Don Luskin links to what he calls a fascinating op-ed by Admiral Poindexter.
It is indeed a fascinating piece, partly because of what Poindexter doesn’t say. He discusses DARPA’s data-mining proposal mainly in terms of intentions rather than nuts and bolts. And he attempts to deflect criticism of the scheme’s intrusiveness by asserting that it was designed to use non-U.S. databases.
My main objections to the scheme are not that it’s ill-intended but that it will generate huge numbers of false positives and be an invitation to abuse in the future. (See this post and this post for related comments.) Admiral Poindexter says that the overseas databases that are to be used for the project do not contain information about U.S. citizens. However, there is reason to be cautious in accepting such assurances, as initial rumors had the scheme searching through precisely the kinds of U.S. financial records that Poindexter now insists are not involved, and DARPA’s description of the program has changed in response to public and Congressional opposition. Even if you take Poindexter at his word, it’s reasonable to be nervous about such a program, because it’s impossible to know who will be running it in the future and whether the system’s anti-snooping safeguards, which require us to trust the good will of whoever is administering it, will be followed.
DARPA’s software, no matter how sophisticated it is, cannot be perfect. It will probably be designed to err in favor of generating false positives rather than false negatives. That’s reasonable given the high cost of false negatives. The big problem is that the databases that will be used are likely to be full of errors. (This is especially true in the case of government databases. Commercial databases like those used for credit and banking records — precisely the databases that Poindexter says won’t be used — have at least the advantage of being relatively easy for individuals to check and challenge. Correcting errors in government databases is typically a much more difficult process, even if the subjects of these databases are aware of the databases’ existence. Look, for example, at how difficult it is for individuals even to find out if they are on the government’s “no fly” list, much less get their names removed if they are erroneously listed.)
Inevitably, the bigger the scope of this scheme, the more false positives there will be. Given how few real terrorists there probably are in relation to the number of people with suspicion-generating data patterns, including spurious patterns based on bad information, it’s conceivable that the task of picking the real terrorists from the cloud of people erroneously flagged will not be much easier than are current ways of finding terrorists. It’s an empirical question whether the costs of such a system would justify its benefits, but it’s annoying that officials responding to public concerns barely touch on the issue of database inaccuracy, which should be a main issue. Surely Poindexter is aware of the central importance of data quality. I don’t think he has bad motives, but it’s not a good sign that he prefers to guide the discussion in a different direction.
Public skepticism of schemes of this kind might diminish if the officials in charge didn’t act like they were trying to put one over on us. They probably do it out of habit, but it’s a costly habit nowadays. They should address directly the burning issues of database inaccuracy and false positives. I think these are deal killers but maybe I’m wrong. I’d like to hear why I’m wrong rather than be fed platitudes about the dangers or terrorism and the sophistication of your software and why I should trust you because your motives are good. DARPA does a lot of neat things, but I would trust its administrators more if they leveled with us and didn’t ignore some glaring weaknesses in this flagship program of theirs. In other words, earn the public’s trust and you might have a better chance of getting your ideas implemented.
Some government databases are doing a better than they used to, it seems. While I was in line at the Ambassy to get my new visa, something interesting happened, something which, I believe, would not have happened 3 years ago.
The setting is a fairly small room for about 30-40 people. Three window counters. You give your paperwork, everything is checked, then you go sit down and wait for your name to be called. When that happens, you come back for an interview and questions regarding your application forms. You’re then told if you’re approved or not and go sit for another 5-10 minutes until your passport is ready.
As I was waiting for my interview, a young Middle Eastern man was called. The room being fairly small, there is not much privacy.
The lady behind the window is very friendly and talkative.
“Oh so you’re going to join your wife ? How nice. When did you get married ?”
“February, last year.”
“Really ? Whereabouts ?”
Follows a nice little chit-chat until the astute lady goes business like and says : “So you got married in February 2002 ?”
“Yes”
“Well, our records indicate your wife entered the United States in July 2002, as single. Can you explain that ?”
[Pause] “Sorry ?”
“You got married in February of 2002. Your wife stated she was single when she entered the United States five months later. Do you see a discrepancy there ?”
[Pause] “No”
At that point, it was pretty clear this man was not getting a visa at this counter that day.
Which reminds me I have an AR-11 to fill. Now, all non-citizen must report their address within 10 days of moving.
Thank you, al-Qaeda.
It seems that the main objections are still based on rumors. And while the valid point is made that abuse is certainly possible, so are we open to abuse from states’ bureaus of auto registration and driver’s license data. And, I would add the benefits of DARPA far outweigh those of any driver license scheme.
Concerns about the system’s intrusiveness, at least my concerns, are based on how it might actually be used in the real world. Official responses to those concerns have ignored some of these questions and emphasized instead how the system is intended to work. That’s not an adequate response, IMO.
I am happy to hear that our visa procedures have been improved. However, yesterday I tried to renew my auto registration online and received a message that the system had no record of me. This is a minor anecdote but it’s probably consistent with many people’s experiences in dealing with government databases. There is a long way to go. Poindexter et al should address these issues straightforwardly if they want more people to support TIA.