fbpx

Leveraging Technology in Security Clearance Reform

Reforming the Security Clearance Process and Modernizing the Trusted Workforce for the 21st Century

On April 24, 2019, President Trump signed the Executive Order on Transferring Responsibility for Background Investigations to the Department of Defense,[1] noting that the Secretary of Defense “shall design, develop, deploy, operate, secure, defend, and continuously update and modernize, as necessary, information technology systems that support all personnel vetting processes….” 

The Administration has called the clearance process a target for government reform,[2] noting in 2018 that “background investigations are critical to enabling national security missions and ensuring public trust in the workforce across the Government.”

The Administration’s efforts are part of an ongoing focus on reforming the clearance process, and reducing the existing backlog.  That backlog peaked to 725,000 in 2018,[3]  with some Americans waiting more than 500 days[4] just to start their first day at work. 

In addition to the Executive Order, Senator Mark Warner (D-VA), re-introduced his legislation, The Modernizing the Trusted Workforce for the 21st Century Act (S.314)[5] in February 2019.  It outlines a plan that would constitute the largest overhaul of the security clearance process since its creation in 1947. The bill outlines specific and ambitious targets to not only reduce the approximate backlog of investigations, but also significantly reduce the length of investigations.

S.314 requires a plan to reduce the investigative backlog to 200,000 by the end of 2020,[6] reduce issuance of secret level clearance to thirty days or fewer, and issuance of top secret level within 90 days.[7]

Additionally S.314 would establish a “clearance in person” concept, which would enable clearances to follow an individual who changed agencies through “reciprocally recognized” clearances.[8]

According to the legislation, reciprocity of security clearances at the same level should be recognized in two weeks or fewer.[9] To achieve this goal and those previously stated, the bill calls for monitoring tools that look at an individual’s risk profile on a dynamic ongoing basis.[10]

The legislation allows individuals who once held a clearance to have continued access to classified information (CI) with a lapsed clearance for up to three years if they voluntarily enroll in a continuous evaluation (CE) program. While the previous duration was two years, an additional year would significantly increase the amount of people in continuous evaluation programs.

Hence, leveraging technology to achieve the goals stipulated in S.314 is an absolute necessity. A security clearance process that was initially developed nearly 50 years ago is anachronistic in a time when individuals are often better known by members of digital communities than their physical neighborhoods.

While investigators often refrain from interviewing neighbors who have never interacted with their person of interest (POI), individuals interacting with the POI online remain largely untapped. Furthermore, while interviews and record collection provides static data on an individual’s behavior, continuous collection and analysis of online data enables deeper insight into emerging behaviors.

AI and machine learning technologies provide a compelling solution set for detecting and analyzing emergent behavioral data, and insider threat risk.  It can provide investigators with near real time information, allowing them to prioritize investigations and allocate investigatory resources. This paper will outline the critical need to leverage these technological approaches in developing a 21st Century security clearance process.  


Radiance

The shift from a clearance process bogged down by periodic re-investigations to a system of continuous evaluation will require automation and the ability to ingest, filter, and prioritize massive amounts of data from the open web.

Lumina’s Radiance system is an AI-driven risk analysis SaaS platform that is easily and rapidly deployed and can revolutionize the security clearance screening process through machine-learning automation. Radiance has two components, Open Source Intelligence (OS-INT) and Internet Intelligence, (NET-INT). 

The Radiance OS-INT component provides continuous deep-web extraction, ingesting data containing names of persons, entities, or screen names from public sources executing over 324,000 queries for each name across all the major search engines and cross-referencing over 1,000,000 queries into Lumina’s proprietary databases of risk. The data is cleaned and prioritized by behavioral risk profiles (BRPs) that are configured against selectors for the Adjudicative Guidelines for Determining Security Clearance Eligibility. OS-INT returns prioritizes and actionable results in an average of 4-5 minutes. Similar results would take an individual running a manual web query more than 18 years to read and analyze.[11]

Radiance’s NET-INT component identifies, catalogues, and monitors the research behavior of Internet protocol (IP) addresses exhibiting anomalous behavior across the globe. The platform collects and stores more than a million interactions every day and since its inception has recorded more than 623,000 IP addresses engaged with threat-related risk topics. Behavioral dimensions are configured to capture content relevant to client selectors provide pattern of life data through near real time behavioral analysis. 


Radiance OS-INT

Radiance OS-INT is a scalable proprietary platform that is designed to overcome the challenges of massive data ingestion and processing unstructured data. Leveraging advanced machine intelligence, Radiance OS-INT enhances the speed and efficiency of source assessment and risk identification by identifying key words or sources associated with the client’s stipulated topic areas.

OS-INT uses data mining, artificial intelligence, and machine learning to gather intelligence across the entire Internet for all documents containing a given input, or key word(s). Key word(s) can be the name of an individual or entity as well as a social media handle, username, email address, location, or other keyword the user chooses.

Unlike social media monitoring, OS-INT is not reliant on a single platform or social media API, allowing for continuous ingestion of all open source data. OS-INT utilizes continuous deep-web extraction to ingest data from public sources. The volumes of publicly available electronic information (PAEI) are cleaned and prioritized, yielding relevant insights into high-risk individuals, entities, events, or sources by aggregating all the data scattered across the Internet and measuring it against configurable BRPs. BRPs are the text classification component of Radiance OS-INT, identifying a document in relation to a given topic area.


Behavioral Risk Profiles

A major obstacle to OS-INT SaaS solutions is noise, the inability to coalesce the massive amount of data to a consumable amount to inform a human analyst or investigator.

The adjudicative decision is a human decision and always should be. Hence data distillation, filtering the massive data trove to present only truly actionable intelligence is imperative. Radiance BRPs filter data into truly actionable intelligence needed to make informed decisions regarding a subject’s suitability for positions with access to national security information.

Radiance BRPs drastically outperform existing Natural Language Processing approaches to identify behavioral affinities in unstructured data. The technology performed at a 93.1 percent accuracy level on unstructured, lower-case or messy documents such as HTML, JSON or any file type compared to 0 percent for Stanford Named Entity Recognizer and other popular open-source named entity recognition software.

BRPs are proprietary and configurable data filters that capture online content associated with areas of risk or interest, such as the 13 Adjudicative Guidelines. Each BRP is a collection of selectors – terms, phrases and expressions – that are representative of the specific area of risk or interest. Keywords, including names of individuals, entities, usernames, social media handles, locations, etc., can be run through Radiance OS-INT and filtered (via text correlation) by BRPs. BRPs can be configured to the DDS’s  selector criteria to identify sources in relation to various topics.

As mentioned above, BRPs are the topic areas of interest. BRPs are created either through subject matter expertise accompanied by extensive research or by leveraging supervised machine learning. The latter process utilizes a genetic algorithm for BRP creation as described below (Figure 1):

  • Search and ingest every webpage and document on the entire Internet (or a desired part of the Internet) related to the chosen risk profile or topic of interest, such as each of the Adjudicative Guidelines.
  • Tag content relevant to each of the 13 Adjudicative Guidelines and divide it into testing and training data sets.
  • The training data teaches the algorithm to identify relevant content and the testing data provides an evaluation of a final model fit on the training data.
  • This is an automated, continuous, “evolutionary” process that enhances the algorithm’s accuracy over time.
Figure 1.

The BRPs generated are fully “human readable” and therefore are also auditable. Because of this it is possible for subject matter experts to read and audit BRPs if desired.

Current BRPS include the 13 Adjudicative Guidelines: Foreign Influence, Foreign Preference, Sexual behavior, personal conduct, financial considerations, alcohol consumption, drug involvement, psychological conditions, criminal conduct, handling protected information, outside activities, and use of Information Technology systems. Other use case BRPs also include information about drug misuse, financial crime and Know Your Customer (KYC), school shooting threats, suicide, workplace violence, and bribery and corruption.

Security Executive Agent Directive (SEAD) 5 of the Adjudicative Guidelines stipulates that only open source data, not data protected by passwords, private accounts, or otherwise accessible non-publically available data, is permissible for decision making.[12]

The configuration of BRPs ensures that collection of such information adheres to SEAD 5 guidelines by only collecting publicly available information, within the scope of the investigation and does not use account creation or digital interaction with POIs,

Critically, this advanced SaaS platform can scrape the entire Internet not just social media. This capability contributes to the requirement that social media data be substantiated with other sources.

Social media data can often be dismissed due to lack of substantiation, but the Radiance platform can link social media data to corroborating data sources outright by connecting screen names to Personally Identifiable information (PII), or inform traditional investigatory processes for incorporation into adjudicative decision making.

Current AI and machine learning technologies have the ability to make SEAD 5, which has largely been aspirational, actionable. This is critical to modernizing the security clearance process to fit the realities of current information age.  


Radiance NET-INT Overview

Most online activity is a user’s consumption of data. The amount of activity online which is commenting (reacting to original content), or generating original content is dwarfed by consumption of information online. What someone consumes online is a much stronger indicator of their behavior than their comments or writing that they know are exposed to open observation and evaluation.

A CE system that incorporates monitoring of POIs’ Internet research behavior has the ability to predict emergent behavior that can be indicative of violation of the adjudicative guidelines.

Radiance NET-INT is a one-of-a-kind, scalable, proprietary, fully deployed and operational platform that identifies IP addresses accessing content of interest to the client. The system catalogues and monitors the research behavior of the IP addresses.

Designed to overcome the challenges of massive data ingestion and of processing unstructured data, NET-INT monitors behavior across pre-categorized behavioral dimensions that can be customized to the client’s selectors and chained together to achieve sufficient topical coverage.

Currently, there are 43 pre-categorized behavioral dimensions, ranging from attack planning and cyber tactics, to radicalization and insider threat behavior. NET-INT may be configured to add behavioral dimensions directly related to the 13 Adjudicative Guidelines.

NET-INT identifies geographic areas where anomalous online behavior is originating. For IP addresses that can be linked to an individual or an organization, NET-INT can provide real-time insight on what said individual or institution is researching and, thus, what data streams are informing their actions. This can be a critical piece in supporting the decision-making process pertaining to security clearance evaluation.

NET-INT uses the massive amounts of data ingested to catalogue, index, and redeploy Internet content that comprises topics pertinent to the clients’ topics of interest. This collection of documents is updated, expanded, and redeployed through a machine learning process, expanding depth and breadth of coverage. NET-INT captures the pattern of life data of an IP address to identify and categorize the topical coverage of its online research activity. Anomalous behavior is prioritized for the analysis by statistical modeling that can be configured to prioritize key indicators selected by the clients. NET-INT captures a user’s IP address when the user clicks on the deployed content to access the associated web page, and aggregates these hits for each IP address. The platform presents the IP address, URL click (both live page and cashed), click dates, click times, approximate geo-location, and whether the captured IP address is associate with known VPS, Tor nodes, or other anonymizing techniques.

Figure 2.

In delivering the scenarios shown in Figure 2, Lumina deploys the following additional proprietary and unique IP:

  • Proprietary AI in the form of Unsupervised Machine Learning for Risk Detection;
  • Advanced Proprietary Algorithm in the form of Distributed Injection of Internet Content; and
  • Proprietary Data Sets in the form of the NET-INT Sampling of Internet Behavior.

NET-INT screens all IP addresses that touch an organization’s online infrastructure, such as an IP address from a user submitting a Form SF-86 online, against all IP addresses displaying anomalous behavior collected over the lifespan of the system.

A screening match exists when one of the IP addresses associated with an organization’s online infrastructure, or IP address associated with an entity or person of interest, is also present in the NET-INT database of at-risk IP addresses. Matches are prioritized based on behavioral driven risk scoring.


Conclusion

Artificial intelligence and machine learning will play a critical role in ending the security clearance backlog, reducing the amount of time required for an investigation and allowing for continuous, dynamic evaluation rather than periodic review. 

The Radiance platform can help achieve these goals. It ingests, filters, and prioritizes massive amounts of data from the open web, providing investigators with near real time information, allowing them to prioritize investigations and allocate investigatory resources.

Radiance’s Open Source Intelligence (OS-INT) component provides continuous deep-web extraction, ingesting data containing names of persons, entities, or screennames from public sources executing over 324,000 queries for each name across all the major search engines and cross-referencing over 1,000,000 queries into Lumina’s proprietary databases of risk. The data is cleaned and prioritized by BRPs that are configured against selectors for the Adjudicative Guidelines for Determining Security Clearance Eligibility. OS-INT returns prioritizes and actionable results in an average of 4-5 minutes. Similar results would take an individual running a manual web query more than 18 years to read and analyze.

Radiance’s Internet Intelligence (NET-INT) component identifies, catalogues, and monitors the research behavior of Internet protocol (IP) addresses exhibiting anomalous behavior across the globe. The platform collects and stores more than a million interactions every day and since its inception has recorded more than 623,000 IP addresses engaged with threat-related risk topics. Behavioral dimensions are configured to capture content relevant to client selectors provide pattern of life data through near real time behavioral analysis. 

Radiance and its AI and machine-learning capabilities can revolutionize the security clearance screening process, creating a 21st century system to ensure a trusted federal workforce.


[1] Executive Order on Transferring Responsibility for Background Investigations to the Department of Defense, April 24, 2019 https://www.whitehouse.gov/presidential-actions/executive-order-transferring-responsibility-background-investigations-department-defense/

[2] Delivering Government Solutions in the 21st Century, Reform Plan and Reorganization Recommendations, Executive Office of the President, June 2018 https://www.performance.gov/GovReform/Reform-and-Reorg-Plan-Final.pdf

[3] Aaron Boyd, “The Security Clearance Process Is About to Get Its Biggest Overhaul in 50 Years,” Nextgov, February 28, 2019, https://www.nextgov.com/cio-briefing/2019/02/security-clearance-process-about-get-its-biggest-overhaul-50-years/155229/.

[4]Erica Fanning, “Four Steps to Fix the Security Clearance Backlog,” Defense One, December 11, 2018, https://www.defenseone.com/ideas/2018/12/four-steps-fix-security-clearance-backlog/153445/.

[5] Sen. Mark Warner, “Modernizing the Trusted Workforce for the 21st Century Act of 2019,” Pub. L. No. 3.314 (2019), https://www.congress.gov/bill/116th-congress/senate-bill/314/text?format=txt.

[6] Sen. Mark Warner, “Modernizing the Trusted Workforce for the 21st Century Act of 2019,” § 3.

[7] Sen. Mark Warner, “Modernizing the Trusted Workforce for the 21st Century Act of 2019,” § 5.

[8] Sen. Mark Warner, Modernizing the Trusted Workforce for the 21st Century Act of 2019, § 8.

[9] Ibid.

[10] Erica Fanning, “Four Steps to Fix the Security Clearance Backlog.”

[11] Note: This analysis is based on average first page of a Google search engine results page containing approximately 1,890 words and average person reading 200-250 words a minute. 

[12]“Security Executive Agent Directive 5,” May 5, 2016, https://www.dni.gov/files/documents/Newsroom/Press%20Releases/SEAD5-12May2016.pdf.


Technology’s Impact on National Security

Introduction

Homegrown radical terrorism and mass casualty events such as active shooter incidents in public spaces and schools remain real, prevalent threats to national security, to the security of private entities and their employees, to the economy, and to the values of a democratic society. There have been over 30 successful or attempted radical Islamist terror attacks on U.S. soil since 2009, in addition to multiple terrorist incidents stemming from other ideological motivations. There have also been dozens of mass shootings and school shootings during that same period. These types of incidents have cost hundreds of Americans their lives just in the past year.

