Authors and Affiliations:
|
Jason Payne, Palantir Technologies, jpayne@palantirtech.com [PRIMARY
contact] Ravi Sankar, Palantir Technologies Eric Anderson, Palantir Technologies Jake Solomon,
Palantir Technologies |
Student Team: NO
Tool(s):
For the VAST competition, the analyses were performed primarily in the Palantir Government platform and to a lesser extent in GoogleEarth and the Palantir Finance platform. Both Palantir platforms are being developed by Palantir Technologies, based in Palo Alto, California. Palantir Technologies was founded in 2004 and works with customers across the Intelligence and Finance Communities.
The development team at Palantir made the decision early in the company’s history
to develop an analytic platform based on a foundation of openness; a trait
not often seen in the intelligence community. As old institutions transition
into a world where information is increasingly a commodity, the archaic
paradigms of locking down knowledge are giving way to an environment where
analysis is the real power. Palantir Technologies is able to liberate this power
in several concrete ways: The first is data integration - whether structured
or unstructured, Palantir provides standard and extensible interfaces for
bringing information into a common environment. The second is Search and
Discovery, whereby these disparate data stores can be explored as though they
were one. The third is Knowledge Management in which all the knowledge that
is discovered is treated like another data source so no analysis is lost. And
finally, the fourth is Collaboration whereby many analysts working together
can truly leverage their collective mind. Through our open APIs and numerous
(and multiplying) extensibility points, Palantir has succeeded in creating a
genuine platform for application-development and information-analysis.
Two Page Summary: YES (will be submitted before 18 Aug)
Answers:
Traces-1 Where was the device set off?
Grid cell number of where the device went off:
55x28
Short Answer:
Palantir’s
object model only supports real geotime information, so our team
transformed the relative times and locations found in the challenge data into real ones. We then
imported the text evacuation data and exported KMZ files for geospatial
analysis. We overlaid these KMZs onto a building we constructed,
enabling us to view the evacuation as an animation in Google Earth. We
began by identifying victims; nearly all casualties were in the
upper-right, giving us an approximate explosive location. We then
removed people who never approached that region for clarity. This left
us with a short list of potential suspects, the most plausible of which
was number 56 (Cleveland Jimenez), who moves quickly very early on,
stops for an extended amount of time near all the casualties, then
again moves forward as everyone begins to flee before stopping (dying?)
himself. We looked up his X and Y coordinates during the extended stop
and found (55.9, 28.3).
Traces-2 Identify potential suspects and/or witnesses to the event.
Note: Potential suspects and/or witnesses are people who were near the area just prior to the explosion and exhibit suspicious behavior
List of RFID tag numbers:
1; 21; 28; 29; 44; 56; 73; 76; 80
Short Answer:
We
looked for persons-of-interest in our visual representation of the
evacuation and individuals who began moving significantly earlier than
everyone else, since they are likely to either be co-conspirators, to
have witnessed something that led them to flee, or at least to have
glimpsed something by virtue of being in the hallways during the leadup
to the explosion. In investigating question one, we had already
eliminated many of the figures who never strayed into the upper-right,
so it was also easy to identify individuals who have done nothing
suspicious but were positioned well to be witnesses (these include 1,
76, and 80). The short list we have produced will hopefully enable
police to continue the investigation using conventional means.
Traces-3 Identify any suspects and/or witnesses who managed to escape the building.
List of RFID tag numbers:
1; 21; 28; 29; 44; 73; 80
Short Answer:
Solving this question was relatively straightforward but required us to work backwards. We had already produced a list of suspects and witnesses, so we created a list of casualties. All individuals in the building seem to have either escaped or died, so we simply removed from our persons-of-interest list anyone who died.
Traces-4 Identify any casualties.
List of RFID tag numbers:
18; 19; 36; 47; 50; 56; 59; 60; 65; 69; 76; 78
Short Answer:
There
was no obvious way of distinguishing between casualties and “Good
Samaritans” who stopped to help the injured, so we assumed that any
individual who simply stopped moving without exiting the building was a
casualty. Although there were several ambiguous cases (people who never
moved at all, people who stopped moving far away from the presumed area
of the explosion, etc.), we were able to produce a fairly comprehensive
list of the injured and dead simply by carefully observing the
recreated evacuation. The problem of determining who is harmed and who
is only aiding them is easily solved by police on the ground, unlike
the broad overview and reconstruction that was provided by our visual
analytics. ID 59 sticks out as an oddly placed casualty; it turns out
that he exited the building before running back in, suggesting he might
have died in smoke that others near him escaped.
