Schneier on Security
A blog covering security and security technology.
« RFID Personal Firewall |
| Spam »
December 11, 2006
The Square Root of Terrorist Intent
I've already written about the DHS's database of top terrorist targets and how dumb it is. Important sites are not on the list, and unimportant ones are. The reason is pork, of course; states get security money based on this list, so every state wants to make sure they have enough sites on it. And over the past five years, states with Republican congressmen got more money than states without.
Here's another article on this general topic, centering around an obscure quantity: the square root of terrorist intent:
The Department of Homeland Security is the home of many mysteries. There is, of course, the color-coded system for gauging the threat of an attack. And there is the department database of national assets to protect against a terrorist threat, which includes Old MacDonald's Petting Zoo in Woodville, Ala., and the Apple and Pork Festival in Clinton, Ill.
And now Jim O'Brien, the director of the Office of Emergency Management and Homeland Security in Clark County, Nev., has discovered another hard-to-fathom DHS notion: a mathematical value purporting to represent the square root of terrorist intent. The figure appears deep in the mind-numbingly complex risk-assessment formulas that the department used in 2006 to decide the likelihood that a place is or will become a terrorist target -- an all-important estimate outside the Beltway, because greater slices of the federal anti-terrorism pie go to the locations with the highest scores. Overall, the department awarded $711 million in high-risk urban counterterrorism grants last year.
As O'Brien reviewed the risk-assessment formulas -- a series of calculations that runs into the billions -- he found himself unable to account for several factors, the terrorist-intent notion principal among them. "I have a Ph.D. I think I understand formulas," he says. "Take the square root of terrorist intent? Now, give me a break." The whole notion, O'Brien says, is a contradiction in terms: "How can you quantify what somebody is thinking?"
Other designations for variables in the formula are almost befuddling, O'Brien says, such as the "attractiveness factor," which seeks to establish how terrorists might prefer one sort of target over another, and the "chatter factor," which tries to gauge the intent of potential terror plotters based on communication intercepts.
"One man's garbage is another man's treasure," he says. "So I don't know how you measure attractiveness." The chatter factor, meanwhile, leaves O'Brien entirely in the dark: "I'm not sure what that means."
What I said last time still applies:
We're never going to get security right if we continue to make it a parody of itself.
Posted on December 11, 2006 at 12:18 PM
• 64 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The square root formula is obviously wrong. Everyone with any real skill would know it's the natural log of terrorist intent that's important.
From article: "One man's garbage is another man's treasure,"
I think it's more like another famous axiom about garbage:
Garbage In, Garbage Out.
It's pretty clear that pork and barrels are more important than actual risk, when you base your computations on incorrect data. About the model I can just say that an incomprehensible model will be incomprehensibly off.
Clearly, Bruce, your assesment is incorrect. After all, this information is based on math, and math is always correct. Numbers can't lie!
Do the units in the formula work out? What units do you use for intent, anyhow?
"What units do you use for intent, anyhow?"
So if you're analyzing a site that terrorists would actively avoid attacking - one with negative terrorist intent, you'd have to resort to complex numbers?
2 wants is one wish
4 wishes make a longing
6 longings equal one yearning
4 yearnings is a pining
Pinings are pretty big, and usually indicate a lifetime of commitment to a cause. You don't want to see too many pinings in that equation.
I personally think that using Arabic numerals to calculate these formulae represents a severe conflict of interest. ;-7
Although I don't doubt that this particular report is probably silly, I don't like rejecting it just because "square root of terrorist intent" is a funny-sounding concept. If you're going to think systematically about risks, then it makes sense to attach numbers to them and do math on those numbers. If it should be rejected it should be rejected because the math is actually wrong; not because the idea of using math at all gives us a giggle.
Rejecting the idea that math, including square roots, could be a useful tool in evaluating risk strikes me as very similar to rejecting the idea that math could be a useful tool in, for instance, cryptography. How often have you heard the line about "Our crypto is better than conventional crypto because ours doesn't use mathematics!"? I don't see it as much different to say "Our risk management is better than conventional risk management because ours doesn't use mathematics!"
