Privacy and the War

The NSA is in the news again with reports that they asked for, and received, the call records, sans personally identifying information, from all major telcos but Qwest.

While it appears that the government didn't violate any laws with this effort, since the data was given voluntarily, the companies may be in violation of the Stored Communications Act or the Electronic Communications Privacy Act (or a host of other telecommunications laws going back to 1934).

This new program, coming on the heels of the earlier one to eavesdrop on international phone calls, has brought to the forefront the question of what the proper balance is between security and privacy during wartime.

I've been on record defending the previous program, which might seem kind of weird for someone who bills themselves as a classical liberal. And to be honest, I'm not too happy in the abstract about either effort, or the whole idea of the State watching everyone that closely. But there are three reasons I've defended them:

1. Many people rushed to judgment and claimed that it was clearly illegal before the details of the program came out and without knowing what the law and case law said. In neither case was it obvious from initial reporting that a law, or the Constitution, had been violated.
2. Many people who attacked the programs were also quick to accuse the Bush administration of not "connecting the dots" on previous attacks.
3. It wasn't clear to me that the invasion into our privacy was any worse than what we put up with on a daily basis for a host of other (less important) reasons.

That last point is worth expounding on. Even if the government is getting all of our calling records, why do people think that this is some unprecedented violation of privacy, never before countenanced by the American people? As Mark Steyn points out:

I'm a strong believer in privacy rights. I don't see why Americans are obligated to give the government their bank account details and the holdings therein. Other revenue agencies in other free societies don't require that level of disclosure. But, given that the people of the United States are apparently entirely cool with that, it's hard to see why lists of phone numbers (i.e., your monthly statement) with no identifying information attached to them is of such a vastly different order of magnitude.

People were outraged by the Patriot Act, but many of the provisions simply extended to counter-terrorism tools that the DEA was already using in the War on Drugs. And the NSA calling database program pales in comparison to the pervasive invasion caused by the current income tax regime. Every stock I own, every bank account or piece of real property, the salary I earn, the gifts I give or receive, the tuition, the medical expenses I pay. All of this is already sucked up into a vast database to tell the government how much to expropriate from me. Surely this is a much greater violation than a database of phone numbers I've called. And surely there are other less intrusive means that could be used to gather revenue.

And that's where the libertarian in me comes out. If we're going to have intrusive, privacy-shredding policies they should be used where there are few or no reasonable alternatives and where the government has a legitimate role to play. So I don't understand the concern, the national coverage, talk of impeachment, in having these programs for national security when as bad or worse exists to continue a failed policy of drug prohibition or an inefficient policy of tax collection and enforced retirement savings.

Defense is a proper role of the federal government. Drug prohibition, enforced savings, and income redistribution are not as far as I'm concerned. So, while it would be consistent for me to support the NSA wire taps and not the others, I'll make this pledge: once we get rid of the IRS and the War on Drugs (which is about a thousand times less likely to end than the War on Terror), and their excesses, I'll get more concerned about what we're doing to try to stop another 9/11.

Probability and Predictions

One of the things that has bothered me for some time now is how people make and communicate predictions about the future. To pluck an (important) example from the headlines, the CIA and other intelligence analysts have said that Iran is 5 to 10 years away from being able to build a nuclear bomb. But, even though this number has been quoted hundreds of times, there is never any context to explain what it means.

While it's all obviously fuzzy, and in the end of the day someone just looks at all the evidence and puts a number on, it would be nice to be told what is being claimed with those numbers. Is it some kind of confidence interval? "We believe there is a 95% chance that Iran will produce a bomb in more than 5 years but less than 10 years." Is it something else? If we wanted a 99% confidence would it jump to 1 to 30 years, or 4 to 11 years?

I'm reminded of the silly little probabilities that Gartner Group pioneered in their industry research ("Microsoft will delay the release of Window 98 until 1999 (0.8 probability)"). I thought those were kind of dumb at the time, but at least you had some sort of indication how sure the analyst was. And you could have, with some work, measured how good of a job she did both in making predictions and in assigning probabilities.

But it's still pretty lame as far as imparting information that's useful for making decisions. Even the weatherman hasn't moved past using simple probabilities for chance of rain on a given day. While that may be the best measure for planning a picnic, it's not going to do you much good if you're trying to gauge the chance of a drought (you can't just add up the "chances of rain" each day because they are not independent events).

So, what would a good tool for communicating the likelihood of an uncertain future event? Well, returning to the Iranian nuclear program issue, here's what I'd like to see: a distribution showing the cumulative probability of them building a bomb over time. Preferrably, we get to see a pretty little graph, and we'd get one from several sources. Here's an example of what one might look like for the Iranian bomb:

How is this better than what we get in the news? Well, first of all, I can look at it and see that the analysts think there's a one in five chance they already have a bomb. Second, as a policy-maker or voter, I can set my threshold for what cumulative probability I'm willing to tolerate before "drastic measures" need to be taken. Also, I can see which years the slope is highest, which might indicate the timing of any action taken.

In addition, analysts could make multiple versions of the graph with different assumptions in place and show us side-by-side what the effect would be. So we could have one graph that showed the distribution if there's a secret military project that's been ongoing since 2003 vs. if the public program is all there is.

Now, it's still not perfect. It's intelligence work, and it's only as good as the information, assumptions and analysis that goes into it. And there's no easy way show confidence in the individual assessments that make up the overall distribution (for instance, the assessment that there's a 20% chance that they already have a bomb makes a big difference in the graph, at least in terms of absolute magnitudes – how good was the information that informed that decision vs. the rest?)

But, to me, it's much better than "they are five to ten years away from a bomb".

Anyway, comments from the mathematical and policy oriented?