With the London Olympics imminent, the challenge of securing crowded public places was one of the more pervasive themes at the 2012 Counter Terror Expo. One method—facial recognition technology— is improving, but can only detect known suspects. Metal detectors and other portal scanners offer airport-style certainties that visitors are not carrying weapons. But screening takes time, in which lines grow, creating an alternative target: the unscreened crowd outside the perimeter.

Sophisticated analysis software that can detect suspicious behavior by individuals in crowds is on the horizon, but it would not have detected the bombers who struck London underground trains and a bus on July 7, 2005, because—as witnesses at the subsequent inquest testified—they did not behave in unexpected or suspicion-arousing ways.

The practicalities are demanding. “People regularly try and sell me explosive vapor detectors,” said Adrian Dwyer, a former army officer who advises the British Transport Police on counterterror strategy for the nation's 10,500-mi., 3,000-station, seven-million-passenger-journeys-per-day rail network. “My question is: 'Alright then—we're at Tottenham Court Road [an underground station], 2,000 people have gone down from the street in the last 10 minutes, and your machine's gone “ping”—which one of them was it?'”

Christian Jensen of the Informatics and Mathematical Modeling Department of the Technical University of Denmark says the deeper question is whether these computer systems can ever work as well as a human profiler. “Ultimately, this requires the ability to monitor all people passing through a crowded environment and identify the one person who is carrying a bomb in his backpack with the intention to set it off. I think this may be possible, but it is extremely challenging: More research is needed in both video analysis and interpretation of non-verbal communication.”

Jensen attended the Expo as part of his involvement in the European Union-funded Resilient Infrastructure and Building Security (Ribs) Project, run by London's University College, which is studying means of integrating security into building design. Ribs looks at ways to automate identification of behavior indicative of terrorist surveillance activity, for early detection.

“We are working with architects to identify areas within a building that provide certain advantages for an attacker, and use this information to define scenarios that would correspond to a potential threat,” Jensen says. “This means that we may react to previously unknown terrorists who move in a pattern that is part of the crime script scenarios that we have identified, but it does not allow us to react to unknown terrorists who do something completely new, like Sept. 11.”

Still, some products may allow identification of previously unknown bad guys through surveillance of virtual environments. IPL of Bath, England, demonstrated its IP Discover system, which monitors and automatically analyzes social media and other open sources. The software can identify patterns in seemingly unrelated data, cross-reference them with a user's tactical requirements and alert operators. The company maintains that, through real-time analysis of data such as geo-tagged Twitter postings made during the U.K. riots last August, it is possible to monitor and, to some extent, predict the spread of evolving threats.

Bringing order to the unstructured and ever-expanding digital information realm is a key growth market. Xanalys of Altrincham, England, offers a suite of investigative software utilities that can extract user-defined information (names, events, key words) from English-language text to provide visualizations of relationships between data. Customers include the Australian army.

Military customers for intelligence solutions are increasingly requiring the same level of reliable data extraction from devices seized from suspects. The Athena system, from Radio Tactics of Southampton, England, has been developed for use with U.K., Australian and U.S. Special Operations Forces in Afghanistan, to collect data from insurgent phones and computer devices. The military need has morphed from the initial, quick, untraceable extraction of information for tactical intelligence purposes to providing evidence for prosecutions.

Cellebrite of Israel offers its Universal Forensic Extraction Device, which supports allegedly untraceable extraction from over 7,000 different phones, tablets and GPS handsets. The company has sold around 20,000 units and says its equipment is “extensively used” by U.K. and U.S. law enforcement agencies and military customers. Forensic Pathways of Tamworth, England, has partnered with Videntifier Technologies of Iceland to add the ability to automate identification of video material, cross-referencing files on seized devices against a vast database of known footage, enabling investigators to find the martyrdom video hidden halfway through a copied Hollywood movie without having to scan the file frame by frame.