Being able to respond to attacks is not enough. Instead, we can best protect ourselves by proactively detecting and preventing these threats from being realized, integrating cutting edge technology into our efforts. Individuals looking to commit terrorist attacks or other acts of violence do not operate in isolation – they leave indicators in their discussions, their behaviors, and their online activities. Using technology to identify these indicators and find these individuals before they can commit heinous acts is of the utmost importance for ensuring the security of our society and of private entities that may be at risk.

PART ONE: 
Detecting Online Radicalization

Since 9/11, America has experienced a shift in the type of threat posed by radical Islamist terrorism to the homeland. While the country’s major concern was once highly coordinated terrorist plots emanating from and directed by terrorist groups abroad, recent events, such as the Boston Marathon Bombing and the Orlando and San Bernardino shootings, have proven that homegrown terrorism and attacks carried out by single individuals or small groups are the more pressing concern. The Internet and social media have enabled terrorist groups like ISIS to reach and radicalize individuals and direct or inspire attacks around the globe, including in America. As a result, we need better methods to detect online radicalization of potential homegrown terrorists in order to prevent further attacks.

As of 2015, the FBI had 900 active investigations into homegrown violent extremists in all 50 states. Additionally, over 250 Americans have tried or succeeded at travelling to Syria to join the conflict there. 4 28 States and the District of Columbia have brought ISIS-related charges against individuals, and since the first arrests in 2014, 157 individuals have been charged in the U.S. for ISIS-related offenses. 5 Yet perhaps the most important statistic is that the majority of people charged in the U.S. for ISIS-related offenses are U.S. citizens or permanent residents.  These individuals were mainly radicalized in America through terrorist groups’ adept use of the Internet and social media. Terrorist groups create online communities and propaganda that exploit and legitimize the grievances of isolated or angry individuals with radical leanings and push them towards full-fledged radicalization. Many of these individuals are searching for a purpose or for a way to avenge what they see as discrimination against or attacks on their community, religion, or homeland.  Terrorist groups are therefore quick to offer belonging, purpose, status, recognition, and a chance for revenge to those who join their ranks. 9

The majority of people charged in the U.S. for ISIS-related offenses are U.S. citizens or permanent residents.

Before the Internet age, terrorist groups used recruiters who physically travelled to find individuals sympathetic to their cause. However, they are now able to recruit and radicalize online through widespread dissemination of their propaganda and through a plethora of online extremist discussion forums where they target vulnerable individuals in the West. These individuals are mainly first or second-generation Muslims living in non-Muslim majority countries who may feel disconnected from both their cultural and current homelands. 10 The terrorist recruiters push an “us” versus “them” ideology that further isolates these susceptible individuals from their communities, and both the recruiters and other participants in online extremist discussion forums rationalize the use of violence by capitalizing on the grievances these individuals feel against their Western home, often due to experienced discrimination or opposition to U.S. foreign policy in the Middle East. 11

In the past, after becoming radicalized, individuals plotting terror attacks often met in person to plan, which helped law enforcement track their communications and meetings. Some also traveled abroad to receive training in the Middle East, which allowed the intelligence community to follow their movements and connections with foreign terrorist groups. However, the advent of encrypted communication technology, such as Telegram, and prevalent use of social media has enabled terrorists to conduct their communication, planning, and attack training online in mediums largely untraceable by law enforcement. Due to the changes in the threat posed by radical Islamist terrorism and in the process of radicalization, the key venue for identifying radicalized individuals who are planning to strike the U.S. is now online. As the terrorists shift to this platform, so must efforts to prevent terrorist attacks.

PART TWO: 
Clues to Far-Right Extremist Behavior

In addition to radical Islamist terrorism, right-wing terrorism remains a prevalent security threat in the U.S. From 9/11 through 2014, far-right extremists killed over twice as many people in the U.S. as radical Islamist extremists. Right-wing extremism not only poses a threat to civilians, but also to law enforcement as at least 57 officers have been killed in right-wing attacks since 1990. 14 The number of terrorist attacks in the U.S. attributed to right-wing extremism rather than to other ideological motivations has increased from 6% of total attacks in 2010 to 35% in 2016. Incidents in recent years include the Emanuel African Methodist Episcopal Church shooting in Charleston, South Carolina that killed nine people, the Sikh temple attack in Wisconsin that killed six, and the killing of Heather Heyer during the Charlottesville rallies in Virginia. These attacks remind us that the threat of right-wing terrorism remains prevalent and must be taken as seriously as that of radical Islamist terrorism. And just like Islamist radicalization, right-wing radicalization has also moved to the Internet where individuals can become radicalized without attending group meetings or interacting in-person with other right-wing extremists in scenarios that are easier to monitor. Susceptible individuals can access discussion forums and a plethora of material about right-wing beliefs from their bedrooms.

The number of terrorist attacks in the U.S. attributed to right-wing extremism rather than to other ideological motivations has increased from 6% of total attacks in 2010 to 35% in 2016.

Both Keith Luke and Dylann Roof were radicalized online prior to their shooting sprees that targeted ethnic and religious minorities including African Americans and Jews. Widespread use of the Internet and social media means that this threat will persist. 17 One study on right-wing terrorism in America found that “right-wing terror incidents occur consistently because the movements from which they emanate are mature extremist movements with deep-seated roots. The Internet has made it easier for extremists to meet each other (and thus engage in plots), as well as to self-radicalize and become lone wolf offenders.”18 But like potential radical Islamist terrorists, potential right-wing terrorists leave clues about their radicalization and intentions in their online behaviors and discussions. The enhanced role of the Internet in radicalization and attack planning for both right-wing and radical Islamist terrorism emphasizes the necessity for technological innovation to combat these threats. Older methods of detecting and monitoring terrorist threats are no longer sufficient – the people looking to cause harm can be intelligent, cunning, and cautious. As the nature of these threat changes, so must our approach to fighting it. Only the use of threat-targeted technology will enable us to maintain public safety in this digital age.

PART THREE: 
Predicting Mass Casualty Events

In addition to terror attacks, the U.S. has witnessed a recent surge in mass casualty events such as mass shootings and school shootings. From 1966 to 2015, there were 146 mass shootings across 40 states and Washington D.C., resulting in 1,048 deaths. There have been 55 mass shootings since 2007 and 11 in 2017 alone. Statistical evidence shows that the frequency of mass shootings is increasing. Since 2011, the rate of mass shootings in the U.S. has tripled to an average of at least one event every 64 days. Yet, in many cases, the shooters have no connection to their victims or to their target locations that could provide a clue to their intentions. Over 71% of active shooter situations in the U.S. from 2000 to 2013 occurred in publicly accessible spaces including businesses, malls, schools, health care facilities, and houses of worship. 23

Furthermore, victims of U.S. mass shootings are of every age, gender, race, and religion with no clear patterns. 24

This lack of generalized predictive information regarding who may commit these violent acts, where they may do so, and who they may target means that we must find new ways to detect and prevent mass casualty planning behavior. Schools are implementing active shooter safety drills and commercial facilities and organizations have new security measures and training to prepare for these scenarios. However, many of these mass casualty events occur in less than five minutes, meaning that training may not be enough to avoid fatalities. 25 Stopping these attacks before they occur is key to averting mass casualties. Yet, mass shootings can be extremely difficult to predict or prevent due to the individualized nature of each attack, the relative ease of access to firearms in the U.S., and the minimal planning required.

Therefore, we need new technological capabilities that can identify specific indicators of these threats before they actualize. For example, it has come to light since the Parkland school shooting that the shooter had previously posted comments on social media about carrying out a school shooting and that his social media accounts contained pictures of guns, ammunition, and other violent or concerning content. We must deploy technology that senses the Internet for these types of threats and language as these may be readily available clues to a shooter’s intentions prior to an attack. Furthermore, school shooters often conduct extensive research into prior school shootings and often try to emulate components of previous attacks based on this research. Such topical investigations can and should be monitored and correlated with other online behavioral patterns to identify individuals who demonstrate attack-planning behavior and thus pose high-risk threats, distinguished from people conducting general research. This activity can also identify the particular web signatures of users engaging in attack-planning behavior. As a result, only users truly engaging in extreme, outlier behavior will be identified, making threat identification a fact-based process rather than one that could be biased on prior knowledge of a suspect individual. Similarly, this type of sensing can detect threats posed by individuals who may not be on law enforcement’s radar.

As new technologies and weapons are developed and more information becomes accessible online, the potential severity of threats to our country and its citizens increases. We must similarly change the way we approach detecting and preventing these violent threats in order to adequately address the enhanced capabilities and methods of those seeking to do us harm.

Many of these mass casualty events occur in less than five minutes, meaning that training may not be enough to avoid fatalities.

Summary

In today’s world, there are far too many Westminster and Nice vehicular attacks, Orlando shootings, Brussels airport bombings, Las Vegas massacres, Sandy Hook, and Parkland school shootings that occupy our news cycle and the front of our minds. The individuals who carry out these devastating and heinous acts seek to undermine our way of life, our sense of security, our freedoms, and our belief in our government. They also become increasingly hard to detect as they are radicalized through social media and carry out attack planning in online forums or encrypted apps where they are not easily identified or monitored. The UK Home Office found that in 2017, ISIS followers published propaganda on 400 different platforms, including 145 new ones between July and December alone. 27These terrorists and other violent actors must be met head on by the best possible tactics and tools to detect and prevent such threats before they are carried out. Indeed, both the public and private sectors are embracing the power of technology in this realm, particularly related to artificial intelligence and machine learning. At Lumina Analytics, we’re using these tools to understand threat-specific behavioral patterns and predicatively identify threats to society and national security, as well as to private corporations, venues, and events.

How Artificial Intelligence Can Be Used to Predict Threats of Mass Violence in Public Spaces and Live Spaces

Introduction

We are deeply saddened but perhaps no longer shocked when we hear of yet another mass shooting in the United States. Perhaps one of the most frightening aspects is that they happen all over the country and in a wide variety of locations. This can make us feel that nowhere is safe. After a mass shooting, we are on alert when we go to public spaces such as entertainment events, sports stadiums, schools, malls, offices, shops and even hospitals. There is a lot of discussion about how to prevent another mass shooting, and then slowly our state of alert returns to normal until the next tragic incident. But to protect public facilities against mass shootings, we must be proactive. We must go beyond physical security and employ artificial intelligence and predictive analysis. Let’s look at where we are now and the most effective actions and technologies we can use to reduce risks.

To protect public facilities against mass shootings, we must be proactive. We must go beyond physical security and employ artificial intelligence and predictive analysis.

PART ONE: 
Mass Shootings Are on the Rise

There is no one, agreed-upon definition of “mass shooting”. H.R. 2076 (112th), the Investigative Assistance for Violent Crimes Act of 2012, defines “mass killing” as three or more killings in a single incident in a place of public use. The Gun Violence Archive defines “mass shooting” as “four or more shot or killed, not including the shooter”. Various reports and sources may impose their own definitions. Therefore, it’s necessary to understand exactly what a report is examining in order to understand analyses of mass shootings.

According to the Washington Post, there have been 154 shootings in which four or more people were killed by a lone shooter (two shooters in a few cases) in the time period from the tower shooting at the University of Texas on August 1, 1966, to the Capital Gazette shooting in Annapolis Maryland on June 28, 2018. This does not include gang shootings, robberies or shootings in the home.

Yet House Minority Leader Nancy Pelosi wrote a letter to House Speaker Paul Ryan in October 2017 stating there had been “273 mass shootings in 2017—one for each day of the year.” Pelosi used the definition of four or more people killed but did not subtract gang shootings, home invasion robberies or home violence. (When private homes are included in the definition of “mass shooting,” such shootings comprise 63%.)

The FBI uses yet another definition. It identifies an “active shooter” as “an individual actively engaged in killing or attempting to kill people in a confined and populated area.” The FBI tells us that mass shootings are on the rise and becoming more deadly.  According to the FBI, in 2017 alone there were 30 separate active mass shootings in the United States, the largest number ever recorded by the FBI during a one-year period. From 2000 to 2015, the number of incidents more than doubled from the first part of the period to the second. 

PART TWO: 
Profiling Mass Shooters

An FBI report analyzed 63 mass shooters over many years in an attempt to profile them. The FBI found some demographic attributes that shooters often hold in common, but unfortunately, they are not uniform enough on their own to readily identify shooters before they act. 

The FBI sample study of 63 shooters determined that mass shooters are 94% male. A look at the Mother Jones’ open-source databasereveals that of 95 mass shootings between 1982 and 2017, in only about 2% of cases, three in total were the shooters female.

  • According to the FBI study, 63% of mass shooters are white, but there have also been black, Asian, Hispanic and Native American shooters
  • Some think that mass shooters are mostly people with mental problems who snap and spray public places with gunfire. This is generally not the case. The FBI report determined that only 25% of active shooters had ever been diagnosed with a mental illness, and of the 63 shooters studied, only three had been diagnosed with a psychotic disorder
  •  In 64% of mass shootings, shooters specifically target at least one of the victims. In some cases, the target may be a group such as employees of a business rather than an individual. In other words, mass shootings are usually not random.
  • A history of domestic violence is common among many shooters.  According to Everytown for Gun Safety, in 54% of cases, the shooter targeted his girlfriend, wife or ex-wife. 
  • The FBI study found that shooters usually exhibit four or five observable “concerning behaviors” before an attack. Someone who knew the shooter noticed at least one of these behaviors in every case analyzed.  Behaviors are related to
    • Mental health
    • Interpersonal problems
    • Communication of violent intent
  • Half of adult shooters and nearly all of those who are teenagers tell someone about their plans in advance. But in most cases, people who see disturbing signs or are informed of the shooter’s plans do nothing at all or only talk to the shooter about it.  Most people don’t expect someone they know to be a potential mass murderer and may fear becoming personally involved.
  • In the FBI study, 79% of shooters were spurred by a grievance. Half of those 79 % were motivated by a specific precipitating event. Many people feel particularly threatened by dangers from without and worry about Islamic or other extremists. Though certainly extremists can be a threat, the FBI study shows that ideology or extremism only motivated an attack in 3% of cases. Compare that to the 33% of cases motivated by interpersonal action against the shooter.

Table 1. Primary Grievance

Profiling Mass Shooters Primary Grievance Table
  • Mass shooters typically plan in advance. 77% plan for a week, 46% for longer than a week and only 12% for less than a day. 
  •  In the year before they act, most active shooters experience multiple stressors, 3.6 on average.

PART THREE: 
Human Analysis Alone Is Not Enough to Predict Who Will Be a Mass Shooter

Although there are some trends among shooters, it is impossible to predict them from demographics alone. Mass shooters’ ages have ranged from 12 to over 70.   Table 2. Age of Shooter (N=63)

Age of Shooter Table Image

Shooters are predominantly male, but that’s half the population. They are usually white but not always. The main thing they have in common is that they exhibit concerning behaviors before the shootings, but these usually go unreported. It is up to the administrators of public venues to protect the public, but trying to determine who may become a mass shooter by demographics without more is ineffective.

PART FOUR: 
Mass Shootings Take Place Almost Anywhere

Mass shootings do not usually occur at random locations. For 73% of them, the shooter has some kind of connection to the site of the attack. For shooters under age 18, that site is usually their current or former school. When there are multiple victims, it may seem at a glance that the gunman shot randomly, but usually the shooter targets at least one specific victim. But grievances one individual has against another does not help us much in predicting a mass shooting without more information.

Do the locations of the shootings have anything in common? Outside of usually having some connection to the shooter, the answer is no. Martin Prosperity Institute analyzed demographic data of all kinds of communities across the country that have been the sites of mass shootings. The data was from Stanford University’s database Mass Shootings in America, which includes data on 307 mass shootings that occurred in 223 locations between 1971 and 2016. The definition used for “mass shooting” was three or more shooting victims but not necessarily fatalities. 76% of these shootings took place outside of schools and the rest were school shootings.

