The advancements in modern forensic capabilities have enabled law enforcement officials to quickly identify the details of who caused an incident and how it occurred. For instance, when the 1995 Oklahoma City bombing took place, investigators knew within a day that a truck containing ammonium nitrate fertilizer and diesel fuel was the cause behind the explosion that killed 168 people. Technology has changed a lot since 1995, and so has the frequency and type of attacks, requiring law enforcement to integrate technology into virtually every aspect of forensics, from rapid DNA sequencing to quick chemical tests of explosives and narcotics.
Criminologists recognise that their ability to quickly develop leads has a direct impact on the ability to solve a criminal case. That is why more and more police departments have mobile labs, bringing the ability to solve the crime directly to the site. As our world has continued to change, the same techniques have begun to be used in conflict zones in Iraq and Afghanistan. A response team is sent in to evaluate the site and look for forensic evidence that may have been left behind. However, battlefield forensics brings a set of challenges with it; technicians need to be brought to the field with the support of a local forensic lab so that the delays of sending material back to the US for further analysis can be avoided.
When a murder occurs in the USA, the local police can cordon off the area and have the luxury of conducting a very deliberate and methodical documentation of the crime scene. In combat scenarios, the time on the scene of an attack is limited. The event site is often active with ongoing firefights and mortar fire and is otherwise a hostile environment. These are not ideal conditions from which to collect evidence, but they are the conditions for which a new process and programme needed to be developed by the military. They had to adapt, both in the way they processed Improvised Explosive Devices (IEDs) and how they handled other ‘crime’ scenes; those resources that would typically be in safety in the background had to be moved to the ‘pointy end of the spear’ where the danger was.
Unlike a domestic criminal investigation, the exploitation of evidence from the bombing of a café in Kabul, a sniper attack against coalition forces, or a car loaded with explosives detonating near a vehicle gate to a Forward Operating Base are uniquely different scenarios in that the investigation is taking place in an active combat zone. Despite this obvious variance, the inquiry will proceed in a similar methodology and approach to collecting and processing evidence. Forensic science is pristine; professionals with white lab coats need expensive machines with steady air conditioning, keeping sensitive equipment cool and in a dust‑free environment. This presents another challenge as the forensic environment in an operational theatre is often dirty, gritty and uncomfortable. In police work stateside, technicians can rely on the police to secure a site and keep it closed to the public for hours and even days. In combat zones, attacks may occur simultaneously while soldiers are taking enemy fire and trying to gather evidence.
Joint Expeditionary Forensic Facilities
Shortly after the removal of the Saddam Hussein regime, coalition forces began to encounter a sharp increase in terrorist and insurgent attacks. As IED attacks became the principal way to attack US and coalition forces, it became apparent that the process of collecting evidence and then shipping it back stateside was not logistically practical and was not responsive enough to commanders who needed information and intelligence to fight the terrorists and insurgents while identifying and targeting the bomb makers.
The National Ground Intelligence Center (NGIC), in collaboration with the Naval Criminal Investigative Service (NCIS), deployed the first Joint Expeditionary Forensic Facilities (JEFF) lab to Camp Victory and Ramadi as a test pilot to see if standard law enforcement forensic capabilities could help coalition forces in identifying who was responsible for these attacks. The same law enforcement tools and capabilities used in identifying the Oklahoma bomber were now going to be put to the test in an active warzone. NGIC deployed a veteran police detective with forensic experience to determine the effectiveness of a JEFF lab and determine if additional labs should be deployed.
The goal of the JEFF labs, aside from removing terrorists and insurgents from the population, was to teach the Iraqi and Afghani militaries on how to tackle the issue of terrorism through the rule of law. By partnering with Iraqi and Afghani military and law enforcement, this capability was being passed down so they could incorporate this into their own military and counter-terrorism units.
When an IED is discovered and made safe, a forensic technician will examine the device and dust for fingerprints and DNA evidence. For example, if an IED builder assembles a cell phone to act as the remote detonator, he may handle the back of the battery or both sides of the battery, leaving a fingerprint behind. Likewise, when using tape to secure wires together, the adhesive in the tape traps fingerprints, sweat and/or hairs, which may contain DNA. All of this forensic evidence may be collected, even after a device has gone off, and in some cases this ‘latent’ evidence provides clues as to who constructed the bomb and potentially who placed the device. When this forensic and biometric information is collected, it is processed through the Department of Defense Automated Biometric Identification System (ABIS) database and an identity profile begins to develop.
