Poindexter Is Still Wrong

There is a reason I never feared John Poindexter’s Total Information Awareness plan, why I don’t even fear the secret NSA equivalent now being built.

It won’t work.

My suspicions were confirmed this week by Bruce Schneier, a name to reckon with. Schneier runs Counterpane. He is THE leading computer security expert on the planet. Honest.

And in Wired this week, he says it quite clearly.

Let’s look at some numbers. We’ll be optimistic — we’ll assume the
system has a one in 100 false-positive rate (99 percent accurate), and
a one in 1,000 false-negative rate (99.9 percent accurate). Assume 1
trillion possible indicators to sift through: that’s about 10 events —
e-mails, phone calls, purchases, web destinations, whatever — per
person in the United States per day. Also assume that 10 of them are
actually terrorists plotting.

This unrealistically accurate system will generate 1 billion false
alarms for every real terrorist plot it uncovers. Every day of every
year, the police will have to investigate 27 million potential plots in
order to find the one real terrorist plot per month. Raise that
false-positive accuracy to an absurd 99.9999 percent and you’re still
chasing 2,750 false alarms per day — but that will inevitably raise
your false negatives, and you’re going to miss some of those 10 real
plots.

Schneier then runs the numbers. Terrorist plots are like tiny needles in big haystacks. No matter how finely you tune your filter running through that haystack, you are going to come up with too many false positives.

Instead of draining the pond, he suggests, fish where the fish are. Use human intelligence, not just machines. Dogged police work works.

For those of you who have forgotten, Poindexter was Ollie North’s boss, the National Security Advisor to President Reagan during the Iran-Contra scandal. He was pardoned for his crimes, but there is no real punishment for stupidity. Just because someone is named after a cartoon character doesn’t mean they have A Clue.