Friday, November 16, 2007

Nada Nadim Prouty: Inevitable

There has been a good bit of coverage in the press about the case of Nada Nadim Prouty and her ability to slink past both the CIA and the FBI counterintelligence efforts over the last eight years. There is still an ongoing discussion as to how much damage Prouty has actually done but there seems to be a growing belief in the op-ed pages that such a mistake is the result of incompetence.

Whether there was incompetence involved or not, such cases are increasingly inevitable. They are a mathematical function of the size of the intelligence community and the impossibility of a perfectly efficient clearance system.

Consider the numbers: There are approximately 100,000 people in the intelligence community. Out of this 100,000, how many are spies? It has to be more than 0 but it is likely less than 1000 (which is only 1% of the population of the intelligence community, BTW...). It can't be 1000. If it is 1000 or more, I think we can all agree that we are sunk anyway.

Let's say it is 100. That is not only a nice round number but also means that just one in 1000 people you might meet in the halls of the CIA, DIA or NSA is a spy. If you look at the number of spies caught over the last few years and compare it to the size of the community (roughly), the number 100 actually starts to make a lot of sense. Its not a perfect number by any means but it is a good place to start.

What then, is our ability to catch spies? Well, no one knows that but lets say it is 99%. In other words, every year we catch 99% of the spies in the intel community. Now 99% is probably way too high. I don't think anyone thinks we are doing that well catching spies. Let's give people the benefit of the doubt, though.

If we are catching 99% of the spies each year and we have 100 spies in the community then, at the end of the year, we will catch 99 and one will slip through the net. It is mathematically inevitable.

There are two additional consequences to this line of reasoning. First, it pretty much proves that either we don't have a system that is capable of catching 99% of the spies every year or we have a lot more than 100 spies in the system. Prouty worked in the community for 8 years and to be that lucky in the face of a system that capable of catching spies each year is stretching reality. If you jump the number of spies up to 1000 (still only 1% of the workforce) then you are looking at 10 spies getting away each year and the odds that Ms. Prouty could go about her business unmolested by the CI types for eight years goes up as well. Since we already decided that the total number of spies in the community couldn't realistically be 1000 spies (that's nearly 63 spies in each of the intel community's 16 agencies), it pretty much has to be that the spy catching ability is less than 99%. Far less. Which means that there are likely lots of spies (say 100?) running around. It is, as noted, a mathematical consequence of a large community and a less than perfect system for catching spies.

The second consequence is a result of what scientists call false positives. Virtually all testing systems generate some level of false positives -- where, in this case, the system says someone is a spy but, in reality, they aren't. What if only 1% of the cases within our hypothetically 99% accurate system are false positives ? Out of 100,000 people, that is still 1000 people. 1000 people currently employed by the intel community that are accused of being a spy when, in fact, they are not. They would falsely lose their clearance and their job and may even face jail time.

It is very difficult to imagine that the false positive rate is only 1%. That rivals the rates in systems much more amenable to verification than a system that involves humans. It is also hard to believe that the intelligence community fires or imprisons 1000 people a year for being spies. First, I think we would have heard about it and, second, imagine the morale problems such dismissals would cause.

Which means the system is lying to itself.

With 100,000 people in the community, false positive rates at anything higher than 1% would cause thousands to come under suspicion. These thousands of cases would have to be resolved, mostly by dismissal of the case, otherwise the morale and effectiveness of the intel community would come under serious attack. There is no way out. Either dismiss lots of people as an inevitable result of a nearly but not quite perfect system or dismiss lots of cases in order to preserve the morale and effectiveness of the community.

The real negative impact of this case may not be in the information Prouty may or may not have stolen and passed to Hezbollah but in the chilling effect it will have on diversity hiring. The DNI has recently stated in his 500 day plan that one of the major goals is to "Improve Recruiting, Hiring and Retention of Heritage Americans (1st and 2nd Generation Americans)". The intent behind this goal is to "employ, develop, and retain a dynamic, agile workforce that reflects diversity in its broadest context — cultural background, language capability, ethnicity, race, gender, and expertise." How much more difficult will it be for Arab-Americans, for example, to get a clearance as a result of this case? How many Arab-Americans will willingly go through the clearance system (background checks, polygraph, etc.) as a result of this case? How will this impact other ethnicities and their perception of the intelligence community? How will this impact the security clearance process in general? The realistic answers to these questions do not look promising if one is concerned about meeting the goals of the 500 day plan.

1 comment:

Consul-At-Arms said...

I've quoted you and linked to you here: