We attempted to meet this challenge by deliberately avoiding the use of any computer-based visual analytics tools. Instead, we set ourselves the task of trying to answer the two questions in a single 8 hour period using paper documentation, scissors, pens and a whiteboard. Our only use of computing resources was access to the digital Word documents for occasional searching for keywords.
There were several reasons for our non-digital, non-tool based approach to visual analytics in this context:
The only preparation prior to the exercise was for the three particpants to read the challenge rubric and task questions and to print three copies of the the datasets. We did not read through the datasets, nor did we discuss possible approaches until the start of the exercise. The exercise started at 9:30am and was halted at 5pm Friday 11th June, 2010.
Our first 30 minutes were spent discussing how we were going to organise our day and how we would approach the problem. Our first agreed task was to cut up each of the documents into snippets each representing a single item of generated information (e.g. a newspaper report, intelligence report, blog entry etc.). We then marked up each snippet with a yellow highlighter pen for any mention of a geographic place (country, city, locality, street etc.) and a pink highlighter pen for any mention of a named person.
Observation: There were several instances where simple automated text matching would have failed here (e.g. misspelling of Colombia, person not place called Basra, Aden as Sallal etc.)
Once marked up, we organised snippets by country. Where a snippet was primarily associated with a single country it was placed below a green post-it note (see Figure 1). If it had a secondary country associated with it (e.g. conversation between two people in different countries) further pink post-it notes provided sub-categories of place. Two further categories indicating non-geographic items and complex geographic itmes (e.g. many countries named in a single item) were also created.
Organising items by place gave us our first indication of the main countries involved in the challenge. It subjectively gave is an indication of where we might concentrate our analytic efforts and who might be involved. To provide a more systematic approach we then examined each of the snippets country by country, summarising on the whiteboard the place (in blue), the key events (in green) and individuals (in red). Countries that were mentioned in snippets but appeared to have no connection with the arms trading were listed but struckthrough (see Figures 2 and 3, left).
Observation: Amendments to our whiteboard country summary (and social network) possible by wiping older version and replacing text. We lose the ability to backtrack or record evolution of our visual summary.
Observation: Sometimes wanted to store a line of reasoning behind inclusion of a key fact (e.g. why the 'spam' emails from Nigeria were suspicious). Little scope to do this in a systematic way using the whiteboard and paper snippets.
The country summaries in Figure 3 (left) are transcribed below along with our summary notes made during the 8 hour period.
| Place | Event/Info source | Key people |
|---|---|---|
| Burma | ||
| Colombia | Phone intercept | "Hombre" |
| See links with Moscow for details. | ||
| Dubai, UAE | Exhibition (April 17th 2009); | Nicolai, Ngoki, Dombrovski |
| This was the location of the meeting between key players in the network (15th-23rd April 2009). Was the likely point of international transmission of the Drafa virus (arrived via Ngoki from Nigeria). Basra working on behalf of Bukhara booked three tickets to Dubai. Possible travellers: Bukhara, Basra, Balochi, al Jinnah and "Mai". Known to be involved in illegal subversive activity - Watch - may be involved in arms deal subsequent to meeting. Money transfer from Bukhari to Abna bank account. | ||
| Gaza | Arms market | Kasem, Khouri, Anka |
| Kenya (Narok) | Weapons seizure | Otieno and Owiti (1st May 09), Onyango |
| See links with Somalia and Ukraine. | ||
| Malasia | Exhibition | Khem, Nicolai |
| Nigeria | Spam messages | Dombrovski, Ngoki, Kapo, Boyo |
| See links with Moscow for details. | ||
| Pakistan | Arrests of Lashkar group /Web | Basra, Bukhari |
| See links with Dubai for details. | ||
| Russia | Phone/email | Dombrovski, Ahmed (gun dealer) |
| Moscow-Nigeria connection: Dr George, Ngoki, Kapo and Boyo met Dombrovski on the 15th April 2009. Should follow up on Dr George who is communicating with, meeting and transferring money to Dombrovski. Moscow-Yemen connection: Dombrovski met with two known illegal arms traders in Dubai in the 19th April (Ahmed) and 20th April 2009 (Haik, Hosein). Ahmed later died of Drafa fever (3rd May). Watch Hosein and contact Aden as Sallai for possible collection and use of arms. Moscow-S. America connection: Jhon in Colombia (could be JG) and VWHombre in Venezuela scheduled to meet Dombrovski in Dubai on 22nd April 2009. Watch Venezuela and Colombia for illegal arms trading following likely deal. Moscow-Turkey/Syria connection: Group of five, possibly Turks Hakan, Celic, Adad, Ashur and Syrian Baltazar in Dubai meeting on 18th April 2009 with 'Russian Professor' from Moscow - likely to be Dombrovski. Plan to buy arms from Moscow to be shipped after meeting. May still happen as no knowledge of Dombovski's health or whereabouts post Dubai meeting. Turkey not affected by Drafa so plans may continue. Watch possible shipments of 'text books' to 'school' in Syria. | ||
| Saudi Arabia | ||
| Somalia (Ukranian weapons to Nairobi) | MV Tanya (military hardware) / Pirates | |
| Thailand (plane: Kiev->UAE->Bankok->Sri Lanka->UAE) | Plane seizure | |
| Turkey | Phone intercepts | Celic, Hakan, "Prof", #731, Baltasar |
| See links with Moscow for details. | ||
| UAE | VW Message board | Dombrovski; VWHombre, Jhom |
| See also Dubai. | ||
| Ukraine | Phone intercept | Minski (dead in Rome, 3rd Feb 09); Kurshid-Iran |
| Shipments coordinated from Ukraine (boat and plane). Nicolai Kuryakin network, established earlier than other networks. Links ammunition and arms derived from Kenyan military through Otieno. Ukrainian military hardware due to be delivered to Nairobi intercepted by Somali pirates. Arms subsequently delivered late. Possible planned pick up of amunition in Kenya and delivery to Sudan. Otieno and Nicolai dead after Dubai meeting (probably Drafa). Link with North Korea: Bordinski managing Pyongyang weapons collection for Nicolai - possible destinations: Sri Lanka, UAE, Kiev. Connection with Kershid in Iran - weapons intercepted but watch for subsequent activity with Iran. Watch for Bordinski - still at large and operating on behalf of the disceased Nicolai; could now assume lead role. | ||
| Venezuela | Phone intercept / gun dealing | Jorge, "green man", Beto, Jhon, Pho |
| See links with Moscow for details. | ||
| Yemen | Arms deals / fighting->Saudi | Guintor, Ahmed (Died Aden 3rd May), As-Salaal |
Our approach encouraged us to combine insight into the geography of the arms dealing with the social network of players. As a result, many of the observations noted in the table for MC1.1 describe the social network we identified. Figure 4 (right) shows the graphical representation of the social network we identified on the whiteboard. We used the same colouring conventions for places (blue) and people (red) to symbolise the network. Known connections were symbolised as black lines. Distinct sub-networks were symbolised with green dashed lines. We found no direct evidence that Dombrovski and Kuryakin were communicating despite both being based in Moscow. However, Kenyans communicated with an unknown contact in Moscow (see bottom left of nework diagram in Figure 4) and the Turkish sub-network communicated with a "Russian Professor". Additionally, Yemenis discussed meeting Kuryakin with Dombrovski who appears to be operating on Kuryakin's behalf and have knowledge of him.
The whiteboard provided limited space for symbolising multiple networks simultaneously. We therefore sketched three further networks on paper that had relevance to the arms dealing (see Figure 5). The government-intercepted plane from Kiev provided key evidence of geographical and social links between legal and illegal arms trading. The ship Tanya, intercepted by pirates, helped establish the link between players in Ukraine, Kenya and Somalia. Importantly, this helped us place Nicolai Kuryakin within the arms trading network - a key figure in the transmission and identification of the Drafa fever.
Observation: We needed to be able to represent different forms of network (e.g. social, geographical, by transport mode, financial) and compare these and link them together. Simple whiteboard and paper sketches were not sufficient to do this.
Figure 5 (right) shows the third additional view of the network that was critical in understanding the picture of illegal arms dealing. The meeting of key players in Dubai (see Table in MC2.1) was vital in connecting separate elements of the network. Here the temporal sequence was important, both in tracking who was common to all meetings (Dombrovski) and in assessing the transmission of possibly Drafa-infected individuals.
Within the 8 hours available to us we identified a further important network view of the transfer of money between individuals and/or bank accounts. We did not have sufficient time to examine this network fully nor represent it graphically. This would have been a good candidate for software analysis and representation. We did observe that two sets of funds found their way to a Moscow bank account from a Saudi account via a Swiss account. They originated from Bukhari and from an unknown Venezuelan source, probably "(VW)hombre", who was communicating with Dombrovski and Jhon.
Observation: Some elements of the data are more difficult to analyse manually and are more amenable to computational analysis, for example bank account details and money transfers.
To provide a benchmark for the amount of effort appropriate for investigating a task of this scale (how much can we achieve manually within 8 hours?)
Of our eight hours devoted to this task, about one hour was used to plan the day's activities; two hours used to organise and mark up the document snippets; three hours to extract country summaries and initial social network and two hours to refine hypotheses and document additional networks. Because much of the analysis involved interpretation of free text and assessing context, we were relatively efficient in extracting key pieces of information. Had the data been more quantitative or substantially larger in volume, this approach would have been largely impractical. We were able to identify some important characteristics of the geographical and social networks of illegal arms trading which were consistent with those made for the other mini-challenges (Drafa hospital records and gene sequences). Because we had no Visual Analytics tools available optimised for free-text organisation and annotation, the equivalent time programming would have been unlikely to yield any meaningful results.
To identify a series of requirements for the design of Visual Analytics software that would help in solving tasks of this nature;
To evaluate whether it is necessary to use visual analytics software to solve tasks of this nature;
The scale of this task made it possible to come to some meaningful conclusions about illegal arms trading without the need for visual analytics software. However had the volume of source data been more than two or three times greater, this would have proven impractical. VA software would be necessary to speed up the organisation and annotation process. As hypotheses and reasoning become more complex, software to document this aspect of the analysis would become increasingly useful. We will have missed key sources of data (e.g. money transfers) that software may have helped us identify. Software that provided alternative visual representations of the networks in particular would have speeded up the hypothesis generation process and provided us with a more systematic approach to problem solving. Being able to revisit different views as new network links are identified or explored would have increased our analytic power. Efficient annotation and documentation within software would have reduced the number of forgotten key facts and hypotheses.