Information Security Journal: A Global Perspective, 21:115–126, 2012
Copyright © Taylor & Francis Group, LLC
ISSN: 1939-3555 print / 1939-3547 online
DOI: 10.1080/19393555.2011.647251
Can Social Network Analysis be Effective
at Improving the Intelligence Community
While Ensuring Civil Rights?
Kenneth Earl Gumm Jr.
K4 CSR Transportation Security
Administration Contact Center,
Somerset, Kentucky, USA
Address correspondence to Kenneth
Earl Gumm Jr., PO Box 3836,
W. Somerset, KY 42564.
E-mail: kenny.gumm@gmail.com
ABSTRACT International terrorism represents a complexity of threats that
requires all the resources of the U.S. government to detect, deter, and prevent
terrorist acts. Social network analysis (SNA) will be defined and specific con-
cepts available for analytical application will be introduced and evaluated for
efficacy. SNA will be examined as a tool to improve the efficiency and capabil-
ities of the intelligence analyst tasked with the prevention and early detection
of terrorist actions while preserving constitutionally guaranteed civil rights of
those it is meant to protect. Limitations of SNA will be introduced and mea-
sures to limit those limitations will be discussed.
The immediate research has revealed that the Defense Advanced Research
Projects Agency’s (DARPA) initial research and development efforts in SNA
did not include the necessary requirements for privacy protection as called for
in the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). The
immediate effects of 9/11 led many within the intelligence community to adopt
any and all available technology that was seen as worthwhile and offered the
ability to address as many of the deficiencies revealed by the 9/11 Commission
as possible. The history of many of the successful programs within DARPA has
been attributed to a culture of noninterference by political as well as defense
officials with an attitude of building effectiveness without regard to oversight
or diligence to existing laws or mandates. The fact that DARPA’s charter has
not been changed since its inception has contributed to the failure to adopt
already existing legislature and mandated privacy protection. This paper will
develop the practicality for SNA with privacy rights built into the architecture
so that the analysts’ output is enhanced while civil rights are preserved.
KEYWORDS social network analysis, DARPA, terrorism, intelligence community
1. INTRODUCTION
Since the attacks of 9/11, the public, press, Congress, and the world have
questioned how the terrorists’ attacks of that day could happen to the world’s
115
most powerful nation. The investigations into the
events of 9/11 revealed that substate actors with moti-
vations based on a radical interpretation of the Koran
were the perpetrators. Further examinations into this
new paradigm of international terrorism demonstrated
the limitations of an intelligence community (IC)
designed to counter the Cold War symmetric threat
as compared to the current asymmetric threat posed
by international terrorism and al Qaeda specifically.
Zegart (2005) indicates that between the fall of the
Soviet Union and the attacks of 9/11, 12 different
significant and empirical studies were performed by
public and private sector entities revealing the lim-
itations of an intelligence paradigm designed for a
post-WWII era. The resulting recommendations from
these studies called for more than 300 changes, yet
only a handful were ever successfully implemented.
One of the common themes throughout these inves-
tigations was the need for a paradigm shift in the
ways and means that the U.S. Government (USG)
is currently wielding its power based on the fact
that the existing system was designed for a bipo-
lar world, consisting of largely symmetric threats,
and the emergence of international terrorism, that
represented largely asymmetric threats. Despite sev-
eral attacks prior to 9/11 from international terrorist
and calls for specific change from political, military,
and intelligence community leaders, there was not a
concerted effort to overhaul the intelligence commu-
nity until the attacks of 9/11 motivated the exec-
utive and legislative branches to take action in the
form of the 9/11 Commission on Terrorism. As a
result of the 9/11 Commission’s report to Congress,
the Intelligence Reform and Terrorism Prevention
Act of 2004 (IRTPA) was passed and for the first
time since Goldwater-Nichols Department of Defense
Reorganization Act of 1986, a major revision of the IC
has resulted.
The immediate research will examine the applica-
tion of social network analysis (SNA) and its abil-
ity to increase the effectiveness of analysts’ resources
while protecting the civil rights of American citi-
zens. The paper will present the fundamentals of
SNA, an examination of the state-of-the-art in SNA,
an examination of the limitations and privacy con-
cerns that have been raised to date, and the algo-
rithms and frameworks available to address these lim-
itations and concerns. The next section will discuss
K. E. Gumm Jr.
the ultimate goal of development of architecture for
SNA that simultaneously preserves the individual’s
civil rights while enhancing the capabilities of the
analyst.
This paper will then turn to the exposed gap in
current research on the topic; DARPA has not had a
review or change in its charter since its inception and
this may very well have exacerbated the public per-
ception of privacy concerns with the use of SNA and
its application to international terrorism. The research
that has been performed concerning DARPA examines
the internal operations that have led to a multitude
of successes in mostly “wicked problems” of primary
application to the military. This gap indicates the need
for future research that can identify for the Department
of Defense (DOD) and Congress methods of adjust-
ing the policy and guidelines that DARPA operates
within that enhances capabilities and operations within
DARPA. This research should be of interest to policy-
makers that are concerned with the current perception
of SNA and to students in the field of terrorism
research.
The ultimate goal of any model intent on predicting
terrorism is the determination of when and where an
extremist group will attack by incorporating as many
of the factors identified by the research as possible to
facilitate an accurate assessment. The identified causes
of terrorism from throughout the sciences demon-
strate the need to develop a predictive system that can
incorporate a multitude of the factors identified from
subject matter experts (SME). SNA offers a flexible
capability to the analyst that allows multiple models to
run concurrently or simultaneously and to be custom
designed to the specific agency’s area of responsibil-
ity. The analyst can incorporate individual indicators
for a more focused model to concentrate on tactical
subjects or broader categories of indicators that repre-
sent multiple factors can be incorporated to function
in a strategic capacity. This capability demonstrates the
need to have any forecasting model or architecture
flexible enough to adapt to changing evidence from
empirical research and the need to incorporate statis-
tical analysis to expose any sensitivities to data bias.
These capabilities will enhance the analysts’ creative
analysis capabilities and provides for a more efficient
use of limited resources by allowing the analysts to
focus their time and efforts as directed by their agencies
mandates.