You can take the square root of a crypto adversary's attack resources and the answer actually means something - it's what happens if they manage to switch from pure brute-force guessing to a birthday paradox attack. ("Ha ha, those wacky cryptographers think the square root of a birthday is relevant to security, they must be incompetent!") Taking the square root of terrorist intent doesn't, on its face, seem any sillier.
The DHS says it wants to use "the square root of terrorist intent" in its calculations and some of you think that is stupid.
Douglas Hofstadter is the author of the Pulitzer Prize-winning book Gödel, Escher, Bach: an Eternal Golden Braid (aka "GEB"). Hofstadter famously declared that "Irrationality is the square root of all evil."
Now most of use would say that terrorism intent is evil so basically, the DHS are reaffirming Hofstadter's well known formula. There you are then, the DHS must have got that bit correct.
If you study the rest of the formulas I'm sure you'll find the answers.
I guess there is no Sanity Clause at the DHS/TSA.
"no Sanity Clause at the DHS/TSA"
Funny, that sounds very Christmas-y.
They do seem to lack cheer, and are a bit grouchy...
Sorry, Reagan banned metrics in gov't agencies. Something about preventing alien erosion of "standard" units...therefore:
Since you mentioned pork barrels, and the anti-terror folks are so obsessed with liquids these days, I figure the proper measure would be in hogsheads.
Please note, however, that just like other substances, a hogshead of Terrorist Intent (TI) may be defined somewhat loosely:
"a hogshead of wine came to be 63 gallons, while a hogshead of beer or ale is 54 gallons."
I agree with Matthew. This report didn't sound like a reasoned critique, but like "Gawsh, I can't understand these form-u-la thingys, so it must be stupid and useless."
Sure, you don't want to assume that if something is quantized and put it a formula then it's automatically holy and must be right, but formulas -- even abstract formulas using values that can't be measured perfectly -- can be useful to at least roughly estimate relative risks.
And as Bruce says, security is all about comparing risks and trade-offs.
[Note: not that I'm necessarily endorsing the DHS pork-doling formula; just saying that 'I'm too dumb to understand it' isn't a very good critique]
FWIW, Bryan Ware spoke about such risk analyses at Metricon 1.0 (Google is your friend).
Based solely on his talk, I would say there is substantially more substance to this exercise than Dr. Sour Grapes, Ph.D., of Las Vegas is letting on.
I'm not sure that CQ is a good way to keep up with the literature on conflict theory, decision science, or economics either.
"We draw our economic lessons from our politicians only at our peril." -- Joseph E. Stiglitz
It's a simple regression formula actually. Founded on the principle that Terrorism = 1 / Security. This translates to "One over Security".
Or is it "Security divided by One"? I can't remember now.
Must be the latter, otherwise in many instances you would get "division by zero" errors.
There is a nuclear reactor in / near Clinton, Illinois. Maybe this is the reason it is on the list?
The alarm bells should start ringing when you read this sentence:
"The figure appears deep in the mind-numbingly complex risk-assessment formulas that the department used in 2006 to decide the likelihood that a place is or will become a terrorist target"
Any formula that is "mind-numbingly complex" is (a) unlikely to be based on any kind of reality, and therefore (b) unlikely to yield any kind of meaningful results.
Economists love this kind of thing, and we all know how accurate their predictions turn out to be.
Practitioners of serious analytical disciplines such as physics will tell you that complexity in formulae is something to be avoided at all costs. Even Einstein's theory of relativity can be expressed in a handful of simple equations.
When formulae become "mind-numbingly complex", they are best consigned to the Twilight Zone.
Terrorism is a negative thing, right?
And the square root of a negative is an imaginary number, of course.
It must be time to reassign all those catch-a-lion math tricks.
I'm sure the inclusion of the Apple and Pork festival in Clinton, IL is due to the "nucular" power plant in that town. I wouldn't be at all surprised if they left the plant itself off the list, though.
Good stuff, Bruce.
"We're never going to get security right if we continue to make it a parody of itself."
We're never going to get security right if continue to expect any different from our security 'experts'.
How exactly do you suppose we motivate a bunch of self-interested people to do what you wish them to do, without having the force necessary to kick them into line?