The upshot is that there was very little any of these sites had in common, though it is worth noting that only 10% of the mass shootings had taken place in “gun-free zones,” that is, areas where there is a prohibition against carrying guns and where there is usually no armed law enforcement personnel. Mass shootings have occurred in small towns and big cities. They have occurred in low and high-income areas, though they have occurred less in very poor and very rich areas. Some were in white communities and some were in racially mixed areas. Most of the shootings have occurred in middle-class areas with a mean income of $65,900, somewhat below the national average of $77,866.Table 3. Map of Locations and Fatalities

 Map of Mass Shooting Locations and Fatalities

PART FIVE: 
Deadly Mass Shootings Take Place in a Wide Array of Venues

It’s not possible to reduce the risk of being in a mass shooting by avoiding going to certain types of venues. They can happen in any public space. Here is a list of just some mass shootings. They can happen anywhere there are people and in any area of the country.

Entertainment Events and Venues

  • Mandalay Bay, October 1, 2017, Las Vegas – From the 32nd floor of the Mandalay Bay Resort and Casino, 64-year-old Stephen Paddock fired 1,100 rounds over 10 to 15 minutes on music lovers as they attended theHarvest Music Festival on the Las Vegas Strip, killing 58 and injuring almost 500 people. Paddock had carried at least 23 weapons to the room. 
  • Movie Theater, July 20, 2012, Aurora Colorado – 24-year-old James E. Holmes set off two devices then sprayed the theater with an AR-15 rifle and other weapons at a Batman film, killing 12 people. 
  • Pulse Nightclub, June 12, 2016, Orlando – 29-year-oldAmerican Omar Saddiqui Mateen killed at least 49 people and injured over 50 more when he opened fire at Pulse, a gay nightclub. The gunman had pledged allegiance to Isis.

Shopping Malls

  • Westroads Mall, December 5, 2007, Omaha, Nebraska – 19-year-old Robert Hawkins killed eight people and wounded four before killing himself.
  • Cascade Mall, September 23, 2016, Burlington, Washington – 20-year-old Arcan Cetin killed five people.

Churches

  • Texas Baptist Church, November 5, 2017, Sutherland Springs, Texas – 26-year-old Devin Patrick Kelley killed 25 people and an unborn child and injured 20 more people. 
  •  Emanuel African Methodist Episcopal Church, June 17, 2015, Charleston, South Carolina – 21-year-old Dylann Roof, shot and killed nine people in a racially motivated hate crime.  
  • Wat Promkunaram, a Buddhist temple, August 10, 1991, Waddell, Arizona – 17-year-old Jonathan Doody and 16-year-old Alessandro Garcia killed six monks, a nun, a mon-in-training, and a temple worker.

Restaurants

  • Luby’s Cafeteria, October 16, 1991, Killeen, Texas –  35-year-old George Hennard crashed his pickup truck through the plate-glass window, then shot and killed 23 people. 
  • McDonald’s, July 18, 1984, San Ysidro, California – 41-year-old James Huberty shot and killed 21 adults and children at a local McDonald’s and wounding 19 more people.

Offices, Work Gatherings, and Shops

  • 101 California Street Office Building, July 1, 1993, San Francisco, California –  55-year-old Gian Luigi Ferri shot and killed eight people, many in a law office where he had an old grievance regarding a real estate transaction, before killing himself. 
  • Standard Gravure Corporation, September 14, 1989 Louisville, Kentucky –  47-year-old Joseph Wesbecker shot and killed eight co-workers, injured 12 more and then killed himself. 
  • Salon Meritage, a hair salon, October 12, 2011, Seal Beach, California  – 41-year-old Scott Evans Dekraai killed eight people including his ex-wife. 
  • Miami Machine Shop, August 20, 1982, Miami, Florida – 51-year-old Carl Robert Brown, killed eight people in anger about a repair bill.          

Elementary Schools

  • Sandy Hook Elementary School, December 14, 2012, Newtown, Connecticut – 20-year-old Adam Lanza shot and killed 20 children and six adults at Sandy Hook Elementary School. Before shooting at the school, the gunman killed his mother.

Colleges and Universities

  • Virginia Tech, April 16, 2007, Blacksburg, Virginia – 23-year-old student Seung-Hui Cho shot and killed 32 people at Virginia Tech, injuring more. 
  • University of Texas, August 1, 1966, Austin, Texas – Before many of the now-famous mass shootings,University of Texas architectural student and former Marine-trained sniper Charles Joseph Whitman killed 18 and wounded at least 30 more people by shooting them from a tower. He killed both his wife and mother the same day before the tower shooting. 
  •  Umpqua Community College, October 1, 2015, Roseburg, Oregon – Christopher Sean HarperMercer shot and killed nine people and injured nine more. 

High Schools

  • Marjory Stoneman Douglas High School, February 14, 2018, Parkland, Florida – 19-year old Nikolas Cruz, a former student, killed at least 17 children and adults with a .223-caliber AR-15 rifle.
  • Columbine High School, April 20, 1999, Littleton, Colorado – 17-year-old Dylan Klebold and 18-year-old Eric Harris gunned down 12 students and a teacher. 
  • Santa Fe High School, May 18, 2018, Santa Fe, Texas – 17-year-old Dimitrios Pagourtzis, shot and killed eight students and two teachers.
  • Red Lake Senior High School, March 21, 2005, Red Lake, Minnesota – 16-year-old Jeff Weise shot and killed five students, a teacher, and a security officer at Red Lake Senior High School. Before going to the high school, Weise killed his grandfather and his grandfather’s companion at home. 

Organizations and Clubs

  •  American Civic Association, an immigrant community center, April 3, 2009, Binghamton, New York – 41-one-year old Jiverly Wong killed 13 people and injured four before killing himself.
  • Wah Mee Gambling and Social Club, February 18, 1983, Seattle, Washington – 20-year-old Benjamin Ng, 22-year-old Kwan Fai Mak and 26-year-old Wai-Chiu “Tony” Ng killed 13 people during a robbery.

Care Facilities

  • Nursing Home, March 29, 2009, Carthage, North Carolina – 45-year-old Robert Stewart shot and killed a nurse and seven elderly patients.

On the Street

  • 32nd Street, Camden New Jersey, September 5, 1949 – 28-year-old Howard Unruh, a veteran of World War II, shot and killed 13 people as he walked down the street.

PART SIX: 
So What Can We Do to Reduce Risks of Mass Shootings?

Demographics alone are of very limited help in predicting who is likely to become a mass shooter. Even when individuals exhibit concerning signs, they are not usually reported. There is also little to tie together the locations of mass shootings beyond the fact that they are usually familiar to the shooter. We know that if we are only reactive, mass shootings will continue to escalate.

Gun Control Will Be a Long Wait

Most mass shooters use legally obtained firearms. Gun control is always discussed after an incident, but due to resistance to gun control by powerful lobbies and political factions, we cannot depend on new laws to help reduce mass terror anytime soon. Americans make upabout 4.4 percent of the global population but own 42% of the world’s guns. From 1966 to 2012, 31% of the gunmen in mass shootings worldwide were American. Administrators of malls, entertainment facilities, sports stadiums, hospitals, schools, and other public facilities cannot afford to wait for legislation that may never come.

Physical Security Is a Starting Point

Certainly physical security plays a role in reducing mass shootings. Security personnel, bag searches, x-rays of bags, metal detectors, cameras and gunshot detection systems all play a role. So do increasing perimeter and access control, though these measures are unlikely to be enough to protect against homemade explosives and vehicular attacks. Access control also cannot protect against people who have a right to be in the location.

