January 18, 2025

Posts Comments

The Exxon Valdez of Privacy

June 12, 2006 by

Recently I moderated a panel discussion, at Princeton Reunions, about “Privacy and Security in the Digital Age”. When the discussion turned to public awareness of privacy and data leaks, one of the panelists said that the public knows about this issue but isn’t really mobilized, because we haven’t yet seen “the Exxon Valdez of privacy” – the singular, dramatic event that turns a known area of concern into a national priority.

Scott Craver has an interesting response:

An audience member asked what could possibly comprise such a monumental disaster. One panelist said, “Have you ever been a victim of credit card fraud? Well, multiply that by 500,000 people.”

This is very corporate thinking: take a loss and multiply it by a huge number. Sure that’s a nightmare scenario for a bank, but is that really a national crisis that will enrage the public? Especially since cardholders are somewhat sheltered from fraud. Also consider how many people are already victims of identity theft, and how much money it already costs. I don’t see any torches and pitchforks yet.

Here’s what I think: the “Exxon Valdez” of privacy won’t be $100 of credit card fraud multiplied by a half million people. It will instead be the worst possible privacy disruption that can befall a single individual, and it doesn’t have to happen to a half million people, or even ten thousand. The number doesn’t matter, as long as it’s big enough to be reported on CNN …

[…]

So back to the question: what is the worst, the most sensational privacy disaster that can befall an individual – that in a batch of, oh say 500-5,000 people, will terrify the general public? I’m not thinking of a disaster that is tangentially aided by a privacy loss, like a killer reading my credit card statement to find out what cafe I hang out at. I’m talking about a direct abuse of the private information being the disaster itself.

What would be the Exxon Valdez of privacy? I’m not sure. I don’t think it will just be a loss of money – Scott explained why it won’t be many small losses, and it’s hard to imagine a large loss where the privacy harm doesn’t seem incidental. So it will have to be a leak of information so sensitive as to be life-shattering. I’m not sure exactly what that is.

What do you think?

Filed Under: Uncategorized Tagged With: ,

Twenty-First Century Wiretapping: False Positives

June 8, 2006 by

Lately I’ve been writing about the policy issues surrounding government wiretapping programs that algorithmically analyze large amounts of communication data to identify messages to be shown to human analysts. (Past posts in the series: 1; 2; 3; 4; 5; 6; 7.) One of the most frequent arguments against such programs is that there will be too many false positives – too many innocent conversations misidentified as suspicious.

Suppose we have an algorithm that looks at a set of intercepted messages and classifies each message as either suspicious or innocuous. Let’s assume that every message has a true state that is either criminal (i.e., actually part of a criminal or terrorist conspiracy) or innocent. The problem is that the true state is not known. A perfect, but unattainable, classifier would label a message as suspicious if and only if it was criminal. In practice a classifier will make false positive errors (mistakenly classifying an innocent message as suspicious) and false negative errors (mistakenly classifying a criminal message as innocuous).

To illustrate the false positive problem, let’s do an example. Suppose we intercept a million messages, of which ten are criminal. And suppose that the classifier correctly labels 99.9% of the innocent messages. This means that 1000 innocent messages (0.1% of one million) will be misclassified as suspicious. All told, there will be 1010 suspicious messages, of which only ten – about 1% – will actually be criminal. The vast majority of messages labeled as suspicious will actually be innocent. And if the classifier is less accurate on innocent messages, the imbalance will be even more extreme.

This argument has some power, but I don’t think it’s fatal to the idea of algorithmically classifying intercepts. I say this for three reasons.

First, even if the majority of labeled-as-suspicous messages are innocent, this doesn’t necessarily mean that listening to those messages is unjustified. Letting the police listen to, say, ten innocent conversations is a good tradeoff if the eleventh conversation is a criminal one whose interception can stop a serious crime. (I’m assuming that the ten innocent conversations are chosen by some known, well-intentioned algorithmic process, rather than being chosen by potentially corrupt government agents.) This only goes so far, of course – if there are too many innocent conversations or the crime is not very serious, then this type of wiretapping will not be justified. My point is merely that it’s not enough to argue that most of the labeled-as-suspcious messages will be innocent.

