How private social data makes a better crime story

Open source intelligence is an undeniably important source of information in a great many investigations, both civil and criminal. Public-facing posts to Facebook, Twitter, Vine, Pinterest, and other services can provide key evidence in cases involving insurance fraud, child exploitation, organized criminal activity, and harassment in or out of the workplace, among others.

However, open source intelligence is limited. People who act one way on public networks may behave very differently in private posts or messages, and may conceal key details in private messages. That means that without the data, investigators lack important context. In a recent survey of Cellebrite customers, nearly two-thirds reflected that data stored off the device and on the cloud was of critical concern to them.

Perhaps the most well-known example of the gap between public and private social data is the wave of street violence that occurred in north London, England in August 2011. As The Guardian reported, Facebook and Twitter only accounted for a small amount of communications around the unrest. Actively monitoring those services, police managed to deter violence in publicly named locations.

“However,” the news article went on to note, “the most powerful and up-to-the-minute rallying appears to have taken place on a more covert social network: BlackBerry Messenger (BBM)…. unlike Twitter or Facebook, many BBM messages are untraceable by the authorities.”

Social network analysis identifies likely sources of private contact

When an investigator considers the likelihood that s/he will need to obtain private social data, interviews with victims, witnesses and suspects are often a good place to start. Interviews can reflect communication patterns—apps and platforms used, modes of contact, etc.—among people involved in a case, and help narrow down the range of content to look for.

Also consider who is important enough for the victim or suspect to share information with. You can get a sense for this network from analyzing activity by the people they most frequently communicate with: those who like or comment on their posts, how frequently, in what context. Unusual communications from a loose acquaintance, depending on timing, can be as important as regular contact with a typical circle of people.

Social network analysis can also reveal relationship conflicts of interest, which can be important in fraud or insider threat cases. People who are not outwardly connected on social media may be communicating via email or private message, in accounts they don’t use to communicate with anyone else.

Public data can provide private leads

Consider, in addition, what is important enough for a victim or suspect to share information about. Images of material goods can indicate money spending habits or even outright crime. Their page likes and follows—the Guardian reported that initial activity related to the riots began on a public Facebook page—can provide clues about interests and activities which they may discuss privately.

Meanwhile, private content that is opposite to public postings, or to what the victim or witness has told you during interviews, can be used as leverage to find out what really happened. These contradictions can exonerate as well as implicate a suspect. And, if the case goes to trial, the contradicting content can impeach a witness’ credibility.

Understand cloud usage trends in your community

It’s important to maintain a strong sense of technological trends ongoing not just in the nation or the world, but in specific regions as well. The Guardian described in a later article how, in London, BlackBerry’s prepaid model allowed teens and lower-income people to afford the devices they used to coordinate their activities, without using cloud services.

Further, while BlackBerry Messenger communications are encrypted, and iOS and Android devices are heading that way as well, most social media services are not. That means that data unrecoverable from apps on the device, may still be available from cloud services themselves.

Even so, with mobile device manufacturers, third-party app developers, and online service providers taking more drastic measures toward improving their customers’ data security, government agents should take the steps they need to secure proper legal authority before accessing subjects’ private data. That could take the form of a search warrant, consent, or other documentation. It also means understanding the difference between true exigency, and the perception of exigency in a high-pressure situation such as a riot.

Don’t miss out on the critical evidence or intelligence that could help make a case. Download our solution brief to learn more about how the UFED PRO Series improves the context of an investigation.

Umbrella - blog banner