Thursday, June 13, 2013

Schneier on PRISM (2005)

The PRISM program (or whatever NSA calls it today, if they admit it), has a problem:  it won't work.  Not even for $80Bn/year.

...Data mining is like searching for a needle in a haystack. There are 900 million credit cards in circulation in the United States. According to the FTC September 2003 Identity Theft Survey Report, about 1 percent (10 million) cards are stolen and fraudulently used each year. 

When it comes to terrorism, however, trillions of connections exist between people and events -- things that the data-mining system will have to "look at" -- and very few plots. This rarity makes even accurate identification systems useless. 

Let's look at some numbers. We'll be optimistic -- we'll assume the system has a one in 100 false-positive rate (99 percent accurate), and a one in 1,000 false-negative rate (99.9 percent accurate). Assume 1 trillion possible indicators to sift through: that's about 10 events -- e-mails, phone calls, purchases, web destinations, whatever -- per person in the United States per day. Also assume that 10 of them are actually terrorists plotting. 

This unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots. 

This isn't anything new. In statistics, it's called the "base rate fallacy," and it applies in other domains as well. For example, even highly accurate medical tests are useless as diagnostic tools if the incidence of the disease is rare in the general population. Terrorist attacks are also rare, any "test" is going to result in an endless stream of false alarms. 

This is exactly the sort of thing we saw with the NSA's eavesdropping program: the New York Times reported that the computers spat out thousands of tips per month. Every one of them turned out to be a false alarm....

And guess what?  IT DOESN'T WORK!!  See Ft. Hood, the ShoeBomber, Boston, and Mumbai hotel.

But the Political/Ruling Class is happy to spend $80Bn/year to continue failing.

7 comments:

Anonymous said...

It is very effective at destroying our 4A rights. They gotta see a ROI on that.

Tim Morrissey said...

Extremely large numbers....# of phone calls per day, # of credit/debit card transactions per day, et.al. are NOT for the statistically challenged.

Interesting post, Dad29.

I think the FBI/CIA/NSA just went to congress with a wish list shortly after 9-11-01, and essentially got all they wanted and more.

NSA Insider said...
This comment has been removed by a blog administrator.
Dad29 said...

Back off the personal comments.

Anonymous said...

Huh. There's more chins in Morrissey's avatar than a Chinese phone book.

Tim Morrissey said...

Wait.....more chins than a Chinese phone book.....I can't stop laughing....wondering who you hired to fill in the captcha for you so you could post that hilarious slur!

Anonymous said...

It's not funny. I have to pay for your healthcare now and you are not making correct choices. Carbs are not your friend.