116
 2. FUNDAMENTALS AND
CAPABILITIES
SNA was originally proposed by Jacob Moreno
in 1934 as a method that used links (connections or
ties) and nodes (individuals or groups) to discover
information about the individuals in a network and
the actual network itself. By definition a “social
network is a compilation of entities that are connected
through social ties in which a variety of resources
are exchanged” (Hulst, 2009, p. 106). A synthesis
of the definitions provided by DeRosa, Seifert, and
Koschade results in a definition for social network
analysis as the use of algorithms based on empirical
research from across the sciences to discover previously
unknown patterns and relationships that improve the
allocation of limited resources DeRosa 2004, v., Seifert
2008 I, Koschade 2006, 2). The methods of SNA
include statistical models, mathematical algorithms,
neural networks, and decision trees used to evaluate
quantitative data, text, or graphical data from mul-
timedia forms. The power from SNA comes from
the flexibility of parameters used to evaluate large
quantities of data including patterns in association
(one event is connected to another), sequence or path
analysis (one event leads to another), classifications
(identification of new patterns), clustering (finding and
visually documenting groups of previously unknown
facts), and forecasting (discovering patterns that can
lead to reasonable predictions of future activities)
(Seifert, 2008, p. 1). If the above parameters represent
the power of SNA then the effectiveness of SNA is
represented by its creativity. The algorithms used to
drive SNA reveal the patterns in data not perceivable
by human analysis because of the vast amount of data
surrounding the evidence of interest.
Among the many capabilities within SNA, of inter-
est to predicting terrorism, two fundamental categories
emerge: predictive (classification, regression, time
series, prediction) and descriptive (clustering, sum-
marization, association, sequence discovery) models
that require defining before progressing into the more
detailed analysis and implementation algorithms in
the Algorithms and Frameworks section. Classification
maps the target data to predefined groups or classes
provided by SMEs. Regression involves the numerical
dataset from a known event to develop a mathemati-
cal formula that fits the data, then this formula is fed
117
the data from an unknown event and the result is a
prediction. Time-series analysis uses distance measures
to determine similarity between different time series to
generate predictions for future events base on known
past events. Clustering is similar to classification except
that the groups are not predefined; the data defines the
group or subgroup (clique) of interest. Summarization
is a technique for presenting the data summarized. The
Association rule finds all frequent data points and gen-
erates rules from these patterns. Sequence discovery
finds sequences of patterns in the data that helps to
define the trend. (Deshpande, 2010, p. 35).
SNA has developed several specific measures that
can be leveraged by an analyst to reveal informa-
tion about the operation of the network that is not
readily apparent to the outside observer. One of the
key concepts in SNA is centrality, which indicates
how many direct connections the actors (nodes) have
with other nodes (Kutcher, 2008, p. 1). Nodes with a
high centrality exert more influence over less central
nodes and should be considered as target-worthy assets
since they control information flow. A centralized net-
work may be one node or a few nodes with high
centrality ratings as compared to subordinate nodes
that simply direct information or resources to the more
central node. Centralized networks are susceptible to
disruption because of their lack of redundancy; elim-
ination of the one central node could disrupt the
entire centralized network. Decentralized networks on
the other hand do not have one central hub, but
have several hubs with each node indirectly tied to
all other nodes. This redundancy makes the network
more robust, but because of the duplication of effort it
increases the overhead of the organization and more
importantly increases the likelihood of discovery by
government entities. Centrality is measured by close-
ness, betweeness, degree, and eigenvectors that provide
different perspectives of the social relationships that
exist within the network.
Closeness defines how many links it would take for
a particular node to connect to all other nodes in
the network and it provides a measure of the distance
between actors. There are several measures of close-
ness that provide additional insight about the actors or
nodes: closeness-in (how close an actor is based on the
number of paths that are inbound), closeness-out (how
close an actor is based on the number of paths that are
outbound), direct closeness (two actors with a direct
Social Network Analysis and the Intelligence Community
connection), and indirect closeness (information can
only pass from one node to another node by passing
through at least one additional node) (Hanneman,
2005, p. 11).
Betweeness measures the number of paths that pass
through each node. Nodes with a high degree of
betweeness may indicate the presence of a gatekeeper
(controls the flow of information between different
parts of the network or between different clusters in the
network) (Kutcher, 2008, p. 2). Although nodes with
low degrees of betweeness may indicate that they have
little control over the flow of information, if they hap-
pen to be the only link between two different clusters,
their elimination could be devastating to the cluster
that would become isolated.
SNA measures the connections a node has by the
label of degrees. The node with the greatest number
of connections (degrees) is labeled the hub. Further
measures of degree are in-degree (quantifies the num-
ber of incoming links) and out-degree (quantifies the
number of outgoing links) (Hanneman, 2005, p. 4).
Nodes with high in-degree represent actors with final
approval status or consultants and nodes with high
out-degree may represent actors that are newcom-
ers or tasked with delivering information to other
nodes.
Eigenvectors measure how well connected an actor
is and how much direct influence that actor has over
the activities of that network. This measure is deter-
mined by evaluating the centrality scores of the actors
that this actor is directly connected to (Hanneman,
2005, p. 14). There are two further measures of eigen-
vectors: hubs (score for outbound links) and authori-
ties (scores for inbound links). A high scoring hub has
several outbound links to high scoring authorities, and
a high scoring authority has several inbound links from
high scoring hubs.
Two final concepts in SNA that should be discussed
before continuing are link direction (used on charts
and graphs to demonstrate which direction informa-
tion or logistics are flowing) and link weighting (indi-
cates the relative strength of relationships). Both of
these concepts lend themselves to visualization tech-
niques that use two or three dimensional graphs to
allow the analyst to identify relationships previously
unknown. The newly identified actors can become tar-
gets for future investigations that could lead to still
more previously unknown targets. These discoveries
allow the detection of an organization’s activities that
K. E. Gumm Jr.
should enhance the predictive capabilities for that
network’s future operations.
3. LIMITATIONS
While these concepts point to the capabilities of
SNA, there are also limitations to this system as with
any system. SNA is data dependent, and because of
this the analysis is dependent upon accurate and timely
data that have not been corrupted deliberately or inad-
vertently. The initial logistical problems of procuring,
cleaning, and preparing the data for analysis and the
time period for analysts to learn the system are con-
siderable, but after the initial enterprise of establishing
the system SNA actually helps to alleviate one of the
common problems facing today’s analysts: data deluge.
The diversity of data sources both in format and loca-
tion presents several challenges to effective SNA that
can be addressed by specific algorithms and procedu-
ral architecture to be presented in the Algorithms and
Frameworks section.