Though physical security is necessary, it is the last defense. In order to predict and stop mass shootings, we need to be much more proactive than waiting until the shooter arrives at the venue with their weapons. In this age of automatic assault rifles, we need predictive analysis aided by artificial intelligence systems to sift, sort and carefully select data and machine learning to improve results. Only then can we look to humans to verify the data and its context, because it is simply impossible for humans to examine all the necessary data without technological help. We need to do all we can to stop threats before they turn into deadly actions

PART SEVEN: 
Employing Predictive Analytics to Detect Threats

Artificial intelligence and machine learning can now perform predictive analysis capabilities that enable identification of individuals engaged in suspicious activities that point to various levels of violent attack threats. Today, facility administrators can use technology-based predictive security solutions to foretell mass shootings and other violent acts before they happen and before the shooter gets anywhere near the site with his weapons. Artificial intelligence can be programmed to effectively sort vast amounts of data from all over the Internet, monitoring trillions of data points almost in real time. Not only that, but machine learning can enable these systems to become increasingly effective in pulling out relevant data as time goes on. Once data is sorted into useable, meaningful categories, humans can examine it to determine the context of the data and the extent of the threat. Let’s examine how this technology can help keep the public safe.

Using Online Behavior to Predict Mass Shootings

Artificial intelligence and machine learning can be used to sort through and correlate vast amounts of data to predict when people are planning mass violence. Artificial intelligence can also reveal worrisome patterns that it would be almost impossible for humans to uncover in enough time to stop an attack. An effective system will examine three things: means, motivation, and target. Means is how the violence will be carried out. For example, an AI system can capture when an individual shows interest in explosives or firearms. Motivation is what might drive a mass attack. This could be anything from Islamic extremist ideology to a personal grievance. Target in this context is the location of the planned attack.

When means, motivation, and target are analyzed with the help of artificial intelligence, we may see patterns emerge. Someone showing interest in firearms may just be planning a hunting trip. But, if they show interest in firearms, researching mass shooter incidents and belong to hate groups, that is a cause for concern.

Screening Vendors, Employees & Contractors

An effective Internet-based security system includes an ever-evolving database of people related to global extremist networks. A good artificial intelligence system with the help of human analysis should be able to assign a level of likelihood that an individual is likely to be a radical extremist who is likely to be involved in violent activity. Of course, cross-referencing a high-risk suspect database is more helpful in the case of religious extremists and hate groups than in the case of those who are motivated by personal grievances.

It’s not enough today to only screen vendors, employees, and contractors with a cursory background check. Artificial intelligence can sort through their online activity to pinpoint risks. An effective system would enable a facility administrator to upload the name and identifying information of individuals and get almost immediate feedback no matter what kind of facility they manage: entertainment facilities, events, sports stadiums, hospitals, and care facilities, work environments, malls or anywhere else.

Removing Barriers to Reporting

60% of terror plots are discovered through human reporting, so it’s critical to make it as easy as possible for people to report suspicious activity. We have seen that most shooters exhibit concerning behaviors before they carry out their plans. We have also seen that although virtually all shooters under 18 and half of adult shooters leak information prior to mass killings, most people who get such information do not report it. They may not want quite know what to do, don’t take it seriously or don’t want to get involved. Technology can remove many of the barriers to reporting through an app that students, employees, and others to report suspicious behavior or leaked information in real time. It’s easy and it’s fast, and it puts a tool into the hands of those who are most likely to hear or see something amiss. Reports can be automatically pushed to key law enforcement or security personnel a school’s geo-fenced facility to enable immediate action.

PART EIGHT: 
Anti-terrorism Technology is a Protection Against Liability

A facility can reduce its risks substantially, but there is no fool-proof way to guarantee against terrorists attacks. However, under the Support Anti-Terrorism by Fostering Effective Technologies Act, a facility that uses “qualified anti-terrorism technology” may not be held liable in a federal lawsuit.

PART NINE: 
Using Predictive Security to Secure Your Facility

Though physical security is the last bastion against violent extremism, to keep the public safe, facilities need the predictive analysis now available through artificial intelligence and machine learning systems that comb the Internet for relevant data and patterns. Predictive security helps to stop threats before they ever reach a facility and while they are still in the planning stages.

Why Technology is the Answer to Improving Campus Security

Introduction

Homegrown radical terrorism and mass casualty events such as active shooter incidents in public spaces and schools remain real, prevalent threats to national security, to corporations, and to the security of schools, colleges, and universities. There have been over 30 successful or attempted radical Islamist terror attacks on U.S. soil since 2009, in addition to multiple terrorist incidents stemming from other ideological motivations. There have also been dozens of mass shootings and school shootings during that same period. These types of incidents have cost hundreds of Americans their lives just in the past year.

Individuals looking to commit terrorist attacks or other acts of violence do not operate in isolation – they leave indicators in their discussions, their behaviors, and their online activities. Using technology to identify these indicators and find these individuals before they can commit heinous acts is of the utmost importance for ensuring the security of our society and of institutions that may be at risk.

Being able to respond to attacks is not enough. Instead, we can best protect ourselves by proactively detecting and preventing these threats from being realized, integrating cutting edge technology into our efforts.

PART ONE: 
Finding New Ways to Detect Planning Behavior

The U.S. has witnessed a recent surge in mass casualty events such as mass shootings and school shootings. From 1966 to 2015, there were 146 mass shootings across 40 states and Washington D.C., resulting in 1,048 deaths. There have been 55 mass shootings since 2007 and 11 in 2017 alone. Statistical evidence shows that the frequency of mass shootings is increasing. Since 2011, the rate of mass shootings in the U.S. has tripled to an average of at least one event every 64 days. Yet, in many cases, the shooters have no connection to their victims or to their target locations that could provide a clue to their intentions.  Over 71% of active shooter situations in the U.S. from 2000 to 2013 occurred in publicly accessible spaces including businesses, malls, schools, health care facilities, and houses of worship. Furthermore, victims of U.S. mass shootings are of every age, gender, race, and religion with no clear patterns. 

This lack of generalized predictive information regarding who may commit these violent acts, where they may do so, and who they may target means that we must find new ways to detect and prevent mass casualty planning behavior. Schools are implementing active shooter safety drills and commercial facilities and organizations have new security measures and training to prepare for these scenarios. However, many of these mass casualty events occur in less than five minutes, meaning that training may not be enough to avoid fatalities. Stopping these attacks before they occur is key to averting mass casualties. Yet, mass shootings can be extremely difficult to predict or prevent due to the individualized nature of each attack, the relative ease of access to firearms in the U.S., and the minimal planning required. Therefore, we need new technological capabilities that can identify specific indicators of these mass shooting threats before they actualize.

PART TWO: 
Discovering The Clues With Technology

From Columbine to Virginia Tech, from Sandy Hook to Parkland, school shootings have impacted the lives of individuals of every age, gender, and background. Since 2013, there have been over 300 shootings in schools in the U.S., averaging around one per week. 70+ individuals have been killed and 130+ have been injured in shootings at schools since 2013. These incidents have had a broad impact – between 2013 and 2015, 54% of shootings in schools took place in K-12 environments, while 45% took place at colleges or universities.  Victims and survivors include teachers, coaches, administrators, college students, and children of every age. The effect of these events lasts far beyond the immediate trauma and devastation. School shootings resulting in a homicide have a lasting impact on the affected school – they decrease student enrollment and lower students’ standardized test scores by almost 5%. It is evident that better methods are needed to detect and prevent school shooting threats in advance of a would-be attacker putting their plans into action. However, it is difficult to identify key traits that could indicate the type of person who may become a school shooter. Many school shooters experience a loss or personal failure that may help motivate their attack plans, and many were also bullied or felt persecuted before their attacks. Yet, a study carried out by the U.S. government in the wake of the Columbine attack concluded that there is no explicit “profile” of a school shooter – they come from diverse racial and ethnic backgrounds, and many are good students with functional families and friend groups. 

There is no explicit “profile” of a school shooter – they come from diverse racial and ethnic backgrounds, and many are good students with functional families and friend groups.