I understand there is a common idea that the truth will out, but that is wholly wrong, for the truth can simply be ignored, as it always seems to be.
You can bet that the article is complete bunk, and that the forumula itself is relatively simple, notwithstanding square roots and whatever.
What you can also bet is that the risk assesments themselves are mindnumbingly complex, with all kinds of factors coming into play.
The 'chat' factror, for example, is a reasonable measure in my mind. "When we listen to terrorists or their symapthisers, do they talk about this place as a desirable target" (e.g. twin towers, for some reason, were very central in the terrorist taregetting mentality, and likely also very much talked about before being acted upon).
I can picture reams and reams of different evaluations and estimations of all kinds of factors. A mind-numbingly large amount of these evaluations and estimations, in fact.
..and remember, the conclusion to any square root problem always has two answers, one set of positive factors and a set of negative factors. (square root of 4 is +2... and -2)
So I wonder how might a 'negative terrorist intent' manifest vs. a 'positive terrorist intent'??
I am beginning to wonder if the title of this article is misleading... When O'Brien says "take the square root of terrorist intent..." he may not be referring to anything actually in the DHS' formulae, just (as he believes) the inherent nonsensicality of quantifying notions like "terrorist intent" and doing math with them.
I found this quote a little more to the point:
> O’Brien has other criticisms of Vegas’ downgrade that don’t involve a graphing calculator. DHS reported this year that the Las Vegas region was not home to any military bases, though Nellis Air Force Base hugs the city line. O’Brien also says the 2006 assessment made no mention of Hoover Dam — a critical asset — which is a mere 25 miles from the Vegas strip.
> None of this inspires much confidence, O’Brien says, in how DHS arrives at its risk assessment. “Holy smokes. If you’re relying on the soundness of a calculation that involves millions of arithmetical activities, who checked the accuracy to insure that some little tweak over here isn’t throwing the whole thing off?��?
There's plenty more by way of red flags here, I'll just throw one more rhetorical question into the mix - what's the use of measuring "chatter" in a report that's used to establish *annual* budgets? The nature of chatter is that it's constantly in flux, and useful only in the near-to-immediate term. (Of course, now that CQ's gone and spilled the beans on the DHS' methods, smart terrorists will be sure to confine their chatter to their least likely targets during the budget-making season.)
I agree that the idea of a formula to compute the desirability of potential terrorist targets is absolutely stupid. Despite what some people here seem to think, there is no objective way to quantify the desirability of a target, which is the point behind that official's remark that "[o]ne man's garbage is another man's treasure". Should Disneyland be worth more or less than the Empire State Building? The Capitol? Hoover Dam? Nobody can really know, so the entire idea of defining some (presumably) precise formula over such ill-defined quantities is completely idiotic.
I saw this nice math a long time ago. Props to the originator who I have sadly forgotten. :\
We all know that
girls = money x time
time = money
girls = money squared
money = root of evil
So there we have it
girls = evil.
Paging Dr. Seldon! Paging Dr. Seldon!
One issue that I think is constantly overlooked is that the US has not experienced total terrorism.
I read about Palestinians blowing up cafes and Israelis launching a lot of very short, violent wars. Thats terror.
As you drive around day to day look around yourself and think, gee I wonder what would happen to if I blew up .
Real terrorism is not about blowing up planes or buildings or high profile targets, real terrorism is about blowing up or killing anyone you can and making it as random as possible.
I don't see that the terrorists are waging an effective guerilla war either.
Some associates of mine and I were chatting about this one evening and realized that it is probable that one could cripple the midwest with 4 bombs. Eliminate the interchanges in Columbus, Ohio. Eliminate I-70 and I-71 where they intersect I-270 and you cripple some major shipping lanes for the midwest. You would ruin a metropolitian area. Do it in late November so the repairs are delayed a season while its cold and icy.
I'm not saying that the attacks we have experienced and the plots that have been foiled aren't saddening and frightening. I'm saying that something else is going on. I think that it means that the terrorists are underfunded, undermanned, and inept. They simply aren't able to get their shit together and make war, so they go for high visibility targets that make it look like they are big.
