A new awareness of governments’ capabilities in collecting and monitoring vast amounts of information in great detail has raised concerns over privacy, civil, legal and human rights implications. The list of the outraged goes from liberal activist groups to the media and the right including the President.
In (Part I) and (Part II) I set up the dynamics leading to an area that is a greater domain of risk. To get a few points across, it is useful to recall/review risk. Risk is assessed on 2 dimensions: probability and impact. We do not waste resources or energy on high probability/low impact (yapping noise at Starbucks) and low probability/low impact (rain on sunny days) outcomes. We avoid (or should if we know) high probability/high impact ones.
The danger lies in low probability/high impact outcomes. We build safeguards into infrastructure, systems and environments where adverse impact can be high (prevention) and try to reduce or eliminate the probability where it is high (transform, disrupt.) The more complex a system (organization, machine, etc.) the more difficult it is to keep track of dependencies and secure weak links if each have their own probability of failure/compromise and cascading affects.
As the safeguards become ubiquitous we take them for granted and the risk is not reduced per se but carefully managed and maintained at an acceptable level. Flying in a 1,000,000 lb pressurized cabin of metal at 33,000 feet is not inherently safe — it is made safe by rigorous application of experience, science, engineering and quality control processes in design, manufacturing and maintenance.
The current fixation with the NSA is somewhat biased and in 2 aspects (too many to go into here but some typical ones exploited in Information Warfare and propaganda: anchoring/confirmation/Post hoc ergo propter hoc/Illusory correlation/Description-experience gap/bandwagon/fundamental attribution/backfire/bandwagon/framing biases, affects and errors.) First — notwithstanding a healthy distrust in authority, the populist de facto acceptance of conspiracy theories, leaks, and already acknowledged errors — data collection, storage and dissemination systems (physical, legal, process and human) are by-and-large sound. BTW recent leaks have also demonstrated underlying value. Agreement with the law and policy being a separate issue, the DNI’s section 702 release, the transparency report and EFF FOIA request show no violations of rights and the inability to fully minimize led the NSA to drop the “about” collection method. Talking about lack of transparency in such closed conspiratorial system we have!
Second, the mission, culture and incentives at the national security level are focused on building national and international towers and moats and not sinking some poor sob’s boats. I do rhyme! The same goes for Five Eyes (same level) sharing which is again not absolutely unrestricted in either direction.
So, based on oversight checks and balances and all evidence and logic, the mass hysteria following Snowden and other leaks about (no pun here) violation of individual and Constitutional rights has little basis in relevant facts, inference or a remotely reasonable conclusion. The risk is extremely low if there at all.
One note on leaks and risk — you control what you can control which is much easier with environment, hardware, technology than people and human nature. The clearance processes, training, monitoring, and audit trails are controls for that risk. May be they can change or be improved but they are there.
Done with where the risks are low and onto where they are and why — not just naughty but oh so nasty!
And I expected to put the last nail in that coffin in 3 parts — alas the story of my life is going longer and beyond expectations. At least keeping it interesting and real. Hopefully we can reuse or dispose of the coffin for a burning-man style spectacle.