NSA AI Technology May Have Targeted Innocents

Uploaded on 2016-02-19 in INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments

source: Ars Technica

A new report suggests that the agency has been using a machine-learning program to identify potential terrorists, but thousands of Pakistanis may have been 'mislabeled'. 
    
A new report from Ars Technica suggests that the US National Security Agency (NSA) has been using a machine-learning program to identify potential terrorists in Pakistan, but its methodology may have led to thousands of innocent Pakistanis being mislabeled.

The NSA’s program, inexplicably named SKYNET, like the homicidal AI program of the Terminator film franchise, was first unveiled by documents leaked by Edward Snowden to The Intercept in 2015. According to a leaked 2012 government PowerPoint presentation, SKYNET uses “analytic triage” to calculate the probability that individuals are terrorists, using an 80-point analytical test, that evaluates factors like a person’s phone calls, location, social media activity, and travel patterns.

The system apparently flagged Al-Jazeera’s Islamabad bureau chief Ahmad Zaidan as a potential target, the Intercept’s data showed, as he often travels to conflict areas to report.

In the leaked slides, NSA claimed that SKYNET has a false-positive rate of only 0.008%, in certain instances. But Pakistan has a population of about 182 million, and the NSA was using phone records from about 55 million people for SKYNET. As Ars points out, even at that minute rate, many innocent people are likely to end up mislabeled. Some of the NSA’s tests in the leaked slides saw error rates of 0.18%, which could mean mislabeling about 99,000 people out of the 55 million.

SKYNET can be compared to the machine learning systems that businesses use to find sales leads—both methods learn a person’s traits, and compares them to model profiles based on those traits. SKYNET was trained by feeding the system with the data from 100,000 random people, and seven known terrorists. It was then tested with the task of identifying one of those seven terrorists. What’s troubling is that SKYNET does not appear to have been tested with new data, which would have shown whether the system could work in new situations, according to an expert who examined the leaked slides for Ars.

“There are very few ‘known terrorists’ to use to train and test the model,” Patrick Ball, a data scientist and director of the Human Rights Data Analysis Group, explained to Ars Technica. “If they are using the same records to train the model as they are using to test the model, their assessment of the fit is completely bullshit.”

It’s not clear yet what purpose SKYNET serves. Although it could be part of non-violent surveillance activities, such as monitoring suspected terrorists’ travel patterns, Ars suggests the technology could potentially be used to target drone strikes. Since 2004, the US government has carried out hundreds of drone strikes in Pakistan against alleged terrorists, according to the Bureau of Investigative Journalism.

Last year, the UN warned against nations developing autonomous weapons, due to concerns about what they might do without a human’s moral judgement. The NSA was not immediately available to comment on how SKYNET was used, or how it was trained.
DefenseOne:  http://bit.ly/1PFNMpD

 

« Nitro Zeus: The US Plan To Launch A Massive Cyber Attack On Iran
Anonymous Hacks Thai and Turkey Police Stations »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.