain resources, where weaknesses are, which is critical, and even where information is missing.
However, despite the extensive academic literature supporting the use of SNA to identify structural vulnerabilities and important individuals in ‘dark’ networks (Bright et al. 2015b; Morselli 2010), it quickly became apparent that a far more common use of SNA by the analysts interviewed is attempting to identify further avenues of enquiry or persons of interest. For example, one analyst states that ‘it’s often used in criminal intelligence as […] an initial point to suggest avenues of enquiry.’ According to another analyst, this means: ‘you’re using the network analysis to direct the flow of the investigation in a more efficient way, then ultimately it can result in better outcomes, quickly resolve a series of offending’s or better identification of offenders or co- offenders or other persons of interest that would help progress the investigation.’
This is an interesting finding as it suggests analysts are predominantly using SNA as a way of identifying individuals who were not previously on the radar of law enforce- ment agencies (see also Johnson and Reitzal 2011). A driving force behind analysts
Trends Organ Crim (2018) 21:278–294 283
using SNA in this way is the direction they are provided. For example, when asked if detectives/investigators are wanting information on individuals who hold brokerage positions – a point in a network considered to be of structural importance (Borgatti 2006; Morselli and Roy 2008) – one analyst responded that ‘Detectives tend to be very focused on evidentiary stuff, that’s a fact of life, sometimes they’re interested or curious, but often they will go ‘that’s really interesting but what can I do with it?’. Similarly, another analyst responded that ‘I think a lot of the time, it’s useful informa- tion, is it actionable right there and then? Probably not.’ It is important to note that this does not mean that individuals identified as potentially of importance to a criminal network that detectives were previously unaware of will not eventually become targets for disruption; however, based on the interviews conducted, this was not the primary motivation for using SNA as it often has been for researchers.
Finally, some analysts reported using SNA as a way of determining the importance of new information as it comes to light. As is explained by one analyst,
It’s usually identifying the significance of new information as it comes in. Like I said, if you've got a person of interest and you could map their associations and you've got another person of interest and you map their associations and […] then you say well this set of people have no interaction with this set of people. But then a little later on in the investigation another name might come up, if you've set up your Analyst Notebook chart correctly, then it will join the links for you and go this name is the same as this name and draw the links, and then you can go oh right, this new person is the bridge between that person […] and that tells you okay, that’s something interesting, that’s something significant.
This is an interesting finding. It would suggest that in some instances once an analyst had conducted an initial SNA it is not too difficult to include new information as it comes in and to provide some insight into the value of that information.
Although analysts were using SNA in different ways and having different levels of success with it, each analyst struggled to overcome Sparrow’s (1991) classic typology of challenges associated with criminal networks as well as a number of what we call ‘characteristics of law enforcement’.
Characteristics of criminal networks
It was evident early on that many of the challenges analysts face when attempting to use SNA can be largely grouped under the four characteristics of criminal networks outlined by Sparrow’s (1991); the size of criminal network databases; the incomplete- ness of data; the difficulty in determining the boundaries of a network or fuzzy boundaries; and the dynamic nature of criminal networks. In this section, we revisit these characteristics and seek to understand whether and how they continue to exist.
Size
Sparrow (1991) highlighted the fact that criminal intelligence databases can be incred- ibly large and that data sets of this size may be difficult to process. With the rise of the
284 Trends Organ Crim (2018) 21:278–294
‘information age’ and over two decades of research and technological development (Arquilla 2014; Medina 2014), this is likely to be an even more pressing issue. As put by one analyst, ‘You are constrained by the power of the software, I've nearly broken Analyst Notebook, I did ring them up and ask, how much [data] can I actually put in?’. This would suggest that intelligence analysts may be significantly inhibited in their ability to use SNA by the choice of which analytical tools are made available to them. Furthermore, the issue of large datasets, or what is commonly referred to as data or information overload, is a challenge that has only gotten worse for law enforcement. As is explained by Décary-Hétu and Dupont (2012), in the past law enforcement were focused on physical surveillance, paper trails and phone taps, whereas law enforcement now also deal with a wide variety of other information such as emails, text messages, computer hard drives, and cell phones. This issue was certainly evident among analysts that were interviewed:
We [collect] information from a number of sources, either nationally, internation- ally, or from within the state, that could come from members of the Police, could come from members of the public, it might come through another means, informers, there could be a listening device somewhere that talks about this, that, and the other thing.
While this certainly opens up more sources of vital information, it can also cause problems, ‘when you have a lot of data it just can’t be presented in its entirety’. Furthermore, as one analyst explains, there are trade-offs because although ‘intelligence analysts will want more information, […] that can also create a great deal of distraction’.
Incompleteness
The second challenge concerns the inevitable incompleteness of criminal network data, which is not randomly distributed but rather a by-product of inherent biases in law enforcement investigative methodology. This was certainly evident in the interviews conducted, as is explained by one analyst:
The other main limitation in my view is that the relationships that we can deduce from data is sometimes skewed by the nature of the type of data that we are using. So often it is data about prior engagements with police in a whole variety of different environments, […] but whether they form a representative picture of the most significant relationships that person has, or a complete picture. It’s possible in some families [crime families] that are constantly interacting with the police that we have that picture, but it’s likely in many others that we have nothing like the full picture and we may not have the most significant relationships recorded at all.
It was also observed that incompleteness can be caused by other factors. For example, analysts may have gaps in their data due to differences in how long infor- mation is held by other organisations and the public:
Trends Organ Crim (2018) 21:278–294 285
How long information is kept is an issue, because if somebody doesn’t hang onto data then obviously you can’t use it. Locally that’s seen if there is surveillance footage from a 7/11 or a service station or a shopping centre, that’s great stuff, you can use that sometimes. But you have to jump onto it straight away because they only keep that thing for two weeks, sometimes a month, sometimes a week, some places only keep it for a few days. If Police haven’t turned up in a few days to say hang on we need such and such, it gets written over, that just comes down to their finances.
This has clear implications as it means there are likely to be instances where valuable sources of relational data are ‘lost’ due to law enforcement agencies not getting to the source in time.
A further data challenge is that it can be difficult for analysts to determine what is relevant and irrelevant data: ‘if you are doing call charge record analysis, you might find like, who is 04110*****, who is this master criminal who knows all my persons of interest, and its Optus Voicemail and so that’s the problem, some of these things that join everything together, it’s just an artefact of society or just how things are structured in terms of this data.’23 Analysts may end up wasting time on data that is not of significance to their investigation. Things are further complicated for analysts by the unpredictable rate with which data becomes available: ‘some investigations it changes on an hourly bases the information, so you might check something and find that there’s nothing there, by the afternoon there’s a tonne of information and you just think where the hell did that come from, so yeah, you have to be constantly checking.’ In some instances this may discourage analysts from using SNA as it remains a relatively time-consuming process.
Fuzzy boundaries
The third challenge, fuzzy boundaries, concerns the difficulty in determining which indi- viduals and ties to include and exclude from an analysis. This is a well-known challenge for researchers (Athey and Bouchard 2013; Borgatti et al. 2006; Burcher and Whelan 2015; Duijn et al. 2014) and practitioners. As is explained by one analyst, ‘one of the tricky parts is trying to identify who is and who isn’t a part of that network or that group of offending. You can come across people who might be together but are they just mates or are they co- offenders or are they both and how do you understand that?’ The implications of not properly defining the boundary of a network is discussed by another analyst:
I walked in towards the tail end of an operation which had been running for a year and they had […] this absolutely enormous print out that was meters long and a good metre high and three or four meters long and it just had hundreds of entities, persons, cars, phones, addresses, businesses and they had started an operation looking at a couple of offenders […]. And what they hadn’t done at the start of
2 Call charge records is data that is recorded by telecommunication equipment about communication transactions, such as phone calls, text messages (SMS), and image and video messaging (MMS). In Australia, such data can be requested from telecommunication providers with a warrant. 3 Optus is an Australian telecommunications provider. The phone number mentioned here is the number people call to hear their voice messages.
