23.06.17
Maximising scarce resources
Source: PSE Jun/Jul 17
Mick Endsor, a research associate at the International Centre for Security Analysis at King’s College London, explains why open source intelligence could be a valuable tool in the fight for public sector organisations to detect fraud and hold fraudsters to account.
Are public sector organisations making the most of the vast amounts of publicly available information online? Public sector fraud investigations increasingly involve an online dimension, often centred on searching for information on an individual whether on social media, in corporate records or other online sources. Finding the needle in the haystack online can be a daunting challenge, requiring a combination of investigative expertise and an understanding of how to search for information effectively and efficiently to achieve results.
The challenges of collecting online information, combined with the pressure on public finances, remain the most serious constraints on effective public sector fraud investigations. Protecting the English Public Purse (PEPP) 2016 recognises that the sector faces ever-growing pressure to maximise value for money and a significant component of this is tackling fraud and corruption. These challenges, however, also present an opportunity to fully integrate open source intelligence (OSINT) and social media intelligence (SOCMINT) into fraud investigations to enhance existing investigative capabilities.
The open source intelligence challenge
Publicly available information is already used by the public sector to investigate fraud in a number of domains, including housing/tenancy fraud, council tax fraud, benefits fraud and corporate fraud. However, the use of OSINT and SOCMINT techniques varies considerably across organisations. Furthermore, key issues remain underdeveloped, including understanding existing staff skills; knowledge of the benefits and limitations of open source intelligence; and training in effective online investigations.
In addition, organisations must address important legal and ethical issues affecting their ability to use publicly available information in their investigations. To date, there has been little to no guidance on critical issues relating to the collection of publicly available information on individuals and organisations. Social media is a prime example of this, containing a number of grey areas relating to a user’s right to privacy. Organisations will have to carefully consider what constitutes public and private information online and what policies they must establish to do so in a legal and ethical way as a necessary first step.
These varied challenges could simply be seen as additional obstacles facing the public sector as they seek to protect the public purse. However, they could also be seen as an opportunity for organisations to systematically embed OSINT and SOCMINT as core components within their fraud and corruption investigations. A more systematic approach, grounded in improving knowledge and expertise across organisations, offers the opportunity to improve the success rate of public sector fraud investigations.
Developing open source investigative capabilities
To capitalise on the wealth of information available in open sources, it is crucial that the public sector invests in the necessary skills and expertise for its staff. The ability to effectively and efficiently search for information on the internet is an essential skill in modern life, both in a general sense and in the context of investigating fraud. Most importantly, all staff, not just fraud investigators, should have at least an entry level competency with OSINT techniques to provide a baseline level of expertise.
Investing in staff skills is even more important given the loss of specialist fraud investigators in a number of local authorities and a general pressure on investigative capacity across public sector organisations. Alongside improving the OSINT capabilities of all members of staff, organisations could also consider designating ‘OSINT champions’ who develop specific and/or more advanced skills and expertise that they can pass on to colleagues.
Training in OSINT and SOCMINT for all staff will not only provide a baseline of knowledge and expertise across teams, but will also ensure continuity when investigators are unavailable. Publicly available information can also be a valuable resource for identifying possible leads in investigations as well as recognising when specialist expertise, such as a dedicated financial investigator, is required. Furthermore, training all staff in OSINT techniques would complement existing recommendations in PEPP, including fraud awareness, identifying areas of weakness and matching work to identified risks.
In addition to developing skills and expertise, public sector organisations could also invest in technologies to enhance their open source investigative capabilities. This could range from paying for access to databases of information through to buying off-the-shelf or bespoke investigative tools. The temptation for public sector fraud investigations teams will be to buy these tools as a quick or easy fix to the challenges of collecting, verifying and analysing online information. However, without the underlying level of human competency in open source and social media intelligence techniques, this potentially would be a waste of scarce resources.
Therefore, as public sector organisations seek to utilise publicly available information in the most efficient and cost-effective way possible, a sustainable approach is vital. Building successful teams who can use all available information to detect and tackle fraud will have lasting positive effects. As more public services become vulnerable to fraud, open source intelligence could be one more valuable tool in the fight to detect fraud and hold fraudsters to account.
FOR MORE INFORMATION
W: www.kcl.ac.uk/sspp/policy-institute/icsa/index