You can't secure all of it with government money, but you can do something about it. Get to know what is around you and what is normal. Ideas that stop street crime work on terrorism too. Try to know your neighbors, a friendly wave and a smile is enough.
Look around you as you move around day to day. If you notice something out of place report it, because its your community and your ass. Do you really even want the government to think of where you live and your family as a number?
The present top-down means of security won't work. Terrorism affects the people from the bottom so the solutions to security have to come from the same place. Consider it fighting an idigent problem with an indigent solution.
"..gee I wonder what would happen to *MY TOWN* if I blew up *SEEMINGLY MINOR THING*.
"Some associates of mine and I were chatting about this one evening and realized that it is probable that one could cripple the midwest with 4 bombs. Eliminate the interchanges in Columbus, Ohio. Eliminate I-70 and I-71 where they intersect I-270 and you cripple some major shipping lanes for the midwest. You would ruin a metropolitian area. Do it in late November so the repairs are delayed a season while its cold and icy."
According to google maps, each intersection can be avoided by only 2-3 miles of detour at each point. I hardly think this would 'cripple' the midwest.
"They simply aren't able to get their shit together and make war, so they go for high visibility targets that make it look like they are big."
'Wars' can only be conducted by governments.
The square root of intent is absurd. Let's even postulate that there exists some measure whereby the potential to affect X people represents the "intent" of the terrorist. Why would one want to take the square root of such a value? It merely serves to unduly weight the importance of small targets.
Which points at the actual intent here -- to distribute money to Republican areas and away from the real targets in Washington D.C and New York.
Blowing up some intersections will not bring commerce to a stop by any means.
First, that was a primary intent of the interstate highway system in the first place -- so you had a transport system not vulnerable to major disruption at a few choke points like railroads or water (ports) were.
Second, notice how fast major disruptions in the interstate can be fixed -- the bridge in OK that was hit by a barge several years ago; the overpass in Bridgeport, CT on I-95 that was destroyed in a tanker fire.
Third, trucks will re-route. May take a few hours longer, they'll get through.
As for Hoover Dam, what a joke. You would probably need a decent size nuclear weapon to breach it. Even if Al Qeada started thinking strategically, you'd just dump some radioactive material in the lake to poison the water supply enough to cause a panic, and save the bomb for a city for maximum pyschological effect.
One of the best strategic attacks that could be taken against the U.S. is too simply launch simultaneous mortar attacks against the 20 / 30 / 40 largest U.S. oil refineries & storage tank farms. 1 guy and a van full of shells for each one. That would impact all of us far more dramatically the attacking an office tower or dam.
Freiheit is right on the mark that security begins locally -- to notice abberations in your daily routine that should have someone checkup on them.
Because somehow you know when the refinery starts to blow up all the cops are going to be looking at it and not around (just because we're simply not used to in the U.S. looking for incoming rounds), and it'll be someone calling 911 who'll clue them in about this suspicious looking van that seems to be firing mortar rounds.
Not to defend this program, not having seen it, but risk management as a discipline is filled with mathematics and relatively complex equations.
There are also techniques that take semi-subjective pieces of evidence (put together by an analyst), combined with the prior probabilities of various hypothesis and then uses them to support an individual hypothesis out of a set of choices.
I have no idea what this particular program is doing, but I hesitate to disparage it simply because someone assigns a value to such things as "chatter" and "terrorist intent."
At the end of the day, the test of a model is how well it works.
I'll say it again: "Ha ha, those wacky cryptographers think the square root of a birthday is relevant to security, they must be incompetent!"
The fact that cryptographers do not actually compute "the square root of a birthday" doesn't change the fact that that's how the popular press might well mangle a description of the birthday paradox. Explaining where the square root comes from in the birthday paradox, what the word "birthday" refers to, and why that's relevant to security, to someone who doesn't even really understand what a square root is, nor care, isn't trivial.
This looks to me like just the same thing. It sounds like O'Brien doesn't know, and doesn't want to know, what the authors of the report really meant by the square root of terrorist intent. He just wants to make the unsupported claim that mathematics is worthless in this application, because it MUST BE, because understanding terrorists is HARD, dammit! It looks like the fallacy of "argument from queerness" to me: taking the square root of terrorist intent sounds like a very strange thing to do, SO OF COURSE it must be wrong. Or maybe "appeal to ridicule", which is a similar fallacy of relevance. See: http://en.wikipedia.org/wiki/...
