Smart Tooling for Intelligence vs Evidence

Investigators and Analysts are faced with an increasingly challenging problem: the volumes of data which they are expected to process, understand, prioritise, and act upon is enormous. The impact this has on day-to-day operations is accelerating, whether officers are dealing with OSINT, seized media, smash-and-grab CNE operations, or IP Act regulated intercept product.

The rate of content creation has increased exponentially in the last decade. Every single day, tens of thousands of hours of video are uploaded to YouTube, over 80 million photos are uploaded to Instagram, and Wikipedia sees over 500 new articles added. Most of this content is time-consuming to produce, reasonably carefully considered, intentionally created, and at least somewhat curated; it does not begin to consider the magnitude of the digital trails left by us all in private structured datasets, semi-curated life updates and musings on social media, or the vast trove of sub-surface content created and managed away from the prying eyes of the surface web. In a few short months, the rate at which synthetic content is produced, with the aid of AI models, is likely to outstrip the ability of the human race to curate it or even consume it.

What does this mean for investigations?

Without a change in working practices, the requirement to manually inspect and investigate every media item encountered will result in a complete denial-of-service on the criminal justice system. Investigations and operations will have three options:

1. Drastically increase staffing to cope with the amount of data that must be manually handled;
2. Accept that the quality of casework will suffer because it simply isn’t possible to review everything with the resources they have available; or
3. Work smarter, radically increasing the speed with which new technology can be deployed to benefit an investigation, making better use of the officers deployed on that case.

We cannot, and should not, change the standard of evidence

No Freeman shall be taken or imprisoned, or be disseised of his Freehold, or Liberties, or free Customs, or be outlawed, or exiled, or any other wise destroyed; nor will We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the Land. We will sell to no man, we will not deny or defer to any man either Justice or Right. Magna Carta

The notion of Habeas Corpus dates back to the 12th century, and has been fully enshrined in UK law since Magna Carta¹ in 1215. The fact that investigations are becoming challenging is no reason to weaken the standard of evidence, or to deny (through negligence rather than malice) the right to a fair trial.

Instead, investigations must start to separate the processes they use for intelligence - developing lines of enquiry - from those used as evidence in court. In the intelligence space, it is possible to pull-through tooling from a wide supplier base on a per-investigation basis. It is still important that investigators understand the techniques at play, and are empowered by them to better navigate their investigative data. However, provided processes are in place to ensure no harm is done to the chain of evidence, the standards required of ISO17025 and the FSR need not apply to the testing of intelligence tools.

A path forward

Tools for intelligence need to be relevant to an investigation, they must be safe enough for use (a sort-of Hippocratic Oath for tech), and they have to enhance the ability of the investigator to do their job.

Once this standard is met, agencies tasked with the safety and security of the nation have a duty to use available technology to solve problems they will otherwise struggle to surmount. This shouldn’t be through a central procurement managed by an IT department: the time for agency-wide deployment of an analytic capability can come later, once it’s shown to be valuable. Reducing the friction to experimentation requires a cultural shift within Policing and in the National Security community - including a willingness to hold suppliers to account, and to terminate the use of products which don’t add sufficient value.

Humans should always have oversight of algorithms, and should always be empowered to confirm for themselves the judgements on which a case is built, prior to the preparation of evidence. Some technologies and techniques may meet the standard for evidence already; these are prime candidates for pull-through from intelligence to evidential tooling, with all of the relevant accreditation completed. But this should not stand in the way of rapid deployment and experimentation, leading to rapid operationally actionable insights: this will be necessary for officers to tame the data hydra once and for all.