There has been a good bit of coverage in the press about the case of Nada Nadim Prouty and her ability to slink past both the CIA and the FBI counterintelligence efforts over the last eight years. There is still an ongoing discussion as to how much damage Prouty has actually done but there seems to be a growing belief in the op-ed pages that such a mistake is the result of incompetence.
Whether there was incompetence involved or not, such cases are increasingly inevitable. They are a mathematical function of the size of the intelligence community and the impossibility of a perfectly efficient clearance system.
Consider the numbers: There are approximately 100,000 people in the intelligence community. Out of this 100,000, how many are spies? It has to be more than 0 but it is likely less than 1000 (which is only 1% of the population of the intelligence community, BTW...). It can't be 1000. If it is 1000 or more, I think we can all agree that we are sunk anyway.
Let's say it is 100. That is not only a nice round number but also means that just one in 1000 people you might meet in the halls of the CIA, DIA or NSA is a spy. If you look at the number of spies caught over the last few years and compare it to the size of the community (roughly), the number 100 actually starts to make a lot of sense. Its not a perfect number by any means but it is a good place to start.
What then, is our ability to catch spies? Well, no one knows that but lets say it is 99%. In other words, every year we catch 99% of the spies in the intel community. Now 99% is probably way too high. I don't think anyone thinks we are doing that well catching spies. Let's give people the benefit of the doubt, though.
If we are catching 99% of the spies each year and we have 100 spies in the community then, at the end of the year, we will catch 99 and one will slip through the net. It is mathematically inevitable.
There are two additional consequences to this line of reasoning. First, it pretty much proves that either we don't have a system that is capable of catching 99% of the spies every year or we have a lot more than 100 spies in the system. Prouty worked in the community for 8 years and to be that lucky in the face of a system that capable of catching spies each year is stretching reality. If you jump the number of spies up to 1000 (still only 1% of the workforce) then you are looking at 10 spies getting away each year and the odds that Ms. Prouty could go about her business unmolested by the CI types for eight years goes up as well. Since we already decided that the total number of spies in the community couldn't realistically be 1000 spies (that's nearly 63 spies in each of the intel community's 16 agencies), it pretty much has to be that the spy catching ability is less than 99%. Far less. Which means that there are likely lots of spies (say 100?) running around. It is, as noted, a mathematical consequence of a large community and a less than perfect system for catching spies.
The second consequence is a result of what scientists call false positives. Virtually all testing systems generate some level of false positives -- where, in this case, the system says someone is a spy but, in reality, they aren't. What if only 1% of the cases within our hypothetically 99% accurate system are false positives ? Out of 100,000 people, that is still 1000 people. 1000 people currently employed by the intel community that are accused of being a spy when, in fact, they are not. They would falsely lose their clearance and their job and may even face jail time.
It is very difficult to imagine that the false positive rate is only 1%. That rivals the rates in systems much more amenable to verification than a system that involves humans. It is also hard to believe that the intelligence community fires or imprisons 1000 people a year for being spies. First, I think we would have heard about it and, second, imagine the morale problems such dismissals would cause.
Which means the system is lying to itself.
With 100,000 people in the community, false positive rates at anything higher than 1% would cause thousands to come under suspicion. These thousands of cases would have to be resolved, mostly by dismissal of the case, otherwise the morale and effectiveness of the intel community would come under serious attack. There is no way out. Either dismiss lots of people as an inevitable result of a nearly but not quite perfect system or dismiss lots of cases in order to preserve the morale and effectiveness of the community.
The real negative impact of this case may not be in the information Prouty may or may not have stolen and passed to Hezbollah but in the chilling effect it will have on diversity hiring. The DNI has recently stated in his 500 day plan that one of the major goals is to "Improve Recruiting, Hiring and Retention of Heritage Americans (1st and 2nd Generation Americans)". The intent behind this goal is to "employ, develop, and retain a dynamic, agile workforce that reflects diversity in its broadest context — cultural background, language capability, ethnicity, race, gender, and expertise." How much more difficult will it be for Arab-Americans, for example, to get a clearance as a result of this case? How many Arab-Americans will willingly go through the clearance system (background checks, polygraph, etc.) as a result of this case? How will this impact other ethnicities and their perception of the intelligence community? How will this impact the security clearance process in general? The realistic answers to these questions do not look promising if one is concerned about meeting the goals of the 500 day plan.
Thinking about the future, and, more importantly, how to think about the future.
Friday, November 16, 2007
Succeeding Turkmenbashi (ISN Security Watch)
Interesting article on the future of Turkmenistan post Turkmenbashi in ISN's always insightful Security Watch series.
(Full disclosure: The author of the article is a friend of mine. (Good job, Diane!))
(Full disclosure: The author of the article is a friend of mine. (Good job, Diane!))
