Topic: Telecom, Internet & Information Policy

Data Mining or the Fourth Amendment?

Boalt Hall Law Professor and Visiting AEI Scholar John Yoo writes in a short piece on the AEI website that we should consider using data mining to pursue terrorists. He makes at least two errors: one historical and one statistical.

Discussing the recent vogue for making U.S. law more like Britain’s, Yoo writes:

[I]ncreasing detention time or making warrants easier to come by merely extends an old-fashioned approach to catching terrorists. These tools require individualized suspicion and “probable cause”; police must have evidence of criminal activity in hand. Such methods did not prevent 9/11, and stopping terrorists, who may have no criminal record, requires something more.

It’s hard to put aside that the vogue for making U.S. law more like Britain’s would undo part of what the Revolutionary War was fought for. And Yoo’s placement of the phrase “probable cause” in quotes — I hope that’s not to suggest that the language of the Fourth Amendment is quaint.

But putting all that aside, Yoo’s first error has to do with more-recent history. He argues that traditional investigative methods “did not prevent 9/11.” But traditional investigative methods weren’t applied to the problem. 

Operatives like Khalid al Midhar — an individual with jihadist connections known to the United States — entered the country, left in June 2000, and returned July 4, 2001 on a visa the United States gave him. As the 9/11 Commission pithily noted, “No one was looking for him.” Traditional investigative methods can’t be said to have failed when they weren’t being used.

Yoo’s second error is to believe that data mining can help locate terrorists. Data mining cannot be made useful in counterterrorism: The absence of terrorism patterns means that it is impossible to develop useful algorithms. The corresponding statistical likelihood of false positives would cause the results of a data mining operation to waste the time and energy of investigators while threatening civil liberties. 

Data mining does give a “lift” to marketers’ attempts to find people with certain propensities and interests. But the ”failure rate” (if the goal is to find new, willing customers) is typically above 95%. This is with hundreds of thousands, or even millions, of patterns to work with. Data mining also helps ferret out credit card fraud — again, using the thousands of instances of this crime that happen each year to develop useful algorithms.

Probability theory teaches that the percentage of false positives a test produces will rise dramatically as the incidence of the sought-after condition drops. If you’re searching American society for left-handed people (8–15% of the population) a data mining operation might work pretty well.  If you’re searching for the 10, 12, or two terrorists in the United States, an imperfect test will be useless, time-wasting, and thus harmful to the national security mission.

No, the Fourth Amendment is good policy as well as a part of the not-old-fashioned Constitution. It is better to focus investigations, not broaden them. The best way to find wrongdoing is to look where there is probable cause to believe something is afoot.

From Your Blog to God’s Ears

Have blogs become part of the mainstream? Consider the evidence of a front-page story in Saturday’s New York Times, which reports on reaction to the federal court ruling that the NSA wiretapping program is illegal. The first three legal experts quoted are bloggers; two of the quotes are from the blogs, one appears to be from an interview with a lawyer-blogger. Stop writing those law review articles, legal scholars, and get thee to Blogger.

Every Day in Every Way …

Big-ticket items drive most discussions of politics and government, but let’s not forget to lament the small advances that help make big government what it is.

At the outbreak of hostilities in southern Lebanon, my well-traveled colleague Tom Palmer expressed dismay that Americans overseas should expect a lift home courtesy of the U.S. government when they’ve gotten in harm’s way. Alas, by the end of July, Congress passed the Returned Americans Protection Act of 2006, which raised by $5 million the fiscal year 2006 limit on emergency assistance funds provided to U.S. citizens returning from foreign countries. Score one for bigger government — and for less responsible people.

But the bill actually results in reduced spending, saving about three cents (net present value) per U.S. family. How could this be?

A little legislative artifice did the trick. You see, the bill also allowed state food stamp agencies access to the National Directory of New Hires. They can use this database to verify employment and wage information for food stamp recipients using information on every newly hired American worker’s employment, wages, and receipt of unemployment insurance. With access to these data, state food stamp agencies will be able to better verify the income of their beneficiaries and reduce overpayments.

