Trump's spy agencies say AI vendors will sell them needle-detection tools for infinite haystacks


Originally published at:


In case everyone forgot about it, there was a Boing Boing post regarding an interesting documentary that is somewhat related to this news item. It just hit Canadian Netflix, so that means it’s everywhere else as well.


I’ve never gotten past the statement years ago from General Keith Alexander, Director of the NSA, where he said “you need the haystack to find the needle.”

I always wondered when it was that this man stopped listening to the words coming out of his own mouth.


I would like to employ the word cybercrud to mean, in general, putting things over on people using computers. Cybercrud is one of the most important specialties, if not the economic backbone, of the computer field. The promotion of false or clumsy approaches to a problem as “scientific,” the frequent claim that "the computer has to have it that way – when a certain thing could be programmed very differently – are cybercrud.
-Ted Nelson, 1970.


Trump’s spy agencies? All of this has been in motion for over a decade, and has little to do with the orange man.


Great shot of Terry Gilliam’s ‘Brazil’ Ministry of Information.


Today’s “AI” means about as much as the “Expert Systems” and “4th Generation Languages” of the 80s.




"you need the haystack to find the needle.”

This is why we have needle exchange programs.


I recently watched The Road to 9/11 on the History Channel which was a great docco on how we ended up with it happening.

One of the biggest failings (among many)? A pissing match between the FBI and CIA where they refused to share information at a critical point in the timeline when several of the highjackers (who were already on watchlists) entered the USA over a year prior.

More often than not the mistakes weren’t in intelligence gathering - it was in lack of action from the decision makers and intra agency fighting.


Wow. I’m familiar with all the fashionable AI technologies out there, and none of them are going to be anything but a nightmare for this.

To start with, I can’t even imagine how you’d have enough actual incidents to construct a useful training set. You’d need full web/cell surveillance data for tens of thousands of actual terrorists to even start training your models. In some cases you can do some transforms to expand your data set, but for something this complex that would inevitably just code in the biases of the people expanding the dataset.

Second, even if you do expand your definition of “terrorist” enough to get that training set, and your model is, say, 99.5% accurate (achievable for things like image recognition, but implausible for something this complex.), you will still have enormously more false positives than genuine positives when you’re looking for something rare. This is something they cover in the first chapter or two of every single textbook on machine learning.

That said, if there are any spooks reading this, I’ll sell you an AI that does this just as well as anyone else’s, for half whatever they’re charging you.


Space_Monkey is correct. When I was a statistician with the NSA, we used data science and machine learning rather than AI, but the principles are the same. I cringe at the statement, “We kill people based on metadata,” hope it is hyperbole, and remember that my office followed up metadata results with more conventional methods. Dawn Meyerriecks said, “You can’t go to leadership and make a recommendation based on a process that no one understands.” The intelligence analysts don’t want unexplained processes, either.
Twice I met with CIA data scientists, who shared techniques from their contractors. Those contractors were smart and creative. Many ideas had potential. Nevertheless, the contractors lacked the NSA’s data and experience for testing the accuracy of new methods.


The solution for this will probably be to open the data up to the contractors, multiplying again the already excessive number of people who have too much access.

I don’t have a problem with NSA employees themselves having such access; I know from firsthand experience how well well vetted they are. I’m willing to assume the same for the CIA, though not from personal experience. Likewise I’m not uncomfortable with some traditional contractors, especially nonprofits like Mitre and IDA. However, the further away from government the contractors are, or the more profit-driven they are, the more I can imagine mischief ensuing.

It was bad enough getting equifaxxed this week, I do not look forward to being stabilitassed.


So once you have your pile of haystacks winnowed down to one haystack of false positives with presumably some actual positives in there, couldn’t you rinse and repeat?


The same algorithm run on the reduced data would likely give higher scores to the false positives because some evidence that they are innocent would have been lost in the reduction. The proper next step would switch to another analysis that looks at evidence from a different source.


Which is how natural intelligences do it, BTW.

Most of our sensory systems are processed by the brain in multiple ways, with the resulting perception arising from the intersection of the results of that processing.

For example:


The difference between contractors and government employees is mainly who provides mandatory, death-by-powerpoint training (government or company) and the name on the paycheck. Contractors are subject to the same, if not more, controls and restrictions on any government data they’re given to work with.


While the official protocols for handling the data are likely the same, I’m talking about the caliber of the people themselves, based on both the nature of the vetting process used in hiring at the agencies and the general difference between working in this kind of public service rather than the for-profit sector.


The primary reason a good chunk of those contractors aren’t government employees isn’t because they wouldn’t survive the vetting process, but simply because those government billets don’t exist. The reason for that is to keep official employee numbers low.


The official employee numbers in the government agencies is not low, especially if you include the traditional quasiautonomous nonprofit contractors like the ones I mentioned above. The NSA is the largest employer in the world in my field.

My post only reported my own confidence, based on my own experience with the employment process at one agency, and what I know of various friends, colleagues, and students who have worked in both the profit, non-profit, and governmental wings of this sector, as well as reports that have circulated post-Snowden of the culture of some of the for-profit independent contractors.

Of course, there are also people who see no difference between government and private prisons, between profit and non-profit institutions of higher education, between US Marines and Blackstone mercenaries.