This is a regular bandana and a dog’s heavy choker chain constructed to make a rather nasty version of a fighting bandana. The heavy choker chain is sewn into the bandana using heavy thread.

Seeing a glint of steel anywhere in the bandana or the ends of the bandana is a warning sign. Movements to reach around to grasp the exposed tails of the bandana are another danger cue. Also, the bandana could easily be overlooked as a weapon during a search.

This is a common bandana that you can purchase anywhere. You fold it as you would to use it for a headband, then fold that in half so the tails of the bandana meet.

You then simply sew up each side of the bandana where the fold is until you have a pocket.

Anything can then be placed in the pockets to include a roll of coins, a socket from a set of wrenches, a long spark plug socket or a cylindrical piece of metal.

You then stuff it in your back pocket and let the tails hang out and it appears to be a simple, folded bandana in your back pocket.

Officers should remember that a harmless bandana in someone’s back pocket might not be so harmless.

Public Intelligence

A fascinating article in the San Jose Mercury News discusses the recent expansion of public-private partnerships in the growing effort to combat cyber threats from criminals and foreign governments.  These partnerships occur through formal agreements between major corporations and government-backed organizations, such as law enforcement, the military or research institutions.  The agreements usually involve sharing of intelligence between the government and corporate representatives, as well as participation in threat reporting programs and security exercises. In some cases, the partnerships relate directly to research and development regarding ways to mitigate security threats.

One example of a public-private partnership discussed in the article is the Network Security Innovation Center (NSIC), a component of Lawrence Livermore National Laboratory that works directly with a number of companies to investigate cyber threats.  The NSIC is described as a an “industry-driven network security initiative” that includes Adobe, Cisco, eBay, Intel, McAfee, PayPal, Qualcomm, Seagate among its corporate partners.  Some of the same firms, along with Hewlett-Packard, Juniper Networks, Symantec and VMware, reportedly help military and intelligence agencies with similar issues at a Maryland-based lab owned by Lockheed Martin.

These partnerships are considered to be of such importance to the government’s cybersecurity efforts that Secretary of Homeland Security Janet Napolitano will be personally speaking on Monday to companies in Silicon Valley about the need for their involvement. This year’s upcoming National Level Exercise will focus on cybersecurity threats to critical infrastructure and many corporations are expected to participate in the exercise.  FEMA has even produced a guide to encourage private-sector participation.  The Cybersecurity Intelligence  Sharing and Protection Act (CISPA), which is currently working its way through the House, widely expands the capabilities for sharing classified information in public-private partnerships between government agencies and major corporations.  Though the NSA has reportedly been sharing threat information with banks and other private companies for some time, CISPA enables companies to have immunity for providing information to the government and allows for greater sharing of potentially personally-identifiable information than is possible in traditional public-private partnerships.

The following price list for Harris Corporation wireless surveillance products was included in contract documentation for the purchase of multiple KingFish Dual Mode wireless measurement systems that went to Maricopa County, Arizona.  This contract was pointed out by Jacob Appelbaum in August 2011, yet Maricopa County responded to the ACLU’s recent information requests by stating that it does not have a wireless tracking program.  For an earlier version of Harris’ Wireless Product Group Pricing Guide, see:

Harris Corporation AmberJack, StingRay, StingRay II, KingFish Wireless Surveillance Products Price List

DOWNLOAD THE ORGINAL DOCUMENT HERE

Harris-WPG-2010

Public Intelligence

Rather than combating natural disasters or a nuclear detonation in a major U.S. city, this year’s National Level Exercise will focus on cyber threats to critical infrastructure and the “real world” implications for government and law enforcement of large-scale cyber attacks.  National Level Exercise 2012 (NLE 2012) is scheduled to take place in June and will involve emergency response personnel from at least thirteen states, four countries, nearly every major governmental department as well as a number of private companies, non-governmental organizations, institutions of higher education and local fusion centers.  The exercise will span four FEMA regions and will include scenarios affecting the National Capital Region.