286 Trends Organ Crim (2018) 21:278–294
the operation, they hadn’t clearly identified the scope of how far they would go, who would they look at, what offences, they would look at individuals directly related to or indirectly related by however many degrees of association. So parameters for the investigation hadn’t been firmly set or if they had the guys had forgotten about them […].
The impact of not properly defining the boundaries of an investigation, and in turn a network analysis, can be quite profound as law enforcement agencies may waste scarce resources. While some strategies for clearly defining the boundaries of a network have been developed (see Laumann et al. 1992), the method used by analysts appears to involve the use of Intelligence Product Proposals (IPPs) that outline the scope of the investigation.4 One analyst believes that investigations getting out of hand is less of an issue today due to the introduction of IPPs and the fact that ‘enough people have been involved in enough investigations that have become unwieldy to say okay we need to define what we’re doing’. Despite the improvement in investigative planning, the reality is that criminal networks will invariably have artificially defined boundaries, meaning there is still the potential to miss key actors by setting the boundary too tight, or being distracted by too much data by setting the boundary too wide.
Dynamic
The final challenge outlined by Sparrow (1991) is the fact that social networks are dynamic in nature; that is, they are constantly changing. This can include individuals entering or exiting a network, connections growing stronger or weaker, and changes in the leadership or capabilities of a particular network. The dynamic nature of criminal networks has been well documented (Duijn et al. 2014; Mullins 2012a; Xu and Chen 2005), but relatively few studies have looked to conduct longitudinal research on criminal networks in an effort to determine the rate at which they change or the drivers of such change (Bright and Delaney 2013; Charette and Papachristos 2017; Everton and Cunningham 2012; Morselli and Petit 2007). The dynamic nature of criminal networks was something that analysts were also well aware of:
One time they might work with this person on an import and another time they might work with this person, can this person get the commodity that I need […]. So, it’s very fluid at the moment and that’s what we’re seeing and we do see old networks crop up regularly. And we recognise a lot of those names but we also see new names crop up and people we didn’t think would associate or do business together, might have had conflict in the past, but for the sake of money and business we'll do business again.
There is, as such, the potential for any network analysis to be quickly out of date. In addition to some of the challenges already noted – such as incomplete datasets and fuzzy
4 Intelligence Product Proposals are used by Victoria Police. New South Wales Police have a similar system called Intelligence Collection Plans.
Trends Organ Crim (2018) 21:278–294 287
boundaries – this would suggest that any action taken by law enforcement against a criminal network based on the findings of SNA must be approached with great caution.
Despite over two-and-a-half decades of research examining the application of SNA as an investigative tool, including a profound uptake in interest in this field (Borgatti et al. 2009; Bouchard and Amirault 2013; Mullins 2012b), the challenges of criminal networks highlighted by Sparrow (1991) continue to exist 25 years later. However, what has been explored to a much lesser degree is the potential for the organisational characteristics of law enforcement agencies to also impact on the use of SNA when applied in an operational context.
Characteristics of law enforcement Organisations
The organisational environment in which analysts operate can greatly impact their ability to use analytical tools like SNA. While the generalisability of these organisational character- istics are limited to an extent, particularly due to data being limited to two law enforcement organisations, issues such as organisational strategy or priorities, resources and training, and security and privacy concerns are likely to be found to varying degrees in most law enforcement and criminal intelligence agencies.
Organisational strategy and direction
The first organisational characteristic identified concerns the organisational direction or focus of the agency. As one analyst explains:
Operationally things are flavour of the month for a period of time, even if it’s a protracted investigation it might be 12 months or more you’re still only looking at a certain number of people for that amount of time, then the next shinny ball or whatever will come up […]. So it’s a different sort of beast to try and compare to previous times we’ve looked at them, so it will be different players, therefore, you are doing a whole new network analysis really cause there are whole new dynamics there.
