Identity Resolution Daily

By Brian Calvert, Infoglide Senior Software Architect

The recent “Christmas Bomber” incident incited many posts about applying technology to address the gaps that allowed it to happen. For example, David Loshin wrote about a piece for BeyeNETWORK about a “master terrorist system” while Lawrence Dubov suggested improving the watch list process using entity resolution. While technology is a critical component of any solution, some specific issues about the technology are important to understand.

In an address this week, President Obama outlined the shortcomings in people, processes, and technologies that gave the now infamous Christmas Bomber the opportunity to take down a Detroit-bound flight.

President Obama identified three major problem areas:

It’s now clear that shortcomings occurred in three broad and compounding ways. First, although our intelligence community had learned a great deal about the al Qaeda affiliate in Yemen called al Qaeda in the Arabian Peninsula — that we knew that they sought to strike the United States, and that they were recruiting operatives to do so — the intelligence community did not aggressively follow up on and prioritize particular streams of intelligence related to a possible attack against the homeland.

Second, this contributed to a larger failure of analysis — a failure to connect the dots of intelligence that existed across our intelligence community, and which together could have revealed that Abdulmutallab was planning an attack.

Third, this in turn fed into shortcomings in the watch-listing system which resulted in this person not being placed on the no-fly list; thereby allowing him to board that plane in Amsterdam for Detroit.

CNN highlighted one additional failing that’s relevant to the topic of Identity Resolution (my emphasis):

A timeline provided by the State Department officials, who spoke on condition of anonymity, showed that an initial check of the suspect based on his father’s information failed to disclose he had a multiple-entry U.S. visa. The reason was that AbdulMutallab’s name was misspelled. “That search did not come back positive,” said one official, who called it a quick search without using multiple variants of spelling.

What are the specific technology issues?

While the details of the technologies used by the State Department are not identified, the story is typically the same for government and industry. Simple equivalency lookups are not enough. “John Kennedy” will not match “Jhon Kennedy” with standard database lookups. Furthermore, some technologies rely on strategies that actually destroy the forensic integrity of the data. They force it into pre-existing molds in a variety of ways to perform similarity matching. We’ve addressed the many challenges to matching names in this blog in the past, especially in “Playing the Name Game with Terrorist Watch Lists and Shoplifter Databases”.

Indexing is one approach that can fail. It tries to turn common names and known variations and nicknames into identical easily matched tokens. So John, Jack, and Johnny might all translate to “F12391″, facilitating a quick match. But what happens when John’s name — like AbdulMutallab’s — is misspelled? “Jhon” will fail to be matched to the common code and, thus, the match will quickly fail. Encoding is another common example that we addressed. Algorithms like “soundex” attempt to translate words into a fuzzy phonetic equivalent. But the promise of these algorithms falls short, especially when they encounter misspellings, nicknames, and cultural variations.

So while merging all information into a common view or improving watchlist management might be part of the solution, they will still fail if the technology used to merge or search is not up to the task.

Not all identity resolution technologies are the same. Ours can be configured using a number of strategies to fit particular customer performance requirements, sensitivity to false positives or false negatives, and Similarity Search behaviors, including specialized name algorithms that catch misspellings, nicknames, and ordering variations.

Although the consequences are grimmer in homeland security situations, the challenges are the same for financial, healthcare, gaming, state and local government, and marketing applications. While it remains to be seen what improvements the US government will apply to the people, processes, and technology used to secure the country, it’s easy to see that simple misspellings need not break the system or, for that matter, any other system.

Share This

By the Infoglide Team

Center for Advanced Public Safety: SHARE & PUSH

“While SHARE is strictly for communications between law enforcement and the state’s Fusion Center, a companion portal, called the Portal to Uphold a Secure Homeland (PUSH), was also developed as part of the USDHS ITEP project to support private sector security personnel who oversee critical infrastructure.”

HealthNewsDigest.com: Medical/Healthcare Privacy and Fraud Outlook for 2010

“You may not be aware of this, but medical-related fraud and identity theft are growing problems in America. With the exploding cost of healthcare, increasing bureaucratic administrative healthcare systems, and a large, aging Baby Boomer population requiring increased medical care, it would seem that we are entering into a kind of ‘perfect storm’ for medical fraud.”

