Sunday, 19 January 2014

The NSA and False Positives - evidence

Occasionally I get to utter the four most satisfying words in the English language: I told you so. Some not so random surfing led me to an article entitled Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program. Written by John Mueller and Mark G. Stewart, a couple of political science types, it examines some of the NSA programs revealed by Edward Snowden, and asks what a cost-benefit analysis might reveal.

I was particularly pleased to read the first two paragraphs of page 13, which describe the FBI's response to the "leads" which the NSA provides to them:
"An [FBI] agent in the trenches puts it a bit less delicately: “You know how long it takes to chase 99 pieces of bullshit?”
So apparently, as I guessed, the NSA's analysis is throwing up vast numbers of false positives, swamping any real terrorist leads and, Mueller and Steward suggest, diverting resource from real threats like fraud and organised crime.

And while I'm referencing my own material, I'd point out that this diversion of resource is exactly the kind of mis-allocation which can occur when perception of relative risks is biased, as I discussed in my last post.

I'd recommend giving the article a look. It's not long and is an entertaining read. I also suggest subscribing to Bruce Schneier's Crypto-gram. Although a lot of his posts are specific to computer security, he often talks about risk in a broader sense. I think you'll find him interesting.

No comments:

Post a Comment