The ultimate limitation comes in the form of iden-
tifying a causal relationship between patterns revealed
in the data and any of a number of variables of inter-
est that could be responsible. Therein lies one of the
more significant problems, that is, the rarity of terror-
ist attacks tends to limit the availability of indicators
to build predictive models. The mundane activities of
preattack logistics that include communication among
actors, fundraising, technology acquisition, trial runs,
resource acquisitions, and target reconnoitering rep-
resent some of the activity that can be modeled.
As attacks are thwarted, attempted, and successfully
carried out and past terrorist events are cataloged,
future scenario and model building will be enhanced.
Another frequently discussed limitation of data
mining is the problem of false positives. Markle
(2003) identifies accurate identity as one of the fun-
damental reasons that false positives represent a serious
concern for civil liberties. A system of redress should be
included in any efforts that involve personal identities
and the architecture of any SNA system should include
an independent mechanism (private or public) to cer-
tify accuracy. Classifiers as discussed below, even with
a high accuracy rate, are going to produce some level of
false positives, but with the use of multiple classifiers to
search through huge databases and incorporate multi-
stage searches each subsequent search is initiated by the
previous success thereby reducing errors with each pass.
118
Both the accuracy and the privacy are enhanced in such
architecture. Senator (2005) demonstrates that meth-
ods exist to limit false positives and false negatives by
the use of risk adjusted populations and link analyses
and to enhance privacy concerns the data could be ran-
domized or anonymized to protect the identity of any
one falsely identified in the early stages.
Several examples of SNA exist that apply multiple
classifiers in architecture that makes multiple passes
through the data, with each subsequent pass feed-
ing the next thereby reducing the potential of false
positives and reducing the size requirements of the
database. One example of this technique is DARPA’s
Evidence Extraction and Link Discovery (EELD) pro-
gram that has developed algorithms that extract prob-
abilistic models from relational data. The multipass
process offers two improvements to single pass: one
pass is used to feed subsequent passes, and the abil-
ity to change the types and quantities of data with each
subsequent pass also works to focus the analyst’s efforts
to the data that are more related to revealed areas of
concern.
4. PRACTICAL APPLICATIONS
Psychological and social constructs of trust, social
norms, cohesion, and cooperation are important to
the operation of the group and can act as indicators
of reciprocity, influence, and leadership that are sus-
ceptible to analysis using SNA (Hulst, 2009, p. 109).
DeRosa (2004) would enhance this process by calling
for Subject-based Link Analysis (starts with a known
data point) to find links with other entities of unknown
interest. Pattern-based Analysis takes a known pattern
of behavior and searches for similarities in the dataset
(DeRosa, p. 8). While the behavior may be known,
the pattern-based query does not require a known
subject but rather retains its usefulness by identify-
ing extremely rare activities associated with terrorist
planning and attacks (DeRosa, p. 8). Skillicorn (2004)
suggests that for terrorist groups such as al Qaeda,
which operate much like “venture capitalist for ter-
ror” that receive proposals for attacks and then decide
which proposals to support, even the most trivial con-
tact between actors could be viewed as “significant”
and worthy of SNA efforts (Skillicorn, p. 2). The abil-
ity to quantify the relationships inherent in the social
networks tends to reduce the subjectivity in analysis
and limits the risk to missed signals inherent in covert
119
operations and data acquired during typical SNA pro-
cedures. When the analysis provided from SNA is
coordinated with the characteristics of the actors, their
relationships, and the types of resources or activities
the group under investigation has demonstrated in the
past, a powerful tool emerges for forecasting future
behaviors (Hulst, p. 109). The ability of SNA to iden-
tify patterns, roles and functions that are not otherwise
readily apparent indicates the reasoning for policymak-
ers increased interest since 9/11 and provides justifi-
cation for inclusion of SNA in typical data mining
operations.
The experts on SNA have identified several funda-
mental issues that are prerequisites for successful data
mining; a clear formulation of the problem, access to
relevant data that have been properly coded, and mech-
anisms to compensate for type I and type II errors.
The immediate research would seem to indicate that
“relevant data” could be less than obvious since the
relevancy is often not immediately apparent before the
analysis has begun. Factors and indicators of terrorist
activities are obviously part of the equation, yet many
of these factors and indicators are mundane activities
that individually could be interpreted initially as legal
activities that could be relevant but might not present
themselves at the initial stages of the investigation. It is
only after SNA reveals the totality of these preevent
activities occurring among disparate but connected
entities that a clearer picture develops of the terrorist’s
intent. Therefore, it would seem appropriate to begin
the analysis with a broad perspective and narrow the
focus as the algorithms began to develop the scenario.
DeRosa (2004) would add that typical data mining pro-
cedures actually “prioritize attention and provide clues
about where to focus” and this concept speaks to one
of the fundamental problems exposed by Heuer (1999)
that what the analyst needs is more “truly useful infor-
mation” (Heuer, p. 6). SNA helps to limit many of
the perception problems that exist within the subcon-
scious mind by providing the additional information
that Heuer describes as being required to “recognize an
unexpected phenomenon” (Heuer, p. 8).The patterns
and relationships revealed by SNA help to reduce eth-
nocentric bias and are not subject to lack of cultural,
religious or political knowledge of the scenario under
investigation.
Skillicorn (2004) improves traditional SNA by
including additional information (demographics)
about the individual actors in the social network and
Social Network Analysis and the Intelligence Community
“higher-order” information about the relationships in
a technique of “Matrix Decomposition” (Skillicorn,
p. 1). Singular value decomposition (spectral graph
partitioning) is used to detect the most anomalous
nodes by correlation of the data and semi-discrete
decomposition; data are partitioned into subsets
with similar attributes and independent component
analysis, which allows graphs of cliques (Skillicorn,
p. 5). The power here is in the ability to reveal that
one actor may be a member of more than one clique
simultaneously, not available in traditional SNA meth-
ods. These actors represent high value targets worthy
of additional resource allocation; their isolation could
limit potential actions of disparate and previously
unknown cells.
The practical application of SNA to past and cur-
rent events has been successfully demonstrated by
Krebs, when he uses centrality, degrees, closeness,
and betweeness to identify the cellular nature of the
9/11 attackers and their hierarchy (Krebs, 2002, p. 7).
Duval, Christenson, and Spahiu (2010) examine the
practical application of SNA to current data to appre-
hend Saddam Hussein (links to family members, Sunni
tribal loyalists, and former protégés) and the discovery
of the “Virginia Jihad” (link analysis on the network of
relationships) and proposes the use of “Bootstrapping”
or resampling to add the dimension of statistical anal-
ysis to enhance the ability to quantify relationships
(Duval et al., p. 2). The ability to provide a measure
of statistical validity in assessing the roles of actors in a
terrorist organization could be instrumental in assuring
that the most lethal of cell members are receiving the
attention needed in a world of limited resources.