Past NLEs have focused primarily on threats related to terrorism or catastrophic natural disasters.  NLE 2010 focused on the hypothetical detonation of an improvised nuclear device (IND) in Las Vegas.  NLE 2011 concerned a massive earthquake occurring in the New Madrid Seismic Zone.  NLE 2012 will be the first exercise in the series to concern itself primarily with cyber threats.  A private sector participant guide released by FEMA states that NLE 2012 “will address cyber and physical response coordination, including resource allocation . . . emergency assistance and disaster relief resources, relative to a cyber event with physical effects.”  Another presentation from FEMA adds that the exercise will evaluate government “roles and responsibilities in coordinating national cyber response efforts and their nexus with physical response efforts.”

While the exact scenario for NLE 2012 is not known, the “high level” goals include simulating a situation where there is an “ambiguous threat landscape with multiple adversary types” that produces “physical impacts resulting from cyber attack and cascading effects” that threaten “critical commercial logistics and data, industrial control systems, and associated operations.”  NLE 2012 will be unique in that there “will be an emphasis on the shared responsibility among the Federal Government; state, local, tribal nations, and territories; the private sector; and international partners to manage risk in cyberspace and respond together to a cyber event with national consequences.”  Due to the “sensitivity of the exercise scenario and the related private sector concerns in terms of media exposure” FEMA has made it clear that the names of private sector participants will not be publicly released.

The exercise will occur amidst a growing climate of panic in Washington regarding the state of U.S. cybersecurity.  The FBI’s top cybersecurity official recently resigned stating that the U.S. is fighting a losing war against hackers: “I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.”  Former government officials are advocating U.S. Customs “inspect what enters and exits the United States in cyberspace” and calling for prompt action on multiple pieces of cybersecurity legislation passing through the House and Senate.

NLE 2012′s goal of examining physical effects of cyber attacks underscores a comment recently made by the director of the FBI that the “cyber threat” will soon replace terrorism as the country’s highest national security priority.  In March, a multi-agency exercise that included the FBI and NSA simulated a cyber attack capable of crippling the New York power grid during a summer heat wave.  Last September, the Department of Homeland Security issued a warning to members of the “critical infrastructure community” that the hacktivist group Anonymous had expressed interest in industrial control systems.  Computer security researchers have also recently demonstrated a number of techniques for attacking computer systems used in critical infrastructure that reportedly resemble the Stuxnet virus responsible for disrupting Iran’s nuclear program in 2010.

See more here

National Level Exercise 2012 Will Focus on Cyber Attacks Against Critical Infrastructure

This handbook was written to assist Soldiers and leaders at the platoon, company, and battalion level to better understand the importance of their actions on an objective, as well as to teach the fundamentals of tactical site exploitation (TSE) and cache search operations. While selecting the right Soldiers to be on a TSE team is important, the Soldiers and leaders must also understand the importance of the TSE process and the end results of their efforts. Proper TSE fuels the intelligence-operations cycle and may quickly answer the commander’s critical information requirements and assist in the criminal prosecution of detainees.

If done correctly and patiently, TSE focuses units on operations that have a higher chance of follow-on success and thus serves as a force multiplier. When not conducted correctly or when the enemy situation does not allow TSE, an attack, find, or event becomes a singular occurrence in yet another operation or platoon mission, and it becomes harder for Soldiers to understand the purpose of what they are doing. Teaching Soldiers and leaders the importance of proper intelligence and evidence procedures enables them to think on a multifaceted scale, to see the details they missed before, and to better understand the commander’s intent and their operational environment.

To that end, teaching Soldiers and leaders time-proven cache search fundamentals; principles; and tactics, techniques, and procedures furthers this education. Soldiers and leaders start to think about how their enemy thinks and how to get inside his operational cycle and force him into the open to be killed or captured.

…

Tactical site exploitation (TSE) is the action taken to ensure that documents, material, and personnel are identified, collected, protected, and evaluated in order to facilitate follow-on actions. TSE focuses on the actions taken by Soldiers and leaders at the point of initial contact. When conducted correctly, TSE can provide further intelligence for future operations, answer information requirements, and provide evidence to keep detainees in prison.

TSE, which includes tactical questioning (TQ), at the squad and platoon levels feeds intelligence/evidence up the chain of command to the company and battalion, where it is exploited for immediate operations. Subsequently, the information is processed at the brigade or theater fusion cells for further analysis and exploitation with specialized teams/assets. This analysis fuels future operations, which in turn produces more intelligence, constantly fueling the targeting cycle. This cycle can quickly take apart the network of an insurgency or at least damage it to such an extent as to make it a low-level threat.