Despite the fact that there is no exact profile to indicate potential threats, the same study also found that most school shootings were planned incidents and that attackers left clues to their intentions in the lead up to the attack. In most attacks studied, other individuals were aware of the school shooter’s plans or the shooter demonstrated concerning or help-seeking behavior that may have exposed their plans if investigated. For example, Nikolas Cruz of the Parkland shooting posted social media comments revealing his intention to carry out a school shooting.Furthermore, research shows that many school shooters seek to emulate prior school shootings, whether through their choice of clothing, weapons, or tactics. Potential school shooters often carry out comprehensive research on prior attacks, particularly Columbine. In a study of school shootings in Europe, 33% of the shooters had purposefully imitated aspects of the Columbine shooting. Alvaro Castillo, who carried out a school shooting in North Carolina in 2006, chose to wear a trench coat like the Columbine shooters and named his shotgun “Arlene” as one of the Columbine shooters had done. Many school shooters have also expressed the aspiration to do it “better” than prior shooters, killing more people.

Given that many school shooters conduct online research related to their attack and may leave indicators to their intentions online, new methods and technology are needed to detect and sense online behavior associated with school shootings to prevent further attacks. Rather than searching for descriptive traits to identify prospective attacker “personas,” sensing known online behavior patterns associated with the planning of school shootings allows for threat detection and intervention before an attack can be carried out. For example, it has come to light since the Parkland school shooting that the shooter had previously posted comments on social media about carrying out a school shooting and that his social media accounts contained pictures of guns, ammunition, and other violent or concerning content.

We must deploy technology that senses the Internet for these types of threats and language as these may be readily available clues to a shooter’s intentions prior to an attack.

Sensing for this type of content, alongside online behavioral patterns that demonstrate attack-planning behavior, can identify individuals who pose high-risk threats, distinguished from people conducting general research. Such sensing can also identify the particular web signatures of users engaging in attack-planning behavior. As a result, only users truly engaging in extreme, outlier behavior will be detected, making threat identification a fact-based process rather than one that could be biased on prior knowledge of a suspect individual. Similarly, this type of sensing can detect threats posed by individuals who may not be on law enforcement’s radar. As new technologies and weapons are developed and more information becomes accessible online, the potential severity of threats to schools, campuses, and other public places increases. We must similarly change the way we approach detecting and preventing these violent threats in order to adequately address the enhanced and changing capabilities and methods of those seeking to do harm.

Summary

In today’s world, there are far too many Orlando shootings, Las Vegas massacres, Sandy Hook, and Parkland school shootings that occupy our news cycle and the front of our minds. The individuals who carry out these devastating and heinous acts seek to undermine our way of life, our sense of security, and our freedoms. They also become increasingly hard to detect as they carry out attack planning online, where they are not easily identified or monitored. These violent actors must be met head on by the best possible tactics and tools to detect and prevent such threats before they are carried out. Indeed, both the public and private sectors are embracing the power of technology in this realm, particularly related to artificial intelligence and machine learning. At Lumina Analytics, we’re using these tools to understand threat-specific behavioral patterns and predictively identify threats to society and national security, as well as to private corporations, venues, and events.

Using Predictive Analytics to Detect Threats on Campuses A guide to improved University, College and High School security.

Introduction

Mass school shootings have become so common in the United States that we are no longer surprised when news of yet another one flashes across our TV screen or social media feed. After a mass shooting, there are always intense yet similar debates about what motivated the shooter and how we can prevent future school shootings. An FBI report that looked at 63 mass shooters over many years found that although there are some attributes many shooters have in common, based on demographics alone, these attributes are not so uniform that shooters can be readily identified before attacking. The report says, “There is no single warning sign, checklist or algorithm for assessing behaviors that identify a prospective active shooter. Rather, there appears to be a complex combination of behaviors and interactions with bystanders that may often occur in the days, weeks and months leading up to an attack.” 

What this means is that human analysis and physical security, though important, are not enough to pinpoint deadly violence risks on high school, college and university campuses. The problem is simply too complex.

In order to predict and stop mass shootings in our schools, we need to be much more proactive than in the past and use the most effective technology we can develop. We need artificial intelligence systems to sift, sort and carefully select data, machine learning to improve results and only then depend on humans to verify the data and its context. Let’s take a look at the issue from all angles and discuss what we can do differently to drastically decrease school shootings.

PART ONE: 
What’s Considered a “Mass Shooting”?

There is no one definition of “mass shooting”. After Sandy Hook, Congress passed H.R. 2076 (112th), the Investigative Assistance for Violent Crimes Act of 2012. The act defined “mass killings” as three or more killings in a single incident in a place of public use. The purpose of the definition was to determine when the Attorney General can assist in an investigation at the request of state and local law enforcement officials. A wider definition of a mass shooting is promulgated by the Gun Violence Archive which defines it as an incident where at least four people are injured or killed aside from the suspect. Of course, all school shootings are not mass shootings.

PART TWO: 
How Often Are They Occurring?

Mass shootings are becoming more frequent and more deadly. In 2017 alone, there were 30 separate active mass shootings in the United States, the largest number ever recorded by the FBI during a one-year period. From 2000 to 2015, the number of incidents more than doubled from the first part of the period to the second.

According to a Washington Post analysis, more than 215,000 primary and secondary school students have experienced gun violence at school since Columbine in 1999 until April 2018. From January 1, 2009 until May 21, 2018, there have been 288 school shootings, 57 times as many as in all other major, industrialized nations combined. Twenty-one weeks into 2018, there were already 23 school shootings from grades kindergarten through college and university level where someone was killed or hurt. That’s an average of one shooting per week. (Gang violence, fights and accidental discharge are included in these last school shooting parameters.)

PART THREE: 
Contributing Factors to Mass Shootings

Every time there is a school shooting, the discussion ranges from gun control to mental health, stressed-out teenagers and young adults, bullying, terrorism and even video games. Common comments are, “If only the other students had been nicer to the shooter. If only family, students and faculty had recognized the signs. If only those close to the shooter had listened.” There have been many discussions of traits displayed by school shooters that should help us recognize them. The problem is that before the fact, it is very difficult for humans to predict a school shooting even though a shooter may fit certain demographics and display certain traits.

Let’s look at what we know, and why the analyses we have been doing up to now is not enough to stop school shootings.

Gun Access
Shootings are more likely to occur where there is easy access to guns, and the access to guns in the United States is unparalleled. Americans make up about 4.4% of the global population but own 42% of the world’s guns. From 1966 to 2012, 31% of the gunmen in mass shootings worldwide were American. It’s unlikely that easy access to guns is likely to change any time in the near future, so schools must look beyond hopes for gun control to protect their students. The majority of shooters use legally obtained firearms, and 68% of shooters under the age of 18 get their guns from their parents’ houses or those of close relatives.

Targets
In 64% of mass shootings, the shooter specifically targets at least one of the victims. School shootings are unlikely to be caused by those driven by doctrine such as extreme Islam. However, violent tendencies and misogyny play a role. Often school shooters target girls who would not date them or who rejected them. Elliott Rodger, who killed six people in 2014 at UC Santa Barbara, uploaded a YouTube video saying he was going to punish women who rejected him. Other examples of shooters out to kill women include the Santa Fe high school mass shooting in May 2018 that left 10 dead and the 2015 Oregon college shooting that also left 10 dead. These are just a few examples; misogyny is a common thread that runs through many school shootings.

Violent History
Many shooters have a history of violence including domestic violence. In fact, a study by Everytown for Gun Safety has found that the majority of mass shootings in the United States are related to domestic or family violence.

Mental Illness
There is always a lot of discussion about mental illness after a school attack, perhaps because it is hard to imagine anyone in their right mind doing such a thing. The FBI report could only verify that 25% of active shooters in the study had ever been diagnosed with a mental illness, and of the 63 shooters studied only three had been diagnosed with a psychotic disorder. Even if a student is mentally ill, it is not difficult for them to gain access to a firearm. As we have seen, many students use the guns of parents or relatives. Also, a regulation put into place during the Obama administration to make it more difficult for the mentally ill to acquire firearms was nullified during the Trump administration.

Extremism
The biggest danger for school shootings comes from students with interpersonal issues. Extremism rarely plans a role with the exception of misogyny.

Location
Most shooters target familiar places, usually their schools in the case of students.

