Is “Minority Report” pure fiction?

Minority-Report-editPosted by Douglas Wood.

Journalist Raj Shekhar had an interesting article in the Times of India this week.

It’s like PreCrime, only four decades early. The “predictive policing” system seen in the Tom Cruise blockbuster Minority Report is now taking shape in Delhi. But instead of the three slime-immersed psychic “Precogs” that system relied on, Delhi Police’s crime prediction will be based on cold, hard data.

Once Enterprise Information Integration Solution or ‘EI2S’—a system that puts petabytes of information from more than a dozen crime databases at police staff’s fingertips—is ready, Delhi Police will be able to implement its ‘Crime Forecast’ plan to predict when and where criminals will strike.

The technology is not as fanciful as it seems at first and is already being tried out in many important cities, including New York, Los Angeles, London and Berlin. Officers associated with the plan say the software will analyze police data for patterns, compare it with other data from jails, courts and other crime-fighting agencies, and alert police to the likely threats. Data will be available not only on the suspects but also their likely victims.

A global tender has been floated for the project and Delhi Police is in talks with various firms for the technology.

According to the article, the system can help pre-empt many situations. For example, a violent clash between two gangs. It can identify individuals who are likely to join gangs or take to crime in an area based on the analyses of their behaviour and network. It can also curb domestic violence by identifying a pattern and predicting the next attack, the article said.

It all boils down to spotting patterns in mountains of data using tremendous computing power. A police document about the plan states that investigators should be able to perform crime series identification, crime trend identification, hot spot analysis and general analysis of criminal profiles. Link analysis will help spot common indicators of a crime by establishing associations and non obvious relationships between entities.

Using neighbourhood analysis, police will be able to understand crime events and the circumstances behind them in a small area as all the crime activity in a neighbourhood will be available for analysis. Criminal cases will be classified into multiple categories to understand what types of crime an area is prone to and the measures needed to curb them. Classification will be done through profiles of victims, suspects, localities and the modus operandi.

Another technique, called proximity analysis, will provide information about criminals, victims, witnesses and other people who are or were within a certain distance of the crime scene. By analyzing demographic and social trends, investigators will be able to understand the changes that have taken place in an area and their impact on criminality.

Network analysis will also be a part of this project to identify the important characteristics and functions of individuals within and outside a network, the network’s strengths and weaknesses and its financial and communication data.

While the system could help fight crime and rid Delhi of its ‘crime capital’ tag, it is bound to raise concerns over privacy and abuse as no predictive system can be foolproof.

Biometrics and Authentication – A new world of possibilities

This article was written 842938_huella_dactilar_y_lectorby Sacha Breite, head of future payments at SIX Payment Services. It originally appeared here on July 20, 2015.

The search for a common, international standard of payment authentication is in full flow.

Governments, retailers, banks and (not least) consumers are all eager to find a means of confirming someone’s identity beyond any doubt, secure from external hacking and technologically reliable.

The situation has become more urgent with the wildfire spread of mobile technology, opening up countless opportunities for remote transactions, but placing a growing burden on payment systems to prevent fraud and theft, both of assets and identities.

So, what are the best ways forward?

Here are some of the key technologies, with an analysis of their pros and cons:

Fingerprints and vein recognition 

Already in common use at border controls and in many smartphones, fingerprint identification has become widely accepted. But concerns over its reliability and security has dissuaded banks from adopting it for payment authentication.

Some consumers fear that their fingerprint hashdata could be copied and used fraudulently, so they have switched back to pin ID. Younger consumers are more relaxed with the technology and ApplePay can be activated using fingerprint ID.

As technology develops and sensors are more widespread, some are concerned that their fingerprint ID could be captured simply by touching something, without realizing. The technology is likely to remain popular, but probably in combination with other forms of ID.

Facial recognition 

Another border control technology which is likely to spread into the commercial world, this once again raises reliability concerns. What happens if one’s face alters its appearance? Can someone be impersonated by showing an image of their face?

A number of extra aspects can tighten security: infrared scanners can tell the difference between a live person and an image; a 3D scan of someone’s head provides further authentication; and iris recognition is becoming more sophisticated.

The new ‘Hello’ function on Windows 10 includes a means of unlocking one’s computer simply by looking at it. So the prospect of going to an ATM, looking at it and then getting cash out, may be possible in future (though some people will object to being filmed, on privacy grounds).