The
Palantir platform interacts with real geospatial and temporal
information, allowing clients to easily delve into data that has been
gathered on the ground. Our team, therefore, transformed the relative
spatial and temporal data provided to us according to reasonable,
imaginary parameters. We chose 12:00PM as “time zero”, considered each
click of relative time to be 5 seconds, and set the date to August 15;
we also constructed a building conforming to the layout provided and
placed it in a parking lot in Miami where such a building might very
well be located. The lower-left of the building was designated (0, 0),
giving all (X, Y) values real latitude and longitude values. In
retrospect, the clicks were probably much less than 5 seconds apart,
but the scale of the timestamps has minimal impact on the investigation. Palantir’s
backend is based on a Dynamic Ontology that confers incredible
flexibility and allows us to import and link nearly any kind of data
without hard-coded changes. Leveraging this flexibility, our team was
able to import the evacuation data, modeling each RFID report as an
event and each RFID tag as a person. The tag numbers remained divorced
from their associated names for initial evaluation to ensure objective
analysis—adding the list of names and resolving them to existing
persons based on tag number is an easy process. Our platform is also
open and able to interact with a wide variety of tools, including
ESRI’s ArcGIS and, in this case, GoogleEarth. We exported the reports
associated with each tag number to a single KMZ file and constructed a
KMZ with an imaginary building conforming to the data provided (figure
1). Figure 1.1: Entity ‘0’ linked to all his RFID reports in the Palantir Graph Explorer
Figure 1.2 RFID 0 viewed geospatially We
were
then able to analyze the evacuation as a time-lapsed animation in
Google
Earth: Nearly every individual in the Department of Health building
begins in a room, not in the hallway. The bomb explodes or a bomb
threat goes out at approximately 12:31PM in our real time metric, or
between 370 and 380 on the relative timescale provided. We base this
estimate on the time that individuals begin to flee the building (see
figures 2.1 and 2.2 for before/after). For information on the resulting
casualties, see short answer four. Figure
2.1: before Figure
2.2: after Although
the vast majority of RFID tags begin reporting movement around 12:31PM,
several individuals begin moving much earlier. Ramon Katalanow [21],
Cecil Dennison [28], Maxwell Lopez [29], Karissa Graham [44], and
Cleveland Jimenez [56] are all moving long before the explosion; Lopez
is up as early as 12:01PM (relative time 19). Of course, it is possible
that some of this early movement was due to normal work-related
activity or people leaving the building. Nevertheless, those subjects
who survived from this list are good starting points for investigators.
We also believe that Jimenez [56] was responsible for setting off the
explosive and was a possible suicide bomber. He starts in the middle
left of the building but is moving toward the right by 12:06PM
(relative time 80). At relative time 331 (12:27PM though it is unlikely
he spent 20 minutes crossing the building), he locks into position in a
corridor on the right side of the building relatively close to most of
the casualties (55.9, 28.3) and stays there until time 377 (12:31PM). Figure
3.1: The prime suspect Figure
3.2: The prime suspect in full context At
this point he flies forward a short distance before ceasing to move,
presumably having died. This movement falls perfectly into the
estimated time range of explosion based on when people start fleeing
(370-380), making it highly likely that Jimenez is the bomber and was
killed by his own explosion. However, one aspect of the explosion that
presents some ambiguity is that most of the people in the upper-right
when Jimenez died escaped from the building; it is primarily those who
entered that region later (relative time 560, 12:46PM) who fill the
casualty list. Examining the region where these tags began, however,
produced a dead end, as there was no questionable activity prior to the
explosion in the top-middle of the building. We suggest two possible
explanations: first, there might be a higher than expected number of
“Good Samaritans” stopping to help the injured. Second, in addition to
killing individuals within a blast radius, the bomb would have created
fire, smoke, and debris. People to the left of the bomb are protected
by a solid block of wall, and those in the left, upper-right, and
lower-right have easy access to exits; those in the upper-middle,
however, are far away from both the lower-left and upper-right exits,
so they would be the most likely to die as a result. There
are several important notes for an investigation going forward. First,
in addition to questioning those early-movers detailed earlier who
survived, several ostensibly innocent individuals were near the
suspected location of the bomb or along the path of suspicious
individuals, making them good witnesses. Those near the explosion site
include Lindsey Bowles [1], Fawn Sparks [76] (probable casualty), and
Joshua Sanchez [80]. Individuals who may have noticed something odd as
suspects moved include Abel Snow [73] who may have witnessed Dennison
[28] and Dian Kenney [7] / Edwardo Lassiter [11] / Jerome Culver [79] /
Loretta Middleton [38] who all lay along Jimenez’s path. Second,
it is very possible that the Paraiso movement was involved with this
explosion. Beyond the fact that the religion opposes state-provided
healthcare, two suspicious individuals were present. Carlos Vidro [62]
shares a surname with several brothers in Paraiso leader Ferdinando
Catalano’s innermost circle. Although we cannot guarantee that they are
related, it is entirely possible. Also, Ramon Katalanow [21] has an
alternate-spelling of “Catalano” for his last name, suggesting another
possible connection. Katalanow was also flagged for suspicious movement
during the initial stage of analysis when only tag numbers were
visible. RFID tracking combined with visual analytics has, thus,
provided a springboard for a traditional investigation with much more
information available to investigators.
Traces-5 Describe the evacuation
Video link:
Detailed Answer:
