One difference might be the complete absence of words someone might possibly think would draw a law enforcement agencys attention to their e-mails, but that most people would occasionally use innocently (as in "my presentation yesterday really bombed".) Another, Skillicorn says, is that research shows people speak and write differently when they feel guilt about a subject, for instance using fewer first-person pronouns, like I and we. "If you're up to no good", he says, "it's very hard for you to write something that looks ordinary."
Skillicorn doesn't know all the ways suspicious e-mails might read differently from innocent ones. The beauty of his approach is that he doesn't need to know. His software is designed simply to look for messages that are different, based on word frequencies, from the mass of e-mails. It neednt understand the reasons for the differences.So, when this technology matures (assuming that the will is there, which if it isn't now, it will probably be in a few terrorist outrages' time), we can expect, at the heart of ECHELON or similar, supercomputers tracking the email traffic of individuals (by email address, IP number or possibly a cluster of identifiers) and monitoring them for variations; as soon as an individual's behaviour changes microscopically (regardless of what it changed from and to; this works much in the way that highly-skilled readers of body language such as TV mentalist Derren Brown can detect truthfulness or lies by familiarising themselves with natural patterns and watching for deviations), they can be flagged for review. This could detect conspirators, criminals or other deceivers (right down to people planning surprise parties for loved ones, or trying to conceal embarrassing secrets), or possibly other shifts in mental state (depression, anxiety and such). The possibilities of such a technology extend beyond merely catching potential terrorists (or paedophiles, or MP3 pirates, or tax avoiders, or pro-democracy activists, depending on jurisdiction); I imagine that, for one, intelligence agencies with access to it could use it for pinpointing the weakest links in organisations they are targetting for infiltration, or otherwise use it to flesh out psychological profiles.
Elsewhere in the article, it mentions the possibility of detecting telltale patterns of activity by traffic analysis alone, and mentions that the infamous Enron email collection is not particularly useful for such research because those sending the emails didn't actually try to pretend that they were doing anything other than screwing people over.
Please keep comments on topic and to the point. Inappropriate comments may be deleted.
Note that markup is stripped from comments; URLs will be automatically converted into links.