Customers taking ‘selfies’ and using these as authentication, either as a still image or a video, is another emerging form of authentication. Recently MasterCard announced plans to pilot this solution and replace passwords in 3-D Secure protected payments.


Like our fingerprints and irises, everyone has a unique heartbeat. Using this for identification has the advantage that is it dynamic rather than static and therefore harder to replicate and proves that you are an actual human being.

The technology is part of many current and emerging devices, particularly for sports and fitness use, providing a ready means of integration with other systems, such as transactions or establishing ID.

Wearable technology, whether for health, fashion or communication, will give this type of authentication further impetus. So we can expect to see more of it in the years to come.

Beyond the technologies employed, there are further debates over whose responsibility it should be to develop any common standard. Governments are an obvious place to start, and indeed they have collaborated successfully to introduce border controls using biometric ID.

Yet transactions involving large amounts of money, especially ones using mobile devices, require greater security than this. People are physically present at border points and have to show their passports, so the biometrics are simply an additional security layer.

Most of the initiatives rolled out by governments using biometric ID authentication for health insurance (for example) have failed to work in the commercial sphere.

Card Schemes such as Visa and MasterCard would love to introduce such a system and have it commonly adopted internationally, since it would increase brand loyalty and probably win them new customers.

But so far, the lack of clarity over what kind of technology will be most widely accepted, by governments, consumers and by the legal world, has prevented any major financial service provider taking a leap of faith. Reliability, security and privacy issues remain unresolved.

In some ways, technology is leaping ahead of the best efforts of governments and banks, through applications like Google Street View and Google Image, where individuals can be identified through pictures taken of them without necessarily having their consent. And commercial services such as Amazon, PayPal and eBay have pioneered slimmed-down ID procedures, which may become more widely adopted.

An ever increasing amount of data is being stored on all of us, which will enable identification through many differing avenues. Irrespectively of the current position of biometrics and technology, it is vital for banking and payment infrastructure providers like SIX Payment Services, to provide high levels of security and reliability. In the near future we can expect further innovations to appear in this space, however it is still unclear which  will form the basis of a single global standard, until the dust has settled from the current burst of activity.

Medicaid Fraud – The NAMPI Conference Wrap

Posted by Douglas Wood, Editor.MedicaidFraud-2_jpg_800x1000_q100

The National Association for Medicaid Program Integrity (NAMPI) wrapped up its 31st annual conference yesterday (August 12) in New Orleans with the theme “Jazzing up Program Integrity in the Big Easy.” I’m glad that the conference itself was full of cool presentations and networking events, because the temperature outside was Hot Hot Hot! (Note to self: One ‘Hurricane’ at Pat O’Briens on Bourbon Street is enough.)

50 years after President Lyndon Johnson signed into law legislation creating two new national health insurance programs –  Medicare and Medicaid – the latter is the largest source of medical and health-related services in the US, providing healthcare to over 68 million Americans with a low income. As the number of enrollees continues to grow, so then does the challenge of maintaining program integrity and fighting the inevitable fraud that hurts us all.

As someone who markets technology solutions in the fight against fraud and crime, I found much of the conference to be right up my alley. As with any conference, much of the agenda was sponsored by vendors of data solutions and technology. Kudos to LexisNexis for sponsoring keynote speaker Elizabeth Smart, former kidnapping victim and advocate for children’s safety. Her story was a powerful way to begin the conference and the packed room was riveted by her story and courage.

NAMPI president John McCormick’s Monday morning remarks were short and sweet and set the tone for what turned out to be an excellent couple of days. In particular, I thought the breakout session on program integrity by the US Government Accountability Office was excellent, as well as a session discussing the facts and myths about Return on Investment. The panel included Illinois Inspector General Brad Hart, Ohio’s Lalita Jambhale, and Oklahoma’s Cindy Roberts. A session called Advanced Analytics was also well-attended and, in my opinion, one of the better forums.

There were several excellent vendor-specific sessions as well, most notably a session entitled “The Next Generation of Medicaid Program Integrity: Where Identity Data, Linking Technology, and Clearing Houses Intersect”, and a look at Missouri’s Medicaid Audit and Compliance programs sponsored by Truven Analytics.

A walk around the Exhibitor floor showed most of the usual suspects – HMS, Truven, SAS, IBM, and others. Each vendor had some uniqueness and most had interesting fraud detection and visual analytics. Still missing from the end-to-end solution equation, however, is an investigative case management system that is purpose designed for Medicaid fraud investigations. Most vendors talked a good talk… few could walk the walk in that area. And what about a biometrics play? Identity assurance is a key element to medical care, why not in program integrity? When will someone fill those voids?

Of note, 21CT was in attendance and had, from what I could see, one of the better overall demonstrations. Their Torch offering continues to impress. Also interesting, Appriss‘ continued push into the industry with their ever-growing database of incarceration records. All vendors performed well, and a full list of those sponsors and exhibitors can be found on the NAMPI Conference website.

Congratulations to NAMPI on an excellent conference, and here’s hoping that the ideas shared continue to put a dent in the billions lost to fraud each year.

The Killer B’s for financial crimes: Biographics and Biometrics

360_biometric_card_0322Posted by Douglas Wood, Editor.

Several years ago, I was part of the executive management team at an identity resolution software company that specialized in search, fuzzy match, and link analysis of disparate data. The technology was excellent at querying structured biographic data to determine ‘who’s who’, and ‘who knows whom’ across systems, but was not in-and-of-itself an identity management solution. Biographical data is great, but even greater if and when combined with other types of identity data.

According to the Federal Trade Commission (FTC), approximately 12 million people are victims of identity theft each year. The implications for consumers are well-documented… hence the existence of all those identity protection services we see advertised on TV most nights. The impact of identity fraud on commercial business is significantly understated, yet wreaks havoc on banks, insurers, retailers, and just about any other mainstream business you can think of.

Criminal activities and economic challenges have always powered the requirement to protect people, information, and valuable assets. Within these requirements has long rested an opportunity to address these challenges by properly identifying end-users, managing their activities, and authorizing transactions.

Traditionally, businesses use passwords, tokens, and biographic data (names, addresses, SSN, etc) to resolve the identity of an individual interacting with a system. More recently, the use of biometrics (fingerprint, facial, and iris recognition) has substantially improved the identity resolution process. According to studies by Frost & Sullivan, biometrics solutions provide the best-known means of identity assurance.

The blending of biographic and biometric data (The Killer B’s) is a growing field that uses identity resolution of biographic data to further augment the powerful biometric component of identity assurance.

Biometric identity resolution and identity management have been functionally disconnected in the past. More and more, though, businesses are looking to deploy technologies and solutions that utilize biometric and biographic data for identity resolution within robust and flexible system architectures that connect and enable business processes for identity management purposes.

The following diagram from industry leader Aware, Inc. provides additional insight into the value proposition.


Aware’s Killer B systems help discover that Jessica Smith is in need of some investigation. With this type of technology, commercial businesses derive benefits that are traditionally associated with improved safety, security, and public well-being. The unique integration of identity resolution (with biometric data) and identity management (with biographic data and access administration) systems combine the benefits from each solution, while facilitating:

  1. Regulatory compliance
  2. Reduction in fraud costs
  3. Increases in productivity
  4. Improved security and accountability
  5. Overall business cost reductions

Also according to Frost & Sullivan’s “The Next Level of Identity Solutions”, the key challenges currently faced by end-users seeking identity solutions are driven by the need to uncover identity fraud and to better address security risks in order to reduce operational costs and improve service levels. Killer B systems are positioned to help solve these issues.

A Case Study in Workplace Safety Investigations

WorkPlaceSafetyThe Problem
A large, government-run workplace safety and worker’s compensation organization needed a solution to support in-house investigations using major case management (MCM) methodology. MCM is often used in major police investigations for cases involving deaths, abductions and other serious crimes. The need for an electronic case management software solution was fueled by the organization’s desire to make information management more efficient and effective, and to align to new MCM business models and practices. The goal was to ensure a consistent approach to all investigations, from initial case intake through completion to possible court disclosure, in both small and large complex cases.

Business Background

Within the Workplace Safety organization, there are two key departments responsible to promote the investigation services mandate:

1.  The Field Investigations Department investigates fraudulent activities that undermine the financial integrity of the organization and of the accident fund.

  • This department provides specialized investigation assistance for claims, prevention, assessments, mental health investigations, claims suppression and other functional areas.
  • Refers cases of fraud to Crown Counsel for criminal prosecution.
  • Supports development of fraud awareness and best practices for prevention.
  • Administers the Board’s surveillance program.
  • Conducts open source investigations using social media.

2.  The Fatal and Serious Injury Investigations Department investigates serious and fatal injury workplace accidents to:

  • Determine causation, underlying factors and identify contributing compliance issues.
  • Provide recommendations to industry to aid in the prevention of future injury.
  • Gather information to help monitor and analyze industry trends on workplace fatalities, serious injuries, and diseases.
  • Determine violations of the Workers’ Compensation Act and Occupational Health and Safety regulations and refer cases for prosecution or administrative penalties, when necessary.
  • Provide specialized investigative assistance to other areas of the organization.

Key Requirements for Investigative Case Management Software

The software needed to support MCM and meet the basic objectives of major case investigations such as documentation and preservation. With different evidentiary requirements for regulatory and prosecutorial cases, the system would have to provide functionality to transition these cases seamlessly. The solution would also enhance managerial accountability, proper delegation of responsibilities, efficient and effective use of resources, auditable and consistent standards, efficient disclosure and the use of current procedures in the seizure and preservation of evidence. The solution required scalability with functionality that supported both the Fatal and Serious Injury departments (FSI) and Field Investigations (FI) for investigations ranging in size and complexity. The software needed to:

  • Enable a ‘regulatory’ case to be transitioned into a prosecutorial case without having to create the latter from scratch.
  • Allow for organization, management and retrieval of information at any stage of the investigation.
  • Provide a repository for storage of information from various mediums.
  • Have sophisticated reporting capabilities that can analyze potentially large volumes of investigative data including multimedia files that could be collected during major investigations.
  • Support disclosure and reporting at any point in the investigation process including reports to prosecutors.
  • Include a security model that can manage at the role, functionality or document level.

The Solution

After a months-long search and thorough solution vetting process, the organization selected an investigation management solution that was offered as both a traditional enterprise deployment and as a hosted SaaS model. The client chose the latter model due to ease of implementation and faster ROI.

The software supported the customer’s investigation management process, from the capture of the initial incident report, through to the presentation of evidence in court. It provides a collaborative and secure environment in which to conduct a range of different investigation types.

With its streamlined interface, collaborative functionality and integrated intelligence capabilities, the software was highly suited to the organization’s complex investigation structure. Whether investigating incidents of crime or fraud, breaches of compliance, or performing open source research, it helped the client efficiently collect, process and organize investigative data.

The framework has been specifically designed with this in mind, ensuring each application deployment is configured to meet the customer’s exact needs: user roles, data entry forms, entity definitions and document workflows are all easily configurable. With a simple yet powerful workflow and built-in collaboration functionality, it was well suited to the wide variety of investigative scenarios undertaken by the client.


What is Major Case Management?

Posted by Douglas Wood, Editor.

Major Case Management (MCM) is an innovative approach to solving major case crimes and dealing with complex incidents. A major case is a real or suspected crime of such severity that it creates an intense public demand for identification, apprehension, and prosecution of the offender. Major cases also include those crimes which necessitate a substantial commitment of resources for a prolonged period of time or which require the application of complex investigative techniques.

Law Enforcement uses MCM methodologies and technology to investigate certain types of serious crimes – homicides, sexual assaults and abductions, for example. MCM combines specialized police training and investigation techniques with major case management computer software systems. The software manages the vast amounts of information involved in investigations of serious crimes.
It is especially useful in helping police identify common links in crimes committed in different locations – crimes that might have been committed by the same person.

All investigations need some kind of structure. The more serious and complex the investigation, the more rigorous that structure needs to be. The MCM model for conducting serious, complex investigations has been developed to provide a structure for major investigations. It was originally created by for use by law enforcement in homicide and sexual assault investigations. However, MCM is used by many other investigative agencies, including in anti-terrorism and air crash investigations. MCM techniques have also been used as part of non-criminal investigations, such as investigating an outbreak of Severe Acute Respiratory Syndrome (SARS).