Therefore, due to the targeted and relatively short-term nature of investigations, analysts are inhibited in their ability to monitor changes in criminal networks over time. The rapid change between investigations also means there can be a lack of evaluation and, in one analyst’s view, a missed opportunity to use SNA effectively:
When we finish an investigation we just go, yep, box it up, put that over there, let’s just forget about it and never go back to it again, when really that’s the time when we should be going back and doing those little extra bits of network analysis that either prove the way that we were looking at it was right or show us where we were going wrong, learn those lessons and be able to use those in the next one. We still aren’t mature enough to do that as an organisation.
While the organisational strategy and direction will vary considerably from one law enforcement agency to another, it is likely to be a common theme that limits the extent to which analysts can use SNA effectively.
288 Trends Organ Crim (2018) 21:278–294
Resourcing and training
The availability of suitable software and information technology is critical for analysts to be able to conduct SNA. However, half of those interviewed highlighted a number of chal- lenges they face in regards to software and information technology.5 For example, one analyst noted that they have to ‘know upwards of 40 programs’ and that currently their ‘systems don’t talk to one another’. It is widely known that there are extensive challenges with the design and use of information technology within police organisations in most countries, suggesting these are in no way unique to any of the agencies involved (Sanders and Henderson 2013; Sheptycki 2004; Whelan 2012). The impact of technical difficulties is neatly summarised by one analyst:
From an operational point of view, probably still the biggest thing to us is that we've probably got access to a major amount of information that we're not able to fully assess properly and that’s more down to the tools that we've got to assess it with. We should not be at a point where we are […] manually mapping networks […], it should be far more automated in the way that we do it.
The ability to process available data and the fact that ‘technology changes daily’, as one analyst noted, is something law enforcement agencies have long struggled to reconcile (Brodeur and Dupont 2006). Closely related to the challenges around software/information technology is the availability of suitable training. As is explained by one analyst:
The problem is these programs are coming out more sophisticated [but] my level of expertise will not be able to match the product and what it can offer. So essentially I’m given the keys to a Ferrari but number one, I’m driving around in a VW, and number two I’m still operating a manual whereas I should be switched on to almost operating a jumbo jet.
To reinforce the point that training in appropriate software and SNA techniques is essential, one analyst emphasises that ‘throwing more human resources into things isn’t necessarily the answer’, and that ‘skilling them up and giving them the tools that they actually require and understanding some of the concepts’ will decrease the ‘disconnect between the theory that’s out there and actually how we might use it.’ Two thirds of those interviewed felt this is a symptom of general resource constraints faced by law enforcement agencies. As one analyst put it, ‘we are always trying to do more with less, and that’s absolutely open, common knowledge, and every organisation is the same’.
Operational security and privacy
A further organisational characteristic that can impact on an analyst’s ability to use SNA effectively concerns security and privacy legislation. For example, there are times
5 The organisations involved are aware of a number of these challenges. For example, Victoria Police’s Blue Paper (2014), a strategic outline for the organisation over the coming decade, outlines a number of current deficiencies with their IT systems.
Trends Organ Crim (2018) 21:278–294 289
when analysts have access to useful network data but it is essentially rendered ineffectual as not everyone within the organisation has appropriate clearance levels to view such data. As such, where analysts may apply SNA the results of the analysis may not be able to be shared with other key stakeholders, including those who may wish to take action from that analysis. This is explained by one analyst: ‘AUSTRAC, for example, there’s bits in there that are very helpful for financial analysis but there are certain parts of that that there is no way we can put that in a report that would be easily disseminated out to other areas’.6 Concerns around privacy and also specific privacy legislation can also limit an analyst’s ability to access data. For example, one analyst explains the process of obtaining information from social networking sites:
Hypothetically, Facebook, the most popular, is based in the United States. If we want to try to get a warrant for content off a particular site we have to make an application through the Attorney-General's office in Canberra to get a warrant converted to an international warrant and then it's served on them over there.