For example, the documents or equipment found in a cache produce fingerprints. A follow-up cordon and knock operation in the vicinity of the cache and the proper use of biometrics equipment produce a matching set of fingerprints from a detainee. Thorough TQ of the detainee produces a name and a meeting location. A surveillance operation of the meeting location produces further intelligence and a subsequent raid, which produces more intelligence and evidence. Without proper TSE at the cache, the fingerprints would have been destroyed, and no subsequent operations would have been identified through the targeting process.

DOWNLOAD THE ORIGINAL DOCUMENT HERE

CALL-SiteExploitation

In recent years there has been an apparent convergence of the operations conducted by Special Operations Forces (SOF) and those of civilian law enforcement agencies (LEAs), especially Special Weapons and Tactics (SWAT) units, in what were formerly separate and distinct missions. The requirements to obtain warrants prior to execution of raids for high-value targets, collect and preserve evidence for criminal prosecution, and on occasion present testimony in courts of law are new missions for SOF. They are not relatively simple changes in the rules of engagement or comparable techniques. As far as can be determined, previously no U.S. military combat arms unit has ever been tasked with such a mission during combat operations. The thesis is straightforward; if such missions are to continue, then consideration must be given to adequate training for them.

In addition, the dangers faced by civilian LEAs in the U.S. have been constantly escalating. Many criminals are equipped with fully automatic weapons and in some areas conducting small-unit operations. The response to these threats requires additional SOF-like civilian units within LEAs. As such, SOF and LEAs will be competing for personnel from a limited subset of the American population.

The purpose of this monograph is to examine the elements precipitating this circumstance, provide SOF with a better understanding of changing domestic threats and operational capabilities of LEAs, and draw insights from the similarities and challenges imposed by transnational gangs and terrorists both domestically and abroad. The monograph will argue that SOF need new skills and training to assume the law-enforcement-like missions they are being assigned. In addition, it will provide leaders of major LEAs a better understanding of special operations and potentially facilitate a basis for future cooperation and mutual support. The monograph is written as a forward-looking document and a harbinger of emerging trends; some are quite clear, and others more subtle, but all worth contemplating, especially by those engaged in planning for the future of SOF. It is also argued that the public attitude toward conflict is changing and perhaps the legal underpinnings on use of force as well.

An important issue surfaced while conducting interviews with special operations personnel from various elements concerning assigned missions. That topic was how many of them reported being asked to conduct functions in Iraq that were very similar to those found in U.S. civilian law enforcement. These assignments were found at various operational levels from those involved in direct action and capture of high-value targets to liaison with Iraqi law enforcement at varying levels of headquarters. It is noted some officers believe such tasks and constraints to be inappropriate for SOF; however, that discussion is not relevant to this monograph. The missions have occurred, are ongoing, and likely to represent a trend for the future. Those SOF having been assigned law enforcement-like missions were asked about any police techniques training they had received prior to arrival in country; they usually responded that they had none. A few, mostly from the reserve components, were civilian law enforcement officers recalled to active duty and had been trained through police academies. The majority of respondents, however, indicated they had learned on the job. It is only because SOF are inherently adaptive and innovative that they were able to perform as well as they did.

The military aspect of this trend was also noted in a U.S. Marine Corps War College student paper in 2008. Both authors—Alan Ivy, a supervisory special agent in the FBI, and COL Ken Hurst, a Special Forces commander—had extensive experience in Iraq and encountered these situations. In their paper they correctly asserted:

The merging of law enforcement and combat operations is producing a fundamental change in how the Department of Defense (DoD) is conducting combat operations. The global war on terrorism (GWOT) is forcing combat soldiers to collect evidence and preserve combat objectives as crime scenes in order to prevent captured enemy forces from returning to the field of battle. The military has been slow to codify the doctrinal and equipment changes that support the incorporation of law enforcement techniques and procedures into military operations.

A slide from a presentation by the Chief Information Officer of the Office of the Director of National Intelligence depicts examples of “entity extraction” and “relationship extraction” from a piece of intelligence.

Public Intelligence

The Office of the Director of National Intelligence (ODNI) is building a computer system capable of automatically analyzing the massive quantities of data gathered across the entire intelligence community and extracting information on specific entities and their relationships to one another.  The system which is called Catalyst is part of a larger effort by ODNI to create software and computer systems capable of knowledge management, entity extraction and semantic integration, enabling greater analysis and understanding of complex, multi-source intelligence throughout the government.

