Intelligence Please

Wow. I have got to start reading the Weekly Standard more often. Heather Mac Donald has an editorial there titled “Information Please.” It’s a defense of the NSA collection of phone records, and it is both self-righteous and misinformed at the same time. I thought only us bloggers were supposed to post stuff like that.

I stumbled across this editorial thanks to Lindsay Beyerstein who takes exception to the to the pull-quote at the top of the article: “Only a paranoid solipsist could feel threatened by the calling analysis program.”

Lindsay is philosopher, and she finds this amusing. Solipsism is a form of extreme skepticism based on the fact that all you know about the world is what your mind knows. The world as you know it is only known in your mind. So how do you know it’s really out there? A solipsist would say there’s no proof that it is, and might even say that there is no outside world at all. It’s all in your mind.

The point is that if anyone really is a solipsist, he certainly wouldn’t be paranoid that other people are spying on him because he doesn’t believe there are other people. I guess Mac Donald knew solipsists think they are the center of the universe, and therefore figured it was just a synonym for selfish. [And, to be fair, that is a common usage.]

Fortunately for me, the stupidity doesn’t end at the pull-quote. It permeates the piece. Let me serve up a few more choice morsels:

Since late 2001, Verizon, BellSouth, and ATT have connected nearly two trillion calls, according to the Washington Post. The companies gave NSA the incoming and outgoing numbers of those calls, stripped of all identifying information such as name or address.

That last sentence is pretty disingenuous. The information may be stripped of “identifying information such as name or address”, but it’s ridiculous to pretend the phone numbers aren’t identifying information. The government can easily ask for name and address later. Or they can just Google them like I do.

I’ve emailed the Weekly Standard and asked Ms. Mac Donald to give me her home phone number. I’m sure she’ll be sending that along any minute now.

No conversational content was included. The NSA then put its supercharged computers to work analyzing patterns among the four trillion numbers involved in the two trillion calls, to look for clusters that might suggest terrorist connections. Though the details are unknown, they might search for calls to known terrorists, or, more speculatively, try to elicit templates of terror calling behavior from the data.

No they won’t “search for calls to known terrorists.” If the NSA has the phone numbers of known terrorists, they can just just ask the phone companies for the terrorists’ phone records. This is simply not how data mining works.

As a practical matter, no one’s privacy is violated by such analysis. Memo to privacy nuts: The computer does not have a clue that you exist; it does not know what it is churning through; your phone number is meaningless to it.

Memo to authoritarian nuts: Us “privacy nuts” aren’t worries about the computers, we’re worried about the people who control the computers.

The press loves to stress the astounding volume of data that data mining can consume—the Washington Post’s lead on May 12 warned that the administration had been “secretly…assembling gargantuan databases.” But it is precisely the size of that data store that renders the image of individualized snooping so absurd.

No it doesn’t. Mac Donald is speaking gibberish that sounds good to her, like some character on 24. Pulling individual data out of a database that size isn’t hard, especially if it is pre-processed for easy querying.

It’s not that big either. By my back-of-the-envelope calculation, you’d need about 50 terabytes of storage to hold it all. To put that in perspective, a photo sharing site like smugmug has 100 terabytes of photos. (Heck, my wife and I combined have about 1.5 terabytes of disk storage in our home computers.) For a hardware cost of $1 million, the NSA could keep 10 copies churning out about 1000 individual queries a second.

As a constitutional matter, no one’s privacy is violated by such automated analysis of business records.

As a constitutional matter, no one’s privacy is violated by a middle-aged man in the park taking leering photographs of all the prepubescent boys. That doesn’t mean we shouldn’t be upset about it. Just because something is constitutional, doesn’t mean it’s a good idea.

After 9/11, a phone executive who didn’t believe that the country was in danger of another catastrophic attack was seriously out of touch with reality. And the volume of data requested almost by definition protects the privacy of any individual customer.

9/11 was 4 1/2 years ago. It’s absurd to believe that a condition of emergency still exists. To put it another way, there is always a chance of another catastrophic attack, so the rules we come up with should balance the risk of an attack against the cost of losing some of our freedom.

And as I explained before, the volume of data doesn’t protect individual data at all. Heather Mac Donald should be able to figure that out for herself without being an Information Technology professional like me: All she has to do is get a phone bill every month. Clearly, the phone companies can identify individual behavior, so the NSA should have no trouble.

The Washington Post calls this numbers analysis the “most extensive…domestic surveillance [program] yet known involving ordinary citizens and residents.” Bunk. The NSA‘s data mining program is not surveillance; no one is being listened to or observed.

Now she’s playing word games. People make calls, and an uninvolved third party (the NSA) is finding out about them. If she doesn’t want to call that surveillance, how about we call it spying?

Data mining looks for mathematical patterns in computerized information; it is not a real-time spying operation.

If it’s not real-time, then there isn’t any time pressure for the NSA to obtain the data. This is justification for more judicial oversight, not less.

The government didn’t need to go to the Foreign Intelligence Surveillance Court for a wiretap or pen register order (which governs the collection of phone numbers in real time from a single phone) because it is not listening to or recording any individual’s calls. FISA is built around the notion of an individualized investigation of specific spies or terrorists; it is seriously outdated for the application of American computer know-how to ferret out terror plots before they happen and before the government has individual suspects in mind.

So spying on one person requires a court order, but spying on 280 million of them doesn’t?

Also, actual pen registers haven’t been used for many years because they only work on rotary dial phones (ask your parents, kids). When cops get an order to get numbers, they get them from the phone company, just like the NSA does. Why shouldn’t the NSA have to follow the same rules?

But it may be too late to convey these truths. The time to explain how data mining protects privacy while providing a crucial tool against unknown mass-murderers was while the Pentagon’s Total Information Awareness program was under attack.

Well Ms. Mac Donald, why don’t you take a crack at explaining how data mining could be used for this? Go ahead, enlighten us!

Cooperation between the private sector and intelligence agencies is crucial for uncovering terrorist plots. After 9/11, JetBlue Airways and Northwest Airlines offered privacy-protected passenger records to NASA and the Pentagon for research to see if data-mining could aid in identifying terrorist flight behavior. No passenger’s privacy was violated, yet these two companies now face hundreds of billions of dollars in privacy lawsuits. The class action bar is undoubtedly gearing up for a similar assault on ATT, Verizon, and BellSouth, an abuse of tort law that will further discourage patriotic corporate behavior.

Every company named in the previous paragraph had a statutory or contractual obligation to protect customer privacy. They decided to break the law or break their promises or both, and now they will suffer the consequences in court. All of their troubles could have been avoided if the government had simply gotten a court order for the data. Nobody can be sued for properly obeying a court order.

It seems pretty clear that Heather Mac Donald has no real idea what data mining is or how it works. All she knows is that it takes a lot of data, that the Bush administration wants to do it, and that people she doesn’t like are opposed to it. I’m not too familiar with the Weekly Standard, but I hope they usually demand more thought from their editorialists.