This is an area that requires further research as quite clearly the impact of internal security policy and privacy legislation will vary considerably from jurisdiction to jurisdiction. However, based on the interviews conducted, the impact of such policy and legislation can be profound.
Discussion and conclusion
While it is clear that our understanding of criminal networks and analytical tools like SNA have advanced considerably over the last few decades, we still know comparatively little about the use of such tools in operational law enforcement environments (Duijn and Klerks 2014; Johnson and Reitzal 2011; Mullins 2012a). This study attempted to contribute to this gap in our knowledge by conducting semi-structured interviews with intelligence analysts from two Australian state law enforcement agencies. It must be conceded that there are limitations with this study. The relatively small sample size of interviewees and the fact that they are only from Australia somewhat limits the generalisability of the findings. However, the findings do offer a unique insight into how analysts are actually using SNA and, in particular, some of the many challenges they face.
The findings from this study suggest that many analysts hold slightly different understandings of SNA and use it in a variety of ways. One of the key findings was that researchers and practitioners may be focused on slightly different areas. For example, although a considerable amount of literature has focused on identifying structural vulnerabilities in criminal networks (Bright et al. 2015a; Bright et al. 2012; Koschade 2006; Malm and Bichler 2011; Morselli 2010), analysts tended to simply use SNA as a way of identifying avenues of enquiry. For example, analysts were using SNA to identify individuals that detectives/investigators were unaware of or had shown little attention to. This is clearly an important subject for further research as the gap
6 AUSTRAC (Australian Transaction Reports and Analysis Centre) is an Australian Government department tasked with anti-money laundering and counter-terrorism financing which includes its own specialist financial intelligence unit.
290 Trends Organ Crim (2018) 21:278–294
between the capabilities of SNA, as reported in the academic literature, compared with how it is actually being used by law enforcement practitioners is only likely to continue to increase as researchers develop new concepts and network measures as well as tools able to handle larger volumes of data. This issue is summarised by one analyst, ‘you sit there academically and go wow I have this fantastic system called Analyst Notebook 8, whatever it might be, there you go guys, get into it, and we sit there going, can we get some training?’.
In line with previous studies, such as Duijn and Klerks (2014), one of the primary findings of this study was that the challenges associated with the characteristics of criminal networks first highlighted by Sparrow (1991) are very much present today. The size of criminal network data sets and the potential for them to result in ‘data overload’ is an increasing challenge for law enforcement. As explained by interviewees, data overload can be a significant distraction and essentially inhibit an analyst’s ability to conduct SNA, suggesting that this is an important subject for further research. Based on interview findings, this research should focus on greater automation of data processing and further insight into what should be considered relevant and irrelevant information. Criminal network data will almost always be incomplete due to the potential for bias in the data collected as a result of the subjective focus of investigators. The interviewees also highlighted the fact that incom- plete datasets can be the result of factors outside of their control, including differences in how long information is held by other organisations and by the public. Finally, the difficulties of fuzzy boundaries and the dynamic nature of criminal networks appear to remain consider- able challenges for analysts. Improper boundary specification, amongst other things, can result in unnecessarily large investigations, while the fact that criminal networks are constantly changing makes the monitoring of such groups over time particularly difficult.