Thursday, November 15, 2007
VectorMagic
Ever tried to insert a graphic into a poster or other product only to find the image pixelated at large sizes? Stanford comes to the rescue with VectorMagic. Apparently it is not a perfect tool but it is a good start when you want to blow something up without making it look grainy. Certainly worth a try.
Web of Tomorrow (Military Information Technology Online)
Interesting, if a bit dated, article on the use of Web 2.0 tools in intelligence.
(Thanks, Rachel, for finding it!)
(Thanks, Rachel, for finding it!)
Cholera In Iraq (WHO)
The WHO has some interesting maps and details about the current state of Cholera in Iraq.
Outsourcing Your Life: I Want Sandy (Iwantsandy.com)
I have recently become fascinated by the idea of outsourcing your life. Wouldn't it be nice to let someone else keep track of all of the minutiae, do the grunt work, make the calls and the follow-up calls to the dentist or plumber or whatever?
There are a number of services that do this sort of thing mostly on a project to project basis. I was particularly fascinated, however, by GetFriday, with its offer (at very reasonable rates) to take care of ANYTHING that does not require your personal presence. Wow!
Now comes Sandy. Unlike the other services, this one is automated. It is also free so I am trying it out. So far it is about as easy to work with as you could imagine. Once you sign up (painlessly, BTW), you just CC Sandy on anything containing a date or a requirement and she files it away and sends you reminders to either your email or cell phone (via SMS). Yes, I could do all of this myself in Outlook but Sandy parses the language for you, puts the date, times and people in the right places and sends you a note to tell you it has all been taken care of. You just have to remember to CC her. You can even have her send reminders to everyone else on the CC list if you want. What a great tool for working in a small group!
As with all services such as this, I am sure there are bound to be failures and hiccups but so far it is working very well. My biggest concerns are that I will forget to use the service, that old habits will die hard or that it will become more trouble than it is worth. Ultimately, I think I can count on my innate sense of laziness to determine what works best.
There are a number of services that do this sort of thing mostly on a project to project basis. I was particularly fascinated, however, by GetFriday, with its offer (at very reasonable rates) to take care of ANYTHING that does not require your personal presence. Wow!
Now comes Sandy. Unlike the other services, this one is automated. It is also free so I am trying it out. So far it is about as easy to work with as you could imagine. Once you sign up (painlessly, BTW), you just CC Sandy on anything containing a date or a requirement and she files it away and sends you reminders to either your email or cell phone (via SMS). Yes, I could do all of this myself in Outlook but Sandy parses the language for you, puts the date, times and people in the right places and sends you a note to tell you it has all been taken care of. You just have to remember to CC her. You can even have her send reminders to everyone else on the CC list if you want. What a great tool for working in a small group!
As with all services such as this, I am sure there are bound to be failures and hiccups but so far it is working very well. My biggest concerns are that I will forget to use the service, that old habits will die hard or that it will become more trouble than it is worth. Ultimately, I think I can count on my innate sense of laziness to determine what works best.
Wednesday, November 14, 2007
Unique Christmas Gift #1: OLPC
For a very limited time you can buy a laptop from One Laptop Per Child for $400 and they will donate one to the developing world and send you one to play with. The laptops cost about $200 dollars each so the $400 covers the one for you and the one for charity (and $200 is deductible). I made the purchase as I think the idea is worth supporting and I figured it was an inexpensive way to play around with Linux...
Journal Of Computer Mediated Communication: Social Network Edition
The Journal Of Computer Mediated Communication has a number of interesting articles in its most recent edition focused on social networks and social networking websites.
Free Linux Books
Finally, An Antidote To TV Drug Ads (ConsumerReports.org)
If you are unfamiliar with Consumer Reports you should take the time to get to know this organization and its products. Consumer Reports does truly independent testing on all sorts of consumer products and is the first the to cry foul when someone is trying to pull the wool over the consumer's eyes. This video report on the drug, Requip, is an excellent example of their reporting. They take NO advertising money so they are not beholden to anyone. You can pretty much take their recommendations straight out of the magazine/website.
Fascinating Video Of The Disposal Of Hazardous Materials In The "Old Days" (Google Video)
Google Video has an incredible short on the disposal of 20,000 lbs of post WWII sodium in an alkali lake. Pretty dramatic and a little scary when you think about it...
(First spotted by Fullygeek.com and many thanks to Bradley for forwarding it!)
(First spotted by Fullygeek.com and many thanks to Bradley for forwarding it!)
How to Hack the Holidays and Score the Best Deals Online (Wired.com)
Wired has a good article on how to get the best deals over the holidays.
Tuesday, November 13, 2007
Intel Official: Expect Less Privacy (NY Times)
There has been a good bit of talk already about DDNI Donald Kerr's speech regarding changing definitions of privacy. I am not sure I can add much to the debate but I have a couple of observations:
- First, giving up information voluntarily to a site like Facebook is very different than the government looking at your private life without permission. Kerr states, according to the NY Times, "''I think all of us have to really take stock of what we already are willing to give up, in terms of anonymity, but (also) what safeguards we want in place to be sure that giving that doesn't empty our bank account or do something equally bad elsewhere.'' Much of what is done on most sites is to our direct benefit; much of what the government would do would be to our indirect benefit and I am not sure that giving up traditional notions of privacy is worth it.