Origins of Major Case Management

Many concepts of MCM have been in existence since the mid 1980’s when UK police introduced HOLMES (Home Office Large Major Enquiry System), and then subsequently HOLMES 2. Other large police services, including The Royal Canadian Mounted Police (RCMP), have also adopted methodologies that fit into the category.

In Ontario, Canada, however, MCM owes its existence to the case of Paul Bernardo.

Paul Kenneth Bernardo was suspected of more than a dozen brutal sexual assaults in Scarborough, Ontario, Canada. As his attacks grew in frequency they also grew in brutality, to the point of several murders. Then, just as police were closing in the attacks suddenly stopped.

That’s when Ontario law enforcement knew they had a problem. Because their suspect was not in jail, they knew he had either died, or fled to a location outside their jurisdiction to commit his crimes.

The events following Bernardo’s disappearance in Toronto and his eventual capture would ultimately lead to an intense 1995 enquiry into police practices throughout the Province of Ontario.  The enquiry, headed by the late Justice Archie Campbell, showed glaring weaknesses in investigation management and information sharing between police districts.

Campbell studied the court and police documents for four months and then produced a scathing report that documented systemic jurisdictional turf wars among the police services in Toronto and the surrounding regions investigating a string of nearly 20 brutal rapes in the Scarborough area of Toronto and the murders of two teenaged girls in the St. Catharines, Ontario area. He concluded that the investigation “was a mess from beginning to end.”

Campbell went on to conclude that there was an “astounding and dangerous lack of co-operation between police services” and a litany of errors, miscalculations and disputes. Among the Justice’s findings was a key recommendation that a major case management system was needed to:

  1. Record, organize, manage, analyze and follow up all investigative data
  2. Ensure all relevant information sources are applied to the investigation
  3. Recognize at an early stage any linked or associated incidents
  4. “Trigger” alerts to users of commonalities between incidents
  5. Embody an investigative methodology incorporating standardized procedures

MCM is born

As a result of the Campbell report, MCM was born as a methodology for conducting major investigations. Ontario’s MCM software maximizes investigative efficiency, minimizes the chance of important evidence being missed and has an external person or group evaluate how the investigation is going.

MCM Components

Ontario’s MCM methodology is based on the following components, commonly referred to as The Command Triangle.

Within the triangle, three executive functions are responsible for conducting the investigation. In a non-complex investigation, a single officer may perform these functions. As the complexity of the investigation increases, one or more law enforcement officials will perform these functions.


  1. Senior Investigating Officer: He or she is responsible for the broad strategic direction of the investigation.
  2. Primary Investigator: He or she runs the investigation at the tactical level, providing day-to-day coordination, guidance and control for everyone else involved in the fact-finding process.
  3. File Coordinator: He or she coordinates the vast amounts of documentation gathered and generated during a major investigation.

Major case management is a complex investigative activity because it involves the command of team members in a pressure-filled environment. Within the uncertain investigative environment, case managers must ensure that their responsibilities are carried out efficiently and effectively. For instance, they must ensure that all necessary investigative information is collected; the roles and responsibilities of the investigative team are clearly defined; the resources required for completing tasks are available; ethical investigative standards are upheld; and, that the investigative team can quickly adapt to changing situations.


Law Enforcement agencies may sometimes collaborate with other agencies to conduct investigations. That requires coordination and cooperation. MCM is helping in these situations. It is targeted at working collaboratively with outside agencies to progress the investigation. One important aspect of the MCM model is that linked investigations involving one or more jurisdictions or agencies must be under a unified command and control. That avoids duplication of effort and helps to coordinate information gathered in one case that might be vital to another linked investigation.

Major Case Management Software

At the technology core of MCM is the advanced, purpose-built software which processes the vast amounts of information arising in a major case. It is invaluable in organizing, retrieving and analyzing large volumes of investigative data. MCM software assists the Senior Investigating Officer to manage a major investigation including resource deployment, and assists police services in ensuring that major case investigations are focused, methodically controlled and audited throughout the investigative life cycle.

Swoop ‘n Squat, Army strong, and major case management: This week’s Crime Technology headlines:

Posted by Douglas Wood, Editor.Newspaper

Swoop and Squat…

Army strong analytics…

Investigative Case Management…

WorksafeBC introduces new Major Case Management (MCM) protocols…