Look Before You LeapThe government plans to apply analytic technologies on a global scale in the war on terrorism, but will they prove an effective weapon?by Seth Grimes Continued from Page 1 Indeed, in what must be the most extensive U.S. manhunt since the decidedly low-tech but successful chase after John Wilkes Booth, the U.S. has been unable to bring Osama bin Laden to justice. According to some reports, bin Laden employed a feint to evade pursuers, sending an aide off with his tracked cell phone while he slipped away in another direction. The government is pursuing a variety of technical activities inside and outside the Patriot umbrella. The Total Information Awareness (TIA) program of the Defense Advanced Research Project Agency (DARPA) has proved particularly controversial, in part because Congress never specifically authorized TIA's activities. For that reason and because, in the words of the Data-Mining Moratorium Act of 2003, which was referred to the Judiciary Committee, " There has been no demonstration that data-mining by a government, including data-mining such as that which is to occur under the Total Information Awareness program, is an effective tool for preventing terrorism." While few senators are scientists, the Association for Computing Machinery counts among its members numerous qualified computer scientists. The ACM's Public Policy Committee, in a January letter to the Senate Armed Services Committee, expressed " significant doubts that the computer-based TIA Program will achieve its stated goal of 'countering terrorism through prevention.'" The ACM letter offered the opinion, " It is unlikely that sufficiently robust databases of the required size and complexity, whether centralized or distributed, can be constructed, financed, and effectively employed in a secure environment, even with significant research advances." It also outlined a number of potential risks including identity theft and the likelihood that even an unachievable 0.1 percent inaccuracy rate would lead to 3 million misidentifications each year. The moratorium bill wasn't enacted by the full Congress, but a weaker appropriations amendment proposed by Sen. Wyden did pass, calling on the Administration to either certify the essential nature of the program or issue a report that, among other things, " assesses the likely efficacy of systems such as the Total Information Awareness program in providing practically valuable predictive assessments of the plans, intentions, or capabilities of terrorists or terrorist groups." I queried DARPA's press office; the agency's only apparent action to date has been to create an internal oversight board and an outside advisory committee, both covering privacy and policy issues and not addressing the need for technical evaluation. Where data mining is a search and classification technology, scoring applies models created via data mining to evaluate particular situations. The Computer Assisted Passenger Prescreening System, CAPPS II, is a scoring application designed to screen air travelers, and is now in trial implementation. According to the Transportation Security Administration (TSA), " CAPPS II will receive scores generated from commercial databases, which are routinely used millions of times a day by private enterprises in connection with job candidates or market research." In a March hearing, the Office of Management and Budget questioned the ability of CAPPS II to fight terrorism. " I have a huge spotlight on that project," said associate director of the budget office Mark Forman, according to the Associated Press. " If we can't prove it lowers risk, it's not a good investment for government." Forman's office referred me for follow-up to the Department of Homeland Security, the TSA's parent, which didn't provide any information on current or planned technical oversight. A Wired News article on the TSA's existing flight-screening "watch list" cites cases of individuals who were " inaccurately targeted by an overly simplistic system" that is resistant to correction attempts. Small wonder, when large-scale commercial databases contain a large proportion of erroneous data; I've seen estimates of error rates of up to 10 percent. CAPPS II would exploit these commercial databases, which, if it works as outlined, may lead both to a very large number of false positive results and to lapses. The government is taking other steps that will weaken the systems it is creating. For example, the Justice Department has administratively released the FBI from its statutory duty to ensure the accuracy and completeness of the National Crime Information Center database, which holds more than 39 million criminal records. And, notably, various government actions seek to exempt reporting of firearm transactions from inclusion in terror--prevention programs. Questionable PracticesMy experience as a technology analyst has trained me to examine the foundations of computing-vendor claims of effectiveness, scalability, cost, and other essential performance measures. I've sat through enough sales pitches that focus on a product's return on investment to have developed a deep skepticism about extravagant promises. I've never seen a promise more spectacular and less supported than the security effectiveness claims implied by the U.S. Homeland Security, Defense, and Justice departments in seeking to apply pervasively and on a huge scale data-mining, profiling, scoring, knowledge management, and other analytic technologies, assemble centralized and federated databases, and use commercial and public data sources. The promises haven't been reined in, and support in the form of scientific evaluation hasn't been forthcoming despite numerous requests by technically qualified government, advocacy, and scientific organizations. What we get instead is smoke and mirrors. Seth Grimes [grimes@altaplana.com] is a principal of Alta Plana Corp., a Washington, D.C.-based consultancy specializing in analytic computing systems and demographic and economic statistics. RESOURCESAssociation for Computing Machinery, Public Policy Committee: acm.org/usacm Electronic Privacy Information Center, Total Information Awareness backgrounder: www.epic.org/privacy/profiling/tia "Getting the Message" (government surveillance technologies): www.spectrum.ieee.org/WEBONLY/publicfeature/apr03/intel.html The Privacy Act of 1974: www.usdoj.gov/foia/privstat.htm DARPA Total Information Awareness: darpa.mil/iao/TIASystems.htm "Due Process Vanishes in Thin Air," April 8, 2003, Wired News: www.wired.com/news/privacy/0,1848,58386,00.html
|
 |
Most Popular This Week
IE Weekly Newsletter
Subscribe to the newsletter
| |
| ||||||||||||||||||||||||||||||||
