This article discusses the types of information available to investigators from public sources. Social media, address history and a treasure trove of other information is available to be used in conjunction with law enforcement data sources to enhance your investigations and close more cases faster.
As the internet becomes more and more prolific in society, there is an increasing amount of publicly available information (PAI) about individuals. People’s entire lives are increasingly being put online, whether it is their Facebook lives, Twitter feeds or dating site profiles. This includes information that some people might not want publicly available.
Getting the right information on a person can make all the difference in an investigation. It can mean determining if the online presence is authentic or created by someone pretending to be someone else. No matter what type of investigation, there is no doubt that having access to someone’s contact information is an advantage. Fortunately for us, there are plenty of ways to find someone’s physical location and other personal details using only PAI.
To explain how all of this exists, we need to realize and understand that personally identifying information (PII) (i.e., identifying information about a person), phone carriers (e.g., AT&T, Verizon, Sprint, T-Mobile), OS manufacturers (e.g., Apple iOS, Google Android) and device capabilities/settings (e.g., biometrics, cellular, Wi-Fi, Bluetooth, NFC, GPS) are oftentimes being placed online by our own doing through our everyday activities. We will walk through the processes with someone using their phone and interacting with apps and the aforementioned items above.
We use our phones on a daily basis, utilizing the various apps to help with both business and pleasure. When we set up our smartphone for the first time we begin the process of providing PII to include your name, address, email, etc. Depending on the type of smartphone, you will create/use an account for one of the service providers (Google/Apple) to set up the phone. This will also be one of the first steps to agree to the terms of service, which begins the process of collecting all kinds of information from your daily usage.
We are continually entering/providing more PII to link our device to our service provider (Google/Apple). Throughout the setup process, we may leave settings as default options, such as voice assistance services, location-based services, Wi-Fi, Bluetooth, “tap to pay” service and ad tracking. Our smartphone is now set up and primed for pseudo-seamless digital/life integration. The only thing left is to download and use whatever apps that make life easy for us.
We connect our phone to our home Wi-Fi network, download a coffee shop app and create an account to earn points and receive promotions. Creating an account means sharing more PII and device information with the coffee shop. Often we blindly accept the terms of service, despite knowing they are probably siphoning off our information. The next download will be an existing popular social media app that we will log in to and start sharing everything about our life with others. By logging in to our account, we blindly accept the terms of service again, share more PII with the social media service provider and, possibly, the world.
We leave our house and place an order from the coffee shop’s app to have it ready for pickup. This was done seamlessly because of linking a payment card and then even adding it as a waypoint in our phone’s GPS.
Once we pick up the coffee, we will get loyalty points for the purchase and engage with a promotion that they are running. All we need to do for a “free” coupon is share the purchase on social media and/or like the coffee shop’s page. While in the coffee shop, we connect and remember the coffee shop’s free public Wi-Fi, to which we agree to the terms of service. We go through the steps to participate in the promotion and we even “check in” to the coffee shop. When exiting the coffee shop we ask our voice assistant, “What song is playing right now?” Our phone quickly returns the name of the band and the song while we head to our car.
Now we are in the car and are starting to check our social media app. Coincidentally, we start seeing ads for the band of the song that was playing in the coffee shop and more specifically when they will be in our town next. This everyday cycle continues by our own doing and by others also sharing PII.
Why does all of this matter? Because it contributes to our digital footprints. A digital footprint is one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the internet or on digital devices. It is just as unique as our fingerprint.
Today, many factors play a role in our digital footprint. It could be anything that you put in your personal blog, social media accounts, professional LinkedIn accounts, news articles about you, etc.
To recap our scenario, we purchased a new phone and service and tied our PII to the device, the carrier and the device manufacturer. Then, we downloaded apps where we agreed to the terms of services, created and logged in to the new accounts and tied our PII to more services.
We find that we did not read any of the terms of services or privacy notices. Someone, or better yet, something is collecting this data and anything else it can collect to then make a profit. What you may not realize is that all this information can be obtained from PAI and/or the service provider(s).
One of the most common ways to search PII is with a search engine like Google, Bing or DuckDuckGo. Simply Googling someone may provide great results and a possible break in an investigation. If the suspect is actively involved on the internet, chances are pretty high that you will be able to find something by simply Googling their name, email address, phone number, moniker, etc. However, one aspect of search engines that is not utilized as often is the advanced search features built into them natively. These advanced searches use operators to search more specifically and with a narrow focus.
Then there are data broker/data aggregator websites like Pipl, FamilyTreeNow and many others that find and correlate disparate pieces of information and produce results in pages that cannot be found on regular search engines. You can often search by name, email, monikers or phone number to identify an online presence (social media profiles) that may include a wealth of PII, like photos, historical residence, age, relatives, associates, phone numbers and even court records.
Another recommended site would be osintframework.com. This site is a great place to begin a search when you have a piece of information. The site natively doesn’t perform the search but provides categories to choose from and then chooses from a list of other sites to search your piece of information. You will find most sites are at no cost where some have a fee. Once you start pulling the thread, you will find it will lead you to another and you can easily return to another category to begin a new search. Once all these pieces of information are put together, it starts to form a picture. This mosaic process works but can come at a high chair time cost. Besides training, having analysts who have access to the right data is key, and if the budget allows, investing in a web intelligence platform to help overcome the challenges of navigating many sources of information while saving time. This combination will serve your agency and community well.
As we discussed, many factors play a role in our contribution to our PII. It could be anything that you put in your personal blog, social media accounts, professional LinkedIn accounts, news articles about you, etc. All of this may seem like witchcraft, as the technology companies appear to know more about us than someone we know. It is because the technology companies are in it for the money, but luckily the same data that we provide willingly can be utilized by the law enforcement community to keep our communities safer by allowing us to see the data and make intelligent lead decisions.