Bruce Schneier is Wrong on Data Mining

Bruce Schneier of counterpane considers himself an expert on all things related to computer security, and is the CTO of Counterpane, an Internet managed Security Services Provider that continues to struggle against its competitors in the space. Schneier believes that he is an imminently important person, and feels that his leftist agenda should be embraced by both the public and private sectors in American Society.

He once tried to claim that, because the government was running on a Microsoft Platform, it was a target of destruction to an as yet unknown threat that could bring down the whole “monoculture.” His opinions on the monoculture were seen for what it actually is, which is anti-Microsoft and anti-big business biases.

Schneier has no way of knowing whether or not the US has been successful in its pursuits of terrorism using data mining techniques, and in fact, any successes would be classified anyways. Now Schneier says that the government should stop trying to use computers to catch terrorists, because it just won’t work.

From Wired News Here:

In the post-9/11 world, there’s much focus on connecting the dots. Many believe data mining is the crystal ball that will enable us to uncover future terrorist plots. But even in the most wildly optimistic projections, data mining isn’t tenable for that purpose. We’re not trading privacy for security; we’re giving up privacy and getting no security in return.

The promise of data mining is compelling, and convinces many. But it’s wrong. We’re not going to find terrorist plots through systems like this, and we’re going to waste valuable resources chasing down false alarms. To understand why, we have to look at the economics of the system.

This is the first mistake Schneier makes- looking at security as an economic calculation. What is the monetary value of preventing terrorism? Is it measured in costs of lives? How about costs in economic loss? 9/11 almost caused an economic meltdown on Wall Street by using 15 stooges and some box cutters.

And it is clear that Schneier subscribes to the leftist idea that privacy, which is not defined as a freedom anywhere in the constitution, is more valuable than any exposure of privacy in efforts to fight terrorism.

Security is always a trade-off, and for a system to be worthwhile, the advantages have to be greater than the disadvantages. A national security data-mining program is going to find some percentage of real attacks and some percentage of false alarms. If the benefits of finding and stopping those attacks outweigh the cost — in money, liberties, etc. — then the system is a good one. If not, you’d be better off spending that capital elsewhere.

Data mining works best when you’re searching for a well-defined profile, a reasonable number of attacks per year and a low cost of false alarms. Credit-card fraud is one of data mining’s success stories: all credit-card companies mine their transaction databases for data for spending patterns that indicate a stolen card.

Terrorist plots are different. There is no well-defined profile and attacks are very rare. Taken together, these facts mean that data-mining systems won’t uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless.

To reduce both those numbers, you need a well-defined profile. And that’s a problem when it comes to terrorism. In hindsight, it was really easy to connect the 9/11 dots and point to the warning signs, but it’s much harder before the fact. Certainly, many terrorist plots share common warning signs, but each is unique, as well. The better you can define what you’re looking for, the better your results will be. Data mining for terrorist plots will be sloppy, and it’ll be hard to find anything useful.

This is exactly the sort of thing we saw with the NSA’s eavesdropping program: the New York Times reported that the computers spat out thousands of tips per month. Every one of them turned out to be a false alarm.

And the cost was enormous — not just for the FBI agents running around chasing dead-end leads instead of doing things that might actually make us safer, but also the cost in civil liberties. The fundamental freedoms that make our country the envy of the world are valuable, and not something that we should throw away lightly.

This is Schneier’s second mistake, letting his political bias show. He claims that the NSA program was eavesdropping at a cost to American’s fundamental freedoms and civil liberties. He neglects outright to say that the NSA program was listening in on phone calls to known terrorists and known telephone numbers uncovered during counter-terrorism investigations. And again, he claims that the civil liberties and freedoms are more valuable than all of the economic loss, not to mention the value of the lives of 3000 Americans on 9/11.

Finding terrorism plots is not a problem that lends itself to data mining. It’s a needle-in-a-haystack problem, and throwing more hay on the pile doesn’t make that problem any easier. We’d be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated.

He uses “too many false positives” as the reasoning behind discontinuing efforts in this direction. Which is also disingenuous considering his role in managing systems that spit out millions of false positives per year.

Bruce knows that you adapt systems constantly to narrow false positives by applying intelligent filters, using human analysis and counter-intelligence. To claim that such a trick is impossible to perform, not worth the effort, or ultimately valueless when American LIVES are at stake would be dishonest of him. And if you are a customer of his, you would have to wonder if he cares so little about your own security should you fall under a cyber attack.