Aerospace News & Views: Business Travel Association Calls for Greater Attention to Aviation Security

“NBTA has long supported risk-management programs that enhance aviation security. TSA’s Secure Flight helps to enhance domestic and international travel through the use of improved watch list matching, while the US-VISIT program collects biometric information from international travelers, both of which help to protect travelers and our nation. These programs should be used as readily available tools to improve the system that protects our global aviation security.”

[Wes Richel] Gartner: Simple Interop: Why We Don’t Seek a Top Level Domain Name

“Should anyone need a demonstration of the difficulties that delay reaching global agreements, consider that the term “EHR” has an idiosyncratic definition in the U.S. when compared to most of the world. In the U.S. the term refers to the record of patient information that is kept by an individual care delivery organization (CDO), with the proviso that there be some degree of interoperability. In most other countries that use the term it refers to some specific sharing of information that may be sourced from many places including but not limited to the electronic patient records of individual CDOs.”

Share This

[Post from Infoglide] The Big Story: Evolution

“Technology writer Chris Calnan’s story opened with a comment about Infoglide that nicely sums up the evolution of the broader market for identity resolution and entity analytics: ‘The market may have finally caught up with Infoglide Software Corp.’s technology.’”

OCDQ Blog: Beyond a “Single Version of the Truth”

“However, in his excellent book Data Driven: Profiting from Your Most Important Business Asset, Thomas Redman explains: ‘A fiendishly attractive concept is… ‘a single version of the truth’…the logic is compelling…unfortunately, there is no single version of the truth. For all important data, there are…too many uses, too many viewpoints, and too much nuance for a single version to have any hope of success. This does not imply malfeasance on anyone’s part; it is simply a fact of life. Getting everyone to work from a single version of the truth may be a noble goal, but it is better to call this the ‘one lie strategy’ than anything resembling truth.’”

RISK&INSURANCE: States of Disparity

“Risk & Insurance® looked at four factors that indicate how well a state’s workers’ comp system may be working. Those factors were adjusted by giving additional weight to the amount of premium charged to the employer, and the benefits paid to claimants. The states are ranked by their composite score.”

Security Management: DHS Official Outlines Federal Support to State-based Fusion Centers

“To better facilitate information sharing, Johnson promised DHS will deploy personnel to all fusion centers while giving fusion centers access to the Homeland Security Data Network by the end of fiscal year 2010. Currently, I&A has 44 field representatives based in fusion centers nationwide. I&A will also manage the newly created Joint Fusion Center-Program Management Office (JFC-PMO), which Napolitano tasked in October with coordinating how DHS’ various components and other federal agencies will support fusion centers.”

MedicExchange.com: EMR likely to boom throughout 2013

“Health IT currently is growing at an 11 percent annual rate, and solid growth should continue at least through 2013, which would be the third year of the federal EMR stimulus program here in the States, the Scientia report forecasts. In that time frame, health IT will increase its market share by a quarter, to 5 percent of global healthcare products sales from the current 4 percent.”

Share This

By the Infoglide Team

Come by and see us at TDWI World in Orlando Nov. 3 & 4, Booth 405

The Emculturated World: Unmanage Master Data Management

“MDM breaks down in the moment it becomes divorced from a practical, immediate attempt to capture just what is needed today. The moment it attempts to “bank” standard symbols ahead of their usage, the MDM process becomes speculative, and proscriptive.”

Governing: Can I Say No to an Electronic Health Record?

“In some instances, patients don’t even know their information is being shared. For example, if consumers turn over prescription drug records when applying for life insurance, the insurer will sometimes hand off the information to business partners who then hand it off to data miners. To keep a tighter grip on privacy, Deven McGraw, director of health privacy at the Center for Democracy and Technology, would like a set of rules that all organizations in the health IT world would have to follow.”

Related post: “Applying Identity Resolution to Patient Identification Integrity”

San Antonio Express-News: McManus recalls 9-11 at GEOINT summit

“Bart Johnson, acting undersecretary for intelligence and analysis with the Homeland Security Department, said cooperation is improving, although problems remain with security clearances and interdepartmental connectivity. ‘The federal government can only do so much in getting it down to the street level,’ Johnson said. Homeland security and Justice Department officials have formed 72 “fusion centers” — terrorism prevention and response centers where federal agencies work with the military, local law enforcement and private partners. Three are in Texas: Austin, Dallas and Collin County near Dallas.”

information management: From Search to Explore

“It’s no surprise that people are looking at more and more internal and external resources for informed decision-making. In the internal case, data integration is a foundation of master data management as well. But integration for BI to common visual tools is increasingly taking place in subsystems, relational databases and cubes, and the visualization layer itself.”

Share This

[Post from Infoglide] Avoiding False Positives: Analytics or Humans?

“The European Union recently started a five-year research program in conjunction with its expanding role in fighting crime and terrorism. The purpose of Project Indect is to develop advanced analytics that help monitor human activity for ‘automatic detection of threats and abnormal behaviour and violence.’ Naturally, the project has drawn suspicion and criticism, both from those who oppose the growing power of the EU and from watchdog groups concerned about encroachments into privacy and civil liberty…”

SDTimes: Old thinking does a disservice to new data hubs

“The enterprise needs to be able to understand the origin, the time and possibly the reason for a change. These audit needs must be supported by the data hub at the attribute level. MDM solutions that maintain the golden record dynamically address this need by supporting the history of changes in the source systems record content.”

Accision Health Blog: Surveys Show Importance of EHR

“A new Rand study is one of the first to link the use of electronic health records in community-based medical practices with higher quality of care.  Rand Corporation researchers found in a study of 305 groups of primary care physicians that the routine use of multifunctional EHRs was more likely to be linked to higher quality care than other common strategies, such as structural changes used for improving care.”

NYSIF: Central NY Contractor Hit with Workers Comp Fraud Charges

“Investigators said Mr. Decker previously had an insurance policy with NYSIF when he operated RD Builders in November 2005, a policy cancelled for non-payment a few months later. In 2008, he applied to NYSIF’s Syracuse office for workers’ compensation insurance doing business as Bull Rock Development, Inc.”

public intelligence: Office of Intelligence and Analysis (DHS)

“These entities are unified under local fusion centers, which provide state and local officials with intelligence products while simultaneously gathering information for federal sources.  As of July 2009, there were 72 designated fusion centers around the country with 36 field representatives deployed. The Department has provided more than $254 million from FY 2004-2007 to state and local governments to support the centers.”

Share This

[Post from Infoglide] Privacy – A Dying Concept?

“An intriguing post by Nate Anderson on Ars Technica highlights a difficult reality about today’s easy availability of vast quantities of ‘anonymized’ data. Quoting from a recent paper by Paul Ohm at the University of Colorado Law School, Anderson writes that ‘as Ohm notes, this illustrates a central reality of data collection: data can either be useful or perfectly anonymous but never both.’”

ComputerworldUK: Data quality tools sub-par, says analyst

“A recent study on data quality by the Information Difference revealed that respondents view data quality as something that is not restricted to one area within the organisation. Instead, two-thirds of respondents said it is an issue spanning the entire organisation…Specifically, 81 per cent of respondents reported being focused on a broader scope than merely customer name and address data.”

BeyeNETWORK: Master Data Management and the Challenge of Reality

“One of the central problems of master data management, which is often poorly stated, is the need to determine if one individual thing is the same as another individual thing. But the only way we have to do this is by matching records, and a record is not the same as the thing it represents. Unlike The Matrix, we are more in danger of confounding two ‘realities’ rather than recognizing them as distinct.”

Information Management: Business Intelligence: A Blueprint to Success

“Fraud detection. Claims managers are using predictive analytics to help identify potentially fraudulent claims as early as the first notice of loss, and are analyzing claims costs to get a better handle on negative trends.”

Government Computer News: How entity resolution can help agencies connect the dots in investigations

“Imagine a law-enforcement scenario. A local police department has information on a crime suspect. Court systems, corrections facilities, the department of motor vehicles and even child-support enforcement may also have information on this person of interest, each specific to its own needs and applications. Implementation of an entity-centric environment would enable each of the organizations and systems to continue its operations while also providing the police a much more holistic view of the crime suspect along with potentially important pieces of information.”

Share This

[Post from Infoglide] Social CRM, CDI, and Identity Resolution

“In her well-read book on CDI, Jill Dyché offers a definition of CDI that also seems to describe social CRM. Try reading her definition of CDI, replacing ‘CDI’ with ’social CRM’: CDI is a set of procedures, controls, skills and automation that standardize and integrate customer data originating from multiple sources.”

