More Details of the NSA's Social Network Analysis

mrogers writes "USA Today has a story describing how the NSA looks for suspicious calling patterns in the huge volumes of traffic data it collects. "Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads, which are forwarded to the FBI for investigation. There have been complaints that low-quality leads are drawing agents away from other cases, and similar pattern-matching approaches have been found wanting in the past. Can data mining identify terrorists?"

The strength of weak links...

[nweaver (113078)]

The problem is, this strategy is not only ineffective, it can be counterproductive.

There is plenty out there on the "Strength of weak links", where past associations (old roommates, sleeper cells), with not contact can be very strong service links when reinitiated.

There is also plenty out there on how this is DoSing the FBI.

And the tin foil hat crowd (a very popular piece of headware these days) will point out that this tool is far more useful for targeting individuals than searching for patterns. And what if you are the target?

Re:The strength of weak links...

[noewun (591275)]

Was about to say the same thing. Traffic pattern analysis doesn't work at all for sleeper cells, like the people who carried out the 9/11 attacks. Sleeper cells, by definition, tend to be quiet for long periods of time with only intermittent contact between members and any organizing force. To someone looking at traffic pattern analysis, this will look no different from me talking to my cousin in Atlanta or my uncle in DC, which we do once in a long while. Analysis of the 9/11 hijackers would've shown normal, suburban usage.

The trend in terrorism lately is decentralization: the guys who carried out the Madrid train bombings were home-grown, were not known terrorists, and were not previoiusly involved in any high level attacks or meetings. They didn't show up on anyone's radar precisely because they didn't fit any profile, nor would they be found with traffic pattern analysis. Add to this the recent news that the AQ higher ups have ceased using satellite or cel phones and you have the basic problem with asymetrical warfare, one which the White House and DoD refuse to learn: you can't fight a guy wearing a suicide vest with satellites and computers, and you can't find a loosely organized, ad hoc group of people by looking for organized cells. The top down model of terrorism is dead, and it seems to be the only thing we're still looking for.

What we need, and what the White House and DoD are steadfastly refusing to develop, is old-fashioned HUMINT, human intelligence. We need speakers of Arab in all of the various dialects, we need people schooled in Middle Eastern politics, history, religion and socities, and we need to get people with Middle Eastern backgrounds into the intelligence services and up the command chain. One of the reasons the CIA was as efficient as it was in the 60s and 70s was the large number of working agents from countries in which they were working. Gust Avrakotos [wikipedia.org] was such an effective agent in Greece and elsewhere because he spoke the native languages and knew the local customs. He wasn't viewing the space by satellite from DC. He was in the mix.

Here endeth the rant.

Beside the point.

[TripMaster Monkey (862126)]

If this wholesale data mining works, then the government will tout this success as justification for its acts. If it doesn't work, the government will complain that we're not letting them do enough to ensure our safety, and use the failure to justify even more outrageous violations of our privacy.

Whether it works or not, however, is beside the point. The point is: is it legal? Enough people have maintained that it is not to warrant a serious investigation into the matter.

That's not the question....

[i am kman (972584)]

I don't think the question should be is it legal?

The question should be is it consistent with America's values? Or is it moral? And I think the answer is a resounding NO!

The problem when you ask about legality is that you get legal opinions with obscure analysis that circumvents the broader question of whether America SHOULD do this.

It's alot like the debate surrounding our system of legalized bribery (except we call it lobbying). "Oh, they paid for a plane trip, let's make those illegal." The debates center around the legal technicalities, but largely ignore the larger problem of targeted contributions directly affecting specific votes and the immoral culture of lobbying.

Subsceptible to multiple attacks

[scorp1us (235526)]

The monitered person can distribute the calls through multiple phone lines. With cooperation, a group of individuals can pool phones to use and this system won't detect them. What is detectible is how many phone lines are registered to a person.

However the government has yet to catch up to the real world. I can disitalyl distribute the message through the internet using techniques that would not arouse suspicion, partivularly with al the online gaming of today.

Roger wilco anyone?

Attitude

[symbolic (11752)]

Aside from this being patently illegal, what bothers me is the cavalier attitude behind it, and the fact that it is already being abused to track down people who aren't terrorists, but who are merely doing their job to keep government entities like the NSA under some semblance of control - the journalists. There is no end to the manner in which this kind of information could be abused.

Re:Attitude

[whathappenedtomonday (581634)]

Aside from this being patently illegal, what bothers me is the cavalier attitude behind it

I guess as the US is a democratic country, it's alright to do so. Democracy means, literally, rule by the people. The vast majority of people either doesn't care or doesn't get beyond posting "wtf, criminals!" on /.

You'd have to shut down TV for a week or only a day - I bet enough people would start to care about this and many other things...

My grandmother may be a terrrorist.

[JesseL (107722)]

She's always getting calls from various places and then making a flurry of more local calls. She uses code phrases like "your cousin's baby was born last night and it's a boy", or "Great Aunt Zelda had a stroke but they say she's going to be okay".

Raise it to orange

[Trails (629752)]

"Hey Akbar, just calling to let you know Mohamed and Alimah just had a healthy baby boy!"

"Oh great, I'll let the family over here know!"

*meanwhile, in the basement of a bunker somewhere*

"My God! It's nine eleven times ten thousand! Nine million one hundred and ten thousand!"

Re:Raise it to orange

[!IH (33751)]

Or, a foreign visitor gets a call that a close family member is seriously ill, they make a flurry of phone calls to cancel hotels, ring the airline, book taxies, and then try and get on a plane home. NSA see "foreign call, flurry of calls, trying to get on a plane in a clearly agitated state - panic, panic, red flag!" and "Oh, we're sorry you couldn't get home before your father died, national security, you know."

Terrorists?

[RsG (809189)]

Whoever said this was about "terrorists"?

A country of 300 million people cannot have that many actual terrorists in it, even if you count domestic lunies like Timothy McVeigh and the Unabomber in the category (or more accurately the next generation of bomb making lunies). Monitoring a sizable fraction of that 300m can't possibly be just about finding "terrorists" - for one thing it's a needle in a haystack, and for another the number of other uses/abuses of such a system are too many to count.

Bet good money that most of the people who are or will be advesely affected by this surveilance have little or no connection with terrorism. Even if there was once some noble intent of protecting people by finding monsters hidden among them, it won't just be used for that. Any time you have a major source of power in polical hands, you can bet on it being abused eventually - and what greater power over a domestic population is there than widespread spying without judicial oversight?

Re:Terrorists?

[Whiney Mac Fanboy (963289)]

That sounds like terrorist talk to me!

Simple answer? Kinda

[Red Flayer (890720)]

"Can data mining identify terrorists?"

No. It can identify people who have calling patterns associated with terrorist activity, regardless of whether they are a terrorist or not.

Note that these calling patterns cannot be used to associate that person with a committed or planned crime in the normal data mining scenario.

Data mining is unreasonable search.

Now, I have no problem if they've got evidence of a crime or plan of a crime, and use known information to deduce who might else be involved. That's investigative work.

Data mining is speculative work, not investigative, so regardless of whether it *can* be used for speculative 'research' into the activity of American citizens, it *shouldn't* be.

What ever happened to....

[beheaderaswp (549877)]

What ever happened to "Live free or die", "Give me liberty or give me death", or "Those who are willing to sacrifice their basic liberties to assure their security deserve neither."?

Those quotes are not just platitudes... they are *good ideas*.

Keep the canned patriotism, give me my rights, and I'll just take my chances.

Re:What ever happened to....

[mrchaotica (681592)]

Indeed, all this bullshit about "stopping terrorists" or even "supporting the troops" does not represent patriotism, but the quotes you mentioned do. All American citizens ought to be reminded of that.

False sense of security

[HangingChad (677530)]

Cheney accuses those he disagrees with of hoping our oceans defend us against terrorism, yet this bungling administration picks technologies that are both invasive to the innocent and ineffective in locating the guilty. We're spending billions on efforts that, at best, won't work and at worst will draw resources away from things that will be effective.

There was a local news story about a terrorism suspect who was picked up locally because of a tip from a flight school. Not from monitoring his phone calls, not by fingerprinting him when he came into the country, not by spy plane, satellite or any other whiz bang technology. Just a clerk at a airport counter in the middle of bf nowhere. And that's the sensor net that offers the best hope we have of combating terrorism. The clerk at the store, the landlord they rent from, the agent at the ticket counter, the hotel clerk, rental car company, bell hops, and neighbors. It's not depending on the government to keep us safe because they can't. Government is too big and too slow to respond to a ever changing threat landscape. Had we not spent the last five years alienating the muslim and mid-eastern communities in this country and abusing the few Arab allies we have in the mid-east, we might have been able to develop a community network that would have been effective and inexpensive (in relative terms).

No one seriously believes oceans can defend us, just like no one can seriously believe all the invasive technology being loosed on the people paying the bills is going to be any more effective.

It's all really quite insane.

Pipe Dreams

[Khammurabi (962376)]

Can data mining identify terrorists?

Not really. Computers are good at recognizing patterns only when there is a large repository of data to "train" the computer with. For example, neural networks [wikipedia.org] are often better at recognizing patterns than if a person were to program a set of rules into a system. Man-made rules are often incomplete or lack the depth that a computer can bring to the table. A good example of this is Google Translate [google.com], which is considered one of the better translation programs and is essentially an advanced neural net that was fed a huge wad of data to train from.

America's data set on terrorism is in the single digits, and the data they do have is only partially complete. This means the only system that can be programmed is a set of user-created rules that "flag" questionable behavior. The solution is a poor one and will only improve our chances at detection by a fraction of a percent. (Seems a huge price to pay for privacy trampling to me.)

In order to detect terrorism on American soil effectively, we'd need a larger data set. Otherwise we're just attempting to reverse engineer a process that essentially defines itself as dynamic enough to avoid detection. We'd need a frequent source of terrorism that we could derive models and nets off of. The immediate source that comes to mind is Iraq. If I were in charge of the NSA program, I think the best course of action would be to harness the call-traffic (satellite and domestic), email activity and other "data" that precedes suicide bombers (or other known acts of terrorism) in Iraq. Using this data you could train a system to recognize similarities in America. Short of that, anything the NSA is trying is a crap shoot.

No. Freeing up lines of communication, preparing quick and actionable responses to warnings, and better general population awareness are probably more effective than grabbing a billion pieces of data and sifting through it for answers. It's impossible for a human to know what to look for, and until the NSA comes clean in what it's actualy doing, there's no justification for stomping out the few freedoms we still have. There are better alternatives out there that can be done with the help of the community and still preserve the integrity of our privacy.

are they admitting to something?

[oyenstikker (536040)]

Armed with details of billions of telephone calls, the National Security Agency used phone records linked to the Sept. 11, 2001 attacks to create a template of how phone activity among terrorists looks, say current and former intelligence officials who were briefed about the program. (from the USA Today article)

Are they admitting to collecting details on domestic phone calls _before_ 9/11?

Simple answer

[radtea (464814)]

Can data mining identify terrorists?

No.

But it can identify people with large extended families who have relatives overseas and get an important call about a death in the family, notify all their North American relatives, and then have government agents show up on their door.

Every single pattern-based terrorist screening method I have heard about sounds like something dreamed up in an air-conditioned office by some dork who never gets out very much and thinks all people are basically like him (and anyone who isn't ought to be subject to government investigation.)

Hanging around public buildings taking pictures? Must be a terrorist. As opposed to say, just interested in taking pictures of public buildings because modern-day monumental architecture happens to turn you on.

Want to learn to fly a 747 but don't have any interest in a career as a pilot? Must be a terrorist. Unless you happen to be fascinated by aircraft and think that a few weeks of flight school would give you bragging rights to die for at your local RC club.

Like to pay with cash, even for purchases in the thousands like furniture or maybe a car? Must be a terrorist. Or maybe you don't qualify for a chequing account, or are just a little bit paranoid, or just don't fucking feel like doing anything else.

These sorts of unvalidated, non-empirical, "feels like the right thing to me", ad hoc, imaginary "patterns of suspicious activity" are a major threat to freedom because they demonize and may even criminalize deviancy from the norm. It is a characteristic of unfree societies that deviancy from the norm is not just looked at asscance by the majority of the population, but is viewed as grounds for suspicion of the most heinious acts.

