How to Spy Better

Data mining works for preventing credit card fraud; less so for foiling terror plots. How the NSA’s surveillance strategy might be less effective than that of the neighbourhood gossip.

Hazlitt regular contributor Linda Besner's poetry and non-fiction have appeared in The Walrus, Maisonneuve, and The Malahat Review among other...

My bank used to call me a lot, so much that my boyfriend at the time referred to it as “your other boyfriend.” I was travelling frequently between Canada and the U.S., and once I got to New York and used a card to buy something, the phone would ring and my other boyfriend would be on the line, wanting to know where I was. Was I really in New York? Was it really me? When was my birthday again?

I found my clingy other boyfriend annoying until one day he called me up and asked if I was in Mexico. I told him I was not. He told me that my card had been used to make a $90 purchase in Playa del Carmen that morning. I told him I had been there for a friend’s wedding a month earlier, but that now I was back in Canada. He explained that someone had stolen my information, and reassured me that he would cancel the card and deal with everything.

Banks and credit card companies spy on you using data mining, the same thing the NSA has recently admitted to doing: collecting large swaths of information and attempting to identify patterns. There are a few significant differences between using data mining to detect credit card fraud and using data mining to detect terrorism—the NSA seems like an altogether scarier boyfriend to have looking over your shoulder. But possibly the most important difference, according to statisticians, is that using mining data to stop terrorism doesn’t really work that well.

The statistical problem with catching terrorists is that terrorists are very rare. Credit card fraud is common, which means that a system built for monitoring it has a rich store of previous information to which a card’s current patterns can be compared. People who steal credit cards tend to buy shiny things or things that can be easily fenced.

As Bruce Schneier—a security expert whose supermath powers have inspired such nerd jokes as, “Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it,” and “Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur’q pehfu lbhe fxhyy jvgu uvf ynhtu”—explains, terrorism’s patterns are nowhere near as straightforward. “It’s a needle-in-a-haystack problem,” he writes on his website, “and throwing more hay on the pile doesn’t make that problem any easier.”

Here’s how most statisticians explain it: let’s say a computerized system monitored all of us looking for terrorist plots, with a pie-in-the-sky accuracy rate of 99 percent. In Schneier’s example, this system samples ten “events”—web sites visited, emails sent, phone calls, purchases, etcetera—per person per day. For the U.S. that would be 1 trillion events. Let’s say ten of them are actual terrorist activity. “This unrealistically accurate system,” Schneier writes, “will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month.”

Schneier’s solution to this problem isn’t what you’d expect from a math guy: “We’d be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated.” It’s also one of the lessons in terrorism that the Heritage Foundation, a conservative think tank that started tracking successfully foiled terrorist plots in the U.S. since 9/11, suggests we learn. “Citizens, much like state and local law enforcement,” their site’s writers note, “have an excellent understanding of their own communities. For example, the 2008 Fort Dix plot (foiled plot 20) was thwarted because a store clerk alerted authorities after discovering a video file of the group firing weapons and calling for jihad.”

Essentially, spying is about people, not just data. In William Dalrymple’s new book, Return of a King: The Battle for Afghanistan, 1839–42, he describes how the fall of the Sardozai dynasty, and Britain’s efforts to prop it up, turned Afghanistan into ground zero for the covert battle of Anglo-Russian intelligence known as the Great Game. Dalrymple describes the arrival of one of the first two spymasters, Captain Claude Martin Wade: “Wade spent his days piecing together a jigsaw of news and gossip through his growing list of informants: Indian clerks, traders, passing mercenaries and sympathetic noblemen were all recruited to provide news and bazaar gup-shup (gossip).”

It may not be comfortable to picture the fruit seller at the bazaar—or the guy you met one time who friended you on Facebook—reporting on your activities to the authorities. But that guy is actually less likely than a computer algorithm to mistake your joke post about voting an illegal number of times for the real thing.

--
Find Hazlitt on Facebook / Follow us on Twitter

Image: Gary Oldman as George Smiley in Tinker Tailor Soldier Spy

Hazlitt regular contributor Linda Besner's poetry and non-fiction have appeared in The Walrus, Maisonneuve, and The Malahat Review among other journals, and her radio work has aired on CBC’s Definitely Not the Opera, Outfront, and The Next Chapter. Her first book, The Id Kid, was published in 2011 by Véhicule Press, and was named as one of The National Post’s Best Poetry Books of the Year.