Created “for the children“ — a tool for tracking down deadbeat dads — the National Directory of New Hires is slowly but surely being put to new uses, including now more careful administration of food stamps. For tens or hundreds of reasons that are largely good, systems like the NDNH database will expand until the point is reached where we are all under comprehensive surveillance. 

Lost privacy is a cost of large government. In this case, the government has monetized worker data to economize on food stamp programs, masking the cost of scooping up American travelers caught overextended abroad. 

A little more spending here, a little more surveillance there. Every day in every way …

Wireless Progress — and the Challenge Not Yet Met

A lot is happening in the world of wireless telecommunications these days. And a lot is not. First, let’s look at a couple things that are happening:

WiMax is poised to move forward as a significant new platform for broadband. ”WiMax” is the popular name for the 802.16 wireless metropolitan-area network standard. It’s like WiFi but can travel a lot farther. It easily traverses the “last mile,” the complicated and expensive rights-of-way that create a high barrier to entry for competitors to DSL and cable.

Recently, Intel announced that a line of its chips will support WiMax. Intel also invested $600 million in leading WiMax provider Clearwire. Clearwire recently pulled back from an IPO, though, fueling speculation that Clearwire and WiMax are not all they’re cracked up to be. Since then, Sprint Nextel has announced that it would spend up to $3 billion to build a WiMax network. Nothing is certain, but WiMax looks pretty good right now for bringing more competition to broadband.

Here’s another thing happening: The Federal Communications Commission is amidst an auction of wireless spectrum. In 1993, Congress gave the FCC the authority to use competitive bidding for allocating rights to use radio spectrum. This beats comparative hearings and lotteries by a mile, because companies that have paid good money for spectrum tend to be well focused on making good use of it. This redounds to the benefit of consumers and the public through new, competitive wireless services.

But much more can be done to improve how this natural resource is deployed. It is widely recognized that creating property-like rights in spectrum will foster secondary markets and help move spectrum to its highest and best use. That work seems not to be happening very quickly, however. 

And a report Cato released yesterday shows that much difficult work remains to be done if we are to have a property regime for spectrum, with all the benefits it entails. In “Toward Property Rights in Spectrum: The Difficult Policy Choices Ahead,” University of Colorado professors Dale Hatfield and Philip Weiser show why creating a property-oriented system for electromagnetic spectrum rights will not be easy.

“Even though the merits of the case for property-like rights in spectrum is beyond dispute, the details about how such a regime would work must still be defined,” Hatfield and Weiser point out. Variation in the way radio waves behave means that simple geographic borders cannot define how rights to use spectrum are divided. Regulation of transmitter technology and power cannot be replaced wholesale with enforcement of radio “trespass.”  Rather, ownership of rights to use spectrum must be defined and enforced with a model suited to the particular characteristics of radio propagation.

The study is a nice tour through radio for the technically uninitiated — you can find out why radio arguably has seven dimensions. And it challenges readers (and hopefully the FCC) to think about the set of rules that will best divide and organize spectrum licenses so that Ronald Coase’s vision can be realized in the area where he did his early work.

Censorship Is Worse Than Fake News

A big story on the front page of the Washington Post Style section is illustrated with a beautiful, stylized photo of new CBS anchor Katie Couric. In tiny letters almost invisible to the naked eye, the photo source is identified as CBS. In other words, it’s a publicity photo, not a news photo. There’s another glamorous CBS photo dominating page 8, where the story jumps.

Would the Post print a corporate news release? Not likely, though smaller papers do. Is that different from using a corporate photo? Perhaps. Should the Federal Newspaper Commission look into the use of corporate photos and corporate news releases? Oh, right, we don’t have a Federal Newspaper Commission, because we have a First Amendment.

Why, then, is something called the Federal Communications Commission investigating the use of “video news releases” by television broadcasters (as reported on the front page of the Business section the same day)? Oh, right, because somehow the First Amendment doesn’t give broadcasters the same free speech rights that newspapers enjoy. Prodded by the anti-free-speech lobby Center for Media and Democracy, the FCC wants to know if broadcasters clearly label “video news releases” produced by corporations when they are used on local news programs. CMD is well within its rights to criticize the use of VNRs. But when it calls for government regulation of what can and must be shown on news broadcasts, it’s calling for censorship. And censorship is far worse than “fake news” about new products on local television broadcasts.