If he's really using his PhD, then it's quite likely that his actual criticism is a lot more nuanced than what comes through in that popular-press article; but what does come through in the popular-press article is the same thing the crypto snake oil vendors say: Don't trust the experts because they use funny words; trust someone from outside the field instead!
Seems to me, the issue here is more about pumping money than security. Security has become an excuse, a thinly veiled attempt to plunder federal budgets.
Has any of those funds been converted into political party financing? Otherwise, how is it being used?
The maths is only there to fake public administration good intent.
(No pun intended) (...D'oh)
Wow, I thought "Digital Six Sigma" was about as bad as mangling-math-into-buzzwords could get.
J remarked above, "there is no objective way to quantify the desirability of a target". Perhaps in complete generality this is true. But body count seems to be useful for many targets. One could imagine estimating the dollar impact on the national economy of certain targets, say the New York Stock Exchange or the CBOE. For a transportation target one might estimate the time to route around the interruption.
Ok, now that I think about it ....
DHS is undoubtedly using statistical methods in their attempt to quantify terrorist risks. Variance is a common measure of dispersion about some value. A DHS analyst's estimate of a terrorist's estimate of the "terror value" of potential targets will likely have uncertainty that one might try to capture as dispersion about some "true target". Now, if I let "terrorist intent" stand for uncertainty which I will operationalize as dispersion or variance. What does the square root provide?
Gobble-de-gook most likely. But, what if really smart planners and really good statisticians were working along those lines?
"And over the past five years, states with Republican congressmen got more money than states without."
With the exception of Hawaii, every state has at least one Republican congressman or Senator, so this statement doesn't make much sense. Perhaps it should read "states with higher proportions of Republican congressmen got more money than those states with less."
unless terrorism is a perfect square, the square root will always be irrational.
i like the concept though, i can now speak to women in terms of the square root of my lust for them. i can express the lust itself as unity (1), the square root of which is also unity (1), and unity is what this is about, baby! math girls will be defenseless, too bad there aren't more of them.
Actually, article content aside, I wonder if there aren't some mathematical shenanigins you could apply to this trrrrrism malarky. Some random hypothesizing:
We already know that Google use vector-space models for establishing semantic "directions" of words, and every query results in something like 100,000 dot-products to establish words to put in the `did you mean...?' section (source: a presentation at WWW2006).
I would say that `terrorst intent' could well be considered as the number of things a person does that overlap with defined-bad semantic areas. (Could start with anything plaintext sniffed over the wire - email content, HTTP traffic, etc.) That's pretty easily quantifiable - a person's terrorist inclination becomes the average dot-product of their surfing habits with known-bad areas, and can even be normalized for ease of comparison.
If I'm right that you can quantify terrorist-potential, then I'm further wondering if square-root might represent some meaningful quantity too: eg when comparing two humans' closeness - the probability that they'll go on to form a terrorist cell together, perhaps.
"And over the past five years, states with Republican congressmen got more money than states without."
Well, we can be glad that the budget will be going down as of December this year then. ;-)
I am constantly astonished at how many normally sane and coherent acquaintances of mine often use the phrase: "Whatever it takes to keep us safe" in regards to pork terror spending.
This isn't a Republican/Democrat issue, its just a sad apathy by voters that the money just falls from the sky. And when it stops falling, let's just make the rich* pay for it.
*rich defined as two 50k a year parents with two children each living in New York City or California, where this is barely sustainable for a two bedroom apartment.
I'm surprised at you. "Millidesires" is not necessarily metric. Milli just means thousandths, as in in milli-inches (called mils in USA, thou in UK) and also millimetres (UK) or millimeters (elsewhere).
Right. That's my pedantism used up for the day!
I have 3 comments on some of the other comments:
1) Yes risk management is a discipline and anyone who practices it knows you can’t mix qualitative measures and quantitative measures and get a quantitative result.
2) Anyone with even a high school level of science should know that:
a) errors multiple, and
b) your result cannot be more precise than the least precise component of the equation. If one or more of your components fall into the category of wild ass guess (like “terrorist intent��? or “attractiveness factor��?) then your result will be at best a wild ass guess.
3) Values like “intent��? and “chatter��? are going to vary over time. Doing an annual assessment based on these values is going to be rather pointless even if you feel the values are accurate.
(1) is untrue, look up https://analysis.mitre.org/proceedings/Final_Papers_Files/85_Camera_Ready_Paper.pdf
(2) Statistical analysis and stochastic modeling. Besides, a qualified analyst can make reasonable predictions (not "wild-ass guesses" if they structure their thoughts correctly which can then be used to generate valid results.
(3) This is a separate criticism that is independent from the model itself.
Again, I haven't got a clue how the model is being used exactly or what it looks like (the details of it are almost certainly classified), but its foolish to just dismiss it because it uses math that at a cursory glance doesn't seem to make sense.
Ha, thanks for the dailywtf link. I'd forward it to my dumb ex-wife if she would return my phone calls.
I'm with those who count this as "probably, but not necessarily," indicative of garbage. As soon as you start talking about deviations, square roots enter your equations pretty quickly. If you're trying to quantify "intent" (which seems a reasonable thing to attempt) and you're going to want to see how it differs over time or via different analyses, a "square root of intent" is not prima facie absurd.
@ruidh "It merely serves to unduly weight the importance of small targets."
yes... terror is irrational like that.
The value a terrorist derives from an act is the effect on the rest of the community - not on the immediate victims.
Maybe its like a network effect - where the value of a network is proportional to the square of the nodes...
I think everybody is missing the point here. The main purpose of the DHS is to reward cities, counties and states that vote Republican, or, might just be persuaded to vote Republican.
All the rest is smoke and mirorrs to disguise the real intent. The real formula is
number of Republican mayors *
no of Republican Congressman *
number of counties with swing voters squared
= barrels of pork allocated per state.
Well, I am a shrink, erm, a psychiatrist, and I can only state that you can not assess the "intent" of a terrorist leader overseas, without seeing the person ( that is sci-fi)
It is IMPOSSIBLE to quantize "intent" if you are not the one having the intent in question.
If any of you ran "the shrink-tests" when applying for a job, you know that they sometimes ASK YOU to put your reaction/emotional response/motivational condition/feeling etcetcetc on a scale from 1 to 10 (usually).
SO, HERE IS THE F-UP:
for any intent-quantizing approach to work, you must KINDLY ASK Mr. Laden to rate the targets from 0 to 10 where 10 arouses the highest terrorist intent and 0 arouses none.
I guess they can not do that. Bin Laden is not available for direct psychological profiling. (By the way, where is that dude after all???)
Thus the value under root is an "imaginary" value, it is purely arbitrary, you have to GUESS it, and guessing in security MOST CERTAINLY makes no sense.
add: "It is IMPOSSIBLE to quantize "intent" if you are not the one having the intent in question." and the person having the intent does not want to sincerely rate it on a specialy crafted test for you
Clearly, since the FBI's profilers can't speak to the criminals before they catch them, they must not be able to make any accurate predictions about how those criminals might act.
Oh, and since they deal with serial killers they clearly have a job totally unrelated to security, right?
1) There is a vast abyss between creating a decent psychological portrait and "quantizing" such a complex aspect of one's behavior as "intent" (I really hope you understand that human intents are SO VERY COMPLEX)
2)Nobody I know of ever claimed to have produced a truly accurate "remote" psychological portrait, they are only better-than-guess models.
Better-than-guess is, well, better than guess, but not enough to commit "quantizing" and STANDARTIZED prediction process.
I have never bothered to find out what is the actual "correctness" of an average FBI psychological portrait (i.e. % of personality features that match those in a psychological assessment carried out AFTER the person in question is caught)
But I will be very surprised if it is above 55%.
3)Terrorists are not some postals. Their psychological portrait might be harder to devise.
4) "accurate predictions about how those criminals might act."
It makes any quantitative assessments of complex behavioral aspects so complex and shaky...