The intelligence community has been working for years to develop software and analytical frameworks capable of large-scale data analysis and extraction. Technological advances have now made it possible for spy agencies to not just capture the incredible amount of data flowing through public and private networks around the world, but to parse, contextualize and understand the intelligence that is being gathered.  Automated software programs are now capable of integrating data into semantic systems, providing context and meaning to names, dates, photographs and practically any kind of data you can imagine.

Many agencies within the intelligence community have already created systems to do this sort of semantic integration.  The Office of Naval Intelligence uses a system called AETHER “to correlate seemingly disparate entities and relationships, to identify networks of interest, and to detect patterns.”  The NSA runs a program called APSTARS that provides “semantic integration of data from multiple sources in support of intelligence processing.”  The CIA has a program called Quantum Leap that is designed to “find non-obvious linkages, new connections, and new information” from within a dataset. Several similar programs were even initiated by ODNI including BLACKBOOK and the Large Scale Internet Exploitation Project (LSIE).

Catalyst is an attempt to create a unified system capable of automatically extracting complex information on entities as well as the relationships between them while contextualizing this information within semantic systems.  According to its specifications, Catalyst will be capable of creating detailed histories of people, places and things while mapping the interrelations that detail those entities’ interactions with the world around them. A study conducted by IARPA states that Catalyst is designed to incorporate data from across the entire intelligence community, creating a centralized repository of available information gathered from all agencies:

To fully grasp the capabilities of such a system, it is important to understand the concepts of “semantic integration” and “entity extraction” that Catalyst will perform.  Using an example described in the IARPA study, we will follow data through the stages of processing in a Catalyst system:

For example, some free text may include “… Joe Smith is a 6’11″ basketball player who plays for the Los Angeles Lakers…” from which the string “Joe Smith ” may be delineated as an entity of class Athlete (a subclass of People) having property Name with value JoeSmith and Height with value 6’11″ (more on this example below). Note that it is important to distinguish between an entity and the name of the entity, for an entity can have multiple names (JoeSmith, JosephSmith, JosephQSmith, etc.).

Once entities and their associated relationship values are determined, the information is then integrated into a knowledge base to produce a semantic graph:

To continue the example, one entry in the knowledge base is the entity of class Athlete with (datatype property) Name having value JoeSmith, another is the entity of class SportsFranchise with Name having value Lakers, and another is an entity of class City having value LosAngeles. If each of these is viewed as a node in a graph, then an edge connecting the node (entity) with Name JoeSmith to the node with Name Lakers is named MemberOf and the edge connecting the node with Name Lakers to the node with Name LosAngeles is named LocatedIn. Such edges, corresponding to relationships (object properties) and have a direction; for example, JoeSmith is a MemberOf the Lakers, but the Lakers are not a MemberOf JoeSmith (there may be an inverse relationship, such as HasMember, that is between the Lakers and JoeSmith.).

Data that has been extracted and integrated can then produce patterns that determine unknown relations between an entity and other entities that may be of concern to a particular intelligence agency:

Another simple pattern could be: JoeSmith Owns Automobile, or Person Owns an instance of the class Automobile with Manufacturer Lexus and LicensePlate VA-123456 or even JoeSmith has-unknown-relationship-with an instance of the class Automobile with Manufacturer Lexus and LicensePlate VA-123456. In these last three examples, one of the entities or the relationship is uninstantiated. Note that JoeSmith Owns an instance of the class Automobile with Manufacturer Lexus and LicensePlate VA-123456 is not a pattern, for it has no uninstantiated entities or relationships. A more complex pattern could be: Person Owns Automobile ParticipatedIn Crime HasUnknownRelationshipWith Organization HasAffiliationWith TerroristOrganization. Any one or more of the entities and the has-unknown-relationship-with relationship (but not all) can be instantiated and it would still be a pattern, such as JoeSmith Owns Automobile ParticipatedIn Crime PerpetratedBy Organization HasAffiliationWith HAMAS.

While this example only provides a limited view of Catalyst functionality, it nonetheless helps to demonstrate the potential capabilities of the system.  Far more detailed explanations of the system, as well as a useful overview of similar government systems across the intelligence community, are provided in IARPA’s one-hundred and twenty-two page study.

