Tuesday, December 4, 2007

Government Data-Mining Won't Catch Terrorists

Why Data Mining Won't Catch a Terrorist - But it Might Snag an Identity Thief
The U.S. government assures us that data mining makes us safe from terrorists.
For example, they dreamed up "Secure Flight," which data mines for potential terrorists. Under this initiative, you won't be able to obtain a boarding pass for a flight to, from, or within the United States unless you receive permission to travel from the Transportation Security Administration.
But the government is lying. Data mining will never effectively identify terrorists.
Here's why:
Data mining analysis defines how an individual fits into a group, and predicts that person's behavior based on characteristics of that group.
For instance, under Secure Flight, the TSA will analyze your credit records, your travel history, your bank records, your credit card records, your telephone records, your Web surfing records, and many other types of records to determine if you pose a terrorist threat.
If you "pass" the TSA analysis, you'll receive a boarding pass. If you don't, you won't be able to travel by air, even within the United States.
There's only one problem, other than giving the government carte blanche over our personal data, with zero accountability for its misuse. Data mining for terrorists doesn't work. And it never will.
Terrorists don't fit an easily identifiable profile. While most terrorists are male and under 40, nearly two billion people fit this profile worldwide. There are also an exceedingly small number of actual terrorists, and they deliberately obscure their trail to avoid detection.
These factors make data mining to identify terrorism an expensive waste of time. Security expert Bruce Schneier estimated that even with 99.9% accuracy, data mining for terrorists would generate one billion false alarms for every real terrorist plot it uncovers.
For some applications, though, data mining does work. It works best when there's a well-defined profile of whatever you're searching for, a substantial number of "events," and minimal consequences for "false positives."
For example, data mining can effectively identity credit card fraud. All credit card companies now data mine their transaction databases, looking for patterns of spending that might indicate a stolen card.
Since a credit card thief generally purchases a large number of expensive items shortly after the theft, it's possible to identify fraud with a high degree of accuracy. The consequence of a false positive - mistakenly identifying a credit card as stolen - is that the legitimate owner temporarily can't use it. But this is a problem only until the rightful owner contacts the credit card issuer to tell them it was a mistake.
The federal government surely knows these facts. Yet, authorities persist in claiming that data mining will somehow help identify terrorists.

No comments: