Monday, May 15, 2006

NSA Phone Records

I've been thinking often about the telephone records gathered or bought by the NSA. Other than the generally repugnant nature of gathering information about people under no suspicion, i've been trying to figure out what could go wrong. Normally it wouldn't concern me that the NSA would scrutinize my phone records specifically. There is so much data that the only reason they'd look at my records would be if they already had information leading them to me, in which case they could probably get the authorization they needed anyway. What concerns me is that they'll try to find the "leads" from the phone records based on poorly defined criteria, and then use that as the basis to investigate specific people.

The NSA is obviously looking for "patterns" that would indicate a tie to some illegal/terrorist activity. Bad things could potentially happen if the NSA finds false positives. But what would constitute normal and by comparison, unusual, telephone behavior? I'm sure that if all of one's calls go to or arrive from Yemen, Afghanistan, Syria, and Saudi Arabia then you'd get red-flagged; but it's likely that anyone with that pattern is either already a person of interest or really stupid. Presumably, the NSA wants to identify intermediaries; the people who get their information second- or third-hand from the people who talk directly to terrorist sources.

I'm not sure how i would go about this. Presumably the NSA already has some approach in mind, because despite the claims of security experts like Schneier who claim that the phone records are not useful i'm betting that the NSA has already conducted experiments on synthetically created data and found some method to seek what they want.

I think i'd probably look initially for the people who've called locations that harbor suspected terrorists. Then i'd start forming connections to the other people that they have called, and i'd try to continue this process at least a few levels deep. I'd probably try to identify the locations that show up on multiple trees, and maybe try to calculate some sort of measure of the statistical significance of that appearance (for example, i wouldn't suspect Domino's pizza of being a terrorist hub even though it might show up often).

That process however would almost certainly turn up lots of false positives. I recall years ago reading about how analysis of social networks shows that almost anybody can be connected through a few hops (like the Kevin Bacon game). In part this is because certain people seem to serve as nexus points, connecting very large clusters together. Even a relatively unsocial person such as myself serves to connect people in the Philippines through my wife's family to people in rural Indiana, parts of Arizona and California, Canada, several European countries, and even back to Asia through numerous Chinese and Indian friends and acquaintances. This wouldn't show up in my phone records (i hate the phone), but it might show up in my e-mail history.

I guess you could further refine this by looking for starting points that seem peculiarly disconnected from the social network except for significant numbers of calls overseas and a small number of significant domestic calls. However, that's probably the calling pattern of most recent immigrants, some of whom might even have unwitting connections to real suspects. So, in short, i don't know what the NSA is looking for. God knows they're collectively a hell of a lot smarter than i; but i'm still not convinced they're smart enough.

No comments: