Tuesday, October 22, 2013

The futility of the NSA's data monitoring program

This is a very good overview of the fail inherent in the system:
A property of that information reality is that 'meaning' is relative to other items of info, and that any single item can change the interpretation of a big set of facts. E.g., "Muslim, bought pipes, bought gun powder, visits jihadi sites, attends the Mosque weekly, tithes ..." can be completely changed in meaning by a fact such as 'belongs to the Libertarian Party', even 'is a plumber, 'is a target shooting enthusiast'".
This will continue to be true no matter how much info the NSA gathers: it will be a small subset of the information needed to answer the question 'possible terrorist?'.

Thus NSA's tradeoff of privacy vs security is inconsistent with reality: no matter how much info they gather, no matter how sophisticated their filters, they can never detect terrorists without a false positive rate so high that there will be insufficient resources to follow up on them.
This has been known for a while.  I actually posted on this five years ago:
There are roughly 700 Million air passengers in the US each year. One chance in a million means the system would report 700 likely terrorists (remember, this thought experiment assumes a ridiculously low false positive rate). The question, now, is what do you do with these 700 people?

Right now, we don't do anything, other than not let them fly. If they're Senator Kennedy, they make a fuss at budget time, and someone takes them off the list; otherwise, we don't do anything. So all this fuss, and nothing really happens? How come?

Cost. If we really thought these folks were actually terrorists, we'd investigate them. A reasonable investigation involves a lot of effort - wire taps (first, get a warrant), stakeouts, careful collection of a case by Law Enforcement, prosecution. Probably a million dollars between police, lawyers, courts, etc - probably a lot more, if there's a trial. For each of the 700. We're looking at a billion dollars, and this assumes a ridiculously low false positive rate.

There are on the order of a hundred thousand people in TSA's no-fly or watch databases. Not 700. If you investigated them all, you're talking a hundred billion bucks. So they turn the system off.
This explains why the NSA program hasn't identified any actual terrorist attacks.  In the midst of grabbing everyone's metadata, a couple of whackos who went to jihadi summer camp in Chechnya - and who the Russians told us to watch out for - waltzed some bombs into the Boston Marathon.  The two links above will explain why the NSA will never catch this sort of stuff.

So what's the point of the whole effort?  Alan brings the cold eye of logic to the situation:
It also proves my theory that government (NSA) snooping isn’t about finding terrorists because it can’t. It’s about digging up dirt on political enemies, which is what secret police have ALWAYS been about.
The secret courts and double hush up National Security Letters sure fit the "Secret Police" mindset, too.

1 comment:

Chris said...

Yeah, I figured the Republicans were going to cave on the latest "confrontation" not only because that is their nature, but because every politician has information that he/she would rather not be made public. It's the Chicago way.