OSINT plays a large role in closing criminal investigations, but it’s still underutilized in law enforcement. We look at key challenges and ways to overcome them.
Despite the abundance of open-source information available, law enforcement agencies are still slow to adopt open-source intelligence (OSINT). While there are occasional bombshell reports of murders solved by fitness app geolocation like Strava or the trove of evidence posted on social media by January 6 Capitol rioters, OSINT is still regarded as the less-disciplined, wildcard resource in many agencies.
But perceptions aside, there are several logistical reasons for the use of OSINT in law enforcement investigations. Identifying these roadblocks is the first step in overcoming them and harnessing the power of publicly available information (PAI) to solve crimes.
With some helpful tips derived from our past NeedleStack episode about the constraints and legalities of OSINT, investigators can find resourceful ways to combat these obstacles.
1. Resource constraints hinder full embrace of OSINT
OSINT is a crucial tool for law enforcement, providing access to a wealth of publicly available data. However, its full potential is often hindered by resource constraints. The sheer volume of information can overwhelm departments limited by budgets and manpower.
But the value of OSINT to law enforcement is undeniable. So it’s important to employ cost-effective ways to make use of OSINT, especially when weighing the cost of tools against man hours.
- Take advantage of the many resources and tools available to improve your skills and fast-track your research, from OSINT training programs for law enforcement, to data aggregators, image and video analysis tools, social media search tools and more
- Use a purpose-built research platform to provide quick access to secure, anonymous browsing environment, with built-in tools and third-party SaaS apps in a central location, and easy pivoting from the surface to dark web
- Automate targeted collections or multi-site search workflows to recoup staff time and allow investigators to focus on analysis and verification rather than simply obtaining open-source information
Law enforcement and legal expert Richard Denholm sits down with NeedleStack to discuss the OSINT challenges faced by law enforcement, including varying OSINT expertise and specialized tool cost vs. man power.
2. Balancing privacy and OSINT investigations
Navigating the intersection of OSINT and privacy in law enforcement is a complex endeavor. Social media, an important category of OSINT (called “SOCMINT”), has blurred the lines between public and private information.
Legally, information shared on social media is considered publicly accessible, with individuals responsible for safeguarding their privacy. However, law enforcement officials prioritize individual privacy and constitutional rights, adding a layer of intricacy to OSINT operations.
Law enforcement investigators have a duty to uphold the first and fourth amendment rights of individuals during investigations. State and local laws governing open-source information collection also must be considered (even federal agents are bound by state laws while working within specific regions); these laws can vary widely and sometimes even conflict with one another. Investigators must be well-versed in the legal landscape of their operating jurisdiction, ensuring compliance with both federal and regional regulations.
Tips for social media investigations for law enforcement
- Effective SOCMINT extends beyond mainstream platforms like Facebook and Twitter. Exploring the broader landscape of social media, including fringe networks with less stringent content moderation, can yield valuable insights and evidence for law enforcement investigations.
- Exercise caution when delving into social media sites that require user logins — such actions can inadvertently reveal investigators’ presence to the target, potentially compromising the operation’s integrity.
- Take advantage of numerous native and third-party tools available to streamline social media searches and extract pertinent information.
- Once a username is identified, leveraging tools like WhatsMyName.app can unveil associated usernames, opening doors to additional evidence and leads.
3. Finding analysts to transform information into intelligence
Information is not intelligence. OSINT is about taking raw data that anyone can access and turning it into actionable insights for a specific mission. The crucial distinction lies in the skilled analyst who can contextualize this information, verifying its accuracy, and debunking false leads. While finding qualified OSINT analysts can be a hurdle, the solution lies in training your existing staff. Training programs can bridge the knowledge gap by:
- Educating officers about the value of open-source information, making them aware of its potential benefits
- Covering the legal and policy restrictions surrounding information collection to ensure compliance and ethical conduct
- Addressing cybersecurity considerations, equipping investigators with the tools to protect themselves during online research
- Teaching tradecraft best practices to maintain anonymity, a crucial aspect when operating in sensitive online environments
Both IACIS and the SANS Institute have great OSINT training programs geared toward law enforcement.
Identifying relevant sources of open-source information is only the initial step in the OSINT process. Knowing how to handle collected data is also an important skill for law enforcement investigators. Collecting data online has similar restrictions and handling requirements, just as any physical evidence does.
Once data is collected, it must be securely stored, adhering to legal regulations like the Freedom of Information Act (FOIA) and Sunshine laws. Storing evidence on a secure, purpose-built platform not only ensures compliance but also makes activities audit-compliant.
4. Staying stealthy in online research
In all of OSINT, but particularly in law enforcement, it’s critical to remain undercover. But when conducting investigations online, standard browsers are built to track you and convey details of your digital fingerprint to websites you visit — and potentially the target of your investigation.
If an adversary can identify your digital fingerprint, you could be:
- Blocked from accessing relevant websites to your investigation or presented manipulated information
- Targeted personally or find your agency targeted either via digital or real-world means
- Infected with malware such as ransomware, keyloggers or other spyware
Managed attribution platforms allow you to blend in with the crowd on sites you visit and avoid arousing suspicion with investigative targets. In addition to preventing past browsing behavior from influencing web searches in your investigation, managed attribution gives you full control over your digital fingerprint, allowing to alter your geographic location, device type, browser type, operating system, language settings and more.
By using managed attribution platforms like Silo for Research, law enforcement officers can fully embrace the advantages OSINT can bring to their investigations. Along with a combination of training, tool-savvy and legal awareness, agencies can overcome the roadblocks mentioned in this post and improve the efficiency and quality of their case work.
Tags Anonymous research Law enforcement Social media