OODA OriginalUncategorized

Nice Try (NSA critique) (Update)

One of the better attempts to critique the NSA’s efforts today in the NY Times:

If the program is along the lines described by USA Today — with the security agency receiving complete lists of who called whom from each of the phone companies — the object is probably to collect data and draw a chart, with dots or “nodes” representing individuals and lines between nodes if one person has called another. […]

But without additional data, its reach is limited: as any mathematician will admit, even when you know everyone in the graph is a terrorist, it doesn’t directly portray information about the order or hierarchy of the cell. Social network researchers look instead for graph features like “centrality”: they try to identify nodes that are connected to a lot of other nodes, like spokes around the hub of a bicycle wheel.

An admirable effort, but like all critiques of the program(s) it falls apart because of a lack of information (thank goodness). The key assumption here is that SNA is all that is being done. That would be a reasonable assumption if there weren’t enough mathematicians and computer scientists and social scientists and all sorts of other scientists on hand at NSA to staff a couple dozen universities. The government – especially the intelligence community – is slow, but it isn’t stupid. NSA may be a one-trick pony when it comes to collection, but they’re not strangers to the concept of intelligence fusion.

One story, one mention of a particular technique, and suddenly the program is a failure because there are flaws in the use of merely one technique . . . and people criticize IC analysis.

Guys like me have an unfair advantage in situations like this, but even if you are a complete outsider, sticking to the basics and not giving in to excessive speculation helps produce much better results.

OTB takes a similar tack.

Update:Neighbor and crypto guru Bruce Schneier weighs in on the Farley article in the NY Times. He is naturally skeptical, which is what you’d expect from a guy who writes encryption algorithms. I also heard the NRP version of this article yesterday afternoon, which reiterated the same points and despite deducing the answer, suggested there was an unanswered question: What should we do if the mentioned techniques alone are unlikely to work?

Now there is no way my math skills stack up against the likes of Schneier and Farley but the answer here is so obvious I’m wondering if I’m not merely mentally inadequate but outright stupid. The answer of course is that there is more than one technique being applied to the data in these programs (which I mentioned previously). A sole source of data is inadequate? The techniques are inadequate? How about maybe the reporting is inadequate?

It is all well and good to get hyped up over a startling revelation associated with the intelligence business, but to suggest that everything in these leaked reports is the whole story is a mistake. Reporters might get some of the story, the might even get some of the documents, but they’re not read into all of the program(s). I direct you to what my pal Tom has said on this topic and leave it at that.

I will reiterate, and all politics aside: let’s give our intelligence officers a little credit.

Michael Tanji

Michael Tanji

Michael Tanji spent nearly 20 years in the US intelligence community. Trained in both SIGINT and HUMINT disciplines he has worked at the Defense Intelligence Agency, the National Security Agency, and the National Reconnaissance Office. At various points in his career he served as an expert in information warfare, computer network operations, computer forensics, and indications and warning. A veteran of the US Army, Michael has served in both strategic and tactical assignments in the Pacific Theater, the Balkans, and the Middle East.