Second, we can learn by experience what the false positive rate is. By monitoring the operation of the system, we can see learn how many messages are labeled as suspicious and how many of those are actually innocent. If there is a warrant for the wiretapping (as I have argued there should be), the warrant can require this sort of monitoring, and can require the wiretapping to be stopped or narrowed if the false positive rate is too high.

Third, classification algorithms have (or can be made to have) an adjustable sensitivity setting. Think of it as a control knob that can be moved continuously between two extremes, where one extreme is labeled “avoid false positives” and the other is labeled “avoid false negatives”. Adjusting the knob trades off one kind of error for the other.

We can always make the false positive rate as low as we like, by turning the knob far enough toward “avoid false positives”. Doing this has a price, because turning the knob in that direction also increases the number of false negatives, that is, it causes some criminal messages to be missed. If we turn the knob all the way to the “avoid false positives” end, then there will be no false positives at all, but there might be many false negatives. Indeed, we might find that when the knob is turned to that end, all messages, whether criminal or not, are classified as innocuous.

So the question is not whether we can reduce false positives – we know we can do that – but whether there is anywhere we can set the knob that gives us an acceptably low false positive rate yet still manages to flag some messages that are criminal.

Whether there is an acceptable setting depends on the details of the classification algorithm. If you forced me to guess, I’d say that for algorithms based on today’s voice recognition or speech transcription technology, there probably isn’t an acceptable setting – to catch any appreciable number of criminal conversations, we’d have to accept huge numbers of false positives. But I’m not certain of that result, and it could change as the algorithms get better.

The most important thing to say about this is that it’s an empirical question, which means that it’s possible to gather evidence to learn whether a particular algorithm offers an acceptable tradeoff. For example, if we had a candidate classification algorithm, we could run it on a large number of real-world messages and, without recording any of those messages, simply count how many messages the algorithm would have labeled as suspicious. If that number were huge, we would know we had a false positive problem. We could do this for different settings of the knob, to see where we had to get an acceptable false positive rate. Then we could apply the algorithm with that knob setting to a predetermined set of known-to-be-criminal messages, to see how many it flagged.

If governments are using algorithmic classifiers – and the U.S. government may be doing so – then they can do these types of experiments. Perhaps they have. It doesn’t seem too much to ask for them to report on their false positive rates.

Filed Under: Uncategorized Tagged With:

Twenty-First Century Wiretapping: Reconciling with the Law

June 6, 2006 by

When the NSA’s wiretapping program first came to light, the White House said, mysteriously, that they didn’t get warrants for all of their wiretaps because doing so would have been impractical. Some people dismissed that as empty rhetoric. But for the rest of us, it was a useful hint about how the program worked, implying that the wiretapping was triggered by the characteristics of a call (or its contents) rather than following individuals who were specifically suspected of being terrorists.

As I wrote previously, content-based triggering is a relatively recent phenomenon, having become practical only with the arrival of the digital revolution. Our laws about search, seizure, and wiretapping mostly assume the pre-digital world, so they don’t do much to address the possibility of content-based triggering. The Fourth Amendment, for example, says that search warrants must “particularly describ[e] the place to be searched, and the persons or things to be seized.” Wiretapping statutes similarly assume wiretaps are aimed at identified individuals.

So when the NSA and the White House wanted to do searches with content-based triggering, there was no way to get a warrant that would allow them to do so. That left them with two choices: kill the program, or proceed without warrants. They chose the latter, and they now argue that warrants aren’t legally necessary. I don’t know whether their legal arguments hold water (legal experts are mostly skeptical) but I know it would be better if there were a statute that specifically addressed this situation.

The model, procedurally at least, would follow the Foreign Intelligence Surveillance Act (FISA). In FISA, Congress established criteria under which U.S. intelligence agencies could wiretap suspected spies and terrorists. FISA requires agencies to get warrants for such wiretaps, by applying to a special secret court, in a process designed to balance national security against personal privacy. There are also limited exceptions; for example, there is more leeway to wiretap in the first days of a war. Whether or not you like the balance point Congress chose in FISA, you’ll agree, I hope, that it’s good for the legislature to debate these tradeoffs, to establish a general policy, rather than leaving everything at the discretion of the executive branch.

