It is indeed a fascinating piece, partly because of what Poindexter doesn’t say. He discusses DARPA’s data-mining proposal mainly in terms of intentions rather than nuts and bolts. And he attempts to deflect criticism of the scheme’s intrusiveness by asserting that it was designed to use non-U.S. databases.
My main objections to the scheme are not that it’s ill-intended but that it will generate huge numbers of false positives and be an invitation to abuse in the future. (See this post and this post for related comments.) Admiral Poindexter says that the overseas databases that are to be used for the project do not contain information about U.S. citizens. However, there is reason to be cautious in accepting such assurances, as initial rumors had the scheme searching through precisely the kinds of U.S. financial records that Poindexter now insists are not involved, and DARPA’s description of the program has changed in response to public and Congressional opposition. Even if you take Poindexter at his word, it’s reasonable to be nervous about such a program, because it’s impossible to know who will be running it in the future and whether the system’s anti-snooping safeguards, which require us to trust the good will of whoever is administering it, will be followed.
DARPA’s software, no matter how sophisticated it is, cannot be perfect. It will probably be designed to err in favor of generating false positives rather than false negatives. That’s reasonable given the high cost of false negatives. The big problem is that the databases that will be used are likely to be full of errors. (This is especially true in the case of government databases. Commercial databases like those used for credit and banking records — precisely the databases that Poindexter says won’t be used — have at least the advantage of being relatively easy for individuals to check and challenge. Correcting errors in government databases is typically a much more difficult process, even if the subjects of these databases are aware of the databases’ existence. Look, for example, at how difficult it is for individuals even to find out if they are on the government’s “no fly” list, much less get their names removed if they are erroneously listed.)
Inevitably, the bigger the scope of this scheme, the more false positives there will be. Given how few real terrorists there probably are in relation to the number of people with suspicion-generating data patterns, including spurious patterns based on bad information, it’s conceivable that the task of picking the real terrorists from the cloud of people erroneously flagged will not be much easier than are current ways of finding terrorists. It’s an empirical question whether the costs of such a system would justify its benefits, but it’s annoying that officials responding to public concerns barely touch on the issue of database inaccuracy, which should be a main issue. Surely Poindexter is aware of the central importance of data quality. I don’t think he has bad motives, but it’s not a good sign that he prefers to guide the discussion in a different direction.
Public skepticism of schemes of this kind might diminish if the officials in charge didn’t act like they were trying to put one over on us. They probably do it out of habit, but it’s a costly habit nowadays. They should address directly the burning issues of database inaccuracy and false positives. I think these are deal killers but maybe I’m wrong. I’d like to hear why I’m wrong rather than be fed platitudes about the dangers or terrorism and the sophistication of your software and why I should trust you because your motives are good. DARPA does a lot of neat things, but I would trust its administrators more if they leveled with us and didn’t ignore some glaring weaknesses in this flagship program of theirs. In other words, earn the public’s trust and you might have a better chance of getting your ideas implemented.