Furthermore, such datamining solutions are not able to identify terrorists reliably even when they have all kinds of intelligence data entered into them. A report on the chilling-named MATRIX [fas.org] system indicates that the system was only able to identify 5 of the original 9/11 hijackers in a retrospective test, a 75% false negative rate, and it further identifed 120,000 other Americans who had a "high terrorism factor." Supposedly "scores of arrests" resulted from that list, although no one knows what the arrests were for or how many of those were sucessfully prosecuted. The odds are most of them were for drug possession charges that were laid as a result of the increased scrutiny certain individuals got by virtue of wholey baseless suspicions of terrorism. But let us grant 60 successful prosecutions for terrorist-related activities. That's a false positive rate of over 99.9%

And that was when the system was loaded with specific intelligence data, which is no longer the case.

Given the complete failure of such systems to detect terrorists in retrospective studies, and the horrifically high false positive rate, and the chilling effect such programs have on the freedom to be different, it is very hard to believe that their real purpose is to spy on Americans and impose a high degree of conformity on American society.

Keep in mind...

[jjohnson (62583)]

Not that I'm at all happy about the monitoring, but in fairness, would the NSA/FBI report massive success with the data mining? Doing so would inform terrorists (drug dealers, lesbians, Democrats) that the simple pattern of their phone calls can identify them, forcing them to change their methods of communications, undermining the success of the program. It might be sufficient for them to publicly leak stories that the program isn't working while reporting to the government that it's actually quite successful. It certainly wouldn't be the first time disinformation has been used.

An interesting aside: as reported by Bruce Schneier, al Qaeda members avoid Echelon by using shared Hotmail accounts. Rather than sending email, they create drafts and save them, and have a running conversation in the draft before deleting it. Not sending the email means the email doesn't trigger midpoint monitoring. Would they be doing that if they didn't know about Echelon?

Re:It's possible according to Yahoo

[plague3106 (71849)]

This won't work at all.

They are operating under a logical fallacy. A flurry of calls after an overseas call does not mean the two are related in any way. Perhaps (and more likely than the person being a terrorist) is that the person which received the overseas call and then calls domestically is just relaying family information.

I know my family operated like this (although completely within the US). All you had to do was tell my grandmother something, and you could rest assured she'd spread the news to the rest of the family for you.

Re:terrororists

[Billosaur (927319)]

I don't know about terrorists, but calling patterns can effectively be used to identify drug dealers, according to HBO's The Wire. I imagine polygamists, as illustrated in HBO's Big Love, would exhibit abnormal calling patterns with their supersized family calling plans.

And let's not forget all those out there with girlfriends/boyfriends they don't want their wives/husbands to find out about. That alone could make great extortion material and provide a new way to fund covert operations.

Re:Quick, Look the Other Way!

[dhasenan (758719)]

Because in order for your vote to count, it has to agree with a large number of other votes. If we got a libertarian for President--say, Michael Badnarik--then the NSA would have to hide its spying from the President, as well. But for any national candidate to succeed, they need media coverage. For some reason, Ralph Nader, who was only on the ballot in 36 states, got far more coverage than Badnarik, who was on the ballot in (I believe) 49 states. Why? Because Nader couldn't have won, so the media could safely involve him.

So, your choices for every election are between media coalitions. Which generally means that each of the major US parties supports slightly differing sections of the economy--service sector for the Democrats, production for the Republicans. That's the major difference.

Now, armed resistance is ridiculous when the government has billions of dollars of military equipment. And other technological countermeasures will likely prove ineffective in a short period of time.

Re:Quick, Look the Other Way!

[paulbd (118132)]

you have to be kidding! you're claiming that the media covered Nader because he could not have won, but Badnarik could have won and so they didn't cover him? they didn't cover Badnarik because even if he was on the ballot in 150 states, he still could not have won. i agree - its a poor reason to avoid covering Badnarik and his party's ideas, but lets get serious about the reasons here.

Disarm them.

[babbling (952366)]

The most effective way of stopping terrorists is taking away their cause. Believe it or not, terrorists don't blow up hundreds of people as well as themselves because they "hate freedom" or any of that rubbish.