Understandably the characteristics of criminal networks have remained the focus of researchers and practitioners for some time. However, the general environment in which intelligence analysts operate and the potential for that to impact on their ability to conduct SNA has received considerably less attention. It was found that the overall direction of an organisation or in the case of law enforcement, the focus of an investi- gation, can restrict an analyst’s ability to monitor changes in criminal networks over time. Furthermore, it quickly became apparent that the availability of suitable software/ information technology and training was absolutely critical. Issues raised by inter- viewees included software that was unable to process large amounts of data, systems/ databases that did not communicate with one another and training that was inconsis- tently available. It was also noted that while such challenges will vary from agency to agency, in general, these are issues that are likely to apply across the spectrum of law enforcement. Finally, the usability of SNA could be impacted considerably due to concerns around security and privacy legislation, meaning there are times when analysts may be unable to widely disseminate any findings or even take action from them should they wish to. We argue that these organisational characteristics need to be given at least as much attention as the criminal network characteristics, if we are to truly understand the prospects of SNA as a tool for law enforcement. As succinctly explained by one analyst, ‘between the availability of data, the people, the competency level of the people looking at it and the tools they've got to use […], it makes the theory very hard to accomplish in the real world.’
Based on these findings we offer the following recommendations for researchers and practitioners interested in the application of SNA to criminal intelligence analysis. As noted
Trends Organ Crim (2018) 21:278–294 291
earlier, the sample size of this study means its generalisability is somewhat limited. Therefore, the first suggestion is that we need further research across a range of jurisdictions, both nationally and internationally, to assess the extent to which these organisational characteristics apply elsewhere. This research may also identify other potential challenges that currently impede the capacity of analysts to leverage SNA in operational contexts. Ideally, this research would also capture analysts with a range of experience using SNA and the challenges they face reflecting their different levels of sophistication. The second suggestion, which pertains to law enforcement agencies, is that many analysts seemed to express a certain level of frustration with their current tools and technologies and, more particularly, training. We have no doubt that the management of these agencies are aware of these frustrations, but it does seem to be the case that more advanced and consistent training would greatly benefit the capacity of analysts to leverage techniques like SNA. This brings us to our third suggestion, which is for greater collaboration between researchers and practitioners. While this relationship will advance the quality of research in this field, particularly by law enforcement agencies providing researchers with greater access to official data sources (Duijn and Klerks 2014; Johnson and Reitzal 2011; Morselli 2009), it is worth noting that researchers could assist law enforcement with developing more sophisticated training packages concerning the application of SNA. This is therefore a mutual benefit to fostering closer collaboration that is unfortunately yet to be realised.
Acknowledgements The authors would like to sincerely thank Victoria Police and New South Wales Police Force for their involvement, and in particular, the analysts that gave up their time to be involved with this study. The authors would also like to thank the anonymous reviewers for their critical input on an earlier version of this article.
Compliance with ethical standards
Funding This study was not funded.
Ethical approval All procedures performed in studies involving human participants were in accordance with the ethical standards of the institutional and/or national research committee and with the 1964 Helsinki declaration and its later amendments or comparable ethical standards.
Informed consent Informed consent was obtained from all individual participants included in the study.
Conflict of interest The authors – Morgan Burcher and Chad Whelan – declare that have no conflict of interest.
References
Arquilla J (2014) To build a network. PRism 4(1):22–33 Athey NC, Bouchard M (2013) The BALCO scandal: the social structure of a steroid distribution network.