- Second, I think Facebook is a particularly bad example of giving up anonymity. I have just recently become active on Facebook and it seems to me that much of what is happening there is advertisement. Maybe that is too strong but the idea that people present a particular public view of themselves on Facebook rather than their private view of themselves is almost cliche' among users of social networking sites (for a funny but NSFM (Not safe for mom) send up of the lies people tell on MySpace, listen to Pete Miser's "Add Me!").
- Finally, it is interesting to compare notions of identity in cyberspace with notions of privacy. For a really good talk about new notions of identity, see Dick Clarence Hardt's speech about Identity 2.0 at OSCON 05. The speech itself is worth watching if only for the very different style Hardt uses but the content is worth listening to as well.
Mailer And McLuhan (Google Video)
Norman Mailer died recently and there is a good bit about him in the press as a result. One of the most interesting interviews I have seen of him is this Canadian documentary of him with Marshall McLuhan. If you are not that familiar with either Mailer or McLuhan you probably should be and this is an interesting introduction to their thinking. The language they use can be a bit difficult to follow at times but it is worth the concentrated effort it takes to sit all the way through it.
(Thanks to Snarkmarket for finding it!)
(Thanks to Snarkmarket for finding it!)
Sources And Methods Soundtrack: Ali In The Jungle (The Hours)
In obvious homage to one of my favorite blogs, Wired's Danger Room, I have concluded that Sources And Methods deserves its own soundtrack. The first candidate? The Hour's Ali In The Jungle.
Monday, November 12, 2007
How to Cut Crutch Words When Giving a Speech (Lifehack.org)
Lifehack.org, one of my favorite blogs, has a good article on how to cut the umms and ahhs out of a speech. I particularly like the idea of counting the umms. One idea that was not mentioned in the report is to film your practice sessions. You will notice -- and be able to fix -- things you have never noticed before by watching yourself present.
Every Blog Has Its Day: Politically-interested Internet Users' Perceptions of Blog Credibility (Journal Of Computer Mediated Communication)
The results of an interesting study were recently published in the online Journal of Computer Mediated Communication on how readers view the credibility of blogs. Here are some highlights:
"This study hypothesized that politically-interested Web users will judge blogs as credible sources of news and information. The results indicate that politically-interested Internet users find blogs to be moderately credible sources for news and information. Past analyses have detected similar findings for blogs (Banning & Trammell, 2006; Johnson & Kaye, 2004) and for the Internet as a whole (Johnson & Kaye, 2000, 2002). While Internet users are increasingly flocking to blogs as a source of political news and information, the moderate scores for credibility indicate that users also realize that blogs are not the final word..."
"As expected, respondents evaluated blogs as highly credible for depth of information, while judging them as weaker on credibility for fairness of information..."
"In fact, blog supporters perceive bias as a strength that allows for a more detailed and in depth examination of issues. Although this intensity of analysis is valued, it may also suggest that blog readers are attracted to sites that share their viewpoints and therefore have a potentially polarizing effect..."
"Heavy users viewed blogs as more credible overall than did light blog users. This perception extended to all four measures of credibility (believability, fairness, accuracy, depth of information)..."
"Politically-interested blog users judged blogs as considerably more credible overall than traditional media or other online sources. Interestingly, broadcast television fared the worst on measures of credibility..."
"As hypothesized, both reliance and motivations were predictors of blog credibility, after controlling for demographic and political variables. Reliance emerged as a stronger predictor of blog credibility than did motivations. It stands to reason that users would find their preferred media selection the most credible..."
"The current study took the examination one step further by asserting that the Informational (i.e., instrumental) motivations will be a stronger predictor of blog credibility than will entertainment motivations (i.e., habitual), after controlling for demographics and political variables. ... However, respondents who primarily engaged in blogging for entertainment purposes are less likely to judge blogs as highly credible..."
Link To Full TextU.S. Intelligence: Iran Possesses Trillions Of Potentially Dangerous Atoms (The Onion)
According to a recent report on Iran by the Onion, "the Middle Eastern nation has obtained literally trillions of atoms—the same particles sometimes used to make atomic bombs—for unknown purposes".
Excellent example of WEPs ad absurdum as well: "More alarming, officials said, is the "very likely" possibility that there are more atoms inside the laboratory."
Link
Excellent example of WEPs ad absurdum as well: "More alarming, officials said, is the "very likely" possibility that there are more atoms inside the laboratory."
Link
Sunday, November 11, 2007
In Death of Spy Satellite Program, Lofty Plans and Unrealistic Bids (NY Times)
The New York Times has an interesting piece on the cancellation of the Future Imagery Architecture Project.