Concord Monitor: Don’t play games when giving your name

“What do they want? Your date of birth, your gender and your middle initial. This information will be relayed to the TSA, and the TSA will match the information against information maintained by the Terrorist Screening Center (an arm of the FBI that gathers and consolidates watch lists). The theory is that a 12-year-old boy named John X. Doe can more easily be separated from John Z. Doe, who happens to be a 37-year-old man with a history of making bombs, if additional information is collected during the booking process. Once TSA has cleared you, you’ll be issued a boarding pass.”

pressdemocrat.com: Achieving paperless health care

“Medical record-keeping, until recently, relied on rooms full of paper files that were easily misplaced and filled with hurried, handwritten entries that could be hard to read. Electronic records hold orderly, keyboard-entered data that never leaves a hard drive and have the potential to move seamlessly from a primary care provider’s office to an emergency room or specialist’s suite.”

ebizQ: MDM Becoming More Critical in Light of Cloud Computing

[David Linthicum] “We’re moving from complex federated on-premise systems, to complex federated on-premise and cloud-delivered systems.   Typically, we’re moving in these new directions without regard for an underlying strategy around MDM, or other data management issues for that matter.”

Homeland Security: I&A Reconceived: Defining a Homeland Security Intelligence Role

“There are currently 72 fusion centers up and running around the country (a substantial increase from 38 centers in 2006).  I&A has deployed 39 intelligence officers to fusion centers nationwide, with another five in pre-deployment training and nearly 20 in various stages of administrative processing.  I&A will deploy a total of 70 officers by the end of FY 2010, and will complete installation of the Homeland Secure Data Network (HSDN), which allows the federal government to share Secret-level intelligence and information with state and local partners, at all 72 fusion centers.”

Share This

By the Infoglide Team

[Post from Infoglide] Social CRM, CDI, and Identity Resolution

“In her well-read book on CDI, Jill Dyché offers a definition of CDI that also seems to describe social CRM. Try reading her definition of CDI, replacing ‘CDI’ with ’social CRM’:  CDI is a set of procedures, controls, skills and automation that standardize and integrate customer data originating from multiple sources(1).”

Charleston Daily Mail: Former owner of WVa trucking company sentenced

“Leonard Cline formerly owned H & H Trucking. The insurance commissioner says he defrauded the old state workers’ compensation system of more than $500,000 in unpaid premiums, penalties and claims for benefits over about 10 years.”

WTVQ: Eight People Indicted for Insurance Fraud

“The US attorney’s office says the suspects intentionally damaged insured automobiles owned by other conspirators then filed claims.”

KansasCity.com: Push for electronic medical records picks up steam

“With or without health care reform this year, electronic medical records are picking up steam. Recent technological advances are easing the transition for doctors and hospitals, and there’s the little matter of the Health Information Technology for Economic and Clinical Health Act. The act, part of last spring’s stimulus package, included billions of dollars to ‘advance the use of health information technology.’ There’s plenty of advancing to do, with one group estimating that less than half the hospitals and only one in five physicians are equipped to fully use electronic records. ‘The United States is far more advanced in grocery store technology than in medical records technology,’ said Steve Lieber, president and chief executive officer of the Healthcare Information and Management Systems Society in Chicago.”

pnj.com: Man charged with workers’ comp fraud

“Florida Chief Financial Officer Alex Sink announced the arrest today in a news release. In the release, Sink said her Division of Insurance Fraud said Soto is charged with falsifying employment numbers with the intent of avoiding higher workers’ compensation premium payments.”

Federal News Radio: Update: Identity management in the Obama administration

“The alphabet soup of identity management programs from the Bush administration — HSPD-12, TWIC, Real ID, and many more — have gotten little attention publicly during the first nine months of the Obama presidency. But that doesn’t mean identity management has been ignored totally, says one senior administration official.”

London Evening Standard: Lloyd’s chief warns of more insurance fraud

“Lloyd’s of London’s chief executive Richard Ward today warned the deep recession would increase the number of fraudulent claims being made against the insurance market.”

