Tuesday, October 09, 2007

Data mining and you: giving a damn might be wise

I do get bored returning to the same old story but I think it's a social obligation. More on how the FBI does data mining and why you should care ...(emphases mine)
Civil liberties: surveillance and privacy | Learning to live with Big Brother | Economist.com

... Two days after the attacks on New York and Washington, Frank Asher, a drug dealer turned technology entrepreneur, decided to examine the data amassed on 450m people by his private data-service company, Seisint, to see if he could identify possible terrorists. After giving each person a risk score based on name, religion, travel history, reading preferences and so on, Mr Asher came up with a list of 1,200 “suspicious” individuals, which he handed to the FBI. Unknown to him, five of the terrorist hijackers were on his list.

The FBI was impressed. Rebranded the Multistate Anti-Terrorism Information Exchange, or Matrix, Mr Asher's programme, now taken over by the FBI, could soon access 20 billion pieces of information, all of them churned and sorted and analysed to predict who might one day turn into a terrorist. A new version, called the System to Assess Risk, or STAR, has just been launched using information drawn from both private and public databases. As most of the data have already been disclosed to third parties—airline tickets, job records, car rentals and the like—they are not covered by the American constitution's Fourth Amendment, so no court warrant is required.

In an age of global terror, when governments are desperately trying to pre-empt future attacks, such profiling has become a favourite tool. But although it can predict the behaviour of large groups, this technique is “incredibly inaccurate” when it comes to individuals, says Simon Wessely, a professor of psychiatry at King's College London. Bruce Schneier, an American security guru, agrees. Mining vast amounts of data for well-established behaviour patterns, such as credit-card fraud, works very well, he says. But it is “extraordinarily unreliable” when sniffing out terrorist plots, which are uncommon and rarely have a well-defined profile.

By way of example, Mr Schneier points to the Automated Targeting System, operated by the American Customs and Border Protection, which assigns a terrorist risk-assessment score to anyone entering or leaving the United States. In 2005 some 431m people were processed. Assuming an unrealistically accurate model able to identify terrorists (and innocent people) with 99.9% accuracy, that means some 431,000 false alarms annually, all of which presumably need checking. Given the unreliability of passenger data, the real number is likely to be far higher, he says.

Those caught up in terrorist-profiling systems are not allowed to know their scores or challenge the data. Yet their profiles, which may be shared with federal, state and even foreign governments, could damage their chances of getting a state job, a student grant, a public contract or a visa. It could even prevent them from ever being able to fly again....
Ok, you can go back to sleep now.

No comments: