I think with the current news about the government’s planned snooping powers we could look at the government’s manifesto concerning civil liberties. I remember when I voted I considered such things important.
Particularly relevant at this time:
We will implement a full programme of measures to reverse the substantial erosion of civil liberties and roll back state intrusion.
We will end the storage of internet and email records without good reason.
And what will the government actually achieve with their plans? Any serious criminal will work around them. I use GMail in America which I access over HTTPS, so I suspect it is the American government who spies on my mails not the British. If I was a foreign national secretly intent on harming Britain then I’d have very plausible reason to continue using the mail server in my own country of origin under the rules of my own government. Or maybe I could use the mail server in my own company which, for security reasons, I’d have to access over a secure network. It’s just too easy to not have your emails read (without some code breaking effort) and have plausible reason to do so. The code breaking effort to read all of our emails will be prohibitive.
So what will they achieve? Profiling I assume. They’ll look at web usage and the list of people who they believe you communicate with and either manually or more automatically they’ll try to profile you based on it. We see this automatically with online advertising, and we see where it goes wrong. Maybe some Baysian Decision Engine will try to determine whether or not one of us looks too much like a terrorist.
I really hope not to be one of the people on the false positive side of the decision boundary. If this widens from catching terrorists I hope not to be one of the people on the false positive side of any future decision boundaries. Combine it with something like the last government’s vetting scheme and your future career could depend on whether or not some computer thinks you may be a paedophile based on some profiling algorithm which will have errors.
Let’s say their automated algorithm can deduce with 95% certainty that someone looks suspicious. Such accuracy would be phenomenal! I’d expect 50% would be good going. A human should be good at this, but we see in the Social Services how humans with access to even more data than this computer system get it wrong when we see a “Baby P” story, or the opposite “Innocent parents lose child” story, so a computer is not going to do well.
Let’s imagine these super researchers in GCHQ can tell from their data with a false positive rate of 10% and a false negative rate of 3%. They’d have to teach it to be more suspicious, to more readily assume that someone is a terrorist, in order to catch the real ones at the expense of ensnaring more innocents. Let’s say there are 1000 potential terrorists amongst the population of, say, 50 million email users. So what do we see:
- 5,000,000 “terrorists” detected (10% false positive rate, swamps real positive rate).
- 30 real terrorists get away undetected.
- Of the 5,000,000 the government have to manually find the 990 real ones.
- How many of those 5,000,000 have their lives needlessly ruined?
Run the figures again for a system with less accuracy? I took the figures above from the technical manual for an automated defibrillator. If you believe a machine can be accurate, this should be be example.