If it took up this issue, Congress might decide to declare that content-based triggering is never acceptable. More likely, it would establish a set of rules and principles to govern wiretaps that use content-based triggering. Presumably, the new statute would establish a new kind of warrant, perhaps granted by the existing FISA court, and would say what justification needed to be submitted to the court, and what reporting needed to done after a warrant was granted. Making these choices wisely would mitigate some of the difficulties with content-based triggering.

Just as important, it would create a constructive replacement for the arguments over the legality of the current NSA program. Today, those arguments are often shouting matches between those who say the program is far outside the law, and those who say that the law is outdated and is blocking necessary and reasonable intelligence-gathering. A debate in Congress, and among citizens, can help to break this rhetorical stalemate, and can re-establish the checks and balances that keep government’s power vital but limited.

Filed Under: Uncategorized Tagged With:

Adobe Scares Microsoft with Antitrust Threat?

June 5, 2006 by

Microsoft has changed the next versions of Windows and Office after antitrust lawsuit threats from Adobe, according to Ina Fried’s article at news.com. Here’s a summary of Microsoft’s changes:

[Microsoft] is making two main changes. With Vista [the next version of Windows], it plans to give computer makers the option of dropping some support for XPS, Microsoft’s fixed-format document type that some have characterized as a PDF-killer. Under the changes, Microsoft will still use XPS under the hood to help the operating system print files. But computer makers won’t have to include the software that allows users to view XPS files or to save documents as XPS files.

[…]

On the Office side, Microsoft plans to take out of Office 2007 a feature that allows documents to be saved in either XPS or PDF formats. However, consumers will be able to go to Microsoft’s Web site and download a patch that will add those capabilities back in.

The obvious comparison here is to the Microsoft’s tactics in the browser market, which were the basis of the big antitrust suit brought by the U.S. Department of Justice in 1998. (I worked closely with the DOJ on that case. I testified twice as DOJ’s main technical expert witness, and I provided other advice to the DOJ before, during, and after the trial. I’m still bound by a confidentiality agreement, so I’ll stick to public information here.)

Critics of the DOJ case often misstate DOJ’s arguments. DOJ did not object to Microsoft making its Internet Explorer (IE) browser available to customers who wanted it. With respect to the bundling of IE, DOJ objected to (a) contracts forbidding PC makers and end users from removing IE, (b) technical measures (not justifiable for engineering reasons) to block end users from removing IE, and (c) technical measures (not justifiable) designed to frustrate users of alternative browsers. DOJ argued that Microsoft took these steps to maintain its monopoly power in the market for PC operating systems. The courts largely accepted these arguments.

Microsoft has reportedly made two changes at Adobe’s behest. The first change, allowing PC makers to remove Vista’s XPS printing feature, may be consistent with the DOJ/IE analogy. By hardwiring IE into Windows, Microsoft raised the cost to PC makers of offering an alternative browser. Depending on how the XPS feature was provided, this may have been the case with XPS printing too. There is at least a plausible argument that allowing PC makers to unbundle XPS printing would enhance competition.

What may differ from the DOJ/IE situation is the relationship between the OS market and the other product (browser or portable document) market. With browsers, there was a pretty convincing argument that by suppressing alternative browsers, Microsoft was helping to entrench its OS monopoly power, because of the likelihood that a rival browser would evolve into a platform for application development, thereby reducing lock-in in the OS market. It’s not clear whether there is an analogous argument for portable document formats – and if there’s not an argument that tying XPS to Windows hurts consumers somewhere else, then perhaps it’s okay to let Microsoft bundle XPS printing with Vista.

