This is exactly the argument I've been making to people when we discuss PRISM.
Think about the heterogeneity of the data, the lack of structure, and the unpredictable nature of its generation. Frankly, I have no doubt that the NSA is not monitoring phone chatter on a mass scale, probably not because they can't, but because if they did there would be no way in hell to parse, store, process and evaluate the data generated.
We (the scientific/big data community) can barely get recommendation engines working well - engines which have one set of data (what you watched) and do one other thing (suggest what else you might want to watch). Unless the NSA is decades ahead in a number of fields (like data warehousing, statistical analysis of massive datasets, machine learning) how are they getting useful information in a systematic way, considering the pressure from the data-firehouse involved?
My guess is they're probably not - instead the data are collected, and then used in conjunction with traditional approaches. e.g. little johnny buys some fertilizer and one way plane ticket - so who's he been talking to, what's he been saying, etc.
Honestly, how the NSA is using/dealing with/storing/accessing these data is actually an incredibly interesting question, from an academic/systems perspective.
Natural language processing improves at a fast pace, and these records remain there to be processed at an increasingly large scale as technology allows.
I don't think most people are ready to comprehend what keeping a comprehensive digital record of private communications allows.
Including after the fact attribution of motive for any of a number of actions based on peoples online comments.
The real question is if the already exposed two way trade in information is going to be broadened into a comprehensive assessment service. Will the NSA provide a "DataVeillance report" on individuals considered for 'sensitive positions'?
Will your call records be used to assess your fitness for work? Will your spending habits be turned into behavioral alerts so that your HR manager is calling you in to ask if you've been drinking too much?
Who gets to access these records and for what purposes?
The technical portion of William Binney's presentation at HOPE 9 sheds a lot of light on this.[1]
If you go to 14:33 in the video, it has a nifty screenshot of an activity sequencing tool. He also talks a lot about latent semantic analysis and other methods.
The issue is consequences of your actions -- not just the consequences you want, all the consequences.
Efficiency is a red herring. Ethics ends up just two sides saying "I'm right you're wrong". The only meaningful question is "Is the government fulfilling its role as government?". Or the simpler proxy question: "Is this constitutional?".
Ethics talk is opinion because obviously the people doing it and their supporters think it's ethical. If you tell them you think it's unethical they'll disagree and discount the rest of what you say. Two groups just saying "I'm right and you're wrong" or "I'm ethical and you're unethical" ends up with the more powerful one getting what they want.
Even if, say, torture efficiently got information, if it also galvanized the world against you, provoked many suicide bombers, got your own people tortured, lowered the population's trust and faith in the government, distanced your allies, increased the costs of maintaining the military, and so on, it might not be worth it.
If you put the entire population in jail, you will have 100% efficiency in jailing criminals. But what cost? The point is that if the government doesn't protect freedom or represent the will of the people then it will lose popular support and have to support itself by convincing people lack of freedom is preferable to freedom or just lying.
Besides, it didn't stop the Boston Marathon Bombing.
"The only meaningful question is "Is the government fulfilling its role as government?""
This attitude is very dangerous as the government will just change its role.
Everything is rooted in ethics and thats why we should be worried whether our laws and actions are ethical. Just because people disagree on it does not mean we should stop trying to find out objective ethical laws and principles.
People seem to assume that PRISM would be a passive "find me the terrorists" button. I imagine in reality it's just a tool they use among others, similar to any other law enforcement database (Just with a much larger dataset).
Like say for example, you catch a terrorist but he won't tell you anything and you suspect they were not acting alone.
So, maybe you interview the guy's brother who insists he knows nothing , hasn't seen his brother for 5 years and loves America.
So you check the brother out with PRISM and find that:
He had an IM conversation with someone in 2002 and he spoke about how happy he was that 9/11 happened.
Someone had taken and uploaded a photo to a social network of the brothers at the same place 2 years ago.
You decide that putting covert surveillance on the brother might not be a waste of resources.
In "task force black", a book about how the SAS special forces helled fight alqaeda in Irak, they talk how they had all the cellphone network controlled and each time they collected a mobile they tracked their calls and that way they localized other terrorists with more mobiles. It was pretty useful in that situation. For example the top level of alqaeda never used mobiles or radios but eventually they had people around them who did.
Can't we assume that the largest employer of mathematicians in the US [according to Wikipedia] has given this some thought?
So either they know it's ineffective and do it anyway, because they can. More money, more power, more influence.