Computerworld: Laptop searches at airports infrequent, DHS privacy report says

“The U.S. Department of Homeland Security’s annual privacy report card revealed more details on the agency’s  controversial policy involving searches of electronic devices at U.S. borders. . . . For instance, numbers released in the report indicate that warrantless searches of electronic devices at U.S. borders are occurring less frequently than some privacy and civil rights advocates might have feared. Of the more than 144 million travelers that arrived at U.S. ports of entry between Oct. 1, 2008 and May 5, 2009, searches of electronic media were conducted on 1,947 of them, the DHS said.Of this number, 696 searches were performed on laptop computers, the DHS said. Even here, not all of the laptops received an ‘in-depth’ search of the device, the report states. A search sometimes may have been as simple as turning on a device to ensure that it was what it purported to be. U.S. Customs and Border Protection agents conducted ‘in-depth’ searches on 40 laptops, but the report did not describe what an in-depth search entailed. . . . The report chronicled similar efforts to monitor the privacy implications of a range of projects that privacy groups are also watching. Examples include  Einstein 2.0 network monitoring technology that improves the ability of federal agencies to detect and respond to threats, and the  Real ID identity credentialing program. The DHS’s terror watch list program, its numerous  data mining projects  and the secure flight initiative were also mentioned in the report.”

Share This

By Robert Barker, Infoglide Senior VP & Chief Marketing Officer

We’ve talked before about how some employers will dissolve a company, then re-form it with the same people but under a new name. The objective? Reduce payments to workers’ compensation programs, where premiums are based on the historical level of claims. Erase the history by forming a new company, and voila! Your premiums are now lower, but there’s a catch – doing that constitutes fraud and it’s illegal.

Now I just read a Computerworld article about what appears to be a similar scheme.  In the largest H-1B fraud case ever brought by the federal government, prosecutors have filed against a New Jersey IT services company that recruits talent from overseas and gets them H-1B visas. On the surface, that sounds legal, right?

Yes, but you’re required to pay those imported workers at the prevailing wage rate of the state in which they’ll be working. The law won’t let you pay less than the prevailing rate because that would penalize U.S. citizens who could be hired to do the same job.

So, this New Jersey firm allegedly decided to improve their profitability by creating shell firms in Iowa and obtaining the H-1B visas there, where the prevailing wage rate is significantly lower than wages in New Jersey. Oops – now there’s an 18-count indictment against them because they “have substantially deprived U.S. citizens of employment.”

So how would you automate detecting similar situations? I confess I’m not familiar with exactly how this company was caught, but it seems like an obvious opportunity to apply entity resolution technology. In this case, you’d use identity resolution software (see IRE as an example) to connect to multiple data sources, like a database of information on H-1B applicants in various statesand a database of companies who are H-1B filers along with other sources of data such as income tax filings and various corporate filings, then let the software do the work of finding the hidden connections.

Applying this technique to workers’ comp fraud where company officers similarly have formed shells and even dissolved existing companies and started new ones, the results have been quite successful. It would be interesting to consider a similar solution with someone with H-1B investigation experience.

If you’re out there, what are your thoughts?

Share This

[Post from Infoglide] Vetting Sharks and Whales

“If you’re not in the casino industry, the title of this post may be meaningless, but for casino managers, “sharks” are the bad guys and “whales” are the good guys. Sharks are people who try to defraud the casino through illegal activities, while whales are the high rollers who are apt to win $20,000 one trip and lost $25,000 the next. If there’s any environment where you’d be motivated as a businessperson to know as much as you can about who you’re dealing with, it’s a casino.”

DATAWARE HOUSING: Business Intelligence and Identity Recognition—IBM’s Entity Analytics

“This article will define master data management (MDM) and explain how customer data integration (CDI) fits within MDM’s framework. Additionally, this article will provide an understanding of how MDM and CDI differ from entity analytics, outline their practical uses, and discuss how organizations can leverage their benefits.”

Workers’Comp Kit Blog: Failure to Pay Workers Compensation Premiums

“A New York asbestos  contractor failed to pay $1.6 Million in workers’ compensation premiums and will serve four years in prison. Upon his release he will be deported to his home country as he is an illegal immigrant… He repeatedly changed the name of his company.”

The TSA Blog: Secure Flight Q&A II

“Each one of these layers alone is capable of stopping a terrorist attack. In combination their security value is multiplied, creating a much stronger, formidable system. A terrorist who has to overcome multiple security layers in order to carry out an attack is more likely to be pre-empted, deterred, or to fail during the attempt.”

Share This