Race
According to the FBI study sample (mentioned above), 63% of mass shooters are white. This is followed by shooters who are 16% black, 10% Asian, 6% Hispanic, 3% Middle Eastern and 2% Native American.

Gender
According to the FBI study sample, 94% of mass shooters are male.

Suspicious Behavior and Leaked Information
Shooters in the FBI study usually exhibited four or five observable “concerning behaviors” before the attack. In every case, at least one of these concerning behaviors was noticed by someone who knew the shooter. These included behaviors related to mental health, interpersonal problems and communication of violent intent. Almost all teen shooters and half of adult shooters tell someone about their plan before they do it. You would think, therefore, that more of them could have been stopped. In incidents where the shooter was a student, 92% of the time the person who noticed the behavior was a schoolmate. Unfortunately, those who observe the behaviors typically do not communicate with anyone in authority. The most common response is to mention the behavior to the shooter himself or to do nothing. Therefore, in many instances, the information is not shared beyond the shooter and his confidante.

Planning
Mass shootings are not just spur of the moment. Shooters take time to plan. 77% spend a week or more in preparation, 46% spend longer than a week and only 12% spend less than a day planning.

Stress
In the year before they act, most active shooters experience multiple stressors, 3.6 on average. But most of us experience stress in our lives, and the high school and college years are difficult for many. This alone is unlikely to tell us much.

PART FOUR: 
What’s Next for Predicting Mass Shootings?

Experts have looked at many additional factors in school shootings than those described above, but there is just no dependable way to predict mass shootings by human analysis alone. Most teenagers and young adults have relatively easy access to guns, and that is not likely to change soon in our society. We could look more closely at white young men with some stress in their lives who have been rejected by women or can’t get dates, but that is a uselessly big pool of people, and that profile does not fit all shooters. Though most teenage and half of adult shooters leak information about their violent plans, that information is unlikely to be reported to authorities. Schools cannot wait for law enforcement alone to find an answer to keep their students safe. It is up to schools themselves to be proactive in protecting their students from violence and mass shooting risks by using the most effective security measures available.

PART FIVE: 
Efforts to Improve School Safety and Increase Access to Mental Health Services

Though mental health issues are usually not the cause of school shootings, they do figure into some cases. The National Association of Elementary School Principals, the American School Counseling Association, National Association of School Psychologists, National Association of School Resource Officers, National Association of Secondary School Principals, and School Social Work Association of America have jointly released their recommendations for improving school safety and access to mental health services for students in “A Framework for Safe and Successful Schools,” Recommendations include improving funding streams for student mental health services, improving staffing ratios, developing standards for school discipline and promoting positive behavior, funding emergency preparedness and improving intra-agency and interagency collaborations.

Many schools are providing training to try to increase their efforts to recognize erratic student behaviors that could possibly signal upcoming violent events. They are also trying to increase student access to mental health services without the stigma that is often attached to using such services. These are all important and worthwhile efforts, but even if they are successful, they will only influence outcomes in a minority of potential mass shooting cases.

PART SIX: 
Is Increased Physical Security a Viable Answer?

The first impulse of school officials following news of a school shooting is often to increase physical security. In 1994, about 13% of schools employed uniformed officers and that leapt to 51% by 2014. Other measures include increasing perimeter and access control, though these measures are unlikely to be enough to protect against homemade explosives and vehicular attacks. Certainly, physical security is important, but it is not enough to keep students safe. Armed police were present during the Columbine and Virginia Tech school shootings, which were two of the deadliest. An armed school resource officer was present at Columbine and five officers and the police chief were on campus at Virginia Tech. Furthermore, the shooters knew there were armed officers on campus and remained undeterred.

In 1994, about 13% of schools employed uniformed officers and that leapt to 51% by 2014.

Some schools turn to access security where students have ID badges, visitors sign in and doors are locked. The problem with these measures is that a school shooter is likely to be a student who would have complete access to the school.

Metal detectors appear to be somewhat effective for those schools that have them, though they have not been extensively studied. For example, a 2000 Chicago study found that metal detectors prevented 294 weapons including 15 guns from entering schools. But metal detectors are far from infallible. In Red Lake Minnesota in 2005 a teenager killed an unarmed security guard, went through a metal detector and killed five students and a teacher.

PART SEVEN: 
Technology’s Role in Predictive Analysis and Security

Physical security measures and training staff to recognize problem students have proven to be insufficient. In order to prevent future mass shootings or at least minimize the risk, schools must implement technologybased predictive security solutions that foretell mass shooting s and other violent acts. Timing is everything, and it is critical for schools to obtain information in time to prevent attacks. In order to predict attacks, artificial intelligence can be used to intelligently sort information from all corners of the Internet almost in real time and monitor trillions of data points. Better yet, machine learning can make data become increasingly relevant over time. Human analysis is also involved after an artificial intelligence system delivers the data to determine the seriousness and context of the risk. These tools enable a huge leap forward in predictive analysis capabilities that proactively identify suspicious activity and the people who are planning violent attacks. Let’s look at some of the methods.

Tools That Remove the Barriers from Reporting Suspicious Behavior

Sixty percent of terror plots are discovered through human reporting, so it’s critical to make it as easy as possible for people to report suspicious activity. We have seen that most shooters exhibit concerning behaviors before they carry out their plans. We have also seen that although virtually all shooters under 18 and half of adult shooters leak information prior to mass killings, most people who get such information do not report it. They may not want quite know what to do, don’t take it seriously or don’t want to get involved. Technology can remove many of the barriers to reporting through an app that enables students, faculty and school staff to report suspicious behavior or leaked information in real time. It’s easy and it’s fast, and it puts a tool into the hands of those who are most likely to hear or see something amiss. Reports can be automatically pushed to key law enforcement or security personnel at a school’s geo-fenced facility to enable immediate action.

Using Data to Identify Patterns in Web Activity

To effectively predict threats, it is necessary to identify behavior patterns using large amounts of data. We must use both external data and an Internet-based system to sense risk and identify actors who exhibit patterns of online activity that may indicate threats. Risk is assessed by analyzing people’s use of content across three categories: means, motivation and target.Means
“Means” includes types of weapons or materials that might be used to carry out a crime. Examples of “means” includes information about firearms, homemade explosive devices or cyber security. Motivation
“Motivation” is most likely to be personally driven rather than due to extremism or politics in the case of schools, though that may not always be the case. Motivation content may be about things such as violence, religious extremism, active shooter incidents or even general news. Target

“Target” can be a place such as a school or an event location and can also involve a person the shooter is focusing on.

If a student is just researching firearms, it may mean nothing. But if they are researching assault weapons, violent content and previous school shooter incidents, it is more cause for concern, because a pattern begins to emerge.

Cross-Referencing Global Terrorist Networks

The biggest threat in schools is student shooters. However, at a college or university level in particular, it is possible for a school to be a target of extremists, possibly even extremists who are students, faculty or staff. Artificial intelligence technology exists that can determine how close an individual is to terrorists and how likely they are to become terrorists themselves. This is done through a database of online content related to global terrorist networks and deep web mining techniques.

PART EIGHT: 
Enabling Anti-terrorism Technology to Protect Against Liability

Despite a school’s best efforts, it is possible for a mass shooting or other act of terrorism to occur. Schools officials should be aware that if a terrorist act occurs at the school and they have tried to protect their students by using “qualified anti-terrorism technology,” then the school is immune from a federal lawsuit under the Support Anti-Terrorism by Fostering Effective Technologies Act.

PART NINE: 
Keeping Students Safe with Predictive Security

In today’s complex world, physical security alone is not enough to keep students safe. Fortunately, the Internet offers us opportunities to use artificial intelligence and machine learning get a step ahead of would-be school shooters. This involves heavy lifting of huge volumes of data so it can be presented almost immediately in a format that enables fast decision-making. Predictive security helps to foretell tragedies while they are still in the planning stages and keep students safe by accessing, sorting and analyzing the right information at the right time.