Or it's not being used to generate leads, but as a way to look up retrospectively what people have done online once they become of interest from tip-offs and traditional investigations.
While it's impossible to estimate how smoothly things actually work in the NSA, if you are someone who takes the leaked slides as gospel, then you have to admit at least one thing:
The slides were written as if morons were the audience. It uses brightly colored bubbles to define the very few key points involved. In any other bureaucracy, these slides would be seen as yet another example of office workers having to be reminded to do their "TPS reports". The slides, more or less read as: "Hey dumbfucks, remember that we have two systems for espionage. PLEASE remember to use BOTH of them"
The fact that they took the time to come up with a memorable name like PRISM is also kind of amusing, like the way politicians come up with PATRIOT Act and PROTECT-IP to help people remember what hot-button issue they involve.
edit: In addition to this, Snowden managed to get the files using a USB key, something which had been banned years before at the NSA because someone was able to infect NSA's infrastructure with such a device...and yet Snowden was still able to steal files...at the very least, the NSA's IT logistics doesn't seem to be much better than of large corporations: http://theweek.com/article/index/245643/how-edward-snowden-s...
So the NSA may employ the world's best engineers and mathematicians, but it doesn't necessarily mean things are well-honed and efficient.
Maybe PRISM is accessible to even lower level employees (hence why Snowden got a hold of it) and isn't relatively that much of a big secret within the organization, while the really "interesting" stuff happens behind locked doors and generally does not involve making silly powerpoint presentations.
But no, it isn't, because it can be gamed like any other rules system. The NSA probably thinks their system hasn't been explored yet, relying as they do primarily on security through obfuscation.
One of the greatest pleasures in life is examining "black box" systems and figuring them out. The NSA would be fools to expect that their system is not already being gamed.
Yes, the same with torture. Hey, if torture works, maybe we should just allow it in every police station on everyone we ever arrest. It should make getting those confessions out so much easier! Say hello to the 2 centuries ago society! Glad to see the past 2 centuries have gone to waste in terms of what in means to evolve as a human in a modern society.
Which only says something about the person drawing the conclusion, not about deconstructing arguments.
Torture must be both moral and strategically effective to make sense. Therefore, if either one is not the case, then you shouldn't stand for your government torturing people.
It is difficult to convince someone to adopt different values using logic alone. Perhaps ultimately the ethics behind the value of privacy can be traced to its role in constructing a society that produces the best quality of life for people.
If so then it may start with whether hurting someone can defuse a ticking bomb, then be expanded to whether hurting more people can undermine an enemy and whether it yields less accurate information than subtler interrogation methods, or perhaps whether it recruits more enemies and is a losing strategy, and some many steps later, after addressing whether it undermines the fundamental goals that make the society worth protecting, what kind of people it makes us to engage in torture.
I suppose that what I am getting at is that we wouldn't necessarily agree with the values that informed past ideas about what is moral. Therefore, if we can simply point out that torturing also isn't in our strategic interest we can short circuit nonsense arguments about necessary evil. The same goes for privacy invasions, however, I don't agree that these programs are likely to be inefficient. More likely, they will be unscientific and confirm biases, and tend to cause suffering for many innocent people, while also encouraging self-censorship.
They will also undermine the checks provided by institutions that have gone of the rails, or officials that have become corrupt having to interact with moral people. Perhaps most terrifying, I have read a couple journalists, of all professions, talk about these programs in context of TSA checks, and having to stand barefoot in front of gawkers, or be touched by strangers. Though these checks are a cause for indignity, and are varyingly effective, in comparison to universal surveillance, they are unlikely to quash any meaningful dissent or other important responsibilities of citizenship.
I think it's a useful discussion to have since there are so many people who "don't have anything to hide"
The argument works well for privacy advocates because even without regard to revealing classified secrets, the NSA won't be able to demonstrate good efficacy or good value for the money, due to the fact that such a system can only ever "work" rarely. A close look at this ought to also reveal a large fraction of abuse, and waste, in addition to false positives.
Prof. Thall flipped the question, pointing out that any algorithm hunting for terrorists would turn up some number of false positives -- probably a large one. As to whether that should rule out using algorithms, though, he says, "I would very much like to know what alternative they might suggest. With regard to identifying terrorist attacks originating in the U.S.A. before they are carried out, there is no free lunch, and we simply can't have it both ways."
IMO the last quote in this article is the perfect response to the quandaries raised by the rest of the article:
Any automated approach or data analysis is sure to raise false positives - but what other options are there? Zero data analysis or automation? Pure human "police" or "detective work" raises false positives as well.