Glob Crime 14(2–3):216–237 Borgatti S, Everett M, Johnson JC (2013) Analyzing social networks. SAGE Publications, London Borgatti SP (2006) Identifying sets of key players in a social network. Comput Math Organ Theory 12(1):21–34 Borgatti SP, Carley KM, Krackhardt D (2006) On the robustness of centrality measures under conditions of
imperfect data. Soc Networks 28(2):124–136 Borgatti SP, Mehra A, Brass DJ, Labianca G (2009) Network analysis in the social sciences. Science 323:892–895 Bouchard M, Amirault J (2013) Advances in research on illicit networks. Glob Crime 14(2–3):119–122
292 Trends Organ Crim (2018) 21:278–294
Bright DA, Delaney JJ (2013) Evolution of a drug trafficking network: mapping changes in network structure and function across time. Glob Crime 14(2–3):238–260
Bright DA, Greenhill C, Levenkova N (2014) Dismantling criminal networks: can node attributes play a role? In: Morselli C (ed) Crime and networks. Routledge, New York
Bright DA, Greenhill C, Reynolds M, Ritter A, Morselli C (2015a) The use of actor-level attributes and centrality measures to identify key actors: a case study of an Australian drug trafficking network. J Contemp Crim Justice 31(3):262–278
Bright DA, Greenhill C, Ritter A, Morselli C (2015b) Networks within networks: using multiple link types to examine network structure and identify key actors in a drug trafficking operation. Glob Crime 16(3):1–19
Bright DA, Hughes CE, Chalmers J (2012) 'Illuminating dark networks: a social network analysis of an Australian drug trafficking syndicate', Crime. Law Soc Chang 57(2):151–176
Brodeur J-P, Dupont B (2006) Knowledge workers or "knowledge" workers? Polic Soc 16(1):7–26 Burcher M, Whelan C (2015) Social network analysis and small group ‘dark’ networks: an analysis of the
London bombers and the problem of ‘fuzzy’ boundaries. Glob Crime 16(2):104–122 Carley KM (2006) Destabilization of covert networks. Computational Math Organisation Theory 12(1):51–66 Charette Y, Papachristos AV (2017) The network dynamics of co-offending careers. Social Networks.
doi:10.1016/j.socnet.2016.12.005 Cockbain E, Brayley H, Laycock G (2011) Exploring internal child sex trafficking networks using social
network analysis. Policing 5(2):144–157 Décary-Hétu D, Dupont B (2012) The social network of hackers. Glob Crime 13(3):160–175 Duijn PAC, Kashirin V, Sloot PMA (2014) The relative ineffectiveness of criminal network disruption.
Scientific Reports 4:1–15 Duijn PAC, Klerks PPHM (2014) Social network analysis applied to criminal networks: recent developments
in Dutch law enforcement. In: Masys AJ (ed) Networks and network analysis for Defence and security. Springer, Heidelberg, pp 121–159
Duval, RD, Christensen, K & Spahiu, A (2010), 'Bootstrapping a terrorist network', paper presented to Southern Illinois University Carbondale, <http://opensiuc.lib.siu.edu/cgi/viewcontent.cgi?article=1017 &context=pnconfs_2010>.
Everton SF, Cunningham D (2012) Detecting significant changes in dark networks. Behav Sci Terror Polit Aggress 5(2):1–21
Framis AG-S, Regadera SF (2017) Static and dynamic approaches of a drug trafficking network. In: Leclerc B, Savona EU (eds) Crime prevention in the twenty-first century: insightful approaches for crime prevention initiatives. Springer International Publishing, Switzerland
Guest G, MacQueen KM, Namey EE (2014) Applied thematic analysis. Sage Publications, Thousand Oaks, California
Helfstein S, Wright D (2011) Covert or convenient? Evolution of terror attack networks. J Confl Resolut 55(5):785–813
Hutchins CE, Benham-Hutchins M (2010) Hiding in plain sight: criminal network analysis. Comput Math Organ Theory 16(1):89–111
Johnson, JA & Reitzal, JD (2011), Social network analysis in an operational environment: Defining the utility of a network approach for crime analysis using the Richmond City Police Department as a case study, Coginta, retrieved 8 August 2012, <http://www.dcaf.ch/Publications/Social-network-analysis-in-an- operational-environment-Defining-the-utility-of-a-network-approach-for-crime-analysis-using-the- Richmond-City-Police-Department-as-a-case-study>.