Creating profiles for more precise operations
When this on-the-ground processing began, there were initially no immediate matches as the database was relatively small. However, as more evidence was collected from IEDs, sniper rifles, weapons, explosives, and car bombings, events began to be linked to one person or group of persons. This is similar to how a domestic detective would link one criminal to a string of burglaries or murders. Unlike civilian CSIs, the military separates the analytical functions such as signals intelligence, document analysis and cellular exploitation, to create not just a profile of the explosive device, but also of the individuals who may have been involved in the event. This builds the associations needed to identify who was involved and how the event happened. As this information is collected, the military analysts and intelligence officers can link with certainty an individual to a time and events, which can be used as evidence during criminal proceedings once the individuals have been apprehended. From an intelligence perspective, this is a huge advantage in removing anonymity from the battlefield. Knowing specifically who to target allows for more precise operations, similar to how a police force would leverage their special weapon teams to conduct a high-risk raid.
Forensics and identity intelligence
The use of biometrics is a powerful tool in countering anonymity, but it is only one part of the toolset needed to fully remove anonymity. Through the use of both physical and electronic forensics, the ability to hide behind anonymity is becoming harder to achieve or maintain for any length of time.
A real world example of this capability occurred in the autumn of 2005, when US Forces conducted a raid on a suspected Al Qaeda member’s home. During the raid, a copy of a shipping manifest was recovered from one of the rooms and brought back for further analysis. The shipping manifest was for a number of higher end BMW and Mercedes vehicles that had been shipped from Europe to Iraq. Through cross‑referencing the Vehicle Identification Number (VIN) of the vehicles to past Vehicle Borne Improvised Explosive Devices (VBIEDs),
it was discovered that two of the VINs matched vehicles from this manifest. Leveraging this information, a case was built against this individual for supplying the vehicles used to attack US and Iraqi forces. The shipping manifest also identified the shipping company used, so it could be further investigated for additional links and intelligence.
In the early years of the Iraq war, Al Qaeda supporters were shipping vehicles from Europe to Iraq for free as a means of supporting ‘the cause’ by allowing local members to sell the cars on the market and use the money to fund further terrorist operations or to act as VBIEDs. An old beat‑up looking vehicle that is weighed down by explosives usually looks obvious to the trained observer. However, a newer looking high-end BMW or Mercedes would draw less attention at checkpoints and convoys driving along the motorway, making them the ideal vehicle to use for an attack. The forensics and document analysis of the shipping manifest led to the discovery of a previously unknown mechanism being used by Al Qaeda as a means of funding their operations in Iraq. It also allowed US and Iraqi forces to develop new tactics and techniques to identify vehicles possibly being used as VBIEDs by observing if a vehicle is riding low on its suspension when normally that would not be the case.
Through further examination and research of the shipping manifest, the identity of the individual in Europe shipping the vehicles was discovered. The man’s information was added to the National Terrorist Watch List and the Biometric Enabled Watch List being leveraged by US Forces in Iraq. In late 2006, he had left Europe and was in Iraq for a short period, meeting with family. During a random checkpoint his biometrics were collected and then checked against the various watch lists. The individual’s name came up on a ‘Be On the Look Out’ or BOLO list, with the caveat to detain on site.
After further questioning, the man’s unofficial travel route from Europe to Iraq and back was identified along with the various rest locations. Through additional questioning it was revealed how the vehicles were obtained in Europe and how the rest of the network was involved in both procuring the vehicles and moving them to Iraq. After several months of questioning, US Forces were able to identify a vast network of people, places and processes used to help fund the Al Qaeda operations in Iraq. This entire case and impact it had on operations in Iraq can be solely attributable to the forensic sweep made during a single raid on a suspected person’s home. What may have seemed as small and trivial to most was the deciding factor in the US’s ability to reduce the amount of funding and support moving into Iraq to sustain further terrorist activities.
Overcoming anonymity is perhaps the greatest technological challenge of the 21st century. Terrorism is often a faceless and stateless enemy, and one that will require a unique approach to mitigate its effects. The use of forensic technologies on the battlefield is just one of many new strategies being added to a commander’s arsenal and will, in time, completely change the way wars will be fought in the future. The increased use of forensics and biometric technologies is certainly a key enabler to the effort to combat anonymity; however, the use and integration of identity intelligence is going to be the deciding factor between preventing a terrorist attack and dealing with its aftermath. The integration of technologies such as biometrics and forensics, coupled with the concept of identity intelligence will enable wars of the future to be fought more precisely and result in fewer innocent civilian casualties by targeting the right people. The following article will discuss in much greater detail the concept and use of identity intelligence and its integration into the idea of an ‘electronic border’.
Joshua Steinhauer worked in the area of Human Intelligence during the Iraq troop surge from 2006 through 2007 and then as a contractor in Iraq from 2008 through 2010. He then went on to become the Identity Operations Manager at US European Command in Germany before returning to the US in 2014. He has an MSc in Major Programme Management from the University of Oxford and holds degrees in International Studies and Political Science from the University of Wisconsin and an MBA.