I imagine the efficiency of their algorithms depends on what they're looking for.
If they're looking for patterns similar to those of historical terrorists, then their false positive rate is likely reasonably low considering the scale of their data set.
If they're looking for patterns or traits of hypothetical terrorist behavior, that's another story.
Systems-based trading in the financial sector comes to mind. Constructing a trading system that performs well when tested against historical data is easy. Constructing a system that performs well on future data isn't.
The solution to the latter usually involves using more generalized indicators when building the system to avoid the pitfall of curve-fitting your system to the data.
In this case though, it might just mean more false positives to sift through.
NSA is supposedly constrained to its strict national security mission charter. However, I've heard murmurs over the years about analysts passing off information in an unofficial capacity to federal law enforcement if what they come across sufficiently bothers them. Those agencies then figure out a way to legally obtain the data they were passed so it's admissible in court.
Recent quotes concerning GCHQ provide an interesting insight in this regard:
This implies they go after criminals and not just terrorists.
> "... of all the things those agencies are doing to stop your identify being stolen ..."
I guess they're also in the identity protection business.
> "But if you are a would-be terrorist or the centre of a criminal network ..."
Again, targeting of criminals (albeit high level).
---
IMHO, a top-secret dragnet surveillance program that's tightly restricted in scope to national security matters is a much easier pill to swallow than a completely legal, known program. The latter becomes nightmarish as soon as the data aggregates down the chain to law enforcement or other government agencies. Imagine local police departments having the same level of information about private citizens as NSA does. That's terrifying.
> However, I've heard murmurs over the years about analysts passing off information in an unofficial capacity to federal law enforcement if what they come across sufficiently bothers them. Those agencies then figure out a way to legally obtain the data they were passed so it's admissible in court.
Its trivial to see how such evidence could be laundered if the NSA wanted to -- all the NSA has to do is make anonymous tips to law enforcement that provide the basis for regular search, wiretap, etc. warrants. To do this, of course, they may need to provide information that can be confirmed without a warrant to demonstrate credibility, but its hardly as if the NSA is going to have trouble doing that. The receiving law enforcement agencies could be completely in the dark as to the actual source.
Absolutely true. What you said means the NSA has the capability to put whoever they wish under the microscope and effectively bury them by proxy. The only way that doesn't work is if they either have an irreproachable system of oversight, or whoever they're targeting has as led an extremely boring, uneventful life.
In theory, senior employees or executives at NSA contractors may even utilize similar tactics for anti-competitive or corporate espionage purposes.
You don't think they've thought of it being used between their contractors/executives? And that they haven't put any effort in to stopping that sort of use internally?
I'd be inclined to believe that there are likely to be controls to prevent people not authorized by higher ups within the NSA from doing this, as that would represent a security problem.
I am, to put it mildly, considerably less sure that these controls operate in a manner that inhibit NSA leadership from directing that this be done in specific cases, when they feel that providing this kind of under-the-table feed of information, particularly to domestic law-enforcement when the conditions in which the information was gathered would, if it were known, prevent the use of any information derived from it in court under the fruit of the poisonous tree doctrine.
I'm sure there are stringent barriers in place. Thing is, when many of the senior officials at NSA are former high-level executives at contractors, and vice versa, it makes you wonder.
From the perspective of an established incumbent player in a lucrative market, a disruptively effective startup _is_ an economic terrorist.
The existence of a repository of data of this sort will be used to defend existing economic arrangements against new entrants; and to prevent certain classes of arrangement from becoming established at all.
Think about the heterogeneity of the data, the lack of structure, and the unpredictable nature of its generation. Frankly, I have no doubt that the NSA is not monitoring phone chatter on a mass scale, probably not because they can't, but because if they did there would be no way in hell to parse, store, process and evaluate the data generated.
We (the scientific/big data community) can barely get recommendation engines working well - engines which have one set of data (what you watched) and do one other thing (suggest what else you might want to watch). Unless the NSA is decades ahead in a number of fields (like data warehousing, statistical analysis of massive datasets, machine learning) how are they getting useful information in a systematic way, considering the pressure from the data-firehouse involved?
My guess is they're probably not - instead the data are collected, and then used in conjunction with traditional approaches. e.g. little johnny buys some fertilizer and one way plane ticket - so who's he been talking to, what's he been saying, etc.
Honestly, how the NSA is using/dealing with/storing/accessing these data is actually an incredibly interesting question, from an academic/systems perspective.