YOU CAN SEE THE STUDY HERE

Meet Catalyst: IARPA’s Entity and Relationship Extraction Program

The following guide to principles used in online investigations conducted by federal law enforcement agents was authored by a special working group convened by the Department of Justice in 1999.  The working group included members of the FBI, Treasury, Secret Service, IRS, ATF, Air Force and even NASA who worked to create a standard guide for federal agents engaged in online criminal investigations.

PRINCIPLE 1
OBTAINING INFORMATION FROM UNRESTRICTED SOURCES

Law enforcement agents may obtain information from publicly accessible online sources and facilities under the same conditions as they may obtain information from other sources generally open to the public. This Principle applies to publicly accessible sources located in foreign jurisdictions as well as those in the United States.

PRINCIPLE 2
OBTAINING IDENTIFYING INFORMATION ABOUT USERS OR NETWORKS

There are widely available software tools for obtaining publicly available identifying information about a user or a host computer on a network. Agents may use such tools in their intended lawful manner under the same circumstances in which agency rules permit them to look up similar identifying information (e.g., a telephone number) through non-electronic means. However, agents may not use software tools _ even those generally available as standard operating system software _ to circumvent restrictions placed on system users.

PRINCIPLE 3
REAL-TIME COMMUNICATIONS

An agent may passively observe and log real-time electronic communications open to the public under the same circumstances in which the agent could attend a public meeting.

PRINCIPLE 4
ACCESSING RESTRICTED SOURCES

Law enforcement agents may not access restricted online sources or facilities absent legal authority permitting entry into private space.

PRINCIPLE 5
ONLINE COMMUNICATIONS GENERALLY

Law enforcement agents may use online services to communicate as they may use other types of communication tools, such as the telephone and the mail. Law enforcement agents should retain the contents of a stored electronic message, such as an e-mail, if they would have retained that message had it been written on paper. The contents should be preserved in a manner authorized by agency procedures governing the preservation of electronic communications.

PRINCIPLE 6
UNDERCOVER COMMUNICATIONS

Agents communicating online with witnesses, subjects, or victims must disclose their affiliation with law enforcement when agency guidelines would require such disclosure if the communication were taking place in person or over the telephone. Agents may communicate online under a non-identifying name or fictitious identity if agency guidelines and procedures would authorize such communications in the physical world. For purposes of agency undercover guidelines, each discrete online conversation constitutes a separate undercover activity or contact, but such a conversation may comprise more than one online transmission between the agent and another person.

PRINCIPLE 7
ONLINE UNDERCOVER FACILITIES

Just as law enforcement agencies may establish physical-world undercover entities, they also may establish online undercover facilities, such as bulletin board systems, Internet service providers, and World Wide Web sites, which covertly offer information or services to the public. Online undercover facilities, however, can raise novel and complex legal issues, especially if law enforcement agents seek to use the system administrator’s powers for criminal investigative purposes. Further, these facilities may raise unique and sensitive policy issues involving privacy, international sovereignty, and unintended
harm to unknown third parties.

Because of these concerns, a proposed online undercover facility, like any undercover entity, may be established only if the operation is authorized pursuant to the agency’s guidelines and procedures for evaluating undercover operations. In addition, unless the proposed online undercover facility would merely provide information to members of the public or accounts to law enforcement agents, the agency or federal prosecutor involved in the investigation must consult in advance with the “Computer and Telecommunications Coordinator” (CTC) in the United States Attorney’s office in the district in which the operation will be based or with the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. An attorney from the Section can be reached at (202) 514-1026 or through the Justice Command Center at (202) 514-5000.

Agencies that already consult with the Justice Department as part of their internal review process for undercover operations may comply with this requirement by providing an extra copy of the undercover proposal to the CTC or to CCIPS, as appropriate.

PRINCIPLE 8
COMMUNICATING THROUGH THE ONLINE
IDENTITY OF A COOPERATING WITNESS, WITH CONSENT

Law enforcement agents may ask a cooperating witness to communicate online with other persons in order to further a criminal investigation if agency guidelines and procedures authorize such a consensual communication over the telephone. Law enforcement agents may communicate using the online identity of another person if that person consents, if the communications are within the scope of the consent, and if such activity is authorized by agency guidelines and procedures. Agents who communicate through the online identity of a cooperating witness are acting in an undercover capacity.

PRINCIPLE 9
APPROPRIATING ONLINE IDENTITY

“Appropriating online identity” occurs when a law enforcement agent electronically communicates with others by deliberately assuming the known online identity (such as the username) of a real person, without obtaining that person’s consent. Appropriating identity is an intrusive law enforcement technique that should be used infrequently and only in serious criminal cases. To appropriate online identity, a law enforcement agent or a federal prosecutor involved in the investigation must obtain the concurrence of the United States Attorney’s Office’s “Computer and Telecommunications Coordinator” (CTC) or the Computer Crime and Intellectual Property Section. An attorney from the Section can be reached at (202) 514-1026 or through the Justice Command Center at (202) 514-5000. In rare instances, it will be  necessary for law enforcement agents to appropriate online identity immediately in order to take advantage of a perishable opportunity to investigate serious criminal activity. In those circumstances, they may
appropriate identity and notify the Computer Crime and Intellectual Property Section within 48 hours thereafter.

PRINCIPLE 10
ONLINE ACTIVITY BY AGENTS DURING PERSONAL TIME

While not on duty, an agent is generally free to engage in personal online pursuits. If, however, the agent’s off-duty online activities are within the scope of an ongoing investigation or undertaken for the purpose of developing investigative leads, the agent is bound by the same restrictions on investigative conduct as would apply when the agent is on duty.

PRINCIPLE 11
INTERNATIONAL ISSUES

Unless gathering information from online facilities configured for public access, law enforcement agents conducting online investigations should use reasonable efforts to ascertain whether any pertinent computer system, data, witness, or subject is located in a foreign jurisdiction. Whenever any one of these is located abroad, agents should follow the policies and procedures set out by their agencies for international investigations.

In this Sunday, March 11, 2012 photo, men stand next to blood stains and charred remains inside a home where witnesses say Afghans were killed by a U.S. soldier in Panjwai, Kandahar province south of Kabul, Afghanistan.

The lawyer for the soldier accused of massacring seventeen people in a small Afghan village earlier this month has stated publicly that there is little or no evidence against his client.  John Henry Browne, who is defending Staff Sergeant Robert Bales, told NBC that the U.S. government’s prosecution of Bales will be difficult as “They have no bodies, they have no autopsies, they have no forensics, they have no photographs, they have no witnesses. There is no Afghan who is going to come here to testify against this guy, so how do they prove premeditation? It’s going to be a problem for them.”  In an interview with CBS, Browne reiterated this claim stating “There is no crime scene. There is no CSI stuff. There’s no DNA. There’s no fingerprints.”  Browne has also stated that there is “no evidence about how many alleged victims” or “of where those remains are.”

Given the state of war and turmoil in Afghanistan, this complete absence of evidence might seem plausible to those unfamiliar with the Afghan justice system or the military’s on-the-ground capabilities in the region.  However, for a number of years the U.S. military has operated complex forensic facilities in every region of Afghanistan capable of fingerprint and DNA analysis, ballistics testing, forensic chemistry and more.  In fact, collecting complex evidence to be used in the trials of Afghan insurgents is a common practice for U.S. soldiers.  Both the U.S. Army and ISAF have issued guides to soldiers regarding the collection of evidence in support of prosecution of insurgency crimes.

ISAF’s evidence collection guide details how to interview witnesses, perform chemical tests, collect DNA evidence, photograph the crime scene, analyze tire marks and footprints and how to eventually turn all this evidence over to Afghan courts while maintaining a chain of custody.  The U.S. Army’s guide similarly details sophisticated methods of evidence collection by “providing practical means and methods to properly identify, collect, preserve, and provide evidence that will be recognized and accepted by the Afghan criminal justice system.”  A presentation from the U.S. Army’s Office of the Provost Marshal General indicates that as of August 2011 there were three Joint Expeditionary Forensics Facilities (JEFFs) throughout Afghanistan including one in Kandahar, the same province where Staff Sgt. Bales reportedly committed the massacre.  These forensics facilities are capable of DNA analysis, latent print identification, photographic forensics, as well as chemical and ballistic analysis.  The presentation also indicates that there are centralized crime labs operated in coordination with the Afghan government capable of many of the same methods of forensic analysis.

While Browne’s claims could simply reflect that the U.S. military’s investigation of the incident is still in an early stage, the supposed lack of evidence is troubling given that many witnesses still maintain that more than one person was involved in the massacre, a belief supported by Afghan President Hamid Karzai.  After meeting with the victims’ family members, Karzai said that they did not believe it was possible for one man to kill seventeen people in different rooms of houses in multiple villages, drag the bodies into piles and burn them within such a limited period of time.   According to the Washington Post, survivors of the massacre have told family members that “There were 10 soldiers in our neighborhood alone.”  An Afghan parliamentary investigation found that it was widely reported by witnesses that up to twenty soldiers may have been involved and the BBC reported that residents heard helicopters that they believe were supporting the operation.

Though Staff Sgt. Bales has now been charged with seventeen counts of premeditated murder, it remains to be seen whether the U.S. military will present the same level of forensic evidence that it routinely collects and analyzes when attempting to prosecute suspected insurgents.

(2) (a) An assessment of the likelihood that such detainees will engage in terrorism.

Based on trends identified during the past 9 years, we assess that if additional detainees are transferred without conditions from GTMO, some will reengage in terrorist or insurgent activities. Posing a particular problem are transfers to countries with ongoing conflicts and internal instability as well as active recruitment by insurgent and terrorist organizations.

(2) (b) An assessment of the likelihood that such detainees will communicate with persons in terrorist organizations.

Former GTMO detainees routinely communicate with each other, families of other former detainees, and previous associates who are members of terrorist organizations. The reasons for communication span from the mundane (reminiscing about shared experiences) to the nefarious (planning terrorist operations). We assess that some GTMO detainees transferred in the future also will communicate with other former GTMO detainees and persons in terrorist organizations. We do not consider mere communication with individuals or organizations – including other former GTMO detainees – an indicator of reengagement. Rather, the motives, intentions, and purposes of each communication are taken into account when assessing whether the individual has reengaged.

Understanding the local culture is critical to mission success. This Cultural Intelligence Indicators Guide (CIIG ) will contribute to an initial Intelligence Preparation of the Operational Environment that should be continuously updated by line companies. It is intended to aid Marines in the identification of key cultural observables during security and atmospherics patrols, while at the same time helping tactical unit leaders identify the information needed to understand and influence their local environment. The intent is to anticipate the second and third order effects of our actions in order to shape and influence events to our advantage.

How is this guide organized?

There are 12 sections within this guide. Within each section, the questions are divided into indicators Marines can observe during patrols and into things that Marines can find out during engagements with local populations. Marines may choose to focus of these sections directly tied to their mission. The first few sections cover basic cultural indicators about the local populace to include language, education, economy, health, and the environment. These indicators are most often readily observable or easily accessible and will help the Marines understand people’s backgrounds in order to anticipate or prevent potential sources of friction or conflict. The latter sections cover more complex cultural indicators such social organization, power and authority, values and beliefs, and motivating issues. These sections are crucial in helping Marines understand the organization and mindset of the local people in order to better shape and influence lines of operations.

…

Practical Field Application of the CIIG

During security and stability operations overseas, Marines set up check points where personnel were screened for identification. After a short time, the Marines turned the check points over to local police. They noticed, however, that some odd practices were cropping up. The local police were given instructions to not let anyone through after 1800 except uniformed members of the police and members of coalition forces. After a while, one of the Marines noticed that traffic did not diminish after 1800 for one check point in particular. The Marine joined a local policeman on guard duty and found that higher ranking police officers were running a taxi service for nonpolice locals who needed to pass the check point and were willing to pay. The local policeman at the checkpoint also got some money for every ‘taxi’ he let though. “But I have to let him through,” said the policeman when confronted. “He’s an important man in my tribe, so it’s hard for me to say no.”

Using Cultural Intelligence Indicators

• Marines noticed a change in daily traffic patterns at check points. Traffic patterns were an important indicator of cultural intelligence for this locality. (See CIIG, pp. 36–38)
• Marines went beyond directly observable indicators to find out why the traffic patterns changed. This led Marines to learn about dominant affiliations and backgrounds of the population in the AO. (See CIIG, p. 8)
• Marines also found out about informal services and the wielding of power in that locality. (See CIIG, pp. 22–24, 60–62)
• To learn more about interactions among tribes in the AO, Marines could also investigate which tribes did and did not take advantage of ‘taxi’ service.