A while ago, I finished Bruce Scheier’s, Data and Goliath. This seemed important (pp. 139 – 140; boldface mine):
When he was NSA director, General Keith Alexander argued that ubiquitous surveillance would have enabled the NSA to prevent 9/11. That seems unlikely. He wasn’t able to prevent the Boston Marathon bombings in 2013, even though one of the bombers was on the terrorist watch list and both had sloppy social media trails–and this was after a dozen post-9/11 years of honing techniques. The NSA collected data on the Tsarnaevs before the bombing, but hadn’t realized that it was more important than the data they collected on millions of other people.
This point was made in the 9/11 Commission Report. That reort described a failure to “connect the dots,” which proponents of mass surveillance claim requires collection of more data. But what the report actually said was that the intelligence community had all the information about the plot without mass surveillance, and that the failures were the result of inadequate analysis.
…Whenever we learn about an NSA success, it invariably comes from targeted surveillance rather than from mass surveillance. One analysis showed that the FBI identifies potential terrorist plots from reports of suspicious activity, reports of plots, and investigations of other, unrelated crimes.
This is a critical point. Ubiquitous surveillance and data mining are not suitable tools for finding dedicated criminals or terrorists. We taxpayers are wasting billions on mass-surveillance programs, and not getting the security we’ve been promised. More importantly, the money we’re wasting on these ineffective surveillance programs is not being spent on investigation, intelligence, and emergency responses: tactics that have been proven to work.
Mass surveillance and data mining are much more suitable for tasks of population discrimination: finding people with certain political beliefs, people who are friends with certain individuals, people who are members of secret societies, and people who attend certain meetings and rallies. Those are all individuals of interest to a government intent on social control like China. The reason data mining works to find them is that, like credit card fraudsters, political dissidents are likely to share a well-defined profile. Additionally, under authoritarian rule the inevitable false alarms are less of a problem; charging innocent people with sedition instills fear in the populace.
I realize both the ineffectiveness of our mass surveillance state, as well as its ‘repurposing‘ as a way to target non-violent groups, are points I’ve made before, but it never hurts to make them again. Not that I expect to see the security state ratcheted back in my lifetime.
Must have been well over thirty years ago, some guy was trying to sell my outfit data mining as a way of catching bad guys. In discussion, he conceded they couldn’t actually identify bad guys, only outliers according to some criteria or other. Pretty easy to beat the system if you knew or suspected it was being used, he agreed. That was the first time I heard the expression “aggressively normal”, although the concept (“where do you hide a leaf ..?”) is an old one. Maybe things have moved on from then.