Richard Forno
Wed, 18 Jan 2006 11:13:10 -0800
Mass Spying Means Gross Errors http://www.wired.com/news/columns/1,70035-0.html By Jennifer Granick | Also by this reporter The United States government either currently has, or soon will have, new technology that makes mass surveillance possible. The next question for citizens and other policy makers is whether and when to use this capability. Often, people say that we must do anything and everything to stop terrorism. This answer is easy in a world where we know that technologies of mass surveillance, or TMS, are effective against terrorism, where we have unlimited resources for national security, and where there's no cost when the technology malfunctions, is intentionally abused or innocently misused. We don't live in that fictional world, so as citizens and policy makers, we have more-difficult choices to make. Recent government surveillance programs demonstrate our increased capacity for mass surveillance. For example, the Communications Assistance for Law Enforcement Act, or CALEA, requires phone companies to build mass surveillance capabilities into their networks. Privacy advocate Phil Zimmerman has pointed out that through CALEA the FBI requested technological surveillance capabilities far beyond the capacity of the judicial system to approve warrants or the FBI to monitor. This suggests that law enforcement plans to automate or computerize the monitoring process -- probably by deploying voice-recognition technology to look for "hits" that could be followed up on with human-monitored wiretaps. Proposals to install face-recognition technology at airports and public gatherings, to data-mine collections of government and commercial databases, and to profile airline passengers are feasible only with modern technology. When it broke the illegal wiretap story, The New York Times stated that it was withholding certain technical information not publicly known about U.S. surveillance capabilities. Commentators from Ars Technica and other publications assembled comments from officials familiar with the program that, in total, suggested that the National Security Agency was using new technological capabilities. These comments included President Bush's effort to distinguish between detecting terrorism, for which he claims no warrant is required, and monitoring terrorists, for which he claims the FISA warrant process is designed and followed: "We use FISA still. But FISA is for long-term monitoring. There is a difference between detecting so we can prevent, and monitoring. And it's important to know the distinction between the two. We used the (FISA) process to monitor. But also we've got to be able to detect and prevent." The president is correct that FISA only allows targeted surveillance of identified or particularly described individuals. He's wrong to suggest that the FISA warrant requirement doesn't apply to mass surveillance. To the contrary, it means our current laws generally prohibit mass surveillance of American citizens without probable cause. But should they? Now that we have the power, should we use it? Harvard Law School professor Charles Fried argues that mass surveillance is "an urgent necessity": "In the context of the post-9/11 threat, which includes sleeper cells and sleeper operatives in the United States, no other form of surveillance is likely to be feasible and effective. But this kind of surveillance may not fit into the forms for court orders because their function is to identify targets, not to conduct surveillance of targets already identified. Even retroactive authorization may be too cumbersome and in any event would not reach the initial broad scan that narrows the universe for further scrutiny. "Moreover, it is likely that at the first, broadest stages of the scan, no human being is involved -- only computers. Finally, it is also possible that the disclosure of any details about the search and scan strategies and the algorithms used to sift through them would immediately allow countermeasures by our enemies to evade or defeat them." In concluding that TMS are required, Fried makes several assumptions. He assumes that mass surveillance is effective. He assumes that other intelligence methods and prevention techniques, including human monitoring, developing sources, reducing incentives to support or hide terrorists, physical security and tracing financial and material assistance from terrorist groups, will not be feasible, and will be less, rather than more, necessary if we utilize TMS. He suggests that the enemy's ability to defeat surveillance is a function of public disclosure of the search techniques. Each of these assumptions deserves further scrutiny. There are few, if any, studies demonstrating the effectiveness of mass surveillance. People with something to hide are adept at speaking in codes. Teenagers tell their parents they are "going to the movies" when they are going to drink beer. Attackers know to misspell the victim's name, as journalist Daniel Pearl's kidnappers and murderers did, to evade e-mail surveillance. Meanwhile, modern filtering technology can't distinguish between breast cancer websites and pornographic ones. Any search algorithm, whether public or not, is unlikely to be able to distinguish between innocent and criminal communications. Even if the technology works, it fails. Even if a TMS was 99.9 percent accurate, it will produce a false positive one in 1,000 times. Whether it's facial recognition at the Super Bowl, or sifting through e-mail communications, TMS will inevitably produce an unacceptably high number of false positives. Hundreds of thousands of innocent people will not be allowed to board their planes, will have their houses searched, their bank accounts frozen -- at least until the mistake can be cleared up. At best, a "hit" will require someone to look more closely at the information, and we'll need more agents to do it than we currently have, or could have. As James Bamford related in a recent op-ed, on Sept. 10, 2001, we randomly intercepted calls from pay phones in Afghanistan discussing the Sept. 11 plot, but the calls were not translated and distributed until after the attack. A front page story in Tuesday's Times reports that even the FBI grew frustrated with the countless, fruitless tips produced by the NSA's illegal mass surveillance. If there aren't enough agents or translators to review all the false positives that random surveillance produces now, even before adding mass surveillance of U.S.-based communications to the mix, there's no reason to believe Judge Richard A. Posner's recent assertion that data mining from the innocent will enable detection of a terrorist plot collected from scattered, tiny bits of information. Mass surveillance isn't just illegal, it's probably a bad idea. We need to ferret out real terrorists, not create a smoke screen of expensive and distracting false positives that they can hide behind. More information doesn't make us smarter. We need smarter information. - - - Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society, and teaches the Cyberlaw Clinic. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.