Bruce Schneier and the Occupy Radio host now discuss cost efficiency of the NSA’s programs and broad data mining as well as the political aspects of the matter.
– We have been able to voice an opinion on the breadth of the spying that is happening against us?
– The breadth, the depth, the scope, the existence of, the methodology – anything about it. If you think about a normal government program: “We’re going to offer healthcare, we’re going to fix the road,” – the government has to produce cost-spending justifications. There’s a standard procedure by which the government says: “Look, this is what we’re going to spend, this is the value, and this is why we want to do it”. Then we all debate whether it’s a good idea or not. We debated on ideology terms; we debated on cost effectiveness terms. These programs have never undergone those sorts of analyses.
I’m just going to make up the numbers – let’s say it costs $100,000 a year to hire an FBI agent. Let’s say it costs $100 million a year to run this NSA program. Is this program more effective than 1000 FBI agents? That’s the question. And if it isn’t, we shouldn’t be doing it, period. It doesn’t make sense, it doesn’t make us safer. We are actually harming ourselves by doing it. That sort of analysis has never happened.We heard some vague data that these NSA programs helped stop 50 terrorist attacks, 10 inside the US. Well, what does that mean? We know that we’re going to get tortured language. What has helped me? Does it mean that the attacks would have occurred if the NSA program didn’t exist? Probably not. I want to know: was it critical? Was it essential? Not “did it help”, but was it essential? Because I want to figure out: is this program worthwhile? Everything I know about data mining tells me it isn’t, and I haven’t seen any analysis that says it is.
– That’s one of the things I noted when I was studying up for this discussions – you feel that these resources are being improperly allocated and you prefer the 100, 1000…
– Whatever the number is, in general data mining is a lousy security system. The problem basically is: you’re looking for a needle in a haystack and you are trying to find it by dumping a lot more hay onto the pile. And that is actually a good analogy, it’s a lousy way to find these.Much better is normal policemen following the lead, the kind of thing you’ll see in spy movies and cop shows. Think about that that’s how we’ve got the liquid bombers. That’s actually a good example. They chose a plot that they created specifically to get through airport security as it was back then. And they were found not through data mining, not through eavesdropping on everybody, but by the UK and the US police following the leads. And they were stopped before they even got to an airport. That sort of thing works.
But the problem with broad data mining is that the false positives just kill you, even a highly accurate test looking for plots, because there’s so much that isn’t a plot. Whenever you find something, it will usually be a false alarm, and now you’re wasting all of your time following these false alarms when you could be following actual leads.
But this is the way the NSA thinks. The NSA’s mission has been “eavesdrop on everything“. Right now our European allies are pissed off because we spied on them. Why do we spy on them? We spy on everything. You put the NSA in charge and they spy on absolutely everything they can. It’s no surprise they’re spying on Americans – they’re spying on everybody.
– It seems to me, and I think you’ve said this already, that NSA’s goal is just to get as much data as possible, and what they’re telling us is that because they have all that data, their data gains a level of invincibility because it is so all-inclusive. Does it help at all?
– It’s hard to know. My guess is no. My guess is that the data didn’t provide any essential analysis in any plot they have covered. We know it didn’t stop the Boston bombing. One of the successes they talked about had to do with Mumbai terrorist attack, which occurred. So it’s not a very good success. We’re not getting the data. It would be nice if the NSA would make the case. If, in fact, I’m wrong, they should demonstrate it.
– But they don’t feel any compulsion to prove you wrong. As a matter of fact, in the court of public opinion it seems to me that I’m hearing a dismaying number of people who are saying: “We’ve got to do this because of the terrorists”.
– That’s how we lose. In fact, it’s true: when people are scared, they’ll pretty much do anything to make them feel less scared. And if the government can convince them that doing this will make them less scared, then they’ll say yes. I think we as a nation lose at this point. But this is a very complex issue. Public opinion falls more on political lines. I’ve seen some great survey data that shows that what you think of this program is highly dependent on which party is in power when you’re asked the question. If your party is in power, you tend to like it; if the other guy is in power, you tend to not like it. People don’t understand the issues, defaulting to basic parties and politics.
– My team – your team?– Right, but in Congress this issue doesn’t fall on normal party lines. You’ve got Republicans saying it’s ok, you’ve got Republicans saying this is appalling. Sensenbrenner who wrote the Patriot Act said: “I never intended this, this is horrible”. You’ve got Democrats saying: “This is a very bad thing”, you’ve got other Democrats saying: “Well, of course we’re doing this, what do you think?” That is my hope, that something will come of this, that this isn’t a straight party line debate, that there might be some actual change.
– Since this is flawed at the source, is this something privacy advocates need to be worried about? If it’s so flawed it can’t capture terrorists, should we be concerned when we’re downloading stuff on our computers, when we’re sending out emails?
– It depends. We know that surveillance programs like this have been used over the decades to spy on Americans, anti-war activists, civil rights activists. We know that since 9/11 people who oppose the Iraqi war have been investigated by the FBI. We now have some anti-nuclear power demonstrators who are in jail on terrorism charges. I think we do have to worry, because this stuff tends to get ratcheted up.
My fear is that it’s going to be used and misused. And this really points us to the solution, for lack of a better word. The question I’ve always asked is how do you make this better? How do you deal with the fact that the government does need to invade our privacy?
I want to point out that we’ve already solved this; we already recognize that the police need to invade our privacy to solve crimes, that they have legitimate needs to peer into our lives. And we allow them that. But in order to protect ourselves we do two things: we have transparency and we have oversight.
For the police, if they want to read your email, which they can do, they have to go to court and convince a judge that it’s a good idea. They have to convince the judge that the interest of the police overrides your privacy; there are protections, there are controls, there’s informed consent, and they can do that. And we need to report so if they’re going to target our racial group wrongly, that will come out and then there are fixes.
But the problem with these programs is less that they’re happening, although it’s a huge problem, but that they’re happening without transparency or without oversight, that it’s just one organization with carte-blanche to do whatever they want and nobody knows. That’s the problem and that’s, inherently, the fix.
Read previous: Bruce Schneier: NSA is Wasteful and Dangerous