How Did You Like the Cybercrime Treaty Debate?

Perhaps you weren’t aware of the Senate’s debate over the cybercrime treaty. You would be like most people. The Senate quietly approved the cybercrime treaty yesterday.

The treaty is the product of years of diligent work among governments’ law enforcement departments to increase their collaboration. It lacks a dual criminality requirement, so Americans may be investigated in the United States for things that are not crimes here. And it applies not just to “cyber” crimes but to digital evidence of any crime, so foreign governments now may begin using U.S. law enforcement to help them gather evidence in all kinds of cases.

 But you already knew that if you were following the debate. You were following the debate, weren’t you?

ID-Based Security Is Broken - and Can’t Be Fixed

The Government Accountability Office testified to the Senate Finance Committee today that investigators were easily able to pass through borders using fake documents. Indeed, sometimes documents were not checked at all.

“This vulnerability potentially allows terrorists or others involved in criminal activity to pass freely into the United States from Canada or Mexico with little or no chance of being detected.”

That’s true, but shoring up that vulnerability would add little security while devastating trade and commerce at the border.

Identity-based security works by comparing the identity of someone to their background and determining how to treat them based on that. To start, you need accurate identity information. That’s not easy to come by from people who are trying to defeat your identity system.

Here’s a schematic of how identification cards work from my book Identity Crisis.

As you can see, proof of identity involves three steps: Info goes from the person to the card issuer; info goes from the issuer to the verifier via the card; and the verifier checks to make sure the person and the card match.

Each of these steps is a point of weakness. Let’s take them in reverse order:

Obviously, as the GAO found, if nobody looks at the ID card, the “verifier check” can’t be done and the system fails. If the verifier is careless, the system will also fail. This weakness can be fixed with machine-read biometrics, but that is time-consuming and it typically subjects everyone to monitoring, tracking, surveillance – whatever you prefer to call it.

If the card can be forged or altered, this compromises card security, the second point of weakness in the process. Weakness in card security (non-obvious forgery) is what GAO sought to expose when it stumbled across the fact that border agents weren’t checking IDs at all. Card security can also be fixed various ways, though the best, such as encryption, will also tend to increase monitoring, tracking, and surveillance of every card-holder.

The first step is the hardest by far to fix: getting accurate information about people onto cards. For anyone wanting to defeat the current U.S. identification system, there is a substantial trade in documents that are false but good enough to fool Department of Motor Vehicle employees into issuing drivers’ licenses and cards. Criminals also regularly use the option of corrupting DMV employees to procure false documents. Can this problem be curtailed? Yes. Solved? No.

For the sake of argument, let’s fix all these things with a cradle-to-grave, government-mandated, biometric tracking system. Enough to make even the irreligious think “mark of the beast.” Even then, we will not have effective security against serious criminals and terrorists. The greatest weakness of identification-based security remains.

Knowing who a person is does not reveal what they think or what they plan to do. Examples are legion in terrorism, and routine in crime, of people with no record of wrongdoing being the ones who act.

For example, Al Qaeda selected operatives for the 9/11 attacks who had no known records of involvement in terrorism. (See 9/11 Commission report, page 234.) It was operating in a mode to defeat watch-listing well before the spasm of watch-listing that underlies identification-checks like the ones GAO has found so flawed.

If we were to have a comprehensive, mandatory, biometric identification system, it would help find bad people after they are identified, but do little to secure against attackers who are not already known. Al Qaeda planners would have to continue factoring in a risk they have already accounted for.

And having such a system should be a big “if.” Subjecting all Americans to increased monitoring, surveillance, and tracking, then delaying their lawful trade and travel at the borders, would do a lot of damage to liberty and commerce. It would provide only a tiny margin of security – almost no margin against sophisticated threats.