Koschade (2006) provides a framework for “real
time analysis” of terrorists’ networks by employing
SNA measures of density, degree of connection, degree
centrality, closeness centrality, betweeness centrality,
and the use of clusters on the Jemaah Islamiyah cell
responsible for the 2002 Bali nightclub bombing.
Smith, Damphouse, and Paxton (2006) evalu-
ated 67 U.S. cases of terrorism, including domestic
and international terrorist groups. Information from
200 incidents were used to create a relational database
of 265 variables, including geospatial data (terrorists’
residences, planning locations, preparatory activities
and target locations), general temporal data (average
terrorist group existed for 1,205 days, planning aver-
aged 2–3 months and there was a lull of 3–4 weeks
prior to the incident), and spatial patterns of activity
K. E. Gumm Jr.
(terrorists typically live less than 30 miles from target,
preparations and planning also within this distance)
(Smith et al., p. 2). Four major categories of activities
were revealed: recruitment, preliminary organization
and planning, preparatory conduct, and terrorist acts
(Smith et al. p. 3). All sources were open sources pro-
vided by subject matter experts and included many
incidents of illegal activity, acquisition of bomb mak-
ing materials, and several other activities that would be
considered anomalous to normal civil activities of law
abiding individuals. The immediate research indicates
that this list should be combined with a list from classi-
fied sources to create a relational database available to
analysts when operating any of a number of different
SNA platforms currently available.
5. ALGORITHMS AND FRAMEWORKS
Memon and Larsen (2006) propose a framework of
algorithms, web spiders, and a knowledgebase to reveal
hidden hierarchies in nonhierarchical networks to pro-
vide a predictive capability to SNA. The framework
introduces three novel concepts within iMiner (proto-
type software application) to achieve these predictive
capabilities. Position Role Index identifies key actors
and followers in the network as defined by their effi-
ciency; Dependence Centrality defines how much a
node is dependent on another node; Degree Centrality
and Eigenvector Centrality are combined with Measure
Dependence Centrality to estimate the hierarchical
structure (Memon & Larsen, p. 2). Algorithms are
developed for each of these concepts and are applied
in several cases studies. Kreb’s dataset of 9/11 hijack-
ers, Sageman’s dataset of the global Salafi Jihad, the
Bali night club bombing, the dirty bomb plot of 2002,
the World Trade Center bombing of 1993, and the
9/11 plot.
Koltko-Rivera (2004) proposes a computer based
system, Fuzzy Signal Expert system for the Detection
of Terrorism preparations (FUSEDOT) that analyzes
anomalous data such as interpersonal relationships,
financial relationships, travel patterns, purchasing pat-
terns, patterns of Internet usage, and personal back-
ground. FUSEDOT desires to identify those individu-
als who are terrorist by four simple steps: sort through
massive amounts of information about massive num-
bers of individuals, connect disparate pieces of infor-
mation about these massive numbers of people, con-
nect individuals to other individuals who are in their
120
social circles, and process this data to identify terrorist
activity (Koltko-Rivera, p. 4). The FUSEDOT system
is centered on the proposition of detecting “fuzzy sig-
nals” (sometimes the signal is representative of terrorist
activity, but often it is not) (Koltko-Rivera). Risk scores
are assigned to individuals based on the presence of
these “fuzzy signals”; the higher score would reflect
more “fuzzy signals.” Bayesian algorithms are used for
data processing, and knowledge discovery algorithms
are used to create a feedback loop from SME. The use
of Bayesian algorithms is widespread and the concept
of developing hierarchies of the terrorist networks pro-
vides another level of comprehension to define the
operations of the cells and their networks, but the
immediate research could not find any examples of the
actual application of this concept since its introduction
in 2004.
6. CIVIL LIBERTIES AND PRIVACY
CONCERNS
The Homeland Security Act of 2002 requires the
Department of Homeland Security to “establish and
utilize data mining and other advanced analytical tools
to access, receive and analyze data to detect and iden-
tify threats of terrorism against the United States”
(Cate, 2008, p. 439). The legal requirements are obvi-
ously present to provide for the lawful use of data min-
ing and SNA, but the introduction of additional guide-
lines and policy enhancements to improve the operat-
ing parameters of such a vague task would seem pru-
dent given the current status of programs across the IC.
Cate (2008) finds the lack of governmental regu-
lation on the use of data mining as a contributing
factor to the current debate about privacy concerns.
He contends that the lack of regulation also serves to
exacerbate the problems inherent in data mining by
allowing the use of “outdated, inaccurate, and inappro-
priate data” and further indicates that the lack of clear
policy on the issue denies the “guidance as to what is
and is not acceptable conduct” (Cate, p. 437). These
concerns assume that a government agency would
deliberately use “outdated, inaccurate, and inappropri-
ate data” just because they had no legal reason not
to. This assertion presumes that no government agency
would have the concept of the parameters necessary to
operate a data mining system simply because it had not
been legislated. The evidence from DARPA’s programs
to date would seem to indicate otherwise, but the need
121
to establish legal guidelines in promoting civil rights
should be based on the need to gain public acceptance
and follow the intent of the constitution.
The subjective-legal argument identified by Taipale
is based on concerns that any use of data mining
or SNA violates the rights granted by the Fourth
Amendment. The Supreme Court has ruled in United
States v. Cortez and United States v. Sokolow that “subjec-
tive and objective expectations of privacy should rea-
sonably apply to the data being analyzed or observed
in relation to the government’s need for that data
in a particular context” not based on any technique
(Hearing, 2007, p. 12). Taipale would address the pri-
vacy concerns and limitations with three concepts
applied to the architecture design and implementation
stages:
1. Rule based processing and distributed database
architecture that limit the scope of inquiry and
processing of data within policy guidelines.
2. Multi-stage classification architectures and itera-
tive analytic processes with selective revelation and
access control at each stage before additional data
collection, access or disclosure.
3. Strong credential and audit features and diversified
authorization and oversight.
These three steps immediately demonstrate some com-
plications for successful operation of a computer-based
information discovery system. Policy guidelines are
always subject to interpretation by the individual
tasked with the responsibility to analyze the data, and
any need to request clarification or guidance is going
to slow the process. Subjecting each stage to a process
of reauthorization will further slow and encumber the
process. The final step could and should be incorpo-
rated into the system such that operators are required
to sign-in with password authorization and the sys-
tem should have credentialing procedures that limit
the ability to venture beyond areas of known explo-
ration. An audit trail feature should be included for
each stage of the architecture with analyst full aware-
ness of this capability that their actions will be revealed
automatically to supervisors.
One of DARPA’s programs involving SNA is
Terrorism Information Awareness, which uses cate-
gories of transactional data to detect terrorist activ-
ities including communications, finances, education,
travel, medical, country entry, place or event entry,
Social Network Analysis and the Intelligence Community
transportation, housing, critical resources, and govern-
ment records. “Red Teams” would create scenarios of
terrorists’ attacks and determine the kinds of planning
and preparations that would be necessary and then tar-
get those activities with the pattern-based data mining
programs. When William Safire’s New York Times story
“You are a Suspect” broke in 2003, it was the beginning
of an avalanche of criticisms resulting in the Senate
amendment to the Omnibus Appropriations Act that
prohibited the deployment of Terrorism Information
Awareness in connection with data about U.S. persons
without specific congressional authorization (Safire,
2002). Eight months later Congress terminated the
funding for Terrorism Information Awareness with the
exception of “processing, analysis, and collaboration
tools for counterterrorism foreign intelligence,” which
was specified in a classified annex (Safire, 2002). In
essence, the programs were for public consumption
and defunded, but in practicality they just moved into
the realm of classified programs where development
and oversight concerns are no longer open to pub-
lic debate. This is not oversight by Congress; it is an
attempt to placate media criticism by removing the
SNA programs from public scrutiny.
The Supreme Court has failed to interpret that the
Fourth Amendment guarantees extend to the domain
of data housed in a third party’s control. In United States
v. Miller, the court ruled that there was no “reasonable
expectation of privacy” in information held by a third
party; in this case Miller was contending that checks
held by the bank were subject to Fourth Amendment
protection, but the court ruled against. Cates indicates
that the Court has “repeatedly” ruled that the Fourth
Amendment does not prohibit the Government from
obtaining information from a third party even when
the information was stipulated for a limited purpose
(Cates, 2008, p. 452). This third party holding per-
sonal information is a direct correlation to the current
scenario of data warehouses that the government is
currently accessing using data mining and SNA pro-
grams. There simply is no constitutional protection for
personally identifiable information housed by a third
party. The major difference today is that with the power
of computers and search algorithms, data that were
lost in a massive data warehouse are now accessible for
viewing.
It remains to be seen if the Supreme Court’s
comprehension of the issue has evolved to the point
to affect future rulings. Rather than wait for new
K. E. Gumm Jr.
rulings from the Supreme Court, Congress should
seize the moment and demonstrate its constitutional
responsibility by writing effective legislature that
guides the development and implementation of SNA
programs.
The immediate research has identified three forms
of legislature that pertain to data mining and the
issue of privacy: the Homeland Security Act of
2002, Section 222; the Privacy Act of 1974; and the
E-Government Act of 2002. The Homeland Security
Act requires the chief privacy officer to assure that
“the use of technologies sustains, and do not erode,
privacy protections” as it pertains to personal infor-
mation (2007 Report, p. 10). The Privacy Act of
1974 establishes the requirement to publish a notice
when personally identifiable information is maintained
in a system, the System of Records Notice. The System
of Records Notice is published in the Federal Register
and it identifies the purpose of the system, the cate-
gories of individuals, and the routine uses of the data.
System of Records Notice acts as a public notice and
provides a mechanism of redress for individuals. The
E-Government Act requires all agencies to conduct
Privacy Impact Assessments for all systems that collect,
maintain, or disseminate personally identifiable infor-
mation. Privacy Impact Assessments are not required
for national security systems or classified systems.
7. DARPA
DARPA was initially established as a response to the
Russians’ reaching space first with Sputnik. DARPA’s
mission was to ensure that the United States main-
tained a lead in military capabilities and to prevent
“technological surprise from her adversaries” (Van Atta,
2007, p. 21) The DARPA model is primarily tasked with
the responsibility to develop complex advanced tech-
nologies and systems that transcend traditional incre-
mental improvements by promoting “entrepreneurial
performers” from university and industry (DARPA,
2009, p. 1). DARPA was created from within the DOD,
and it operates as an independent entity with auton-
omy in its operational parameters. Program managers
are co-located with similar experts and are encouraged
to “challenge” the status quo and establish metrics
based on actual results. The DARPA paradigm of “high
risk-high payoff ” is fueled by the characteristics of
small size (no laboratories or facilities), lean nonbu-
reaucratic structure (limited management hierarchy),
122
focused on change state technologies, and a highly flex-
ible and adaptive research program (Van Atta, p. 20).
It was explicitly chartered to be different, so it could do funda-
mentally different things than had been done by the military service
R&D organizations. (Van Atta, 2007, p. 20)
DARPA’s key characteristics can be identified from
an examination of the past 50 years: the ability to rein-
vent itself rather than become tied to previous projects,
independence from service research and development
organizations, a lean and agile organization with a risk-
taking culture, concentration on program managers
(program manager conceives and owns the program),
and a business model that is idea driven and results
oriented (Van Atta, 2007, p. 23). The program man-
agers seek out concepts that are not only unproven and
cutting edge but also offer potential solutions to mili-
tary problems. After gaining the approval of the office
director and DARPA director, the program manager
will locate defense contractors, private companies, and
universities with the desire and capabilities to deliver
success on a project.
DARPA’s 2009 Strategic Plan identifies its only char-
ter as “radical innovation,” something which serves as
a “specialized technological engine” that is “forward
looking, relevant and responsive to new opportuni-
ties” and will serve to transform the DOD (DARPA
2009, p. 3). DARPA’s management has devised nine
“strategic thrusts” to address the existing and emerg-
ing threats confronting the nation: robust, secure,
self-forming networks; detection, precision identifica-
tion, tracking, and destruction of elusive targets; urban
area operations; advanced manned and unmanned sys-
tems; detection, characterization and assessment of
underground structures; space; increasing the “tooth to
tail” ratio; bio-revolution; and core technologies. The
business model to address these “thrusts” is a simple
process of bringing in expert entrepreneurial program
managers, empowering them, protecting them from
red tape, and quickly making decisions about start-
ing, continuing, or stopping research projects (DARPA,
2009, p. 14). This business model indicates where part
of their success comes from and represents where diffi-
culties with data mining and SNA may have originated.
While eliminating “red tape” allows program managers
the ability to concentrate on projects identified by
military and policy leaders as key to national secu-
rity, it eliminates any need to conform to existing
policies. Many of the programs initiated by DARPA
123
in the post-9/11 environment were developed with
goals of enhancing IC analysts’ capabilities with lit-
tle or no regard for existing legal limitations. Even if
existing laws were not specifically designed to address
data mining as a tool in the fight against interna-
tional terrorism, the intent to provide some level of
control on privacy of personally identifiable informa-
tion on U.S. citizens was apparent but not applied.
The zeal to protect and the initial naive assumption
that the enemy consisted of only foreign individu-
als, not U.S. citizens, speaks to the need to have
protections built into the architecture of any future
systems. The decision to build systems and then later
retrofit those systems with legal constraints could result
in reducing the effectiveness of the original design;
at the very least, it would require redesigning the
systems. The additional costs resulting from such a
redesign could be measured in real dollars for duplica-
tive work, and the costs of potential attacks missed
could include loss of life and substantial monetary
costs.
What Fuchs (2010), Van Atta (2007), DARPA (2009),
Block (2007), and others have explored are the inner
operations of DARPA. More specifically, the char-
acteristics that have made DARPA the successful
paradigm that it is—flexibility, innovative, synergistic,
agile, focused—all describe the mechanisms at work.
What is missing from previous evaluations is the exam-
ination of oversight or guidance provided by the DOD
or Congress.
The development of predictive models using
data mining concepts at DARPA actually pre-
dates 9/11, with the Evidence Extraction and
Link Detection (EELD) program from DARPA.
After 9/11 EELD would become part of DARPA’s
Information Awareness Office, and the lessons learned
would fuel future research into the Total Information
Awareness (TIA) program. Among the early lessons
learned were:
• It is more efficient and less error prone to start with
known subjects of interest.
• Combining common low-level activity patterns
(e.g., illegal immigration, operating front businesses,
money transfers, use of drop boxes and hotel
addresses for commercial enterprises and individuals
with multiple identities) improves detection of high-
level patterns (e.g., training, logistics and reconnais-
sance activities).
Social Network Analysis and the Intelligence Community
• Terrorists preparatory and planning activities can be
identified to help predict terrorist plots (DeRosa,
2008, p. 12).
The use of data mining software demonstrates the
usefulness of these methods (TIA, CAPPSII, Secure
Flight, MATRIX, and HTF among others) and exposes
the potential for invasion of privacy issues. In direct
response to 9/11 and the belief that there may be
“sleeper cells” in the United States, the Information
Awareness Office (IAO) was created at DARPA. The
concept was to coordinate the various different infor-
mation technology (IT) programs currently operating
within DARPA under one Technical Office Director.
IAO’s mission statement was to “counter asymmetric
threats by achieving total information awareness useful
for preemption, national security warning and national
security decision making” (Seifert, 2008, p. 6). Out
of this mission statement came the Total Information
Awareness Program (TIA) task with three specific
areas of research: language translation (automated
rapid language translation), data search (with pattern
recognition and privacy protection), and advanced
collaborative and decision support tools (to facilitate
search and coordination activities across disparate
agencies) (Seifert).
Some of the most successful programs were
defunded because of pressures brought to bear on
Congress after media exposed the possibility of civil
rights violations. Funding for TIA was prohibited by
the 2004 DOD Appropriations Act (P.L. 108-87), but
there was a caveat: Section 8131 allowed “unspeci-
fied sub-components of the TIA to be funded as part
of DOD’s classified budget” (Seifert, 2008, p. 7). The
ethical and legal issues are paramount to the reasons
that many of the DARPA programs that involve SNA
and data mining have gone underground since being
defunded by Congress and have to facilitate their fund-
ing by classified means. The problem this presents to
Congress is that public scrutiny has been eliminated
for now, but the issue of privacy concerns involving
the use of personally identifiable information remains.
8. SNA ARCHITECTURE
SNA provides a mechanism to help focus resources
on the most important actors. With the support of
Congress, SNA policy clearly states the operational
parameters to be used in applying these technologies
K. E. Gumm Jr.
will ensure the protection of civil liberties by pro-
viding the oversight and clear limitations on deploy-
ment. Government personnel should have a clear
understanding of what is permissible and not simply
by the agency administration they operate under, but
also by the specific legislative action from Congress.
One method to protect personal information is to
anonymize the data by one-way hashing (an algo-
rithm that is used to enhance security of data), mask-
ing (obscuring data), and blind matching (matching
records without revealing the identity) until the data
present evidence of illegal activity and then a FISA
warrant could be obtained to reveal the identity of the
actor. Another method involves a hierarchy of infor-
mation rights. That is, lower level analysts at the initial
stages of an investigation would not have access to
personally identifiable information, but as the SNA
develops a list of actors of interest the analyst would
bump the reports to a supervisor with authority to
access the identity of the actors. The assurance of
these measures would require the use of standard secu-
rity protocols such as passwords, login procedures,
audit trails, data encryption, and key management.
If the analyst was not prepared to file a report, a
mechanism requiring written authorization could be
established before any personally identifiable infor-
mation was revealed. The creation of a hierarchy of
security controls should start with a requirement of no
personally identifiable information during the initial
use of broad search parameters. As the search narrows,
and its focus and the need for identification increases,
the use of written authorization for actors with pre-
sumed noncitizen status should be required and for
known or suspected citizenship a FISA warrant should
be required. It could be argued that Constitutional
rights should be extended to all individuals regard-
less of citizenship. To provide such protections would
demonstrate to the world that U.S. concepts of civil
rights are not just for the privileged citizens of the
United States but also for the entire world.
The SNA architecture should include the capabili-
ties to handle erroneous data, missing data, and data
of different forms and from different sources. The
examination of algorithms in this research demon-
strates that there are several different algorithms avail-
able that address these concerns. The development
of architecture and legislation should not be centered
on determining which algorithm best defeats any lim-
itation. The fact that each agency within the IC
124
has been tasked with specific responsibilities will
require different software applications that best fit the
responsibilities that Congress has placed on those agen-
cies. The process that is used to select those algorithms
and applications systems should be the major concern
for Congress. Development of policies that provide
guidelines for agencies to operate will direct agency
managers to the selection of systems that perform the
task while protecting civil rights. The development of
a Super SNA architecture that embraces flexibility by
adopting open source coding would allow the intro-
duction of new algorithms as they are developed and
would permit one super architecture to be developed
that feeds subarchitectures that operate within each
agency and communicate across all agencies. This sim-
ple concept would eliminate the need for duplicitous
legislature and customized software applications for
each agency.
The current structure of evolution in SNA and
data mining is chaotic and driven by individual
researcher interests and funding agencies needs. The
future of computer-assisted analysis would greatly ben-
efit from DARPA involvement to synergize the efforts
of industry and academia. However, with the current
Congressional attitude of defunding and segregation to
classified programs, many researchers and corporations
are left to travel the road of discovery without a map.
The development of a Super Architecture for SNA
would allow for all the algorithms discussed above to
be incorporated, and each individual agency could sim-
ply choose the subelements most appropriate for the
task as defined by Congress. The architecture should
be user friendly and menu driven to flatten the learn-
ing curve, and the different measures available in SNA
should be able to refute or substantiate the other mea-
sures without requiring a computer science degree to
manipulate. As each algorithm develops, its output
anomalies should be automatically reported to analyst
without the need for the analyst to request the infor-
mation. Automated reporting would allow the analyst
to concentrate on the human side of analysis with the
computer calculating and processing the data with lit-
tle need for operator input. The true power of SNA is
the ability to find patterns in the data not otherwise
detectable by humans and then display that data in
graphical or visual means that quickly tells the story
to analysts without their even understanding or com-
prehending the various algorithms that are responsible
for the information displayed.
125
9. CONCLUSION
With the proper guidance from Congress, the future
implementation of SNA and data mining processes
could achieve the goal of enhanced performance for
the analysts of the IC while protecting the civil rights of
U.S. citizens. The algorithms and frameworks exist to
exploit data that exist in various formats and disparate
databases. The ability to search data anonymously and
detect terrorist activities does not require the disclo-
sure of PII until the presence of illegal or anomalous
behavior is revealed. The involvement of DARPA to
help build an improved architecture by leveraging its
unique ability to bring together industry, academia,
and government entities should be encouraged. The
development of legislation that provides limitations
and guidance on when PII is to be disclosed, by
whom, and for what reasons should be a priority for
Congress. The comprehension of advanced algorithms
and frameworks that extract data from the Internet or
privately held databases is not required for Congress.
What is required are legal limits on who sees what,
when, and for what reasons.
Future research should look to determine how these
legal limitations could be written such that DARPA
and other research entities are not restricted in their
quest but rather are empowered with specific knowl-
edge of what society and Congress will tolerate.
Research that examines precisely how DARPA’s over-
sight is regulated would be a first step in defining any
needed regulations.
REFERENCES
Backus, G., & Glass, R. (2005). An agent-based model component to a
framework for the analysis of terrorist-group dynamics. Albuquerque,
NM: Sandia National Laboratories. Retrieved from.htpp://citeseerx.ist.
psu eduviewdoc/download?doi=10.1.1.60.9584&rep
Best, R. (2009). Intelligence issues for Congress. Washington, DC:
Congressional Research Service. Retrieved from http://www.fas.org/
sgp/crs/intel/RL33539.pdf
Block, F. (2007). Swimming against the current: The hidden developmen-
tal state in the U.S. Politics and Society. 36, pp. 169–206. Retrieved
from http://sociology.ucdavis.edu/people/fzblock/pdf/swimming.pdf
Carley, K. (2009). Dynamic network analysis for counter-terrorism.
Pittsburgh, PA: Carnegie Melon University. Retrieved from http://
www.nap.edu/openbook.php?record_id=12083&page=169
Carley, K., Diesner, J., Reminga, J., & Tsvetovat, M. (2006).
Toward an interoperable dynamic network analysis toolkit.
Pittsburgh, PA: Carnegie Melon University. Retrieved from https:/
/community.bus.emory.edu/dept/ISOM/Shared%20Documents/
Hightower%20Speaker%20Papers/KathleenCarley.pdf
Cate, F. (2008). Government data mining: The need for a legal frame-
work. Harvard Civil Rights-Civil Liberties Law Review, 43(2), pp.
435–489. Retrieved from http://www.law.harvard.edu/students/orgs/
crcl/vol43_2/435–490_Cate.pdf
Social Network Analysis and the Intelligence Community
Crenshaw, M. (2005). Terrorism in context. University Park, PA: The
Pennsylvania State University Press.
DeRosa, M. (2004). Data mining and data analysis for counterterrorism.
Washington, DC: The CSIC Press. Retrieved from http://csis.org/files/
media/csis/pubs/040301_data_mining_report.pdf
Deshpande, S. P., & Thakare, V. M. (2010, September). Data mining sys-
tem and applications: A review. International Journal of Distributed
and Parallel Systems, 1(1), pp. 32–44. Retrieved from http://airccse.
org/journal/ijdps/papers/0910ijdps03.pdf
Defense Advanced Research Projects Agency. (2009). Strategic plan
May 2009. Arlington, VA: Author. Retrieved from http://www.scribd.
com/doc/15833928/Defense-Advanced-Research-Projects-Agencys-
DARPA-Strategic-Plan-May-2009
Duval, R., Christenson, K., & Spahiu, A. (2010). Bootstrapping a terrorist
network. Carbondale, IL: Southern Illinois University. Retrieved from
http://opensiuc.lib.siu.edu/pnconfs 2010/20
Fuchs, E. (2010). Rethinking the role of the state in technology devel-
opment: DARPA and the case for embedded network governance.
Pittsburgh, PA: Carnegie Mellon University. Retrieved from http://
repository.cmu.edu/epp/3
Hanneman, R., & Riddle, M. (2005). Introduction to social network meth-
ods. Riverside, CA: University of California. Retrieved from http://
faculty.ucr.edu/~hanneman/nettext/C1_Social_Network_Data.html
The privacy implications of government data mining programs: Hearing
before the United States Senate Committee on the Judiciary,
(2007) (testimony of Kim Taipale). Retrieved from http://data-mining-
testimony.info/
Heuer, R. (1999). Psychology of intelligence analysis. Washington, DC:
Central Intelligence Agency, Center for the Study of Intelligence.
Retrieved from https://www.cia.gov/library/center-for-the-study-of-
intelligence/csi-publications/books-and-monographs/psychology-of-
intelligence-analysis/index.html
Hulst, R. (2009). Introduction to social network analysis as an
investigative tool. The Hague, the Netherlands: Research and
Documentation Centre, Ministry of Justice. Retrieved from http://web.
ebscohost.com.ezproxy2.apus.edu/ehost/detail?vid=1&hid=10&
sid=d013775abb12405cb8dd70f6c135091f%40sessionmgr13&
bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=tsh&AN=
40529769
Huisman, M., & van Duijn, M. (2003). Software for social network analy-
sis. Groningen, the Netherlands: University of Groningen. Retrieved
from http://stat.gamma.rug.nl/Software%20for%20Social%20Netw
ork%20Analysis%20CUP_ch13_Oct2003.pdf
Jensen, D., Rattigan, M., & Blau, H. (2003). Information awareness: A
prospective technical assessment. Retrieved from http://kdl.cs.umass.
edu/papers/jensen-et-al-kdd2003.pdf
Katz v. United States. 389 U.S. 347,361 (1967).
Koltko-Rivera, M. (2004). Detection of terrorist preparations by an arti-
ficial intelligence expert system employing fuzzy signal detection
theory. London, England: RTO SCI Symposium on Systems, Concepts
and Integration Methods and Technologies for Defence Against
Terrorism. Retrieved from http://psg-fl.com/downloads/NATO%20-
%20Detection%20of%20Terrorist%20Preparations.pdf
Koschade, S. (2006). A social network analysis of Jemaah Islamiyah:
The applications to counter-terrorism and intelligence. Queensland,
Australia: Queensland University of Technology. Retrieved from http://
eprints.qut.edu.au/6074/
Krebs, V. (2002). Uncloaking terrorist networks. First Monday, 7(4).
Retrieved from http://131.193.153.231/www/issues/issue7_4/krebs/
Krueger, A., & Maleckova, J. (2002). Education, poverty, violence, and
terrorism: Is there a causal connection? (Working Paper 9074).
Washington, DC: National Bureau of Economic Research. Retrieved
from www.nber.org/papers/W9074
Kutcher, C. (2008). Social network analysis—linking foreign terrorist
organizations. International Analyst Network. Retrieved from http://
www.analyst-network.com/article.php?art_id=1590
Lia, B., & Skjolberg, K. (2004). Causes of terrorism: An expanded and
updated review of the literature (FFI/RAPPORT-2004/04307). Kjeller,
K. E. Gumm Jr.
Norway: Norwegian Defense Research Establishment. Retrieved from
http://rapporter.ffi.no/rapporter/2004/04307.pdf
Markle Foundation. (2003). Creating a trusted network for homeland
security. New York, NY: Author. Retrieved from http://www.markle.
org/publications/666-creating-trusted-network-homeland-security
Memon, N., & Larsen, H. (2006). Investigative data mining toolkit: A
software prototype for visualizing, analyzing and destabilizing terror-
ist networks. Esbjerg, Denmark: Aalborg University. Retrieved from
http://www.dtic.mil/cgibin/GetTRDoc?Location=U2&doc=GetTRDoc.
pdf&AD=ADA477075
Perliger, A., & Pedahzur, A. (2010). Social network analysis in the
study of terrorism and political violence. Carbondale, IL: Southern
Illinois University. Retrieved from http://utexas.academia.edu/
AmiPedahzur/Papers/290973/Social_Network_Analysis_in_the_
Study_of_Terrorism_and_Political_Violence
Reid, E., & Chen, H. (2006). Mapping the contemporary terrorism
research domain. Tucson, AZ: The University of Arizona. Retrieved
from http://ai.arizona.edu/intranet/papers/paper-Reid-terrorism-
researcher.pdf
Safire, W. (2002, November 14). You are a suspect. The New York
Times. Retrieved from http://www.nytimes.com/2002/11/14/opinion/
you-are-a-suspect.html
Seifert, J. (2008). Data mining and homeland security: An overview.
Washington, DC: Congressional Research Service. Retrieved from
http://www.fas.org/sgp/crs/intel/RL31798.pdf
Skillicorn, D. B. (2004). Social network analysis via matrix decomposition:
al Qaeda. Ontario, Canada: Queen’s University. Retrieved from http://
research.cs.queensu.ca/~skill/alqaeda.pdf
Smith, B., Damphouse, K., & Paxton, R. (2006). Pre-incident indicators
of terrorist incidents: The identification of behavioral, geographic,
and temporal patterns of preparatory conduct (Document number
214217). Washington, DC: Department of Justice. Retrieved from
http://www.ncjrs.gov/pdffiles1/nij/grants/222909.pdf
U.S. Department of Homeland Security. (2007). 2007 report to Congress
on the impact of data mining technologies on privacy and civil lib-
erties. Washington, DC: Author. Retrieved from http://www.dhs.gov/
xlibrary/assets/privacy/privacy_rpt_datamining_2008.pdf
U.S. Department of Homeland Security. (2010). 2010 data mining report
to Congress. Washington, DC: Author. Retrieved from http://www.
dhs.gov/xlibrary/assets/privacy/2010-dhs-data-mining-report.pdf
Van Atta, R. (2008). Fifty years of innovation and discovery.
Washington, DC: DARPA. Retrieved from www.darpa.mil/WorkArea/
DownloadAsset.aspx?id=2553
Watts, D. J. (1999). Networks, dynamics, and the small world phe-
nomenon. American Journal of Sociology, 13(2), pp. 493–527.
Retrieved from http://www.cc.gatech.edu/~mihail/D.8802readings/
watts-swp.pdf
Xu, K., Tang, C., Ali, G., Li, C., Tang, R., & Zhu, J. (2010). A compar-
ative study of six software packages for complex network research.
Cheng Du, China: Sichuan University. Retrieved from http://cs.scu.
edu.cn/~tangchangjie/paper_doc/2010/XKKcomparision.pdf
Zegart, A. B. (2005). September 11 and the adaptation failure of U.S.
intelligence agencies. International Security, 29(4), 78–111. Retrieved
from http://faculty.spa.ucla.edu/zegart/pdf/29.4zegart.pdf
BIOGRAPHY
Kenneth Earl Gumm Jr. holds a Master’s in
Intelligence Studies with a concentration in Terrorism
from American Military University, Charles Town,
West Virginia. In 2004 he earned his BS in
Management, graduating Magna Cum Laude from
Troy State University.
126
Copyright of Information Security Journal: A Global Perspective is the property of Taylor & Francis Ltd and its
content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's
express written permission. However, users may print, download, or email articles for individual use.