Karthika S, Bose S (2011) A comparative study of social networking approaches in identifying the covert nodes. Int J Web Serv Computing 2(3):65–78
Klerks P (1999) The network paradigm applied to criminal organisations: theoretical nitpicking or relevant doctrine for investigators? Recent developments in the Netherlands. Connect 24(3):53–65
Koschade S (2006) A social network analysis of Jemaah Islamiyah: the applications to counterterrorism and intelligence. Stud Confl Terror 29(6):559–575
Krebs V (2002) Mapping networks of terrorist cells. Connect 24(3):43–52 Laumann EO, Marsden PV, Prensky D (1992) Research methods in social network analysis. Transaction
Publishers, New Brunswick, New Jersey Malm A, Bichler G (2011) Networks of collaborating criminals: assessing the structural vulnerability of drug
markets. J Res Crime Delinq 48(2):271–297 Malm A, Bichler G (2013) Using friends for money: the positional importance of money-launderers in
organized crime. Trends Organ Crime 16(4):365–381 Maxfield MG, Babbie ER (2011) Research methods for criminal Justice and criminology. Wadswroth
Cengage Learning, Belmont, CA
Trends Organ Crim (2018) 21:278–294 293
Medina RM (2014) Social network analysis: a case study of the Islamist terrorist network. Secur J 27(1):97–121 Morris JF, Deckro RF (2013) SNA data difficulties with dark networks. Behav Sci Terror Polit Aggress 5(2):
70–93 Morselli C (2009) Hells Angels in springtime. Trends in Organised Crime 12(2):145–158 Morselli C (2010) Assessing vulnerable and strategic positions in a criminal network. J Contemp Crim Justice
26(4):382–392 Morselli C (ed) (2014) Crime and networks. Routledge, New York Morselli C, Petit K (2007) Law-enforcement disruption of a drug importation network. Glob Crime 8(2):109–130 Morselli C, Roy J (2008) Brokerage qualifications in rigning operations. Criminology 46(1):71–98 Mullins S (2012a) Social network analysis and counter-terrorism: measures of centrality as an investigative
tool. Behav Sci Terror Polit Aggress 5(2):115–136 Mullins S (2012b) Social network analysis and terrorism: an introduction to the special issue. Behav Sci Terror
Polit Aggress:1–3 Rodriguez, JA (2005), The March 11th terrorist network: In its weakness lies its strength, CiteSeer, retrieved 7
August 2012, <http://www.ub.edu/epp/wp/11m.PDF>. Sanders CB, Henderson S (2013) Police ‘empires’ and information technologies: uncovering material and
organisational barriers to information sharing in Canadian police services. Polic Soc 23(2):243–260 Schwartz DM, Rouselle T (2009) Using social network analysis to target criminal networks. Trends Organ
Crime 12(2):188–207 Sheptycki J (2004) Organizational pathologies in police intelligence systems: some contributions to the
lexicon of intelligence-led policing. Eur J Criminol 1(3):307–332 Sparrow MK (1991) The application of network analysis to criminal intelligence: an assessment of the
prospects. Soc Networks 13(3):251–274 van der Hulst RC (2009) Introduction to social network analysis (SNA) as an investigative tool. Trends Organ
Crime 12(2):101–121 Victoria Police (2014), ' Victoria Police blue paper: A vision for Victoria Police 2025′, <http://www.police.vic.
gov.au/content.asp?Document_ID=42063>. Whelan C (2012) Networks and national security: dynamics, effectiveness and organisation. Ashgate, London Wiil UK (2013) 'Issues for the next generation of criminal network investigation tools', paper presented to
European intelligence and security informatics conference. Uppsala, Sweden Xu J, Chen H (2005) Criminal network analysis and visualization. Commun ACM 48(6):100–107
294 Trends Organ Crim (2018) 21:278–294
Trends in Organized Crime is a copyright of Springer, 2018. All Rights Reserved.
- Social...
- Abstract
- Introduction
- Method and design
- Findings
- Analysts’ understanding of social network analysis
- Analysts’ experience of social network analysis
- Characteristics of criminal networks
- Size
- Incompleteness
- Fuzzy boundaries
- Dynamic
- Characteristics of law enforcement Organisations
- Organisational strategy and direction
- Resourcing and training
- Operational security and privacy
- Discussion and conclusion
- References