It's intriguing to think reliable patterns are out there, if only we could pinpoint them: Patterns of evidence that could show us what factors make an organization successful, or what indicators we should look for when we're hiring. This is especially true when fighting crime -- in an effort to prevent post-2001 attacks, U.S. agencies have invested heavily in data-mining technology, hoping to identify patterns revealing potential terrorist activity. But the data-mining tools aren't working well, and a new National Academies report concludes they're generating an unacceptable number of false positives (a polite way of saying innocent people have their privacy rights violated, are accused of being terrorists, or worse). The press release (excerpt below) is titled "All Counterterrorism Programs That Collect and Mine Data Should Be Evaluated for Effectiveness, Privacy Impacts; Congress Should Consider New Privacy Safeguards."
This report is a welcome dose of pragmatic, evidence-based management advice to counterbalance the understandable urge to leave no stone unturned in the so-called war on terror. However, there are problems -- particularly with determining how to define success. Making matters worse, the report fails to offer a readily digestible or visual presentation of key evidence.
Findings. From the Executive Summary: "Modern data collection and analysis techniques have had remarkable success in solving information-related problems in the commercial sector; for example, they have been successfully applied to detect consumer fraud. But such highly automated tools and techniques cannot be easily applied to the much more difficult problem of detecting and preempting a terrorist attack, and success in doing so may not be possible at all. ...Because the data being analyzed are primarily about ordinary, law-abiding citizens and businesses, false positives can result in invasion of their privacy. Such intrusions raise valid concerns about the misuse and abuse of data...."
Recommendations. The report recommends better evidence-based design and management of these programs. They include a framework for evaluating the effectiveness of data-mining initiatives, whether newly proposed ones or current efforts. Here's a sample of the things they suggest, including demonstrating effectiveness based on scientifically valid criteria (see item #3 below).
I'm all for using scientifically valid criteria to measure success, but what criteria would you use? In the absence of post-2001 terrorist attacks within U.S. borders, it's hard to argue that these programs aren't successful here in the States (obviously the situation is very different in Europe and the Middle East). Does it come down to things like counting the leads generated by data-mining programs that resulted in arrests or deportations? Applying a standard cost-benefit analysis is always difficult, especially in cases like this.
Conditional probabilities? Lotsa luck. Buried on page 209, in Appendix H, they get to the essence of the problem -- or at least what I believe is the essence of the problem. Information fusion is one of the methods reviewed in the report. It refers to "a class of methods for combining information from disparate sources in order to make inferences that may not be possible from a single source." (I'm guessing those of us who are passionate about evidence-based management like to think this is what we're good at.) But there are too many variables -- including lots of psychological stuff -- involved in predicting who's planning a terrorist attack based on an analysis of phone calls and bank statements. They explain that information fusion "for these broader applications typically requires estimates of a number of parameters, such as conditional probabilities, that model how to link the evidence received at various levels of the decision process to the phenomenon of interest. An example might be the probability that a terrorist act is planned in country B in the next three months, given a monetary movement of more than X dollars from a bank in country A to one in country B in the last six months and the purchase in the last two months of more than the usual amounts of explosives of a certain type and greater than usual air travel in the last two months of individuals from country A to country B. Clearly, a conditional probability like this would be enormously useful to have, but how could one estimate it? It is possible that this conditional probability could be expressed as an arithmetic function of simpler conditional probabilities under some conditional independence assumptions, but then there is the problem of validating those assumptions to link those more primitive conditional probabilities to the desired conditional probability. More fundamentally, information fusion for the broader problem of counterterrorism requires a structure that expresses the forms in which information is received and how it should be combined. At this time, especially given the great infrequency of terrorist events, it will be extremely difficult to validate either the above assumptions or the overall structure proposed for use. Therefore, while information fusion is likely to be useful for some limited problems, it does not currently seem likely to be productive for the broad problem of identifying people and events of interest."
Finding a needle in a haystack made of identical-looking needles. More from the Executive Summary: "The preliminary nature of the scientific evidence, the risk of false positives, and operational vulnerability to countermeasures argue for behavioral observation and physiological monitoring being used at most as a preliminary screening method for identifying individuals who merit additional follow-up investigation. Although laboratory research and development of techniques for automated, remote detection and assessment of anomalous behavior, for example deceptive behavior, may be justified, there is not a consensus within the relevant scientific community nor on the committee regarding whether any behavioral surveillance or physiological monitoring techniques are ready for use at all in the counterterrorist context given the present state of the science."
As Read/Write Web explained it, "Remember the 'pre-cog' cop-things in Minority Report, able to figure out who was going to commit a crime before they committed it? If that's ever going to happen it looks like it's going to have to be something super-natural - because at least these days, technology is a long way from able to predict who's going to commit a crime."
You can buy a pdf of the report (or individual chapters for $3.10 each), or read the text online at no cost.
Excerpt from the press release: "Pattern-Seeking Data-Mining Methods Are of Limited Usefulnes. Routine forms of data mining can provide important assistance in the fight against terrorism by expanding and speeding traditional investigative work, the report says. For example, investigators can quickly search multiple databases to learn who has transferred money to or communicated with a suspect. More generally, if analysts have a historical basis for believing a certain pattern of activity is linked to terrorism, then mining for similar patterns may generate useful investigative leads. Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts."
Comments