Read the article I linked to earlier about bayesian decision making. Or look into the work done in modeling human and primate interaction using agent-based modeling.
Just because the subject-matter is subjective, does not mean that an analyst cannot provide a realistic assessment. Particularly if they have a enough HUMINT and COMINT to work off of.
What can be determined by traffic analysis is amazing. Without seeing the model we don't know where these numbers come from. Maybe some idiot makes them up out of thin air. Maybe someone makes their "best guess" based on a variety of field reports and communications intelligence. Maybe they come from algorithms or humans performing traffic analysis on phone records of known terrorists.
Without seeing the model, the values may simply be estimates that have absolutely nothing to do with the psychology of an individual terrorist. If I am trying to predict targets, I might measure intent in terms of damage caused. In actuarial science, risk is defined as the standard deviation of possible outcomes and it would be easy to see how a square root would crop up into that. Or it could come out of human intelligence on the ground saying "look, this cell is really hot after the golden gate bridge."
Yes, the keyword is "might." The test of a model is whether it *works*. What is the false positive rate? What is the false negative rate? How sensitive is the model to bad data? How sensitive is the model to change? Does the model incorporate uncertainty? How is the data collected that is being fed into this model? What are the assumptions that drive the model?
I am not going to criticize it simply because at a cursory glance it includes mathematical terms that don't make sense when taken out of context. We don't know why the model was developed, who developed it, how its results are being interpreted, or any other contextual information. We know it is used in an annual report, but we don't know how often it might be run in the face of new data. Nor do we know any technical details about it whatsoever.
I don't care if their method of selection involves a Ouija board. My only concerns are "does it work" (for some loose definition of 'working') and "is that working worth the price" (where price includes the false positive rate, false negative rate, and indirect costs such as to privacy and the like). Without knowing more, I cannot comment on it.
Years ago when studying Calculus I used to dream in Calculus and actually recall one where I was integrating my perspective of peoples intent based on what they were doing. Sounds goofy, but the dream was very real...combined with nuerolinguistics, who knows. I definately think it plausible.
"According to google maps, each intersection can
be avoided by only 2-3 miles of detour at each point. I hardly think this would 'cripple' the midwest."
And does that mean that the 2-3 miles of detour can handle the same volume of traffic as was on those interchanges being rerouted over them?
I am not saying you are wrong, but I doubt that google maps is going to have enough info to fully assess the impact.
"'Wars' can only be conducted by governments."
Thats symantics at best. Who decides what is and is not a government? The difference between a revolt and revolution is who the winner is.
Seriously, read the introduction to the US army "Improvised mutions manual" (the one I saw was 1969 edition) and let me ask you... what exactly is the difference between "terrorist" and "special forces" other than who writes the news report?
Semantics I say.
Many years ago and many, many miles away, I was a young officer in the US Army and was placed in a position of having to tell rather highly ranked officers and equivalent level civilians that their software was crap. I could not use "vague" descriptive terms like "... consistently fails to use the standard library functions and insists on reinventing its own inconsistent methods of calculation for standard functions". I had to quantify "how bad" the software was to get the muckety mucks to accept the failing grade for software quality. (I was a Software QA officer with 18 months experience of using the software in question, while supporting a unit in Germany. While my annecdotal experiences were very useful and accepted internally, they were totally discounted by the brass as "sour grapes" or ".. has an axe to grind").
I suspect that the algorithmic response for "how much at risk is target A versus target B" is based on the need to provide a clean way of defending the choices made by the DHS staff in response to protests of "... arbitrary and capricious denial of clear needs in my district ..." from many, many congress-critters.
I am not saying that the formula was right or even well designed, just that it is understandable. I just sympathize with the staff member who came up with it and the manager who was forced to request it.
how about this one.
knowledge = power
power = force/time
time = money
knowledge = force/money
money = force/knowledge
limit of money as knowledge approaches 0 is infinity.
So how does this convert to metric?
>> English units:
>> 2 wants is one wish
>> 4 wishes make a longing
>> 6 longings equal one yearning
>> 4 yearnings is a pining
If we had an electromagnetic pulse large enough to render their calculators useless, the terrorists would have no way of compute any intent. We could thus totally jam their inclinations.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..