March 14, 2014

Jonas Olsson, Graz
Jonas Olsson, Graz
In an ironically big brother-like appearance on two massive video screens, Edward Snowden spoke to thousands of attendees of South by Southwest Interactive, the technology conference in Austin, Texas, on March 10.

Snowden’s 2013 release of huge amounts of classified information – and well-timed events such as this conference – have made it nearly impossible to avoid the ongoing media and public scrutiny directed toward the National Security Agency (NSA).

This secretive government intelligence organization, created during the Cold War, is tasked with collecting and analyzing data to protect the U.S. and its interests. After 9/11, the NSA focus shifted to counterterrorism efforts, which set new strategies in motion — involving tactics that, deservedly, raised privacy and constitutional alarms.

One of the NSA’s outed surveillance tools, as confirmed last year by Der Spiegel, is Tracfin, a financial database created to monitor transactional activity across international banks and credit card companies.

Given the current landscape, the fact that a database such as Tracfin exists doesn’t surprise me. The NSA acknowledges, and I agree, that financing is the Achilles heel for terrorist organizations. Because many terrorist transactions exhibit flag-raising patterns, one of the best ways to preemptively stop an attack is to monitor funds changing hands. What does surprise me about Tracfin, though, is how it doesn’t appear to be doing a very good job at it.

Aside from questions of constitutionality, data abuse and how the NSA has gone too far, I’d like to consider Tracfin’s efficacy from the perspective as a data professional. Admittedly, our knowledge of Tracfin is limited. But based on what we do know, just how good is this database at using financial intelligence to prevent terror attacks? To me, it falls short in three big ways.

1. It’s not collecting enough data to be an effective antiterrorism tool. Tracfin has existed since at least 2006 but had only collected 180 million records as of 2011. Considering the Society for Worldwide Interbank Financial Telecommunication (SWIFT) produces 15 million records per day — with VISA and MasterCard producing far more — that number is terribly low.

In order to connect (and evaluate) the dots to take preventive action, the dots must be there in the first place. For instance, terrorists financed the 9/11 attacks with just $500,000, some of which was transferred from abroad in amounts as small as $5,000. Under Tracfin’s current narrow focus, these paltry totals wouldn’t make the data cut. The more data you have, the better you can evaluate new data.

2. It’s the wrong data. To find the proverbial needle, the NSA needs to take a look at the entire haystack, not just a small portion. According to the Der Spiegel report, 84 percent of Tracfin data is from card transactions, yet only 30 percent of the 9/11 attacks were funded by debit or credit cards. The remaining funds came from international wire transfers (40 percent) and physical transportation of cash or traveler’s checks (30 percent).

If the 9/11 financing methods are any indication, then including data from international wire transfers is an absolute necessity to improve algorithmic and analytic capabilities.

3. There’s no data enrichment. From what we know about Tracfin, there doesn’t appear to be any metadata or static data enriching raw information, something that could mean the difference between a suspicious transaction rising to the surface or falling through the cracks.

For example, several 9/11 terrorists opened private U.S. bank accounts and quickly began to funnel large funds from abroad into them. While opening a new account is not suspicious, that in combination with immediate international transfers is.

In a properly designed system, these two data points could be cross-referenced to better hone in on terror-like patterns. Tracfin, however, doesn’t appear to be creating these second data points — in this case, when the account opened. Again, you can’t connect dots that you don’t have.

What should the NSA be doing? The NSA clearly needs to gather records from more — and more relevant — sources, while also enriching raw data whenever possible. No amount of predictive analytics will fill the large data gaps that Tracfin seems to have. This lack of enrichment also leads me to believe that the NSA has not built any domain knowledge into Tracfin. For a database tasked with financial monitoring, such industry-specific insight is essential to achieving sophisticated analysis.

Additionally, the NSA should follow a “load first, model later” approach that would allow Tracfin to store semi-structured data and support nimble integration, and facilitate the contextual transformation of raw data. In turn, this would help optimize data for different analytical use cases.

I am very much a proponent of privacy, but monitoring financial transactions originating from abroad is something an intelligence agency must do. Not doing so represents a major blind spot in U.S. counterterrorism efforts, through the underutilization of an effective tool for detecting terror acts in their planning stages. So shouldn’t the public demand that the NSA does a better job of this? Since financing is one of the biggest vulnerabilities for terror organizations, improving the ability to gather and analyze financial data is an investment that will benefit us all.

Maybe there is more to Tracfin than has thus far met the public eye. Perhaps there are completely separate databases performing the functions I prescribe. Whatever the case, I believe all of Tracfin’s apparent shortcomings suggest there’s a bigger story — one that’s soon to come.

Jonas Olsson is the CEO and founder of Graz, a provider of data warehouse and business intelligence software built specifically for the needs of investment managers, insurers and banks worldwide.