The other action by Microsoft, distributing XPS/PDF printing functionality separately from Office (via download only), isn’t so close to the arguments in the DOJ case. Recall that DOJ was willing to let Microsoft ship IE with Windows if the customer wanted it that way, as long as there was a way for customers (including PC makers) to get rid of IE if they didn’t want it, and as long as Microsoft didn’t try to interfere with customers’ ability to use competing browsers. The analogy here would be if Microsoft allowed PC makers and customers to disable the XPS/PDF functionality in office – for example, if they liked a competing print-to-PDF product better – and didn’t try to interfere with competing products.

The point of all this should not be to handcuff Microsoft, but to protect the ability of PC makers and end users to choose between Microsoft products and competing products.

Filed Under: Uncategorized Tagged With:

Twenty-First Century Wiretapping: Content-Based Suspicion

June 2, 2006 by

Yesterday I argued that allowing police to record all communications that are flagged by some automated algorithm might be reasonable, if the algorithm is being used to recognize the voice of a person believed (for good reason) to be a criminal. My argument, in part, was that that kind of wiretapping would still be consistent with the principle of individualized suspicion, which says that we shouldn’t wiretap someone unless we have strong enough reason to suspect them, personally, of criminality.

Today, I want to argue that there are cases where even individualized suspicion isn’t necessary. I’ll do so by introducing yet another hypothetical.

Suppose we have reliable intelligence that al Qaeda operatives have been instructed to use a particular verbal handshake to identify each other. Operatives will prove they were members of al Qaeda by carrying out some predetermined dialog that is extremely unlikely to occur naturally. Like this, for instance:

First Speaker: The Pirates will win the World Series this year.
Second Speaker: Yes, and Da Vinci Code is the best movie ever made.

The police ask us for permission to run automated voice recognition algorithms on all phone conversations, and to record all conversations that contain this verbal handshake. Is it reasonable to give permission?

If the voice recognition is sufficiently accurate, this could be reasonable – even though the wiretapping is not based on advance suspicion of any particular individual. Suspicion is based not on the identity of the individuals speaking, but on the content of the communication. (You could try arguing that the content causes individualized suspicion, at the moment it is analyzed, but if you go that route the individualized suspicion principle doesn’t mean much anymore.)

Obviously we wouldn’t give the police carte blanche to use any kind of content-based suspicion whenever they wanted. What makes this hypothetical different is that the suspicion, though content-based, is narrowly aimed and is based on specific evidence. We have good reason to believe that we’ll be capturing some criminal conversations, and that we won’t be capturing many noncriminal ones. This, I think, is the general principle: intercepted communications may only be made known to a human based on narrowly defined triggers (whether individual-based or content-based), and those triggers must be justified based on specific evidence that they will be fruitful but not overbroad.

You might argue that if the individualized suspicion principle has been good enough for the past [insert large number] years, it should be good enough for the future too. But I think this argument misses an important consequence of changing technology.

Back before the digital revolution, there were only two choices: give the police narrow warrants to search or wiretap specific individuals or lines, or give the police broad discretion to decide whom to search or wiretap. Broad discretion was problematic because the police might search too many people, or might search people for the wrong reasons. Content-based triggering, where a person got to overhear the conversation only if its content satisfied specific trigger rules, was not possible, because the only way to tell whether the trigger was satisfied was to have a person listen to the conversation. And there was no way to unlisten to that conversation if the trigger wasn’t present. Technology raises the possibility that automated algorithms can implement triggering rules, so that content-based triggers become possible – in theory at least.

Given that content-based triggering was infeasible in the past, the fact that traditional rules don’t make provision for it does not, in itself, end the argument. This is the kind of situation that needs to be evaluated anew, with proper respect for traditional principles, but also with an open mind about how those principles might apply to our changed circumstances.

By now I’ve convinced you, I hope, that there is a plausible argument in favor of allowing government to wiretap based on content-based triggers. There are also plausible arguments against. The strongest ones, I think, are (1) that content-based triggers are inconsistent with the current legal framework, (2) that content-based triggers will necessarily make too many false-positive errors and thereby capture too many innocent conversations, and (3) that the infrastructure required to implement content-based triggers creates too great a risk of abuse. I’ll wrap up this series with three more posts, discussing each of these arguments in turn.

Filed Under: Uncategorized Tagged With: ,