Online security expert Bruce Schneier has an excellent article on the NSA spying program:
Data mining works best when you’re searching for a well-defined profile, a reasonable number of attacks per year, and a low cost of false alarms. Credit-card fraud is one of data mining’s success stories: All credit-card companies mine their transaction databases for data for spending patterns that indicate a stolen card.
Many credit-card thieves share a pattern–purchase expensive luxury goods, purchase things that can be easily fenced, etc.–and data mining systems can minimize the losses in many cases by shutting down the card. In addition, the cost of false alarms is only a phone call to the cardholder asking him to verify a couple of purchases. The cardholders don’t even resent these phone calls–as long as they’re infrequent–so the cost is just a few minutes of operator time.
Terrorist plots are different; there is no well-defined profile and attacks are very rare. This means that data-mining systems won’t uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless…
Finding terrorism plots is not a problem that lends itself to data mining. It’s a needle-in-a-haystack problem, and throwing more hay on the pile doesn’t make that problem any easier. We’d be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated.
By allowing the NSA to eavesdrop on us all, we’re not trading privacy for security. We’re giving up privacy without getting any security in return.
(Hat tip: Derek)
Comments on this entry are closed.