The Book Club

We Need To Put Our Spies on a Data Diet

Hi, Patrick,

This has been a great conversation. Thanks for taking the time to discuss The Watchers, and for bringing your considerable expertise on these issues.

It’s funny. When I began writing this book, I knew that I’d make a case for why our laws should focus more on what the government does with our data than on the way they collect it. But I didn’t know that the government would prove my point so publicly. The Christmas Day attack, which you mentioned in your last entry, is a perfect example of how the government’s obsession with collecting the dots has overridden the more pressing need to make sense of them. I was appalled to learn that for all the billions of dollars spent on new technology, and for all the political blood that’s been spilled and credibility lost, there was not an automated process for checking names in the master terrorism database against records of people who have received U.S. visas. What?!? I was literally slapping my forehead when the administration revealed this in its initial assessment of why no one stopped Umar Farouk Abdulmutallab, the alleged bomber, from getting on an airplane. The people on the master list—and he was one of them—are people we’d like to keep out of the United States or know when they’ve arrived. Visa records would tell us that!

You asked me whether “Poindexter’s dream of a sensitive, fully harmonized mega-database” would have solved this problem. And the short answer is yes. But only because this was a relatively easy problem to solve. Let’s just look at what the intelligence community knew about Abdulmutallab before December 25, 2009. They had NSA phone intercepts of al-Qaida operatives in Yemen, talking about a “Nigerian” employed for a new operation; a report from the kid’s dad that he’d gone to Yemen to hook up with Islamic radicals; and a visa for the young Abdumutallab, issued before his father went to the embassy to warn officials. Those facts were never connected, the administration concedes now, either by a computer or by an alert human analyst. I can imagine a fully harmonized system that would have taken the report from Abdulmutallab’s father and then 1) checked the son’s name against the visa records and 2) scoured NSA intercept reports for mentions of Abdulmutallab and Nigeria. Technically speaking, this isn’t as easy as it sounds, but it’s not impossible. More than eight years after the 9/11 attacks, this still hasn’t happened. That’s unforgivable.

Here, a system like Total Information Awareness, focused solely on information that the government had already legally collected, might have paid dividends. You’ll never take the human factor out of this analysis. Some person will always have to respond to the red flag raised by a computer and decide whether to follow up on it or ignore it. But there are some basic cross-references here that a computer could handle, freeing up those dot-connecting analysts who are simply drowning in the thousands of leads and suspect names that show up in intelligence agency databases every day.

But here’s the catch. The system I’ve just sketched out is pretty simple. Finding terrorists, however, before they’ve been mentioned in phone calls or before their parents have shown up at an embassy … that is exponentially harder. This is where Jeff Jonas, one of my favorite characters in the book, has it right when he criticizes data mining for the “terrorist discovery problem.” Jeff’s essential point is that in order for data mining to work, you have to have a target. You have to have a known “bad guy,” or a suspect, and then go to work mining data on him. The technology doesn’t help you when you’re searching for an unknown bad guy in the vast, noisy data cloud, without much of an idea where to start.

But here’s where Poindexter took issue with Jonas. He acknowledged that data mining uses statistical analysis to find connections. And since terrorist attacks are statistically so rare, data mining isn’t very useful when you don’t know who the terrorist is. So Poindexter wanted to use “red teams,” groups of terrorism experts who’d devise likely attack scenarios and then identify the patterns of activity that terrorists must engage in before they strike. TIA would then hunt in the data for evidence of those patterns. This is where the plane tickets and rental car records came in. The credit card transactions, too. What were the signatures of terrorist planning, based on these kinds of records?

This is the part that gave people the creeps, and rightly so, because some of these patterns of activity would inevitably be linked to innocent transactions and people. We’ve already talked about the ways he wanted to protect privacy with encryption and the way you could insert judicial oversight into the mix. But I think it’s fair to say that any TIA-like system lives or dies on this one point. Can it effectively isolate the bad guys from the good guys?

Today, the answer is no. None of Poindexter’s initial trial runs demonstrated that you could do this with a high degree of confidence that you wouldn’t accidentally get the wrong guy. True, he didn’t have a lot of time to continue the experiments, but they did go on behind closed doors after Congress pulled TIA’s unclassified funds, and there, too, they didn’t perform well enough. In the meantime, the government, and chiefly the National Security Agency, has kept trying to connect the dots by ingesting more of them. There is some strange pathology at work here that I equate to hoarding. It’s as if in order to feel safe, the government has to hold onto every possible scrap of information that maybe, just maybe, will prove useful one day. We can’t go on like this. Our analysts are burning out.

Poindexter thinks he can build a system to manage this overwhelming problem. I’m skeptical. But I think there’s another way to put his ideas to use: Revive his ideas for pattern analysis—but only for internal government use and on a limited amount of information. No mining of airline records and credit card transactions. No connection to private databases. Pull out the dozen most fruitful streams of terrorism intelligence already in government control, standardize them so that one computer can do a meta-search on all of them, and then see whether we can’t detect patterns of activity in that more manageable sea of dots. Let’s put the spies on a data diet and let them exercise their brains.

To your final question, will Poindexter have the last laugh? I think he already has. But I’m pretty sure that it’s not a triumphant one. He’ll be the first to tell you that his ideas are here to stay. But he’ll also tell you that he deeply regrets how poorly they’ve been implemented. My bet: Until his dying day, he will keep working to convince people, behind the scenes and at the highest reaches of power, that there’s a better, smarter way to do this.