Problems with PRISM (and the need for Privacy)

Published Reading Time  ~5 min Filed Under  Privacy

Recently, American Edward Snowden exposed a ton of information about what information the US government, via the NSA, is collecting off the internet. The NSA, naturally, had given anything but a straight answer. It seems the NSA program exists in some form, but many details remain murky. No matter, Edward said he wanted to have a discussion about surveillance, and perhaps privacy, and that is what this post is really about.

I’ve always been somewhat aware of managing my “internet privacy.” When I started this blog in 2006, I never did put my real name on it. I realized, thanks to the perfect memory of Google, there would be no way to undo such a declaration, once made. My fear was never about being tied to my ideas, but rather becoming unable to change my mind in the coming years.

Even so, I don’t fear the government connecting me to this blog; in fact, I imagine it would be rather trivial for them to do so. No, my concern is what happens next, when this blog’s authorship is added to the millions (or trillions) of other pieces of information the government has collected, and someone is tasked with giving “meaning” to the collected data.

It’s worth taking a few moments to discuss what privacy is and isn’t. First off, privacy is not the same thing as secrecy. Something secret is almost always private, but this is by no means a requirement. It’s also worth noting that much of what is privacy is maintained by way of social norms. Consider a “Private Event.” What makes it private is not that no one knows about in (that would be secrecy), but rather that the host gets to decide who to invite and who not to, and who to let in and who to turn away. Even if the event ends up in the newspaper and “everybody” knows about it, the host still has these powers to decide who is admitted. Thus, a lot of my privacy is about my choices and the social norms that encourage others to respect my choices.

Further, privacy is considered a sign of a civilized society.

With that out of the way, let’s talk a little about how someone at the NSA might give “meaning” to all the collected data.

First, let’s talk a little bit about statistics. If you read the fine print on most surveys in the newspaper, you’ll notice the phrase “19 times out of 20” after the results, or something like it. This is a statistician’s way of hedging his bet. He is saying that his results are only going to be right 19 times out of 20, or 95% of the time. For telephone polls asking who you’ll vote for, this is probably fine; indeed having the telephone polls wrong from time to time makes for much more interesting election day coverage. But when the NSA wants to pick out “criminals,” I hope they would use something better than a computer program that is wrong 5% of the time.

Those incorrectly selected as “of interest” are a known problem in statistics called “false positives”. Similarly, those that the system should catch but misses are called “false negatives”. Let’s use some numbers to get an idea of how bad this problem of false positives is. Let’s assume that the NSA has a super good model, one that is right 99.7% the time. Let’s further assume that the NSA is considering everyone in the United States (population 317 million) and trying to find all the Americans on the terrorism watch list (5% of 875,000, so about 43,750 people). Our model would flag about 994,488 people across the US, of which 950,869 would be false positives (i.e. innocent people). That means even if you’re flagged, the chances that you’re innocent are still over 96%! Now an agent had to track down leads that are innocent 24 times out of 25. I think that would be a rather dismal job….

An other important distinction to make with statistics is they show correlation (A tends to happen at the same time as B), rather than causation (B happens as a result of A happening). A generous example of this is the “proof” that fewer pirates is causing global warming! This is farcical on the face of it because we recognize that there is nothing about the nature of pirates to suggest they can influence the global climate. Will the analysis on those flagged above be complete enough to actually establish causation between the collected facts and the supposed crimes, or will they be as connected as pirates and hot summers?

Another part of the problem is the NSA data collection program relies on the “third party doctrine” and the “business record exemption.” What these two things together try and do is make anything not a secret not private. As already explained, I don’t feel secrecy should be required to have something private. According to the American government, anything I share with a third party I no longer have a reasonable exception of privacy in. Do we need to send the NSA back to elementary school (kindergarten?) so they can learn how one is to keep a secret?

But the biggest problem of all, in my opinion, actually has nothing at all to do with the NSA. Instead, it has to do with the American justice system. It is the fact that the American justice system has become unassailable and unquestionable. Consider that 95% of charges are dealt with using plea bargains, and so never go to trial. The American constitute boldly states “Trial of all Crimes, except in Cases of Impeachment, shall be by Jury,” but a trial before one’s peers had become an American constitutional right in name only. Faced with a plea bargain, the local prosecutor has decided you’re guilty and fixed your sentence. Of the cases that do go to trial, about 2/3 end in convictions anyway, and with a harsher sentence than is typically offered at the plea bargain stage. The other problem is that going to trial is incredibly expensive. Even if you’re rich, that doesn’t mean that you’ll have money available to defend yourself; the government can simply declare your wealth “the proceeds of crime” and confiscate it all before the trial has begun. Consider the case of Kim Dotcom who had hundreds of millions of dollars seized and has had to convince the court to release over $2.7 million for legal fees. It becomes a game where the only winning move is not to play, but that isn’t really a choice you get to make.

So let us return to the basic principals: innocent under proven guilty, a truly accessible justice system, and privacy is a sign of a civilized society. May we all live many more years in such a society.


Other posts



Comments

There are no comments yet. Will you add the first one?

Add a Comment

You can use the Markdown syntax to format your comment.

or alternately, send me your thoughts at minchinweb [at] gmail.com

Comment Atom Feed (for this post)